Skip to main content
POST
Re-run a finding's attacks to confirm a fix

Headers

Authorization
string | null

Bearer token with API key

Path Parameters

finding_id
string
required

Response

Successful Response

Outcome of POST /api/v1/findings/{finding_id}/validate.

Ships one derived convenience field, verdict, alongside the embedded finding. The finding carries the durable truth -- its fine-grained status and every attack's last_replay_status -- while verdict collapses that into the single signal a remediation loop acts on.

finding_id
string
required

The finding that was validated.

replay_run_id
string
required

The replay run that re-ran the finding's attacks. Empty when the finding was not eligible and no run was spent.

verdict
enum<string>
required

resolved: every attack no longer reproduces (finding FIXED_VERIFIED). still_broken: at least one attack still reproduces or could not be judged. not_eligible: mark the finding fixed before validating -- it was not in a verifiable state. validating: still running -- re-read the finding's status via the findings list.

Available options:
resolved,
still_broken,
not_eligible,
validating
finding
ApiFindingItem · object
required

Post-validate finding, incl. status and per-attack last_replay_status.