Skip to main content

KICS Results API

Notice

A comprehensive Checkmarx One API Reference Guide is now available here.

Overview

Get results for each of the infrastructure vulnerabilities detected in a specific KICS scan (by scan ID). This API returns full details about each vulnerability detected, including the type of vulnerability, platform , severity etc. You can limit the results, by using pagination and/or setting filter parameters.

Notice

If you would like to get the KICS results together with results from the other scanners run on the scan, use GET /api/results.

KICS Results URL

The URL for KICS Results endpoints is <base_url>/api/kics-results

Workflow

  1. Use POST /api/scans to create a scan (specifying to run the KICS scanner), generating a “scan id”.

  2. Use the “scan id” with GET /api/kics-results to get the results of that KICS scan.

Swagger

To view these APIs in the Swagger UI and run sample API calls, go to <base_url>/spec/v1/ and select Kics Results in the definition field.

GET KICS Results

Authentication

Authentication for all Checkmarx One endpoints is done using JWT (JSON Web Token) access token. Access tokens are generated using the Authentication API.

Media Type (header)

Authorization: Bearer <access_token>

Accept: application/json

Curl Sample

curl -X GET "https://ast.checkmarx.net/api/kics-results?scan-id=c52d00be-01f6-402e-b6a0-7c7d654e6783&limit=20&sort=%2Bstatus&sort=%2Bseverity" -H  "accept: application/json"

Parameters

Query Parameters:

Parameter

Mandatory

Type

Description

scan-id

yes

string

The unique identifier of a specific scan that was run in your account.

severity

no

array[string]

The severity of the vulnerability for which you would like to show results.

Options are:

  • High

  • Medium

  • Low

  • Info

status

no

array[string]

The status of the vulnerability for which you would like to show results.

Options are:

  • New

  • Recurrent

  • Fixed

source-file

no

string,

The source file for which you would like to show results.

limit

no

integer

The number of results to return.

Default = 20

sort

no

array[string]

The sorting order of the results.

Options are:

-severity, +severity, -status, +status, -firstfoundat, +firstfoundat, -foundat, +foundat, -firstscanid, +firstscanid

Default value : +status, +severity

Success Response

Code: 200 OK

Attributes:

Attribute

Type

Enums

Description

results[ ]

Shows detailed results for each vulnerability identified in the specified scan (limited by the filters that were applied).

results/ID

string

-

The ID of the result.

results/similarityID

integer

-

The similarity_id is a value assigned to a specific vulnerability instance in your scan. This enables Checkmarx One to track that particular instance in future scans. If a subsequent scan discovers a vulnerability with the identical similarity_id it will be marked as a "recurrent" vulnerability and the severity level, state and notes from the previous scan will be applied to the new scan.

results/severity

string

  • HIGH

  • MEDIUM

  • LOW

  • INFO

The severity of the vulnerability.

A severity level is automatically associated with each result based on the vulnerability that was discovered. The user can adjust the severity level of a specific result via the Checkmarx One web portal or using the POST predicates API.

results/firstScanID

string

-

The scanID of the scan in which the result was first identified in this Project (based on SimilarityID).

results/firstFoundAt

string

(date)

-

The date and time that the result (i.e., the vulnerability instance as represented by the SimilarityID) was first identified in this Project).

results/foundAt

string

(date)

-

The date and time that this result was identified (i.e., when the scan was run).

results/status

string

  • NEW - this is the first time that this particular vulnerability was discovered in this Project.

  • RECURRENT - this vulnerability has been discovered in previous scans of this Project.

Indicates whether or not this particular vulnerability has been discovered in previous scans of this Project.

results/state

string

  • TO_VERIFY

  • NOT_EXPLOITABLE

  • PROPOSED_NOT_EXPLOITABLE

  • CONFIRMED

  • URGENT

Indicates the current state of this vulnerability. The initial state of all NEW vulnerabilities is automatically set as TO_VERIFY. As the user progress through the life cycle of managing the project, the user can change the state via the Checkmarx One web portal or using the POST predicates API.

results/type

string

-

The type of issue that was detected (e.g., Missing Attribute, Incorrect Value etc.)

results/queryID

integer

-

The unique identifier of the query (i.e., vulnerability) that relates to this result.

results/queryName

string

-

The name of the query (vulnerability) that was detected.

results/group

string

-

The query group name.

results/queryURL

string

-

The name of the query (vulnerability) that was detected.

results/fileName

string

-

The name of the file in which the vulnerability was detected.

results/line

integer

-

The line in the file at which the vulnerability was detected.

results/platform

string

-

The platform that is affected by the vulnerability (e.g., Dockerfile.

results/issueType

string

-

The type of issue that was detected (e.g., Missing Attribute, Incorrect Value etc.)

results/searchKey

string

-

The type of element that was searched.

results/searchValue

integer

-

The value of the element that was searched.

results/expectedValue

string

-

The value that was expected to be found in the file for this item.

results/actualValue

string

-

The value that was actually found in the file.

results/value

string

-

The value that was actually found in the file.

results/description

string

-

A brief description of the vulnerability instance.

results/comments

string

-

Comments about the vulnerability instance.

results/resource_type

string

The type of resource in which the vulnerability was identified. e.g., Microsoft.Sql/servers/databases/securityAlertPolicies

Tip

resource_type and resource_name are currently supported for the following platforms: Ansible, Azure Resource Manager, CloudFormation, Kubernetes, Google Deployment Manager, and Terraform.

reults/resource_name

string

The name of the specific resource object in which the vulnerability was identified. e.g., sample/server/default

totalCount

integer

-

The total number of vulnerabilities discovered in this scan.

Sample Success Response:

{
    "results": [
        {
            "ID": "HOjNsqAw3IZIRgd9E5lHlJtvEjI=",
            "similarityID": "68255e6029508138adfa339815a546875d31e533ed4502f4b1dee27475fa5f25",
            "severity": "INFO",
            "firstScanID": "b30a3ce9-1c5e-4eae-96e2-3b835ae46ab8",
            "firstFoundAt": "0001-01-01T00:00:00Z",
            "foundAt": "0001-01-01T00:00:00Z",
            "status": "NEW",
            "state": "TO_VERIFY",
            "type": "IncorrectValue",
            "queryID": "df746b39-6564-4fed-bf85-e9c44382303c",
            "queryName": "Apt Get Install Lists Were Not Deleted",
            "group": "df746b39-6564-4fed-bf85-e9c44382303c",
            "queryURL": "Apt Get Install Lists Were Not Deleted",
            "fileName": "/allScanTypes-master/AllScanTypes/Dockerfile",
            "line": 5,
            "platform": "Dockerfile",
            "issueType": "IncorrectValue",
            "searchKey": "IncorrectValue",
            "searchValue": "5",
            "expectedValue": "After using apt-get install, it is needed to delete apt-get lists",
            "actualValue": "After using apt-get install, the apt-get lists were not deleted",
            "value": "After using apt-get install, the apt-get lists were not deleted",
            "description": "/allScanTypes-master/AllScanTypes/Dockerfile",
            "comments": "/allScanTypes-master/AllScanTypes/Dockerfile"
        }
    ],
    "totalCount": 9
}