Object

Scan

A scan of one of your sites using the embedded Burp Scanner. A Scan object is created based on the associated schedule item when the scan is due to start.

Fields

id(): ID!

The unique identifier for the scan.

schedule_item(): ScheduleItem

The schedule item from which this scan was created.

scan_target(): ScanTarget!

Describes the target for this scan.

site_id(): ID!

Deprecated: Use the scan_target.id field instead

The unique identifier of the site that is being scanned.

site_name(): String

Deprecated: Use the scan_target.name field instead

The name of the site that is being scanned.

scheduled_start_time(): Timestamp

The time at which the scan was schedule to start.

start_time(): Timestamp

The time at which the scan started.

end_time(): Timestamp

The time at which the scan finished.

duration_in_seconds(): Long

The total time the scan took to run.

estimated_duration_in_seconds(): Long

The estimated time for the scan to run, if available.

status(): ScanStatus

The current status of the scan, for example, whether the scan is currently running, has finished, or failed.

agent(): Agent

The agent machine used to perform the scan.

scan_metrics(): ScanProgressMetrics

A collection of metrics that provide details of a scan's progress, such as how many requests it has made.

scan_failure_code(): Int

A number that indicates why a scan failed.

scan_failure_message(): String

A message that provides information about why a scan failed.

scan_failure_cause(): String

A message that provides more information about what caused a scan failure.

scan_failure_remedy(): String

A message that provides information about how to resolve a scan failure.

generated_by(): GeneratedBy

Indicates the method in which the scan was initiated.

scanner_version(): String

The version of Burp Scanner used to perform this scan.

scanner_build_number(): Int

The version of Burp Scanner used to perform this scan.

scan_configurations(): [ScanConfiguration!]

A list of scan configurations that were used for this scan.

extensions(): [Extension!]

Provides a list of extensions that were used for the scan.

scan_delta(): ScanDelta

Provides information about how the number of issues has changed in relation to the previous scan, such as how many new issues have been found.

jira_ticket_count(): Int

The number of Jira tickets that have been created for issues found by this scan.

gitlab_issue_count(): Int

The number of GitLab issues that have been created for issues found by this scan.

trello_card_count(): Int

The number of Trello cards that have been created for issues found by this scan.

issue_type_groups(severities: [Severity], confidences: [Confidence], novelties: [Novelty]): [IssueTypeGroup!]

A list of issues that were found during this scan, grouped by their issue type.

issue_counts(): IssueCounts

Provides information about the number of issues found, sorted their severity level.

audit_items(sort_column: AuditItemSortColumn, sort_order: SortOrder): [AuditItem!]

A list of audit items that have been identified during the scan.

audit_item(id: ID!): AuditItem

A specific audit item that has been identified by the scan.

scope(): Scope!

Deprecated: scope does not support separate seed/included URLs. Use scope_v2 instead.

The site scope used for the scan. This doesn't support sites with in-scope URL prefixes.

scope_v2(): ScopeV2!

The site scope used for the scan.

site_application_logins(): ApplicationLogins!

All the application logins that are associated with this site. These can either be basic sets of login credentials or scripts of full login sequences that you recorded with the Burp Suite Navigation Recorder browser extension. These are used by scans to crawl areas of the site that are only accessible to registered users.

schedule_item_application_logins(): ApplicationLogins!

All the saved application logins associated with the schedule item from which this scan was created. These can either be basic sets of login credentials or scripts of full login sequences that you recorded with the Burp Suite Navigation Recorder browser extension. These are used by scans to crawl areas of the site that are only accessible to registered users.

issues(type_index: ID, start: Int!, count: Int!, severities: [Severity], confidences: [Confidence], novelties: [Novelty]): [Issue!]

A list of issues that have been found by the scan.

warnings(): ScanWarnings

Any warnings about the scan.

settings(): SiteSettings

Example

Query

query GetScan ($scan_id: ID!) {
    scan(id: $scan_id) {
        id
        status
        agent {
            id
            name
        }
        site_application_logins {
            login_credentials {
                label
                username
            }
            recorded_logins {
                label
            }
        }
        audit_items {
            id
            issue_counts {
                total
            }
            number_of_requests
        }
        scan_configurations {
            id
            name
        }
        settings {
            request_headers {
                name
                value
            }
            request_cookies {
                name
                value
            }
        }
    }
}

Variables

{
  "scan_id": "4"
}

Result

{
  "data": {
    "scan": {
      "id": "4",
      "status": "succeeded",
      "agent": {
        "id": null,
        "name": null
      },
      "site_application_logins": {
        "login_credentials": [],
        "recorded_logins": []
      },
      "audit_items": [
        {
          "id": "500117",
          "issue_counts": {
            "total": 1
          },
          "number_of_requests": 325
        }
      ],
      "scan_configurations": [
        {
          "id": null,
          "name": null
        }
      ],
      "settings": {
        "request_headers": [],
        "request_cookies": []
      }
    }
  }
}