Scans

List Scans

vulnerability_scanner.scans.list() -> SyncV4PagePaginationArray[ScanListResponse]

GET/accounts/{account_id}/vuln_scanner/scans

Create Scan

vulnerability_scanner.scans.create() -> ScanCreateResponse

POST/accounts/{account_id}/vuln_scanner/scans

Get Scan

vulnerability_scanner.scans.get(, ) -> ScanGetResponse

GET/accounts/{account_id}/vuln_scanner/scans/{scan_id}

ModelsExpand Collapse

class ScanListResponse: …

id: str

Scan identifier.

formatuuid

scan_type: Literal["bola"]

The type of vulnerability scan.

status: Literal["created", "scheduled", "planning", 3 more]

Current lifecycle status of the scan.

One of the following:

"created"

"scheduled"

"planning"

"running"

"finished"

"failed"

target_environment_id: str

The target environment this scan runs against.

formatuuid

report: Optional[Report]

Vulnerability report produced after the scan completes. The shape depends on the scan type. Present only for finished scans.

report: ReportReport

Version 1 of the BOLA vulnerability scan report.

summary: ReportReportSummary

Summary of all steps and findings.

verdict: Literal["ok", "warning", "inconclusive"]

Overall verdict of the vulnerability scan.

One of the following:

"ok"

"warning"

"inconclusive"

tests: List[ReportReportTest]

List of tests that were run.

steps: List[ReportReportTestStep]

Steps that were executed.

assertions: List[ReportReportTestStepAssertion]

Assertions that were made against the received response.

description: str

Human-readable description of the assertion, explaining what was checked.

kind: ReportReportTestStepAssertionKind

Kind of assertion.

parameters: ReportReportTestStepAssertionKindParameters

Range of HTTP status codes.

max: int

Maximum (inclusive) status code of the range.

maximum65535

minimum0

min: int

Minimum (inclusive) status code of the range.

maximum65535

minimum0

type: Literal["http_status_within_range"]

observed: Optional[int]

Observed value on which the assertion was made.

outcome: Literal["ok", "fail", "inconclusive"]

Outcome of the assertion.

One of the following:

"ok"

"fail"

"inconclusive"

errors: Optional[List[ReportReportTestStepError]]

Errors the step encountered that may explain absent or incomplete fields.

description: str

Human-readable error description.

error_code: Optional[int]

Numeric error code identifying the class of error, if available.

formatuint32

minimum0

request: Optional[ReportReportTestStepRequest]

HTTP request that was made, if any.

credential_set: ReportReportTestStepRequestCredentialSet

Credential set that was used.

id: str

ID of the credential set.

formatuuid

role: Literal["owner", "attacker"]

Role of the credential set.

One of the following:

"owner"

"attacker"

header_names: List[str]

Names of headers that were sent.

method: Literal["GET", "DELETE", "PATCH", 2 more]

HTTP method.

One of the following:

"GET"

"DELETE"

"PATCH"

"POST"

"PUT"

url: str

Exact and full URL (including host, query parameters) that was requested.

formaturi

variable_captures: List[ReportReportTestStepRequestVariableCapture]

Variable captures requested for this step.

json_path: str

JSONPath expression used for capture, e.g. "$.id".

Variable name, e.g. "resource_id".

body: Optional[object]

Request body, if any.

response: Optional[ReportReportTestStepResponse]

HTTP response that was received, if any.

body: ReportReportTestStepResponseBody

HTTP response body.

One of the following:

class ReportReportTestStepResponseBodyKind: …

No body was received.

kind: Literal["not_found"]

class ReportReportTestStepResponseBodyUnionMember1: …

Body received but unable to read as UTF-8. Raw bytes, base64-encoded.

contents: str

kind: Literal["bytes"]

truncated: bool

class ReportReportTestStepResponseBodyUnionMember2: …

Body received as valid UTF-8 text but not valid JSON.

contents: str

kind: Literal["text"]

truncated: bool

class ReportReportTestStepResponseBodyUnionMember3: …

Body received as valid JSON.

contents: str

kind: Literal["json"]

truncated: bool

header_names: List[str]

Names of headers that were received.

status: int

HTTP status code.

maximum65535

minimum0

status_text: Optional[str]

HTTP status text, if available for the status code.

verdict: Literal["ok", "warning", "inconclusive"]

Verdict of this single test.

One of the following:

"ok"

"warning"

"inconclusive"

preflight_errors: Optional[List[ReportReportTestPreflightError]]

Errors that prevented step execution.

description: str

Human-readable error description.

error_code: Optional[int]

Numeric error code identifying the class of error, if available.

formatuint32

minimum0

report_schema_version: Literal["v1"]

Version of the report schema.

class ScanCreateResponse: …

id: str

Scan identifier.

formatuuid

scan_type: Literal["bola"]

The type of vulnerability scan.

status: Literal["created", "scheduled", "planning", 3 more]

Current lifecycle status of the scan.

One of the following:

"created"

"scheduled"

"planning"

"running"

"finished"

"failed"

target_environment_id: str

The target environment this scan runs against.

formatuuid

report: Optional[Report]

Vulnerability report produced after the scan completes. The shape depends on the scan type. Present only for finished scans.

report: ReportReport

Version 1 of the BOLA vulnerability scan report.

summary: ReportReportSummary

Summary of all steps and findings.

verdict: Literal["ok", "warning", "inconclusive"]

Overall verdict of the vulnerability scan.

One of the following:

"ok"

"warning"

"inconclusive"

tests: List[ReportReportTest]

List of tests that were run.

steps: List[ReportReportTestStep]

Steps that were executed.

assertions: List[ReportReportTestStepAssertion]

Assertions that were made against the received response.

description: str

Human-readable description of the assertion, explaining what was checked.

kind: ReportReportTestStepAssertionKind

Kind of assertion.

parameters: ReportReportTestStepAssertionKindParameters

Range of HTTP status codes.

max: int

Maximum (inclusive) status code of the range.

maximum65535

minimum0

min: int

Minimum (inclusive) status code of the range.

maximum65535

minimum0

type: Literal["http_status_within_range"]

observed: Optional[int]

Observed value on which the assertion was made.

outcome: Literal["ok", "fail", "inconclusive"]

Outcome of the assertion.

One of the following:

"ok"

"fail"

"inconclusive"

errors: Optional[List[ReportReportTestStepError]]

Errors the step encountered that may explain absent or incomplete fields.

description: str

Human-readable error description.

error_code: Optional[int]

Numeric error code identifying the class of error, if available.

formatuint32

minimum0

request: Optional[ReportReportTestStepRequest]

HTTP request that was made, if any.

credential_set: ReportReportTestStepRequestCredentialSet

Credential set that was used.

id: str

ID of the credential set.

formatuuid

role: Literal["owner", "attacker"]

Role of the credential set.

One of the following:

"owner"

"attacker"

header_names: List[str]

Names of headers that were sent.

method: Literal["GET", "DELETE", "PATCH", 2 more]

HTTP method.

One of the following:

"GET"

"DELETE"

"PATCH"

"POST"

"PUT"

url: str

Exact and full URL (including host, query parameters) that was requested.

formaturi

variable_captures: List[ReportReportTestStepRequestVariableCapture]

Variable captures requested for this step.

json_path: str

JSONPath expression used for capture, e.g. "$.id".

Variable name, e.g. "resource_id".

body: Optional[object]

Request body, if any.

response: Optional[ReportReportTestStepResponse]

HTTP response that was received, if any.

body: ReportReportTestStepResponseBody

HTTP response body.

One of the following:

class ReportReportTestStepResponseBodyKind: …

No body was received.

kind: Literal["not_found"]

class ReportReportTestStepResponseBodyUnionMember1: …

Body received but unable to read as UTF-8. Raw bytes, base64-encoded.

contents: str

kind: Literal["bytes"]

truncated: bool

class ReportReportTestStepResponseBodyUnionMember2: …

Body received as valid UTF-8 text but not valid JSON.

contents: str

kind: Literal["text"]

truncated: bool

class ReportReportTestStepResponseBodyUnionMember3: …

Body received as valid JSON.

contents: str

kind: Literal["json"]

truncated: bool

header_names: List[str]

Names of headers that were received.

status: int

HTTP status code.

maximum65535

minimum0

status_text: Optional[str]

HTTP status text, if available for the status code.

verdict: Literal["ok", "warning", "inconclusive"]

Verdict of this single test.

One of the following:

"ok"

"warning"

"inconclusive"

preflight_errors: Optional[List[ReportReportTestPreflightError]]

Errors that prevented step execution.

description: str

Human-readable error description.

error_code: Optional[int]

Numeric error code identifying the class of error, if available.

formatuint32

minimum0

report_schema_version: Literal["v1"]

Version of the report schema.

class ScanGetResponse: …

id: str

Scan identifier.

formatuuid

scan_type: Literal["bola"]

The type of vulnerability scan.

status: Literal["created", "scheduled", "planning", 3 more]

Current lifecycle status of the scan.

One of the following:

"created"

"scheduled"

"planning"

"running"

"finished"

"failed"

target_environment_id: str

The target environment this scan runs against.

formatuuid

report: Optional[Report]

Vulnerability report produced after the scan completes. The shape depends on the scan type. Present only for finished scans.

report: ReportReport

Version 1 of the BOLA vulnerability scan report.

summary: ReportReportSummary

Summary of all steps and findings.

verdict: Literal["ok", "warning", "inconclusive"]

Overall verdict of the vulnerability scan.

One of the following:

"ok"

"warning"

"inconclusive"

tests: List[ReportReportTest]

List of tests that were run.

steps: List[ReportReportTestStep]

Steps that were executed.

assertions: List[ReportReportTestStepAssertion]

Assertions that were made against the received response.

description: str

Human-readable description of the assertion, explaining what was checked.

kind: ReportReportTestStepAssertionKind

Kind of assertion.

parameters: ReportReportTestStepAssertionKindParameters

Range of HTTP status codes.

max: int

Maximum (inclusive) status code of the range.

maximum65535

minimum0

min: int

Minimum (inclusive) status code of the range.

maximum65535

minimum0

type: Literal["http_status_within_range"]

observed: Optional[int]

Observed value on which the assertion was made.

outcome: Literal["ok", "fail", "inconclusive"]

Outcome of the assertion.

One of the following:

"ok"

"fail"

"inconclusive"

errors: Optional[List[ReportReportTestStepError]]

Errors the step encountered that may explain absent or incomplete fields.

description: str

Human-readable error description.

error_code: Optional[int]

Numeric error code identifying the class of error, if available.

formatuint32

minimum0

request: Optional[ReportReportTestStepRequest]

HTTP request that was made, if any.

credential_set: ReportReportTestStepRequestCredentialSet

Credential set that was used.

id: str

ID of the credential set.

formatuuid

role: Literal["owner", "attacker"]

Role of the credential set.

One of the following:

"owner"

"attacker"

header_names: List[str]

Names of headers that were sent.

method: Literal["GET", "DELETE", "PATCH", 2 more]

HTTP method.

One of the following:

"GET"

"DELETE"

"PATCH"

"POST"

"PUT"

url: str

Exact and full URL (including host, query parameters) that was requested.

formaturi

variable_captures: List[ReportReportTestStepRequestVariableCapture]

Variable captures requested for this step.

json_path: str

JSONPath expression used for capture, e.g. "$.id".

Variable name, e.g. "resource_id".

body: Optional[object]

Request body, if any.

response: Optional[ReportReportTestStepResponse]

HTTP response that was received, if any.

body: ReportReportTestStepResponseBody

HTTP response body.

One of the following:

class ReportReportTestStepResponseBodyKind: …

No body was received.

kind: Literal["not_found"]

class ReportReportTestStepResponseBodyUnionMember1: …

Body received but unable to read as UTF-8. Raw bytes, base64-encoded.

contents: str

kind: Literal["bytes"]

truncated: bool

class ReportReportTestStepResponseBodyUnionMember2: …

Body received as valid UTF-8 text but not valid JSON.

contents: str

kind: Literal["text"]

truncated: bool

class ReportReportTestStepResponseBodyUnionMember3: …

Body received as valid JSON.

contents: str

kind: Literal["json"]

truncated: bool

header_names: List[str]

Names of headers that were received.

status: int

HTTP status code.

maximum65535

minimum0

status_text: Optional[str]

HTTP status text, if available for the status code.

verdict: Literal["ok", "warning", "inconclusive"]

Verdict of this single test.

One of the following:

"ok"

"warning"

"inconclusive"

preflight_errors: Optional[List[ReportReportTestPreflightError]]

Errors that prevented step execution.

description: str

Human-readable error description.

error_code: Optional[int]

Numeric error code identifying the class of error, if available.

formatuint32

minimum0

report_schema_version: Literal["v1"]

Version of the report schema.