Harness

Scans

Access and modify Security Test Scans

Scans#ListScans

List a collection of Security Test Scans

Request
query Parameters
accountId
required
string^[a-zA-Z0-9_-]{22}$

Harness Account ID

Example: accountId=abcdef1234567890ghijkl
page
integer <int64> >= 0
Default: 0

Page number to fetch (starting from 0)

Example: page=4
pageSize
integer <int64> [ 1 .. 100 ]
Default: 30

Number of results per page

Example: pageSize=50
executionId
string^[a-zA-Z0-9_-]{22}$

Harness Execution ID

Example: executionId=abcdef1234567890ghijkl
header Parameters
X-Api-Key
string

Harness personal or service access token

Example: Quia aut.
Responses
200

OK response.

400

BadRequest: Bad Request response.

401

Unauthorized: Unauthorized response.

403

Forbidden: Forbidden response.

404

NotFound: Not Found response.

429

TooManyRequests: Too Many Requests response.

500

InternalServerError: Internal Server Error response.

get/sto/api/v2/scans
Request samples 
Response samples 
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}
Scans#CreateScan
Create a new Security Test Scan


Request 
query Parameters
accountId
required
string^[a-zA-Z0-9_-]{22}$
Harness Account ID


 
 Example:  accountId=abcdef1234567890ghijkl
header Parameters
X-Api-Key
string
Harness personal or service access token


 
 Example:  Similique libero velit quo laborum architecto laboriosam.
X-Harness-User-Id
string
Harness User ID


 
 Example:  abcdef1234567890ghijkl
Request Body schema: application/json
required
codeCoverage
number <float> 
The Code Coverage value for the Scan


 
executionId
required
string^[a-zA-Z0-9_-]{22}$
Pipeline Execution ID associated with the Scan


 
object (GitMetadata) 
Git Metadata associated with the Scan


 
orgId
required
string  <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$
Harness Organization ID


 
pipelineId
required
string  <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$
Harness Organization ID


 
productId
required
string^[a-zA-Z0-9_-]{22}$
The Scan Product used for the Scan


 
projectId
required
string  <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$
Harness Project ID


 
refinementVersion
required
string
The Issue refinement version used for this Scan


 
stageId
required
string  <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$
Pipeline Stage ID associated with the Scan


 
status
required
string
Current status of the Scan


 Enum: "Pending" "Running" "Succeeded" "Failed"  
stepId
required
string  <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$
Pipeline Step ID associated with the Scan


 
subproduct
string <binary> 
The Scan Subproduct used for the Scan


 
targetVariantId
required
string^[a-zA-Z0-9_-]{22}$
The Target Variant associated with the Scan


 
Responses 
200
OK response.


400
BadRequest: Bad Request response.


401
Unauthorized: Unauthorized response.


403
Forbidden: Forbidden response.


429
TooManyRequests: Too Many Requests response.


500
InternalServerError: Internal Server Error response.


post/sto/api/v2/scans
Request samples 
application/json
{
  • "codeCoverage": 65.5,
  • "executionId": "abcdef1234567890ghijkl",
  • "gitMetadata": {
    },
  • "orgId": "your_harness_org",
  • "pipelineId": "your_harness_pipeline",
  • "productId": "product111111111111111",
  • "projectId": "your_harness_project",
  • "refinementVersion": "1.0.5",
  • "stageId": "stage_id",
  • "status": "Succeeded",
  • "stepId": "step_id",
  • "subproduct": "owasp",
  • "targetVariantId": "variant111111111111111"
}
Response samples 
application/json
{
  • "id": "abcdef1234567890ghijkl"
}
Scans#FindScanById
Find Security Test Scan by ID


Request 
path Parameters
id
required
string^[a-zA-Z0-9_-]{22}$
The ID of the Security Test Scan to retrieve


 
 Example:  abcdef1234567890ghijkl
query Parameters
accountId
required
string^[a-zA-Z0-9_-]{22}$
Harness Account ID


 
 Example:  accountId=abcdef1234567890ghijkl
header Parameters
X-Api-Key
string
Harness personal or service access token


 
 Example:  Incidunt nemo.
Responses 
200
OK response.


400
BadRequest: Bad Request response.


401
Unauthorized: Unauthorized response.


403
Forbidden: Forbidden response.


404
NotFound: Not Found response.


429
TooManyRequests: Too Many Requests response.


500
InternalServerError: Internal Server Error response.


get/sto/api/v2/scans/{id}
Request samples 
Response samples 
application/json
{
  • "codeCoverage": 65.5,
  • "created": 1651578240,
  • "executionId": "abcdef1234567890ghijkl",
  • "gitMetadata": {
    },
  • "id": "abcdef1234567890ghijkl",
  • "lastModified": 1651578240,
  • "orgId": "your_harness_org",
  • "pipelineId": "your_harness_pipeline",
  • "productId": "product111111111111111",
  • "projectId": "your_harness_project",
  • "refinementVersion": "1.0.5",
  • "stageId": "stage_id",
  • "status": "Succeeded",
  • "stepId": "step_id",
  • "subproduct": "owasp",
  • "targetVariantId": "variant111111111111111"
}
Scans#UpdateScan
Update an existing Security Test Scan


Request 
path Parameters
id
required
string^[a-zA-Z0-9_-]{22}$
The ID of the Security Test Scan to update


 
 Example:  abcdef1234567890ghijkl
query Parameters
accountId
required
string^[a-zA-Z0-9_-]{22}$
Harness Account ID


 
 Example:  accountId=abcdef1234567890ghijkl
header Parameters
X-Api-Key
string
Harness personal or service access token


 
 Example:  Consectetur non ipsa nostrum adipisci autem perspiciatis.
Request Body schema: application/json
required
artifactFingerprint
string  <= 64 characters ^[A-Za-z0-9_]*$
The Artifact Fingerprint used use to identify the target


 
codeCoverage
number <float> 
The Code Coverage value for the Scan


 
executionId
required
string^[a-zA-Z0-9_-]{22}$
Pipeline Execution ID associated with the Scan


 
object (GitMetadata) 
Git Metadata associated with the Scan


 
orgId
required
string  <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$
Harness Organization ID


 
pipelineId
required
string  <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$
Harness Organization ID


 
productId
required
string^[a-zA-Z0-9_-]{22}$
The Scan Product used for the Scan


 
projectId
required
string  <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$
Harness Project ID


 
refinementVersion
required
string
The Issue refinement version used for this Scan


 
stageId
required
string  <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$
Pipeline Stage ID associated with the Scan


 
status
required
string
Current status of the Scan


 Enum: "Pending" "Running" "Succeeded" "Failed"  
stepId
required
string  <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$
Pipeline Step ID associated with the Scan


 
subproduct
string <binary> 
The Scan Subproduct used for the Scan


 
targetVariantId
required
string^[a-zA-Z0-9_-]{22}$
The Target Variant associated with the Scan


 
Responses 
200
OK response.


400
BadRequest: Bad Request response.


401
Unauthorized: Unauthorized response.


403
Forbidden: Forbidden response.


404
NotFound: Not Found response.


429
TooManyRequests: Too Many Requests response.


500
InternalServerError: Internal Server Error response.


put/sto/api/v2/scans/{id}
Request samples 
application/json
{
  • "artifactFingerprint": "abcdef1234567890ghijkl",
  • "codeCoverage": 65.5,
  • "executionId": "abcdef1234567890ghijkl",
  • "gitMetadata": {
    },
  • "orgId": "your_harness_org",
  • "pipelineId": "your_harness_pipeline",
  • "productId": "product111111111111111",
  • "projectId": "your_harness_project",
  • "refinementVersion": "1.0.5",
  • "stageId": "stage_id",
  • "status": "Succeeded",
  • "stepId": "step_id",
  • "subproduct": "owasp",
  • "targetVariantId": "variant111111111111111"
}
Response samples 
application/json
{
  • "codeCoverage": 65.5,
  • "created": 1651578240,
  • "executionId": "abcdef1234567890ghijkl",
  • "gitMetadata": {
    },
  • "id": "abcdef1234567890ghijkl",
  • "lastModified": 1651578240,
  • "orgId": "your_harness_org",
  • "pipelineId": "your_harness_pipeline",
  • "productId": "product111111111111111",
  • "projectId": "your_harness_project",
  • "refinementVersion": "1.0.5",
  • "stageId": "stage_id",
  • "status": "Succeeded",
  • "stepId": "step_id",
  • "subproduct": "owasp",
  • "targetVariantId": "variant111111111111111"
}
Scans#ScanIssue
Returns a scan specific issue


Request 
path Parameters
id
required
string
The ID of the Security Test Scan


 
 Example:  Suscipit iusto rerum.
issueId
required
string
The ID of the Security Test Issue


 
 Example:  Voluptatem officia hic.
query Parameters
accountId
required
string^[a-zA-Z0-9_-]{22}$
Harness Account ID


 
 Example:  accountId=abcdef1234567890ghijkl
orgId
string  <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$
Harness Organization ID


 
 Example:  orgId=example_org
projectId
string  <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$
Harness Project ID


 
 Example:  projectId=example_project
page
integer <int64>   >= 0 
 Default:  0
Page number to fetch (starting from 0)


 
 Example:  page=4
pageSize
integer <int64>   [ 1 .. 100 ] 
 Default:  30
Number of results per page


 
 Example:  pageSize=50
header Parameters
X-Api-Key
string
Harness personal or service access token


 
 Example:  Aut vero.
Responses 
200
OK response.


400
BadRequest: Bad Request response.


401
Unauthorized: Unauthorized response.


403
Forbidden: Forbidden response.


404
NotFound: Not Found response.


429
TooManyRequests: Too Many Requests response.


500
InternalServerError: Internal Server Error response.


get/sto/api/v2/scans/{id}/issue/{issueId}
Request samples 
Response samples 
application/json
{
  • "baselineVariantId": "abcdef1234567890ghijkl",
  • "created": 1651578240,
  • "currentStatus": "Rejected",
  • "details": {
    },
  • "exemptionId": "abcdef1234567890ghijkl",
  • "exemptionStatusAtScan": "Expired",
  • "gitMetadata": {
    },
  • "harnessAugmentation": {
    },
  • "id": "abcdef1234567890ghijkl",
  • "key": "json-schema@0.2.3",
  • "numOccurrences": 10,
  • "occurrenceId": 12345,
  • "occurrences": [
    ],
  • "occurrencesPagination": {
    },
  • "primaryOccurrenceId": 12345,
  • "productId": "product1234567890abcde",
  • "severity": 8.5,
  • "severityCode": "High",
  • "status": "Remediated",
  • "subproduct": "product",
  • "targetId": "abcdef1234567890ghijkl",
  • "targetName": "abcdef1234567890ghijkl",
  • "targetType": "repository",
  • "targetVariantId": "abcdef1234567890ghijkl",
  • "targetVariantName": "nodegoat:master",
  • "title": "json-schema@0.2.3 is vulnerable to Prototype Pollution",
  • "type": "SAST"
}
Scans#ScanIssues
List Issues by Scan ID


Request 
path Parameters
id
required
string^[a-zA-Z0-9_-]{22}$
The Scan ID


 
 Example:  abcdefghijkl1234567890
query Parameters
accountId
required
string^[a-zA-Z0-9_-]{22}$
Harness Account ID


 
 Example:  accountId=abcdef1234567890ghijkl
exempted
string
 Default:  "false"
Chooses whether to show exempted issues ("only"), or non-exempted issues ("0" or "false")


 Enum: "false" "only" "0"  
 Example:  exempted=only
header Parameters
X-Api-Key
string
Harness personal or service access token


 
 Example:  Assumenda et adipisci sit.
Responses 
200
OK response.


400
BadRequest: Bad Request response.


401
Unauthorized: Unauthorized response.


403
Forbidden: Forbidden response.


429
TooManyRequests: Too Many Requests response.


500
InternalServerError: Internal Server Error response.


get/sto/api/v2/scans/{id}/issues
Request samples 
Response samples 
application/json
{
  • "issues": [
    ]
}
Scans#ScanIssueCounts
Returns counts of active Security Issues for a Security Test Scan


Request 
path Parameters
id
required
string
The ID of the Security Test Scan for which to count issues


 
 Example:  Nesciunt quidem modi debitis at blanditiis.
query Parameters
accountId
required
string^[a-zA-Z0-9_-]{22}$
Harness Account ID


 
 Example:  accountId=abcdef1234567890ghijkl
orgId
required
string  <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$
Harness Organization ID


 
 Example:  orgId=example_org
projectId
required
string  <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$
Harness Project ID


 
 Example:  projectId=example_project
header Parameters
X-Api-Key
string
Harness personal or service access token


 
 Example:  Quod et.
Responses 
200
OK response.


400
BadRequest: Bad Request response.


401
Unauthorized: Unauthorized response.


403
Forbidden: Forbidden response.


404
NotFound: Not Found response.


429
TooManyRequests: Too Many Requests response.


500
InternalServerError: Internal Server Error response.


get/sto/api/v2/scans/{id}/issues/counts
Request samples 
Response samples 
application/json
{
  • "codeCoverage": 65.5,
  • "critical": 1,
  • "externalPolicyFailures": 0,
  • "high": 3,
  • "ignored": 1,
  • "ignoredCritical": 1,
  • "ignoredHigh": 3,
  • "ignoredInfo": 11,
  • "ignoredLow": 39,
  • "ignoredMedium": 17,
  • "ignoredUnassigned": 0,
  • "info": 11,
  • "low": 39,
  • "medium": 17,
  • "newCritical": 1,
  • "newHigh": 3,
  • "newIgnoredCritical": 1,
  • "newIgnoredHigh": 3,
  • "newIgnoredInfo": 11,
  • "newIgnoredLow": 39,
  • "newIgnoredMedium": 17,
  • "newIgnoredOccurrencesCritical": 1,
  • "newIgnoredOccurrencesHigh": 3,
  • "newIgnoredOccurrencesInfo": 11,
  • "newIgnoredOccurrencesLow": 39,
  • "newIgnoredOccurrencesMedium": 17,
  • "newIgnoredOccurrencesUnassigned": 0,
  • "newIgnoredUnassigned": 0,
  • "newInfo": 11,
  • "newLow": 39,
  • "newMedium": 17,
  • "newOccurrencesCritical": 1,
  • "newOccurrencesHigh": 3,
  • "newOccurrencesInfo": 11,
  • "newOccurrencesLow": 39,
  • "newOccurrencesMedium": 17,
  • "newOccurrencesUnassigned": 0,
  • "newTotal": 3,
  • "newUnassigned": 0,
  • "total": 10,
  • "unassigned": 0
}
➔ Next to Products