API Reference

Vulnerability Scanner

Scans

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Get Scan

client.VulnerabilityScanner.Scans.Get(ctx, scanID, query) (*ScanGetResponse, error)

GET/accounts/{account_id}/vuln_scanner/scans/{scan_id}

Returns a single scan by ID.

Security

API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194

ParametersExpand Collapse

scanID string

formatuuid

query ScanGetParams

AccountID param.Field[string]Optional

Identifier.

maxLength32

ReturnsExpand Collapse

type ScanGetResponse struct{…}

ID string

Scan identifier.

formatuuid

ScanType ScanGetResponseScanType

The type of vulnerability scan.

Status ScanGetResponseStatus

Current lifecycle status of the scan.

One of the following:

const ScanGetResponseStatusCreated ScanGetResponseStatus = "created"

const ScanGetResponseStatusScheduled ScanGetResponseStatus = "scheduled"

const ScanGetResponseStatusPlanning ScanGetResponseStatus = "planning"

const ScanGetResponseStatusRunning ScanGetResponseStatus = "running"

const ScanGetResponseStatusFinished ScanGetResponseStatus = "finished"

const ScanGetResponseStatusFailed ScanGetResponseStatus = "failed"

TargetEnvironmentID string

The target environment this scan runs against.

formatuuid

Report ScanGetResponseReportOptional

Vulnerability report produced after the scan completes. The shape depends on the scan type. Present only for finished scans.

Report ScanGetResponseReportReport

Version 1 of the BOLA vulnerability scan report.

Summary ScanGetResponseReportReportSummary

Summary of all steps and findings.

Verdict ScanGetResponseReportReportSummaryVerdict

Overall verdict of the vulnerability scan.

One of the following:

const ScanGetResponseReportReportSummaryVerdictOk ScanGetResponseReportReportSummaryVerdict = "ok"

const ScanGetResponseReportReportSummaryVerdictWarning ScanGetResponseReportReportSummaryVerdict = "warning"

const ScanGetResponseReportReportSummaryVerdictInconclusive ScanGetResponseReportReportSummaryVerdict = "inconclusive"

Tests []ScanGetResponseReportReportTest

List of tests that were run.

Steps []ScanGetResponseReportReportTestsStep

Steps that were executed.

Assertions []ScanGetResponseReportReportTestsStepsAssertion

Assertions that were made against the received response.

Description string

Human-readable description of the assertion, explaining what was checked.

Kind ScanGetResponseReportReportTestsStepsAssertionsKind

Kind of assertion.

Parameters ScanGetResponseReportReportTestsStepsAssertionsKindParameters

Range of HTTP status codes.

Max int64

Maximum (inclusive) status code of the range.

maximum65535

minimum0

Min int64

Minimum (inclusive) status code of the range.

maximum65535

minimum0

Type ScanGetResponseReportReportTestsStepsAssertionsKindType

Observed int64

Observed value on which the assertion was made.

Outcome ScanGetResponseReportReportTestsStepsAssertionsOutcome

Outcome of the assertion.

One of the following:

const ScanGetResponseReportReportTestsStepsAssertionsOutcomeOk ScanGetResponseReportReportTestsStepsAssertionsOutcome = "ok"

const ScanGetResponseReportReportTestsStepsAssertionsOutcomeFail ScanGetResponseReportReportTestsStepsAssertionsOutcome = "fail"

const ScanGetResponseReportReportTestsStepsAssertionsOutcomeInconclusive ScanGetResponseReportReportTestsStepsAssertionsOutcome = "inconclusive"

Errors []ScanGetResponseReportReportTestsStepsErrorOptional

Errors the step encountered that may explain absent or incomplete fields.

Description string

Human-readable error description.

ErrorCode int64Optional

Numeric error code identifying the class of error, if available.

formatuint32

minimum0

Request ScanGetResponseReportReportTestsStepsRequestOptional

HTTP request that was made, if any.

CredentialSet ScanGetResponseReportReportTestsStepsRequestCredentialSet

Credential set that was used.

ID string

ID of the credential set.

formatuuid

Role ScanGetResponseReportReportTestsStepsRequestCredentialSetRole

Role of the credential set.

One of the following:

const ScanGetResponseReportReportTestsStepsRequestCredentialSetRoleOwner ScanGetResponseReportReportTestsStepsRequestCredentialSetRole = "owner"

const ScanGetResponseReportReportTestsStepsRequestCredentialSetRoleAttacker ScanGetResponseReportReportTestsStepsRequestCredentialSetRole = "attacker"

HeaderNames []string

Names of headers that were sent.

Method ScanGetResponseReportReportTestsStepsRequestMethod

HTTP method.

One of the following:

const ScanGetResponseReportReportTestsStepsRequestMethodGet ScanGetResponseReportReportTestsStepsRequestMethod = "GET"

const ScanGetResponseReportReportTestsStepsRequestMethodDelete ScanGetResponseReportReportTestsStepsRequestMethod = "DELETE"

const ScanGetResponseReportReportTestsStepsRequestMethodPatch ScanGetResponseReportReportTestsStepsRequestMethod = "PATCH"

const ScanGetResponseReportReportTestsStepsRequestMethodPost ScanGetResponseReportReportTestsStepsRequestMethod = "POST"

const ScanGetResponseReportReportTestsStepsRequestMethodPut ScanGetResponseReportReportTestsStepsRequestMethod = "PUT"

URL string

Exact and full URL (including host, query parameters) that was requested.

formaturi

VariableCaptures []ScanGetResponseReportReportTestsStepsRequestVariableCapture

Variable captures requested for this step.

JsonPath string

JSONPath expression used for capture, e.g. "$.id".

Name string

Variable name, e.g. "resource_id".

Body unknownOptional

Request body, if any.

Response ScanGetResponseReportReportTestsStepsResponseOptional

HTTP response that was received, if any.

Body ScanGetResponseReportReportTestsStepsResponseBody

HTTP response body.

One of the following:

type ScanGetResponseReportReportTestsStepsResponseBodyKind struct{…}

No body was received.

Kind ScanGetResponseReportReportTestsStepsResponseBodyKindKind

type ScanGetResponseReportReportTestsStepsResponseBodyObject struct{…}

Body received but unable to read as UTF-8. Raw bytes, base64-encoded.

Contents string

Kind ScanGetResponseReportReportTestsStepsResponseBodyObjectKind

Truncated bool

type ScanGetResponseReportReportTestsStepsResponseBodyObject struct{…}

Body received as valid UTF-8 text but not valid JSON.

Contents string

Kind ScanGetResponseReportReportTestsStepsResponseBodyObjectKind

Truncated bool

type ScanGetResponseReportReportTestsStepsResponseBodyObject struct{…}

Body received as valid JSON.

Contents string

Kind ScanGetResponseReportReportTestsStepsResponseBodyObjectKind

Truncated bool

HeaderNames []string

Names of headers that were received.

Status int64

HTTP status code.

maximum65535

minimum0

StatusText stringOptional

HTTP status text, if available for the status code.

Verdict ScanGetResponseReportReportTestsVerdict

Verdict of this single test.

One of the following:

const ScanGetResponseReportReportTestsVerdictOk ScanGetResponseReportReportTestsVerdict = "ok"

const ScanGetResponseReportReportTestsVerdictWarning ScanGetResponseReportReportTestsVerdict = "warning"

const ScanGetResponseReportReportTestsVerdictInconclusive ScanGetResponseReportReportTestsVerdict = "inconclusive"

PreflightErrors []ScanGetResponseReportReportTestsPreflightErrorOptional

Errors that prevented step execution.

Description string

Human-readable error description.

ErrorCode int64Optional

Numeric error code identifying the class of error, if available.

formatuint32

minimum0

ReportSchemaVersion ScanGetResponseReportReportSchemaVersion

Version of the report schema.

Get Scan

Go

HTTP

TypeScript

Python

Go

Terraform

package main

import (
  "context"
  "fmt"

  "github.com/cloudflare/cloudflare-go"
  "github.com/cloudflare/cloudflare-go/option"
  "github.com/cloudflare/cloudflare-go/vulnerability_scanner"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"),
  )
  scan, err := client.VulnerabilityScanner.Scans.Get(
    context.TODO(),
    "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
    vulnerability_scanner.ScanGetParams{
      AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"),
    },
  )
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", scan.ID)
}

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
    "scan_type": "bola",
    "status": "created",
    "target_environment_id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
    "report": {
      "report": {
        "summary": {
          "verdict": "ok"
        },
        "tests": [
          {
            "steps": [
              {
                "assertions": [
                  {
                    "description": "description",
                    "kind": {
                      "parameters": {
                        "max": 0,
                        "min": 0
                      },
                      "type": "http_status_within_range"
                    },
                    "observed": 0,
                    "outcome": "ok"
                  }
                ],
                "errors": [
                  {
                    "description": "description",
                    "error_code": 0
                  }
                ],
                "request": {
                  "credential_set": {
                    "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
                    "role": "owner"
                  },
                  "header_names": [
                    "string"
                  ],
                  "method": "GET",
                  "url": "https://example.com",
                  "variable_captures": [
                    {
                      "json_path": "json_path",
                      "name": "name"
                    }
                  ],
                  "body": {}
                },
                "response": {
                  "body": {
                    "kind": "not_found"
                  },
                  "header_names": [
                    "string"
                  ],
                  "status": 0,
                  "status_text": "status_text"
                }
              }
            ],
            "verdict": "ok",
            "preflight_errors": [
              {
                "description": "description",
                "error_code": 0
              }
            ]
          }
        ]
      },
      "report_schema_version": "v1"
    }
  },
  "result_info": {}
}

Returns Examples

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
    "scan_type": "bola",
    "status": "created",
    "target_environment_id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
    "report": {
      "report": {
        "summary": {
          "verdict": "ok"
        },
        "tests": [
          {
            "steps": [
              {
                "assertions": [
                  {
                    "description": "description",
                    "kind": {
                      "parameters": {
                        "max": 0,
                        "min": 0
                      },
                      "type": "http_status_within_range"
                    },
                    "observed": 0,
                    "outcome": "ok"
                  }
                ],
                "errors": [
                  {
                    "description": "description",
                    "error_code": 0
                  }
                ],
                "request": {
                  "credential_set": {
                    "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
                    "role": "owner"
                  },
                  "header_names": [
                    "string"
                  ],
                  "method": "GET",
                  "url": "https://example.com",
                  "variable_captures": [
                    {
                      "json_path": "json_path",
                      "name": "name"
                    }
                  ],
                  "body": {}
                },
                "response": {
                  "body": {
                    "kind": "not_found"
                  },
                  "header_names": [
                    "string"
                  ],
                  "status": 0,
                  "status_text": "status_text"
                }
              }
            ],
            "verdict": "ok",
            "preflight_errors": [
              {
                "description": "description",
                "error_code": 0
              }
            ]
          }
        ]
      },
      "report_schema_version": "v1"
    }
  },
  "result_info": {}
}