Main Site HUB Security Scorecard API 10.2 Get a list of Issue Types

HUB

10.2 Get a list of Issue Types

Get a list of Issue Types

This API endpoint allows you to get the list of issue types that SecurityScorecard currently supports. You can check out the full specification for this endpoint here

Resource URI

/metadata/issue-types

Parameters:

Name Required Description
No parameters

Sample Code:


            curl -X GET \
                https://api.securityscorecard.io/metadata/issue-types \
                -H 'Accept: application/json' \
                -H 'Authorization: Token <Your API Key>' \
                -H 'Content-Type: application/json' \
                -H 'cache-control: no-cache'
        

Sample Response:


{
    "entries": [
        {
            "factor": "cubit_score",
            "key": "admin_subdomain",
            "severity": "low",
            "title": "Exposed Subdomain"
        },
        {
            "factor": "application_security",
            "key": "csp_no_policy",
            "severity": "info",
            "title": "Content Security Policy (CSP) Missing"
        },
        {
            "factor": "dns_health",
            "key": "open_resolver",
            "severity": "high",
            "title": "Open DNS Resolver Detected"
        },
        {
            "factor": "dns_health",
            "key": "spf_record_malformed",
            "severity": "low",
            "title": "Malformed SPF Record"
        },
        {
            "factor": "dns_health",
            "key": "spf_record_softfail",
            "severity": "low",
            "title": "SPF Record Contains a Softfail"
        },
        {
            "factor": "dns_health",
            "key": "spf_record_wildcard",
            "severity": "low",
            "title": "SPF Record Contains Wildcard"
        },
        {
            "factor": "network_security",
            "key": "ddos_protection",
            "severity": "positive",
            "title": "DDoS Protection Service Detected"
        },
        {
            "factor": "application_security",
            "key": "csp_unsafe_policy",
            "severity": "info",
            "title": "Content Security Policy Contains 'unsafe-*' Directive"
        },
        {
            "factor": "application_security",
            "key": "csp_too_broad",
            "severity": "info",
            "title": "Content Security Policy Contains Broad Directives"
        },
        {
            "factor": "application_security",
            "key": "unsafe_sri",
            "severity": "info",
            "title": "Unsafe Implementation Of Subresource Integrity"
        },
        {
            "factor": "application_security",
            "key": "object_storage_bucket_with_risky_acl",
            "severity": "info",
            "title": "Object Storage Bucket with Risky ACL"
        },
        {
            "factor": "application_security",
            "key": "hosted_on_object_storage",
            "severity": "info",
            "title": "Website Hosted on Object Storage"
        },
        {
            "factor": "application_security",
            "key": "references_object_storage",
            "severity": "info",
            "title": "Website References Object Storage"
        },
        {
            "factor": "application_security",
            "key": "waf_detected",
            "severity": "positive",
            "title": "Web Application Firewall (WAF) Detected"
        },
        {
            "factor": "dns_health",
            "key": "dnssec_detected",
            "severity": "positive",
            "title": "Valid DNSSEC Configuration Detected"
        },
        {
            "factor": "network_security",
            "key": "service_mongodb",
            "severity": "high",
            "title": "MongoDB Service Observed"
        },
        {
            "factor": "hacker_chatter",
            "key": "new_booter_shell",
            "severity": "medium",
            "title": "Booter Shells Identified"
        },
        {
            "factor": "hacker_chatter",
            "key": "new_defacement",
            "severity": "medium",
            "title": "Defacement"
        },
        {
            "factor": "ip_reputation",
            "key": "non_malware_events_last_month",
            "severity": "medium",
            "title": "P2P Activities"
        },
        {
            "factor": "dns_health",
            "key": "spf_record_missing",
            "severity": "medium",
            "title": "SPF Record Missing"
        },
        {
            "factor": "ip_reputation",
            "key": "attack_feed",
            "severity": "medium",
            "title": "Attack Detected"
        },
        {
            "factor": "network_security",
            "key": "tlscert_no_revocation",
            "severity": "low",
            "title": "TLS Certificate Without Revocation Control"
        },
        {
            "factor": "social_engineering",
            "key": "employee_satisfaction",
            "severity": "low",
            "title": "Employee Satisfaction"
        },
        {
            "factor": "leaked_information",
            "key": "github_information_leak_disclosure",
            "severity": "low",
            "title": "Sensitive Application Information Exposed (GitHub)"
        },
        {
            "factor": "leaked_information",
            "key": "google_information_leak_disclosure",
            "severity": "low",
            "title": "Sensitive Application Information Exposed (Google)"
        },
        {
            "factor": "leaked_information",
            "key": "leaked_passwords",
            "severity": "low",
            "title": "Credentials at Risk"
        },
        {
            "factor": "hacker_chatter",
            "key": "chatter",
            "severity": "info",
            "title": "Hacker Chatter Mention"
        },
        {
            "factor": "social_engineering",
            "key": "marketing_site",
            "severity": "low",
            "title": "Corporate Email Used on Marketing Sites"
        },
        {
            "factor": "social_engineering",
            "key": "short_term_lending_site",
            "severity": "low",
            "title": "Corporate Email Used on Short-Term Lending Sites"
        },
        {
            "factor": "social_engineering",
            "key": "social_network_issues",
            "severity": "info",
            "title": "Leaked Company Emails Open to Spear-Phishing"
        },
        {
            "factor": "ip_reputation",
            "key": "tor_node_events_last_month",
            "severity": "info",
            "title": "Tor Exit Nodes"
        },
        {
            "factor": "application_security",
            "key": "domain_uses_hsts_preloading",
            "severity": "positive",
            "title": "Domain Uses HSTS Preloading"
        },
        {
            "factor": "ip_reputation",
            "key": "uce",
            "severity": "info",
            "title": "Unsolicited Commercial Email"
        },
        {
            "factor": "cubit_score",
            "key": "typosquat",
            "severity": "info",
            "title": "Possible Typosquat Domains Detected"
        },
        {
            "factor": "endpoint_security",
            "key": "outdated_os",
            "severity": "medium",
            "title": "Outdated Operating System Observed"
        },
        {
            "factor": "application_security",
            "key": "domain_missing_https",
            "severity": "high",
            "title": "Site does not enforce HTTPS"
        },
        {
            "factor": "application_security",
            "key": "hsts_incorrect",
            "severity": "medium",
            "title": "Website Does Not Implement HSTS Best Practices"
        },
        {
            "factor": "application_security",
            "key": "insecure_https_redirect_pattern",
            "severity": "medium",
            "title": "Insecure HTTPS Redirect Pattern"
        },
        {
            "factor": "application_security",
            "key": "redirect_chain_contains_http",
            "severity": "medium",
            "title": "Redirect Chain Contains HTTP"
        },
        {
            "factor": "application_security",
            "key": "x_frame_options_incorrect",
            "severity": "medium",
            "title": "Website does not implement X-Frame-Options Best Practices"
        },
        {
            "factor": "application_security",
            "key": "x_xss_protection_incorrect",
            "severity": "medium",
            "title": "Website does not implement X-XSS-Protection Best Practices"
        },
        {
            "factor": "application_security",
            "key": "x_content_type_options_incorrect",
            "severity": "low",
            "title": "Website does not implement X-Content-Type-Options Best Practices"
        },
        {
            "factor": "network_security",
            "key": "exposed_ports",
            "severity": "info",
            "title": "Open TCP Ports Observed"
        },
        {
            "factor": "endpoint_security",
            "key": "outdated_browser",
            "severity": "medium",
            "title": "Outdated Web Browser Observed"
        },
        {
            "factor": "application_security",
            "key": "cookie_missing_http_only",
            "severity": "low",
            "title": "Session Cookie Missing 'HttpOnly' Attribute"
        },
        {
            "factor": "application_security",
            "key": "cookie_missing_secure_attribute",
            "severity": "low",
            "title": "Cookie Missing 'Secure' Attribute"
        },
        {
            "factor": "patching_cadence",
            "key": "patching_cadence_high",
            "severity": "high",
            "title": "High Severity CVEs Patching Cadence"
        },
        {
            "factor": "patching_cadence",
            "key": "patching_cadence_medium",
            "severity": "medium",
            "title": "Medium Severity CVEs Patching Cadence"
        },
        {
            "factor": "patching_cadence",
            "key": "patching_cadence_low",
            "severity": "low",
            "title": "Low Severity CVEs Patching Cadence"
        },
        {
            "factor": "patching_cadence",
            "key": "service_vuln_host_high",
            "severity": "high",
            "title": "High-Severity Vulnerability in Last Observation"
        },
        {
            "factor": "patching_cadence",
            "key": "service_vuln_host_low",
            "severity": "low",
            "title": "Low-Severity Vulnerability in Last Observation"
        },
        {
            "factor": "application_security",
            "key": "web_vuln_host_high",
            "severity": "high",
            "title": "High Severity Content Management System vulnerabilities identified"
        },
        {
            "factor": "application_security",
            "key": "web_vuln_host_medium",
            "severity": "medium",
            "title": "Medium Severity Content Management System vulnerabilities identified"
        },
        {
            "factor": "application_security",
            "key": "web_vuln_host_low",
            "severity": "low",
            "title": "Low Severity Content Management System vulnerabilities identified"
        },
        {
            "factor": "network_security",
            "key": "service_cassandra",
            "severity": "medium",
            "title": "Apache Cassandra Service Observed"
        },
        {
            "factor": "network_security",
            "key": "service_couchdb",
            "severity": "medium",
            "title": "Apache CouchDB Service Observed"
        },
        {
            "factor": "network_security",
            "key": "service_elasticsearch",
            "severity": "high",
            "title": "Unauthenticated Elasticsearch Service Observed"
        },
        {
            "factor": "network_security",
            "key": "service_ftp",
            "severity": "low",
            "title": "FTP Service Observed"
        },
        {
            "factor": "network_security",
            "key": "service_imap",
            "severity": "medium",
            "title": "IMAP Service Observed"
        },
        {
            "factor": "network_security",
            "key": "service_microsoft_sql",
            "severity": "medium",
            "title": "Microsoft SQL Server Service Observed"
        },
        {
            "factor": "network_security",
            "key": "service_mysql",
            "severity": "medium",
            "title": "MySQL Service Observed"
        },
        {
            "factor": "network_security",
            "key": "service_pop3",
            "severity": "info",
            "title": "POP3 Service Observed"
        },
        {
            "factor": "network_security",
            "key": "service_postgresql",
            "severity": "medium",
            "title": "PostgreSQL Service Observed"
        },
        {
            "factor": "network_security",
            "key": "service_rdp",
            "severity": "medium",
            "title": "RDP Service Observed"
        },
        {
            "factor": "network_security",
            "key": "service_redis",
            "severity": "medium",
            "title": "Redis Service Observed"
        },
        {
            "factor": "network_security",
            "key": "service_rsync",
            "severity": "medium",
            "title": "rsync Service Observed"
        },
        {
            "factor": "network_security",
            "key": "service_smb",
            "severity": "medium",
            "title": "SMB Service Observed"
        },
        {
            "factor": "network_security",
            "key": "service_telnet",
            "severity": "low",
            "title": "Telnet Service Observed"
        },
        {
            "factor": "network_security",
            "key": "service_vnc",
            "severity": "medium",
            "title": "VNC Service Observed"
        },
        {
            "factor": "network_security",
            "key": "ssh_weak_mac",
            "severity": "medium",
            "title": "SSH Supports Weak MAC"
        },
        {
            "factor": "network_security",
            "key": "ssh_weak_cipher",
            "severity": "medium",
            "title": "SSH Supports Weak Cipher"
        },
        {
            "factor": "patching_cadence",
            "key": "service_end_of_life",
            "severity": "medium",
            "title": "End-of-Life Product"
        },
        {
            "factor": "patching_cadence",
            "key": "service_end_of_service",
            "severity": "medium",
            "title": "End-of-Service Product"
        },
        {
            "factor": "network_security",
            "key": "tlscert_excessive_expiration",
            "severity": "low",
            "title": "Certificate Lifetime Is Longer Than Best Practices"
        },
        {
            "factor": "network_security",
            "key": "tlscert_revoked",
            "severity": "high",
            "title": "Certificate Is Revoked"
        },
        {
            "factor": "endpoint_security",
            "key": "no_standard_browser_policy",
            "severity": "info",
            "title": "Multiple Browsers Detected"
        },
        {
            "factor": "network_security",
            "key": "tlscert_self_signed",
            "severity": "medium",
            "title": "Certificate Is Self-Signed"
        },
        {
            "factor": "network_security",
            "key": "tlscert_expired",
            "severity": "medium",
            "title": "Certificate Is Expired"
        },
        {
            "factor": "network_security",
            "key": "tls_weak_cipher",
            "severity": "medium",
            "title": "TLS Protocol Uses Weak Cipher"
        },
        {
            "factor": "network_security",
            "key": "tlscert_weak_signature",
            "severity": "medium",
            "title": "SSL Certificate Uses Weak Signature"
        },
        {
            "factor": "network_security",
            "key": "tlscert_extended_validation",
            "severity": "positive",
            "title": "Extended Validation Certificate Observed"
        },
        {
            "factor": "patching_cadence",
            "key": "service_vuln_host_medium",
            "severity": "medium",
            "title": "Medium-Severity Vulnerability in Last Observation"
        },
        {
            "factor": "ip_reputation",
            "key": "malware_1_day",
            "severity": "high",
            "title": "Malware Events, Last Day"
        },
        {
            "factor": "ip_reputation",
            "key": "malware_30_day",
            "severity": "medium",
            "title": "Malware Events, Last Month"
        },
        {
            "factor": "ip_reputation",
            "key": "malware_365_day",
            "severity": "low",
            "title": "Malware Events, Last Year"
        },
        {
            "factor": "network_security",
            "key": "tls_ocsp_stapling",
            "severity": "positive",
            "title": "TLS Certificate Status Request (\"OCSP Stapling\") Detected"
        },
        {
            "factor": "network_security",
            "key": "ssh_weak_protocol",
            "severity": "high",
            "title": "SSH Software Supports Vulnerable Protocol"
        }
    ]
}