Skip to main content
This example triggers a drift detection scan, polls until the scan job completes, and retrieves findings. Drift detection compares your current infrastructure configuration against the captured baseline and surfaces any changes.

Prerequisites

export TOKEN="eyJhbGciOi..."
export BASE_URL="https://api.infraaudit.dev"

Step 1: Trigger the scan

JOB=$(curl -s -X POST "$BASE_URL/api/v1/drifts/detect" \
  -H "Authorization: Bearer $TOKEN" | jq .)

echo $JOB
# { "job_id": 42, "status": "running", "message": "Drift detection scan started" }

JOB_ID=$(echo $JOB | jq -r '.job_id')

Step 2: Poll for completion

while true; do
  EXEC=$(curl -s "$BASE_URL/api/v1/jobs/1/executions/$JOB_ID" \
    -H "Authorization: Bearer $TOKEN")
  STATUS=$(echo $EXEC | jq -r '.status')
  echo "Job status: $STATUS"
  if [ "$STATUS" = "succeeded" ] || [ "$STATUS" = "failed" ]; then break; fi
  sleep 3
done

Step 3: Get the findings summary

curl -s "$BASE_URL/api/v1/drifts/summary" \
  -H "Authorization: Bearer $TOKEN" | jq .
Output: 
{
  "total": 5,
  "by_severity": {
    "critical": 1,
    "high": 2,
    "medium": 1,
    "low": 1
  }
}

Step 4: List critical findings

curl -s "$BASE_URL/api/v1/drifts?severity=critical" \
  -H "Authorization: Bearer $TOKEN" | jq '.data[] | {id, summary, resource_name}'
Output: 
{
  "id": 1,
  "summary": "BlockPublicAcls changed from true to false",
  "resource_name": "data-lake-bucket"
}

Step 5: Get finding detail

curl -s "$BASE_URL/api/v1/drifts/1" \
  -H "Authorization: Bearer $TOKEN" | jq '{summary, baseline_value, current_value}'

Step 6: Resolve a finding

After fixing the issue in your cloud account, sync the provider and resolve the drift: 
# Re-sync the provider to pull current state
curl -s -X POST "$BASE_URL/api/v1/providers/1/sync" \
  -H "Authorization: Bearer $TOKEN"

# Resolve the drift finding
curl -s -X POST "$BASE_URL/api/v1/drifts/1/resolve" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"capture_baseline": true}'