Add `GET /jobs/{job_id}/findings` endpoint

[ionfwsrijan]

Description

Expose the persisted findings for a job via a simple GET endpoint. This is useful for debugging, for the frontend to re-load findings without re-scanning, and for future ML tooling to pull labeled data.

What to implement

• GET /jobs/{job_id}/findings — returns all findings for a job from SQLite as JSON
• GET /jobs/{job_id}/verify — returns the verify outcome for a job if it exists
• Return 404 with a clear message if the job_id doesn't exist in the DB

Response shape for /findings:

{
  "job_id": "abc123",
  "finding_count": 12,
  "findings": [
    {
      "id": "uuid",
      "rule_id": "...",
      "severity": "HIGH",
      "scanner": "semgrep",
      ...
    }
  ]
}

Acceptance criteria

• Endpoint returns correct findings for a valid job_id
• Returns 404 for unknown job_id
• Findings from all three scanners are returned, not just Semgrep

---

[anahaaaa]

Hi @ionfwsrijan ,

I would like to work on this Issue (GET /jobs/{job_id}/findings endpoint) as part of SSoC 2026. I noticed that this endpoint depends on findings being persisted to SQLite first. Are Issues #1-#3 expected to be completed before #4, or should contributors work on them in parallel?

If the dependencies are already handled or planned, I'd be happy to take up Issue #4.

Thank you!

[ionfwsrijan]

Hey @anahaaaa!

You've been assigned to this issue.

Before you start, a couple of quick things:

⭐ Star the repo — it helps the project grow and supports the roadmap
🔀 Fork it — work on your fork and open a PR from there when ready

Feel free to drop a comment here if you run into anything or have questions while implementing. Happy building!

[ionfwsrijan]

@anahaaaa You're partially right. This issue depends on issue #2