Scan Results & Status
Track scan progress, retrieve findings, and understand the complete scan lifecycle from submission to completion.
Scan Status Lifecycleβ
Every scan passes through a well-defined set of states:
ββββββββββββ
POST /scans βββ β queued β
ββββββ¬ββββββ
β
ββββββΌββββββ
β running βββββ POST /:id/cancel βββ cancelled
ββββββ¬ββββββ
β
ββββββββββββΌβββββββββββ
β β
βββββββΌβββββββ ββββββββΌββββββ
β completed β β failed β
ββββββββββββββ ββββββββββββββ
| Status | Description | Results Available | Terminal |
|---|---|---|---|
queued | Request accepted, waiting for scanner capacity | No | No |
running | Scanner is actively executing | No (partial progress available) | No |
completed | Scan finished successfully | Yes | Yes |
failed | Scan encountered a fatal error | Error details available | Yes |
cancelled | Scan was cancelled by user | Partial results may be available | Yes |
Check Scan Statusβ
Endpointβ
GET /api/v1/scans/:scanId
Required scope: scans:read
Query Parametersβ
| Parameter | Type | Default | Description |
|---|---|---|---|
scanType | string | nmap | The scan engine type (must match the original scan) |
Requestβ
curl -X GET "https://api.cert-ix.com/scan-api/api/v1/scans/$SCAN_ID?scanType=nmap" \
-H "X-API-Key: $CERTIX_API_KEY"
Response β Runningβ
{
"success": true,
"data": {
"id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"scanType": "nmap",
"name": "Weekly network audit",
"target": "example.com",
"status": "running",
"progress": 67,
"createdAt": "2026-03-06T10:00:00Z",
"startedAt": "2026-03-06T10:00:02Z"
}
}
Response β Completedβ
{
"success": true,
"data": {
"id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"scanType": "nmap",
"status": "completed",
"progress": 100,
"resultCount": 12,
"durationMs": 135000,
"createdAt": "2026-03-06T10:00:00Z",
"startedAt": "2026-03-06T10:00:02Z",
"completedAt": "2026-03-06T10:02:15Z"
}
}
Response β Failedβ
{
"success": true,
"data": {
"id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"scanType": "nmap",
"status": "failed",
"progress": 23,
"error": "Target unreachable: connection timed out after 120s",
"durationMs": 120340
}
}
Important β scanType Parameter
Always pass the correct scanType query parameter matching the engine used when creating the scan. The default is nmap, so if your scan used zap, you must specify ?scanType=zap or you'll get a 404 SCAN_NOT_FOUND error.
Retrieve Resultsβ
Once a scan reaches completed status, full results are available.
Endpointβ
GET /api/v1/scans/:scanId/results
Required scope: results:read
Requestβ
curl -X GET "https://api.cert-ix.com/scan-api/api/v1/scans/$SCAN_ID/results?scanType=nmap" \
-H "X-API-Key: $CERTIX_API_KEY"
Response (200 OK)β
{
"success": true,
"data": {
"scanId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"scanType": "nmap",
"target": "example.com",
"status": "completed",
"startedAt": "2026-03-06T10:00:02Z",
"completedAt": "2026-03-06T10:02:15Z",
"results": { ... }
}
}
The structure of the results field varies by scan engine β see the schemas below.
Result Schemas by Engineβ
Nmap Resultsβ
{
"hosts": [
{
"ip": "93.184.216.34",
"hostname": "example.com",
"state": "up",
"os": { "name": "Linux", "version": "5.x", "accuracy": 95 },
"ports": [
{
"port": 80,
"protocol": "tcp",
"state": "open",
"service": "http",
"version": "nginx 1.25.4",
"scripts": [{ "id": "http-title", "output": "Example Domain" }]
}
]
}
],
"stats": {
"hostsUp": 1,
"hostsDown": 0,
"openPorts": 2,
"closedPorts": 1022,
"filteredPorts": 0
}
}
ZAP Resultsβ
{
"alerts": [
{
"name": "Cross-Site Scripting (Reflected)",
"risk": "High",
"confidence": "Medium",
"description": "Cross-site Scripting (XSS) is an attack technique...",
"solution": "Validate all input and encode output...",
"cweid": 79,
"wascid": 8,
"instances": [
{
"uri": "https://app.example.com/search",
"method": "GET",
"param": "q",
"attack": "<script>alert(1)</script>",
"evidence": "<script>alert(1)</script>"
}
]
}
],
"summary": { "high": 2, "medium": 5, "low": 12, "informational": 8, "total": 27 }
}
Trivy Resultsβ
{
"vulnerabilities": [
{
"vulnerabilityID": "CVE-2024-1234",
"pkgName": "openssl",
"installedVersion": "3.0.11",
"fixedVersion": "3.0.13",
"severity": "CRITICAL",
"title": "OpenSSL: Buffer overflow in X.509 certificate verification",
"cvss": {
"nvd": { "v3Score": 9.8, "v3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }
}
}
],
"summary": { "critical": 1, "high": 3, "medium": 7, "low": 2, "total": 13 }
}
Nuclei Resultsβ
{
"findings": [
{
"templateId": "CVE-2023-44487",
"name": "HTTP/2 Rapid Reset Attack",
"severity": "high",
"type": "http",
"host": "https://api.example.com",
"matchedAt": "https://api.example.com/",
"tags": ["cve", "cve2023", "dos", "http2"]
}
],
"summary": { "critical": 0, "high": 1, "medium": 3, "low": 5, "info": 12, "total": 21 }
}
theHarvester Resultsβ
{
"emails": ["[email protected]", "[email protected]"],
"subdomains": ["www.example.com", "mail.example.com", "api.example.com"],
"ips": ["93.184.216.34"],
"hosts": [{ "hostname": "www.example.com", "ip": "93.184.216.34" }],
"summary": { "emailsFound": 2, "subdomainsFound": 3, "ipsFound": 1 }
}
Sentinel Resultsβ
Sentinel aggregates results from multiple engines into a unified report:
{
"overallRiskScore": 7.2,
"riskLevel": "high",
"enginesUsed": ["nmap", "nuclei", "harvester"],
"executionTime": "12m 34s",
"correlatedFindings": [
{
"title": "Exposed Admin Panel with Known CVE",
"severity": "critical",
"engines": ["nmap", "nuclei"],
"description": "Port 8080 is open (nmap) running a version affected by CVE-2024-1234 (nuclei)",
"recommendation": "Restrict port 8080 access and update the application"
}
],
"summary": { "critical": 1, "high": 4, "medium": 8, "low": 15, "total": 50 }
}
Polling Strategyβ
When polling for scan completion, use an adaptive strategy to balance responsiveness and API efficiency:
| Phase | Interval | Duration |
|---|---|---|
| Initial (0β2 min) | Every 5 seconds | Quick feedback for short scans |
| Active (2β10 min) | Every 15 seconds | Most scans complete in this window |
| Extended (10β60 min) | Every 30 seconds | Deep or full scans |
| Long-running (60+ min) | Every 60 seconds | Large network scans or Sentinel |
Implementation Exampleβ
import time
import requests
def poll_scan(base_url, api_key, scan_id, scan_type="nmap"):
"""Poll scan status with adaptive intervals."""
headers = {"X-API-Key": api_key}
url = f"{base_url}/scans/{scan_id}?scanType={scan_type}"
start = time.time()
terminal_statuses = {"completed", "failed", "cancelled"}
while True:
response = requests.get(url, headers=headers)
data = response.json()["data"]
status = data["status"]
progress = data.get("progress", 0)
print(f"Status: {status} | Progress: {progress}%")
if status in terminal_statuses:
return data
elapsed = time.time() - start
if elapsed < 120:
interval = 5
elif elapsed < 600:
interval = 15
elif elapsed < 3600:
interval = 30
else:
interval = 60
time.sleep(interval)
Use Webhooks Instead
For production integrations, use webhooks instead of polling. Webhooks are more efficient and provide instant notifications.
Real-Time Notificationsβ
Instead of polling, configure webhooks to receive push notifications when scan events occur:
| Event | Trigger |
|---|---|
scan.started | Scan transitions from queued to running |
scan.completed | Scan finishes successfully |
scan.failed | Scan encounters a fatal error |
scan.cancelled | Scan is cancelled |
See Webhooks for setup instructions.
Next Steps: