Findings
Work with findings from the command line — list them, inspect them, push new ones in from SARIF.
List
cybrium findings list
cybrium findings list --severity high
cybrium findings list --scan <scan-id>
cybrium findings list --status open
| Flag | Values |
|---|---|
--scan | A scan UUID — scope to just that scan |
--severity | critical, high, medium, low, info |
--status | open, fixed, accepted, false_positive |
--format | table (default), json, sarif |
--json | Shorthand for --format json |
Table output:
crit open Hardcoded AWS key app/legacy.py:6
high open SQL string concatenation app/users.py:42
med fixed MD5 used for password digest auth/hash.py:18
3 finding(s)
Show one finding
cybrium findings show <finding-id>
ID: b42f8d12-…
Title: Hardcoded AWS access key
Severity: critical
Status: open
Location: app/legacy.py:6
A literal AWS access key ID is committed to source. Rotate the key
immediately and move the value to a secret manager...
Add --json for the full structured payload.
Upload SARIF
Push results from any SARIF-emitting tool into the platform:
cybrium findings upload out.sarif
Reads from stdin when path is -:
cyscan scan . --format sarif | cybrium findings upload -
Upload flags
| Flag | Purpose |
|---|---|
--title | Scan title when a new scan is created (default: CLI SARIF upload) |
--scan | Attach to an existing scan rather than creating one |
--source-type | git (default), network, cloud, vm |
Output
✓ Upload 4d775be0-87d6-48d0-bde4-3a168e2cc31f
tool: cyscan
scan: 3c647cd6-23c6-45dd-a5d6-446be91d6b9f
created: 5
updated: 0
skipped: 0
created— brand-new findings writtenupdated— existing findings re-seen (matching rule_id + file + line + title)skipped— dropped entries (missing ruleId, unparseable severity)idempotent: trueappears in the line when a byte-identical payload was already uploaded — no DB changes
Idempotency
The upload endpoint dedupes on the payload sha256. Running the same command twice in a row doesn't double-count findings — handy for flaky CI steps where retries are cheap.
Update a finding's status
cybrium findings status <finding-id> accepted \
--reason "False positive — rule matches in a test fixture"
cybrium findings status <finding-id> false_positive
cybrium findings status <finding-id> fixed
cybrium findings status <finding-id> open # un-dismiss
--reason is required for accepted and false_positive; audit-logged so you can explain decisions later.
Suppress by rule
cybrium findings suppress --rule CBR-PY-SQLI-STRING-CONCAT --path tests/fixtures
Adds a tenant-level suppression scoped to a rule + path pattern. Future uploads that match the pattern are auto-marked as accepted.
Export for reporting
cybrium findings list --format json --severity high > high-risk-findings.json
cybrium findings list --scan <id> --format sarif > scan.sarif
Useful for feeding downstream tools or quarterly exec reports.