> ## Documentation Index > Fetch the complete documentation index at: https://altostrat.io/docs/llms.txt > Use this file to discover all available pages before exploring further. # Retrieve a Scan Report > Fetches the detailed report for a specific completed scan run. The report includes scan metadata and links to download the full JSON or PDF report. ## OpenAPI ````yaml /api/en/cve-scans.yaml get /scans/cve/{scan_id} openapi: 3.0.3 info: title: Altostrat CVE Scans API version: 1.0.0 description: >- The Altostrat CVE Scans API is the microservice responsible for scheduling, executing, and reporting on network vulnerability scans. It is a core component of the Altostrat SDX platform's security posture management, providing deep insights into potential vulnerabilities across MikroTik networks to complement the platform's automation and AI capabilities. This API allows you to programmatically manage: - **Scan Schedules:** Define recurring vulnerability scans for specific network sites, including frequency, timing, and vulnerability thresholds. - **Scan Results:** Access detailed historical and in-progress scan reports, including discovered CVEs, affected hosts, and severity scores. - **Vulnerability Management:** Query specific CVEs by device (MAC address) and manage their lifecycle by marking them as accepted or mitigated. Developers use this API to integrate automated vulnerability scanning and reporting into their network management workflows and security dashboards. servers: - url: https://v1.api.altostrat.io description: Altostrat Production API Server security: - bearerAuth: [] tags: - name: Scan Schedules description: Manage the configuration and scheduling of recurring vulnerability scans. - name: Scan Execution description: Manually trigger and terminate scan jobs. - name: Scan Results description: Retrieve historical and in-progress scan reports and data. - name: Vulnerability Intelligence description: Query for specific vulnerability data and mitigation advice. - name: Vulnerability Management description: Manage the lifecycle and status of discovered vulnerabilities. paths: /scans/cve/{scan_id}: get: tags: - Scan Results summary: Retrieve a Scan Report description: >- Fetches the detailed report for a specific completed scan run. The report includes scan metadata and links to download the full JSON or PDF report. operationId: getScanReport parameters: - name: scan_id in: path required: true description: >- The unique identifier of the scan report. This is the ID of the S3 object, not the human-readable `scan_id` field. schema: type: string format: uuid example: 9c46a6f1-a8d8-4f5a-9b2f-7d1b3e9c5a1d responses: '200': description: The requested scan report details. content: application/json: schema: $ref: '#/components/schemas/ScanResult' '401': $ref: '#/components/responses/UnauthorizedError' '403': $ref: '#/components/responses/ForbiddenError' '404': $ref: '#/components/responses/NotFoundError' components: schemas: ScanResult: type: object properties: id: type: string format: uuid description: The unique identifier for this scan result object. example: 9c46a6f1-a8d8-4f5a-9b2f-7d1b3e9c5a1d scan_schedule_id: type: string format: uuid description: The ID of the schedule that triggered this scan. example: 9c43cc95-f313-49a3-b632-524f7a24503b scan_id: type: string description: A human-readable, unique identifier for the scan. example: ABC-DEF-GHI targets: type: integer description: The total number of sites targeted by this scan. example: 1 started_at: type: string format: date-time description: The timestamp when the scan started. example: '2025-10-29T12:00:00Z' finished_at: type: string format: date-time description: The timestamp when the scan finished. example: '2025-10-29T12:35:10Z' runtime: type: string description: A human-readable string representing the scan's duration. example: 35 minutes average_score: type: number format: float description: The average CVSS score of all vulnerabilities found. example: 6.8 highest_score: type: number format: float description: The highest CVSS score of any vulnerability found. example: 9.8 cve_count: type: integer description: The total number of vulnerability instances found. example: 152 unique_cves: type: integer description: The number of unique CVEs found. example: 45 open_ports: type: integer description: The total number of open ports discovered across all hosts. example: 210 hosts_scanned: type: integer description: The number of unique hosts discovered and scanned. example: 55 json_url: type: string format: uri description: >- A pre-signed URL to download the full scan report in JSON format. The URL is valid for 30 minutes. pdf_url: type: string format: uri description: >- A pre-signed URL to download a PDF summary of the scan report. The URL is valid for 30 minutes. ErrorResponse: type: object properties: type: type: string description: A broad category for the error (e.g., 'invalid_request_error'). example: invalid_request_error code: type: string description: A short, unique string identifying the specific error. example: parameter_missing message: type: string description: A human-readable description of what went wrong. example: The 'description' parameter is required for this request. doc_url: type: string description: >- A direct link to the documentation page for this specific error code. example: https://docs.altostrat.io/errors/parameter_missing responses: UnauthorizedError: description: >- Unauthorized - The request requires authentication, but none was provided or it was invalid. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' ForbiddenError: description: >- Forbidden - The authenticated user does not have permission to perform this action. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' NotFoundError: description: Not Found - The requested resource could not be found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' securitySchemes: bearerAuth: type: http scheme: bearer bearerFormat: JWT description: 'Enter your bearer token in the format: Bearer {token}' ````