- Checkmarx Documentation
- Checkmarx SAST
- SAST API Guide
- CXSAST (REST) API
- CxSAST (REST) API v1
- OSA
OSA
Returns basic scan details for all scans associated with a specified project id
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json;v=1.0"},
"Authorization": []string{"Bearer {access-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://***.***.***.***/cxrestapi/help/osa/scans", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
URL obj = new URL("https://***.***.***.***/cxrestapi/help/osa/scans?projectId=0");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
const headers = {
'Accept':'application/json;v=1.0',
'Authorization':'Bearer {access-token}'
};
fetch('https://***.***.***.***/cxrestapi/help/osa/scans?projectId=0',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
import requests
headers = {
'Accept': 'application/json;v=1.0',
'Authorization': 'Bearer {access-token}'
}
r = requests.get('https://***.***.***.***/cxrestapi/help/osa/scans', params={
'projectId': '0'
}, headers = headers)
print(r.json())
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json;v=1.0',
'Authorization' => 'Bearer {access-token}'
}
result = RestClient.get 'https://***.***.***.***/cxrestapi/help/osa/scans',
params: {
'projectId' => 'integer(int64)'
}, headers: headers
p JSON.parse(result)
GET /osa/scans
Parameters
Name | In | Type | Required | Description |
|---|---|---|---|---|
projectId | query | integer(int64) | true | Unique Id of the specific project |
page | query | integer(int32) | false | Page number (default 1) |
itemsPerPage | query | integer(int32) | false | Number of items per page (default 100) |
Responses
Status | Meaning | Description | Schema |
|---|---|---|---|
200 | OK | Inline |
Response Schema
Status Code 200
Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
anonymous | false | none | none | |
» id | string(uuid) | false | none | none |
» startAnalyzeTime | string(date-time) | false | none | none |
» endAnalyzeTime | string(date-time) | false | none | none |
» origin | string | false | none | none |
» sourceCodeOrigin | string | false | none | none |
» state | false | none | none | |
»» id | integer(int32) | false | none | none |
»» name | string | false | none | none |
»» failureReason | string | false | none | none |
» sharedSourceLocationPaths | [string] | false | none | none |
To perform this operation, you must be authenticated by means of one of the following methods: Bearer ( Scopes: sast_api )
Creates a new scan request
TEST
import requests
headers = {
'Content-Type': 'multipart/form-data',
'Accept': 'application/json',
'Authorization': 'Bearer {access-token}'
}
r = requests.post('https://***.***.***.***/cxrestapi/help/osa/scans', headers = headers)
print(r.json())
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Content-Type": []string{"multipart/form-data"},
"Accept": []string{"application/json"},
"Authorization": []string{"Bearer {access-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("POST", "https://***.***.***.***/cxrestapi/help/osa/scans", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
URL obj = new URL("https://***.***.***.***/cxrestapi/help/osa/scans");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
const inputBody = '{
"projectId": 0,
"origin": "string",
"zippedSource": "string"
}';
const headers = {
'Content-Type':'multipart/form-data',
'Accept':'application/json',
'Authorization':'Bearer {access-token}'
};
fetch('https://***.***.***.***/cxrestapi/help/osa/scans',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
import requests
headers = {
'Content-Type': 'multipart/form-data',
'Accept': 'application/json',
'Authorization': 'Bearer {access-token}'
}
r = requests.post('https://***.***.***.***/cxrestapi/help/osa/scans', headers = headers)
print(r.json())
import requests
headers = {
'Content-Type': 'multipart/form-data',
'Accept': 'application/json',
'Authorization': 'Bearer {access-token}'
}
r = requests.post('https://***.***.***.***/cxrestapi/help/osa/scans', headers = headers)
print(r.json())
require 'rest-client'
require 'json'
headers = {
'Content-Type' => 'multipart/form-data',
'Accept' => 'application/json',
'Authorization' => 'Bearer {access-token}'
}
result = RestClient.post 'https://***.***.***.***/cxrestapi/help/osa/scans',
params: {
}, headers: headers
p JSON.parse(result)
POST /osa/scans
projectId: 0 origin: string zippedSource: string
Parameters
Name | In | Type | Required | Description |
|---|---|---|---|---|
body | body | object | false | none |
» projectId | body | integer | false | The Project Id associated with requested scan |
» origin | body | string | false | The location from which scan was requested (if not specified (Portal) will be selected) |
» zippedSource | body | string(binary) | false | Zipped source code to scan |
Responses
Status | Meaning | Description | Schema |
|---|---|---|---|
202 | Accepted | ||
400 | Bad Request | None |
To perform this operation, you must be authenticated by means of one of the following methods: Bearer ( Scopes: sast_api )
{
"scanId": "00000000-0000-0000-0000-000000000000"
}
Get all supported Open Source file extensions
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"text/plain;v=1.0"},
"Authorization": []string{"Bearer {access-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://***.***.***.***/cxrestapi/help/osa/fileextensions", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
URL obj = new URL("https://***.***.***.***/cxrestapi/help/osa/fileextensions");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
const headers = {
'Accept':'text/plain;v=1.0',
'Authorization':'Bearer {access-token}'
};
fetch('https://***.***.***.***/cxrestapi/help/osa/fileextensions',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
import requests
headers = {
'Accept': 'text/plain;v=1.0',
'Authorization': 'Bearer {access-token}'
}
r = requests.get('https://***.***.***.***/cxrestapi/help/osa/fileextensions', headers = headers)
print(r.json())
require 'rest-client'
require 'json'
headers = {
'Accept' => 'text/plain;v=1.0',
'Authorization' => 'Bearer {access-token}'
}
result = RestClient.get 'https://***.***.***.***/cxrestapi/help/osa/fileextensions',
params: {
}, headers: headers
p JSON.parse(result)
GET /osa/fileextensions
Responses
Status | Meaning | Description | Schema |
|---|---|---|---|
200 | OK | string |
To perform this operation, you must be authenticated by means of one of the following methods: Bearer ( Scopes: sast_api )
"string"
Returns basic scan details for a specified scan
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json;v=1.0"},
"Authorization": []string{"Bearer {access-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://***.***.***.***/cxrestapi/help/osa/scans/{scanId}", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
URL obj = new URL("https://***.***.***.***/cxrestapi/help/osa/scans/{scanId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
const headers = {
'Accept':'application/json;v=1.0',
'Authorization':'Bearer {access-token}'
};
fetch('https://***.***.***.***/cxrestapi/help/osa/scans/{scanId}',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
import requests
headers = {
'Accept': 'application/json;v=1.0',
'Authorization': 'Bearer {access-token}'
}
r = requests.get('https://***.***.***.***/cxrestapi/help/osa/scans/{scanId}', headers = headers)
print(r.json())
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json;v=1.0',
'Authorization' => 'Bearer {access-token}'
}
result = RestClient.get 'https://***.***.***.***/cxrestapi/help/osa/scans/{scanId}',
params: {
}, headers: headers
p JSON.parse(result)
GET /osa/scans/{scanId}
Parameters
Name | In | Type | Required | Description |
|---|---|---|---|---|
scanId | path | string(uuid) | true | Unique ID of the specific scan |
Responses
Status | Meaning | Description | Schema |
|---|---|---|---|
200 | OK |
To perform this operation, you must be authenticated by means of one of the following methods: Bearer ( Scopes: sast_api )
Returns the licenses associated with the given scan request
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json;v=1.0"},
"Authorization": []string{"Bearer {access-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://***.***.***.***/cxrestapi/help/osa/licenses", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
URL obj = new URL("https://***.***.***.***/cxrestapi/help/osa/licenses?scanId=497f6eca-6276-4993-bfeb-53cbbbba6f08");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
const headers = {
'Accept':'application/json;v=1.0',
'Authorization':'Bearer {access-token}'
};
fetch('https://***.***.***.***/cxrestapi/help/osa/licenses?scanId=497f6eca-6276-4993-bfeb-53cbbbba6f08',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
import requests
headers = {
'Accept': 'application/json;v=1.0',
'Authorization': 'Bearer {access-token}'
}
r = requests.get('https://***.***.***.***/cxrestapi/help/osa/licenses', params={
'scanId': '497f6eca-6276-4993-bfeb-53cbbbba6f08'
}, headers = headers)
print(r.json())
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json;v=1.0',
'Authorization' => 'Bearer {access-token}'
}
result = RestClient.get 'https://***.***.***.***/cxrestapi/help/osa/licenses',
params: {
'scanId' => 'string(uuid)'
}, headers: headers
p JSON.parse(result)
GET /osa/licenses
Parameters
Name | In | Type | Required | Description |
|---|---|---|---|---|
scanId | query | string(uuid) | true | Unique ID of the specific scan |
Responses
Status | Meaning | Description | Schema |
|---|---|---|---|
200 | OK | Inline |
Response Schema
Status Code 200
Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
anonymous | false | none | none | |
» id | string | false | read-only | The Id of the open source license |
» name | string | false | read-only | License name |
» riskLevel | string | false | read-only | License risk level (Low, Medium, High, Unknown) |
» copyrightRiskScore | integer(int32) | false | read-only | The risk of infringing the license copyrights |
» patentRiskScore | integer(int32) | false | read-only | The risk of infringing patents |
» copyLeft | string | false | read-only | Status of copy-left licensing |
» linking | string | false | read-only | The influent of the license on linked code |
» royalityFree | string | false | read-only | Whether or not this license is royality-free |
» referenceType | string | false | read-only | License description url |
» reference | string | false | read-only | none |
» url | string | false | read-only | none |
To perform this operation, you must be authenticated by means of one of the following methods: Bearer ( Scopes: sast_api )
Returns a list of comments associated with the instances of the given vulnerability
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json;v=1.0"},
"Authorization": []string{"Bearer {access-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://***.***.***.***/cxrestapi/help/osa/vulnerabilities/{vulnerabilityId}/comments", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
URL obj = new URL("https://***.***.***.***/cxrestapi/help/osa/vulnerabilities/{vulnerabilityId}/comments?projectId=0");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
const headers = {
'Accept':'application/json;v=1.0',
'Authorization':'Bearer {access-token}'
};
fetch('https://***.***.***.***/cxrestapi/help/osa/vulnerabilities/{vulnerabilityId}/comments?projectId=0',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
import requests
headers = {
'Accept': 'application/json;v=1.0',
'Authorization': 'Bearer {access-token}'
}
r = requests.get('https://***.***.***.***/cxrestapi/help/osa/vulnerabilities/{vulnerabilityId}/comments', params={
'projectId': '0'
}, headers = headers)
print(r.json())
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json;v=1.0',
'Authorization' => 'Bearer {access-token}'
}
result = RestClient.get 'https://***.***.***.***/cxrestapi/help/osa/vulnerabilities/{vulnerabilityId}/comments',
params: {
'projectId' => 'integer(int64)'
}, headers: headers
p JSON.parse(result)
GET /osa/vulnerabilities/{vulnerabilityId}/comments
Parameters
Name | In | Type | Required | Description |
|---|---|---|---|---|
vulnerabilityId | path | string | true | Unique Id of the specific scanned vulnerability |
projectId | query | integer(int64) | true | Unique Id of the specific project |
Responses
Status | Meaning | Description | Schema |
|---|---|---|---|
200 | none |
To perform this operation, you must be authenticated by means of one of the following methods: Bearer ( Scopes: sast_api )
Returns all the vulnerabilities for the specified scan Id. Each vulnerability returned is unique to its library or file.
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json;v=1.0"},
"Authorization": []string{"Bearer {access-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://***.***.***.***/cxrestapi/help/osa/vulnerabilities", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
URL obj = new URL("https://***.***.***.***/cxrestapi/help/osa/vulnerabilities?scanId=497f6eca-6276-4993-bfeb-53cbbbba6f08");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
const headers = {
'Accept':'application/json;v=1.0',
'Authorization':'Bearer {access-token}'
};
fetch('https://***.***.***.***/cxrestapi/help/osa/vulnerabilities?scanId=497f6eca-6276-4993-bfeb-53cbbbba6f08',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
import requests
headers = {
'Accept': 'application/json;v=1.0',
'Authorization': 'Bearer {access-token}'
}
r = requests.get('https://***.***.***.***/cxrestapi/help/osa/vulnerabilities', params={
'scanId': '497f6eca-6276-4993-bfeb-53cbbbba6f08'
}, headers = headers)
print(r.json())
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json;v=1.0',
'Authorization' => 'Bearer {access-token}'
}
result = RestClient.get 'https://***.***.***.***/cxrestapi/help/osa/vulnerabilities',
params: {
'scanId' => 'string(uuid)'
}, headers: headers
p JSON.parse(result)
GET /osa/vulnerabilities
Parameters
Name | In | Type | Required | Description |
|---|---|---|---|---|
scanId | query | string(uuid) | true | Unique Id of the specific scan |
page | query | integer(int32) | false | Page number |
itemsPerPage | query | integer(int32) | false | Amount of items returned by the request |
libraryId | query | array[string] | false | Filter by library Ids |
stateId | query | array[integer] | false | Filter by state Ids |
comment | query | string | false | Filter by a comment containing the text |
since | query | integer(int64) | false | Filter not erlier that the given unix-timestamp value |
until | query | integer(int64) | false | Filter not after the given unix-timestamp value |
Responses
Status | Meaning | Description | Schema |
|---|---|---|---|
200 | none | Inline |
Response Schema
Status Code 200
Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
anonymous | false | none | none | |
» id | string | false | none | none |
» cveName | string | false | none | none |
» score | number(float) | false | none | none |
» severity | false | none | none | |
»» id | integer(int32) | false | none | none |
»» name | string | false | none | none |
» publishDate | string(date-time) | false | none | none |
» url | string | false | none | none |
» description | string | false | none | none |
» recommendations | string | false | none | none |
» sourceFileName | string | false | none | none |
» libraryId | string | false | none | none |
» state | false | none | none | |
»» id | integer(int32) | false | read-only | none |
»» actionType | string | false | read-only | none |
»» name | string | false | read-only | none |
» commentsAmount | integer(int32) | false | none | none |
» similarityId | string | false | none | none |
To perform this operation, you must be authenticated by means of one of the following methods: Bearer ( Scopes: sast_api )