Create a new SAST scan and assign it to a project. When initiating a scan you can send a media type header (cxOrigin) which indicates which client is being used to send the scan request (e.g.  Jenkins, Bamboo, TeamCity, Maven, etc.). If not defined, default is Other. 


  1. POST /sast/scanSettings and update the SAST scan preset and configuration settings
  2. POST /sast/scans and create a new SAST scan.





Media Type (header):

Authorization: Bearer <access token value>
Content-Type: application/json;v=1.0

cxOrigin: {request_origin}



scan=[body] – Scan details:
projectId=[integer] – Unique Id of the project to be scanned
isIncremental=[boolean] – Specifies whether the requested scan is incremental or full scan
isPublic=[boolean] – Specifies whether the requested scan is public or private
forceScan=[boolean] – Specifies whether the code should be scanned or not, regardless of whether changes were made to the code since the last scan.

Success Response:

Code: 201 Created

Error Response:

Code: 400 Bad Request

Sample Response:

  "id": 1000007,
  "link": {
    "rel": "self",
    "uri": "/sast/scans/1000007"


Creates a new SAST scan and assigns it to a project. If the request fails, it returns an error response. Must be a valid project in order to create a new scan.

Read more: