Skip to main content

SCA Management of Package Licenses

Overview

Notice

This API is supported both for Checkmarx One and SCA standalone accounts.

Adding Licenses

If you are aware of a license that is relevant for a particular package that was not identified by Checkmarx, you can add the license manually to the package. Licenses are added to specific packages. A unique package is identified based on: packageName, packageVersion and packageManager.

Management of Package Licenses URLs

Checkmarx One

The following base URLs are used for these APIs, depending on your environment:

  • US Environment - https://ast.checkmarx.net/api/sca/analysis/management-of-risk

  • US2 Environment - https://us.ast.checkmarx.net/api/sca/analysis/management-of-risk

  • EU Environment - https://eu.ast.checkmarx.net/api/sca/analysis/management-of-risk

  • EU2 Environment - https://eu-2.ast.checkmarx.net/api/sca/analysis/management-of-risk

  • DEU Environment - https://deu.ast.checkmarx.net/api/sca/analysis/management-of-risk

  • Australia & New Zealand – https://anz.ast.checkmarx.net/api/sca/analysis/management-of-risk

  • India - https://ind.ast.checkmarx.net/api/sca/analysis/management-of-risk

  • Singapore - https://sng.ast.checkmarx.net/api/sca/analysis/management-of-risk

  • UAE - https://mea.ast.checkmarx.net/api/sca/analysis/management-of-risk

Checkmarx SCA Standalone

  • US Environment - https://api-sca.checkmarx.net/analysis/management-of-risk

  • EU Environment - https://eu.api-sca.checkmarx.net/analysis/management-of-risk

Management of Package Licenses URLs

Checkmarx One

The following base URLs are used for these APIs, depending on your environment:

Checkmarx SCA Standalone

Authentication

Authentication is done using a JWT (JSON Web Token) access token. For Checkmarx One, see here. For Checkmarx SCA standalone, see here

Endpoint Summary

The following is a list of Checkmarx One APIs that relate to management of package licenses:

API

Method

Endpoint

Description

Add License

POST

/package-licenses

Add a license to a package.

Disable License

POST

/package-licenses/disable

Disable (delete) a license that was added manually.

Package License Endpoint Details

POST /package-licenses

If you are aware of a license that is relevant for a particular package that was not identified by Checkmarx, you can add the license manually to the package. Licenses are added to specific packages. A unique package is identified based on: packageName, packageVersion and packageManager.

Media Type (header)

Authorization: Bearer <access_token>

Accept: application/json

cURL Example

curl --location 'https://api.scacheckmarx.com/management-of-risk/package-licenses' \
--header 'Cx-Authentication-Type: user' \
--header 'Authorization: Bearer TOKEN' \
--header 'Content-Type: application/json' \
--data '
{
    "LicenseId": 27,
    "PackageName": "NuGet.CommandLine",
    "PackageVersion": "4.4.1",
    "PackageManager": "Nuget",
    "ProjectIds": ["0d69c407-13d2-4013-b184-4b3be2bde063"],
    "Actions": [
        {
            "ActionType": "AddLicense",
            "Value": "27"
        }
    ]
}
'

Parameters

Body Parameters

Parameter

Mandatory

Type

Enums

Description

LicenseId

yes

int

The ID that represents the license that you are adding to the package. See the table below for the list of supported licenses and the ID of each license.

packageName

yes

string

The name of the package.

packageVersion

yes

string

The version of the package.

packageManager

yes

string

The package manager used for this package.

projectId

no

string

The project IDs of each of the projects for which this license is being added to this package.

If no project ID is specified, then by default the license is added in all projects in your account.

actions[]

yes

json object

The action that is being taken to add one or more licenses.

actionType

yes

string

Supported action types are:

  • AddLicense

The type of action to be done.

  • The action AddLicense adds the license. By default, each license that is added is marked as Effective. You can change the state to Not Effective using the management of risk APIs.

value

yes

int

The ID that represents the license that you are adding to the package.

Note: This should be the identical ID that was given for the LicenseId parameter.

Success Response

Code: 201 successful operation

There is no body for the success response.

POST /package-licenses/disable

Use this endpoint to disable (delete) a license that was added manually.

Media Type (header)

Authorization: Bearer <access_token>

Accept: application/json

cURL Example

curl --location 'https://api.scacheckmarx.com/management-of-risk/package-licenses/disable' \
--header 'Cx-Authentication-Type: user' \
--header 'Authorization: Bearer TOKEN' \
--header 'Content-Type: application/json' \
--data '
{
    "LicenseId": 27,
    "PackageName": "NuGet.CommandLine",
    "PackageVersion": "4.4.1",
    "PackageManager": "Nuget", "PackageId": "Python-pip-22.2",
    "ProjectIds": ["0d69c407-13d2-4013-b184-4b3be2bde063"],
    "ActionType": "AddLicense"
}
'

Parameters

Body Parameters

Parameter

Mandatory

Type

Enums

Description

LicenseId

yes

int

The ID that represents the license that you are disabling (deleting) for this package. See the table below for the list of supported licenses and the ID of each license.

packageName

yes

string

The name of the package.

packageVersion

yes

string

The version of the package.

packageManager

yes

string

The package manager used for this package.

projectId

no

string

The project IDs of each of the projects for which this license is being disabled (deleted).

If no project ID is specified, then by default the license is deleted from all projects in your account.

actionType

yes

string

Currently, the only supported action type is:

  • AddLicense

Specify the action that you are disabling.

Success Response

Code: 204

There is no body for the success response.

In this section: