- Checkmarx Documentation
- Checkmarx SAST
- SAST API Guide
- CXSAST (REST) API
- CxSAST (REST) API v2
- OSA
OSA
Returns basic scan details for all scans associated with a specified project id
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json;v=2.0"},
"Authorization": []string{"Bearer {access-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://***.***.***.***/cxrestapi/help/osa/scans", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
URL obj = new URL("https://***.***.***.***/cxrestapi/help/osa/scans?projectId=0");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
const headers = {
'Accept':'application/json;v=2.0',
'Authorization':'Bearer {access-token}'
};
fetch('https://***.***.***.***/cxrestapi/help/osa/scans?projectId=0',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
import requests
headers = {
'Accept': 'application/json;v=2.0',
'Authorization': 'Bearer {access-token}'
}
r = requests.get('https://***.***.***.***/cxrestapi/help/osa/scans', params={
'projectId': '0'
}, headers = headers)
print(r.json())
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json;v=2.0',
'Authorization' => 'Bearer {access-token}'
}
result = RestClient.get 'https://***.***.***.***/cxrestapi/help/osa/scans',
params: {
'projectId' => 'integer(int64)'
}, headers: headers
p JSON.parse(result)
GET /osa/scans
Parameters
Name | In | Type | Required | Description |
|---|---|---|---|---|
projectId | query | integer(int64) | true | Unique Id of the specific project |
page | query | integer(int32) | false | Page number (default 1) |
itemsPerPage | query | integer(int32) | false | Number of items per page (default 100) |
Responses
Status | Meaning | Description | Schema |
|---|---|---|---|
200 | OK | Inline |
Response Schema
Status Code 200
Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
anonymous | false | none | none | |
» findingsStatus | string | false | none | none |
» id | string(uuid) | false | none | none |
» startAnalyzeTime | string(date-time) | false | none | none |
» endAnalyzeTime | string(date-time) | false | none | none |
» origin | string | false | none | none |
» sourceCodeOrigin | string | false | none | none |
» state | false | none | none | |
»» id | integer(int32) | false | none | none |
»» name | string | false | none | none |
»» failureReason | string | false | none | none |
» sharedSourceLocationPaths | [string] | false | none | none |
To perform this operation, you must be authenticated by means of one of the following methods: Bearer ( Scopes: sast_api )
Creates a new scan request
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Content-Type": []string{"multipart/form-data"},
"Accept": []string{"application/json"},
"Authorization": []string{"Bearer {access-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("POST", "https://***.***.***.***/cxrestapi/help/osa/scans", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
URL obj = new URL("https://***.***.***.***/cxrestapi/help/osa/scans");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
const inputBody = '{
"projectId": 0,
"origin": "string",
"zippedSource": "string"
}';
const headers = {
'Content-Type':'multipart/form-data',
'Accept':'application/json',
'Authorization':'Bearer {access-token}'
};
fetch('https://***.***.***.***/cxrestapi/help/osa/scans',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
import requests
headers = {
'Content-Type': 'multipart/form-data',
'Accept': 'application/json',
'Authorization': 'Bearer {access-token}'
}
r = requests.post('https://***.***.***.***/cxrestapi/help/osa/scans', headers = headers)
print(r.json())
require 'rest-client'
require 'json'
headers = {
'Content-Type' => 'multipart/form-data',
'Accept' => 'application/json',
'Authorization' => 'Bearer {access-token}'
}
result = RestClient.post 'https://***.***.***.***/cxrestapi/help/osa/scans',
params: {
}, headers: headers
p JSON.parse(result)
POST /osa/scans
projectId: 0 origin: string zippedSource: string
Parameters
Name | In | Type | Required | Description |
|---|---|---|---|---|
body | body | object | false | none |
» projectId | body | integer | false | The Project Id associated with requested scan |
» origin | body | string | false | The location from which scan was requested (if not specified (Portal) will be selected) |
» zippedSource | body | string(binary) | false | Zipped source code to scan |
Responses
Status | Meaning | Description | Schema |
|---|---|---|---|
202 | Accepted | ||
400 | Bad Request | None |
To perform this operation, you must be authenticated by means of one of the following methods: Bearer ( Scopes: sast_api )
{
"scanId": "00000000-0000-0000-0000-000000000000"
}
Returns basic scan details for a specified scan
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json;v=2.0"},
"Authorization": []string{"Bearer {access-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://***.***.***.***/cxrestapi/help/osa/scans/{scanId}", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
URL obj = new URL("https://***.***.***.***/cxrestapi/help/osa/scans/{scanId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
const headers = {
'Accept':'application/json;v=2.0',
'Authorization':'Bearer {access-token}'
};
fetch('https://***.***.***.***/cxrestapi/help/osa/scans/{scanId}',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
import requests
headers = {
'Accept': 'application/json;v=2.0',
'Authorization': 'Bearer {access-token}'
}
r = requests.get('https://***.***.***.***/cxrestapi/help/osa/scans/{scanId}', headers = headers)
print(r.json())
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json;v=2.0',
'Authorization' => 'Bearer {access-token}'
}
result = RestClient.get 'https://***.***.***.***/cxrestapi/help/osa/scans/{scanId}',
params: {
}, headers: headers
p JSON.parse(result)
GET /osa/scans/{scanId}
Parameters
Name | In | Type | Required | Description |
|---|---|---|---|---|
scanId | path | string(uuid) | true | Unique ID of the specific scan |
Responses
Status | Meaning | Description | Schema |
|---|---|---|---|
200 | OK |
To perform this operation, you must be authenticated by means of one of the following methods: Bearer ( Scopes: sast_api )
Returns all the used libraries for the specified scan Id
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json;v=2.0"},
"Authorization": []string{"Bearer {access-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://***.***.***.***/cxrestapi/help/osa/libraries", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
URL obj = new URL("https://***.***.***.***/cxrestapi/help/osa/libraries?scanId=497f6eca-6276-4993-bfeb-53cbbbba6f08");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
const headers = {
'Accept':'application/json;v=2.0',
'Authorization':'Bearer {access-token}'
};
fetch('https://***.***.***.***/cxrestapi/help/osa/libraries?scanId=497f6eca-6276-4993-bfeb-53cbbbba6f08',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
import requests
headers = {
'Accept': 'application/json;v=2.0',
'Authorization': 'Bearer {access-token}'
}
r = requests.get('https://***.***.***.***/cxrestapi/help/osa/libraries', params={
'scanId': '497f6eca-6276-4993-bfeb-53cbbbba6f08'
}, headers = headers)
print(r.json())
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json;v=2.0',
'Authorization' => 'Bearer {access-token}'
}
result = RestClient.get 'https://***.***.***.***/cxrestapi/help/osa/libraries',
params: {
'scanId' => 'string(uuid)'
}, headers: headers
p JSON.parse(result)
GET /osa/libraries
Parameters
Name | In | Type | Required | Description |
|---|---|---|---|---|
scanId | query | string(uuid) | true | Unique Id of the specific scan |
page | query | integer(int32) | false | Page number (default 1) |
itemsPerPage | query | integer(int32) | false | Number of items per page (default 100) |
Responses
Status | Meaning | Description | Schema |
|---|---|---|---|
200 | none | Inline |
Response Schema
Status Code 200
Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
anonymous | false | none | [Library DTO] | |
» id | string | false | none | Library ID |
» name | string | false | none | Library Name |
» version | string | false | none | Library Version |
» releaseDate | string(date-time) | false | none | Library Release date of the current version |
» highUniqueVulnerabilityCount | integer(int32) | false | none | Number of high vulnerabilities |
» mediumUniqueVulnerabilityCount | integer(int32) | false | none | Number of medium vulnerabilities |
» lowUniqueVulnerabilityCount | integer(int32) | false | none | Number of low vulnerabilities |
» notExploitableVulnerabilityCount | integer(int32) | false | none | Number of not exploitable vulnerabilities |
» newestVersion | string | false | none | Newest version (if no newest version exists, then this field will remain empty) |
» newestVersionReleaseDate | string(date-time) | false | none | Release date of newest version (if no newest version exists, then this field will contain 1970/1/1) |
» numberOfVersionsSinceLastUpdate | integer(int32) | false | none | Number of newer versions (if no newest version exists, then this field will be 0) |
» confidenceLevel | integer(int32) | false | none | The confidence level about the provided result |
» matchType | false | none | none | |
»» id | integer(int32) | false | read-only | none |
»» name | string | false | read-only | none |
»» description | string | false | read-only | none |
» licenses | [string] | false | none | Collection of legal licenses id |
» outdated | boolean | false | none | Indicate whether this library outdated |
» severity | false | none | none | |
»» id | integer(int32) | false | none | none |
»» name | string | false | none | none |
» riskScore | number(double) | false | none | Library risk score based on highest vulnerability risk score |
» locations | false | none | Library locations and their match-type | |
»» path | string | false | read-only | none |
»» matchType | false | none | none |
To perform this operation, you must be authenticated by means of one of the following methods: Bearer ( Scopes: sast_api )
Returns all the vulnerabilities for the specified scan Id. Each vulnerability returned is unique to its library or file.
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json;v=2.0"},
"Authorization": []string{"Bearer {access-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://***.***.***.***/cxrestapi/help/osa/vulnerabilities", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
URL obj = new URL("https://***.***.***.***/cxrestapi/help/osa/vulnerabilities?scanId=497f6eca-6276-4993-bfeb-53cbbbba6f08");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
const headers = {
'Accept':'application/json;v=2.0',
'Authorization':'Bearer {access-token}'
};
fetch('https://***.***.***.***/cxrestapi/help/osa/vulnerabilities?scanId=497f6eca-6276-4993-bfeb-53cbbbba6f08',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
import requests
headers = {
'Accept': 'application/json;v=2.0',
'Authorization': 'Bearer {access-token}'
}
r = requests.get('https://***.***.***.***/cxrestapi/help/osa/vulnerabilities', params={
'scanId': '497f6eca-6276-4993-bfeb-53cbbbba6f08'
}, headers = headers)
print(r.json())
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json;v=2.0',
'Authorization' => 'Bearer {access-token}'
}
result = RestClient.get 'https://***.***.***.***/cxrestapi/help/osa/vulnerabilities',
params: {
'scanId' => 'string(uuid)'
}, headers: headers
p JSON.parse(result)
GET /osa/vulnerabilities
Parameters
Name | In | Type | Required | Description |
|---|---|---|---|---|
scanId | query | string(uuid) | true | Unique Id of the specific scan |
page | query | integer(int32) | false | Page number |
itemsPerPage | query | integer(int32) | false | Amount of items returned by the request |
libraryId | query | array[string] | false | Filter by library Ids |
stateId | query | array[integer] | false | Filter by state Ids |
comment | query | string | false | Filter by a comment containing the text |
since | query | integer(int64) | false | Filter not erlier that the given unix-timestamp value |
until | query | integer(int64) | false | Filter not after the given unix-timestamp value |
Responses
Status | Meaning | Description | Schema |
|---|---|---|---|
200 | none | Inline |
Response Schema
Status Code 200
Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
anonymous | false | none | none | |
» id | string | false | none | none |
» cveName | string | false | none | none |
» score | number(float) | false | none | none |
» severity | false | none | none | |
»» id | integer(int32) | false | none | none |
»» name | string | false | none | none |
» publishDate | string(date-time) | false | none | none |
» url | string | false | none | none |
» description | string | false | none | none |
» recommendations | string | false | none | none |
» sourceFileName | string | false | none | none |
» libraryId | string | false | none | none |
» state | false | none | none | |
»» id | integer(int32) | false | read-only | none |
»» actionType | string | false | read-only | none |
»» name | string | false | read-only | none |
» commentsAmount | integer(int32) | false | none | none |
» similarityId | string | false | none | none |
» fixUrl | string | false | none | none |
To perform this operation, you must be authenticated by means of one of the following methods: Bearer ( Scopes: sast_api )