Checkmarx SCA (REST) API - Scan Upload

You can use the Scan Upload APIs to run a scan of a Project by uploading a zip file or by referring to its GitHub URL.

Notice

Before you can start running scans via API, you need to create your Project. If you haven’t yet set up a Project for the source code that you would like to scan, then first create the Project as described in Checkmarx SCA (REST) API - POST Project.

Alternatively, you can create the Project in the Checkmarx SCA web portal, see Creating a Project - Project Types.

Notice

The scanning procedure is identical whether this is the initial scan after creating the Project or whether you are rescanning a Project that has already been scanned.

The following base URLs are used for all calls, depending on your environment:

US Environment - https://api-sca.checkmarx.net
EU Environment - https://eu.api-sca.checkmarx.net

Workflow

Notice

You need to have the Project ID of the project that you would like to scan in order to run the Scan Upload API. See Checkmarx SCA (REST) API - Projects.

To scan a zip file

Use POST /api/uploads to generate an upload link.
Use PUT /{uploadLink}, specifying the path to your ZIP file, to upload your file.
Use POST /api/scans, specifying the Project ID and upload link, to scan the ZIP file.
Use GET /api/scans/{scanId} to check the status of the scan.
View the results using the Export Service. Alternatively, you can view the results in the Checkmarx SCA web browser (UI), see Viewing Results.

To scan from GitHub repo

Use POST /api/scans (along with the Project ID and GitHub URL) to scan the Project.
Use GET /api/scans/{scanId} to check the status of the scan.
View the results using the Export Service. Alternatively, you can view the results in the Checkmarx SCA web browser (UI), see Viewing Results.

Scan Upload APIs

The following is a list of the Checkmarx SCA APIs that relate to Scan Upload:

Notice

If a GitHub URL is being scanned (as opposed to a zip file), then the only API needed is POST Scan.

API	Method	Endpoint	Description
POST Generate Upload Link	POST	/api/uploads	Generate an upload link for scanning a ZIP file. This returns an Upload Link which is used in PUT Upload Link and POST Scan.
PUT Upload Link	PUT	{upload_url}	Upload the ZIP file to Checkmarx SCA. The url is the url that you generated using POST Generate Upload Link. The Body parameter is the path to the zip file on your local machine.
POST Scan	POST	/api/scans	Scan the previously uploaded ZIP file (or the GitHub URL). The user specifies the Project ID and includes the previously generated Upload Link (or the GitHub file URL). The response returns a Scan ID which you can use with Risk Reports to view results.

API

Method

Endpoint

Description

POST Generate Upload Link

POST

/api/uploads

Generate an upload link for scanning a ZIP file.

This returns an Upload Link which is used in PUT Upload Link and POST Scan.

PUT Upload Link

PUT

{upload_url}

Upload the ZIP file to Checkmarx SCA.

The url is the url that you generated using POST Generate Upload Link.

The Body parameter is the path to the zip file on your local machine.

POST Scan

POST

/api/scans

Scan the previously uploaded ZIP file (or the GitHub URL).

The user specifies the Project ID and includes the previously generated Upload Link (or the GitHub file URL).

The response returns a Scan ID which you can use with Risk Reports to view results.

In this section:

Checkmarx SCA (REST) API - Scan Upload

Notice

Notice

Workflow

Notice

Scan Upload APIs

Notice

Search results