Exporting Scan Results from the ASM API

this guide explains how to retrieve scan results from the hexiosec asm api and transform it into your own reports, exports, or internal datasets it is intended for customers or partners who want to access scan results programmatically retrieve json from asm process the data themselves (csv, spreadsheets, bi tools) the examples below use the go sdk , which mirrors the underlying api prerequisites an active asm organisation with api access an api key with access to the asm api if you do not already have an api key, see docid\ ye8nrphe8hmwdcjld 5kp for instructions on generating one go sdk repository https //github com/hexiosec/asm sdk go overview of the workflow authenticate with the asm api list scan groups for your organisation list scans within a scan group (handle pagination) retrieve a scan snapshot (iteration data) transform the json into your own report step 1 authenticate (go sdk example) the go sdk uses the same api key as the public api typical setup cfg = asm newconfiguration() cfg apikey = os getenv("asm api key") client = asm newapiclient(cfg) ctx = context background() step 2 list scan groups scan groups used to group scans and manage access within your organisation (for example per customers, environments, or projects) go s dk example (paginated) limit = int32(100) offset = int32(0) for { groups, , err = client scangroupsapi getscangroups(ctx) organisationid(orgid) limit(limit) offset(offset) execute() if err != nil { return err } if len(groups) == 0 { break } for , g = range groups { // g id, g name } offset += limit } note the go sdk does not handle pagination automatically you must loop using limit and offset until no results are returned step 3 list scans within a scan group once you have a scan group id, retrieve the scans it contains go sdk example (paginated) limit = int32(100) offset = int32(0) for { scans, , err = client scansapi getscans(ctx) scangroupid(scangroupid) limit(limit) offset(offset) execute() if err != nil { return err } if len(scans) == 0 { break } for , s = range scans { // s id, s name } offset += limit } step 4 retrieve the scan results to get the data for your report, retrieve the scan details and expand the iteration data go sdk example scan, , err = client scansapi getscanbyid(ctx, scanid) expand(\[]string{"iteration"}) execute() if err != nil { return err } // scan iteration contains the scan results the iteration snapshot typically includes asset counts (domains, ips, services, certificates) risk severity counts (medium, high, critical) health scores (overall and category scores) this data represents a point in time snapshot of the scan step 5 transform json into a report the api returns structured json that can be extracted and/or transformed into your desired output common transformations primary assets in scope domains + in scope ips total size domains and ips (in scope and/or out of scope) risks excluding low medium + high + critical risks risks per primary asset risks (excluding low) / primary assets flattened health scores overall score and category scores as columns typical outputs include csv for spreadsheets or customer exports json for bi or internal ingestion metrics for dashboards or alerting summary to export asm scan results authenticate with the api list scan groups (handle pagination) list scans within each group (handle pagination) retrieve scan iteration data transform the json into your own report