Nullify API

Code Review

GET /sast/events

Stream new findings, suppressions, and fixes for every repository.

Code Review

GET /sast/findings

List open findings with rich filters for ownership, severity, and status.

Code Review

POST /sast/findings/{findingId}/autofix/fix

Queue an automated remediation pull request for supported languages.

Code Review

POST /sast/findings/{findingId}/allowlist

Record a governed exception while keeping audit history intact.

Dependency Analysis

GET /sca/findings

Fetch dependency findings with reachability and policy metadata.

Dependency Analysis

POST /sca/findings/{findingId}/autofix/fix

Generate upgrade branches or pull requests with updated manifests and lockfiles.

Dependency Analysis

GET /sca/containers/findings

Review container image issues across registries and environments.

Secrets & Data Guardrails

GET /secrets/findings

Enumerate secrets and sensitive data alerts by repository or service.

Secrets & Data Guardrails

POST /secrets/findings/{findingId}/allowlist

Suppress a finding once the credential is rotated or data remediated.

Pentester

POST /dast/scans

Launch a new autonomous pentester engagement with optional auth context.

Pentester

GET /dast/scans/{scanId}/findings

Retrieve findings, reproduction steps, and ownership mapping for a pentester engagement.

Cloud Audits

GET /classifier/applications

Pull the catalog of audited services with their cloud posture classification and owners.

Security Program Management

POST /manager/campaigns

Launch or update campaigns that coordinate remediation across teams and integrations.

Admin

GET /admin/repositories

Sync the repository catalogue, default policies, and ownership assignments.

Admin

GET /admin/teams

Pull team definitions and CODEOWNERS mappings for asynchronous routing.