Skip to main content
Version: 2506.1

Result File Download API

GEThttps://ondemand.sparrowcloud.ai/api/v2/analysis/{analysisId}/result

Description

This is an API for downloading results after analysis is completed. This request can only be made for analyses that ended with success. When you send a download request, you will receive the analysis results as a file.

Request

The analysis ID received as a response when the user requested analysis through the analysis request API is required. To check the analysis ID, send a Request Inquiry API or check the ID of the previously requested analysis through the dashboard of Sparrow On-Demand Home.

Response

When you send a result file download, you will receive a zip file. For detailed information, please refer to Response.

Request

pathName :analysisIdapi 스펙과 일치하지 않는 pathName 입니다.

Response

✔️ Success Response

When the result download request is successful, the result.zip file is downloaded along with 200 OK.

responses:
'200':
  description: File download
  content:
    application/download:
      schema:
        type: string
        format: binary
result.zip/
    /summary.json
    /asset
    /sbom
        SPDX.spdx
        CycloneDX.json
        SWID.zip
        ...
    /licenseNotice
        HTML.html
        MARKDOWN.md
        TXT.txt
    /issue
        1.json
        2.json
        ...
    /workMessage.json

The downloaded file is compressed in the result.zip format.

summary.json

This file contains summary information about the analysis. It includes analysis results, number of vulnerabilities, analysis time information, etc.

{
"analysisId" : "ANALYSIS_ID",
"requestId" : "REQUEST_ID",
"status" : "COMPLETE",
"result" : "SUCCESS",
"toolType" : "TYPE",
"startTime" : "YYYY-MM-DDThh:mm:ss.sss±hh:mm",
"endTime" : "YYYY-MM-DDThh:mm:ss.sss±hh:mm",
"issueCount" : "TOTAL_ISSUES",
"issueCountRisk1" : "TRIVIAL_ISSUES",
"issueCountRisk2" : "LOW_ISSUES",
"issueCountRisk3" : "MEDIUM_ISSUES",
"issueCountRisk4" : "HIGH_ISSUES",
"issueCountRisk5" : "CRITICAL_ISSUES"
"memo" : "MEMO",
"versions" : "W: WORKER_VERSION, S: SAST_VERION, C: SCA_VERSION, D: DAST_VERSION",
"checkersHash" : "CHECKER_HASH",
"resultVersion" : "2",
"type" : "VCS",
"url" : "VCS_URL",
"branch" : "BRANCH_NAME",
"commitId" : "COMMIT_ID",
"tag": "TAG_NAME",
"bucket" : "BUCKET",
"object" : "OBJECT_NAME",
"endpoint" : "ENDPOINT",
"cloneSize" : "CLONE_SIZE",
"fileCount" : "RAW_FILES",
"componentCount" : "COMPONENTS",
"targetCount" : "TARGET_FILES",
"codeSize": "CODE_SIZE",
"targetUrl": "URL",
"urlCount": "URLS",
"requestCount": "REQUESTS",
"workerId" : "WORK_ID",
"resultCode" : "ERROR_CODE",
"failStatus" : null
}

  • analysisId Analysis ID A uniquely generated ID for the analysis. It can be used to query information about the analysis later. For more details, refer to Query Analysis.

  • requestId Request ID A uniquely generated ID for the request. It can be used to query information about the request later. For more details, refer to Query Request.

  • status Analysis Status The status according to the stage of the analysis progress, displayed as one of the following:

    • STOP_PROCESS: Stopping the analysis after receiving a stop request
    • INIT : Preparing the environment to perform the analysis
    • READY: Environment is configured and preparing the analysis target
    • PRE_PROCESS: Preprocessing the analysis target for analysis
    • ANALYSIS: Performing the analysis
    • POST_PROCESS: Processing results after the analysis is complete
    • COMPLETE: Analysis has ended

  • result Analysis End Result The result when the analysis ends, which has one of the following values:

    • SUCCESS: Analysis completed successfully
    • FAIL: Analysis failed to complete properly
    • STOP: Analysis was stopped after receiving a stop request

  • toolType Analysis Type The type of analysis requested (TYPE), which has one of the following values:

    • SAST: Source code analysis
    • SCA: Open source analysis
    • DAST: Web vulnerability analysis

  • startTime Analysis Start Date and Time The date and time when the analysis started, displayed in the following format: (YYYY-MM-DDThh:mm:ss.sss±hh:mm)

  • endTime Analysis End Date and Time The date and time when the analysis ended, displayed in the following format: (YYYY-MM-DDThh:mm:ss.sss±hh:mm)

  • issueCount Total Issue Count The number of issues detected in the analysis (TOTAL_ISSUES).

  • issueCountRisk1 Trivial Risk Issue Count Detected issues are classified into 5 levels based on risk: Critical, High, Medium, Low, Trivial. This is the number of issues classified as Trivial (TRIVIAL_ISSUES).

  • issueCountRisk2 Low Risk Issue Count Detected issues are classified into 5 levels based on risk: Critical, High, Medium, Low, Trivial. This is the number of issues classified as Low (LOW_ISSUES).

  • issueCountRisk3 Medium Risk Issue Count Detected issues are classified into 5 levels based on risk: Critical, High, Medium, Low, Trivial. This is the number of issues classified as Medium (MEDIUM_ISSUES).

  • issueCountRisk4 High Risk Issue Count Detected issues are classified into 5 levels based on risk: Critical, High, Medium, Low, Trivial. This is the number of issues classified as High (HIGH_ISSUES).

  • issueCountRisk5 Critical Risk Issue Count Detected issues are classified into 5 levels based on risk: Critical, High, Medium, Low, Trivial. This is the number of issues classified as Critical (CRITICAL_ISSUES).

  • memo Memo The description entered when requesting the analysis.

  • versions Version The version of Sparrow On-Demand's worker and engines used in the analysis (W: WORKER_VERSION, S: SAST_VERION, C: SCA_VERSION, D: DAST_VERSION).

  • checkersHash Analysis Rule File Hash The hash of the analysis rule file used in the analysis (CHECKER_HASH). It is displayed to distinguish whether the same rules were used in the analysis.

  • resultVersion Result Version The version of the analysis result.

  • type Analysis Target Type The analysis target type entered when requesting the analysis. Only displayed when toolType is SAST or SCA.

    • VCS: Analyzes source code in a VCS repository.
    • OBJECT_STORAGE: Analyzes source code in object storage.

  • url VCS URL The URL of the repository where the files to be analyzed are stored (VCS_URL). Only displayed when type is VCS.

  • branch Branch The name of the branch where the files to be analyzed are uploaded (BRANCH_NAME). Only displayed when type is VCS.

  • commitId Commit ID The commit ID to be analyzed (COMMIT_ID). Only displayed when type is VCS.

  • tag Tag The tag information of the branch to be analyzed (TAG_NAME). Only displayed when type is VCS.

  • bucket Storage Bucket Only displayed when type is OBJECT_STORAGE.

  • endPoint Storage Endpoint Only displayed when type is OBJECT_STORAGE.

  • object Storage Object Name Only displayed when type is OBJECT_STORAGE.

  • cloneSize Cloned Analysis Target Size The size of the analysis target cloned from the original analysis target (CLONE_SIZE). Only displayed when toolType is SAST or SCA.

  • fileCount Original File Count The number of files included in the original analysis target (RAW_FILES). Only displayed when toolType is SAST or SCA.

  • componentCount Analysis Target Component Count The number of components detected in the analysis (COMPONENTS). Only displayed when toolType is SAST or SCA.

  • targetCount Analysis Target File Count The number of analysis targets used to extract components from the original analysis target (TARGET_FILES). Only displayed when toolType is SAST or SCA.

  • codeSize Analysis Target Source Code Size The size of the source code used in the analysis from the original analysis target (CODE_SIZE). Only displayed when toolType is SAST or SCA.

  • targetUrl Analysis Target URL The analysis target URL entered when requesting the analysis (URL). Only displayed when toolType is DAST.

  • urlCount Collected URL Count The number of URLs collected from the analysis target URL through the analysis (URLS). Only displayed when toolType is DAST.

  • requestCount Request Count The number of attack requests sent to the analysis target URL through the analysis (REQUESTS). Only displayed when toolType is DAST.

  • workerId Worker ID The unique ID of the worker in the environment configured for the analysis (WORK_ID).

  • resultCode Error Code The error code displayed when the analysis did not end normally (ERROR_CODE). For details about the displayed codes, refer to Error Code Collection.

  • failStatus Analysis Status at Failure When the analysis failed to end normally, the analysis status is displayed as one of the following:

    • STOP_PROCESS: Currently stopping after receiving a stop request.
    • INIT : Waiting for resource allocation to perform the analysis.
    • READY: Stage of preparing the analysis target after receiving resources. e.g., Source code download
    • PRE_PROCESS: Stage of performing various preprocessing before starting the analysis. e.g., Analysis target collection, etc.
    • ANALYSIS: Analysis is being performed.
    • POST_PROCESS: Stage of processing results after the analysis is complete.

asset Folder

Individual analysis targets identified in the analysis are called assets. This file contains information about assets.

  • Source code and open source analysis: List of files that are analysis targets
  • Web vulnerability analysis: List of collected URLs
a / b / test.yaml;
e / d / e / test.java;

issue Folder

A folder containing information about issues detected in the analysis. The folder contains multiple JSON files with issue information. Note that the issue information provided differs depending on the analysis type.

  • Source code analysis: Issue detection rule name, file, line, etc.
  • Open source analysis: Issue detection rule name, open source name, license information, etc.
  • Web vulnerability analysis: Issue detection rule name, analysis target URL, request information including parameters, etc.

workMessage.json

A file containing work messages that record warnings or cautions that should be checked in relation to the analysis.

licenseNotice

A folder containing license notices. The folder contains files in text (.txt), markdown (.md), and HTML (.html) formats. For more details, refer to License Notice.

sbom

A folder containing SBOM files. The folder contains multiple SBOM files depending on format and version. For more details, refer to SBOM.

info

The licenseNotice and sbom folders are only included when downloading the results of open source analysis.

❌ Failure Response

Authentication Failure

If the authentication information is incorrect, you will receive a 401 Unauthorized response.

Invalid Request

If the request is invalid, you will receive a 400 Bad Request response along with the following information:

  • resultCode: Displays the result of the request as a code. For more details, refer to Error Code Collection.