Type: Finding

The Finding model

The Finding model contains all the information about a Finding, such as its description, severity, risk score, and vulnerability ID. If the Finding is a CVE, there are details about the CVE and any known exploits about the Finding.

Where Do Findings Come From?

Findings are generated by running tests (or scanners) on an Artifact (such as a source code repository or a firmware image). The results of these tests are then uploaded to the platform, which creates Findings for each vulnerability found. Findings can also be created by users manually.

Querying for Findings

You can query for Findings using the allFindings query. This query takes a filter argument of type FindingFilter that you can use to filter the returned Findings.

Example

Getting all Findings for a specific ArtifactVersion.

query AllFindingsForAnArtifactVersion(
  $filter: AssetVersionFilter!
) {
   allAssetVersions(
    filter: $filter
   ) {
     id
     name
     artifacts {
       id
       name
     }
     findings {
       id
       vulnIdFromTool
       createdAt
       updatedAt
       severity
       riskScore
     }
   }
}

Example

Getting all Findings in a specific Business Unit. Note there are two separate example filters - one based on the Business Unit ID and the other based on the Business Unit Name.

query AllFindingsForABusinessUnitWithCriticalSeverity {
  allGroups (
    filter: {
      id: 1690
    }
  ) {
    id
    name
    products {
      assets {
        findings (
          filter: {
            severity: CRITICAL
          }
        ){
          id
          title
          vulnIdFromTool
          severity
          assetVersion {
            id
            name
            asset {
              id
              name
              dependentProducts {
                id
                name
              }
            }
          }
        }
      }
    }
  }
}

Example

Getting details of Findings.

query GetFindingDetails {
  allFindings {
    id
    vulnIdFromTool
    category
    comments {
      createdAt
      createdBy {
        email
      }
      text
    }
    confidence {
      rangeMin
      rangeMax
      value
    }
    createdAt
    cves {
      createdAt
      cveId
      cvssBaseMetricV3 {
        cvssv3 {
          vectorString
        }
      }
    }
    description
    findingClass
    origin
    riskScore
    severity
    statuses {
      status
      updatedAt
      updatedBy {
        email
      }
    }
    title
    updatedAt
  }
}

A Finding represents a single vulnerability, weakness, or issue that has been detected. Findings may be created by Finite State's vulnerability monitoring algorithms, by user actions, or by parsing uploaded Test data.

updateFindingsStatuses

Properties

Name	Type	Description
_affectsMeta	_QueryMeta	The software components affected by this finding
_commentsMeta	_QueryMeta	The user-added comments for this Finding
_cursor	String	Provides a value that can be supplied to the `after` argument for pagination. Depends on the value of the `orderBy` argument.
_cvesMeta	_QueryMeta	CVEs associated with this finding
_cwesMeta	_QueryMeta	The CWE numbers associated with this flaw.
_findingLocationsMeta	_QueryMeta	Locations of this Finding. A finding may have multiple files or services associated with it.
_originalFindingsCommentsMeta	_QueryMeta	The collection comments associated with the original findings that led to the creation of this merged finding
_originalFindingsFindingLocationsMeta	_QueryMeta	The collection of finding locations associated with the original findings that led to the creation of this merged finding
_originalFindingsMeta	_QueryMeta	If this Finding is a 'merged finding', this list contains the underlying findings that this finding represents
_originalFindingsSourcesMeta	_QueryMeta	The collection of test tools associated with original findings that led to the creation of this merged finding
_originalFindingsStatusesMeta	_QueryMeta	The collection of statuses associated with the original findings that led to the creation of this merged finding
_patchesMeta	_QueryMeta	All patches for this finding.
_processingStatusesMeta	_QueryMeta	Any kind of processing currently occurring on this finding
_propertiesMeta	_QueryMeta	The properties associated with this Finding
_revision	ID	An identifier that is updated automatically on each update of this root entity (but not on relation changes)
_statusesMeta	_QueryMeta	All status changes associated with this Finding.
_tagsMeta	_QueryMeta	User-assigned tags used to arbitrarily group or classify related findings.
_uniqueComponentsMeta	_QueryMeta	The collection of unique software components associated with this finding
active	Boolean	Denotes if this flaw is active or not.
affectedReferenceIds	[String]	An optional list of reference IDs of components that this finding affects. This is used to link findings to components when the components are not fully specified within the same document. For example, if a pure CycloneDX VDR document is parsed then this field should contain the bom-refs of the components that this finding affects, letting the finding be linked to the appropriate component at a later time when the corresponding CycloneDX SBOM document is uploaded.
affects	[SoftwareComponentInstance]	The software components affected by this finding
alternateTerms	[String]	Alternate terms that are used to describe the finding, e.g. "RIPPLE 20" for CVE-2020-11896
assetVersion	AssetVersion	The asset version this finding is associated with
assetVersionRefId	ID	The asset version id this finding is associated with
category	FindingCategory	The applicable category for this finding
comments	[FindingComment]	The user-added comments for this Finding
confidence	FindingConfidence	The confidence that this finding is correct as specified by the tool that created the finding information
createdAt	DateTime	The instant this object has been created
createdByCveUpdateJobRefId	ID	If the finding was created by a CVE update job, this is the reference ID for the job's summary document
ctx	RelationEntityCtx	Context contains fields that are accessible to the permissions profile. This is an internal field related to user permissions.
currentStatus	FindingStatus	The current status of this Finding.
cves	[Cve]	CVEs associated with this finding
cvssScore	Float	The CVSS base score. This is a number between 0.0 and 10.0.
cvssSeverity	FindingSeverity	The CVSS base severity. This has a value of either 'None (N)', 'Low (L)', 'Medium (M)', 'High (H)', or 'Critical (C)'.
cwes	[Cwe]	The CWE numbers associated with this flaw.
date	DateTime	The date the finding was first discovered
dedupeHash	String	A hash over a configurable set of fields that is used for findings deduplication.
deletedAt	DateTime	Timestamp of when this finding was deleted
description	String	Extended description of the finding. May contain Markdown.
externalReferences	[String]	External references to this particular Finding
falsePositive	Boolean	Denotes if this flaw has been deemed a false positive by the tester.
findingClass	FindingClass	The class of the finding (e.g. information vs. weakness vs. vulnerability)
findingLocations	[FindingLocation]	Locations of this Finding. A finding may have multiple files or services associated with it.
id	ID	An auto-generated string that identifies this root entity uniquely among others of the same type
impact	String	Text describing the impact this flaw has on systems, products, enterprise, etc.
linkedFindingHash	String	A hash represents the identical findings in other AssetVersions. This is used for linked issues across builds/versions.
linkedFindingRefIds	[String]	Identical findings in other AssetVersions. This is used for linked issues across builds/versions.
mergedFinding	Finding	If populated, this field points to the 'merged Finding' that represents this finding. This field is only populated if this finding is a 'merged finding'. For example, multiple security scanners may find the same issue in an Artifact. In this case, the findings from each scanner would be merged into a single finding.
mergedFindingRefId	ID	If populated, this field points to the 'merged Finding ID' that represents this finding. This field is only populated if this finding is a 'merged finding'. For example, multiple security scanners may find the same issue in an Artifact. In this case, the findings from each scanner would be merged into a single finding.
mitigation	String	Text describing how to best fix the flaw. May contain Markdown.
numAffected	Int	Number of SoftwareComponentInstances this Finding affects
numOccurences	Int	Number of occurrences in the source tool when several vulnerabilities were found and aggregated by the scanner.
origin	FindingOrigin	The origin of this finding (e.g. a security scanner, user-added, generated from an automated or user merge, found by FiniteState, etc.)
originalFindings	[Finding]	If this Finding is a 'merged finding', this list contains the underlying findings that this finding represents
originalFindingsComments	[FindingComment]	The collection comments associated with the original findings that led to the creation of this merged finding
originalFindingsFindingLocations	[FindingLocation]	The collection of finding locations associated with the original findings that led to the creation of this merged finding
originalFindingsSources	[TestingTool]	The collection of test tools associated with original findings that led to the creation of this merged finding
originalFindingsStatuses	[FindingStatus]	The collection of statuses associated with the original findings that led to the creation of this merged finding
outOfScope	Boolean	Denotes if this flaw falls outside the scope of the test.
patches	[Patch]	All patches for this finding.
processingStatuses	[ProcessingStatus]	Any kind of processing currently occurring on this finding
properties	[KeyValuePair]	The properties associated with this Finding
regression	Boolean	If this finding had been fixed in a previous version but has regressed in this version, this field will be set to true.
remediationGuidance	String	Text describing how to fix the flaw. May contain Markdown.
riskAccepted	Boolean	Denotes if this finding has been marked as an accepted risk.
riskScore	Float	The risk associated with this Finding as determined by the CVE exploitability score or CWSS score
severity	FindingSeverity	Severity ranking of the finding
severityJustification	String	Text describing why a certain severity was associated with this flaw.
sourceTypes	[FindingSourceType]	Source of the Finding -- this list can expand over time.
statuses	[FindingStatus]	All status changes associated with this Finding.
stepsToReproduce	String	Text describing the steps that must be followed in order to reproduce the flaw.
subcategory	FindingSubcategory	The applicable subcategory for this finding
summary	String	Summary description of the finding
tags	[Tag]	User-assigned tags used to arbitrarily group or classify related findings.
test	Test	The test that this finding was generated from.
title	String	A short title or description of the finding
toolReference	String	URL to link back to the finding in the original tool
uniqueComponents	[SoftwareComponent]	The collection of unique software components associated with this finding
uniqueIdFromTool	String	The original unique id of the finding from the imported Test information
updatedAt	DateTime	The instant this object has been updated the last time (not including relation updates)
verified	Boolean	Denotes if this flaw has been manually verified by the tester.
vulnIdFromTool	String	The original non-unique id of the finding from the imported Test information. This ID may be a CVE id, or specific to the tool, such or SNYK id.
vulnerabilityContext	VulnerabilityContext	Vulnerability Context contains all of the data related to the inherent severity of the vulnerability
vulnerabilityIds	[String]	Vulnerability IDs associated with this test record (such as CVE-2022-1234). These IDs are typically not unique to the tool.

This page was generated: 2024-11-06