Create New Scan with Unique Settings – POST /sast/scanWithSettings (v9.2.0 and up)

Creates a new SAST scan with unique settings and assigns it to a project. When initiating a scan you can send a header (cxorigin) which indicates which client is being used to send the scan request (e.g. Bamboo, TeamCity, Maven, etc.).

Usage

  1. POST /projects and create a new project with default preset and configuration settings
  2. POST /sast/scanWithSettings and create a new SAST scan with unique settings and assign it to a project

URL

http://localhost/cxrestapi/sast/scanWithSettings

Method:

POST

Media Type (header):

Authorization: Bearer <access token value>
Accept: application/json;v=1.0
cxOrigin: {request_origin}

Parameters

Required:

Content-type=[multipart/form-data]:
projectId=[integer] – Unique Id of the project to be scanned
postScanActionId=[integer] – Specifies the post action to be executed after the scan is completed - from API version1.1 and up
customFields=[integer] – Any custom fields used to tag the scan. Example: {"key1":"val1","key2":"val2"} - from API version 1.2 and up
overrideProjectSetting=[boolean] – Specifies whether to overwrite project settings
isIncremental=[boolean] – Specifies whether the requested scan is incremental or full scan
isPublic=[boolean] – Specifies whether the requested scan is public or private
forceScan=[boolean] – Specifies whether the code should be scanned, regardless of whether changes were made to the code since the last scan.
comment=[string] – Specifies the scan comment
presetId=[integer] – Specifies the preset id to use during the scan (0 = use project's default
engineConfigurationId=[integer] – Specify the engine-configuration to use during the scan (0 = use project's default)
zippedSource=[file] – Zipped source code to scan

Sample Response:

{
  "id": 1000011,
  "link": {
    "rel": "self",
    "uri": "/sast/scans/1000011"
  }
}

Success Response:

Code: 201 Created

Error Response:

Code: 400 Bad Request
Code: 404 Not Found

Notes:

Creates a new SAST scan with settings and assigns it to a project. If the request fails, it returns an error response. Must be a valid project in order to create a new scan.