Code Scanning (SAST)

Table of Contents

• Introduction

• Endpoints

  • Get SAST Events

  • Get SAST Vulnerabilities

  • Get Severity Counts Per Language

  • Get Severity Counts Per Repository

Introduction

The SAST API provides a RESTful interface for querying various metrics related to code-scanning findings and events. It offers endpoints to retrieve information about SAST findings, events, and counts.

Get SAST Events

This endpoint returns the list of events that have occurred related to code vulnerabilities.

Event types:

• new-branch-summary

• new-finding

• new-findings

• new-fix

• new-fixes

• new-allowlisted-finding

• new-allowlisted-findings

• new-unallowlisted-finding

• new-unallowlisted-findings

• new-pull-request-finding

• new-pull-request-findings

• new-pull-request-fix

• new-pull-request-fixes

• new-pull-request-allowlisted-finding

• new-pull-request-allowlisted-findings

• new-pull-request-unallowlisted-finding

• new-pull-request-unallowlisted-findings

curl -L \
   -H "Accept: application/json" \
   -H "Authorization: Bearer <YOUR-TOKEN>" \
   https://api.nullify.ai/sast/events?githubOwnerId=1234&githubRepositoryId=5678

Get SAST Vulnerabilities

This endpoint returns the list of vulnerabilities found in the code.

curl -L \
   -H "Accept: application/json" \
   -H "Authorization: Bearer <YOUR-TOKEN>" \
   https://api.nullify.ai/sast/summary?githubOwnerId=1234&githubRepositoryId=5678

Get Severity Counts Per Language

This endpoint returns the severity counts of vulnerabilities by language.

curl -L \
   -H "Accept: application/json" \
   -H "Authorization: Bearer <YOUR-TOKEN>" \
   https://api.nullify.ai/sast/counts/severity/language?githubOwnerId=1234&githubRepositoryId=5678

Get Severity Counts Per Repository

This endpoint returns the severity counts of vulnerabilities by repository.

curl -L \
   -H "Accept: application/json" \
   -H "Authorization: Bearer <YOUR-TOKEN>" \
   https://api.nullify.ai/sast/counts/severity/repository?githubOwnerId=1234&githubRepositoryId=5678