| id |
string |
Unique identifier for the scan result |
| similarityId |
string |
Stable identifier for tracking the same finding across multiple scans |
| scanId |
string |
Identifier of the scan that produced this result |
| projectId |
string |
Identifier of the project being scanned |
| type |
string |
The scanning engine that detected this finding |
| severity |
string |
Severity level of the finding |
| status |
string |
Whether the finding is newly detected or recurring from previous scans |
| state |
string |
Triage state indicating how the finding has been evaluated |
| description |
string |
Human-readable description of the vulnerability or finding |
| queryName |
string |
Name of the SAST query or rule that detected the finding |
| queryGroup |
string |
Category or group the detecting query belongs to |
| languageName |
string |
Programming language of the scanned source code |
| vulnerabilityDetails |
object |
|
| location |
object |
|
| codeFlow |
array |
Ordered list of code flow nodes showing the data flow path from source to sink (SAST findings) |
| packageData |
object |
|
| firstFoundAt |
string |
Timestamp when this finding was first detected |
| foundAt |
string |
Timestamp when this finding was detected in the current scan |
| comments |
array |
Triage comments added by security reviewers |