Findings REST API: Static Flaw Information endpoint

You can use the static_flaw_info endpoint of the Findings API to get additional information about a single finding discovered during a static analysis.

The static_flaw_info endpoint returns this information:

Name of the scanned module
Filepath to the file that contains the finding
Name of the function that contains the finding
Code line numbers where the finding exists
Attack vectors associated with the request
Calls in the associated call stack

Permissions and authentication

Before you can use all the endpoints of the Findings API, you must have one of these accounts with the required roles:

An API service account with the Results API role.
A user account with the Reviewer or Security Lead role.

This API uses API ID/key credentials and HMAC authentication to provide improved security. Before you can send requests, you must complete these configurations:

Ensure you access the APIs with the domain for your region.

Static Finding Data Path API specification

The static_flaw_info endpoint uses the Static Finding Data Path API specification available from SwaggerHub.

Permissions and authentication​

Static Finding Data Path API specification​

Did you find this helpful?

Permissions and authentication

Static Finding Data Path API specification