Results API
The Results API lets you fetch individual findings from a completed scan, with filtering and pagination.
Get findings for a scan
GET /scans/{scan_id}/findings
curl "https://api.ariftly.io/v1/scans/scan_xyz789/findings?severity=high,critical&detector=security" \
-H "Authorization: Bearer $ARIFTLY_API_KEY"
Query parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
detector | string | — | Filter by detector: accessibility, security, ai_readiness |
severity | string | — | Comma-separated: critical,high,medium,low,info |
limit | integer | 50 | Results per page (max 200) |
cursor | string | — | Pagination cursor |
Response 200 OK
{
"scan_id": "scan_xyz789",
"data": [
{
"id": "finding_s01",
"detector": "security",
"severity": "critical",
"rule_id": "owasp-a02-http-plain",
"title": "Sensitive data transmitted over HTTP",
"description": "Login form submits credentials over unencrypted HTTP.",
"location": {
"type": "url",
"url": "http://myapp.example.com/login"
},
"remediation": "Redirect all HTTP traffic to HTTPS.",
"cvss_score": 8.1,
"references": [
"https://owasp.org/Top10/A02_2021-Cryptographic_Failures/"
],
"first_seen_at": "2026-03-25T10:00:00Z"
}
],
"total": 4,
"has_more": false,
"next_cursor": null
}
Get a single finding
GET /findings/{finding_id}
curl https://api.ariftly.io/v1/findings/finding_s01 \
-H "Authorization: Bearer $ARIFTLY_API_KEY"
Returns the full finding object including all metadata.
Get finding history
GET /projects/{project_id}/findings/{rule_id}/history
Track how a specific finding type has changed across scans:
curl https://api.ariftly.io/v1/projects/proj_abc123/findings/owasp-a02-http-plain/history \
-H "Authorization: Bearer $ARIFTLY_API_KEY"
Response 200 OK
{
"rule_id": "owasp-a02-http-plain",
"history": [
{
"scan_id": "scan_xyz789",
"scanned_at": "2026-03-25T10:00:00Z",
"status": "open",
"count": 1
},
{
"scan_id": "scan_prev001",
"scanned_at": "2026-03-18T10:00:00Z",
"status": "open",
"count": 1
}
]
}
Export results
GET /scans/{scan_id}/export
Export scan results in a machine-readable format.
curl "https://api.ariftly.io/v1/scans/scan_xyz789/export?format=sarif" \
-H "Authorization: Bearer $ARIFTLY_API_KEY" \
-o results.sarif.json
Supported formats
| Format | format value | Description |
|---|---|---|
| JSON | json | Full results in Ariftly JSON schema |
| SARIF | sarif | Static Analysis Results Interchange Format (for GitHub, VS Code) |
| CSV | csv | Spreadsheet-friendly format |
pdf | Human-readable report |
SARIF export is useful for uploading results to GitHub Advanced Security:
- name: Upload SARIF results
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif.json