get https://api.stackhawk.com/api/v1/reports/org//findings
Organization Findings
Get all findings for your organization as JSON or CSV (Comma Seperated Values).
Findings can be filtered by application UUIDs and/or environment names if supplied as query parameters.
Using the date
query parameter you can return the findings for your apps and environments for that point in time.
If no date
parameter is supplied findings will be for the current date.
To retrieve findings in your desired format use the Accept
header to specify the
media type.
oputput format | Accept header |
---|---|
JSON | Accept: application/json |
CSV | Accept: text/csv |
Example
Return results as CSV
curl -s -H 'Accept: text/csv' -H "Authorization: Bearer $JWT_TOKEN" 'https://api.stackhawk.com/api/v1/reports/org/ea7dc269-e4c2-41d1-aced-823087ca3e1a/findings?pageSize=500&envs=Development
scanId, applicationId, applicationName, environmentId, environmentName, status, findingPluginId, findingPluginName, findingRisk, findingUrl, findingMethod, findingEvidence, findingOtherInfo, findingDescription, findingFirstSeen, findingLastSeen
5e88b6f1-ab2a-43ce-8ca3-d72acda82de0, 85d1b3a5-4d27-46bc-ae53-28a5560199ad, JavaVulny, 0ecc65fe-64a6-45ef-b059-c710bee3155f, Development, NEW, 10038-1, Content Security Policy (CSP) Header Not Set, Medium, https://localhost:9000/payloads, GET, , , "Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.", 2022-04-01T17:27:35.558Z, 2024-03-02T23:07:19.796Z
5e88b6f1-ab2a-43ce-8ca3-d72acda82de0, 85d1b3a5-4d27-46bc-ae53-28a5560199ad, JavaVulny, 0ecc65fe-64a6-45ef-b059-c710bee3155f, Development, NEW, 10010, Cookie No HttpOnly Flag, Low, https://localhost:9000/login-code, GET, Set-Cookie: XLOGINID, , "A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.", 2024-03-01T23:14:50.768Z, 2024-03-02T23:09:33.409Z
Restricted
This endpoint is NOT accessible to users with the Member role.