- Checkmarx Documentation
- Checkmarx One
- Checkmarx One API Documentation
- Checkmarx One API Endpoints
- KICS Results API
KICS Results API
Notice
A comprehensive Checkmarx One API Reference Guide is now available here.
Overview
Get results for each of the infrastructure vulnerabilities detected in a specific KICS scan (by scan ID). This API returns full details about each vulnerability detected, including the type of vulnerability, platform , severity etc. You can limit the results, by using pagination and/or setting filter parameters.
Notice
If you would like to get the KICS results together with results from the other scanners run on the scan, use GET /api/results
.
KICS Results URL
The URL for KICS Results endpoints is <base_url>/api/kics-results
US Environment - https://ast.checkmarx.net
US2 Environment - https://us.ast.checkmarx.net
EU Environment - https://eu.ast.checkmarx.net
EU2 Environment - https://eu-2.iam.checkmarx.net/
Australia & New Zealand – https://anz.ast.checkmarx.net
India - https://ind.ast.checkmarx.net
Singapore - https://sng.ast.checkmarx.net
Workflow
Use
POST /api/scans
to create a scan (specifying to run the KICS scanner), generating a “scan id”.Use the “scan id” with
GET /api/kics-results
to get the results of that KICS scan.
Swagger
To view these APIs in the Swagger UI and run sample API calls, go to <base_url>/spec/v1/ and select Kics Results in the definition field.
US Environment - https://ast.checkmarx.net/spec/v1/
US2 Environment - https://us.ast.checkmarx.net/spec/v1/
EU Environment - https://eu.ast.checkmarx.net/spec/v1/
EU2 Envitonment - https://eu-2.ast.checkmarx.net/spec/v1/
Australia & New Zealand – https://anz.ast.checkmarx.net/spec/v1/
Singapore - https://sng.ast.checkmarx.net/spec/v1/
GET KICS Results
Authentication
Authentication for all Checkmarx One endpoints is done using JWT (JSON Web Token) access token. Access tokens are generated using the Authentication API.
Media Type (header)
Authorization: Bearer <access_token>
Accept: application/json
Curl Sample
curl -X GET "https://ast.checkmarx.net/api/kics-results?scan-id=c52d00be-01f6-402e-b6a0-7c7d654e6783&limit=20&sort=%2Bstatus&sort=%2Bseverity" -H "accept: application/json"
Parameters
Query Parameters:
Parameter | Mandatory | Type | Description |
---|---|---|---|
scan-id | yes | string | The unique identifier of a specific scan that was run in your account. |
severity | no | array[string] | The severity of the vulnerability for which you would like to show results. Options are:
|
status | no | array[string] | The status of the vulnerability for which you would like to show results. Options are:
|
source-file | no | string, | The source file for which you would like to show results. |
limit | no | integer | The number of results to return. Default = 20 |
sort | no | array[string] | The sorting order of the results. Options are: -severity, +severity, -status, +status, -firstfoundat, +firstfoundat, -foundat, +foundat, -firstscanid, +firstscanid Default value : +status, +severity |
Success Response
Code: 200 OK
Attributes:
Attribute | Type | Enums | Description |
---|---|---|---|
results[ ] | Shows detailed results for each vulnerability identified in the specified scan (limited by the filters that were applied). | ||
results/ID | string | - | The ID of the result. |
results/similarityID | integer | - | The similarity_id is a value assigned to a specific vulnerability instance in your scan. This enables Checkmarx One to track that particular instance in future scans. If a subsequent scan discovers a vulnerability with the identical similarity_id it will be marked as a "recurrent" vulnerability and the severity level, state and notes from the previous scan will be applied to the new scan. |
results/severity | string |
| The severity of the vulnerability. A severity level is automatically associated with each result based on the vulnerability that was discovered. The user can adjust the severity level of a specific result via the Checkmarx One web portal or using the |
results/firstScanID | string | - | The scanID of the scan in which the result was first identified in this Project (based on SimilarityID). |
results/firstFoundAt | string (date) | - | The date and time that the result (i.e., the vulnerability instance as represented by the SimilarityID) was first identified in this Project). |
results/foundAt | string (date) | - | The date and time that this result was identified (i.e., when the scan was run). |
results/status | string |
| Indicates whether or not this particular vulnerability has been discovered in previous scans of this Project. |
results/state | string |
| Indicates the current state of this vulnerability. The initial state of all NEW vulnerabilities is automatically set as TO_VERIFY. As the user progress through the life cycle of managing the project, the user can change the state via the Checkmarx One web portal or using the |
results/type | string | - | The type of issue that was detected (e.g., Missing Attribute, Incorrect Value etc.) |
results/queryID | integer | - | The unique identifier of the query (i.e., vulnerability) that relates to this result. |
results/queryName | string | - | The name of the query (vulnerability) that was detected. |
results/group | string | - | The query group name. |
results/queryURL | string | - | The name of the query (vulnerability) that was detected. |
results/fileName | string | - | The name of the file in which the vulnerability was detected. |
results/line | integer | - | The line in the file at which the vulnerability was detected. |
results/platform | string | - | The platform that is affected by the vulnerability (e.g., Dockerfile. |
results/issueType | string | - | The type of issue that was detected (e.g., Missing Attribute, Incorrect Value etc.) |
results/searchKey | string | - | The type of element that was searched. |
results/searchValue | integer | - | The value of the element that was searched. |
results/expectedValue | string | - | The value that was expected to be found in the file for this item. |
results/actualValue | string | - | The value that was actually found in the file. |
results/value | string | - | The value that was actually found in the file. |
results/description | string | - | A brief description of the vulnerability instance. |
results/comments | string | - | Comments about the vulnerability instance. |
results/resource_type | string | The type of resource in which the vulnerability was identified. e.g., Microsoft.Sql/servers/databases/securityAlertPolicies Tip
| |
reults/resource_name | string | The name of the specific resource object in which the vulnerability was identified. e.g., sample/server/default | |
totalCount | integer | - | The total number of vulnerabilities discovered in this scan. |
Sample Success Response:
{ "results": [ { "ID": "HOjNsqAw3IZIRgd9E5lHlJtvEjI=", "similarityID": "68255e6029508138adfa339815a546875d31e533ed4502f4b1dee27475fa5f25", "severity": "INFO", "firstScanID": "b30a3ce9-1c5e-4eae-96e2-3b835ae46ab8", "firstFoundAt": "0001-01-01T00:00:00Z", "foundAt": "0001-01-01T00:00:00Z", "status": "NEW", "state": "TO_VERIFY", "type": "IncorrectValue", "queryID": "df746b39-6564-4fed-bf85-e9c44382303c", "queryName": "Apt Get Install Lists Were Not Deleted", "group": "df746b39-6564-4fed-bf85-e9c44382303c", "queryURL": "Apt Get Install Lists Were Not Deleted", "fileName": "/allScanTypes-master/AllScanTypes/Dockerfile", "line": 5, "platform": "Dockerfile", "issueType": "IncorrectValue", "searchKey": "IncorrectValue", "searchValue": "5", "expectedValue": "After using apt-get install, it is needed to delete apt-get lists", "actualValue": "After using apt-get install, the apt-get lists were not deleted", "value": "After using apt-get install, the apt-get lists were not deleted", "description": "/allScanTypes-master/AllScanTypes/Dockerfile", "comments": "/allScanTypes-master/AllScanTypes/Dockerfile" } ], "totalCount": 9 }