Dependency Scanning (SCA)

Table of Contents

• Introduction

• Base URL

• Endpoints

  • Get SCA Events

  • List SCA Vulnerabilities

  • Get SCA Finding

Introduction

The SCA API provides a RESTful interface for querying various metrics related to Dependency scanning findings and events. It offers endpoints to retrieve information about about SCA findings, events, and counts.

Base URL

All API endpoints are accessed through the base URL: https://api.<YOUR-TENANT-NAME>.nullify.ai

Replace <YOUR-TENANT-NAME> with your organization's tenant name. For example, if your tenant name is "acme", the base URL would be https://api.acme.nullify.ai.

Get SCA Events

This endpoint returns the list of events that have occurred related to dependency findings.

GET /sca/events HTTP/1.1
Host: api.<YOUR-TENANT>.nullify.com
Accept: */*

{
  "events": [
    {
      "branch": "text",
      "data": null,
      "id": "text",
      "repository": "text",
      "time": "text",
      "timestampUnix": 1,
      "type": "text"
    }
  ],
  "nextToken": "text",
  "numItems": 1
}

Event types:

• new-branch-summary

• new-finding new-findings

• new-fix

• new-fixes

• new-allowlisted-finding

• new-allowlisted-findings

• new-pull-request-finding

• new-pull-request-findings

• new-pull-request-fix

• new-pull-request-fixes

curl -L \
   -H "Accept: application/json" \
   -H "Authorization: Bearer <YOUR-TOKEN>" \
   https://api.<YOUR-TENANT-NAME>.nullify.ai/sca/events?githubOwnerId=1234

List SCA Findings

This endpoint returns the list of current vulnerabilities in dependencies.

curl -L \
   -H "Accept: application/json" \
   -H "Authorization: Bearer <YOUR-TOKEN>" \
   https://api.<YOUR-TENANT-NAME>.nullify.ai/sca/findings?githubOwnerId=1234

Get SCA Finding

This endpoint returns the details of an SCA finding

curl -L \
   -H "Accept: application/json" \
   -H "Authorization: Bearer <YOUR-TOKEN>" \
   https://api.<YOUR-TENANT-NAME>.nullify.ai/sca/findings/01J6EEXK3NKYKWW9XTPQYAF41N?githubOwnerId=1234