scans
Creates, updates, deletes, gets or lists a scans resource.
Overview
| Name | scans |
| Type | Resource |
| Id | cloudflare.vulnerability_scanner.scans |
Fields
The following fields are returned by SELECT queries:
- get
- list
Successful response.
| Name | Datatype | Description |
|---|---|---|
id | string (uuid) | Scan identifier. |
target_environment_id | string (uuid) | The target environment this scan runs against. |
report | object | Vulnerability report produced after the scan completes. The shape depends on the scan type. Present only for finished scans. |
scan_type | string | The type of vulnerability scan. (bola) |
status | string | Current lifecycle status of the scan. (created, scheduled, planning, running, finished, failed) |
Successful response.
| Name | Datatype | Description |
|---|---|---|
id | string (uuid) | Scan identifier. |
target_environment_id | string (uuid) | The target environment this scan runs against. |
report | object | Vulnerability report produced after the scan completes. The shape depends on the scan type. Present only for finished scans. |
scan_type | string | The type of vulnerability scan. (bola) |
status | string | Current lifecycle status of the scan. (created, scheduled, planning, running, finished, failed) |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get | select | account_id, scan_id | Returns a single scan by ID. | |
list | select | account_id | page, per_page | Returns all scans for the account. |
create | insert | account_id, target_environment_id, scan_type, open_api, credential_sets | Creates and starts a new vulnerability scan. The response may include non-fatal warnings in the messages array. | |
delete_scan | delete | account_id, scan_id | Deletes a scan and all associated data. Only scans in a terminal state (finished, failed) may be deleted. Attempting to delete a scan that is still being created or executed (created, scheduled, planning, running) returns 400. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
account_id | string | The Cloudflare account ID. |
scan_id | string (uuid) | Scan identifier. |
page | integer | Page number of paginated results. |
per_page | integer | Number of results per page. |
SELECT examples
- get
- list
Returns a single scan by ID.
SELECT
id,
target_environment_id,
report,
scan_type,
status
FROM cloudflare.vulnerability_scanner.scans
WHERE account_id = '{{ account_id }}' -- required
AND scan_id = '{{ scan_id }}' -- required
;
Returns all scans for the account.
SELECT
id,
target_environment_id,
report,
scan_type,
status
FROM cloudflare.vulnerability_scanner.scans
WHERE account_id = '{{ account_id }}' -- required
AND page = '{{ page }}'
AND per_page = '{{ per_page }}'
;
INSERT examples
- create
- Manifest
Creates and starts a new vulnerability scan. The response may include non-fatal warnings in the messages array.
INSERT INTO cloudflare.vulnerability_scanner.scans (
credential_sets,
open_api,
scan_type,
target_environment_id,
account_id
)
SELECT
'{{ credential_sets }}' /* required */,
'{{ open_api }}' /* required */,
'{{ scan_type }}' /* required */,
'{{ target_environment_id }}' /* required */,
'{{ account_id }}'
RETURNING
errors,
messages,
result,
result_info,
success
;
# Description fields are for documentation purposes
- name: scans
props:
- name: account_id
value: "{{ account_id }}"
description: Required parameter for the scans resource.
- name: credential_sets
description: |
Credential set references for a BOLA scan. The scanner uses the `owner` credentials for legitimate requests and the `attacker` credentials to attempt unauthorized access.
value:
attacker: "{{ attacker }}"
owner: "{{ owner }}"
- name: open_api
value: "{{ open_api }}"
description: |
OpenAPI schema definition for the API under test. The scanner uses this to discover endpoints and construct requests.
- name: scan_type
value: "{{ scan_type }}"
valid_values: ['bola']
- name: target_environment_id
value: "{{ target_environment_id }}"
description: |
The target environment to scan.
DELETE examples
- delete_scan
Deletes a scan and all associated data. Only scans in a terminal state (finished, failed) may be deleted. Attempting to delete a scan that is still being created or executed (created, scheduled, planning, running) returns 400.
DELETE FROM cloudflare.vulnerability_scanner.scans
WHERE account_id = '{{ account_id }}' --required
AND scan_id = '{{ scan_id }}' --required
;