Secrets Scanning

Use the REST API to query secrets detection metrics

Table of Contents

Introduction

The Secrets API provides a RESTful interface for querying various metrics related to Secrets detection findings and events. It offers endpoints to retrieve information about secret findings, events, and counts.

Base URL

All API endpoints are accessed through the base URL: https://api.<YOUR-TENANT-NAME>.nullify.ai

Replace <YOUR-TENANT-NAME> with your organization's tenant name. For example, if your tenant name is "acme", the base URL would be https://api.acme.nullify.ai.

Get Secret Events

This endpoint returns the list of events that have occurred related to dependency findings.

Get Secret Events

get

Returns events after a specified timestamp or event ID. All events are returned if no timestamp or event ID is provided

Query parameters
nextTokenstringOptional
limitintegerOptional
branchstringOptional
fromTimestringOptional
numItemsintegerOptional
eventTypestring[]Optional
fileOwnerNamestring[]Optional
sortstringOptional
azureOrganizationIdstringOptional

The Azure organization ID

githubOwnerIdintegerOptional

The Github owner ID

gitlabGroupIdintegerOptional

The GitLab group ID

installationIdstringOptional

The Nullify installation ID

azureRepositoryIdstring[]Optional
githubRepositoryIdinteger[]Optional
githubTeamIdintegerOptional
Responses
200
OK
application/json
get
GET /secrets/events HTTP/1.1
Host: api.<YOUR-TENANT>.nullify.com
Accept: */*
{
  "events": [
    {
      "data": null,
      "id": "text",
      "time": "text",
      "timestampUnix": 1,
      "type": "text"
    }
  ],
  "nextToken": "text",
  "numItems": 1
}

Event types:

  • new-finding

  • new-findings

  • new-allowlisted-finding

  • new-allowlisted-findings

curl -L \
    -H "Accept: application/json" \
    -H "Authorization: Bearer <YOUR-TOKEN>" \
    https://api.<YOUR-TENANT-NAME>.nullify.ai/secrets/events?githubOwnerId=1234

List Secrets Findings

This endpoint returns the list of current secrets in the repository.

Get Secrets Findings

get

Returns a filtered set of Secrets findings based on query parameters. One unique secret hash per repository.

Query parameters
nextTokenstringOptional
limitintegerOptional
branchstring | nullableOptional
secretTypestring | nullableOptional
isAllowlistedboolean | nullableOptional
fileOwnerNamestring[]Optional
isResolvedboolean | nullableOptional
sortBystringOptional
sortstringOptional
azureOrganizationIdstringOptional

The Azure organization ID

githubOwnerIdintegerOptional

The Github owner ID

gitlabGroupIdintegerOptional

The GitLab group ID

installationIdstringOptional

The Nullify installation ID

azureRepositoryIdstring[]Optional
githubRepositoryIdinteger[]Optional
githubTeamIdintegerOptional
Responses
200
OK
application/json
get
GET /secrets/findings HTTP/1.1
Host: api.<YOUR-TENANT>.nullify.com
Accept: */*
{
  "findings": [
    {
      "author": "text",
      "branch": "text",
      "commit": "text",
      "createdAt": "text",
      "endLine": 1,
      "entropy": 1,
      "fileOwners": [
        {
          "name": "text",
          "type": "text"
        }
      ],
      "filePath": "text",
      "id": "text",
      "installationId": "text",
      "isAllowlisted": true,
      "isArchived": true,
      "isDefaultBranch": true,
      "isFalsePositive": true,
      "isResolved": true,
      "match": "text",
      "owner": "text",
      "ownerType": "text",
      "priorityLabel": "text",
      "priorityOverride": "text",
      "priorityScore": 1,
      "projectId": "text",
      "projectName": "text",
      "redactedSecret": "text",
      "repository": "text",
      "repositoryId": "text",
      "repositoryName": "text",
      "ruleId": "text",
      "scopes": [
        "text"
      ],
      "secretHash": "text",
      "secretType": "text",
      "startLine": 1,
      "tenantId": "text",
      "ticket": {
        "azure": {},
        "github": {
          "issueId": 1,
          "nodeId": "text",
          "number": 1,
          "repositoryName": "text",
          "url": "text"
        },
        "gitlab": {},
        "jira": {
          "issueId": "text",
          "issueKey": "text",
          "url": "text"
        },
        "providerId": "text"
      },
      "timeStamp": "text",
      "timestampUnix": 1,
      "updatedAt": "text"
    }
  ],
  "nextToken": "text",
  "numItems": 1
}
curl -L \
   -H "Accept: application/json" \
   -H "Authorization: Bearer <YOUR-TOKEN>" \
   https://api.<YOUR-TENANT-NAME>.nullify.ai/secrets/findings?githubOwnerId=1234

Get Secret Findings

This endpoint returns the details of a secret finding.

Get Finding

get

Returns a given finding

Path parameters
findingIdstringRequired
Query parameters
azureOrganizationIdstringOptional

The Azure organization ID

githubOwnerIdintegerOptional

The Github owner ID

gitlabGroupIdintegerOptional

The GitLab group ID

installationIdstringOptional

The Nullify installation ID

azureRepositoryIdstring[]Optional
githubRepositoryIdinteger[]Optional
githubTeamIdintegerOptional
Responses
200
OK
application/json
get
GET /secrets/findings/{findingId} HTTP/1.1
Host: api.<YOUR-TENANT>.nullify.com
Accept: */*
{
  "finding": {
    "aiDevTitle": "text",
    "aiTitle": "text",
    "author": "text",
    "branch": "text",
    "commit": "text",
    "createdAt": "text",
    "description": "text",
    "devDescription": "text",
    "endColumn": 1,
    "endLine": 1,
    "entropy": 1,
    "exploitabilityConfidence": "text",
    "exploitabilityLabel": "text",
    "failedTriage": true,
    "falsePositiveReason": "text",
    "fileOwners": [
      {
        "name": "text",
        "type": "text"
      }
    ],
    "filePath": "text",
    "id": "text",
    "impactConfidence": "text",
    "impactLabel": "text",
    "installationId": "text",
    "isAllowlisted": true,
    "isArchived": true,
    "isDefaultBranch": true,
    "isDuplicate": true,
    "isFalsePositive": true,
    "isResolved": true,
    "match": "text",
    "owner": "text",
    "ownerType": "text",
    "platform": "text",
    "priorityLabel": "text",
    "priorityLabelReason": "text",
    "priorityOverride": "text",
    "priorityScore": 1,
    "projectId": "text",
    "projectName": "text",
    "redactedSecret": "text",
    "repository": "text",
    "repositoryId": "text",
    "repositoryName": "text",
    "ruleId": "text",
    "scanner": "text",
    "scopes": [
      "text"
    ],
    "secretHash": "text",
    "secretType": "text",
    "secretValue": "text",
    "severityConfidence": "text",
    "severityLabel": "text",
    "severityOverride": "text",
    "severityScore": 1,
    "startColumn": 1,
    "startLine": 1,
    "tenantId": "text",
    "ticket": {
      "azure": {},
      "github": {
        "issueId": 1,
        "nodeId": "text",
        "number": 1,
        "repositoryName": "text",
        "url": "text"
      },
      "gitlab": {},
      "jira": {
        "issueId": "text",
        "issueKey": "text",
        "url": "text"
      },
      "providerId": "text"
    },
    "timeStamp": "text",
    "timestampUnix": 1,
    "triageAgentVersion": "text",
    "triageDurationSeconds": 1,
    "triageLangfuseSessionId": "text",
    "triageLangfuseTraceId": "text",
    "triageLlmCostUsd": 1,
    "triageTokenCount": 1,
    "triageTraceId": "text",
    "updatedAt": "text",
    "userId": "text",
    "userNotes": "text",
    "verified": true,
    "verifiedAt": "text"
  },
  "presignedUrl": "text"
}
curl -L \
   -H "Accept: application/json" \
   -H "Authorization: Bearer <YOUR-TOKEN>" \
   https://api.<YOUR-TENANT-NAME>.nullify.ai/secrets/findings/01J6EEXK3NKYKWW9XTPQYAF41N?githubOwnerId=1234

Last updated

Was this helpful?