Skip to main content
GET
/
scans
/
{id}
/
findings
/
export
Export scan findings
curl --request GET \
  --url https://api.example.com/scans/{id}/findings/export
Returns every approved finding for a scan in one of three formats. Unlike List scan findings, this endpoint is not paginated; all findings are returned in a single response.
Scope required: read

Request

curl "https://api.hacktron.ai/v1/scans/a1b2c3d4-e5f6-7890-abcd-ef1234567890/findings/export?format=sarif" \
  -H "X-Api-Key: $HACKTRON_API_KEY" \
  -o findings.sarif

Path parameters

ParameterTypeDescription
idUUIDScan UUID.

Query parameters

ParameterTypeRequiredDescription
formatenumYesOne of json, csv, sarif.

Response

The Content-Type and Content-Disposition headers depend on the requested format.

format=json

Content-Type: application/json; charset=utf-8
Returns a JSON array of finding objects, each matching the schema described in List findings.

format=csv

Content-Type: text/csv; charset=utf-8
Content-Disposition: attachment; filename="findings-<scanId>.csv"
Returns a CSV document with one row per finding and a header row. Intended for spreadsheets, BI tools, and ad‑hoc review.

format=sarif

Content-Type: application/sarif+json; charset=utf-8
Content-Disposition: attachment; filename="findings-<scanId>.sarif"
Returns a SARIF 2.1.0 document. SARIF is consumed by GitHub code scanning, Azure DevOps, and most IDE security plugins; use this format to integrate Hacktron findings into existing security tooling.

Errors

  • 400 — missing or invalid format query parameter.
  • 404 — scan not found or not visible to your organization.