Skip to content

API — Findings

List and update findings across all assessments.

Endpoints

MethodPathPermissionPurpose
GET/api/v1/findingsassessments:viewList findings with filters
PATCH/api/v1/findings/{id}assessments:reviewUpdate finding status

Query Parameters — List

ParameterTypeDescription
statusstringFilter by status (OPEN, REMEDIATED, RISK_ACCEPTED)
severitystringFilter by severity (CRITICAL, HIGH, MEDIUM, LOW)
vendorIdstringFilter by vendor ID

Request Body — Update Status

json
{
  "status": "REMEDIATED"
}

A JSON body with status set to REMEDIATED or RISK_ACCEPTED. An optional resolutionNote can be included.

Examples

List All Findings

bash
curl -H "Authorization: Bearer mrk_<prefix>.<secret>" \
  http://localhost:3000/api/v1/findings

Filter Open Critical Findings

bash
curl -H "Authorization: Bearer mrk_<prefix>.<secret>" \
  "http://localhost:3000/api/v1/findings?status=OPEN&severity=CRITICAL"

Filter by Vendor

bash
curl -H "Authorization: Bearer mrk_<prefix>.<secret>" \
  "http://localhost:3000/api/v1/findings?vendorId={vendor-id}"

Update Finding Status

bash
curl -X PATCH \
  -H "Authorization: Bearer mrk_<prefix>.<secret>" \
  -H "Content-Type: application/json" \
  -d '{"status":"REMEDIATED"}' \
  http://localhost:3000/api/v1/findings/{finding-id}
bash
curl -X PATCH \
  -H "Authorization: Bearer mrk_<prefix>.<secret>" \
  -H "Content-Type: application/json" \
  -d '{"status":"RISK_ACCEPTED"}' \
  http://localhost:3000/api/v1/findings/{finding-id}

Full request/response schemas are available in the Swagger UI at /docs on your running instance.

Open-source, self-hosted third party vendor risk management.