Export an assessment's findings (SARIF / JSON / CSV / VEX)
GET/api/v1/assessments/:assessment_id/findings/export
Stream an assessment's findings as a downloadable SARIF/JSON/CSV file.
Serialized directly from the persisted Finding rows (no runner
round-trip). Reuses the severity/status filters from the findings
list so a customer can export "open + confirmed, high and above" — the
SARIF that would gate a PR in GitHub code scanning. finding_ids narrows
to a hand-picked selection; false positives are dropped by default.
- Scope required:
findings:export. - Org-scoped + assessment-level RBAC, same as the findings list.
Content-Disposition: attachmentso browsers trigger a save.
Request
Responses
- 200
- 400
- 401
- 403
- 404
- 409
- 422
- 429
- 500
Findings serialized in the requested format.
Bad request — malformed input or failed validation.
Missing, expired, or invalid credentials.
Authenticated but not authorized for this resource. Note: cross-organization reads return 404, not 403.
Resource not found, or hidden for tenant-enumeration safety (the caller lacks permission to know whether the resource exists).
Conflict — the current resource state does not allow this operation (e.g. assessment already started, email already in use).
Semantic validation failure — request shape was valid but contents were not.
Too many requests — rate limited. Retry after the window resets.
Internal server error — unexpected failure.