An item that represents a distinct location on the website that needs to be audited. Multiple audit items can be identified for the same URL. There are various factors that determine whether multiple audit items are created. For example, there could be a separate audit item for each combination of insertion points, parameters, and headers in the request. Alternatively, separate audit items might be created based on the state of the application at the time when the request was sent, or the path that the crawler took through the application to arrive at this location.


id(): ID!
The unique identifier of the audit item.
host(): String!
The hostname of the URL where the audit item was found.
path(): String!
The URL path where the audit item was found.
error_types(): [ErrorType!]
A list of errors that occurred when auditing this item.
issue_counts(): IssueCounts!
The number of issues found, broken down by their severity level
number_of_requests(): Int!
The number of requests sent to an audit item during the auditing phase.
number_of_errors(): Int!
The number of errors that occurred when auditing this item.
number_of_insertion_points(): Int!
The number of insertion points identified for this audit item. An insertion point represents a piece of data in a request that might be specifically processed server-side. These can be parameter values, HTTP headers, cookie values, and so on. In the case of requests containing XML or JSON data, the entire body could even be an insertion point. Burp Scanner automatically identifies insertion points and injects payloads into them to probe for vulnerable behavior.
issue_type_groups(severities: [Severity], confidences: [Confidence], novelties: [Novelty]): [IssueTypeGroup!]
A list of issues that were found for this audit item, grouped by their issue type.