API (4.0.0)
Download OpenAPI specification:Download
The Qwiet API allows you to programmatically interact with Qwiet. You can manage users and their roles and get scan-related information, such as which applications were scanned and what vulnerabilities were identified by Qwiet as being present. You can also compare scans to see changes to your applications over time.
Use of the Qwiet API requires an access token, which is available via the Qwiet UI.
Set up a webhook
Set up a webhook for the given organization
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
query Parameters
| version | integer Default: 2 Enum: 1 2 Example: version=2 Webhook configuration version to use (1 = legacy flow, 2 = normal flow). Defaults to 2 (normal flow) if not specified. |
Request Body schema: application/json
| url required | string <uri> The URL to which the webhook should send events |
required | Array of objects |
object (AuthenticatedWebHookTokenConfiguration) Configuration for a webhook that requires a token | |
| authType | string Enum: "hmac" "bearer" The authentication type to use for the webhook. Defaults to "hmac" if secret is provided, "bearer" if token is provided. |
| secret | string Secret key for HMAC authentication. If not provided and authType is "hmac", a secure secret will be generated automatically. |
| enableEmailNotification | boolean If true, organization administrators will receive email notifications when webhook event delivery fails. |
Responses
Request samples
- Payload
Example request body for webhook registration using Bearer token authentication
{- "events": [
- {
- "name": "scan.finished"
}
], - "token": {
- "token": "your-bearer-token",
- "renewalMetadata": {
- "method": "POST",
- "bodyFields": {
- "client_id": "your-client-id",
- "client_secret": "your-client-secret",
- "grant_type": "client_credentials"
}, - "asJson": false,
- "forceFormUrlEncoding": false
}, - "responseHandling": {
- "tokenField": "access_token",
- "ttlField": "expires_in",
- "typeField": "token_type"
}
}, - "authType": "bearer",
- "enableEmailNotification": true
}Response samples
- 200
- default
{- "ok": true,
- "response": {
- "secret": "string",
- "authType": "hmac",
- "events": [
- "string"
]
}
}Delete a webhook
Delete the webhook for the given organization
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
query Parameters
| version | integer Default: 2 Enum: 1 2 Example: version=2 Webhook configuration version to use (1 = legacy flow, 2 = normal flow). Defaults to 2 (normal flow) if not specified. |
Responses
Response samples
- 200
- default
{- "ok": true
}Get a webhook
Get the webhook url and token ID for the given organization
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
query Parameters
| version | integer Default: 2 Enum: 1 2 Example: version=2 Webhook configuration version to use (1 = legacy flow, 2 = normal flow). Defaults to 2 (normal flow) if not specified. |
Responses
Response samples
- 200
- default
{- "url": "string",
- "tokenID": "07ccbd51-b8ea-4e1c-8c6d-a0bd172d9768",
- "events": [
- "string"
]
}Read app group
Return information about an app group.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appGroupName required | string The group name |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": [
- {
- "app_ids": [
- "a_project_n_0",
- "a_project_n_4",
- "a_project_n_5"
], - "name": "newName"
}
]
}Create or update app group
Create or update an application group.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appGroupName required | string The group name |
Request Body schema: application/json
| rename | string A new name for the group (optional) |
| add_app_ids | Array of strings The application IDs to add to the group |
| remove_app_ids | Array of strings The application IDs to remove from the group |
Responses
Request samples
- Payload
{- "rename": "newGroupName",
- "add_app_ids": [
- "one_application_id",
- "another_application_id"
], - "remove_app_ids": [
- "a_different_application_id",
- "yet_another_application_id"
]
}Response samples
- 200
- default
{- "ok": true,
- "response": [
- {
- "app_ids": [
- "a_project_n_0",
- "a_project_n_4",
- "a_project_n_5"
], - "name": "newName"
}
]
}Update application labels
Update the application's labels.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
Request Body schema: application/json
| add | Array of strings |
| remove | Array of strings |
| clear | boolean A boolean flag that is true when all labels should be removed from the application |
Responses
Request samples
- Payload
{- "add": [
- "string"
], - "remove": [
- "string"
], - "clear": true
}Response samples
- 200
- default
{- "ok": true,
- "response": [
- "string"
]
}Create Apps
Create one or more apps owned by an organization and potentially assigned to a team.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Request Body schema: application/json
| id required | string[a-zA-Z0-9]([a-zA-Z0-9_:.-]*[a-zA-Z0-9])? the id of the app |
| name | string the user friendly name of the app |
| team_id | string the id of the team the app belongs to |
| base_branch | string the name of the principal branch of the app. |
Responses
Request samples
- Payload
[- {
- "id": "string",
- "name": "string",
- "team_id": "string",
- "base_branch": "master"
}
]Response samples
- 200
- default
{- "ok": true,
- "response": {
- "id": "BillingAPI",
- "name": "BillingAPI",
- "tags": [
- {
- "key": "group",
- "value": "billing"
}
]
}
}List apps
Return a list of the apps owned by the org.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": [
- {
- "id": "BillingAPI",
- "name": "BillingAPI",
- "tags": [
- {
- "key": "group",
- "value": "billing"
}
]
}
]
}Read app
Return an app owned by an organization.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "id": "BillingAPI",
- "name": "BillingAPI",
- "tags": [
- {
- "key": "group",
- "value": "billing"
}
]
}
}List app branches
Return a list of the branches of a specific app scanned for an org.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
query Parameters
| app | string App name |
| from | integer The earliest scan time for a branch to be included. Value should be a Unix timestamp (in seconds). Defaults to 1 week ago |
| until | integer The latest scan time for a branch to be included. Value should be a Unix timestamp (in seconds). Defaults to now |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": [
- {
- "id": "hsl",
- "name": "hsl",
- "default_branch": "master",
- "branches": [
- "master",
- "develop"
]
}
]
}Read app config
Return the configuration of an application.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "default_branch": "string",
- "analysis_configuration": {
- "secrets": {
- "entropy": 0,
- "disable": true
}, - "cpg2sp": {
- "max-steps": 0
}
}
}
}Update app config
Update the app's configuration.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
Request Body schema: application/json
| default_branch | string The repository's default branch |
object (AppAnalysisConfiguration) App level analysis configuration |
Responses
Request samples
- Payload
{- "default_branch": "string",
- "analysis_configuration": {
- "secrets": {
- "entropy": 0,
- "disable": true
}, - "cpg2sp": {
- "max-steps": 0
}
}
}Response samples
- 200
- default
{- "ok": true,
- "response": {
- "default_branch": "string"
}
}Patch app config
Partially update the app's configuration. Only fields present in the request body will be updated; all other fields are preserved. This is safer than PUT when you only need to change a subset of the configuration.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
Request Body schema: application/json
| default_branch | string The repository's default branch |
object (AppAnalysisConfiguration) App level analysis configuration |
Responses
Request samples
- Payload
{- "default_branch": "string",
- "analysis_configuration": {
- "secrets": {
- "entropy": 0,
- "disable": true
}, - "cpg2sp": {
- "max-steps": 0
}
}
}Response samples
- 200
- default
{- "ok": true,
- "response": {
- "default_branch": "string"
}
}Update Application Default Branch
Update the application's default branch.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
Request Body schema: application/json
| default_branch required | string The repository's default branch |
Responses
Request samples
- Payload
{- "default_branch": "string"
}Response samples
- 200
- default
{- "ok": true,
- "response": {
- "default_branch": "string"
}
}Read merged app config
Return the effective configuration of an application by combining the organization configuration and the configuration of a potentially assigned team as defaults first, before merging in the actual app configuration on top, overriding those defaults.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "default_branch": "string",
- "analysis_configuration": {
- "secrets": {
- "entropy": 0,
- "disable": true
}, - "cpg2sp": {
- "max-steps": 0
}
}
}
}The AutoFix suggestions for findings in applications. Harness SAST and SCA AutoFix uses large language models (LLMs) to generate potential code fix suggestions for findings produced by preZero analyses.
Read Recommended Fix if it exists
Retrieve the recommended fix for a specific finding if it exists
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
| findingID required | string The finding ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "fix": "this is a really big long thing text that normally should be in markdown format",
- "fix_notes": "this is a note about the fix"
}
}Read finding's fix if it exists
Retrieve the fix for a specific finding if it exists. This feature is disabled by default. Contact Qwiet AI Customer Success if you need assistance.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
| findingID required | string The finding ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "organization_id": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "project_id": "myAwesomeProject",
- "scan_id": 1234,
- "sp_id": "sl/5b588.../",
- "status": "fixed",
- "fingerprint_hash": "",
- "finding_id": 4321,
- "fix": "this is a really big long thing text that normally should be in markdown format"
}
}Get azureboard authorization status
Get azureboard authorization status for organization
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Responses
Response samples
- default
{- "ok": true,
- "code": "INTERNAL_SERVER_ERROR",
- "message": "Internal Server Error",
- "validation_errors": [
- "string"
]
}azureboard authorization at the org level
azureboard authorization at the org level
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Responses
Response samples
- default
{- "ok": true,
- "code": "INTERNAL_SERVER_ERROR",
- "message": "Internal Server Error",
- "validation_errors": [
- "string"
]
}Get AzureBoard Association
Get AzureBoard Association
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
Responses
Response samples
- 200
- 404
- default
{- "azure_org_name": "string",
- "azure_project_name": "string",
- "finding_work_item_type": "string"
}Update AzureBoard Association
Update AzureBoard Association
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
Request Body schema: application/json
| azure_org_name required | string The name of the Azure DevOps organization. |
| azure_project_name required | string The name of the Azure DevOps project. |
| finding_work_item_type | string Work item type that will be used to create work items |
Responses
Request samples
- Payload
{- "azure_org_name": "string",
- "azure_project_name": "string",
- "finding_work_item_type": "string"
}Response samples
- 200
- 400
- 403
- 404
- default
{- "ok": true,
- "response": {
- "azure_org_name": "string",
- "azure_project_name": "string",
- "finding_work_item_type": "string"
}
}Get azureboard association by finding id
Get azureboard association by finding id
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
| findingID required | string The finding ID |
Responses
Response samples
- 200
- default
{- "azure_org_name": "string",
- "azure_project_name": "string",
- "azure_workitem_id": 0,
- "azure_workitem_url": "string"
}Puts azureboard association by finding ids
Puts azureboard association by finding ids
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
Request Body schema: application/json
| scan_id required | integer <int64> The unique ID of the scan. Must be greater than 0. |
| finding_ids required | Array of integers <int64> [ items <int64 > ] A list of finding IDs. Each ID must be greater than 0. |
object A map of extra parameters for the request. The keys and values are strings. |
Responses
Request samples
- Payload
{- "scan_id": 0,
- "finding_ids": [
- 0
], - "extra_parameters": {
- "property1": "string",
- "property2": "string"
}
}Response samples
- 200
{- "ok": true
}List application scans branches
Return the list of branches of an application that have been scanned, not to be confused with the soon to be deprecated /branches endpoint.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "branch_name": "string",
- "scan_count": 0,
- "first_scan": 0,
- "last_scan": 0
}
}Create app finding comment
Create a comment on a finding.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
| findingID required | string The finding ID |
Request Body schema: application/json
| comment | string The text of the comment |
Responses
Request samples
- Payload
{- "comment": "string"
}Response samples
- 200
- default
{- "ok": true,
- "response": {
- "id": "30",
- "created_at": "2019-08-24T14:15:22Z",
- "app_id": "hsl",
- "org_id": "261f1203-748d-4010-a57d-4cf3107f8647",
- "finding_id": "3",
- "owner": {
- "email": "string",
- "name": "string"
}, - "comment": "string"
}
}List app finding comments
Return a list of the finding's comments thread.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
| findingID required | string The finding ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": [
- {
- "id": "30",
- "created_at": "2019-08-24T14:15:22Z",
- "app_id": "hsl",
- "org_id": "261f1203-748d-4010-a57d-4cf3107f8647",
- "finding_id": "3",
- "owner": {
- "email": "string",
- "name": "string"
}, - "comment": "string"
}
]
}Read specific comment for a finding
Read a comment for a specific finding for an app.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
| findingID required | string The finding ID |
| commentID required | string The comment ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "id": "30",
- "created_at": "2019-08-24T14:15:22Z",
- "app_id": "hsl",
- "org_id": "261f1203-748d-4010-a57d-4cf3107f8647",
- "finding_id": "3",
- "owner": {
- "email": "string",
- "name": "string"
}, - "comment": "string"
}
}Multi-Language Apps are groups of applications that are scanned together as a single application. This is useful for applications that are a compound of various programming languages and configurations of frameworks.
Un/Archive Compound
Toggle the archived status of a compound
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| compoundName required | string A compound's name |
Request Body schema: application/jsonrequired
| is_archived required | boolean Whether to archive the compound (true) or unarchive it (false) |
Responses
Request samples
- Payload
{- "is_archived": true
}Response samples
- 200
- default
{- "ok": true
}List scans in a compound, returning a subset of the scan summary information
The full information we can return about a scan is a lot of data, which slows down a UI that only wants to present a subset of it to the user. This endpoint returns only the subset actually needed for rendering that UI. As such it's meant for internal use only, but is documented because other API users may find it useful for similar reasons.
path Parameters
| orgID required | string <uuid> The org ID |
| compoundName required | string A compound's name |
query Parameters
| limit | integer [ 1 .. 100 ] Default: 10 The number of scans to return. |
| branch | string Only consider scans on this branch. |
| upto | integer Only list scans created before this time (given in nanoseconds since the UNIX Epoch). |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "agents": [
- "vscode"
], - "scans": [
- {
- "polyglot_scan_id": 1,
- "created_at": "2019-08-24T14:15:22Z",
- "agent": "harness",
- "branch": "feature/more-potatoes",
- "languages": [
- "javascript"
], - "platforms": [
- "JAVASCRIPT"
], - "vulns": {
- "critical": 1,
- "high": 2,
- "medium": 3,
- "low": 5
}, - "oss_vulns": {
- "critical": 1,
- "high": 2,
- "medium": 3,
- "low": 5,
- "unreachable": 7
}, - "container_vulns": {
- "critical": 1,
- "high": 2,
- "medium": 3,
- "low": 5,
- "unreachable": 7
}, - "secrets": 42,
- "oss_risks": 3,
- "failures": [
- "Failed to create CPG File"
]
}
]
}
}Read compound scan
Retrieve details for a specific scan of a compound
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| compoundName required | string A compound's name |
| scanID required | string The ID of the scan to retrieve |
query Parameters
| archived | boolean If present, includes archived compounds |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "id": "1234",
- "app": "hello-qwiet",
- "version": "f348b507198fee7b6b57a460ef8a6c94783c59258f823dfcde41a2b5cb69765f",
- "successful": true,
- "is_default_branch": true,
- "started_at": "2019-08-24T14:15:22Z",
- "completed_at": "2019-08-24T14:15:22Z",
- "language": "javascript",
- "number_of_expressions": 10,
- "tags": { },
- "oss_info": {
- "enabled": true,
- "successful": true,
- "failure_reason": "string"
}, - "counts": [
- {
- "key": "category",
- "value": "XSS",
- "finding_type": "vuln",
- "count": 42
}
], - "findings_summaries": [
- {
- "finding_type": "vuln",
- "total": 10,
- "total_reachable": 0,
- "total_ignored": 1,
- "total_fixed": 3,
- "by_severity": {
- "info": {
- "total": 6
}, - "critical": {
- "total": 3,
- "total_fixed": 3
}, - "moderate": {
- "total": 1,
- "total_ignored": 1
}
}, - "by_category": {
- "Sensitive Data Leak": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}, - "by_assignee": {
- "test@qwiet.ai": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}
}
], - "total": 101,
- "total_fixed": 42,
- "total_ignored": 17
}
}Read branches for compound
List all the branches for a specific compound
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| compoundName required | string A compound's name |
query Parameters
| archived | boolean If present, includes archived compounds |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "branches": [
- "string"
]
}
}List Scans of Compound
List all scans for a specific compound
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| compoundName required | string A compound's name |
query Parameters
| archived | boolean If present, includes archived compounds |
| status | string Enum: "completed" "running" "failed" Filter scans by status |
| branch | string Filter scans by branch |
| limit | integer The number of scans to return (must be between 1 and 50, inclusive). The default is 10 scans |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "scans": [
- {
- "id": "1234",
- "app": "hello-qwiet",
- "version": "f348b507198fee7b6b57a460ef8a6c94783c59258f823dfcde41a2b5cb69765f",
- "successful": true,
- "is_default_branch": true,
- "started_at": "2019-08-24T14:15:22Z",
- "completed_at": "2019-08-24T14:15:22Z",
- "language": "javascript",
- "number_of_expressions": 10,
- "tags": { },
- "oss_info": {
- "enabled": true,
- "successful": true,
- "failure_reason": "string"
}, - "counts": [
- {
- "key": "category",
- "value": "XSS",
- "finding_type": "vuln",
- "count": 42
}
], - "findings_summaries": [
- {
- "finding_type": "vuln",
- "total": 10,
- "total_reachable": 0,
- "total_ignored": 1,
- "total_fixed": 3,
- "by_severity": {
- "info": {
- "total": 6
}, - "critical": {
- "total": 3,
- "total_fixed": 3
}, - "moderate": {
- "total": 1,
- "total_ignored": 1
}
}, - "by_category": {
- "Sensitive Data Leak": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}, - "by_assignee": {
- "test@qwiet.ai": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}
}
], - "total": 101,
- "total_fixed": 42,
- "total_ignored": 17
}
]
}
}List Compounds
List all compounds for an organization
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
query Parameters
| archived | boolean If present, returns archived compounds (true) or non-archived compounds (false) |
| page | integer >= 1 Default: 1 Page number |
| per_page | integer [ 1 .. 100 ] Default: 20 Number of items per page |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "compounds": [
- {
- "id": "fab0089f-cc8c-44a8-a927-26e83f6eb6d4",
- "name": "shiftleft-python-demo",
- "apps": {
- "11": {
- "id": "shiftleft-python-demo_element_TERRAFORM_HCL",
- "name": "shiftleft-python",
- "can_delete": true,
- "is_subscription_active": true,
- "configuration": {
- "analysis_configuration": {
- "secrets": { },
- "cpg2sp": { }
}
}, - "compound": "fab0089f-cc8c-44a8-a927-26e83f6eb6d4"
}, - "17": {
- "id": "shiftleft-python-demo_element_PYTHONSRC",
- "name": "shiftleft-python",
- "can_delete": true,
- "is_subscription_active": true,
- "configuration": {
- "analysis_configuration": {
- "secrets": { },
- "cpg2sp": { }
}
}, - "compound": "fab0089f-cc8c-44a8-a927-26e83f6eb6d4"
}, - "18": {
- "id": "shiftleft-python-demo",
- "name": "shiftleft-python-demo",
- "can_delete": true,
- "is_subscription_active": true,
- "configuration": {
- "analysis_configuration": {
- "secrets": { },
- "cpg2sp": { }
}
}, - "avg_scan_duration_ms": 43674,
- "compound": "fab0089f-cc8c-44a8-a927-26e83f6eb6d4"
}
}
}
]
}
}Read shallow compound
Returns a shallow compound object, which includes the compound's ID, name, and description.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| compoundID required | string <uuid> A compound's ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "id": "fab0089f-cc8c-44a8-a927-26e83f6eb6d4",
- "name": "shiftleft-python-demo",
- "apps": [
- "shiftleft-python-demo",
- "shiftleft-python-demo_element_PYTHONSRC",
- "shiftleft-python-demo_element_TERRAFORM_HCL"
]
}
}Read shallow compound by ID
Returns a shallow compound object by its ID, which includes the compound's ID, name, and the IDs of the apps that are part of the compound.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| compoundID required | string <uuid> A compound's ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "id": "fab0089f-cc8c-44a8-a927-26e83f6eb6d4",
- "name": "shiftleft-python-demo",
- "apps": [
- "shiftleft-python-demo",
- "shiftleft-python-demo_element_PYTHONSRC",
- "shiftleft-python-demo_element_TERRAFORM_HCL"
]
}
}Read shallow compound by name
Returns a shallow compound object by its name. If no compound is found with the given name, falls back to looking up a project with that name.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| compoundName required | string A compound's name |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "id": "fab0089f-cc8c-44a8-a927-26e83f6eb6d4",
- "name": "shiftleft-python-demo",
- "apps": [
- "shiftleft-python-demo",
- "shiftleft-python-demo_element_PYTHONSRC",
- "shiftleft-python-demo_element_TERRAFORM_HCL"
]
}
}Read full compound
Returns a full compound object, which includes the compound's ID, name, description, and the IDs of the apps that are part of the compound.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| compoundID required | string <uuid> A compound's ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "id": "fab0089f-cc8c-44a8-a927-26e83f6eb6d4",
- "name": "shiftleft-python-demo",
- "apps": {
- "11": {
- "id": "shiftleft-python-demo_element_TERRAFORM_HCL",
- "name": "shiftleft-python",
- "can_delete": true,
- "is_subscription_active": true,
- "configuration": {
- "analysis_configuration": {
- "secrets": { },
- "cpg2sp": { }
}
}, - "compound": "fab0089f-cc8c-44a8-a927-26e83f6eb6d4"
}, - "17": {
- "id": "shiftleft-python-demo_element_PYTHONSRC",
- "name": "shiftleft-python",
- "can_delete": true,
- "is_subscription_active": true,
- "configuration": {
- "analysis_configuration": {
- "secrets": { },
- "cpg2sp": { }
}
}, - "compound": "fab0089f-cc8c-44a8-a927-26e83f6eb6d4"
}, - "18": {
- "id": "shiftleft-python-demo",
- "name": "shiftleft-python-demo",
- "can_delete": true,
- "is_subscription_active": true,
- "configuration": {
- "analysis_configuration": {
- "secrets": { },
- "cpg2sp": { }
}
}, - "avg_scan_duration_ms": 43674,
- "compound": "fab0089f-cc8c-44a8-a927-26e83f6eb6d4"
}
}
}
}List app findings
List findings for the specified app. Results are filtered to a single scan (by default, this is the latest scan).
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
query Parameters
| type | string The type of findings. Accepted values are |
| severity | string (Severity) Enum: "low" "medium" "high" "critical" The severity filter |
| tags | Array of strings The scan tags to filter by (e.g., |
| finding_tags | Array of strings Example: finding_tags=category=XSS The findings' filtering tag |
| assignee | string The email addresses of users assigned to this finding |
| assignment | string (Assignment) Enum: "unassigned" "assigned" The assignment status filter. By default, all findings, both |
| category | string The category filter |
| details_tags | Array of strings The filter for the finding's details tags |
| status | string (Status) Enum: "unset" "fixed" "ignored" "3rdparty" "any" The status filter. By default, only |
| sort | string How to sort results; defaults to ID |
| order | string Enum: "desc" "asc" Direction of the sort; defaults to descending |
| only_counts | boolean Whether to include only finding counts; excludes the list of findings |
| page | integer The page of results to fetch. Results are not guaranteed to be deterministic using this approach; we recommended using the |
| per_page | integer Number of results per page; defaults to 50 |
| version | string Version to filter findings for; defaults to the latest scan |
| scan | string ID of the scan to filter to; defaults to the latest scan |
| source | string^scan\.\d+|tag\.\w=\w$ Example: source=scan.128|tag.branch=samplebranch The source scan for a comparision |
| diff | string (Diff) Enum: "new" "regression" "common" "fixed" Return a diff of findings (as compared to the source) |
| fields | Array of strings Items Enum: "-description" "-details" "-related_findings" Specifies the fields included or excluded in the response. |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "has_more": true,
- "scan": {
- "id": "1234",
- "app": "hello-qwiet",
- "version": "f348b507198fee7b6b57a460ef8a6c94783c59258f823dfcde41a2b5cb69765f",
- "successful": true,
- "is_default_branch": true,
- "started_at": "2019-08-24T14:15:22Z",
- "completed_at": "2019-08-24T14:15:22Z",
- "language": "javascript",
- "number_of_expressions": 10,
- "tags": { },
- "oss_info": {
- "enabled": true,
- "successful": true,
- "failure_reason": "string"
}, - "counts": [
- {
- "key": "category",
- "value": "XSS",
- "finding_type": "vuln",
- "count": 42
}
], - "findings_summaries": [
- {
- "finding_type": "vuln",
- "total": 10,
- "total_reachable": 0,
- "total_ignored": 1,
- "total_fixed": 3,
- "by_severity": {
- "info": {
- "total": 6
}, - "critical": {
- "total": 3,
- "total_fixed": 3
}, - "moderate": {
- "total": 1,
- "total_ignored": 1
}
}, - "by_category": {
- "Sensitive Data Leak": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}, - "by_assignee": {
- "test@qwiet.ai": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}
}
], - "total": 101,
- "total_fixed": 42,
- "total_ignored": 17
}, - "findings": [
- {
- "id": "1",
- "app": "hello-qwiet",
- "type": "vuln",
- "title": "Sensitive Data Leak: Sensitive data contained in HTTP request/response",
- "description": "Sensitive data included in HTTP request/response. This could result in sensitive data exposure",
- "severity": "low",
- "owasp_category": "a3-sensitive-data-exposure",
- "category": "Sensitive Data Leak",
- "status": "unset",
- "assignee": "string",
- "version_first_seen": "string",
- "details": { },
- "internal_id": "sensitive-to-http/f5ecc6f0cae821f47a06c939d1b9c7ee",
- "tags": [
- {
- "key": "severity",
- "value": "info"
}, - {
- "key": "cvss_score",
- "value": 2
}
]
}
], - "counts": [
- {
- "key": "category",
- "value": "XSS",
- "finding_type": "vuln",
- "count": 42
}
]
}
}List compound findings Deprecated
DEPRECATED - use /orgs/{orgID}/compounds/byname/{compoundName}/findings instead. List findings for the specified compound. Results are filtered to a single scan (by default, this is the latest scan).
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| compoundName required | string A compound's name |
query Parameters
| type | string The type of findings. Accepted values are |
| severity | string (Severity) Enum: "low" "medium" "high" "critical" The severity filter |
| tags | Array of strings The scan tags to filter by (e.g., |
| finding_tags | Array of strings Example: finding_tags=category=XSS The findings' filtering tag |
| assignee | string The email addresses of users assigned to this finding |
| assignment | string (Assignment) Enum: "unassigned" "assigned" The assignment status filter. By default, all findings, both |
| category | string The category filter |
| details_tags | Array of strings The filter for the finding's details tags |
| status | string (Status) Enum: "unset" "fixed" "ignored" "3rdparty" "any" The status filter. By default, only |
| sort | string How to sort results; defaults to ID |
| order | string Enum: "desc" "asc" Direction of the sort; defaults to descending |
| only_counts | boolean Whether to include only finding counts; excludes the list of findings |
| page | integer The page of results to fetch. Results are not guaranteed to be deterministic using this approach; we recommended using the |
| per_page | integer Number of results per page; defaults to 50 |
| version | string Version to filter findings for; defaults to the latest scan |
| scan | string Polyglot scan ID to filter to; defaults to the latest scan |
| source | string^scan\.\d+|tag\.\w=\w$ Example: source=scan.128|tag.branch=samplebranch The source scan for a comparision |
| diff | string (Diff) Enum: "new" "regression" "common" "fixed" Return a diff of findings (as compared to the source) |
| fields | Array of strings Items Enum: "-description" "-details" "-related_findings" Specifies the fields included or excluded in the response. |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "has_more": true,
- "scan": {
- "id": "1234",
- "app": "hello-qwiet",
- "version": "f348b507198fee7b6b57a460ef8a6c94783c59258f823dfcde41a2b5cb69765f",
- "successful": true,
- "is_default_branch": true,
- "started_at": "2019-08-24T14:15:22Z",
- "completed_at": "2019-08-24T14:15:22Z",
- "language": "javascript",
- "number_of_expressions": 10,
- "tags": { },
- "oss_info": {
- "enabled": true,
- "successful": true,
- "failure_reason": "string"
}, - "counts": [
- {
- "key": "category",
- "value": "XSS",
- "finding_type": "vuln",
- "count": 42
}
], - "findings_summaries": [
- {
- "finding_type": "vuln",
- "total": 10,
- "total_reachable": 0,
- "total_ignored": 1,
- "total_fixed": 3,
- "by_severity": {
- "info": {
- "total": 6
}, - "critical": {
- "total": 3,
- "total_fixed": 3
}, - "moderate": {
- "total": 1,
- "total_ignored": 1
}
}, - "by_category": {
- "Sensitive Data Leak": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}, - "by_assignee": {
- "test@qwiet.ai": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}
}
], - "total": 101,
- "total_fixed": 42,
- "total_ignored": 17
}, - "findings": [
- {
- "id": "1",
- "app": "hello-qwiet",
- "type": "vuln",
- "title": "Sensitive Data Leak: Sensitive data contained in HTTP request/response",
- "description": "Sensitive data included in HTTP request/response. This could result in sensitive data exposure",
- "severity": "low",
- "owasp_category": "a3-sensitive-data-exposure",
- "category": "Sensitive Data Leak",
- "status": "unset",
- "assignee": "string",
- "version_first_seen": "string",
- "details": { },
- "internal_id": "sensitive-to-http/f5ecc6f0cae821f47a06c939d1b9c7ee",
- "tags": [
- {
- "key": "severity",
- "value": "info"
}, - {
- "key": "cvss_score",
- "value": 2
}
]
}
], - "counts": [
- {
- "key": "category",
- "value": "XSS",
- "finding_type": "vuln",
- "count": 42
}
]
}
}List compound findings
List findings for the specified compound. Results are for a single polyglot scan (by default, this is the latest scan).
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| compoundName required | string A compound's name |
query Parameters
| polyglot_scan | string Polyglot scan ID to filter to; defaults to the latest scan. |
| scan_version | string The version of the code at scan time. Ignored if polyglot_scan is given. |
| scan_branch | string The code branch at scan time. Ignored if polygot_scan or scan_version are given. |
| scan_tag | string^(?<key>.*?)__eq__(?<value>.*)$ Tags passed to the analyzer at scan time. Ignored if polygot_scan, scan_version, or scan_branch are given. |
| scan_platform | string (ScanPlatform) Enum: "java" "go" "csharp" "javascript" "c" "python" "terraform_hcl" "ruby" "php" "fuzzytestlang" "kotlin" "javasrc" "pythonsrc" "jssrc" "secrets" "swiftsrc" "plsql" "apex" "groovy" The analysis platform. Cannot be specified together with scan_language. |
| scan_language | string (ScanLanguage) Enum: "java" "go" "csharp" "javascript" "c" "python" "terraform_hcl" "ruby" "php" "fuzzytestlang" "kotlin" "swift" "plsql" "apex" "groovy" The analysis language. Cannot be specified together with scan_platform. |
| counts_exclude | string The tags to exclude from 'counts' in the response. Can be specified more than once. The default filters out a small set of tags that don't add too much value in the kind of aggregate that 'counts' contains. An empty value resets the list. |
| finding_type | string Enum: "vuln" "secret" "insight" "extscan" "oss_vuln" "container" "security_issue" Only list findings of the given type. Can be specified multiple times. |
| finding_status | string Enum: "ignored" "fixed" "3rdparty" Only list findings with the given status. Can be specified multiple times. |
| finding_assignee | string <email> Only list findings with the given assignee. Cannot be specified together with finding_assignment. |
| finding_assignment | string Enum: "assigned" "unassigned" Only list findings of the given assignment state. |
| finding_tag | string^(?<key>.*?)__(?<operator>.*?)__(?<value>.*)$... Examples:
Only list findings matching the given tag query. Can be specified up to 20 times. A finding will match a series of tag queries if it matches all of them. |
| finding_search | string Only list findings containing the given value (under simple Unicode case-folding) in their title or description. Can be specified up to 5 times. A finding will match a series of searches if it matches all of them. |
| finding_reachable | boolean Only list reachable findings. |
| finding_exploitable | boolean Only list exploitable findings. |
| finding_has_ai_fix | boolean Only list findings with an AI fix available. |
| finding_sort | string Enum: "id" "title" "severity" "created_at" The field used to sort results. If not given, the default is to sort by ID in descending order. When given, sort by that criterion, defaulting to ascending order. |
| finding_order | string Enum: "desc" "asc" How results are sorted. See the note on finding_sort for defaults. |
| page | integer >= 1 The page of results to fetch. Only the findings portion of the response is paginated; counts and scans are present every time. |
| per_page | integer [ 1 .. 250 ] Number of results per page; defaults to 50 |
| finding_fields | string Value: "-description" Specifies the fields included or excluded in the findings in the response. Can be specified more than once. |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "has_more": true,
- "polyglot_scan": {
- "compound_id": "a935d696-abd6-44ac-b175-9f5ba2b26ed0",
- "polyglot_scan_id": 1,
- "scans": [
- {
- "id": "1234",
- "app": "hello-qwiet",
- "version": "f348b507198fee7b6b57a460ef8a6c94783c59258f823dfcde41a2b5cb69765f",
- "successful": true,
- "is_default_branch": true,
- "started_at": "2019-08-24T14:15:22Z",
- "completed_at": "2019-08-24T14:15:22Z",
- "language": "javascript",
- "number_of_expressions": 10,
- "tags": { },
- "oss_info": {
- "enabled": true,
- "successful": true,
- "failure_reason": "string"
}, - "counts": [
- {
- "key": "category",
- "value": "XSS",
- "finding_type": "vuln",
- "count": 42
}
], - "findings_summaries": [
- {
- "finding_type": "vuln",
- "total": 10,
- "total_reachable": 0,
- "total_ignored": 1,
- "total_fixed": 3,
- "by_severity": {
- "info": {
- "total": 6
}, - "critical": {
- "total": 3,
- "total_fixed": 3
}, - "moderate": {
- "total": 1,
- "total_ignored": 1
}
}, - "by_category": {
- "Sensitive Data Leak": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}, - "by_assignee": {
- "test@qwiet.ai": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}
}
], - "total": 101,
- "total_fixed": 42,
- "total_ignored": 17
}
]
}, - "findings": [
- {
- "id": "1",
- "app": "hello-qwiet",
- "type": "vuln",
- "title": "Sensitive Data Leak: Sensitive data contained in HTTP request/response",
- "description": "Sensitive data included in HTTP request/response. This could result in sensitive data exposure",
- "severity": "low",
- "owasp_category": "a3-sensitive-data-exposure",
- "category": "Sensitive Data Leak",
- "status": "unset",
- "assignee": "string",
- "version_first_seen": "string",
- "details": { },
- "internal_id": "sensitive-to-http/f5ecc6f0cae821f47a06c939d1b9c7ee",
- "tags": [
- {
- "key": "severity",
- "value": "info"
}, - {
- "key": "cvss_score",
- "value": 2
}
]
}
], - "total_count": 0,
- "counts": [
- {
- "key": "cvss_31_severity_ratings",
- "value_counts": {
- "critical": 1,
- "high": 2
}
}
]
}
}Read app finding detail
Read the details for a single finding
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
| findingID required | string The finding ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "id": "1",
- "app": "hello-qwiet",
- "type": "vuln",
- "title": "Sensitive Data Leak: Sensitive data contained in HTTP request/response",
- "description": "Sensitive data included in HTTP request/response. This could result in sensitive data exposure",
- "severity": "low",
- "owasp_category": "a3-sensitive-data-exposure",
- "category": "Sensitive Data Leak",
- "status": "unset",
- "assignee": "string",
- "version_first_seen": "string",
- "details": { },
- "internal_id": "sensitive-to-http/f5ecc6f0cae821f47a06c939d1b9c7ee",
- "tags": [
- {
- "key": "severity",
- "value": "info"
}, - {
- "key": "cvss_score",
- "value": 2
}
]
}
}Set finding status
Set the current status for a finding
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
| findingID required | string The finding ID |
Request Body schema: application/json
| status | string Enum: "fixed" "ignore" "codeviolationfixed" "codeviolationignore" "codeviolationremovestatus" The status to be set; leaving it blank will remove status |
| optional_comment | string Optional text to be used as the comment that is created along with every status. |
Responses
Request samples
- Payload
{- "status": "fixed",
- "optional_comment": "string"
}Response samples
- 200
- default
{- "ok": true
}Set finding assignee
Set the current assignee for a finding
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
| findingID required | string The finding ID |
Request Body schema: application/json
| assignee | string The email of the person to be assigned to the finding |
Responses
Request samples
- Payload
{- "assignee": "string"
}Response samples
- 200
- default
{- "ok": true
}Set multiple findings status
Set the current status for multiple findings
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
Request Body schema: application/json
| findings | Array of integers |
| status | string Enum: "fixed" "ignore" "codeviolationfixed" "codeviolationignore" "codeviolationremovestatus" The status to be set; leaving it blank will remove status |
Responses
Request samples
- Payload
{- "findings": [
- 0
], - "status": "fixed"
}Response samples
- 200
- default
{- "ok": true
}Set multiple findings assignee
Set the current assignee for a finding
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
Request Body schema: application/json
| findings | Array of integers |
| assignee | string The email of the person to be assigned to the findings |
Responses
Request samples
- Payload
{- "findings": [
- 0
], - "assignee": "string"
}Response samples
- 200
- default
{- "ok": true
}Read the SCA packages of a compound scan
Return information about the packages found in a scan of an app
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| compoundName required | string A compound's name |
query Parameters
| polyglot_scan | integer Example: polyglot_scan=42 Polyglot scan ID of the scan to filter to; defaults to the latest scan. |
| scan_version | string Example: scan_version=9b7e138e1b16dc5261803cceffb86c36800c2c7f The version of which to get the latest scan. This is usually a SHA1. Ignored if polyglot_scan is given. |
| scan_branch | string Example: scan_branch=feature/1234 The branch of which to get the latest scan. Ignored if polygot_scan or scan_version are given. |
| scan_tag | string^(?<key>.*?)__eq__(?<value>.*)$ Tags passed to the analyzer at scan time. Ignored if polygot_scan, scan_version, or scan_branch are given. |
| scan_platform | string (ScanPlatform) Enum: "java" "go" "csharp" "javascript" "c" "python" "terraform_hcl" "ruby" "php" "fuzzytestlang" "kotlin" "javasrc" "pythonsrc" "jssrc" "secrets" "swiftsrc" "plsql" "apex" "groovy" The analysis platform. Cannot be specified together with scan_language. |
| scan_language | string (ScanLanguage) Enum: "java" "go" "csharp" "javascript" "c" "python" "terraform_hcl" "ruby" "php" "fuzzytestlang" "kotlin" "swift" "plsql" "apex" "groovy" The analysis language. Cannot be specified together with scan_platform. |
| type | string Enum: "package" "container_package" Example: type=package The package finding types to include. |
| tag | string Example: tag=package_type__eq__alpine a tag query used to filter the findings |
| per_page | integer [ 1 .. 10000 ] Default: 100 The number of results per page. |
| page | integer >= 1 Default: 1 The specific page of the results to fetch. |
| sort | string Enum: "package" "url" "name" "namespace" "type" "version" "license" "created_at" "num_vulns" "num_reachable" "num_exploitable" How to sort results; defaults to ID |
| order | string Enum: "desc" "asc" Direction of the sort; defaults to descending |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "packages": [
- {
- "package": "github.com/concourse/s3-resource",
- "url": "pkg:golang/github.com/concourse/s3-resource@%28devel%29",
- "name": "s3-resource",
- "namespace": "github.com/concourse",
- "type": "golang",
- "version": "(devel)",
- "license": "Apache-2.0",
- "created_at": "2023-05-26T15:04:07.278721+01:00",
- "finding_type": "container_package",
- "num_vulns": 5,
- "num_reachable": 3,
- "num_exploitable": 0
}, - {
- "package": "axios",
- "url": "pkg:npm/axios@0.19.0",
- "name": "axios",
- "namespace": "",
- "type": "npm",
- "version": "0.19.0",
- "license": "MIT",
- "created_at": "2023-05-26T11:26:35.521801+01:00",
- "finding_type": "package",
- "num_vulns": 2,
- "num_reachable": 2,
- "num_exploitable": 1
}
], - "has_more": true,
- "total_count": 42
}
}Read the count of multiple tags of an app.
Return information about the packages found in a scan of an app
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
query Parameters
| scan | integer Example: scan=42 The ID of the scan to filter to. Defaults to the latest scan. |
| branch | string Example: branch=feature/1234 The branch of which to get the latest scan. |
| type | string Enum: "package" "container_package" Example: type=package The package finding types to include. |
| tag | string Example: tag=package_type__eq__alpine a tag query used to filter the findings |
| per_page | integer Number of results per page; defaults to 50 |
| page | integer The page of results to fetch. Results are not guaranteed to be deterministic using this approach; we recommended using the |
| sort | string Enum: "package" "url" "name" "namespace" "type" "version" "license" "created_at" "num_vulns" "num_reachable" "num_exploitable" How to sort results; defaults to ID |
| order | string Enum: "desc" "asc" Direction of the sort; defaults to descending |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "packages": [
- {
- "package": "github.com/concourse/s3-resource",
- "url": "pkg:golang/github.com/concourse/s3-resource@%28devel%29",
- "name": "s3-resource",
- "namespace": "github.com/concourse",
- "type": "golang",
- "version": "(devel)",
- "license": "Apache-2.0",
- "created_at": "2023-05-26T15:04:07.278721+01:00",
- "finding_type": "container_package",
- "num_vulns": 5,
- "num_reachable": 3,
- "num_exploitable": 0
}, - {
- "package": "axios",
- "url": "pkg:npm/axios@0.19.0",
- "name": "axios",
- "namespace": "",
- "type": "npm",
- "version": "0.19.0",
- "license": "MIT",
- "created_at": "2023-05-26T11:26:35.521801+01:00",
- "finding_type": "package",
- "num_vulns": 2,
- "num_reachable": 2,
- "num_exploitable": 1
}
], - "has_more": true
}
}List org findings
Return all findings for the org.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
query Parameters
| tags | Array of strings The scan tags to filter by (e.g., |
| finding_tags | Array of strings Example: finding_tags=category=XSS The findings' filtering tag |
| type | string The type of findings. Accepted values are |
| severity | string (Severity) Enum: "low" "medium" "high" "critical" The severity filter |
| assignee | string The email addresses of users assigned to this finding |
| assignment | string (Assignment) Enum: "unassigned" "assigned" The assignment status filter. By default, all findings, both |
| category | string The category filter |
| details_tags | Array of strings The filter for the finding's details tags |
| status | string (Status) Enum: "unset" "fixed" "ignored" "3rdparty" "any" The status filter. By default, only |
| sort | string How to sort results; defaults to ID |
| order | string Enum: "desc" "asc" Direction of the sort; defaults to descending |
| only_counts | boolean Whether to include only finding counts; excludes the list of findings |
| page | integer The page of results to fetch. Results are not guaranteed to be deterministic using this approach; we recommended using the |
| per_page | integer Number of results per page; defaults to 50 |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "has_more": true,
- "findings": [
- {
- "id": "1",
- "app": "hello-qwiet",
- "type": "vuln",
- "title": "Sensitive Data Leak: Sensitive data contained in HTTP request/response",
- "description": "Sensitive data included in HTTP request/response. This could result in sensitive data exposure",
- "severity": "low",
- "owasp_category": "a3-sensitive-data-exposure",
- "category": "Sensitive Data Leak",
- "status": "unset",
- "assignee": "string",
- "version_first_seen": "string",
- "details": { },
- "internal_id": "sensitive-to-http/f5ecc6f0cae821f47a06c939d1b9c7ee",
- "tags": [
- {
- "key": "severity",
- "value": "info"
}, - {
- "key": "cvss_score",
- "value": 2
}
]
}
], - "counts": [
- {
- "key": "category",
- "value": "XSS",
- "finding_type": "vuln",
- "count": 42
}
]
}
}Read org findings summary
Return a summary of findings for the org.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
query Parameters
| tags | Array of strings The scan tags to filter by (e.g., |
| type | string The type of findings. Accepted values are |
| default_branch | boolean Return findings from scans of the app's configured default branch |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "findings_summaries": [
- {
- "finding_type": "vuln",
- "total": 10,
- "total_reachable": 0,
- "total_ignored": 1,
- "total_fixed": 3,
- "by_severity": {
- "info": {
- "total": 6
}, - "critical": {
- "total": 3,
- "total_fixed": 3
}, - "moderate": {
- "total": 1,
- "total_ignored": 1
}
}, - "by_category": {
- "Sensitive Data Leak": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}, - "by_assignee": {
- "test@qwiet.ai": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}
}
], - "apps": [
- {
- "app": "string",
- "findings_summaries": [
- {
- "finding_type": "vuln",
- "total": 10,
- "total_reachable": 0,
- "total_ignored": 1,
- "total_fixed": 3,
- "by_severity": {
- "info": {
- "total": 6
}, - "critical": {
- "total": 3,
- "total_fixed": 3
}, - "moderate": {
- "total": 1,
- "total_ignored": 1
}
}, - "by_category": {
- "Sensitive Data Leak": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}, - "by_assignee": {
- "test@qwiet.ai": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}
}
], - "scan": {
- "id": "1234",
- "app": "hello-qwiet",
- "version": "f348b507198fee7b6b57a460ef8a6c94783c59258f823dfcde41a2b5cb69765f",
- "successful": true,
- "is_default_branch": true,
- "started_at": "2019-08-24T14:15:22Z",
- "completed_at": "2019-08-24T14:15:22Z",
- "language": "javascript",
- "number_of_expressions": 10,
- "tags": { },
- "oss_info": {
- "enabled": true,
- "successful": true,
- "failure_reason": "string"
}, - "counts": [
- {
- "key": "category",
- "value": "XSS",
- "finding_type": "vuln",
- "count": 42
}
], - "findings_summaries": [
- {
- "finding_type": "vuln",
- "total": 10,
- "total_reachable": 0,
- "total_ignored": 1,
- "total_fixed": 3,
- "by_severity": {
- "info": {
- "total": 6
}, - "critical": {
- "total": 3,
- "total_fixed": 3
}, - "moderate": {
- "total": 1,
- "total_ignored": 1
}
}, - "by_category": {
- "Sensitive Data Leak": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}, - "by_assignee": {
- "test@qwiet.ai": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}
}
], - "total": 101,
- "total_fixed": 42,
- "total_ignored": 17
}
}
]
}
}Download Organization Backup
Downloads the backup for the specified organization.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
query Parameters
| backup_id | string Backup ID to filter to; defaults to the latest backup. |
Responses
Response samples
- default
{- "ok": true,
- "code": "INTERNAL_SERVER_ERROR",
- "message": "Internal Server Error",
- "validation_errors": [
- "string"
]
}List Organization Backups
Lists the existing backups for the specified organization.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": [
- {
- "organization_id": "string",
- "backup_id": "dc6df094-e377-4015-b87b-a5d80b7a0935",
- "status": "completed",
- "created_at": "2019-08-24T14:15:22Z",
- "completed_at": "2019-08-24T14:15:22Z"
}
]
}The logical grouping (e.g., tenant/account) within Qwiet that defines a set of users, teams, and applications.
Download audit log CSV
Download the CSV formatted audit log for an organization for a specific month. This feature is disabled by default. Contact Qwiet AI Customer Success to enable it.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| auditYear required | number The year for a requested report |
| auditMonth required | number The month for a requested report |
Responses
Upsert check-analysis Configuration
Upload configuration file for the check-analysis server-side configuration and
returns the hash of the uploaded file when successful.
The reference here takes no tag, just a name.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| reference required | string the reference |
query Parameters
| tag | string the tags |
| useDefaults | boolean whether to apply the default versioning mechanism |
Request Body schema: application/yaml
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "contentHash": "cf070ba492a9ec9d411e615e7399c0c94d11be0888862c5385b7184a5da53ec7",
- "tags": [
- "v1",
- "v2",
- "latest"
]
}
}Resolve check-analysis Configuration
Resolve the given reference (name plus a tag, which is usually a version number) and return the raw file back to the caller.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| reference required | string the reference |
Responses
Response samples
- default
{- "ok": true,
- "code": "INTERNAL_SERVER_ERROR",
- "message": "Internal Server Error",
- "validation_errors": [
- "string"
]
}List check-analysis Configurations
List all check-analysis configurations for the given
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
query Parameters
| name | string Any names to filter for, only those policies tagged with these names will be returned |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": [
- {
- "contentHash": "18269b4a713bfc9aa8e8c74d9b9c6a5ced89b4d46364644e2ede7ffa39f54aa9",
- "tags": [
- {
- "name": "blah",
- "tags": [
- "latest",
- "v1",
- "v2"
]
}
]
}
]
}Returns the audit log report for the org's SCM secrets
Returns the audit log report for the org's SCM secrets, showing the number of times secrets were attempted to be committed to a repository. The report can be grouped by project or user. One of the 'by-project' or 'by-user' query parameters must be specified.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
query Parameters
| days | integer Default: 31 Specifies the number of days for which the audit log should be calculated; defaults to 31. |
| by-project | boolean If present, the report will be grouped by project. |
| by-user | boolean If present, the report will be grouped by user. |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "total_attempts": 3,
- "total_user_ids": [
- "261f1203-748d-4010-a57d-4cf3107f8647"
], - "total_token_ids": [
- "261f1203-748d-4010-a57d-4cf3107f8647"
], - "projects": [
- {
- "project_id": "hsl",
- "attempts": 3,
- "user_ids": [
- "261f1203-748d-4010-a57d-4cf3107f8647"
], - "token_ids": [
- "261f1203-748d-4010-a57d-4cf3107f8647"
]
}
]
}
}Update org configuration
Update configuration options for the organization. Note that this endpoint will overwrite all configuration existing configuration options. We recommend using the GET endpoint to obtain the current configuration for your records before proceeding. Alternatively, if you intend to change only analysis configuration, then you can use UpdateOrgAnalysisConfig endpoint
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Request Body schema: application/json
| sso_name | string The unique name assigned to the organization that can be used to log in via SSO |
| default_saml_config | string The name of the SAML config to use as the default for this organization |
| allowed_non_admin_auth_providers | Array of strings Items Enum: "google" "github" "username-password" "sl-saml2" A list of auth providers that non-admins are allowed to use to access the org. |
| security_training_provider | string Enum: "kontra" "secure-code-warrior" |
object (OrgAnalysisConfiguration) Organization level analysis configuration | |
object (AutoFixConfig) An object describing the AutoFix configuration options of an organization | |
| session_timeout_hours | integer The number of hours after which the session will expire. The default value is 168 hours (7 days). |
Responses
Request samples
- Payload
{- "sso_name": "string",
- "default_saml_config": "string",
- "allowed_non_admin_auth_providers": [
- "google"
], - "security_training_provider": "kontra",
- "analysis_configuration": {
- "secrets": {
- "entropy": 0,
- "disable": true
}
}, - "autofix_configuration": {
- "enable": true,
- "disable": true,
- "auto_run": true,
- "auto_run_disable": true,
- "manual": true,
- "manual_disable": true,
- "max_fixes_per_run": 0,
- "fix_only_severities": [
- "low"
]
}, - "session_timeout_hours": 0
}Response samples
- 200
- default
{- "ok": true
}Patch org configuration
Partially update configuration options for the organization. Only fields present in the request body will be updated; all other fields are preserved. This is safer than PUT when you only need to change a subset of the configuration.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Request Body schema: application/json
| sso_name | string The unique name assigned to the organization that can be used to log in via SSO |
| default_saml_config | string The name of the SAML config to use as the default for this organization |
| allowed_non_admin_auth_providers | Array of strings Items Enum: "google" "github" "username-password" "sl-saml2" A list of auth providers that non-admins are allowed to use to access the org. |
| security_training_provider | string Enum: "kontra" "secure-code-warrior" |
object (OrgAnalysisConfiguration) Organization level analysis configuration | |
object (AutoFixConfig) An object describing the AutoFix configuration options of an organization | |
| session_timeout_hours | integer The number of hours after which the session will expire. The default value is 168 hours (7 days). |
Responses
Request samples
- Payload
{- "sso_name": "string",
- "default_saml_config": "string",
- "allowed_non_admin_auth_providers": [
- "google"
], - "security_training_provider": "kontra",
- "analysis_configuration": {
- "secrets": {
- "entropy": 0,
- "disable": true
}
}, - "autofix_configuration": {
- "enable": true,
- "disable": true,
- "auto_run": true,
- "auto_run_disable": true,
- "manual": true,
- "manual_disable": true,
- "max_fixes_per_run": 0,
- "fix_only_severities": [
- "low"
]
}, - "session_timeout_hours": 0
}Response samples
- 200
- default
{- "ok": true
}Read org configuration
Return the configuration options for the organization
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "sso_name": "string",
- "default_saml_config": "string",
- "allowed_non_admin_auth_providers": [
- "google"
], - "security_training_provider": "kontra",
- "analysis_configuration": {
- "secrets": {
- "entropy": 0,
- "disable": true
}
}, - "autofix_configuration": {
- "enable": true,
- "disable": true,
- "auto_run": true,
- "auto_run_disable": true,
- "manual": true,
- "manual_disable": true,
- "max_fixes_per_run": 0,
- "fix_only_severities": [
- "low"
]
}, - "session_timeout_hours": 0
}
}Read AutoFix configuration for the organization
Return the AutoFix configuration options for the organization
path Parameters
| orgID required | string <uuid> The org ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "autofix_configuration": {
- "enable": true,
- "disable": true,
- "auto_run": true,
- "auto_run_disable": true,
- "manual": true,
- "manual_disable": true,
- "max_fixes_per_run": 0,
- "fix_only_severities": [
- "low"
]
}
}
}Update org analysis configuration
Create analysis analysis configuration options for the organization. Doesn't touch other parts of configuration (like e.g. default_saml_config)
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Request Body schema: application/json
object (SecretsConfiguration) Secrets detection configuration | |||||
| |||||
Responses
Request samples
- Payload
{- "secrets": {
- "entropy": 0,
- "disable": true
}
}Response samples
- 200
- default
{- "ok": true
}Update org analysis configuration
Update analysis analysis configuration options for the organization. Doesn't touch other parts of configuration (like e.g. default_saml_config)
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Request Body schema: application/json
object (SecretsConfiguration) Secrets detection configuration | |||||
| |||||
Responses
Request samples
- Payload
{- "secrets": {
- "entropy": 0,
- "disable": true
}
}Response samples
- 200
- default
{- "ok": true
}Roles-based access control (RBAC) allows you to control the permissions users in an organization are granted.
The permissions granted to a user are additive. The base level of a user's permission is determined by their role in the organization.
A team represents a group of users and the applications that group of users can access. Users are granted additional permissions based on their team role.
Users can belong to multiple teams, but an application can only belong to one team.
You can use the TEAM_DEFINED organization role to limit user access to only the apps assigned to their team.
List roles
Return a list of roles an org has available to use (includes only the roles that are managed by Qwiet). Note that the ID and role ID for a CI token are also used for access tokens. The ID and role ID for an integration token are also used for a Jira integration token.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": [
- {
- "description": "",
- "id": "e7ca42af-8dd5-4928-8eb9-28d5e41b5564",
- "id_aliases": [
- "MEMBER",
- "TEAM_MEMBER"
], - "name": "Member",
- "scopes": [
- "apps:list",
- "cold_start_subscription:read",
- "cold_start_subscription:update",
- "findings:list",
- "kontra:login",
- "kontra:read",
- "org:read",
- "org_inspect_configuration:validate",
- "org_user_notification:create",
- "org_user_notification:delete",
- "org_user_notification:read",
- "org_user_notification:update",
- "roles:list",
- "subscriptions:read"
]
}, - {
- "description": "",
- "id": "c46b7cba-6726-11eb-8232-e3aecb012972",
- "id_aliases": [
- "LEGACY_COLLABORATOR"
], - "name": "Collaborator",
- "scopes": [
- "apps:list",
- "findings:list",
- "findings:read",
- "kontra:login",
- "kontra:read",
- "metrics:write",
- "org:read",
- "org_inspect_configuration:validate",
- "org_invitations:list",
- "org_runs:create",
- "org_runs:read",
- "org_user_notification:create",
- "org_user_notification:delete",
- "org_user_notification:read",
- "org_user_notification:update",
- "scan_status:update",
- "seats:claim",
- "seats:list",
- "subscriptions:read",
- "teams:list",
- "tokens:create",
- "uploads:write"
]
}, - {
- "description": "",
- "id": "6fc50b34-6705-11eb-b610-435a3f7b9ad3",
- "id_aliases": [
- "SUPER_ADMIN"
], - "name": "Super Admin",
- "scopes": [
- "apps:list",
- "auth_provider:*",
- "blocked_seats:list",
- "blocked_seats:update",
- "cold_start_subscription:read",
- "cold_start_subscription:update",
- "findings:list",
- "findings:read",
- "github:install",
- "github_fork_demo:create",
- "github_repos:list",
- "github_user_repo:create",
- "kontra:login",
- "kontra:read",
- "org:delete",
- "org:read",
- "org:update",
- "org_alert_notification:read",
- "org_alert_notification:update",
- "org_configuration:read",
- "org_configuration:write",
- "org_inspect_configuration:create",
- "org_inspect_configuration:validate",
- "org_invitations:create",
- "org_invitations:delete",
- "org_invitations:list",
- "org_metrics:read",
- "org_user:list",
- "org_user_notification:create",
- "org_user_notification:delete",
- "org_user_notification:read",
- "org_user_notification:update",
- "project:create",
- "roles:create",
- "roles:list",
- "saml_config:create",
- "saml_config:delete",
- "saml_config:list",
- "saml_config:update",
- "seats:claim",
- "seats:delete",
- "seats:delete",
- "seats:list",
- "seats:write",
- "subscriptions:read",
- "subscriptions_trial:update",
- "teams:create",
- "teams:delete",
- "teams:list",
- "tokens:create",
- "tokens:delete",
- "tokens:list",
- "webhook:read",
- "webhook:write"
]
}, - {
- "description": "",
- "id": "6d5fbe08-0512-46e0-b5d2-45902ee6c0ba",
- "id_aliases": [
- "GUEST",
- "TEAM_GUEST"
], - "name": "Guest",
- "scopes": [
- "apps:list",
- "cold_start_subscription:read",
- "cold_start_subscription:update",
- "findings:list",
- "kontra:login",
- "kontra:read",
- "org:read",
- "org_user_notification:create",
- "org_user_notification:delete",
- "org_user_notification:read",
- "org_user_notification:update",
- "reports:read",
- "roles:list",
- "subscriptions:read"
]
}, - {
- "description": "",
- "id": "09e9fc1f-8190-4b09-b2bf-a1beabd62c2a",
- "id_aliases": [
- "POWER_USER",
- "TEAM_ADMIN"
], - "name": "Power User",
- "scopes": [
- "apps:list",
- "cold_start_subscription:read",
- "cold_start_subscription:update",
- "findings:list",
- "kontra:login",
- "kontra:read",
- "org:read",
- "org_inspect_configuration:validate",
- "org_user:list",
- "org_user_notification:create",
- "org_user_notification:delete",
- "org_user_notification:read",
- "org_user_notification:update",
- "project:create",
- "project:delete",
- "project:update",
- "roles:list",
- "subscriptions:read",
- "teams:list"
]
}, - {
- "description": "",
- "id": "033d8bd8-849f-4665-9dd8-72787c0b2494",
- "id_aliases": [
- "TEAM_DEFINED"
], - "name": "Team Defined",
- "scopes": [
- "apps:list",
- "findings:list",
- "org:read",
- "reports:read",
- "roles:list",
- "subscriptions:read"
]
}, - {
- "description": "This is a custom role - it features an organization_id since it's specific to an organization",
- "id": "033d8bd8-849f-4665-9dd8-72787c0b2494",
- "name": "Custom Organization Role",
- "organization_id": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "scopes": [
- "apps:list",
- "reports:read",
- "roles:list",
- "subscriptions:read"
]
}
]
}Create custom RBAC role
Creates a custom RBAC role for the provided organization
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Request Body schema: application/json
| name required | string The name of the role |
| description | string The description of the role |
| scopes required | Array of strings (Scope) [^\w+:\w+$|^\w+:\*$] The array of scopes that are granted by the role |
| role_type | string (RoleType) Enum: "team" "organization" "qwiet" The type of role. This is used to categorize roles and determine in what context they can be used. Team roles can only be used in teams, organization roles can be used across the organization, and qwiet roles are predefined roles. Note that 'qwiet' type is reserved for system-defined roles and cannot be used when creating or updating custom roles. |
Responses
Request samples
- Payload
{- "name": "Custom team role",
- "description": "This is a custom team role",
- "scopes": [
- "apps:list",
- "findings:list",
- "org:read",
- "roles:list",
- "subscriptions:read"
], - "role_type": "team"
}Response samples
- 201
- 409
- default
{- "ok": true,
- "response": {
- "id": "e7ca42af-8dd5-4928-8eb9-28d5e41b5564",
- "name": "Member",
- "resource_type": "organization",
- "description": "",
- "scopes": [
- "apps:list",
- "findings:list",
- "org:read",
- "roles:list",
- "subscriptions:read"
], - "role_type": "team"
}
}Update RBAC role
Update the scopes of an existing RBAC role.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| rbacRoleID required | string <uuid> The role ID |
Request Body schema: application/json
| name | string The name of the role |
| description | string The description of the role |
| scopes required | Array of strings (Scope) [^\w+:\w+$|^\w+:\*$] The array of scopes that are granted by the role |
Responses
Request samples
- Payload
{- "name": "Member",
- "description": "This is a member role",
- "scopes": [
- "apps:list",
- "findings:list",
- "org:read",
- "roles:list",
- "subscriptions:read"
]
}Response samples
- 200
- 404
- default
{- "ok": true
}Delete a custom RBAC role
Deletes a custom RBAC role for the provided organization. This operation only applies to custom roles and will not delete built-in system roles.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| rbacRoleID required | string <uuid> The role ID |
Responses
Response samples
- 200
- 404
- default
{- "ok": true
}List available RBAC scopes
Returns a list of RBAC scopes available for an organization to use when creating custom roles. These will match directly with the Super Admin role scopes.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": [
- "apps:list",
- "findings:list",
- "org:read",
- "roles:list",
- "subscriptions:read"
]
}List users
Returns a list users in the organization, along with their team membership and roles, it allows filter by email.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
query Parameters
| email required | string <email> The user's email |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": [
- {
- "name": "Peter Gibbons",
- "email": "peter@example.com",
- "id_v2": "61f9da5b-d316-419d-a206-1a006ae9e3a5",
- "team_membership": [
- {
- "team_name": "",
- "team_id": "",
- "role": "033d8bd8-849f-4665-9dd8-72787c0b2494",
- "role_name": "Team Defined",
- "role_aliases": [
- "TEAM_DEFINED"
]
}, - {
- "team_name": "ATeam",
- "team_id": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "role": "6d5fbe08-0512-46e0-b5d2-45902ee6c0ba",
- "role_name": "Guest",
- "role_aliases": [
- "GUEST"
]
}
]
}
]
}Update user
Update a user
Authorizations:
path Parameters
| userIDv2 required | string <uuid> The user's ID |
| orgID required | string <uuid> The org ID |
Request Body schema: application/json
| org_role required | string Enum: "SUPER_ADMIN" "POWER_USER" "MEMBER" "GUEST" "TEAM_DEFINED" The role that should be assigned to the user. |
Responses
Request samples
- Payload
{- "org_role": "TEAM_DEFINED"
}Response samples
- 200
- default
{- "ok": true
}List human groups
Return a list of human groups in the organization.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
query Parameters
| name | string The human group name, case sensitive |
| iname | string The human group name, case insensitive |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "groups": [
- {
- "group_id": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "group_name": "Group1",
- "members": [
- {
- "user_id_v2": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "email": "example@qwiet.ai"
}, - {
- "user_id_v2": "5b588f3a-7fe0-444d-afbb-213141321233",
- "email": "example2@qwiet.ai"
}
], - "teams": [
- {
- "team_id": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "team_name": "Team1",
- "role": "TEAM_MANAGER"
}, - {
- "team_id": "5b588f3a-7fe0-444d-afbb-213141321233",
- "team_name": "Team2",
- "role": "TEAM_MEMBER"
}
]
}, - {
- "group_id": "5b588f3a-7fe0-444d-afbb-213141321233",
- "group_name": "Group2"
}
]
}
}Create team
Create a new team for an organization.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Request Body schema: application/json
| name required | string The name of the team to be created |
| applications | Array of strings The applications that should be added to the team |
Array of objects The members that should be added to the team |
Responses
Request samples
- Payload
{- "name": "ATeam",
- "applications": [
- "app01"
], - "team_membership": [
- {
- "user_id_v2": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "team_role": "a003f608-67d1-11eb-b8a6-fbc4104446af"
}
]
}Response samples
- 200
- default
{- "ok": true,
- "response": {
- "team_id": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b"
}
}List teams
Return a list of all teams within an organization.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
query Parameters
| teamName | string The team name |
| no_members | boolean Value: true Indicates whether or not to include the team members in the response |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": [
- {
- "team_id": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "team_name": "Team1"
}, - {
- "team_id": "5b588f3a-7fe0-444d-afbb-213141321233",
- "team_name": "Team2,"
}
]
}Update the members of a team
Update the members of a team.
Authorizations:
path Parameters
| rbacTeamID required | string <uuid> The team ID |
| orgID required | string <uuid> The org ID |
Request Body schema: application/json
| version required | integer The team configuration version |
Array of objects A list of the members to be added to the team | |
Array of objects A list of the members to be removed from the team |
Responses
Request samples
- Payload
{- "version": 1,
- "add_team_membership": [
- {
- "user_id_v2": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "team_role": "a003f608-67d1-11eb-b8a6-fbc4104446af"
}
], - "remove_team_membership": [
- {
- "user_id_v2": "77788f3a-7fe0-444d-afbb-c0d5ee04139b",
- "team_role": "a003f608-67d1-11eb-b8a6-fbc4104446af"
}
]
}Response samples
- 200
- default
{- "ok": true,
- "response": {
- "version": 1,
- "team_id": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "team_name": "ATeam",
- "applications": [
- "one_application_id"
], - "users": [
- {
- "user_id_v2": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "team_role": "a003f608-67d1-11eb-b8a6-fbc4104446af"
}
]
}
}Update a team's applications
Update the apps assigned to a team.
Authorizations:
path Parameters
| rbacTeamID required | string <uuid> The team ID |
| orgID required | string <uuid> The org ID |
Request Body schema: application/json
| version required | integer The team configuration version |
| add_applications | Array of strings A list of the applications to add to the team |
| force_app_inclusion | boolean Whether the app should be added if it belongs to another team. The app will be removed from the conflicting team if added |
| remove_applications | Array of strings A list of the application IDs to remove from the team |
Responses
Request samples
- Payload
{- "version": 1,
- "add_applications": [
- "app01"
], - "remove_applications": [
- "app02"
]
}Response samples
- 200
- default
{- "ok": true,
- "response": {
- "version": 1,
- "team_id": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "team_name": "ATeam",
- "applications": [
- "one_application_id"
], - "users": [
- {
- "user_id_v2": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "team_role": "a003f608-67d1-11eb-b8a6-fbc4104446af"
}
]
}
}Update the metadata of a team
Update the metadata of a team.
Authorizations:
path Parameters
| rbacTeamID required | string <uuid> The team ID |
| orgID required | string <uuid> The org ID |
Request Body schema: application/json
| version required | integer The team configuration version |
| change_name | string The team's new name |
Responses
Request samples
- Payload
{- "version": 1,
- "change_name": "a new name"
}Response samples
- 200
- default
{- "ok": true,
- "response": {
- "version": 1,
- "team_id": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "team_name": "a new name",
- "applications": [
- "one_application_id"
], - "users": [
- {
- "user_id_v2": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "team_role": "a003f608-67d1-11eb-b8a6-fbc4104446af"
}
]
}
}Read team
Return information about a team.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| rbacTeamID required | string <uuid> The team ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "version": 1,
- "team_id": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "team_name": "ATeam",
- "applications": [
- "one_application_id"
], - "users": [
- {
- "user_id_v2": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "team_role": "a003f608-67d1-11eb-b8a6-fbc4104446af"
}
]
}
}Update a team
Update a team within an organization.
Authorizations:
path Parameters
| rbacTeamID required | string <uuid> The team ID |
| orgID required | string <uuid> The org ID |
Request Body schema: application/json
| version | integer The team configuration version |
| add_applications | Array of strings A list of the application to add to this team |
| force_app_inclusion | boolean Whether the app should be added if it belongs to another team (the app will be removed from the conflicting team if added) |
| remove_applications | Array of strings A list of the applications to remove from the team |
Array of objects A list of members to be added to the team | |
Array of objects A list of members to be removed from the team |
Responses
Request samples
- Payload
{- "version": 1,
- "add_applications": [
- "app01"
], - "remove_applications": [
- "app02"
], - "add_team_membership": [
- {
- "user_id_v2": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "team_role": "a003f608-67d1-11eb-b8a6-fbc4104446af"
}
], - "remove_team_membership": [
- {
- "user_id_v2": "77788f3a-7fe0-444d-afbb-c0d5ee04139b",
- "team_role": "a003f608-67d1-11eb-b8a6-fbc4104446af"
}
]
}Response samples
- 200
- default
{- "ok": true,
- "response": {
- "version": 1,
- "team_id": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "team_name": "ATeam",
- "applications": [
- "one_application_id"
], - "users": [
- {
- "user_id_v2": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "team_role": "a003f608-67d1-11eb-b8a6-fbc4104446af"
}
]
}
}Delete team
Delete a team within an organization.
Authorizations:
path Parameters
| rbacTeamID required | string <uuid> The team ID |
| orgID required | string <uuid> The org ID |
Request Body schema: application/json
| version required | integer The team's configuration version |
Responses
Request samples
- Payload
{- "version": 1
}Response samples
- 200
- default
{- "ok": true
}List groups
Return a list of all groups within a team.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| rbacTeamID required | string <uuid> The team ID |
Responses
Response samples
- 200
{- "ok": true,
- "response": [
- {
- "group_id": "string",
- "group_name": "string",
- "members": [
- {
- "user_id": "string",
- "email": "string"
}
], - "teams": [
- {
- "team_id": "string",
- "team_name": "string",
- "role": "string"
}
]
}
]
}Create or update group
Create or update a group within a team.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| rbacTeamID required | string <uuid> The team ID |
Request Body schema: application/json
required | Array of objects (GroupAndRole) | ||||
Array
| |||||
Responses
Request samples
- Payload
{- "group_ids": [
- {
- "group_id": "string",
- "team_role": "string"
}
]
}Response samples
- 200
- default
{- "ok": true
}Read group
Return information about a group.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| groupID required | string <uuid> A human group's ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "group_id": "string",
- "group_name": "string",
- "members": [
- {
- "user_id": "string",
- "email": "string"
}
], - "teams": [
- {
- "team_id": "string",
- "team_name": "string",
- "role": "string"
}
]
}
}Update group
Update a group's role within a team.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| rbacTeamID required | string <uuid> The team ID |
| groupID required | string <uuid> A human group's ID |
Request Body schema: application/json
| team_role | string |
Responses
Request samples
- Payload
{- "team_role": "string"
}Response samples
- 200
- default
{- "ok": true
}Remove group from team
Remove a group's membership to a team.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| rbacTeamID required | string <uuid> The team ID |
| groupID required | string <uuid> A human group's ID |
Responses
Response samples
- 200
- default
{- "ok": true
}Read Team group
Return information about a group.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| rbacTeamID required | string <uuid> The team ID |
| groupID required | string <uuid> A human group's ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "group_id": "string",
- "group_name": "string",
- "members": [
- {
- "user_id": "string",
- "email": "string"
}
], - "teams": [
- {
- "team_id": "string",
- "team_name": "string",
- "role": "string"
}
]
}
}Read HTML PCI DSS report for a scan
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
| scanID required | string ID of the scan |
query Parameters
| ignore_info_findings | boolean Whether findings marked as informational should be included in the report or not |
Responses
Response samples
- 200
- default
<!DOCTYPE html> <html> <head> <meta charset="utf-8" /> <!-- report data --> </head> <body></body> </html>
Read Detailed OWASP report for a scan
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
| scanID required | string ID of the scan |
| ext required | string Enum: "html" "pdf" Example: pdf the extension wanted |
| year required | string Enum: "2017" "2021" Example: 2021 the year wanted |
query Parameters
| comments | boolean Whether to include comments |
| status | string (Status) Enum: "unset" "fixed" "ignored" "3rdparty" "any" The status filter. By default, only |
| tz | string Example: tz=America/New_York The timezone for any times shown in the report. By default, times are shown in UTC. |
Responses
Response samples
- 200
- default
<!DOCTYPE html> <html> <head> <meta charset="utf-8" /> <!-- report data --> </head> <body></body> </html>
Read CWE report for a scan
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
| scanID required | string ID of the scan |
| ext required | string Enum: "html" "pdf" Example: pdf the extension wanted |
query Parameters
| comments | boolean Whether to include comments |
| status | string (Status) Enum: "unset" "fixed" "ignored" "3rdparty" "any" The status filter. By default, only |
| tz | string Example: tz=America/New_York The timezone for any times shown in the report. By default, times are shown in UTC. |
Responses
Response samples
- 200
- default
<!DOCTYPE html> <html> <head> <meta charset="utf-8" /> <!-- report data --> </head> <body></body> </html>
The integration endpoints allowing orgs to configure Qwiet to act as a SAML service provider (SP) that uses the customer's identity provider (IdP) to log users in.
Create a SAML configuration for an org
Create a SAML configuration that can be used to authenticate users for an organization
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Request Body schema: application/json
| idp_metadata_url | string <uri> The URL of the SAML Identity Provider's (IdP) metadata endpoint |
| idp_metadata | string The raw XML metadata that can be provided instead of idp_metadata_url |
| allow_implicit_invites | boolean Sets whether any successful SAML-identified user should be allowed to join your org (true) or not (false) |
| default_org_role | string The default role that new users in the org are given when joining via SAML. If not specified, this defaults to "TEAM_DEFINED" |
| sign_auth_requests | boolean Whether to sign SAML requests sent from Qwiet to the SAML IdP |
| allow_idp_initiated_logins | boolean Whether SAML-initiated logins should be allowed or not. By default they are disabled, as service provider (SP) initiated logins are generally considered safer. When enabled, the saml_config endpoint will have another field, "idp_default_relay_state", which contains an opaque blob that needs to be set as the default relay state in the IdP configuration. This state will be sent on every request where no relay state was provided and contains some additional information to help the SP (Qwiet) properly route the request. |
| name required | string (SAMLConfigName) ^[a-zA-Z0-9-_]{1,255}$ The name and ID of the specified SAML configuration |
Responses
Request samples
- Payload
{- "idp_metadata": "string",
- "allow_implicit_invites": true,
- "default_org_role": "string",
- "sign_auth_requests": true,
- "allow_idp_initiated_logins": true,
- "name": "string"
}Response samples
- 200
- default
{- "ok": true,
- "response": {
- "idp_metadata": "string",
- "allow_implicit_invites": true,
- "default_org_role": "string",
- "sign_auth_requests": true,
- "allow_idp_initiated_logins": true,
- "name": "string",
- "idp_default_relay_state": "string",
}
}List SAML configurations for an org
List the SAML Configurations that can be used to authenticate users in an organization
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": [
- {
- "idp_metadata": "string",
- "allow_implicit_invites": true,
- "default_org_role": "string",
- "sign_auth_requests": true,
- "allow_idp_initiated_logins": true,
- "name": "string",
- "idp_default_relay_state": "string",
}
]
}Update SAML configuration for an org
Update a SAML Configuration used to authenticate users for an organization
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| SAMLConfigName required | string (SAMLConfigName) ^[a-zA-Z0-9-_]{1,255}$ The name and ID of the specified SAML configuration |
Request Body schema: application/json
| idp_metadata_url | string <uri> The URL of the SAML Identity Provider's (IdP) metadata endpoint |
| idp_metadata | string The raw XML metadata that can be provided instead of idp_metadata_url |
| allow_implicit_invites | boolean Sets whether any successful SAML-identified user should be allowed to join your org (true) or not (false) |
| default_org_role | string The default role that new users in the org are given when joining via SAML. If not specified, this defaults to "TEAM_DEFINED" |
| sign_auth_requests | boolean Whether to sign SAML requests sent from Qwiet to the SAML IdP |
| allow_idp_initiated_logins | boolean Whether SAML-initiated logins should be allowed or not. By default they are disabled, as service provider (SP) initiated logins are generally considered safer. When enabled, the saml_config endpoint will have another field, "idp_default_relay_state", which contains an opaque blob that needs to be set as the default relay state in the IdP configuration. This state will be sent on every request where no relay state was provided and contains some additional information to help the SP (Qwiet) properly route the request. |
Responses
Request samples
- Payload
{- "idp_metadata": "string",
- "allow_implicit_invites": true,
- "default_org_role": "string",
- "sign_auth_requests": true,
- "allow_idp_initiated_logins": true
}Response samples
- 200
{- "ok": true,
- "response": {
- "idp_metadata": "string",
- "allow_implicit_invites": true,
- "default_org_role": "string",
- "sign_auth_requests": true,
- "allow_idp_initiated_logins": true,
- "name": "string",
- "idp_default_relay_state": "string",
}
}Delete an org's SAML configuration
Delete a SAML Configuration that is used to authenticate users in an organization
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| SAMLConfigName required | string (SAMLConfigName) ^[a-zA-Z0-9-_]{1,255}$ The name and ID of the specified SAML configuration |
Responses
Response samples
- 200
- default
{- "ok": true
}Provision or update SAML users for an organization.
Create or update SAML users and their org or team roles. Users cannot be deleted.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Request Body schema: application/json
| name | string the name of the user |
| email required | string the email of the user |
| organization_role required | string Enum: "SUPER_ADMIN" "POWER_USER" "MEMBER" "GUEST" "TEAM_DEFINED" |
Array of objects (SAMLUserMembership) |
Responses
Request samples
- Payload
[- {
- "name": "string",
- "email": "string",
- "organization_role": "SUPER_ADMIN",
- "team_membership": [
- {
- "team_id": "string",
- "role": "TEAM_ADMIN"
}
]
}
]Response samples
- 200
- default
{- "ok": true,
- "response": {
- "users": [
- {
- "idv2": "c0da4f6a-7041-4fb3-850f-b89fcfaddf43",
- "idv1": "string",
- "name": "string",
- "email": "user@example.com",
- "emailVerified": true,
- "membership": [
- {
- "organization": "452c1a86-a0af-475b-b03f-724878b0f387",
- "organizationName": "string"
}
], - "invites": [
- {
- "organization": "452c1a86-a0af-475b-b03f-724878b0f387",
- "organizationName": "string",
- "inviteId": "14ca54c2-5d85-4c93-81b5-495a2e7e0ca4"
}
], - "lastLoginUTCTimestampHistory": [
- 0
]
}
], - "rejected_emails": [
- "string"
], - "rejected_org_roles": [
- "string"
], - "rejected_team_roles": [
- "string"
]
}
}Reset a SAML user's access token.
Blanks the access token of a specific SAML user in the organization. The organization must have SAML enabled and the target user must be a SAML user.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| userIDv2 required | string <uuid> The user's ID |
Responses
Response samples
- default
{- "ok": true,
- "code": "INTERNAL_SERVER_ERROR",
- "message": "Internal Server Error",
- "validation_errors": [
- "string"
]
}Bulk reset SAML user access tokens.
Blanks the access tokens of multiple SAML users in the organization. The organization must have SAML enabled. Users that are not found or are not SAML users are reported separately in the response.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Request Body schema: application/json
| user_ids required | Array of strings <uuid> non-empty [ items <uuid > ] list of user IDs (v2) whose access tokens should be reset. |
Responses
Request samples
- Payload
{- "user_ids": [
- "497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}Response samples
- 200
- default
{- "ok": true,
- "response": {
- "reset": [
- "497f6eca-6276-4993-bfeb-53cbbbba6f08"
], - "not_found": [
- "497f6eca-6276-4993-bfeb-53cbbbba6f08"
], - "not_saml": [
- "497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}
}Download Compound SARIF Report
Downloads the SARIF report for the specified compound.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| compoundName required | string A compound's name |
query Parameters
| polyglot_scan | string Polyglot scan ID to filter to; defaults to the latest scan. |
| scan_version | string The version of the code at scan time. Ignored if polyglot_scan is given. |
| scan_branch | string The code branch at scan time. Ignored if polygot_scan or scan_version are given. |
| scan_tag | string^(?<key>.*?)__eq__(?<value>.*)$ Tags passed to the analyzer at scan time. Ignored if polygot_scan, scan_version, or scan_branch are given. |
| scan_platform | string (ScanPlatform) Enum: "java" "go" "csharp" "javascript" "c" "python" "terraform_hcl" "ruby" "php" "fuzzytestlang" "kotlin" "javasrc" "pythonsrc" "jssrc" "secrets" "swiftsrc" "plsql" "apex" "groovy" The analysis platform. Cannot be specified together with scan_language. |
| scan_language | string (ScanLanguage) Enum: "java" "go" "csharp" "javascript" "c" "python" "terraform_hcl" "ruby" "php" "fuzzytestlang" "kotlin" "swift" "plsql" "apex" "groovy" The analysis language. Cannot be specified together with scan_platform. |
Responses
Response samples
- 200
- default
"string"The saved searches endpoints allow users to save specific search queries for organization and app findings
Create a new saved search for a user
path Parameters
| orgID required | string |
Request Body schema: application/jsonrequired
| search_name | string |
| path_name | string |
| search_query | string |
Responses
Request samples
- Payload
{- "search_name": "string",
- "path_name": "string",
- "search_query": "string"
}Update a saved search for a user
path Parameters
| orgID required | string |
| searchID required | string |
Request Body schema: application/jsonrequired
| search_name | string |
| path_name | string |
| search_query | string |
Responses
Request samples
- Payload
{- "search_name": "string",
- "path_name": "string",
- "search_query": "string"
}Read the SCA packages of a compound scan
Return information about the packages found in a scan of an app
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| compoundName required | string A compound's name |
query Parameters
| polyglot_scan | integer Example: polyglot_scan=42 Polyglot scan ID of the scan to filter to; defaults to the latest scan. |
| scan_version | string Example: scan_version=9b7e138e1b16dc5261803cceffb86c36800c2c7f The version of which to get the latest scan. This is usually a SHA1. Ignored if polyglot_scan is given. |
| scan_branch | string Example: scan_branch=feature/1234 The branch of which to get the latest scan. Ignored if polygot_scan or scan_version are given. |
| scan_tag | string^(?<key>.*?)__eq__(?<value>.*)$ Tags passed to the analyzer at scan time. Ignored if polygot_scan, scan_version, or scan_branch are given. |
| scan_platform | string (ScanPlatform) Enum: "java" "go" "csharp" "javascript" "c" "python" "terraform_hcl" "ruby" "php" "fuzzytestlang" "kotlin" "javasrc" "pythonsrc" "jssrc" "secrets" "swiftsrc" "plsql" "apex" "groovy" The analysis platform. Cannot be specified together with scan_language. |
| scan_language | string (ScanLanguage) Enum: "java" "go" "csharp" "javascript" "c" "python" "terraform_hcl" "ruby" "php" "fuzzytestlang" "kotlin" "swift" "plsql" "apex" "groovy" The analysis language. Cannot be specified together with scan_platform. |
| type | string Enum: "package" "container_package" Example: type=package The package finding types to include. |
| tag | string Example: tag=package_type__eq__alpine a tag query used to filter the findings |
| per_page | integer [ 1 .. 10000 ] Default: 100 The number of results per page. |
| page | integer >= 1 Default: 1 The specific page of the results to fetch. |
| sort | string Enum: "package" "url" "name" "namespace" "type" "version" "license" "created_at" "num_vulns" "num_reachable" "num_exploitable" How to sort results; defaults to ID |
| order | string Enum: "desc" "asc" Direction of the sort; defaults to descending |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "packages": [
- {
- "package": "github.com/concourse/s3-resource",
- "url": "pkg:golang/github.com/concourse/s3-resource@%28devel%29",
- "name": "s3-resource",
- "namespace": "github.com/concourse",
- "type": "golang",
- "version": "(devel)",
- "license": "Apache-2.0",
- "created_at": "2023-05-26T15:04:07.278721+01:00",
- "finding_type": "container_package",
- "num_vulns": 5,
- "num_reachable": 3,
- "num_exploitable": 0
}, - {
- "package": "axios",
- "url": "pkg:npm/axios@0.19.0",
- "name": "axios",
- "namespace": "",
- "type": "npm",
- "version": "0.19.0",
- "license": "MIT",
- "created_at": "2023-05-26T11:26:35.521801+01:00",
- "finding_type": "package",
- "num_vulns": 2,
- "num_reachable": 2,
- "num_exploitable": 1
}
], - "has_more": true,
- "total_count": 42
}
}Read the count of multiple tags of an app.
Return information about the packages found in a scan of an app
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
query Parameters
| scan | integer Example: scan=42 The ID of the scan to filter to. Defaults to the latest scan. |
| branch | string Example: branch=feature/1234 The branch of which to get the latest scan. |
| type | string Enum: "package" "container_package" Example: type=package The package finding types to include. |
| tag | string Example: tag=package_type__eq__alpine a tag query used to filter the findings |
| per_page | integer Number of results per page; defaults to 50 |
| page | integer The page of results to fetch. Results are not guaranteed to be deterministic using this approach; we recommended using the |
| sort | string Enum: "package" "url" "name" "namespace" "type" "version" "license" "created_at" "num_vulns" "num_reachable" "num_exploitable" How to sort results; defaults to ID |
| order | string Enum: "desc" "asc" Direction of the sort; defaults to descending |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "packages": [
- {
- "package": "github.com/concourse/s3-resource",
- "url": "pkg:golang/github.com/concourse/s3-resource@%28devel%29",
- "name": "s3-resource",
- "namespace": "github.com/concourse",
- "type": "golang",
- "version": "(devel)",
- "license": "Apache-2.0",
- "created_at": "2023-05-26T15:04:07.278721+01:00",
- "finding_type": "container_package",
- "num_vulns": 5,
- "num_reachable": 3,
- "num_exploitable": 0
}, - {
- "package": "axios",
- "url": "pkg:npm/axios@0.19.0",
- "name": "axios",
- "namespace": "",
- "type": "npm",
- "version": "0.19.0",
- "license": "MIT",
- "created_at": "2023-05-26T11:26:35.521801+01:00",
- "finding_type": "package",
- "num_vulns": 2,
- "num_reachable": 2,
- "num_exploitable": 1
}
], - "has_more": true
}
}List dependencies that match the search
Return all dependencies for the org apps if they match the search criteria.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
query Parameters
| search | string Search filter that looks for matches in finding titles and tags |
| page | integer [ 1 .. 20 ] Default: 1 Example: page=1 The page of results to fetch. Currently asking for pages beyond 20 will fail. |
| per_page | integer [ 0 .. 1000 ] Default: 250 Number of results per page. |
| from | integer Packages found during scans created as of this time are included in the search. Value should be a Unix timestamp (in seconds). Defaults to 4 months before |
| until | integer Packages found during scans created up to this time are included in the search. Value should be a Unix timestamp (in seconds). Defaults to the creation timestamp of the most recent successful scan. |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": [
- {
- "id": "1",
- "app": "hello-qwiet",
- "type": "vuln",
- "title": "Sensitive Data Leak: Sensitive data contained in HTTP request/response",
- "tags": [
- {
- "key": "severity",
- "value": "info"
}, - {
- "key": "cvss_score",
- "value": 2
}
]
}
]
}Retrieve package information (CVEs, licenses, and more) for a list of PURLs
Request Body schema: application/json
| purls | Array of strings |
Responses
Request samples
- Payload
{- "purls": [
- "pkg:maven/commons-io/commons-io@2.5"
]
}Response samples
- 200
- default
{- "ok": true,
- "response": [
- {
- "purl": "pkg:maven/commons-io/commons-io@2.5",
- "licenses": [
- "Apache-2.0"
], - "cves": [
- {
- "id": "CVE-2021-29425",
- "internalId": "GHSA-gwrp-pvrq-jmwv",
- "assigner": "GitHub",
- "cweIds": [
- "CWE-20",
- "CWE-22"
], - "references": [
- {
- "url": "string",
- "name": "string",
- "refsource": "string",
- "tags": [
- "string"
]
}
], - "descriptions": [
- {
- "lang": "string",
- "value": "string"
}
], - "impact": {
- "exploitabilityScore": 0,
- "impactScore": 0,
- "cvssV3": {
- "version": "string",
- "vectorString": "string",
- "confidentialityImpact": "string",
- "integrityImpact": "string",
- "availabilityImpact": "string",
- "baseScore": 0,
- "attackVector": "string",
- "attackComplexity": "string",
- "privilegesRequired": "string",
- "userInteraction": "string",
- "scope": "string",
- "baseSeverity": "string"
}
}, - "publishedDate": "2019-08-24T14:15:22Z",
- "lastModifiedDate": "2019-08-24T14:15:22Z"
}
]
}
]
}List scans
Return the most recent scans for the indicated app.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
query Parameters
| tags | Array of strings The scan tags to filter by (e.g., |
| limit | integer The number of scans to return (must be between 1 and 50, inclusive). The default is 10 scans |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "scans": [
- {
- "id": "1234",
- "app": "hello-qwiet",
- "version": "f348b507198fee7b6b57a460ef8a6c94783c59258f823dfcde41a2b5cb69765f",
- "successful": true,
- "is_default_branch": true,
- "started_at": "2019-08-24T14:15:22Z",
- "completed_at": "2019-08-24T14:15:22Z",
- "language": "javascript",
- "number_of_expressions": 10,
- "tags": { },
- "oss_info": {
- "enabled": true,
- "successful": true,
- "failure_reason": "string"
}, - "counts": [
- {
- "key": "category",
- "value": "XSS",
- "finding_type": "vuln",
- "count": 42
}
], - "findings_summaries": [
- {
- "finding_type": "vuln",
- "total": 10,
- "total_reachable": 0,
- "total_ignored": 1,
- "total_fixed": 3,
- "by_severity": {
- "info": {
- "total": 6
}, - "critical": {
- "total": 3,
- "total_fixed": 3
}, - "moderate": {
- "total": 1,
- "total_ignored": 1
}
}, - "by_category": {
- "Sensitive Data Leak": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}, - "by_assignee": {
- "test@qwiet.ai": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}
}
], - "total": 101,
- "total_fixed": 42,
- "total_ignored": 17
}
]
}
}Compare scans
Compare two scans and return a list of the findings in each, along with regression information.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
query Parameters
| source required | string^scan\.\d+|tag\.\w=\w$ Example: source=scan.128|tag.branch=samplebranch The source scan for a comparison |
| target required | string^scan\.\d+|tag\.\w=\w$ Example: target=scan.128|tag.branch=samplebranch The target scan for a comparison |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "source": {
- "id": "1234",
- "app": "hello-qwiet",
- "version": "f348b507198fee7b6b57a460ef8a6c94783c59258f823dfcde41a2b5cb69765f",
- "successful": true,
- "started_at": "2019-08-24T14:15:22Z",
- "completed_at": "2019-08-24T14:15:22Z",
- "language": "javascript",
- "number_of_expressions": 10,
- "tags": { }
}, - "target": {
- "id": "1234",
- "app": "hello-qwiet",
- "version": "f348b507198fee7b6b57a460ef8a6c94783c59258f823dfcde41a2b5cb69765f",
- "successful": true,
- "started_at": "2019-08-24T14:15:22Z",
- "completed_at": "2019-08-24T14:15:22Z",
- "language": "javascript",
- "number_of_expressions": 10,
- "tags": { }
}, - "new": [
- {
- "id": "1",
- "app": "hello-qwiet",
- "type": "vuln",
- "title": "Sensitive Data Leak: Sensitive data contained in HTTP request/response",
- "description": "Sensitive data included in HTTP request/response. This could result in sensitive data exposure",
- "severity": "low",
- "owasp_category": "a3-sensitive-data-exposure",
- "category": "Sensitive Data Leak",
- "version_first_seen": "string",
- "details": { },
- "internal_id": "sensitive-to-http/f5ecc6f0cae821f47a06c939d1b9c7ee",
- "regression": true
}
], - "fixed": [
- {
- "id": "1",
- "app": "hello-qwiet",
- "type": "vuln",
- "title": "Sensitive Data Leak: Sensitive data contained in HTTP request/response",
- "description": "Sensitive data included in HTTP request/response. This could result in sensitive data exposure",
- "severity": "low",
- "owasp_category": "a3-sensitive-data-exposure",
- "category": "Sensitive Data Leak",
- "version_first_seen": "string",
- "details": { },
- "internal_id": "sensitive-to-http/f5ecc6f0cae821f47a06c939d1b9c7ee",
- "regression": true
}
], - "common": [
- {
- "id": "1",
- "app": "hello-qwiet",
- "type": "vuln",
- "title": "Sensitive Data Leak: Sensitive data contained in HTTP request/response",
- "description": "Sensitive data included in HTTP request/response. This could result in sensitive data exposure",
- "severity": "low",
- "owasp_category": "a3-sensitive-data-exposure",
- "category": "Sensitive Data Leak",
- "version_first_seen": "string",
- "details": { },
- "internal_id": "sensitive-to-http/f5ecc6f0cae821f47a06c939d1b9c7ee",
- "regression": true
}
]
}
}Check a scan against a set of rules
Check a scan against a set of rules, using another scan as a reference.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| compoundName required | string A compound's name |
Request Body schema: application/json
| version required | integer Value: 2 |
required | object |
object or object The scan that is the starting point of a 'diff' check. Defaults to the previous scan of the current branch. | |
object or object The focus of the check. Defaults to the last scan of the default branch. | |
required | Array of objects The rules to apply. Note that ID must be unique. |
Responses
Request samples
- Payload
{- "version": 2,
- "meta": {
- "num_findings": 5,
- "kind": "single",
- "send-to-jira": true
}, - "source": {
- "branch": "main"
}, - "target": {
- "branch": "feature-branch"
}, - "rules": [
- {
- "id": "no-crits",
- "tags": {
- "severity": [
- "critical"
]
}, - "threshold": 0,
- "num_findings": 100
}
]
}Response samples
- 200
- default
{- "ok": true,
- "response": {
- "source": {
- "id": 1
}, - "target": {
- "id": 1
}, - "rules": {
- "property1": {
- "by_tag": {
- "property1": {
- "property1": 0,
- "property2": 0
}, - "property2": {
- "property1": 0,
- "property2": 0
}
}, - "reachable": 0,
- "matched": 0,
- "over_threshold": 0,
- "findings": [
- {
- "id": 0,
- "title": "string",
- "tags": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}
}
]
}, - "property2": {
- "by_tag": {
- "property1": {
- "property1": 0,
- "property2": 0
}, - "property2": {
- "property1": 0,
- "property2": 0
}
}, - "reachable": 0,
- "matched": 0,
- "over_threshold": 0,
- "findings": [
- {
- "id": 0,
- "title": "string",
- "tags": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}
}
]
}
}, - "totals": {
- "by_tag": {
- "property1": {
- "property1": 0,
- "property2": 0
}, - "property2": {
- "property1": 0,
- "property2": 0
}
}, - "reachable": 0,
- "matched": 0,
- "over_threshold": 0,
- "findings": [
- {
- "id": 0,
- "title": "string",
- "tags": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}
}
]
}
}
}Read scan details
Return details for the specified scan.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
| scanID required | string ID of the scan |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": [
- {
- "id": "1234",
- "app": "hello-qwiet",
- "version": "f348b507198fee7b6b57a460ef8a6c94783c59258f823dfcde41a2b5cb69765f",
- "successful": true,
- "is_default_branch": true,
- "started_at": "2019-08-24T14:15:22Z",
- "completed_at": "2019-08-24T14:15:22Z",
- "language": "javascript",
- "number_of_expressions": 10,
- "tags": { },
- "oss_info": {
- "enabled": true,
- "successful": true,
- "failure_reason": "string"
}, - "counts": [
- {
- "key": "category",
- "value": "XSS",
- "finding_type": "vuln",
- "count": 42
}
], - "findings_summaries": [
- {
- "finding_type": "vuln",
- "total": 10,
- "total_reachable": 0,
- "total_ignored": 1,
- "total_fixed": 3,
- "by_severity": {
- "info": {
- "total": 6
}, - "critical": {
- "total": 3,
- "total_fixed": 3
}, - "moderate": {
- "total": 1,
- "total_ignored": 1
}
}, - "by_category": {
- "Sensitive Data Leak": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}, - "by_assignee": {
- "test@qwiet.ai": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}
}
], - "total": 101,
- "total_fixed": 42,
- "total_ignored": 17
}
]
}Read check scans report
Read Check Scans Report.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
| scanID required | string ID of the scan |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": [
- {
- "source": {
- "id": 1
}, - "target": {
- "id": 1
}, - "rules": {
- "property1": {
- "by_tag": {
- "property1": {
- "property1": 0,
- "property2": 0
}, - "property2": {
- "property1": 0,
- "property2": 0
}
}, - "reachable": 0,
- "matched": 0,
- "over_threshold": 0,
- "findings": [
- {
- "id": 0,
- "title": "string",
- "tags": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}
}
]
}, - "property2": {
- "by_tag": {
- "property1": {
- "property1": 0,
- "property2": 0
}, - "property2": {
- "property1": 0,
- "property2": 0
}
}, - "reachable": 0,
- "matched": 0,
- "over_threshold": 0,
- "findings": [
- {
- "id": 0,
- "title": "string",
- "tags": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}
}
]
}
}, - "totals": {
- "by_tag": {
- "property1": {
- "property1": 0,
- "property2": 0
}, - "property2": {
- "property1": 0,
- "property2": 0
}
}, - "reachable": 0,
- "matched": 0,
- "over_threshold": 0,
- "findings": [
- {
- "id": 0,
- "title": "string",
- "tags": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}
}
]
}
}
]
}List scans in a compound, returning a subset of the scan summary information
The full information we can return about a scan is a lot of data, which slows down a UI that only wants to present a subset of it to the user. This endpoint returns only the subset actually needed for rendering that UI. As such it's meant for internal use only, but is documented because other API users may find it useful for similar reasons.
path Parameters
| orgID required | string <uuid> The org ID |
| compoundName required | string A compound's name |
query Parameters
| limit | integer [ 1 .. 100 ] Default: 10 The number of scans to return. |
| branch | string Only consider scans on this branch. |
| upto | integer Only list scans created before this time (given in nanoseconds since the UNIX Epoch). |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "agents": [
- "vscode"
], - "scans": [
- {
- "polyglot_scan_id": 1,
- "created_at": "2019-08-24T14:15:22Z",
- "agent": "harness",
- "branch": "feature/more-potatoes",
- "languages": [
- "javascript"
], - "platforms": [
- "JAVASCRIPT"
], - "vulns": {
- "critical": 1,
- "high": 2,
- "medium": 3,
- "low": 5
}, - "oss_vulns": {
- "critical": 1,
- "high": 2,
- "medium": 3,
- "low": 5,
- "unreachable": 7
}, - "container_vulns": {
- "critical": 1,
- "high": 2,
- "medium": 3,
- "low": 5,
- "unreachable": 7
}, - "secrets": 42,
- "oss_risks": 3,
- "failures": [
- "Failed to create CPG File"
]
}
]
}
}Read compound scan
Retrieve details for a specific scan of a compound
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| compoundName required | string A compound's name |
| scanID required | string The ID of the scan to retrieve |
query Parameters
| archived | boolean If present, includes archived compounds |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "id": "1234",
- "app": "hello-qwiet",
- "version": "f348b507198fee7b6b57a460ef8a6c94783c59258f823dfcde41a2b5cb69765f",
- "successful": true,
- "is_default_branch": true,
- "started_at": "2019-08-24T14:15:22Z",
- "completed_at": "2019-08-24T14:15:22Z",
- "language": "javascript",
- "number_of_expressions": 10,
- "tags": { },
- "oss_info": {
- "enabled": true,
- "successful": true,
- "failure_reason": "string"
}, - "counts": [
- {
- "key": "category",
- "value": "XSS",
- "finding_type": "vuln",
- "count": 42
}
], - "findings_summaries": [
- {
- "finding_type": "vuln",
- "total": 10,
- "total_reachable": 0,
- "total_ignored": 1,
- "total_fixed": 3,
- "by_severity": {
- "info": {
- "total": 6
}, - "critical": {
- "total": 3,
- "total_fixed": 3
}, - "moderate": {
- "total": 1,
- "total_ignored": 1
}
}, - "by_category": {
- "Sensitive Data Leak": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}, - "by_assignee": {
- "test@qwiet.ai": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}
}
], - "total": 101,
- "total_fixed": 42,
- "total_ignored": 17
}
}List Scans of Compound
List all scans for a specific compound
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| compoundName required | string A compound's name |
query Parameters
| archived | boolean If present, includes archived compounds |
| status | string Enum: "completed" "running" "failed" Filter scans by status |
| branch | string Filter scans by branch |
| limit | integer The number of scans to return (must be between 1 and 50, inclusive). The default is 10 scans |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "scans": [
- {
- "id": "1234",
- "app": "hello-qwiet",
- "version": "f348b507198fee7b6b57a460ef8a6c94783c59258f823dfcde41a2b5cb69765f",
- "successful": true,
- "is_default_branch": true,
- "started_at": "2019-08-24T14:15:22Z",
- "completed_at": "2019-08-24T14:15:22Z",
- "language": "javascript",
- "number_of_expressions": 10,
- "tags": { },
- "oss_info": {
- "enabled": true,
- "successful": true,
- "failure_reason": "string"
}, - "counts": [
- {
- "key": "category",
- "value": "XSS",
- "finding_type": "vuln",
- "count": 42
}
], - "findings_summaries": [
- {
- "finding_type": "vuln",
- "total": 10,
- "total_reachable": 0,
- "total_ignored": 1,
- "total_fixed": 3,
- "by_severity": {
- "info": {
- "total": 6
}, - "critical": {
- "total": 3,
- "total_fixed": 3
}, - "moderate": {
- "total": 1,
- "total_ignored": 1
}
}, - "by_category": {
- "Sensitive Data Leak": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}, - "by_assignee": {
- "test@qwiet.ai": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}
}
], - "total": 101,
- "total_fixed": 42,
- "total_ignored": 17
}
]
}
}Read scan's finding counts (grouped by OWASP category)
Returns a detailed list of OWASP categories and sub-categories and their counts (where available).
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
| scanID required | string ID of the scan |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "2017": {
- "uncategorized": {
- "Authentication Bypass": 0,
- "Cross-Site Request Forgery": 0,
- "Deprecated Function Use": 0,
- "Fingerprinting": 0,
- "Insecure Direct Object Reference": 0,
- "Invalid Certificate Validation": 0,
- "Open Redirect": 0,
- "Phishing": 0,
- "Potential Cross-Site Scripting": 0,
- "Potential NoSQL Injection": 0,
- "Potential Regex Injection": 0,
- "Potential Remote Code Execution": 0,
- "Potential Server-Side Request Forgery": 0,
- "Potential XML External Entities": 0,
- "Remote Code Execution": 0,
- "Security Misconfiguration": 0,
- "Server-Side Request Forgery": 0,
- "Weak Cipher": 0,
- "Weak Hash": 0,
- "Weak Random": 0,
- "Weak Secret Storage": 0
}, - "a1-injection": {
- "Command Injection": 0,
- "Cross-Site Scripting": 0,
- "Deprecated Function Use": 0,
- "Deserialization": 0,
- "HTTP to Database": 0,
- "Header Injection": 0,
- "JSON Injection": 0,
- "LDAP Injection": 0,
- "Log Forging": 0,
- "Mail Injection": 0,
- "NoSQL Injection": 0,
- "Open Redirect": 0,
- "Potential SQL Injection": 0,
- "Prototype Pollution": 0,
- "Regex Injection": 0,
- "Remote Code Execution": 0,
- "SQL Injection": 0,
- "Security Best Practices": 0,
- "Sensitive Data Leak": 0,
- "Server-Side Request Forgery": 0,
- "Unsafe Lambda Call": 0,
- "Unsafe Reflection": 0,
- "XML External Entities": 0,
- "XPath Injection": 0
}, - "a2-broken-authentication": {
- "Insecure Authentication": 0,
- "Security Misconfiguration": 0,
- "Session Injection": 0,
- "Timing Attack": 0
}, - "a3-sensitive-data-exposure": {
- "Crypto": 0,
- "Denial of Service": 0,
- "Deprecated Function Use": 0,
- "Error Handling": 0,
- "Hardcoded Credentials": 0,
- "Security Best Practices": 0,
- "Security Misconfiguration": 0,
- "Sensitive Data Exposure": 0,
- "Sensitive Data Leak": 0,
- "Sensitive Data Usage": 0,
- "Weak Cipher": 0,
- "Weak Hash": 0
}, - "a4-xml-external-entities": {
- "XML External Entities": 0
}, - "a5-broken-access-control": {
- "Authentication Bypass": 0,
- "CRLF Injection": 0,
- "Directory Traversal": 0,
- "HTTP to Model": 0,
- "Insecure Content Provider": 0,
- "Insecure Data Storage": 0,
- "Insecure File Provider Paths": 0,
- "Loose File Permissions": 0,
- "Race Condition": 0,
- "Session Injection": 0
}, - "a6-security-misconfiguration": {
- "Cross-Site Request Forgery": 0,
- "Cross-Site Scripting": 0,
- "Denial of Service": 0,
- "Directory Listing": 0,
- "Hardcoded Credentials": 0,
- "Improper Input Validation": 0,
- "Intent Redirection": 0,
- "Security Best Practices": 0,
- "Security Misconfiguration": 0,
- "Sensitive Data Leak": 0,
- "Weak Secret Storage": 0
}, - "a7-cross-site-scripting": {
- "Cross-Site Scripting": 0,
- "Potential Cross-Site Scripting": 0,
- "Security Misconfiguration": 0,
- "Template Injection": 0
}, - "a8-insecure-deserialization": {
- "Deserialization": 0
}, - "a9-using components with known vulnerabilities": {
- "Denial of Service": 0,
- "Deprecated Function Use": 0,
- "Security Best Practices": 0,
- "Weak Random": 0
}
}, - "2021": {
- "uncategorized": {
- "Authentication Bypass": 0,
- "Cross-Site Request Forgery": 0,
- "Deprecated Function Use": 0,
- "Fingerprinting": 0,
- "Insecure Direct Object Reference": 0,
- "Invalid Certificate Validation": 0,
- "Open Redirect": 0,
- "Phishing": 0,
- "Potential Cross-Site Scripting": 0,
- "Potential NoSQL Injection": 0,
- "Potential Regex Injection": 0,
- "Potential Remote Code Execution": 0,
- "Potential Server-Side Request Forgery": 0,
- "Potential XML External Entities": 0,
- "Remote Code Execution": 0,
- "Security Misconfiguration": 0,
- "Server-Side Request Forgery": 0,
- "Weak Cipher": 0,
- "Weak Hash": 0,
- "Weak Random": 0,
- "Weak Secret Storage": 0
}, - "a01-broken-access-control": {
- "Authentication Bypass": 0,
- "CRLF Injection": 0,
- "Directory Listing": 0,
- "Directory Traversal": 0,
- "HTTP to Model": 0,
- "Insecure Content Provider": 0,
- "Insecure Data Storage": 0,
- "Insecure File Provider Paths": 0,
- "Loose File Permissions": 0,
- "Race Condition": 0,
- "Security Misconfiguration": 0,
- "Session Injection": 0
}, - "a02-cryptographic-failures": {
- "Denial of Service": 0,
- "Deprecated Function Use": 0,
- "Security Misconfiguration": 0,
- "Weak Random": 0
}, - "a03-injection": {
- "Command Injection": 0,
- "Cross-Site Scripting": 0,
- "Deprecated Function Use": 0,
- "Deserialization": 0,
- "HTTP to Database": 0,
- "Header Injection": 0,
- "Improper Input Validation": 0,
- "JSON Injection": 0,
- "LDAP Injection": 0,
- "Log Forging": 0,
- "Mail Injection": 0,
- "NoSQL Injection": 0,
- "Open Redirect": 0,
- "Potential Cross-Site Scripting": 0,
- "Potential SQL Injection": 0,
- "Prototype Pollution": 0,
- "Regex Injection": 0,
- "Remote Code Execution": 0,
- "SQL Injection": 0,
- "Security Best Practices": 0,
- "Security Misconfiguration": 0,
- "Sensitive Data Leak": 0,
- "Server-Side Request Forgery": 0,
- "Template Injection": 0,
- "Unsafe Lambda Call": 0,
- "Unsafe Reflection": 0,
- "XML External Entities": 0,
- "XPath Injection": 0
}, - "a04-insecure-design": {
- "Denial of Service": 0,
- "Security Best Practices": 0
}, - "a05-security-misconfiguration": {
- "Cross-Site Request Forgery": 0,
- "Cross-Site Scripting": 0,
- "Crypto": 0,
- "Denial of Service": 0,
- "Error Handling": 0,
- "Hardcoded Credentials": 0,
- "Intent Redirection": 0,
- "Security Best Practices": 0,
- "Security Misconfiguration": 0,
- "Sensitive Data Exposure": 0,
- "Sensitive Data Leak": 0,
- "Sensitive Data Usage": 0,
- "Weak Cipher": 0,
- "Weak Hash": 0,
- "Weak Secret Storage": 0,
- "XML External Entities": 0
}, - "a06-vulnerable-and-outdated-components": { },
- "a07-identification-and-authentication-failures": {
- "Hardcoded Credentials": 0,
- "Insecure Authentication": 0,
- "Security Misconfiguration": 0,
- "Session Injection": 0,
- "Timing Attack": 0
}, - "a08-software-and-data-integrity-failures": {
- "Deserialization": 0
}, - "a09-security-logging-and-monitoring-failures": { },
- "a10-server-side-request-forgery-(ssrf)": { }
}
}
}Scopes define the type of resource and the operation that you can perform with the access token you bear. For example, scans:create means that the bearer of the token with this scope can create scans via the API.
For each endpoint, we indicate the scope required to perform an operation under Authorizations.
We also offer helper endpoints that allow you to determine what the allowed scopes for your access token are in the context of a specific API resource.
List user's org scopes
Return a list of the scopes the user's bearer token is allowed to perform in the context of an org.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": [
- "teams:read",
- "apps:list",
- "github:install"
]
}List user's app scopes
Return a list of scopes the user is allowed to perform in the context of an app.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": [
- "scans:read",
- "findings:list",
- "findings:read"
]
}List user's team scopes
Return a list of scopes the user is allowed to perform in the context of their team.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| rbacTeamID required | string <uuid> The team ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": [
- "roles:read",
- "team:read",
- "team:update"
]
}Authorize Slack
Authorize Slack for the given organization and redirect to Slack authorization prompt
path Parameters
| orgID required | string <uuid> The org ID |
Responses
Response samples
- default
{- "ok": true,
- "code": "INTERNAL_SERVER_ERROR",
- "message": "Internal Server Error",
- "validation_errors": [
- "string"
]
}Receive Slack OAuth 2.0 data
Receive Slack OAuth 2.0 data and set up organization configuration with API token
path Parameters
| orgID required | string <uuid> The org ID |
Responses
Response samples
- default
{- "ok": true,
- "code": "INTERNAL_SERVER_ERROR",
- "message": "Internal Server Error",
- "validation_errors": [
- "string"
]
}Delete Slack OAuth 2.0 data
Delete the Slack configuration for the given organization and revoke stored API token
path Parameters
| orgID required | string <uuid> The org ID |
Responses
Response samples
- default
{- "ok": true,
- "code": "INTERNAL_SERVER_ERROR",
- "message": "Internal Server Error",
- "validation_errors": [
- "string"
]
}Read team config
Return the configuration of a team.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| rbacTeamID required | string <uuid> The team ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "analysis_configuration": {
- "secrets": {
- "entropy": 0,
- "disable": true
}
}
}
}Update team config
Update the team's configuration.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| rbacTeamID required | string <uuid> The team ID |
Request Body schema: application/json
object (TeamAnalysisConfiguration) Team level analysis configuration | |||||||||
| |||||||||
Responses
Request samples
- Payload
{- "analysis_configuration": {
- "secrets": {
- "entropy": 0,
- "disable": true
}
}
}Response samples
- 200
- default
{- "ok": true,
- "response": {
- "analysis_configuration": {
- "secrets": {
- "entropy": 0,
- "disable": true
}
}
}
}Patch team config
Partially update the team's configuration. Only fields present in the request body will be updated; all other fields are preserved.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| rbacTeamID required | string <uuid> The team ID |
Request Body schema: application/json
object (TeamAnalysisConfiguration) Team level analysis configuration | |||||||||
| |||||||||
Responses
Request samples
- Payload
{- "analysis_configuration": {
- "secrets": {
- "entropy": 0,
- "disable": true
}
}
}Response samples
- 200
- default
{- "ok": true,
- "response": {
- "analysis_configuration": {
- "secrets": {
- "entropy": 0,
- "disable": true
}
}
}
}Read merged team config
Return the effective configuration of a team by taking the organization configuration before merging in the actual team configuration on top, overriding those defaults.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| rbacTeamID required | string <uuid> The team ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "analysis_configuration": {
- "secrets": {
- "entropy": 0,
- "disable": true
}
}
}
}Used to authenticate with the API.
Can be issued by org admins. Each access token is owned by the org that issued it.
List access token roles
Return a list of roles an that are assigned to an access token and are available for use (includes only the roles that are managed by Qwiet).
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": [
- {
- "id": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "label": "Jira plugin",
- "description": "This role grants the token permissions required for the Qwiet Jira Plugin.",
- "role_type": "managed"
}
]
}List tokens
Return a list of tokens issued by the org.
The token data returned includes metadata that identifies a token, included permissions, and an ID you can use to delete/revoke the token. The token data does NOT return the token value, which is exposed only when Qwiet issues the token.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
query Parameters
| show_expired | boolean Whether expired tokens should be returned or not |
| token_type | string (TokenType) Enum: "access" "integration" Filter the response by the type of token |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": [
- {
- "id": "b7f521ca-d3f8-4a22-b7d9-8d12b1a7c1b7",
- "label": "Jira integration token",
- "description": "This token was generated to integrate the Qwiet Jira Plugin",
- "role_id": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "token_type": "integration"
}
]
}Create token
Create a new token for use with the API. The token can be assigned a role using the role_id parameter in the request body.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Request Body schema: application/json
| label required | string A user-defined label to identify the token |
| description | string A user-defined description that describes why this token was created and how it should be used |
| role_id required | string The ID of the role attached to this token. For integration tokens, this can be either a predefined role ID from the List access token roles endpoint or a custom organization role ID from the List custom RBAC roles endpoint. |
| token_type | string (TokenType) Enum: "access" "integration" |
| valid_for_seconds | integer The duration (in seconds) for which the token is valid (optional) |
Responses
Request samples
- Payload
{- "label": "On-prem Jira",
- "description": "Used by the on-prem Jira integration to communicate with Qwiet",
- "role_id": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "token_type": "integration",
- "valid_for_seconds": 600
}Response samples
- 200
- default
{- "ok": true,
- "response": {
- "value": "this_is_the_token_value_that_will_only_be_exposed_once",
- "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
- "label": "On-prem Jira",
- "token_type": "integration",
- "description": "Used by the on-prem Jira integration to communicate with Qwiet",
- "role_id": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b"
}
}Read user and their organization information.
Read the user and their organization membership and invites information.
Authorizations:
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "idv2": "c0da4f6a-7041-4fb3-850f-b89fcfaddf43",
- "idv1": "string",
- "name": "string",
- "email": "user@example.com",
- "emailVerified": true,
- "membership": [
- {
- "organization": "452c1a86-a0af-475b-b03f-724878b0f387",
- "organizationName": "string"
}
], - "invites": [
- {
- "organization": "452c1a86-a0af-475b-b03f-724878b0f387",
- "organizationName": "string",
- "inviteId": "14ca54c2-5d85-4c93-81b5-495a2e7e0ca4"
}
], - "lastLoginUTCTimestampHistory": [
- 0
]
}
}List app versions
Return a list of the versions of the app that Qwiet has scanned
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
query Parameters
| tags | Array of strings The scan tags to filter by (e.g., |
| type | string The type of findings. Accepted values are |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": [
- {
- "version": "0a907104bfe6175e3a3ea375e2cb7728",
- "scan": {
- "id": "1234",
- "app": "hello-qwiet",
- "version": "f348b507198fee7b6b57a460ef8a6c94783c59258f823dfcde41a2b5cb69765f",
- "successful": true,
- "is_default_branch": true,
- "started_at": "2019-08-24T14:15:22Z",
- "completed_at": "2019-08-24T14:15:22Z",
- "language": "javascript",
- "number_of_expressions": 10,
- "tags": { },
- "oss_info": {
- "enabled": true,
- "successful": true,
- "failure_reason": "string"
}, - "counts": [
- {
- "key": "category",
- "value": "XSS",
- "finding_type": "vuln",
- "count": 42
}
], - "findings_summaries": [
- {
- "finding_type": "vuln",
- "total": 10,
- "total_reachable": 0,
- "total_ignored": 1,
- "total_fixed": 3,
- "by_severity": {
- "info": {
- "total": 6
}, - "critical": {
- "total": 3,
- "total_fixed": 3
}, - "moderate": {
- "total": 1,
- "total_ignored": 1
}
}, - "by_category": {
- "Sensitive Data Leak": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}, - "by_assignee": {
- "test@qwiet.ai": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}
}
], - "total": 101,
- "total_fixed": 42,
- "total_ignored": 17
}, - "findings_summaries": [
- {
- "finding_type": "vuln",
- "total": 10,
- "total_reachable": 0,
- "total_ignored": 1,
- "total_fixed": 3,
- "by_severity": {
- "info": {
- "total": 6
}, - "critical": {
- "total": 3,
- "total_fixed": 3
}, - "moderate": {
- "total": 1,
- "total_ignored": 1
}
}, - "by_category": {
- "Sensitive Data Leak": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}, - "by_assignee": {
- "test@qwiet.ai": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}
}
], - "total": 1489,
- "total_fixed": 131,
- "total_ignored": 197
}
]
}Read summary of findings for an app version
Return a summary of findings for a single version
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
| versionID required | string The version ID (e.g., |
query Parameters
| type | string The type of findings. Accepted values are |
| scan | string The ID of the scan to filter to. Defaults to the latest scan |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "version": "0a907104bfe6175e3a3ea375e2cb7728",
- "scan": {
- "id": "1234",
- "app": "hello-qwiet",
- "version": "f348b507198fee7b6b57a460ef8a6c94783c59258f823dfcde41a2b5cb69765f",
- "successful": true,
- "is_default_branch": true,
- "started_at": "2019-08-24T14:15:22Z",
- "completed_at": "2019-08-24T14:15:22Z",
- "language": "javascript",
- "number_of_expressions": 10,
- "tags": { },
- "oss_info": {
- "enabled": true,
- "successful": true,
- "failure_reason": "string"
}, - "counts": [
- {
- "key": "category",
- "value": "XSS",
- "finding_type": "vuln",
- "count": 42
}
], - "findings_summaries": [
- {
- "finding_type": "vuln",
- "total": 10,
- "total_reachable": 0,
- "total_ignored": 1,
- "total_fixed": 3,
- "by_severity": {
- "info": {
- "total": 6
}, - "critical": {
- "total": 3,
- "total_fixed": 3
}, - "moderate": {
- "total": 1,
- "total_ignored": 1
}
}, - "by_category": {
- "Sensitive Data Leak": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}, - "by_assignee": {
- "test@qwiet.ai": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}
}
], - "total": 101,
- "total_fixed": 42,
- "total_ignored": 17
}, - "findings_summaries": [
- {
- "finding_type": "vuln",
- "total": 10,
- "total_reachable": 0,
- "total_ignored": 1,
- "total_fixed": 3,
- "by_severity": {
- "info": {
- "total": 6
}, - "critical": {
- "total": 3,
- "total_fixed": 3
}, - "moderate": {
- "total": 1,
- "total_ignored": 1
}
}, - "by_category": {
- "Sensitive Data Leak": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}, - "by_assignee": {
- "test@qwiet.ai": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}
}
], - "total": 1489,
- "total_fixed": 131,
- "total_ignored": 197
}
}Get WIZ client credentials
Get the client credentials i.e. authURL, apiURL.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Responses
Response samples
- default
{- "ok": true,
- "code": "INTERNAL_SERVER_ERROR",
- "message": "Internal Server Error",
- "validation_errors": [
- "string"
]
}Store WIZ client credentials
Captures the wiz client credentials such as clientID, clientSecret, authentication url & API endpoint.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Request Body schema: application/json
| client_id | string service account client id |
| client_secret | string service account client secret |
| auth_url | string wiz authentication url (i.e. "https://auth.app.wiz.io/oauth/token") |
| api_url | string wiz api endpoint (i.e. "https://api.us17.app.wiz.io/graphql") |
Responses
Request samples
- Payload
{- "client_id": "string",
- "client_secret": "string",
- "auth_url": "string",
- "api_url": "string"
}Response samples
- default
{- "ok": true,
- "code": "INTERNAL_SERVER_ERROR",
- "message": "Internal Server Error",
- "validation_errors": [
- "string"
]
}Get Wiz Compound enrollment status
Get the compound enrollment status. Provides detail about enrolled enrichments. If no compound level configuration present, it fetches the organization level configurations.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| compoundName required | string A compound's name |
Responses
Response samples
- default
{- "ok": true,
- "code": "INTERNAL_SERVER_ERROR",
- "message": "Internal Server Error",
- "validation_errors": [
- "string"
]
}Update Wiz Compound enrollment
Updates compound enrollment. A compound can be enrolled for multiple supported enrichment [SAST/SCA]. Only the projects under enrolled compound are allowed for wiz integration after the successful project scan.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| compoundName required | string A compound's name |
Request Body schema: application/json
| enrolled_for | Array of strings enrichment type, possible values [SAST, SCA] |
| scope | string indicates the scope from which configuration are fetched. If no config found for requested scope, it fetches the config from higher level. possible values- compound / organization. |
| is_enabled | boolean disables enrichment at the config level. i.e. If a compound level enrichment is disabled, the compound will be ignored during enrichment even if the org level enrichment is enabled. Granular level configuration takes the higher precedence. |
Responses
Request samples
- Payload
{- "enrolled_for": [
- "string"
], - "scope": "string",
- "is_enabled": true
}Response samples
- default
{- "ok": true,
- "code": "INTERNAL_SERVER_ERROR",
- "message": "Internal Server Error",
- "validation_errors": [
- "string"
]
}Remove Wiz Compound enrollment
Removes compoud enrollment. Removed compound will not be used for wiz enrichment.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| compoundName required | string A compound's name |
Responses
Response samples
- default
{- "ok": true,
- "code": "INTERNAL_SERVER_ERROR",
- "message": "Internal Server Error",
- "validation_errors": [
- "string"
]
}Get Wiz Org enrollment status
Get the org enrollment status. Provides detail about enrolled enrichments.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Responses
Response samples
- default
{- "ok": true,
- "code": "INTERNAL_SERVER_ERROR",
- "message": "Internal Server Error",
- "validation_errors": [
- "string"
]
}Update Wiz Org enrollment
Updates Wiz org enrollment. This configuration will be default for all compounds under the organization unless overridden at compound level.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Request Body schema: application/json
| enrolled_for | Array of strings enrichment type, possible values [SAST, SCA] |
| scope | string indicates the scope from which configuration are fetched. If no config found for requested scope, it fetches the config from higher level. possible values- compound / organization. |
| is_enabled | boolean disables enrichment at the config level. i.e. If a compound level enrichment is disabled, the compound will be ignored during enrichment even if the org level enrichment is enabled. Granular level configuration takes the higher precedence. |
Responses
Request samples
- Payload
{- "enrolled_for": [
- "string"
], - "scope": "string",
- "is_enabled": true
}Response samples
- default
{- "ok": true,
- "code": "INTERNAL_SERVER_ERROR",
- "message": "Internal Server Error",
- "validation_errors": [
- "string"
]
}