Scans

Access and modify Security Test Scans

Scans#ListScans

List a collection of Security Test Scans

Security
Request
query Parameters
accountId
required
string^[a-zA-Z0-9_-]{22}$

Harness Account ID

Example: accountId=abcdef1234567890ghijkl
page
integer <int64> >= 0
Default: 0

Page number to fetch (starting from 0)

Example: page=4
pageSize
integer <int64> [ 1 .. 100 ]
Default: 30

Number of results per page

Example: pageSize=50
executionId
string^[a-zA-Z0-9_-]{22}$

Harness Execution ID

Example: executionId=abcdef1234567890ghijkl
header Parameters
X-Api-Key
string

Harness personal or service access token

Example: In modi veritatis tenetur voluptatibus qui illum.
Responses
200

OK response.

400

BadRequest: Bad Request response.

401

Unauthorized: Unauthorized response.

403

Forbidden: Forbidden response.

404

NotFound: Not Found response.

429

TooManyRequests: Too Many Requests response.

500

InternalServerError: Internal Server Error response.

get/sto/api/v2/scans
Request samples
Response samples
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

Scans#CreateScan

Create a new Security Test Scan

Security
Request
query Parameters
accountId
required
string^[a-zA-Z0-9_-]{22}$

Harness Account ID

Example: accountId=abcdef1234567890ghijkl
header Parameters
X-Api-Key
string

Harness personal or service access token

Example: Maiores et voluptatem laboriosam modi voluptates aut.
X-Harness-User-Id
string

Harness User ID

Example: abcdef1234567890ghijkl
Request Body schema: application/json
required
executionId
required
string^[a-zA-Z0-9_-]{22}$

Pipeline Execution ID associated with the Scan

object (GitMetadata)

Git Metadata associated with the Scan

orgId
required
string <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$

Harness Organization ID

pipelineId
required
string <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$

Harness Organization ID

productId
required
string^[a-zA-Z0-9_-]{22}$

The Scan Product used for the Scan

projectId
required
string <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$

Harness Project ID

refinementVersion
required
string

The Issue refinement version used for this Scan

stageId
required
string <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$

Pipeline Stage ID associated with the Scan

status
required
string

Current status of the Scan

Enum: "Pending" "Running" "Succeeded" "Failed"
stepId
required
string <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$

Pipeline Step ID associated with the Scan

subproduct
string <binary>

The Scan Subproduct used for the Scan

targetVariantId
required
string^[a-zA-Z0-9_-]{22}$

The Target Variant associated with the Scan

Responses
200

OK response.

400

BadRequest: Bad Request response.

401

Unauthorized: Unauthorized response.

403

Forbidden: Forbidden response.

429

TooManyRequests: Too Many Requests response.

500

InternalServerError: Internal Server Error response.

post/sto/api/v2/scans
Request samples
application/json
{
  • "executionId": "abcdef1234567890ghijkl",
  • "gitMetadata": {
    },
  • "orgId": "your_harness_org",
  • "pipelineId": "your_harness_pipeline",
  • "productId": "product111111111111111",
  • "projectId": "your_harness_project",
  • "refinementVersion": "1.0.5",
  • "stageId": "stage_id",
  • "status": "Succeeded",
  • "stepId": "step_id",
  • "subproduct": "owasp",
  • "targetVariantId": "variant111111111111111"
}
Response samples
application/json
{
  • "id": "abcdef1234567890ghijkl"
}

Scans#FindScanById

Find Security Test Scan by ID

Security
Request
path Parameters
id
required
string^[a-zA-Z0-9_-]{22}$

The ID of the Security Test Scan to retrieve

Example: abcdef1234567890ghijkl
query Parameters
accountId
required
string^[a-zA-Z0-9_-]{22}$

Harness Account ID

Example: accountId=abcdef1234567890ghijkl
header Parameters
X-Api-Key
string

Harness personal or service access token

Example: Est dolorum animi qui rem tenetur.
Responses
200

OK response.

400

BadRequest: Bad Request response.

401

Unauthorized: Unauthorized response.

403

Forbidden: Forbidden response.

404

NotFound: Not Found response.

429

TooManyRequests: Too Many Requests response.

500

InternalServerError: Internal Server Error response.

get/sto/api/v2/scans/{id}
Request samples
Response samples
application/json
{
  • "created": 1651578240,
  • "executionId": "abcdef1234567890ghijkl",
  • "gitMetadata": {
    },
  • "id": "abcdef1234567890ghijkl",
  • "lastModified": 1651578240,
  • "orgId": "your_harness_org",
  • "pipelineId": "your_harness_pipeline",
  • "productId": "product111111111111111",
  • "projectId": "your_harness_project",
  • "refinementVersion": "1.0.5",
  • "stageId": "stage_id",
  • "status": "Succeeded",
  • "stepId": "step_id",
  • "subproduct": "owasp",
  • "targetVariantId": "variant111111111111111"
}

Scans#UpdateScan

Update an existing Security Test Scan

Security
Request
path Parameters
id
required
string^[a-zA-Z0-9_-]{22}$

The ID of the Security Test Scan to update

Example: abcdef1234567890ghijkl
query Parameters
accountId
required
string^[a-zA-Z0-9_-]{22}$

Harness Account ID

Example: accountId=abcdef1234567890ghijkl
header Parameters
X-Api-Key
string

Harness personal or service access token

Example: Ad consequatur quo ex eos.
Request Body schema: application/json
required
artifactFingerprint
string <= 64 characters ^[A-Za-z0-9_]*$

The Artifact Fingerprint used use to idenfiy the target

executionId
required
string^[a-zA-Z0-9_-]{22}$

Pipeline Execution ID associated with the Scan

object (GitMetadata)

Git Metadata associated with the Scan

orgId
required
string <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$

Harness Organization ID

pipelineId
required
string <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$

Harness Organization ID

productId
required
string^[a-zA-Z0-9_-]{22}$

The Scan Product used for the Scan

projectId
required
string <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$

Harness Project ID

refinementVersion
required
string

The Issue refinement version used for this Scan

stageId
required
string <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$

Pipeline Stage ID associated with the Scan

status
required
string

Current status of the Scan

Enum: "Pending" "Running" "Succeeded" "Failed"
stepId
required
string <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$

Pipeline Step ID associated with the Scan

subproduct
string <binary>

The Scan Subproduct used for the Scan

targetVariantId
required
string^[a-zA-Z0-9_-]{22}$

The Target Variant associated with the Scan

Responses
200

OK response.

400

BadRequest: Bad Request response.

401

Unauthorized: Unauthorized response.

403

Forbidden: Forbidden response.

404

NotFound: Not Found response.

429

TooManyRequests: Too Many Requests response.

500

InternalServerError: Internal Server Error response.

put/sto/api/v2/scans/{id}
Request samples
application/json
{
  • "artifactFingerprint": "abcdef1234567890ghijkl",
  • "executionId": "abcdef1234567890ghijkl",
  • "gitMetadata": {
    },
  • "orgId": "your_harness_org",
  • "pipelineId": "your_harness_pipeline",
  • "productId": "product111111111111111",
  • "projectId": "your_harness_project",
  • "refinementVersion": "1.0.5",
  • "stageId": "stage_id",
  • "status": "Succeeded",
  • "stepId": "step_id",
  • "subproduct": "owasp",
  • "targetVariantId": "variant111111111111111"
}
Response samples
application/json
{
  • "created": 1651578240,
  • "executionId": "abcdef1234567890ghijkl",
  • "gitMetadata": {
    },
  • "id": "abcdef1234567890ghijkl",
  • "lastModified": 1651578240,
  • "orgId": "your_harness_org",
  • "pipelineId": "your_harness_pipeline",
  • "productId": "product111111111111111",
  • "projectId": "your_harness_project",
  • "refinementVersion": "1.0.5",
  • "stageId": "stage_id",
  • "status": "Succeeded",
  • "stepId": "step_id",
  • "subproduct": "owasp",
  • "targetVariantId": "variant111111111111111"
}

Scans#ScanIssue

Returns a scan specific issue

Security
Request
path Parameters
id
required
string

The ID of the Security Test Scan

Example: Et in.
issueId
required
string

The ID of the Security Test Issue

Example: Quidem ullam ducimus.
query Parameters
accountId
required
string^[a-zA-Z0-9_-]{22}$

Harness Account ID

Example: accountId=abcdef1234567890ghijkl
orgId
string <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$

Harness Organization ID

Example: orgId=example_org
projectId
string <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$

Harness Project ID

Example: projectId=example_project
page
integer <int64> >= 0
Default: 0

Page number to fetch (starting from 0)

Example: page=4
pageSize
integer <int64> [ 1 .. 100 ]
Default: 30

Number of results per page

Example: pageSize=50
header Parameters
X-Api-Key
string

Harness personal or service access token

Example: Velit ut est quasi voluptatem.
Responses
200

OK response.

400

BadRequest: Bad Request response.

401

Unauthorized: Unauthorized response.

403

Forbidden: Forbidden response.

404

NotFound: Not Found response.

429

TooManyRequests: Too Many Requests response.

500

InternalServerError: Internal Server Error response.

get/sto/api/v2/scans/{id}/issue/{issueId}
Request samples
Response samples
application/json
{
  • "baselineVariantId": "abcdef1234567890ghijkl",
  • "created": 1651578240,
  • "details": {
    },
  • "exemptionId": "abcdef1234567890ghijkl",
  • "harnessAugmentation": {
    },
  • "id": "abcdef1234567890ghijkl",
  • "key": "json-schema@0.2.3",
  • "occurrenceId": 12345,
  • "occurrences": [
    ],
  • "occurrencesPagination": {
    },
  • "primaryOccurrenceId": 12345,
  • "productId": "product1234567890abcde",
  • "severity": 8.5,
  • "severityCode": "High",
  • "status": "Remediated",
  • "subproduct": "product",
  • "targetId": "abcdef1234567890ghijkl",
  • "targetName": "abcdef1234567890ghijkl",
  • "targetType": "repository",
  • "targetVariantId": "abcdef1234567890ghijkl",
  • "targetVariantName": "nodegoat:master",
  • "title": "json-schema@0.2.3 is vulnerable to Prototype Pollution"
}

Scans#ScanIssues

List Issues by Scan ID

Security
Request
path Parameters
id
required
string^[a-zA-Z0-9_-]{22}$

The Scan ID

Example: abcdefghijkl1234567890
query Parameters
accountId
required
string^[a-zA-Z0-9_-]{22}$

Harness Account ID

Example: accountId=abcdef1234567890ghijkl
header Parameters
X-Api-Key
string

Harness personal or service access token

Example: Cupiditate iusto dolor.
Responses
200

OK response.

400

BadRequest: Bad Request response.

401

Unauthorized: Unauthorized response.

403

Forbidden: Forbidden response.

429

TooManyRequests: Too Many Requests response.

500

InternalServerError: Internal Server Error response.

get/sto/api/v2/scans/{id}/issues
Request samples
Response samples
application/json
{
  • "issues": [
    ]
}

Scans#ScanIssueCounts

Returns counts of active Security Issues for a Security Test Scan

Security
Request
path Parameters
id
required
string

The ID of the Security Test Scan for which to count issues

Example: Deleniti et.
query Parameters
accountId
required
string^[a-zA-Z0-9_-]{22}$

Harness Account ID

Example: accountId=abcdef1234567890ghijkl
orgId
required
string <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$

Harness Organization ID

Example: orgId=example_org
projectId
required
string <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$

Harness Project ID

Example: projectId=example_project
header Parameters
X-Api-Key
string

Harness personal or service access token

Example: Deserunt dolorum nam.
Responses
200

OK response.

400

BadRequest: Bad Request response.

401

Unauthorized: Unauthorized response.

403

Forbidden: Forbidden response.

404

NotFound: Not Found response.

429

TooManyRequests: Too Many Requests response.

500

InternalServerError: Internal Server Error response.

get/sto/api/v2/scans/{id}/issues/counts
Request samples
Response samples
application/json
{
  • "critical": 1,
  • "externalPolicyFailures": 0,
  • "high": 3,
  • "ignored": 1,
  • "info": 11,
  • "low": 39,
  • "medium": 17,
  • "newCritical": 1,
  • "newHigh": 3,
  • "newInfo": 11,
  • "newLow": 39,
  • "newMedium": 17,
  • "newUnassigned": 0,
  • "unassigned": 0
}