Findings¶
Findings represent individual security issues discovered during a session.
Endpoints¶
GET /api/v1/findings/{finding_id}PATCH /api/v1/findings/{finding_id}GET /api/v1/sessions/{session_id}/findingsGET /api/v1/findings/{finding_id}/historyPOST /api/v1/findings/{finding_id}/transition
Current lifecycle statuses¶
OPENFALSE_POSITIVEIN_RETESTREMEDIATEDACCEPTED_RISK
List findings for a session¶
curl -sS "https://app.vulnetic.ai/api/v1/sessions/22222222-2222-2222-2222-222222222222/findings" \
-H "<AUTH_HEADER_NAME>: YOUR_API_CREDENTIAL"
Update finding content¶
Use PATCH /api/v1/findings/{finding_id} when you want to edit mutable content fields such as title, description, proof of concept, impact, remediation, and CVSS vectors.
curl -sS -X PATCH "https://app.vulnetic.ai/api/v1/findings/33333333-3333-3333-3333-333333333333" \
-H "<AUTH_HEADER_NAME>: YOUR_API_CREDENTIAL" \
-H "Content-Type: application/json" \
-d '{
"title": "Stored XSS in support ticket workflow",
"impact": "An authenticated attacker can execute JavaScript in an administrator session.",
"remediation": "Apply output encoding on ticket rendering and validate allowed HTML."
}'
Transition finding status¶
Use POST /transition when you want to change lifecycle state.
curl -sS -X POST "https://app.vulnetic.ai/api/v1/findings/33333333-3333-3333-3333-333333333333/transition" \
-H "<AUTH_HEADER_NAME>: YOUR_API_CREDENTIAL" \
-H "Content-Type: application/json" \
-d '{
"status": "REMEDIATED",
"reason": "Fix deployed and verified during retest."
}'
Read status history¶
curl -sS "https://app.vulnetic.ai/api/v1/findings/33333333-3333-3333-3333-333333333333/history" \
-H "<AUTH_HEADER_NAME>: YOUR_API_CREDENTIAL"
Example history item:
{
"id": "44444444-4444-4444-4444-444444444444",
"status": "REMEDIATED",
"actor_type": "integration",
"actor_username": "acme-security-bot",
"reason": "Fix deployed and verified during retest.",
"session_id": "22222222-2222-2222-2222-222222222222",
"created_at": "2026-04-13T19:05:00Z"
}