Skip to main content

Findings REST API

The Findings API enables you to access information about open and mitigated findings associated with applications and development sandboxes.

This API supports Static Analysis, Dynamic Analysis, Manual Penetration Testing, and Software Composition Analysis findings.


You cannot get SCA findings in combination with other finding types.

The Findings API simplifies common reporting scenarios, such as obtaining the latest data for each application and accessing historical state-change information on findings.

Permissions and authentication

Before you can use all the endpoints of the Findings API, you must have one of these accounts with the required roles:

  • An API service account with the Results API role.
  • A user account with the Reviewer or Security Lead role.

This API uses API ID/key credentials and HMAC authentication to provide improved security. Before you can send requests, you must complete these configurations:

Ensure you access the APIs with the domain for your region.

Findings API specification

The Findings API specification is available from SwaggerHub.