Dependency Scanning (SCA)

Use the REST API to query dependency scanning (SCA) metrics

Dependency Scanning (SCA)

Introduction

The SCA API provides a RESTful interface for querying various metrics related to Dependency scanning findings and events. It offers endpoints to retrieve information about about SCA findings, events, and counts.

Get SCA Events

This endpoint returns the list of events that have occurred related to dependency vulnerabilities.

Get SCA Events

Returns SCA events after a specified timestamp or event ID. All events are returned if no timestamp or event ID is provided. A maximum of 100 events can be returned per request.

GET/sca/events

Query parameters

Response

Body

events*nullable array of ModelsSCAEventInterface (object)

nextEventId*string

numItems*integer

Request

const response = await fetch('/sca/events', {
    method: 'GET',
    headers: {},
});
const data = await response.json();

Response

{
  "events": [
    {
      "branch": "text",
      "id": "text",
      "repository": "text",
      "time": "text",
      "type": "text"
    }
  ],
  "nextEventId": "text"
}

Event types:

new-branch-summary
new-finding new-findings
new-fix
new-fixes
new-allowlisted-finding
new-allowlisted-findings
new-pull-request-finding
new-pull-request-findings
new-pull-request-fix
new-pull-request-fixes

curl -L \
   -H "Accept: application/json" \
   -H "Authorization: Bearer <YOUR-TOKEN>" \
   https://api.nullify.ai/sca/events?githubOwnerId=1234&githubRepositoryId=5678

Get SCA Vulnerabilities

This endpoint returns the list of current vulnerabilities in dependencies.

Get Summary

Returns current SCA findings in default branches based on query parameters

GET/sca/summary

Query parameters

Response

Body

numItems*integer

vulnerabilities*nullable array of ModelsSCADependencyFinding (object)

Request

const response = await fetch('/sca/summary', {
    method: 'GET',
    headers: {},
});
const data = await response.json();

Response

{
  "vulnerabilities": [
    {
      "branch": "text",
      "fileOwners": [
        {
          "name": "text",
          "type": "text"
        }
      ],
      "filePath": "text",
      "id": "text",
      "isDirect": false,
      "package": "text",
      "packageFilePath": "text",
      "repository": "text",
      "version": "text",
      "vulnerabilities": [
        {
          "cves": [
            {
              "cisaKev": false,
              "cvss": 0,
              "epss": 0,
              "epssPercentile": 0,
              "id": "text",
              "priority": "text",
              "severity": "text"
            }
          ],
          "cwes": [
            "text"
          ],
          "details": "text",
          "fixed": "text",
          "hasFix": false,
          "introduced": "text",
          "references": [
            "text"
          ],
          "severity": "text",
          "title": "text",
          "version": "text"
        }
      ]
    }
  ]
}

curl -L \
   -H "Accept: application/json" \
   -H "Authorization: Bearer <YOUR-TOKEN>" \
   https://api.nullify.ai/sca/summary?githubOwnerId=1234&githubRepositoryId=5678

Get Counts Per Severity Level

This endpoint returns the count of vulnerabilities per severity level.

Get Severity Counts

Returns the latest severity counts for default branches based on query parameters

GET/sca/counts/severity/latest

Query parameters

Response

Body

counts*nullable object

Request

const response = await fetch('/sca/counts/severity/latest', {
    method: 'GET',
    headers: {},
});
const data = await response.json();

Response

{}

curl -L \
   -H "Accept: application/json" \
   -H "Authorization: Bearer <YOUR-TOKEN>" \
   https://api.nullify.ai/sca/events?githubOwnerId=1234&githubRepositoryId=5678

PreviousCode Scanning (SAST)NextSecrets Scanning

Last updated 2 months ago