Book a Demo

Dependency Analysis API

Query dependency analysis events and findings via the Nullify API

Current endpoints use the /sca prefix for legacy compatibility. Behaviour remains unchanged while we transition the naming to Code Review Dependency Analysis.

Base URL

https://api.<TENANT>.nullify.ai

Events

Track dependency alerts, suppressions, and auto-remediation updates:

curl -s \
  -H "Accept: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  'https://api.<TENANT>.nullify.ai/sca/events?githubOwnerId=1234'

List Findings

Fetch the current dependency findings (including reachability and policy status):

curl -s \
  -H "Accept: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  'https://api.<TENANT>.nullify.ai/sca/findings?githubOwnerId=1234&ecosystem=npm'

Get a Finding

Retrieve detailed metadata, including recommended upgrades and reachability reasoning:

curl -s \
  -H "Accept: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  'https://api.<TENANT>.nullify.ai/sca/findings/01J6EEXK3NKYKWW9XTPQYAF41N?githubOwnerId=1234'

Allowlist a Finding

Pause alerting when you accept the risk for a dependency finding:

curl -s -X POST \
  -H "Accept: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  -H "Content-Type: application/json" \
  -d '{"expiresAt": "2025-12-31"}' \
  'https://api.<TENANT>.nullify.ai/sca/findings/01J6EEXK3NKYKWW9XTPQYAF41N/allowlist?githubOwnerId=1234'

Trigger Autofix

Generate an upgrade pull request with lockfile updates and changelog context:

curl -s -X POST \
  -H "Accept: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  'https://api.<TENANT>.nullify.ai/sca/findings/01J6EEXK3NKYKWW9XTPQYAF41N/autofix/fix?githubOwnerId=1234'

Finding Events

Audit every change applied to a dependency finding:

curl -s \
  -H "Accept: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  'https://api.<TENANT>.nullify.ai/sca/findings/01J6EEXK3NKYKWW9XTPQYAF41N/events?githubOwnerId=1234'

Container Findings

Dependency Analysis also evaluates container images. Use the container endpoints to fetch and triage those findings:

curl -s \
  -H "Accept: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  'https://api.<TENANT>.nullify.ai/sca/containers/findings?githubOwnerId=1234&imageDigest=sha256:...'
PreviousCode Review APINextSecrets & Data API

Last updated

Was this helpful?