KICS Results API

Overview

Get results for each of the infrastructure vulnerabilities detected in a specific KICS scan (by scan ID). This API returns full details about each vulnerability detected, including the type of vulnerability, platform , severity etc. You can limit the results, by using pagination and/or setting filter parameters.

Notice

If you would like to get the KICS results together with results from the other scanners run on the scan, use GET /api/results.

KICS Results URL

The URL for KICS Results endpoints is <base_url>/api/kics-results

Workflow

Use POST /api/scans to create a scan (specifying to run the KICS scanner), generating a “scan id”.
Use the “scan id” with GET /api/kics-results to get the results of that KICS scan.

Swagger

To view these APIs in the Swagger UI and run sample API calls, go to <base_url>/spec/v1/ and select Kics Results in the definition field.

GET KICS Results

Authentication

Authentication for all Checkmarx One endpoints is done using JWT (JSON Web Token) access token. Access tokens are generated using the Authentication API.

Media Type (header)

Authorization: Bearer <access_token>

Accept: application/json

Curl Sample

curl -X GET "https://ast.checkmarx.net/api/kics-results?scan-id=c52d00be-01f6-402e-b6a0-7c7d654e6783&limit=20&sort=%2Bstatus&sort=%2Bseverity" -H  "accept: application/json"

Parameters

Query Parameters:

Parameter	Mandatory	Type	Description
scan-id	yes	string	The unique identifier of a specific scan that was run in your account.
severity	no	array[string]	The severity of the vulnerability for which you would like to show results. Options are: High Medium Low Info
status	no	array[string]	The status of the vulnerability for which you would like to show results. Options are: New Recurrent Fixed
source-file	no	string,	The source file for which you would like to show results.
limit	no	integer	The number of results to return. Default = 20
sort	no	array[string]	The sorting order of the results. Options are: -severity, +severity, -status, +status, -firstfoundat, +firstfoundat, -foundat, +foundat, -firstscanid, +firstscanid Default value : +status, +severity

Success Response

Code: 200 OK

Attributes:

Attribute	Type	Enums	Description
results[ ]	Shows detailed results for each vulnerability identified in the specified scan (limited by the filters that were applied).
results/ID	string	-	The ID of the result.
results/similarityID	integer	-	The similarity_id is a value assigned to a specific vulnerability instance in your scan. This enables Checkmarx One to track that particular instance in future scans. If a subsequent scan discovers a vulnerability with the identical similarity_id it will be marked as a "recurrent" vulnerability and the severity level, state and notes from the previous scan will be applied to the new scan.
results/severity	string	`HIGH` `MEDIUM` `LOW` `INFO`	The severity of the vulnerability. A severity level is automatically associated with each result based on the vulnerability that was discovered. The user can adjust the severity level of a specific result via the Checkmarx One web portal or using the `POST predicates` API.
results/firstScanID	string	-	The scanID of the scan in which the result was first identified in this Project (based on SimilarityID).
results/firstFoundAt	string (date)	-	The date and time that the result (i.e., the vulnerability instance as represented by the SimilarityID) was first identified in this Project).
results/foundAt	string (date)	-	The date and time that this result was identified (i.e., when the scan was run).
results/status	string	`NEW` - this is the first time that this particular vulnerability was discovered in this Project. `RECURRENT` - this vulnerability has been discovered in previous scans of this Project.	Indicates whether or not this particular vulnerability has been discovered in previous scans of this Project.
results/state	string	`TO_VERIFY` `NOT_EXPLOITABLE` `PROPOSED_NOT_EXPLOITABLE` `CONFIRMED` `URGENT`	Indicates the current state of this vulnerability. The initial state of all NEW vulnerabilities is automatically set as TO_VERIFY. As the user progress through the life cycle of managing the project, the user can change the state via the Checkmarx One web portal or using the `POST predicates` API.
results/type	string	-	The type of issue that was detected (e.g., Missing Attribute, Incorrect Value etc.)
results/queryID	integer	-	The unique identifier of the query (i.e., vulnerability) that relates to this result.
results/queryName	string	-	The name of the query (vulnerability) that was detected.
results/group	string	-	The query group name.
results/queryURL	string	-	The name of the query (vulnerability) that was detected.
results/fileName	string	-	The name of the file in which the vulnerability was detected.
results/line	integer	-	The line in the file at which the vulnerability was detected.
results/platform	string	-	The platform that is affected by the vulnerability (e.g., Dockerfile.
results/issueType	string	-	The type of issue that was detected (e.g., Missing Attribute, Incorrect Value etc.)
results/searchKey	string	-	The type of element that was searched.
results/searchValue	integer	-	The value of the element that was searched.
results/expectedValue	string	-	The value that was expected to be found in the file for this item.
results/actualValue	string	-	The value that was actually found in the file.
results/value	string	-	The value that was actually found in the file.
results/description	string	-	A brief description of the vulnerability instance.
results/comments	string	-	Comments about the vulnerability instance.
results/resource_type	string		The type of resource in which the vulnerability was identified. e.g., Microsoft.Sql/servers/databases/securityAlertPolicies Tip `resource_type` and `resource_name` are currently supported for the following platforms: Ansible, Azure Resource Manager, CloudFormation, Kubernetes, Google Deployment Manager, and Terraform.
reults/resource_name	string		The name of the specific resource object in which the vulnerability was identified. e.g., sample/server/default
totalCount	integer	-	The total number of vulnerabilities discovered in this scan.

Sample Success Response:

{
    "results": [
        {
            "ID": "HOjNsqAw3IZIRgd9E5lHlJtvEjI=",
            "similarityID": "68255e6029508138adfa339815a546875d31e533ed4502f4b1dee27475fa5f25",
            "severity": "INFO",
            "firstScanID": "b30a3ce9-1c5e-4eae-96e2-3b835ae46ab8",
            "firstFoundAt": "0001-01-01T00:00:00Z",
            "foundAt": "0001-01-01T00:00:00Z",
            "status": "NEW",
            "state": "TO_VERIFY",
            "type": "IncorrectValue",
            "queryID": "df746b39-6564-4fed-bf85-e9c44382303c",
            "queryName": "Apt Get Install Lists Were Not Deleted",
            "group": "df746b39-6564-4fed-bf85-e9c44382303c",
            "queryURL": "Apt Get Install Lists Were Not Deleted",
            "fileName": "/allScanTypes-master/AllScanTypes/Dockerfile",
            "line": 5,
            "platform": "Dockerfile",
            "issueType": "IncorrectValue",
            "searchKey": "IncorrectValue",
            "searchValue": "5",
            "expectedValue": "After using apt-get install, it is needed to delete apt-get lists",
            "actualValue": "After using apt-get install, the apt-get lists were not deleted",
            "value": "After using apt-get install, the apt-get lists were not deleted",
            "description": "/allScanTypes-master/AllScanTypes/Dockerfile",
            "comments": "/allScanTypes-master/AllScanTypes/Dockerfile"
        }
    ],
    "totalCount": 9
}

In this section: