Security Scan
There will be 2 entries to the table
First is the security-scan which stores the consolidated score of the scan, below is the schema
{
        "appid": "e403601d-4305-4678-bcf7-3b2c94e98524",
        "created_at": "2026-01-28T10:44:29",
        "enabled_categories": [
            "configInfra",
            "inputValidation",
            "accessControl",
            "dataSecurity",
            "apiBusinessLogic",
            "thirdPartyComponents"
        ],
        "grade": "C",
        "risk_level": "high",
        "run_id": "a1f9aee4-1999-471b-8a16-35afb53992e7",
        "scan_duration": 976.09,
        "scan_id": "db704a01-2d51-4cc1-8601-e12955721a06",
        "scan_intensity": "quick",
        "scan_name": "Security scan at 2026-01-28 10:44:28.661434",
        "score": 48,
        "status": "completed",
        "updated_at": "2026-01-28T11:00:45"
    }

Second is the security scan findings which depicts individual finding - below is the mock data
	{
        "api": "",
        "appid": "e403601d-4305-4678-bcf7-3b2c94e98524",
        "confidence": "high",
        "created_at": "2026-01-28T11:00:45",
        "cvss": {
            "score": 3.1
        },
        "cwe": "CWE-778",
        "description": "No request ID or correlation ID header for audit trail.",
        "evidence": "{\"checked_headers\": [\"x-request-id\", \"x-correlation-id\", \"x-trace-id\", \"x-amzn-requestid\"]}",
        "occurrences": 1,
        "owasp_category": "A09:2021",
        "recommendation": "Add X-Request-ID or similar header for request tracking and debugging.",
        "reference_links": [],
        "run_id": "a1f9aee4-1999-471b-8a16-35afb53992e7",
        "scan_finding_id": "007c2a4e-4bbb-46e3-8565-07adfadf647d",
        "scan_id": "db704a01-2d51-4cc1-8601-e12955721a06",
        "scan_type": "missing-request-tracking",
        "severity": "low",
        "status": "active",
        "testing_category": "unknown",
        "title": "No Request Tracking Header",
        "updated_at": "2026-01-28T11:00:45",
        "url": "https://demo-sample-524selqzzq-uc.a.run.app/profile"
   	 }

Add Security Scan
Step 1 - Add security scan
Endpoint -https://mirabilis-production.up.railway.app/security/scans (POST)
Payload - {
    "scan_duration": 120,
    "score": 85,
    "grade": "B",
    "risk_level": "medium",
    "status": "completed"
}

Step 2 - Add security scan findings
Endpoint - https://mirabilis-production.up.railway.app/security/findings (POST)
Payload - {
    "findings": [
        {
            "scan_id": "287a3f07-fc63-4d2e-ad43-0c42e67ce0c6",
            "scan_type": "api",
            "testing_category": "inputValidation",
            "severity": "high",
            "confidence": "high",
            "title": "SQL Injection Vulnerability",
            "evidence": "Parameter 'id' is vulnerable to SQL injection",
            "recommendation": "Use parameterized queries",
            "cvss": 8.5,
            "references": [
                "https://owasp.org/www-community/attacks/SQL_Injection"
            ],
            "description": "The application does not properly sanitize user input",
            "owasp_category": "A03:2021",
            "cwe": "CWE-89",
            "url": "https://example.com/api/users",
            "occurrences": 3
        },
        {
            "scan_id": "287a3f07-fc63-4d2e-ad43-0c42e67ce0c6",
            "scan_type": "api",
            "testing_category": "accessControl",
            "severity": "medium",
            "confidence": "medium",
            "title": "Missing Authentication",
            "evidence": "Endpoint accessible without authentication",
            "recommendation": "Implement proper authentication",
            "cvss": 6.5,
            "references": [
                "https://owasp.org/www-project-web-security-testing-guide/"
            ],
            "description": "API endpoint lacks authentication",
            "owasp_category": "A01:2021",
            "cwe": "CWE-306",
            "url": "https://example.com/api/admin",
            "occurrences": 1
        }
    ]
}

NOTE: scan_id is the id of newly added scan above

GET Security Scans
Endpoint - https://mirabilis-production.up.railway.app/security/scans (GET)

GET Security Scan Findings Associated to a Scan
Endpoint - https://mirabilis-production.up.railway.app/security/findings/<scan_id> (GET)
NOTE: scan_id is the id of newly added scan above


