Findings REST API: Static Flaw Information endpoint
You can use the static_flaw_info endpoint of the Findings API to get additional information about a single finding discovered during a static analysis.
The static_flaw_info endpoint returns this information:
- Name of the scanned module
- Filepath to the file that contains the finding
- Name of the function that contains the finding
- Code line numbers where the finding exists
- Attack vectors associated with the request
- Calls in the associated call stack
Permissions and authentication
Before you can use all the endpoints of the Findings API, you must have one of these accounts with the required roles:
- An API service account with the Results API role.
- A user account with the Reviewer or Security Lead role.
This API uses API ID/key credentials and HMAC authentication to provide improved security. Before you can send requests, you must complete these configurations:
Ensure you access the APIs with the domain for your region.
Static Finding Data Path API specification
The static_flaw_info endpoint uses the Static Finding Data Path API specification available from SwaggerHub.