ApiFinding
No description
type ApiFinding implements BaseFields, FindingInterface, IssueInterface {
aiAgentAnalysis: AiAgentAnalysis
asset: Asset!
assignedUsers: [PortalUserBasicInfoType!]
author: PortalUser!
category: String
controlSyncStatus: ControlSyncStatus
createdAt: ISO8601DateTime!
description: String!
detail: ApiFindingDetail
fingerprint: String!
history: [IssueHistory!]
id: ID
impactLevel: ImpactLevelCategory
originalIssueIdFromTool: String
patterns: [String!]
permittedStatus: [IssueStatusLabel!]!
probabilityLevel: ProbabilityLevelCategory
project: Project
reference: String
riskAcceptedUntil: ISO8601DateTime
runningRetestProject: Project
scanSource: String
severity: SeverityCategory
sla: IssueSLA!
solution: String
status: IssueStatusLabel!
statusHistory: [IssueStatusHistory!]!
title: String!
type: Issue!
updatedAt: ISO8601DateTime!
}
Fields
ApiFinding.aiAgentAnalysis ● AiAgentAnalysis object
AI agent analysis information for this issue
ApiFinding.asset ● Asset! non-null object
The asset associated with the vulnerability
ApiFinding.assignedUsers ● [PortalUserBasicInfoType!] list object
ApiFinding.author ● PortalUser! non-null object
The author who created the vulnerability
ApiFinding.category ● String scalar
CWE Categories
ApiFinding.controlSyncStatus ● ControlSyncStatus object
The scan/sync that brought this vulnerability to Conviso Platform
ApiFinding.createdAt ● ISO8601DateTime! non-null scalar
The date when record was created
ApiFinding.description ● String! non-null scalar
A detailed description of the vulnerability
ApiFinding.detail ● ApiFindingDetail object
Endpoint location + evidence for the API finding
ApiFinding.fingerprint ● String! non-null scalar
A unique identifier for the vulnerability
ApiFinding.history ● [IssueHistory!] list object
ApiFinding.id ● ID scalar
The ID scalar type represents a unique identifier
ApiFinding.impactLevel ● ImpactLevelCategory enum
The impact level of the vulnerability
ApiFinding.originalIssueIdFromTool ● String scalar
The original vulnerability ID from the tool that detected the vulnerability
ApiFinding.patterns ● [String!] list scalar
OWASP Patterns
ApiFinding.permittedStatus ● [IssueStatusLabel!]! non-null enum
List of statuses available for change
ApiFinding.probabilityLevel ● ProbabilityLevelCategory enum
The probability level of the vulnerability being exploited
ApiFinding.project ● Project object
Associated project
ApiFinding.reference ��● String scalar
Links for further information
ApiFinding.riskAcceptedUntil ● ISO8601DateTime scalar
The datetime until which the risk is accepted
ApiFinding.runningRetestProject ● Project object
Active Vulnerability Retest project associated with this vulnerability
ApiFinding.scanSource ● String scalar
Source of the vulnerability; Retrieves the name of the source (e.g.: Dependency Track)
ApiFinding.severity ● SeverityCategory enum
The severity of the vulnerability
ApiFinding.sla ● IssueSLA! non-null object
Computed SLA view (due_at, state, days_remaining) derived on read from the company's SLA matrix
ApiFinding.solution ● String scalar
The solution or mitigation for the vulnerability
ApiFinding.status ● IssueStatusLabel! non-null enum
The current status of the vulnerability
ApiFinding.statusHistory ● [IssueStatusHistory!]! non-null object
List of previous statuses
ApiFinding.title ● String! non-null scalar
The title of the vulnerability
ApiFinding.type ● Issue! non-null enum
The type of the vulnerability (e.g., SAST, SCA, Web, Network, etc.)
ApiFinding.updatedAt ● ISO8601DateTime! non-null scalar
The date when record was updated
Interfaces
BaseFields interface
FindingInterface interface
IssueInterface interface
Member Of
Contribute to the Docs
Found something outdated or missing? Help us improve the documentation with a quick suggestion or edit.
How to contributeResources
By exploring our content, you'll find resources that will enhance your understanding of the importance of a Security Application Program.
Conviso Blog: Explore our blog, which offers a collection of articles and posts covering a wide range of AppSec topics. The content on the blog is primarily in English.
Conviso's YouTube Channel: Access a wealth of informative videos covering various topics related to AppSec. Please note that the content is primarily in Portuguese.