Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Current »

Creates a new SAST scan with unique settings and assigns it to a project. When initiating a scan you can send a header (cxorigin) which indicates which client is being used to send the scan request (e.g. Bamboo, TeamCity, Maven, etc.).

The ‘SAVE-SAST-SCAN’ permission is required to execute this API.
  • If you are already using POST /sast/ScanWithSettings Ver=1.0 in SAST version 9.2 or 9.3 and want to continue using version 1.0, add the “Accept” header with value=”application/json;v=1.0”. Remove the “Content-Type” header, if it was defined.
  • If you are already using POST /sast/ScanWithSettings Ver=1.0 in SAST version 9.2 or 9.3 and want to use version 1.1 or 1.2 after upgrading to SAST 9.4, add the “Accept” header with value=”application/json;v=1.1” or with value=”application/json;v=1.2” accordingly.
  • A new installation of SAST version 9.4 uses API version 1.2, by default, so there is no need to add any additional headers.

Usage

  1. POST /projects and create a new project with default preset and configuration settings
  2. POST /sast/scanWithSettings and create a new SAST scan with unique settings and assign it to a project

URL

http://localhost/cxrestapi/sast/scanWithSettings

Method:

POST

Media Type (header):

Authorization: Bearer <access token value>
Accept: application/json;v=1.0
cxOrigin: {request_origin}

Parameters

Required:

Content-type=[multipart/form-data]:
projectId=[integer] – Unique Id of the project to be scanned
postScanActionId=[integer] – Unique Id of API for version 1.1
customFields=[integer] – Specifies API version in version 1.2
overrideProjectSetting=[boolean] – Specifies whether to overwrite project settings
isIncremental=[boolean] – Specifies whether the requested scan is incremental or full scan
isPublic=[boolean] – Specifies whether the requested scan is public or private
forceScan=[boolean] – Specifies whether the code should be scanned, regardless of whether changes were made to the code since the last scan.
comment=[string] – Specifies the scan comment
presetId=[integer] – Specifies the preset id to use during the scan (0 = use project's default
engineConfigurationId=[integer] – Specify the engine-configuration to use during the scan (0 = use project's default)
zippedSource=[file] – Zipped source code to scan

Sample Response:

{
  "id": 1000011,
  "link": {
    "rel": "self",
    "uri": "/sast/scans/1000011"
  }
}

Success Response:

Code: 201 Created

Error Response:

Code: 400 Bad Request
Code: 404 Not Found

Notes:

Creates a new SAST scan with settings and assigns it to a project. If the request fails, it returns an error response. Must be a valid project in order to create a new scan.



Read more:


  • No labels