Query: allFindings

A Finding represents a single vulnerability, weakness, or issue that has been detected. Findings may be created by Finite State's vulnerability monitoring algorithms, by user actions, or by parsing uploaded Test data.

Return Type




Args

NameTypeDescription
afterString

If this is set to the value of the _cursor field of an item, only items after that one will be included in the result. The value of the after of this query must match the one where the _cursor value has been retrieved from.

filterFindingFilter
firstInt

The number of items to include in the result. If omitted, all remaining items will be included (which can cause performance problems on large collections).

orderByFindingOrderBy

Specifies the how this collection should be sorted. If omitted, the result order is not specified. If cursor-based pagination is used (i.e., the after is specified or the _cursor is requested), id_ASC will be implicitly added as last sort criterion so that the sort order is deterministic.

skipInt

The number of items in the list or collection to skip. Is applied after the after argument if both are specified.


Properties

NameTypeDescription
_affectsMeta_QueryMeta

The software components affected by this finding

_commentsMeta_QueryMeta

The user-added comments for this Finding

_cursorString

Provides a value that can be supplied to the after argument for pagination. Depends on the value of the orderBy argument.

_cvesMeta_QueryMeta

CVEs associated with this finding

_cwesMeta_QueryMeta

The CWE numbers associated with this flaw.

_findingLocationsMeta_QueryMeta

Locations of this Finding. A finding may have multiple files or services associated with it.

_originalFindingsCommentsMeta_QueryMeta

The collection comments associated with the original findings that led to the creation of this merged finding

_originalFindingsFindingLocationsMeta_QueryMeta

The collection of finding locations associated with the original findings that led to the creation of this merged finding

_originalFindingsMeta_QueryMeta

If this Finding is a 'merged finding', this list contains the underlying findings that this finding represents

_originalFindingsSourcesMeta_QueryMeta

The collection of test tools associated with original findings that led to the creation of this merged finding

_originalFindingsStatusesMeta_QueryMeta

The collection of statuses associated with the original findings that led to the creation of this merged finding

_patchesMeta_QueryMeta

All patches for this finding.

_processingStatusesMeta_QueryMeta

Any kind of processing currently occurring on this finding

_propertiesMeta_QueryMeta

The properties associated with this Finding

_revisionID

An identifier that is updated automatically on each update of this root entity (but not on relation changes)

_statusesMeta_QueryMeta

All status changes associated with this Finding.

_tagsMeta_QueryMeta

User-assigned tags used to arbitrarily group or classify related findings.

_uniqueComponentsMeta_QueryMeta

The collection of unique software components associated with this finding

activeBoolean

Denotes if this flaw is active or not.

affectedReferenceIds[String]

An optional list of reference IDs of components that this finding affects. This is used to link findings to components when the components are not fully specified within the same document. For example, if a pure CycloneDX VDR document is parsed then this field should contain the bom-refs of the components that this finding affects, letting the finding be linked to the appropriate component at a later time when the corresponding CycloneDX SBOM document is uploaded.

affects[SoftwareComponentInstance]

The software components affected by this finding

alternateTerms[String]

Alternate terms that are used to describe the finding, e.g. "RIPPLE 20" for CVE-2020-11896

assetVersionAssetVersion

The asset version this finding is associated with

assetVersionRefIdID

The asset version id this finding is associated with

categoryFindingCategory

The applicable category for this finding

comments[FindingComment]

The user-added comments for this Finding

confidenceFindingConfidence

The confidence that this finding is correct as specified by the tool that created the finding information

createdAtDateTime

The instant this object has been created

createdByCveUpdateJobRefIdID

If the finding was created by a CVE update job, this is the reference ID for the job's summary document

ctxRelationEntityCtx

Context contains fields that are accessible to the permissions profile. This is an internal field related to user permissions.

currentStatusFindingStatus

The current status of this Finding.

cves[Cve]

CVEs associated with this finding

cvssScoreFloat

The CVSS base score. This is a number between 0.0 and 10.0.

cvssSeverityFindingSeverity

The CVSS base severity. This has a value of either 'None (N)', 'Low (L)', 'Medium (M)', 'High (H)', or 'Critical (C)'.

cwes[Cwe]

The CWE numbers associated with this flaw.

dateDateTime

The date the finding was first discovered

dedupeHashString

A hash over a configurable set of fields that is used for findings deduplication.

deletedAtDateTime

Timestamp of when this finding was deleted

descriptionString

Extended description of the finding. May contain Markdown.

externalReferences[String]

External references to this particular Finding

falsePositiveBoolean

Denotes if this flaw has been deemed a false positive by the tester.

findingClassFindingClass

The class of the finding (e.g. information vs. weakness vs. vulnerability)

findingLocations[FindingLocation]

Locations of this Finding. A finding may have multiple files or services associated with it.

idID

An auto-generated string that identifies this root entity uniquely among others of the same type

impactString

Text describing the impact this flaw has on systems, products, enterprise, etc.

linkedFindingHashString

A hash represents the identical findings in other AssetVersions. This is used for linked issues across builds/versions.

linkedFindingRefIds[String]

Identical findings in other AssetVersions. This is used for linked issues across builds/versions.

mergedFindingFinding

If populated, this field points to the 'merged Finding' that represents this finding. This field is only populated if this finding is a 'merged finding'. For example, multiple security scanners may find the same issue in an Artifact. In this case, the findings from each scanner would be merged into a single finding.

mergedFindingRefIdID

If populated, this field points to the 'merged Finding ID' that represents this finding. This field is only populated if this finding is a 'merged finding'. For example, multiple security scanners may find the same issue in an Artifact. In this case, the findings from each scanner would be merged into a single finding.

mitigationString

Text describing how to best fix the flaw. May contain Markdown.

numAffectedInt

Number of SoftwareComponentInstances this Finding affects

numOccurencesInt

Number of occurrences in the source tool when several vulnerabilities were found and aggregated by the scanner.

originFindingOrigin

The origin of this finding (e.g. a security scanner, user-added, generated from an automated or user merge, found by FiniteState, etc.)

originalFindings[Finding]

If this Finding is a 'merged finding', this list contains the underlying findings that this finding represents

originalFindingsComments[FindingComment]

The collection comments associated with the original findings that led to the creation of this merged finding

originalFindingsFindingLocations[FindingLocation]

The collection of finding locations associated with the original findings that led to the creation of this merged finding

originalFindingsSources[TestingTool]

The collection of test tools associated with original findings that led to the creation of this merged finding

originalFindingsStatuses[FindingStatus]

The collection of statuses associated with the original findings that led to the creation of this merged finding

outOfScopeBoolean

Denotes if this flaw falls outside the scope of the test.

patches[Patch]

All patches for this finding.

processingStatuses[ProcessingStatus]

Any kind of processing currently occurring on this finding

properties[KeyValuePair]

The properties associated with this Finding

regressionBoolean

If this finding had been fixed in a previous version but has regressed in this version, this field will be set to true.

remediationGuidanceString

Text describing how to fix the flaw. May contain Markdown.

riskAcceptedBoolean

Denotes if this finding has been marked as an accepted risk.

riskScoreFloat

The risk associated with this Finding as determined by the CVE exploitability score or CWSS score

severityFindingSeverity

Severity ranking of the finding

severityJustificationString

Text describing why a certain severity was associated with this flaw.

sourceTypes[FindingSourceType]

Source of the Finding -- this list can expand over time.

statuses[FindingStatus]

All status changes associated with this Finding.

stepsToReproduceString

Text describing the steps that must be followed in order to reproduce the flaw.

subcategoryFindingSubcategory

The applicable subcategory for this finding

summaryString

Summary description of the finding

tags[Tag]

User-assigned tags used to arbitrarily group or classify related findings.

testTest

The test that this finding was generated from.

titleString

A short title or description of the finding

toolReferenceString

URL to link back to the finding in the original tool

uniqueComponents[SoftwareComponent]

The collection of unique software components associated with this finding

uniqueIdFromToolString

The original unique id of the finding from the imported Test information

updatedAtDateTime

The instant this object has been updated the last time (not including relation updates)

verifiedBoolean

Denotes if this flaw has been manually verified by the tester.

vulnIdFromToolString

The original non-unique id of the finding from the imported Test information. This ID may be a CVE id, or specific to the tool, such or SNYK id.

vulnerabilityContextVulnerabilityContext

Vulnerability Context contains all of the data related to the inherent severity of the vulnerability

vulnerabilityIds[String]

Vulnerability IDs associated with this test record (such as CVE-2022-1234). These IDs are typically not unique to the tool.


This page was generated: 2024-11-06