# Vulnerability Scanner # Credential Sets ## List Credential Sets `vulnerability_scanner.credential_sets.list(CredentialSetListParams**kwargs) -> SyncV4PagePaginationArray[CredentialSetListResponse]` **get** `/accounts/{account_id}/vuln_scanner/credential_sets` Returns all credential sets for the account. ### Parameters - `account_id: Optional[str]` Identifier. - `page: Optional[int]` Page number of paginated results. - `per_page: Optional[int]` Number of results per page. ### Returns - `class CredentialSetListResponse: …` - `id: str` Credential set identifier. - `name: str` Human-readable name. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.vulnerability_scanner.credential_sets.list( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "name": "Production API credentials" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000, "total_pages": 100 } } ``` ## Create Credential Set `vulnerability_scanner.credential_sets.create(CredentialSetCreateParams**kwargs) -> CredentialSetCreateResponse` **post** `/accounts/{account_id}/vuln_scanner/credential_sets` Creates a new credential set. ### Parameters - `account_id: Optional[str]` Identifier. - `name: str` Human-readable name. ### Returns - `class CredentialSetCreateResponse: …` - `id: str` Credential set identifier. - `name: str` Human-readable name. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) credential_set = client.vulnerability_scanner.credential_sets.create( account_id="023e105f4ecef8ad9ca31a8372d0c353", name="Production API credentials", ) print(credential_set.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "name": "Production API credentials" }, "result_info": {} } ``` ## Get Credential Set `vulnerability_scanner.credential_sets.get(strcredential_set_id, CredentialSetGetParams**kwargs) -> CredentialSetGetResponse` **get** `/accounts/{account_id}/vuln_scanner/credential_sets/{credential_set_id}` Returns a single credential set by ID. ### Parameters - `account_id: Optional[str]` Identifier. - `credential_set_id: str` ### Returns - `class CredentialSetGetResponse: …` - `id: str` Credential set identifier. - `name: str` Human-readable name. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) credential_set = client.vulnerability_scanner.credential_sets.get( credential_set_id="182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(credential_set.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "name": "Production API credentials" }, "result_info": {} } ``` ## Update Credential Set `vulnerability_scanner.credential_sets.update(strcredential_set_id, CredentialSetUpdateParams**kwargs) -> CredentialSetUpdateResponse` **put** `/accounts/{account_id}/vuln_scanner/credential_sets/{credential_set_id}` Replaces a credential set. All fields must be provided. ### Parameters - `account_id: Optional[str]` Identifier. - `credential_set_id: str` - `name: str` Human-readable name. ### Returns - `class CredentialSetUpdateResponse: …` - `id: str` Credential set identifier. - `name: str` Human-readable name. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) credential_set = client.vulnerability_scanner.credential_sets.update( credential_set_id="182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", account_id="023e105f4ecef8ad9ca31a8372d0c353", name="Production API credentials", ) print(credential_set.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "name": "Production API credentials" }, "result_info": {} } ``` ## Edit Credential Set `vulnerability_scanner.credential_sets.edit(strcredential_set_id, CredentialSetEditParams**kwargs) -> CredentialSetEditResponse` **patch** `/accounts/{account_id}/vuln_scanner/credential_sets/{credential_set_id}` Updates a credential set with only the provided fields; omitted fields remain unchanged. ### Parameters - `account_id: Optional[str]` Identifier. - `credential_set_id: str` - `name: Optional[str]` Human-readable name. ### Returns - `class CredentialSetEditResponse: …` - `id: str` Credential set identifier. - `name: str` Human-readable name. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) response = client.vulnerability_scanner.credential_sets.edit( credential_set_id="182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(response.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "name": "Production API credentials" }, "result_info": {} } ``` ## Delete Credential Set `vulnerability_scanner.credential_sets.delete(strcredential_set_id, CredentialSetDeleteParams**kwargs) -> object` **delete** `/accounts/{account_id}/vuln_scanner/credential_sets/{credential_set_id}` Deletes a credential set and all of its credentials. ### Parameters - `account_id: Optional[str]` Identifier. - `credential_set_id: str` ### Returns - `object` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) credential_set = client.vulnerability_scanner.credential_sets.delete( credential_set_id="182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(credential_set) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": {}, "result_info": {} } ``` ## Domain Types ### Credential Set List Response - `class CredentialSetListResponse: …` - `id: str` Credential set identifier. - `name: str` Human-readable name. ### Credential Set Create Response - `class CredentialSetCreateResponse: …` - `id: str` Credential set identifier. - `name: str` Human-readable name. ### Credential Set Get Response - `class CredentialSetGetResponse: …` - `id: str` Credential set identifier. - `name: str` Human-readable name. ### Credential Set Update Response - `class CredentialSetUpdateResponse: …` - `id: str` Credential set identifier. - `name: str` Human-readable name. ### Credential Set Edit Response - `class CredentialSetEditResponse: …` - `id: str` Credential set identifier. - `name: str` Human-readable name. # Credentials ## List Credentials `vulnerability_scanner.credential_sets.credentials.list(strcredential_set_id, CredentialListParams**kwargs) -> SyncV4PagePaginationArray[CredentialListResponse]` **get** `/accounts/{account_id}/vuln_scanner/credential_sets/{credential_set_id}/credentials` Returns all credentials within a credential set. ### Parameters - `account_id: Optional[str]` Identifier. - `credential_set_id: str` - `page: Optional[int]` Page number of paginated results. - `per_page: Optional[int]` Number of results per page. ### Returns - `class CredentialListResponse: …` A credential attached to API requests during scanning. The credential `value` is write-only and never returned in responses. - `id: str` Credential identifier. - `credential_set_id: str` Parent credential set identifier. - `location: Literal["header", "cookie"]` Where the credential is attached in outgoing requests. - `"header"` - `"cookie"` - `location_name: str` Name of the header or cookie where the credential is attached. - `name: str` Human-readable name. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.vulnerability_scanner.credential_sets.credentials.list( credential_set_id="182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "credential_set_id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "location": "header", "location_name": "Authorization", "name": "Admin API key" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000, "total_pages": 100 } } ``` ## Create Credential `vulnerability_scanner.credential_sets.credentials.create(strcredential_set_id, CredentialCreateParams**kwargs) -> CredentialCreateResponse` **post** `/accounts/{account_id}/vuln_scanner/credential_sets/{credential_set_id}/credentials` Creates a new credential within a credential set. ### Parameters - `account_id: Optional[str]` Identifier. - `credential_set_id: str` - `location: Literal["header", "cookie"]` Where the credential is attached in outgoing requests. - `"header"` - `"cookie"` - `location_name: str` Name of the header or cookie where the credential is attached. - `name: str` Human-readable name. - `value: str` The credential value (e.g. API key, session token). Write-only. Never returned in responses. ### Returns - `class CredentialCreateResponse: …` A credential attached to API requests during scanning. The credential `value` is write-only and never returned in responses. - `id: str` Credential identifier. - `credential_set_id: str` Parent credential set identifier. - `location: Literal["header", "cookie"]` Where the credential is attached in outgoing requests. - `"header"` - `"cookie"` - `location_name: str` Name of the header or cookie where the credential is attached. - `name: str` Human-readable name. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) credential = client.vulnerability_scanner.credential_sets.credentials.create( credential_set_id="182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", account_id="023e105f4ecef8ad9ca31a8372d0c353", location="header", location_name="Authorization", name="Admin API key", value="Bearer EXAMPLE_TOKEN", ) print(credential.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "credential_set_id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "location": "header", "location_name": "Authorization", "name": "Admin API key" }, "result_info": {} } ``` ## Get Credential `vulnerability_scanner.credential_sets.credentials.get(strcredential_id, CredentialGetParams**kwargs) -> CredentialGetResponse` **get** `/accounts/{account_id}/vuln_scanner/credential_sets/{credential_set_id}/credentials/{credential_id}` Returns a single credential by ID. ### Parameters - `account_id: Optional[str]` Identifier. - `credential_set_id: str` - `credential_id: str` ### Returns - `class CredentialGetResponse: …` A credential attached to API requests during scanning. The credential `value` is write-only and never returned in responses. - `id: str` Credential identifier. - `credential_set_id: str` Parent credential set identifier. - `location: Literal["header", "cookie"]` Where the credential is attached in outgoing requests. - `"header"` - `"cookie"` - `location_name: str` Name of the header or cookie where the credential is attached. - `name: str` Human-readable name. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) credential = client.vulnerability_scanner.credential_sets.credentials.get( credential_id="182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", account_id="023e105f4ecef8ad9ca31a8372d0c353", credential_set_id="182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", ) print(credential.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "credential_set_id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "location": "header", "location_name": "Authorization", "name": "Admin API key" }, "result_info": {} } ``` ## Update Credential `vulnerability_scanner.credential_sets.credentials.update(strcredential_id, CredentialUpdateParams**kwargs) -> CredentialUpdateResponse` **put** `/accounts/{account_id}/vuln_scanner/credential_sets/{credential_set_id}/credentials/{credential_id}` Replaces a credential. All fields must be provided. ### Parameters - `account_id: Optional[str]` Identifier. - `credential_set_id: str` - `credential_id: str` - `location: Literal["header", "cookie"]` Where the credential is attached in outgoing requests. - `"header"` - `"cookie"` - `location_name: str` Name of the header or cookie where the credential is attached. - `name: str` Human-readable name. - `value: str` The credential value. Write-only. Never returned in responses. ### Returns - `class CredentialUpdateResponse: …` A credential attached to API requests during scanning. The credential `value` is write-only and never returned in responses. - `id: str` Credential identifier. - `credential_set_id: str` Parent credential set identifier. - `location: Literal["header", "cookie"]` Where the credential is attached in outgoing requests. - `"header"` - `"cookie"` - `location_name: str` Name of the header or cookie where the credential is attached. - `name: str` Human-readable name. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) credential = client.vulnerability_scanner.credential_sets.credentials.update( credential_id="182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", account_id="023e105f4ecef8ad9ca31a8372d0c353", credential_set_id="182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", location="header", location_name="Authorization", name="Admin API key", value="Bearer EXAMPLE_TOKEN", ) print(credential.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "credential_set_id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "location": "header", "location_name": "Authorization", "name": "Admin API key" }, "result_info": {} } ``` ## Edit Credential `vulnerability_scanner.credential_sets.credentials.edit(strcredential_id, CredentialEditParams**kwargs) -> CredentialEditResponse` **patch** `/accounts/{account_id}/vuln_scanner/credential_sets/{credential_set_id}/credentials/{credential_id}` Updates a credential with only the provided fields; omitted fields remain unchanged. ### Parameters - `account_id: Optional[str]` Identifier. - `credential_set_id: str` - `credential_id: str` - `location: Optional[Literal["header", "cookie"]]` Where the credential is attached in outgoing requests. - `"header"` - `"cookie"` - `location_name: Optional[str]` Name of the header or cookie where the credential is attached. - `name: Optional[str]` Human-readable name. - `value: Optional[str]` The credential value. Write-only. Never returned in responses. ### Returns - `class CredentialEditResponse: …` A credential attached to API requests during scanning. The credential `value` is write-only and never returned in responses. - `id: str` Credential identifier. - `credential_set_id: str` Parent credential set identifier. - `location: Literal["header", "cookie"]` Where the credential is attached in outgoing requests. - `"header"` - `"cookie"` - `location_name: str` Name of the header or cookie where the credential is attached. - `name: str` Human-readable name. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) response = client.vulnerability_scanner.credential_sets.credentials.edit( credential_id="182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", account_id="023e105f4ecef8ad9ca31a8372d0c353", credential_set_id="182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", ) print(response.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "credential_set_id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "location": "header", "location_name": "Authorization", "name": "Admin API key" }, "result_info": {} } ``` ## Delete Credential `vulnerability_scanner.credential_sets.credentials.delete(strcredential_id, CredentialDeleteParams**kwargs) -> object` **delete** `/accounts/{account_id}/vuln_scanner/credential_sets/{credential_set_id}/credentials/{credential_id}` Deletes a credential. ### Parameters - `account_id: Optional[str]` Identifier. - `credential_set_id: str` - `credential_id: str` ### Returns - `object` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) credential = client.vulnerability_scanner.credential_sets.credentials.delete( credential_id="182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", account_id="023e105f4ecef8ad9ca31a8372d0c353", credential_set_id="182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", ) print(credential) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": {}, "result_info": {} } ``` ## Domain Types ### Credential List Response - `class CredentialListResponse: …` A credential attached to API requests during scanning. The credential `value` is write-only and never returned in responses. - `id: str` Credential identifier. - `credential_set_id: str` Parent credential set identifier. - `location: Literal["header", "cookie"]` Where the credential is attached in outgoing requests. - `"header"` - `"cookie"` - `location_name: str` Name of the header or cookie where the credential is attached. - `name: str` Human-readable name. ### Credential Create Response - `class CredentialCreateResponse: …` A credential attached to API requests during scanning. The credential `value` is write-only and never returned in responses. - `id: str` Credential identifier. - `credential_set_id: str` Parent credential set identifier. - `location: Literal["header", "cookie"]` Where the credential is attached in outgoing requests. - `"header"` - `"cookie"` - `location_name: str` Name of the header or cookie where the credential is attached. - `name: str` Human-readable name. ### Credential Get Response - `class CredentialGetResponse: …` A credential attached to API requests during scanning. The credential `value` is write-only and never returned in responses. - `id: str` Credential identifier. - `credential_set_id: str` Parent credential set identifier. - `location: Literal["header", "cookie"]` Where the credential is attached in outgoing requests. - `"header"` - `"cookie"` - `location_name: str` Name of the header or cookie where the credential is attached. - `name: str` Human-readable name. ### Credential Update Response - `class CredentialUpdateResponse: …` A credential attached to API requests during scanning. The credential `value` is write-only and never returned in responses. - `id: str` Credential identifier. - `credential_set_id: str` Parent credential set identifier. - `location: Literal["header", "cookie"]` Where the credential is attached in outgoing requests. - `"header"` - `"cookie"` - `location_name: str` Name of the header or cookie where the credential is attached. - `name: str` Human-readable name. ### Credential Edit Response - `class CredentialEditResponse: …` A credential attached to API requests during scanning. The credential `value` is write-only and never returned in responses. - `id: str` Credential identifier. - `credential_set_id: str` Parent credential set identifier. - `location: Literal["header", "cookie"]` Where the credential is attached in outgoing requests. - `"header"` - `"cookie"` - `location_name: str` Name of the header or cookie where the credential is attached. - `name: str` Human-readable name. # Scans ## List Scans `vulnerability_scanner.scans.list(ScanListParams**kwargs) -> SyncV4PagePaginationArray[ScanListResponse]` **get** `/accounts/{account_id}/vuln_scanner/scans` Returns all scans for the account. ### Parameters - `account_id: Optional[str]` Identifier. - `page: Optional[int]` Page number of paginated results. - `per_page: Optional[int]` Number of results per page. ### Returns - `class ScanListResponse: …` - `id: str` Scan identifier. - `scan_type: Literal["bola"]` The type of vulnerability scan. - `"bola"` - `status: Literal["created", "scheduled", "planning", 3 more]` Current lifecycle status of the scan. - `"created"` - `"scheduled"` - `"planning"` - `"running"` - `"finished"` - `"failed"` - `target_environment_id: str` The target environment this scan runs against. - `report: Optional[Report]` Vulnerability report produced after the scan completes. The shape depends on the scan type. Present only for finished scans. - `report: ReportReport` Version 1 of the BOLA vulnerability scan report. - `summary: ReportReportSummary` Summary of all steps and findings. - `verdict: Literal["ok", "warning", "inconclusive"]` Overall verdict of the vulnerability scan. - `"ok"` - `"warning"` - `"inconclusive"` - `tests: List[ReportReportTest]` List of tests that were run. - `steps: List[ReportReportTestStep]` Steps that were executed. - `assertions: List[ReportReportTestStepAssertion]` Assertions that were made against the received response. - `description: str` Human-readable description of the assertion, explaining what was checked. - `kind: ReportReportTestStepAssertionKind` Kind of assertion. - `parameters: ReportReportTestStepAssertionKindParameters` Range of HTTP status codes. - `max: int` Maximum (inclusive) status code of the range. - `min: int` Minimum (inclusive) status code of the range. - `type: Literal["http_status_within_range"]` - `"http_status_within_range"` - `observed: Optional[int]` Observed value on which the assertion was made. - `outcome: Literal["ok", "fail", "inconclusive"]` Outcome of the assertion. - `"ok"` - `"fail"` - `"inconclusive"` - `errors: Optional[List[ReportReportTestStepError]]` Errors the step encountered that may explain absent or incomplete fields. - `description: str` Human-readable error description. - `error_code: Optional[int]` Numeric error code identifying the class of error, if available. - `request: Optional[ReportReportTestStepRequest]` HTTP request that was made, if any. - `credential_set: ReportReportTestStepRequestCredentialSet` Credential set that was used. - `id: str` ID of the credential set. - `role: Literal["owner", "attacker"]` Role of the credential set. - `"owner"` - `"attacker"` - `header_names: List[str]` Names of headers that were sent. - `method: Literal["GET", "DELETE", "PATCH", 2 more]` HTTP method. - `"GET"` - `"DELETE"` - `"PATCH"` - `"POST"` - `"PUT"` - `url: str` Exact and full URL (including host, query parameters) that was requested. - `variable_captures: List[ReportReportTestStepRequestVariableCapture]` Variable captures requested for this step. - `json_path: str` JSONPath expression used for capture, e.g. `"$.id"`. - `name: str` Variable name, e.g. `"resource_id"`. - `body: Optional[object]` Request body, if any. - `response: Optional[ReportReportTestStepResponse]` HTTP response that was received, if any. - `body: ReportReportTestStepResponseBody` HTTP response body. - `class ReportReportTestStepResponseBodyKind: …` No body was received. - `kind: Literal["not_found"]` - `"not_found"` - `class ReportReportTestStepResponseBodyUnionMember1: …` Body received but unable to read as UTF-8. Raw bytes, base64-encoded. - `contents: str` - `kind: Literal["bytes"]` - `"bytes"` - `truncated: bool` - `class ReportReportTestStepResponseBodyUnionMember2: …` Body received as valid UTF-8 text but not valid JSON. - `contents: str` - `kind: Literal["text"]` - `"text"` - `truncated: bool` - `class ReportReportTestStepResponseBodyUnionMember3: …` Body received as valid JSON. - `contents: str` - `kind: Literal["json"]` - `"json"` - `truncated: bool` - `header_names: List[str]` Names of headers that were received. - `status: int` HTTP status code. - `status_text: Optional[str]` HTTP status text, if available for the status code. - `verdict: Literal["ok", "warning", "inconclusive"]` Verdict of this single test. - `"ok"` - `"warning"` - `"inconclusive"` - `preflight_errors: Optional[List[ReportReportTestPreflightError]]` Errors that prevented step execution. - `description: str` Human-readable error description. - `error_code: Optional[int]` Numeric error code identifying the class of error, if available. - `report_schema_version: Literal["v1"]` Version of the report schema. - `"v1"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.vulnerability_scanner.scans.list( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "scan_type": "bola", "status": "created", "target_environment_id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "report": { "report": { "summary": { "verdict": "ok" }, "tests": [ { "steps": [ { "assertions": [ { "description": "description", "kind": { "parameters": { "max": 0, "min": 0 }, "type": "http_status_within_range" }, "observed": 0, "outcome": "ok" } ], "errors": [ { "description": "description", "error_code": 0 } ], "request": { "credential_set": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "role": "owner" }, "header_names": [ "string" ], "method": "GET", "url": "https://example.com", "variable_captures": [ { "json_path": "json_path", "name": "name" } ], "body": {} }, "response": { "body": { "kind": "not_found" }, "header_names": [ "string" ], "status": 0, "status_text": "status_text" } } ], "verdict": "ok", "preflight_errors": [ { "description": "description", "error_code": 0 } ] } ] }, "report_schema_version": "v1" } } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000, "total_pages": 100 } } ``` ## Create Scan `vulnerability_scanner.scans.create(ScanCreateParams**kwargs) -> ScanCreateResponse` **post** `/accounts/{account_id}/vuln_scanner/scans` Creates and starts a new vulnerability scan. The response may include non-fatal warnings in the `messages` array. ### Parameters - `account_id: Optional[str]` Identifier. - `credential_sets: CredentialSets` Credential set references for a BOLA scan. The scanner uses the `owner` credentials for legitimate requests and the `attacker` credentials to attempt unauthorized access. - `attacker: str` Credential set ID for the attacker. - `owner: str` Credential set ID for the resource owner. - `openapi: str` OpenAPI schema definition for the API under test. The scanner uses this to discover endpoints and construct requests. - `scan_type: Literal["bola"]` - `"bola"` - `target_environment_id: str` The target environment to scan. ### Returns - `class ScanCreateResponse: …` - `id: str` Scan identifier. - `scan_type: Literal["bola"]` The type of vulnerability scan. - `"bola"` - `status: Literal["created", "scheduled", "planning", 3 more]` Current lifecycle status of the scan. - `"created"` - `"scheduled"` - `"planning"` - `"running"` - `"finished"` - `"failed"` - `target_environment_id: str` The target environment this scan runs against. - `report: Optional[Report]` Vulnerability report produced after the scan completes. The shape depends on the scan type. Present only for finished scans. - `report: ReportReport` Version 1 of the BOLA vulnerability scan report. - `summary: ReportReportSummary` Summary of all steps and findings. - `verdict: Literal["ok", "warning", "inconclusive"]` Overall verdict of the vulnerability scan. - `"ok"` - `"warning"` - `"inconclusive"` - `tests: List[ReportReportTest]` List of tests that were run. - `steps: List[ReportReportTestStep]` Steps that were executed. - `assertions: List[ReportReportTestStepAssertion]` Assertions that were made against the received response. - `description: str` Human-readable description of the assertion, explaining what was checked. - `kind: ReportReportTestStepAssertionKind` Kind of assertion. - `parameters: ReportReportTestStepAssertionKindParameters` Range of HTTP status codes. - `max: int` Maximum (inclusive) status code of the range. - `min: int` Minimum (inclusive) status code of the range. - `type: Literal["http_status_within_range"]` - `"http_status_within_range"` - `observed: Optional[int]` Observed value on which the assertion was made. - `outcome: Literal["ok", "fail", "inconclusive"]` Outcome of the assertion. - `"ok"` - `"fail"` - `"inconclusive"` - `errors: Optional[List[ReportReportTestStepError]]` Errors the step encountered that may explain absent or incomplete fields. - `description: str` Human-readable error description. - `error_code: Optional[int]` Numeric error code identifying the class of error, if available. - `request: Optional[ReportReportTestStepRequest]` HTTP request that was made, if any. - `credential_set: ReportReportTestStepRequestCredentialSet` Credential set that was used. - `id: str` ID of the credential set. - `role: Literal["owner", "attacker"]` Role of the credential set. - `"owner"` - `"attacker"` - `header_names: List[str]` Names of headers that were sent. - `method: Literal["GET", "DELETE", "PATCH", 2 more]` HTTP method. - `"GET"` - `"DELETE"` - `"PATCH"` - `"POST"` - `"PUT"` - `url: str` Exact and full URL (including host, query parameters) that was requested. - `variable_captures: List[ReportReportTestStepRequestVariableCapture]` Variable captures requested for this step. - `json_path: str` JSONPath expression used for capture, e.g. `"$.id"`. - `name: str` Variable name, e.g. `"resource_id"`. - `body: Optional[object]` Request body, if any. - `response: Optional[ReportReportTestStepResponse]` HTTP response that was received, if any. - `body: ReportReportTestStepResponseBody` HTTP response body. - `class ReportReportTestStepResponseBodyKind: …` No body was received. - `kind: Literal["not_found"]` - `"not_found"` - `class ReportReportTestStepResponseBodyUnionMember1: …` Body received but unable to read as UTF-8. Raw bytes, base64-encoded. - `contents: str` - `kind: Literal["bytes"]` - `"bytes"` - `truncated: bool` - `class ReportReportTestStepResponseBodyUnionMember2: …` Body received as valid UTF-8 text but not valid JSON. - `contents: str` - `kind: Literal["text"]` - `"text"` - `truncated: bool` - `class ReportReportTestStepResponseBodyUnionMember3: …` Body received as valid JSON. - `contents: str` - `kind: Literal["json"]` - `"json"` - `truncated: bool` - `header_names: List[str]` Names of headers that were received. - `status: int` HTTP status code. - `status_text: Optional[str]` HTTP status text, if available for the status code. - `verdict: Literal["ok", "warning", "inconclusive"]` Verdict of this single test. - `"ok"` - `"warning"` - `"inconclusive"` - `preflight_errors: Optional[List[ReportReportTestPreflightError]]` Errors that prevented step execution. - `description: str` Human-readable error description. - `error_code: Optional[int]` Numeric error code identifying the class of error, if available. - `report_schema_version: Literal["v1"]` Version of the report schema. - `"v1"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) scan = client.vulnerability_scanner.scans.create( account_id="023e105f4ecef8ad9ca31a8372d0c353", credential_sets={ "attacker": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "owner": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", }, openapi="open_api", scan_type="bola", target_environment_id="182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", ) print(scan.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "scan_type": "bola", "status": "created", "target_environment_id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "report": { "report": { "summary": { "verdict": "ok" }, "tests": [ { "steps": [ { "assertions": [ { "description": "description", "kind": { "parameters": { "max": 0, "min": 0 }, "type": "http_status_within_range" }, "observed": 0, "outcome": "ok" } ], "errors": [ { "description": "description", "error_code": 0 } ], "request": { "credential_set": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "role": "owner" }, "header_names": [ "string" ], "method": "GET", "url": "https://example.com", "variable_captures": [ { "json_path": "json_path", "name": "name" } ], "body": {} }, "response": { "body": { "kind": "not_found" }, "header_names": [ "string" ], "status": 0, "status_text": "status_text" } } ], "verdict": "ok", "preflight_errors": [ { "description": "description", "error_code": 0 } ] } ] }, "report_schema_version": "v1" } }, "result_info": {} } ``` ## Get Scan `vulnerability_scanner.scans.get(strscan_id, ScanGetParams**kwargs) -> ScanGetResponse` **get** `/accounts/{account_id}/vuln_scanner/scans/{scan_id}` Returns a single scan by ID. ### Parameters - `account_id: Optional[str]` Identifier. - `scan_id: str` ### Returns - `class ScanGetResponse: …` - `id: str` Scan identifier. - `scan_type: Literal["bola"]` The type of vulnerability scan. - `"bola"` - `status: Literal["created", "scheduled", "planning", 3 more]` Current lifecycle status of the scan. - `"created"` - `"scheduled"` - `"planning"` - `"running"` - `"finished"` - `"failed"` - `target_environment_id: str` The target environment this scan runs against. - `report: Optional[Report]` Vulnerability report produced after the scan completes. The shape depends on the scan type. Present only for finished scans. - `report: ReportReport` Version 1 of the BOLA vulnerability scan report. - `summary: ReportReportSummary` Summary of all steps and findings. - `verdict: Literal["ok", "warning", "inconclusive"]` Overall verdict of the vulnerability scan. - `"ok"` - `"warning"` - `"inconclusive"` - `tests: List[ReportReportTest]` List of tests that were run. - `steps: List[ReportReportTestStep]` Steps that were executed. - `assertions: List[ReportReportTestStepAssertion]` Assertions that were made against the received response. - `description: str` Human-readable description of the assertion, explaining what was checked. - `kind: ReportReportTestStepAssertionKind` Kind of assertion. - `parameters: ReportReportTestStepAssertionKindParameters` Range of HTTP status codes. - `max: int` Maximum (inclusive) status code of the range. - `min: int` Minimum (inclusive) status code of the range. - `type: Literal["http_status_within_range"]` - `"http_status_within_range"` - `observed: Optional[int]` Observed value on which the assertion was made. - `outcome: Literal["ok", "fail", "inconclusive"]` Outcome of the assertion. - `"ok"` - `"fail"` - `"inconclusive"` - `errors: Optional[List[ReportReportTestStepError]]` Errors the step encountered that may explain absent or incomplete fields. - `description: str` Human-readable error description. - `error_code: Optional[int]` Numeric error code identifying the class of error, if available. - `request: Optional[ReportReportTestStepRequest]` HTTP request that was made, if any. - `credential_set: ReportReportTestStepRequestCredentialSet` Credential set that was used. - `id: str` ID of the credential set. - `role: Literal["owner", "attacker"]` Role of the credential set. - `"owner"` - `"attacker"` - `header_names: List[str]` Names of headers that were sent. - `method: Literal["GET", "DELETE", "PATCH", 2 more]` HTTP method. - `"GET"` - `"DELETE"` - `"PATCH"` - `"POST"` - `"PUT"` - `url: str` Exact and full URL (including host, query parameters) that was requested. - `variable_captures: List[ReportReportTestStepRequestVariableCapture]` Variable captures requested for this step. - `json_path: str` JSONPath expression used for capture, e.g. `"$.id"`. - `name: str` Variable name, e.g. `"resource_id"`. - `body: Optional[object]` Request body, if any. - `response: Optional[ReportReportTestStepResponse]` HTTP response that was received, if any. - `body: ReportReportTestStepResponseBody` HTTP response body. - `class ReportReportTestStepResponseBodyKind: …` No body was received. - `kind: Literal["not_found"]` - `"not_found"` - `class ReportReportTestStepResponseBodyUnionMember1: …` Body received but unable to read as UTF-8. Raw bytes, base64-encoded. - `contents: str` - `kind: Literal["bytes"]` - `"bytes"` - `truncated: bool` - `class ReportReportTestStepResponseBodyUnionMember2: …` Body received as valid UTF-8 text but not valid JSON. - `contents: str` - `kind: Literal["text"]` - `"text"` - `truncated: bool` - `class ReportReportTestStepResponseBodyUnionMember3: …` Body received as valid JSON. - `contents: str` - `kind: Literal["json"]` - `"json"` - `truncated: bool` - `header_names: List[str]` Names of headers that were received. - `status: int` HTTP status code. - `status_text: Optional[str]` HTTP status text, if available for the status code. - `verdict: Literal["ok", "warning", "inconclusive"]` Verdict of this single test. - `"ok"` - `"warning"` - `"inconclusive"` - `preflight_errors: Optional[List[ReportReportTestPreflightError]]` Errors that prevented step execution. - `description: str` Human-readable error description. - `error_code: Optional[int]` Numeric error code identifying the class of error, if available. - `report_schema_version: Literal["v1"]` Version of the report schema. - `"v1"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) scan = client.vulnerability_scanner.scans.get( scan_id="182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(scan.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "scan_type": "bola", "status": "created", "target_environment_id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "report": { "report": { "summary": { "verdict": "ok" }, "tests": [ { "steps": [ { "assertions": [ { "description": "description", "kind": { "parameters": { "max": 0, "min": 0 }, "type": "http_status_within_range" }, "observed": 0, "outcome": "ok" } ], "errors": [ { "description": "description", "error_code": 0 } ], "request": { "credential_set": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "role": "owner" }, "header_names": [ "string" ], "method": "GET", "url": "https://example.com", "variable_captures": [ { "json_path": "json_path", "name": "name" } ], "body": {} }, "response": { "body": { "kind": "not_found" }, "header_names": [ "string" ], "status": 0, "status_text": "status_text" } } ], "verdict": "ok", "preflight_errors": [ { "description": "description", "error_code": 0 } ] } ] }, "report_schema_version": "v1" } }, "result_info": {} } ``` ## Domain Types ### Scan List Response - `class ScanListResponse: …` - `id: str` Scan identifier. - `scan_type: Literal["bola"]` The type of vulnerability scan. - `"bola"` - `status: Literal["created", "scheduled", "planning", 3 more]` Current lifecycle status of the scan. - `"created"` - `"scheduled"` - `"planning"` - `"running"` - `"finished"` - `"failed"` - `target_environment_id: str` The target environment this scan runs against. - `report: Optional[Report]` Vulnerability report produced after the scan completes. The shape depends on the scan type. Present only for finished scans. - `report: ReportReport` Version 1 of the BOLA vulnerability scan report. - `summary: ReportReportSummary` Summary of all steps and findings. - `verdict: Literal["ok", "warning", "inconclusive"]` Overall verdict of the vulnerability scan. - `"ok"` - `"warning"` - `"inconclusive"` - `tests: List[ReportReportTest]` List of tests that were run. - `steps: List[ReportReportTestStep]` Steps that were executed. - `assertions: List[ReportReportTestStepAssertion]` Assertions that were made against the received response. - `description: str` Human-readable description of the assertion, explaining what was checked. - `kind: ReportReportTestStepAssertionKind` Kind of assertion. - `parameters: ReportReportTestStepAssertionKindParameters` Range of HTTP status codes. - `max: int` Maximum (inclusive) status code of the range. - `min: int` Minimum (inclusive) status code of the range. - `type: Literal["http_status_within_range"]` - `"http_status_within_range"` - `observed: Optional[int]` Observed value on which the assertion was made. - `outcome: Literal["ok", "fail", "inconclusive"]` Outcome of the assertion. - `"ok"` - `"fail"` - `"inconclusive"` - `errors: Optional[List[ReportReportTestStepError]]` Errors the step encountered that may explain absent or incomplete fields. - `description: str` Human-readable error description. - `error_code: Optional[int]` Numeric error code identifying the class of error, if available. - `request: Optional[ReportReportTestStepRequest]` HTTP request that was made, if any. - `credential_set: ReportReportTestStepRequestCredentialSet` Credential set that was used. - `id: str` ID of the credential set. - `role: Literal["owner", "attacker"]` Role of the credential set. - `"owner"` - `"attacker"` - `header_names: List[str]` Names of headers that were sent. - `method: Literal["GET", "DELETE", "PATCH", 2 more]` HTTP method. - `"GET"` - `"DELETE"` - `"PATCH"` - `"POST"` - `"PUT"` - `url: str` Exact and full URL (including host, query parameters) that was requested. - `variable_captures: List[ReportReportTestStepRequestVariableCapture]` Variable captures requested for this step. - `json_path: str` JSONPath expression used for capture, e.g. `"$.id"`. - `name: str` Variable name, e.g. `"resource_id"`. - `body: Optional[object]` Request body, if any. - `response: Optional[ReportReportTestStepResponse]` HTTP response that was received, if any. - `body: ReportReportTestStepResponseBody` HTTP response body. - `class ReportReportTestStepResponseBodyKind: …` No body was received. - `kind: Literal["not_found"]` - `"not_found"` - `class ReportReportTestStepResponseBodyUnionMember1: …` Body received but unable to read as UTF-8. Raw bytes, base64-encoded. - `contents: str` - `kind: Literal["bytes"]` - `"bytes"` - `truncated: bool` - `class ReportReportTestStepResponseBodyUnionMember2: …` Body received as valid UTF-8 text but not valid JSON. - `contents: str` - `kind: Literal["text"]` - `"text"` - `truncated: bool` - `class ReportReportTestStepResponseBodyUnionMember3: …` Body received as valid JSON. - `contents: str` - `kind: Literal["json"]` - `"json"` - `truncated: bool` - `header_names: List[str]` Names of headers that were received. - `status: int` HTTP status code. - `status_text: Optional[str]` HTTP status text, if available for the status code. - `verdict: Literal["ok", "warning", "inconclusive"]` Verdict of this single test. - `"ok"` - `"warning"` - `"inconclusive"` - `preflight_errors: Optional[List[ReportReportTestPreflightError]]` Errors that prevented step execution. - `description: str` Human-readable error description. - `error_code: Optional[int]` Numeric error code identifying the class of error, if available. - `report_schema_version: Literal["v1"]` Version of the report schema. - `"v1"` ### Scan Create Response - `class ScanCreateResponse: …` - `id: str` Scan identifier. - `scan_type: Literal["bola"]` The type of vulnerability scan. - `"bola"` - `status: Literal["created", "scheduled", "planning", 3 more]` Current lifecycle status of the scan. - `"created"` - `"scheduled"` - `"planning"` - `"running"` - `"finished"` - `"failed"` - `target_environment_id: str` The target environment this scan runs against. - `report: Optional[Report]` Vulnerability report produced after the scan completes. The shape depends on the scan type. Present only for finished scans. - `report: ReportReport` Version 1 of the BOLA vulnerability scan report. - `summary: ReportReportSummary` Summary of all steps and findings. - `verdict: Literal["ok", "warning", "inconclusive"]` Overall verdict of the vulnerability scan. - `"ok"` - `"warning"` - `"inconclusive"` - `tests: List[ReportReportTest]` List of tests that were run. - `steps: List[ReportReportTestStep]` Steps that were executed. - `assertions: List[ReportReportTestStepAssertion]` Assertions that were made against the received response. - `description: str` Human-readable description of the assertion, explaining what was checked. - `kind: ReportReportTestStepAssertionKind` Kind of assertion. - `parameters: ReportReportTestStepAssertionKindParameters` Range of HTTP status codes. - `max: int` Maximum (inclusive) status code of the range. - `min: int` Minimum (inclusive) status code of the range. - `type: Literal["http_status_within_range"]` - `"http_status_within_range"` - `observed: Optional[int]` Observed value on which the assertion was made. - `outcome: Literal["ok", "fail", "inconclusive"]` Outcome of the assertion. - `"ok"` - `"fail"` - `"inconclusive"` - `errors: Optional[List[ReportReportTestStepError]]` Errors the step encountered that may explain absent or incomplete fields. - `description: str` Human-readable error description. - `error_code: Optional[int]` Numeric error code identifying the class of error, if available. - `request: Optional[ReportReportTestStepRequest]` HTTP request that was made, if any. - `credential_set: ReportReportTestStepRequestCredentialSet` Credential set that was used. - `id: str` ID of the credential set. - `role: Literal["owner", "attacker"]` Role of the credential set. - `"owner"` - `"attacker"` - `header_names: List[str]` Names of headers that were sent. - `method: Literal["GET", "DELETE", "PATCH", 2 more]` HTTP method. - `"GET"` - `"DELETE"` - `"PATCH"` - `"POST"` - `"PUT"` - `url: str` Exact and full URL (including host, query parameters) that was requested. - `variable_captures: List[ReportReportTestStepRequestVariableCapture]` Variable captures requested for this step. - `json_path: str` JSONPath expression used for capture, e.g. `"$.id"`. - `name: str` Variable name, e.g. `"resource_id"`. - `body: Optional[object]` Request body, if any. - `response: Optional[ReportReportTestStepResponse]` HTTP response that was received, if any. - `body: ReportReportTestStepResponseBody` HTTP response body. - `class ReportReportTestStepResponseBodyKind: …` No body was received. - `kind: Literal["not_found"]` - `"not_found"` - `class ReportReportTestStepResponseBodyUnionMember1: …` Body received but unable to read as UTF-8. Raw bytes, base64-encoded. - `contents: str` - `kind: Literal["bytes"]` - `"bytes"` - `truncated: bool` - `class ReportReportTestStepResponseBodyUnionMember2: …` Body received as valid UTF-8 text but not valid JSON. - `contents: str` - `kind: Literal["text"]` - `"text"` - `truncated: bool` - `class ReportReportTestStepResponseBodyUnionMember3: …` Body received as valid JSON. - `contents: str` - `kind: Literal["json"]` - `"json"` - `truncated: bool` - `header_names: List[str]` Names of headers that were received. - `status: int` HTTP status code. - `status_text: Optional[str]` HTTP status text, if available for the status code. - `verdict: Literal["ok", "warning", "inconclusive"]` Verdict of this single test. - `"ok"` - `"warning"` - `"inconclusive"` - `preflight_errors: Optional[List[ReportReportTestPreflightError]]` Errors that prevented step execution. - `description: str` Human-readable error description. - `error_code: Optional[int]` Numeric error code identifying the class of error, if available. - `report_schema_version: Literal["v1"]` Version of the report schema. - `"v1"` ### Scan Get Response - `class ScanGetResponse: …` - `id: str` Scan identifier. - `scan_type: Literal["bola"]` The type of vulnerability scan. - `"bola"` - `status: Literal["created", "scheduled", "planning", 3 more]` Current lifecycle status of the scan. - `"created"` - `"scheduled"` - `"planning"` - `"running"` - `"finished"` - `"failed"` - `target_environment_id: str` The target environment this scan runs against. - `report: Optional[Report]` Vulnerability report produced after the scan completes. The shape depends on the scan type. Present only for finished scans. - `report: ReportReport` Version 1 of the BOLA vulnerability scan report. - `summary: ReportReportSummary` Summary of all steps and findings. - `verdict: Literal["ok", "warning", "inconclusive"]` Overall verdict of the vulnerability scan. - `"ok"` - `"warning"` - `"inconclusive"` - `tests: List[ReportReportTest]` List of tests that were run. - `steps: List[ReportReportTestStep]` Steps that were executed. - `assertions: List[ReportReportTestStepAssertion]` Assertions that were made against the received response. - `description: str` Human-readable description of the assertion, explaining what was checked. - `kind: ReportReportTestStepAssertionKind` Kind of assertion. - `parameters: ReportReportTestStepAssertionKindParameters` Range of HTTP status codes. - `max: int` Maximum (inclusive) status code of the range. - `min: int` Minimum (inclusive) status code of the range. - `type: Literal["http_status_within_range"]` - `"http_status_within_range"` - `observed: Optional[int]` Observed value on which the assertion was made. - `outcome: Literal["ok", "fail", "inconclusive"]` Outcome of the assertion. - `"ok"` - `"fail"` - `"inconclusive"` - `errors: Optional[List[ReportReportTestStepError]]` Errors the step encountered that may explain absent or incomplete fields. - `description: str` Human-readable error description. - `error_code: Optional[int]` Numeric error code identifying the class of error, if available. - `request: Optional[ReportReportTestStepRequest]` HTTP request that was made, if any. - `credential_set: ReportReportTestStepRequestCredentialSet` Credential set that was used. - `id: str` ID of the credential set. - `role: Literal["owner", "attacker"]` Role of the credential set. - `"owner"` - `"attacker"` - `header_names: List[str]` Names of headers that were sent. - `method: Literal["GET", "DELETE", "PATCH", 2 more]` HTTP method. - `"GET"` - `"DELETE"` - `"PATCH"` - `"POST"` - `"PUT"` - `url: str` Exact and full URL (including host, query parameters) that was requested. - `variable_captures: List[ReportReportTestStepRequestVariableCapture]` Variable captures requested for this step. - `json_path: str` JSONPath expression used for capture, e.g. `"$.id"`. - `name: str` Variable name, e.g. `"resource_id"`. - `body: Optional[object]` Request body, if any. - `response: Optional[ReportReportTestStepResponse]` HTTP response that was received, if any. - `body: ReportReportTestStepResponseBody` HTTP response body. - `class ReportReportTestStepResponseBodyKind: …` No body was received. - `kind: Literal["not_found"]` - `"not_found"` - `class ReportReportTestStepResponseBodyUnionMember1: …` Body received but unable to read as UTF-8. Raw bytes, base64-encoded. - `contents: str` - `kind: Literal["bytes"]` - `"bytes"` - `truncated: bool` - `class ReportReportTestStepResponseBodyUnionMember2: …` Body received as valid UTF-8 text but not valid JSON. - `contents: str` - `kind: Literal["text"]` - `"text"` - `truncated: bool` - `class ReportReportTestStepResponseBodyUnionMember3: …` Body received as valid JSON. - `contents: str` - `kind: Literal["json"]` - `"json"` - `truncated: bool` - `header_names: List[str]` Names of headers that were received. - `status: int` HTTP status code. - `status_text: Optional[str]` HTTP status text, if available for the status code. - `verdict: Literal["ok", "warning", "inconclusive"]` Verdict of this single test. - `"ok"` - `"warning"` - `"inconclusive"` - `preflight_errors: Optional[List[ReportReportTestPreflightError]]` Errors that prevented step execution. - `description: str` Human-readable error description. - `error_code: Optional[int]` Numeric error code identifying the class of error, if available. - `report_schema_version: Literal["v1"]` Version of the report schema. - `"v1"` # Target Environments ## List Target Environments `vulnerability_scanner.target_environments.list(TargetEnvironmentListParams**kwargs) -> SyncV4PagePaginationArray[TargetEnvironmentListResponse]` **get** `/accounts/{account_id}/vuln_scanner/target_environments` Returns all target environments for the account. ### Parameters - `account_id: Optional[str]` Identifier. - `page: Optional[int]` Page number of paginated results. - `per_page: Optional[int]` Number of results per page. ### Returns - `class TargetEnvironmentListResponse: …` - `id: str` Target environment identifier. - `name: str` Human-readable name. - `target: Target` Identifies the Cloudflare asset to scan. Uses a `type` discriminator. Currently the service supports only `zone` targets. - `type: Literal["zone"]` - `"zone"` - `zone_tag: str` Cloudflare zone tag. The zone must belong to the account. - `description: Optional[str]` Optional description providing additional context. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.vulnerability_scanner.target_environments.list( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "name": "Production Zone", "target": { "type": "zone", "zone_tag": "d8e8fca2dc0f896fd7cb4cb0031ba249" }, "description": "Main production environment" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000, "total_pages": 100 } } ``` ## Create Target Environment `vulnerability_scanner.target_environments.create(TargetEnvironmentCreateParams**kwargs) -> TargetEnvironmentCreateResponse` **post** `/accounts/{account_id}/vuln_scanner/target_environments` Creates a new target environment for the account. ### Parameters - `account_id: Optional[str]` Identifier. - `name: str` Human-readable name. - `target: Target` Identifies the Cloudflare asset to scan. Uses a `type` discriminator. Currently the service supports only `zone` targets. - `type: Literal["zone"]` - `"zone"` - `zone_tag: str` Cloudflare zone tag. The zone must belong to the account. - `description: Optional[str]` Optional description. ### Returns - `class TargetEnvironmentCreateResponse: …` - `id: str` Target environment identifier. - `name: str` Human-readable name. - `target: Target` Identifies the Cloudflare asset to scan. Uses a `type` discriminator. Currently the service supports only `zone` targets. - `type: Literal["zone"]` - `"zone"` - `zone_tag: str` Cloudflare zone tag. The zone must belong to the account. - `description: Optional[str]` Optional description providing additional context. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) target_environment = client.vulnerability_scanner.target_environments.create( account_id="023e105f4ecef8ad9ca31a8372d0c353", name="Production Zone", target={ "type": "zone", "zone_tag": "d8e8fca2dc0f896fd7cb4cb0031ba249", }, ) print(target_environment.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "name": "Production Zone", "target": { "type": "zone", "zone_tag": "d8e8fca2dc0f896fd7cb4cb0031ba249" }, "description": "Main production environment" }, "result_info": {} } ``` ## Get Target Environment `vulnerability_scanner.target_environments.get(strtarget_environment_id, TargetEnvironmentGetParams**kwargs) -> TargetEnvironmentGetResponse` **get** `/accounts/{account_id}/vuln_scanner/target_environments/{target_environment_id}` Returns a single target environment by ID. ### Parameters - `account_id: Optional[str]` Identifier. - `target_environment_id: str` ### Returns - `class TargetEnvironmentGetResponse: …` - `id: str` Target environment identifier. - `name: str` Human-readable name. - `target: Target` Identifies the Cloudflare asset to scan. Uses a `type` discriminator. Currently the service supports only `zone` targets. - `type: Literal["zone"]` - `"zone"` - `zone_tag: str` Cloudflare zone tag. The zone must belong to the account. - `description: Optional[str]` Optional description providing additional context. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) target_environment = client.vulnerability_scanner.target_environments.get( target_environment_id="182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(target_environment.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "name": "Production Zone", "target": { "type": "zone", "zone_tag": "d8e8fca2dc0f896fd7cb4cb0031ba249" }, "description": "Main production environment" }, "result_info": {} } ``` ## Update Target Environment `vulnerability_scanner.target_environments.update(strtarget_environment_id, TargetEnvironmentUpdateParams**kwargs) -> TargetEnvironmentUpdateResponse` **put** `/accounts/{account_id}/vuln_scanner/target_environments/{target_environment_id}` Replaces a target environment. All fields must be provided. ### Parameters - `account_id: Optional[str]` Identifier. - `target_environment_id: str` - `name: str` Human-readable name. - `target: Target` Identifies the Cloudflare asset to scan. Uses a `type` discriminator. Currently the service supports only `zone` targets. - `type: Literal["zone"]` - `"zone"` - `zone_tag: str` Cloudflare zone tag. The zone must belong to the account. - `description: Optional[str]` Optional description. ### Returns - `class TargetEnvironmentUpdateResponse: …` - `id: str` Target environment identifier. - `name: str` Human-readable name. - `target: Target` Identifies the Cloudflare asset to scan. Uses a `type` discriminator. Currently the service supports only `zone` targets. - `type: Literal["zone"]` - `"zone"` - `zone_tag: str` Cloudflare zone tag. The zone must belong to the account. - `description: Optional[str]` Optional description providing additional context. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) target_environment = client.vulnerability_scanner.target_environments.update( target_environment_id="182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", account_id="023e105f4ecef8ad9ca31a8372d0c353", name="Production Zone", target={ "type": "zone", "zone_tag": "d8e8fca2dc0f896fd7cb4cb0031ba249", }, ) print(target_environment.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "name": "Production Zone", "target": { "type": "zone", "zone_tag": "d8e8fca2dc0f896fd7cb4cb0031ba249" }, "description": "Main production environment" }, "result_info": {} } ``` ## Edit Target Environment `vulnerability_scanner.target_environments.edit(strtarget_environment_id, TargetEnvironmentEditParams**kwargs) -> TargetEnvironmentEditResponse` **patch** `/accounts/{account_id}/vuln_scanner/target_environments/{target_environment_id}` Updates a target environment with only the provided fields; omitted fields remain unchanged. ### Parameters - `account_id: Optional[str]` Identifier. - `target_environment_id: str` - `description: Optional[str]` Optional description. Omit to leave unchanged, set to `null` to clear, or provide a string to update. - `name: Optional[str]` Human-readable name. - `target: Optional[Target]` Identifies the Cloudflare asset to scan. Uses a `type` discriminator. Currently the service supports only `zone` targets. - `type: Literal["zone"]` - `"zone"` - `zone_tag: str` Cloudflare zone tag. The zone must belong to the account. ### Returns - `class TargetEnvironmentEditResponse: …` - `id: str` Target environment identifier. - `name: str` Human-readable name. - `target: Target` Identifies the Cloudflare asset to scan. Uses a `type` discriminator. Currently the service supports only `zone` targets. - `type: Literal["zone"]` - `"zone"` - `zone_tag: str` Cloudflare zone tag. The zone must belong to the account. - `description: Optional[str]` Optional description providing additional context. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) response = client.vulnerability_scanner.target_environments.edit( target_environment_id="182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(response.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "name": "Production Zone", "target": { "type": "zone", "zone_tag": "d8e8fca2dc0f896fd7cb4cb0031ba249" }, "description": "Main production environment" }, "result_info": {} } ``` ## Delete Target Environment `vulnerability_scanner.target_environments.delete(strtarget_environment_id, TargetEnvironmentDeleteParams**kwargs) -> object` **delete** `/accounts/{account_id}/vuln_scanner/target_environments/{target_environment_id}` Removes a target environment. ### Parameters - `account_id: Optional[str]` Identifier. - `target_environment_id: str` ### Returns - `object` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) target_environment = client.vulnerability_scanner.target_environments.delete( target_environment_id="182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(target_environment) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": {}, "result_info": {} } ``` ## Domain Types ### Target Environment List Response - `class TargetEnvironmentListResponse: …` - `id: str` Target environment identifier. - `name: str` Human-readable name. - `target: Target` Identifies the Cloudflare asset to scan. Uses a `type` discriminator. Currently the service supports only `zone` targets. - `type: Literal["zone"]` - `"zone"` - `zone_tag: str` Cloudflare zone tag. The zone must belong to the account. - `description: Optional[str]` Optional description providing additional context. ### Target Environment Create Response - `class TargetEnvironmentCreateResponse: …` - `id: str` Target environment identifier. - `name: str` Human-readable name. - `target: Target` Identifies the Cloudflare asset to scan. Uses a `type` discriminator. Currently the service supports only `zone` targets. - `type: Literal["zone"]` - `"zone"` - `zone_tag: str` Cloudflare zone tag. The zone must belong to the account. - `description: Optional[str]` Optional description providing additional context. ### Target Environment Get Response - `class TargetEnvironmentGetResponse: …` - `id: str` Target environment identifier. - `name: str` Human-readable name. - `target: Target` Identifies the Cloudflare asset to scan. Uses a `type` discriminator. Currently the service supports only `zone` targets. - `type: Literal["zone"]` - `"zone"` - `zone_tag: str` Cloudflare zone tag. The zone must belong to the account. - `description: Optional[str]` Optional description providing additional context. ### Target Environment Update Response - `class TargetEnvironmentUpdateResponse: …` - `id: str` Target environment identifier. - `name: str` Human-readable name. - `target: Target` Identifies the Cloudflare asset to scan. Uses a `type` discriminator. Currently the service supports only `zone` targets. - `type: Literal["zone"]` - `"zone"` - `zone_tag: str` Cloudflare zone tag. The zone must belong to the account. - `description: Optional[str]` Optional description providing additional context. ### Target Environment Edit Response - `class TargetEnvironmentEditResponse: …` - `id: str` Target environment identifier. - `name: str` Human-readable name. - `target: Target` Identifies the Cloudflare asset to scan. Uses a `type` discriminator. Currently the service supports only `zone` targets. - `type: Literal["zone"]` - `"zone"` - `zone_tag: str` Cloudflare zone tag. The zone must belong to the account. - `description: Optional[str]` Optional description providing additional context.