Dependency Analysis API

Query dependency analysis events and findings via the Nullify API

Current endpoints use both the /sca & classifier/deps prefixes. /sca prefixed endpoints include detailed findings and remediation methods while classifier/deps provide methods for searching source history.

Base URL

https://api.<TENANT>.nullify.ai

List Active Dependencies

List org wide active package dependencies org wide (paginated):

GET undefined/classifier/deps/active

curl -s \
  -H "Accept: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  'https://api.<TENANT>.nullify.ai/classifier/deps/active?githubOwnerId=1234'

List Dependency History

List org wide dependency occurrence windows (paginated):

GET undefined/classifier/deps

curl -s \
  -H "Accept: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  'https://api.<TENANT>.nullify.ai/classifier/deps?githubOwnerId=1234'

Get package exposure

List projects with dependency exposure (active and historical) matching the ecosystem/package & semver range query:

GET undefined/classifier/deps/exposure

curl -s \
  -H "Accept: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  'https://api.<TENANT>.nullify.ai/classifier/deps/exposure?githubOwnerId=123&ecosystem=npm&name=react&range=>=0.0.0'

Events

Track dependency alerts, suppressions, and auto-remediation updates:

GET undefined/sca/events

curl -s \
  -H "Accept: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  'https://api.<TENANT>.nullify.ai/sca/events?githubOwnerId=1234'

List Findings

Fetch the current dependency findings (including reachability and policy status):

GET undefined/sca/findings

curl -s \
  -H "Accept: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  'https://api.<TENANT>.nullify.ai/sca/findings?githubOwnerId=1234&ecosystem=npm'

Get a Finding

Retrieve detailed metadata, including recommended upgrades and reachability reasoning:

GET undefined/sca/findings/{findingId}

curl -s \
  -H "Accept: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  'https://api.<TENANT>.nullify.ai/sca/findings/01J6EEXK3NKYKWW9XTPQYAF41N?githubOwnerId=1234'

Allowlist a Finding

Pause alerting when you accept the risk for a dependency finding:

POST undefined/sca/findings/{findingId}/allowlist

curl -s -X POST \
  -H "Accept: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  -H "Content-Type: application/json" \
  -d '{"expiresAt": "2025-12-31"}' \
  'https://api.<TENANT>.nullify.ai/sca/findings/01J6EEXK3NKYKWW9XTPQYAF41N/allowlist?githubOwnerId=1234'

Trigger Autofix

Generate an upgrade pull request with lockfile updates and changelog context:

POST undefined/sca/findings/{findingId}/autofix/fix

curl -s -X POST \
  -H "Accept: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  'https://api.<TENANT>.nullify.ai/sca/findings/01J6EEXK3NKYKWW9XTPQYAF41N/autofix/fix?githubOwnerId=1234'

Finding Events

Audit every change applied to a dependency finding:

GET undefined/sca/findings/{findingId}/events

curl -s \
  -H "Accept: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  'https://api.<TENANT>.nullify.ai/sca/findings/01J6EEXK3NKYKWW9XTPQYAF41N/events?githubOwnerId=1234'

Container Findings

Dependency Analysis also evaluates container images. Use the container endpoints to fetch and triage those findings:

GET undefined/sca/containers/findings

curl -s \
  -H "Accept: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  'https://api.<TENANT>.nullify.ai/sca/containers/findings?githubOwnerId=1234&imageDigest=sha256:...'

PreviousCode Review API NextSecrets & Data API

Last updated 2 months ago