# Get the list of artifact scan result for a particular scope Get the list of artifact scan result for a particular scope Endpoint: GET /har/api/v3/scans Version: 1.0 Security: x-api-key ## Query parameters: - `account_identifier` (string, required) Unique identifier for the Harness account. - `org_identifier` (string) Unique identifier for the organization within the account. Example: default or engineering_org - `project_identifier` (string) Unique identifier for the project within the organization. Example: my_project or frontend_services - `package_types` (array) Registry Package Type - `registry_ids` (array) Unique id for the registry. Note: This parameter should have one id if package query param is provided Example: ["12345678-1234-1234-1234-123456789012","aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee"] - `policy_set_ref` (string) Unique reference for the opa policy set. Example: my-policy or account.my-policy - `categories` (array) Filter by categories - `scan_id` (string) Scan Identifier - `scan_status` (string) Filter by scan status of the artifact after OPA policy evaluation. Enum: "ALLOWED", "BLOCKED", "WARN", "UNKNOWN" - `page` (integer) The page number for pagination (0-indexed). Used to navigate through large result sets. Combined with size parameter to control which subset of results to return. Example: page=0 returns the first page, page=1 returns the second page - `size` (integer) The number of items to return per page. Controls the page size for paginated results. Example: size=50 returns up to 50 items per page - `sort` (string) The sort for the results. Accepted pattern: sort_field:sort_order where sort_field is the field name and sort_order is either asc or desc. Examples: name:asc, modifiedAt:desc - `search_term` (string) Search term for filtering results. Example: search_term=prod might match keys like "production", "prod-env", etc. - `scope` (string) Scope of registries to list none – current space only (default) ancestors – current space plus all parent spaces * descendants – current space plus all child spaces If omitted, none is assumed. Enum: "ancestors", "descendants", "none" ## Response 200 fields (application/json): - `data` (array, required) A list of artifact scans - `data.RegistryOrgId` (string) Organization identifier - `data.RegistryProjectId` (string) Project identifier - `data.buildDetails` (array, required) List of build detail entries containing pipeline and package info. - `data.buildDetails.lastExecutionTime` (integer, required) Epoch time (seconds) of the latest execution. - `data.buildDetails.latestExecutionId` (string, required) Latest execution identifier. - `data.buildDetails.pipelineId` (string, required) Pipeline identifier. - `data.buildDetails.rootPackage` (string, required) Root package identifier in name@version format. - `data.buildDetails.stageId` (string, required) Stage identifier. - `data.buildDetails.stepId` (string) Step identifier. - `data.id` (string, required) - `data.lastEvaluatedAt` (string) - `data.lastEvaluatedBy` (string) - `data.packageName` (string, required) Package name - `data.packageType` (string, required) Package type. Known values include: DOCKER, MAVEN, PYTHON, GENERIC, HELM, NUGET, NPM, RPM, CARGO, COMPOSER, GO, HUGGINGFACE, CONDA, DART, SWIFT, PUPPET, RAW. This field is extensible; clients must handle unknown values. Example: "DOCKER" - `data.parentRegistryId` (string, required) Parent virtual registry UUID - `data.parentRegistryName` (string, required) Parent virtual registry name - `data.parentRegistryOrgId` (string) Parent registry organization identifier - `data.parentRegistryProjectId` (string) Parent registry project identifier - `data.policySets` (array, required) List of opa policy sets. - `data.policySets.policySetName` (string, required) Policy Set name - `data.policySets.policySetRef` (string, required) Unique reference for the opa policy set. Example: my-policy or account.my-policy - `data.purl` (string, required) Package URL (PURL) identifying the package version - `data.registryId` (string, required) Registry name - `data.registryName` (string, required) Registry name - `data.rootPackages` (array, required) Unique set of root packages (name@version) impacted by this scan - `data.scanStatus` (string, required) Scan status Enum: "BLOCKED", "WARN" - `data.securityViolationCategories` (array, required) Security violation categories Enum: "Security", "License", "MaliciousPackage", "PackageAge", "OssRiskLevel", "Unknown" - `data.totalAffectedPipelines` (integer, required) Total number of affected pipelines - `data.version` (string, required) Version - `data.versionId` (string) Version - `itemCount` (integer, required) The total number of items Example: 1 - `meta` (object, required) Metadata about the list artifact scans - `meta.blockedCount` (integer) Count of active blocked artifacts Example: 95 - `meta.totalCount` (integer) Count of total artifact violations Example: 5 - `meta.warnCount` (integer) Count of active Warn artifacts Example: 5 - `pageCount` (integer, required) The total number of pages Example: 100 - `pageIndex` (integer, required) The current page - `pageSize` (integer, required) The number of items per page Example: 1 ## Response default fields (application/json): - `error` (object, required) - `error.code` (string) For some errors that could be handled programmatically, a short string indicating the [error code](https://docs.stripe.com/error-codes) reported. - `error.message` (string) A human-readable message providing more details about the error. These messages can be shown to users. - `error.param` (string) If the error is parameter-specific, the parameter related to the error. For example, we can use this to display a message near the correct form field. - `error.type` (string, required) The type of error returned. Enum: "INVALID_REQUEST_ERROR", "AUTHENTICATION_ERROR", "PERMISSION_ERROR", "API_ERROR"