Dynamic Scanning (DAST)
Use the REST API to query dynamic application security testing (DAST) metrics
Last updated
Was this helpful?
Use the REST API to query dynamic application security testing (DAST) metrics
Last updated
Was this helpful?
The DAST API provides a RESTful interface for managing dynamic application security testing scans and querying their results. It offers endpoints to start scans, retrieve findings, manage asset inventory, and perform attack surface scanning.
All API endpoints are accessed through the base URL: https://api.<YOUR-TENANT-NAME>.nullify.ai
Replace <YOUR-TENANT-NAME> with your organization's tenant name. For example, if your tenant name is "acme", the base URL would be https://api.acme.nullify.ai.
This endpoint returns the list of all DAST scans that have been run.
This endpoint starts a new DAST scan against a given API.
This endpoint returns details of a specific DAST scan.
This endpoint returns the list of all DAST findings from a specific scan.
This endpoint requests to stop a running DAST scan.
The API provides endpoints to manage your asset inventory:
GET /dast/inventory/endpoints - List all HTTP endpoints
POST /dast/inventory/endpoints - Register new API endpoints
GET /dast/inventory/hosts - List all hosts
POST /dast/inventory/hosts - Register new hosts
Returns the list of all the DAST scans that have been run
The Azure organization ID
The Github owner ID
The GitLab group ID
The Nullify installation ID
Returns the list of all the DAST scans that have been run
The Azure organization ID
The Github owner ID
The GitLab group ID
The Nullify installation ID
Returns the list of all the DAST findings from a scan
The Azure organization ID
The Github owner ID
The GitLab group ID
The Nullify installation ID
Request to stop a dast scan
The Azure organization ID
The Github owner ID
The GitLab group ID
The Nullify installation ID
Starts are new DAST scan against a given API
The Azure organization ID
The Github owner ID
The GitLab group ID
The Nullify installation ID