# Get a list of project scan findings (SAST) Get a list of findings for a specified project scan UUID. This endpoint supports paging using cursor and limit parameters described in Parameters section below. Endpoint: GET /api/v3.0/projects/{projectUuid}/scans/{scanUuid}/code/findings Version: 3.0 Security: bearer-key ## Path parameters: - `projectUuid` (string, required) UUID of the project - `scanUuid` (string, required) UUID of the project scan for which to get findings ## Query parameters: - `limit` (integer) Specifies the maximum number of items to be returned in the response. - `cursor` (string) Parameter indicates the starting point for retrieving results, the first call doesn't include a cursor parameter in the request, the API response includes the first set of results along with a cursor pointing to the last item retrieved. ## Response 200 fields (application/json): - `additionalData` (object) - `additionalData.cursor` (integer) Example: 1 - `additionalData.next` (string) Example: "https://domain.com/api/v3.0/resources?cursor=1" - `response` (array) - `response.ageRating` (number) Between 0 and 10 - `response.almIssues` (object) - `response.almIssues.azure` (object) - `response.almIssues.azure.project` (string) - `response.almIssues.azure.workItemId` (integer) - `response.almIssues.jira` (object) - `response.almIssues.jira.issueId` (string) - `response.almIssues.jira.project` (string) - `response.almIssues.jiraPlatform` (object) - `response.almIssues.jiraPlatform.createdBy` (string) - `response.almIssues.jiraPlatform.createdByName` (string) - `response.almIssues.jiraPlatform.createdTime` (string) - `response.almIssues.jiraPlatform.errorMessage` (string) - `response.almIssues.jiraPlatform.internalStatus` (string) - `response.almIssues.jiraPlatform.issueKey` (string) - `response.almIssues.jiraPlatform.issueStatus` (string) - `response.almIssues.jiraPlatform.publicLink` (string) - `response.appId` (string) - `response.baseline` (boolean) - `response.comments` (array) - `response.comments.body` (string) - `response.comments.createdBy` (string) - `response.comments.createdTime` (string) - `response.confidenceRating` (number) Between 0 and 10 - `response.correlatedDastFindingUuids` (array) - `response.createdTime` (string) - `response.dataFlows` (array) - `response.dataFlows.ageRating` (number) Between 0 and 10 - `response.dataFlows.confidenceRating` (number) Between 0 and 10 - `response.dataFlows.createdTime` (string) - `response.dataFlows.filter` (object) - `response.dataFlows.filter.filterTypes` (array) - `response.dataFlows.filter.filterTypes.code` (integer) - `response.dataFlows.filter.filterTypes.name` (string) - `response.dataFlows.filter.isFiltered` (boolean) - `response.dataFlows.functionCalls` (array) - `response.dataFlows.functionCalls.endLine` (integer) - `response.dataFlows.functionCalls.file` (string) - `response.dataFlows.functionCalls.kind` (string) - `response.dataFlows.functionCalls.line` (integer) - `response.dataFlows.functionCalls.name` (string) - `response.dataFlows.functionCalls.snippet` (string) - `response.dataFlows.functionCalls.startLine` (integer) - `response.dataFlows.id` (string) - `response.dataFlows.inputFlow` (array) - `response.dataFlows.inputFlow.endLine` (integer) - `response.dataFlows.inputFlow.file` (string) - `response.dataFlows.inputFlow.kind` (string) - `response.dataFlows.inputFlow.line` (integer) - `response.dataFlows.inputFlow.name` (string) - `response.dataFlows.inputFlow.snippet` (string) - `response.dataFlows.inputFlow.startLine` (integer) - `response.dataFlows.inputKind` (string) - `response.dataFlows.inputSource` (string) - `response.dataFlows.isNew` (boolean) - `response.dataFlows.rating` (number) Between 0 and 10 - `response.dataFlows.sink` (string) - `response.dataFlows.sinkFile` (string) - `response.dataFlows.sinkKind` (string) - `response.dataFlows.sinkLine` (integer) - `response.dataFlows.sinkSnippet` (string) - `response.description` (string) - `response.hasRemediation` (boolean) - `response.id` (string) Uniquely identifies the finding across multiple scans - `response.isNew` (boolean) - `response.issueStatus` (integer) - `response.projectId` (string) - `response.rating` (number) Between 0 and 10 - `response.refId` (string) Uniquely identifies the finding across multiple scans - `response.reviewed` (boolean) - `response.riskFactors` (object) - `response.riskFactors.endpoints` (array) - `response.riskFactors.endpoints.endpoint` (string) - `response.riskFactors.endpoints.method` (string) - `response.riskFactors.hasEndpoints` (boolean) - `response.riskFactors.isExploitable` (boolean) - `response.riskFactors.probability` (string) - `response.scanId` (string) Uniquely identifies the scan this finding was loaded from - `response.severity` (string) - `response.severityRating` (number) Between 0 and 10 - `response.sharedStep` (object) - `response.sharedStep.endLine` (integer) - `response.sharedStep.file` (string) - `response.sharedStep.kind` (string) - `response.sharedStep.line` (integer) - `response.sharedStep.lineBlame` (object) - `response.sharedStep.lineBlame.commitId` (string) - `response.sharedStep.lineBlame.file` (string) - `response.sharedStep.lineBlame.line` (integer) - `response.sharedStep.name` (string) - `response.sharedStep.snippet` (string) - `response.sharedStep.startLine` (integer) - `response.snapshotId` (string) Uniquely identifies the finding within a scan, it's equivalent to the pair of id and scanId - `response.suppressed` (boolean) - `response.suppressedBy` (string) - `response.suppressionMessage` (string) Always empty if suppressed is not set - `response.suppressionRejected` (boolean) - `response.suppressionRequestComment` (string) - `response.suppressionRequested` (boolean) - `response.suppressionTime` (string) - `response.type` (object) - `response.type.capec` (object) - `response.type.capec.id` (string) - `response.type.capec.title` (string) - `response.type.capec.url` (string) - `response.type.commonId` (string) - `response.type.cwe` (object) - `response.type.cwe.id` (string) - `response.type.cwe.title` (string) - `response.type.cwe.url` (string) - `response.type.description` (string) - `response.type.driver` (string) - `response.type.engineId` (integer) - `response.type.hipaa` (object) - `response.type.hipaa.control` (string) - `response.type.hipaa.title` (string) - `response.type.hitrust` (object) - `response.type.hitrust.control` (string) - `response.type.hitrust.title` (string) - `response.type.id` (integer) - `response.type.language` (string) - `response.type.name` (string) - `response.type.nist` (object) - `response.type.nist.control` (string) - `response.type.nist.priority` (string) - `response.type.nist.title` (string) - `response.type.nist.url` (string) - `response.type.order` (integer) - `response.type.owasp` (object) - `response.type.owasp.index` (string) - `response.type.owasp.title` (string) - `response.type.owasp.url` (string) - `response.type.owasp2021` (object) - `response.type.owasp2021.index` (string) - `response.type.owasp2021.title` (string) - `response.type.owasp2021.url` (string) - `response.type.pcidss` (object) - `response.type.pcidss.section` (string) - `response.type.pcidss.title` (string) - `response.type.recommendations` (array) - `response.type.references` (array) - `response.type.sansTop25` (object) - `response.type.sansTop25.rank` (integer) - `response.type.sansTop25.title` (string) - `response.type.sarif` (string) - `response.type.sarifLevel` (string) - `response.type.severity` (string) - `response.type.severityRating` (number) - `response.workflowViolations` (array) - `response.workflowViolations.name` (string) - `response.workflowViolations.uuid` (string) - `response.workflowViolationsCount` (integer) - `supportToken` (string) ## Response 400 fields (application/json): - `additionalData` (object) - `additionalData.message` (string) Example: "Something went wrong" - `additionalData.result` (string) Example: "error" - `additionalData.success` (boolean) - `response` (any) - `supportToken` (string) ## Response 403 fields (application/json): - `additionalData` (object) - `additionalData.message` (string) Example: "Something went wrong" - `additionalData.result` (string) Example: "error" - `additionalData.success` (boolean) - `response` (any) - `supportToken` (string) ## Response 500 fields (application/json): - `additionalData` (object) - `additionalData.message` (string) Example: "Something went wrong" - `additionalData.result` (string) Example: "error" - `additionalData.success` (boolean) - `response` (any) - `supportToken` (string)