Skip to main content

Running a Scan


Initiating a scan is possible only within an existing project.

There are a few options for scanning a source file:

  • Scan a source file from a repository URL.

  • Scan a source file from a zipped file.

  • Scan an existing project (repository URL/zipped file).


To manually scan API Security, navigate to the Application and Projects page, click the + New dropdown tab, and select New Project- Manual Scan. To scan with code repository integration, select New Project - Code Repository Integration. To streamline this scanning process after integrating your code repository, we recommend using Rules as detailed below. 


To run a scan: 


The information tooltip by API Security will be visible exclusively when the rule is defined within the project. When this rule is enabled, you can select only the API security scan; otherwise, it will automatically toggle on/off with the SAST scan choice.

  1. On the Application and Projects page, select the Projects tab (default).

  2. In the row of the project that you would like to scan, click Scan


    The New Scan window opens. By default, under Project Name, the project of the row in which you clicked Scan is selected. 



    If you would like to scan a different project, it is possible to select a different project from the drop-down menu.

  3. In the Source to Scan section, there are two scan options:

    1. Scan from a zipped file:

      • With the File option selected (default), click the Select File link.

      • Select the requested zip archive file.

    2. Scan a Repository URL:

      • Click the Repository button.

      • Enter the Repository URL.

      • Click the Fetch Branches button.

    3. Type your Personal Access Token and click Login

      For example:

    4. If the Token is incorrect, an error will be presented while trying to connect.

      For example:

  4. Under Scan Tags, add a tag to the new scan (optional).

    Tags can be added in two different formats:

    Label: <string>

    key:value: <key string:value string>

  5. Select Completed.pngIncremental Scan, if you only want to scan the latest changes and not the entire project. For more information, refer to Incremental Scans (SAST Scanner).

  6. Click Next. The New Scan dialog appears, and you are asked to select the scanners.

  7. Select one or more scanners.

    If you select API Security, SAST is also selected because API Security uses the SAST code to detect APIs. 


    To scan your API Documentation files, create a rule before proceeding to the next step. See Rules for more details on how to set this up and to streamline your API Security scans. 

  8. Click Scan. The New Scan dialog box closes, and the scan starts.

  9. You can monitor the scan's status in the Projects tab.

  10. After the scan, you can view the project's results on a side pane by clicking within the project row.

  11. Scroll down to view your API Security results.


    Selecting Overview redirects you to the scan Overview page.


    Selecting Results redirects you to the Risks results page.



  • Only API Security and SAST support incremental scans. If you select additional scanners for an Incremental Scan, a full scan is performed instead.

  • API Security supports Python Flask, Java - Spring, and C# - ASP.NET Web API .