Object

Scan

A scan of one of your sites using the embedded Burp Scanner. A Scan object is created based on the associated schedule item when the scan is due to start.

Fields

id(): ID!
The unique identifier for the scan.
schedule_item(): ScheduleItem
The schedule item from which this scan was created.
scan_target(): ScanTarget!
Describes the target for this scan.
site_id(): ID!
Deprecated: Use the scan_target.id field instead
The unique identifier of the site that is being scanned.
site_name(): String
Deprecated: Use the scan_target.name field instead
The name of the site that is being scanned.
scheduled_start_time(): Timestamp
The time at which the scan was schedule to start.
start_time(): Timestamp
The time at which the scan started.
end_time(): Timestamp
The time at which the scan finished.
duration_in_seconds(): Long
The total time the scan took to run.
estimated_duration_in_seconds(): Long
The estimated time for the scan to run, if available.
status(): ScanStatus
The current status of the scan, for example, whether the scan is currently running, has finished, or failed.
agent(): Agent
The agent machine used to perform the scan.
scan_metrics(): ScanProgressMetrics
A collection of metrics that provide details of a scan's progress, such as how many requests it has made.
scan_failure_code(): Int
A number that indicates why a scan failed.
scan_failure_message(): String
A message that provides information about why a scan failed.
scan_failure_cause(): String
A message that provides more information about what caused a scan failure.
scan_failure_remedy(): String
A message that provides information about how to resolve a scan failure.
generated_by(): GeneratedBy
Indicates the method in which the scan was initiated.
scanner_version(): String
The version of Burp Scanner used to perform this scan.
scanner_build_number(): Int
The version of Burp Scanner used to perform this scan.
scan_configurations(): [ScanConfiguration!]
A list of scan configurations that were used for this scan.
extensions(): [Extension!]
Provides a list of extensions that were used for the scan.
bchecks(): [BCheck!]
Provides a list of BChecks that were used for the scan.
scan_delta(): ScanDelta
Provides information about how the number of issues has changed in relation to the previous scan, such as how many new issues have been found.
jira_ticket_count(): Int
The number of Jira tickets that have been created for issues found by this scan.
gitlab_issue_count(): Int
The number of GitLab issues that have been created for issues found by this scan.
trello_card_count(): Int
The number of Trello cards that have been created for issues found by this scan.
issue_type_groups(severities: [Severity], confidences: [Confidence], novelties: [Novelty]): [IssueTypeGroup!]
A list of issues that were found during this scan, grouped by their issue type.
issue_counts(): IssueCounts
Provides information about the number of issues found, sorted their severity level.
audit_items(sort_column: AuditItemSortColumn, sort_order: SortOrder): [AuditItem!]
A list of audit items that have been identified during the scan.
audit_item(id: ID!): AuditItem
A specific audit item that has been identified by the scan.
scope(): Scope!
Deprecated: scope does not support separate seed/included URLs. Use scope_v2 instead.
The site scope used for the scan. This doesn't support sites with in-scope URL prefixes.
scope_v2(): ScopeV2!
The site scope used for the scan.
site_application_logins(): ApplicationLogins!
All the application logins that are associated with this site. These can either be basic sets of login credentials or scripts of full login sequences that you recorded with the Burp Suite Navigation Recorder browser extension. These are used by scans to crawl areas of the site that are only accessible to registered users.
schedule_item_application_logins(): ApplicationLogins!
All the saved application logins associated with the schedule item from which this scan was created. These can either be basic sets of login credentials or scripts of full login sequences that you recorded with the Burp Suite Navigation Recorder browser extension. These are used by scans to crawl areas of the site that are only accessible to registered users.
issues(type_index: ID, start: Int!, count: Int!, severities: [Severity], confidences: [Confidence], novelties: [Novelty]): [Issue!]
A list of issues that have been found by the scan.
warnings(): ScanWarnings
Any warnings about the scan.
settings(): SiteSettings
Settings for a site.

Example

Query
query GetScan ($scan_id: ID!) {
    scan(id: $scan_id) {
        id
        status
        agent {
            id
            name
        }
        site_application_logins {
            login_credentials {
                label
                username
            }
            recorded_logins {
                label
            }
        }
        audit_items {
            id
            issue_counts {
                total
            }
            number_of_requests
        }
        scan_configurations {
            id
            name
        }
        settings {
            request_headers {
                name
                value
            }
            request_cookies {
                name
                value
            }
        }
    }
}
Variables
{
  "scan_id": "4"
}
Result
{
  "data": {
    "scan": {
      "id": "4",
      "status": "succeeded",
      "agent": {
        "id": null,
        "name": null
      },
      "site_application_logins": {
        "login_credentials": [],
        "recorded_logins": []
      },
      "audit_items": [
        {
          "id": "500117",
          "issue_counts": {
            "total": 1
          },
          "number_of_requests": 325
        }
      ],
      "scan_configurations": [
        {
          "id": null,
          "name": null
        }
      ],
      "settings": {
        "request_headers": [],
        "request_cookies": []
      }
    }
  }
}