Creates a new SAST scan with unique settings and assigns it to a project. When initiating a scan you can send a header (cxorigin) which indicates which client is being used to send the scan request (e.g. Bamboo, TeamCity, Maven, etc.).
- If you are already using POST /sast/ScanWithSettings Ver=1.0 in SAST version 9.2 or 9.3 and want to continue using version 1.0, add the “Accept” header with value=”application/json;v=1.0”. Remove the “Content-Type” header, if it was defined.
- If you are already using POST /sast/ScanWithSettings Ver=1.0 in SAST version 9.2 or 9.3 and want to use version 1.1 or 1.2 after upgrading to SAST 9.4, add the “Accept” header with value=”application/json;v=1.1” or with value=”application/json;v=1.2” accordingly.
- A new installation of SAST version 9.4 uses API version 1.2, by default, so there is no need to add any additional headers.
Usage
- POST /projects and create a new project with default preset and configuration settings
- POST /sast/scanWithSettings and create a new SAST scan with unique settings and assign it to a project
URL
http://localhost/cxrestapi/sast/scanWithSettings
Method:
POST
Media Type (header):
Authorization: Bearer <access token value>
Accept: application/json;v=1.0
cxOrigin: {request_origin}
Parameters
Required:
Content-type=[multipart/form-data]:
projectId=[integer] – Unique Id of the project to be scanned
postScanActionId=[integer] – Unique Id of API for version 1.1
customFields=[integer] – Specifies API version in version 1.2
overrideProjectSetting=[boolean] – Specifies whether to overwrite project settings
isIncremental=[boolean] – Specifies whether the requested scan is incremental or full scan
isPublic=[boolean] – Specifies whether the requested scan is public or private
forceScan=[boolean] – Specifies whether the code should be scanned, regardless of whether changes were made to the code since the last scan.
comment=[string] – Specifies the scan comment
presetId=[integer] – Specifies the preset id to use during the scan (0 = use project's default
engineConfigurationId=[integer] – Specify the engine-configuration to use during the scan (0 = use project's default)
zippedSource=[file] – Zipped source code to scan
Sample Response:
{
"id": 1000011,
"link": {
"rel": "self",
"uri": "/sast/scans/1000011"
}
}
Success Response:
Code: 201 Created
Error Response:
Code: 400 Bad Request
Code: 404 Not Found
Notes:
Creates a new SAST scan with settings and assigns it to a project. If the request fails, it returns an error response. Must be a valid project in order to create a new scan.
Read more: