Using the Static Flaw Information Endpoint
You can use the static_flaw_info
endpoint of the Findings API to get additional information about a single finding discovered during a static analysis.
The static_flaw_info
endpoint returns this information:
- Name of the scanned module
- Filepath to the file that contains the finding
- Name of the function that contains the finding
- Code line numbers where the finding exists
- Attack vectors associated with the request
- Calls in the associated call stack
Permissions and Authentication
Before you can use all the endpoints of the Findings API, you must have one of these account types:
- An API service account with the Results API role
- A user account with the Reviewer or Security Lead role
This API uses API ID/key credentials and HMAC authentication to provide improved security. Before you can send requests, you must complete these configurations:
Ensure you access the APIs with the domain for your region.
Static Finding Data Path API Specification
The static_flaw_info
endpoint uses the Static Finding Data Path API specification available from SwaggerHub.