Skip to main content

Checkmarx One API - GET SAST Results


Get comprehensive results for each of the vulnerabilities detected in a specific SAST scan (by scan ID). This API returns full details about each vulnerability detected, including vulnerability details, history, compliance, affected nodes etc. You can limit the results, by using pagination and/or setting filter parameters. You can also sort the results by several parameters.


If you would like to get the SAST results together with results from the other scanners run on the scan, use GET /api/results.

SAST Results Endpoints

The URL for SAST Results endpoints is <base_url>/api/sast-results


  1. Use POST /api/scans to create a scan (specifying to run the SAST scanner), generating a “scan id”.

  2. Use the “scan id” with GET /api/sast-results to get the results of that KICS scan.


Authentication for all Checkmarx One endpoints is done using JWT (JSON Web Token) access token. Access tokens are generated using the Authentication API.


To view these APIs in the Swagger UI and run sample API calls, go to <base_url>/spec/v1/ and select Sast Results in the definition field.

Getting SAST Results (GET sast-results)

Gets a list of all vulnerabilities identified in a particular scan by the SAST scanner and shows detailed info about each vulnerability. The only required query param is scan-id. You can limit results by using pagination and or by filtering by various scan attributes such as severity, status, language etc. You can also filter by the location of the vulnerability by specifying the file name, source node, sink node etc.

In addition, you can specify how the results are sorted (e.g., created at, name, user agent etc.).

See query parameters in the Swagger visualization above.

The following table describes the parameters for which default settings are applied unless otherwise specified:



Default value


  • True - Included detailed info about each of the nodes affected by a vulnerability.

  • False - Don’t include node info.



Checkmarx One tracks specific vulnerability instances throughout your SDLC. Each vulnerability instance (based on similarityID) has a ‘Predicate’ associated with it, which is comprised of the following attributes: ‘state’, ‘severity’ and ‘comments’. If these have been changed from the original values then this parameter determines whether the new predicate or the original predicate will be shown.

  • True - The new predicate is shown.

  • False - The old predicate is shown.



How the results are sorted.

[ "+status", "+severity", "-queryname" ]

cURL Samples

Get results for a scan using default settings

curl -X GET "" -H  "accept: application/json" -H  "Authorization: Bearer <token>"

Filter for results in “java” language and the file name contains the string “security”

curl -X GET "" -H  "accept: application/json" -H  "Authorization: Bearer <token>"

Sort results by query name in descending order and exclude node info from the results

curl -X GET "" -H  "accept: application/json" -H  "Authorization: Bearer <token>"