# Code Insight REST API Documentation

The Code Insight REST APIs provide a standardized interface for interacting with the application.

An authorization JWT token must be included in the HTTP Authorization header using the Bearer schema.
The token can be obtained from the Code Insight Web UI under the Preferences menu. 
To set the token, click the **Authorize** button below on the right, enter the JWT token in the **Value** field, then click Authorize and close the dialog. Once authorized, the token will be automatically included in the HTTP Authorization header for all API requests made through the Swagger UI.

**Note:** If accessing the REST APIs through external tools such as **curl** or **Postman**, include the token manually in the HTTP header using the following format:
`Authorization: Bearer JWT_TOKEN`. _*"Bearer" must precede the actual JWT token value.*_


Version: v1

## Servers

Code Insight REST API Server
```
/codeinsight/api
```

## Security

### bearerAuth

Type: http
Scheme: bearer
Bearer Format: JWT

## Download OpenAPI description

[Code Insight REST API Documentation](https://codeinsightapi.redocly.app/_bundle/swagger.yaml)

## Email Templates

Internal API for fetching custom email templates and images from core server

### Get custom email template

 - [GET /emailTemplates/{templateName}](https://codeinsightapi.redocly.app/swagger/email-templates/getemailtemplate.md): Retrieves a custom email template from the core server's file system

### Get email template inline image

 - [GET /emailTemplates/images/{imageName}](https://codeinsightapi.redocly.app/swagger/email-templates/getemailtemplateimage.md): Retrieves an inline image from the core server's email templates images folder

### Check if custom email template exists

 - [GET /emailTemplates/{templateName}/exists](https://codeinsightapi.redocly.app/swagger/email-templates/templateexists.md): Checks if a custom email template exists on the core server

## CodebaseFolder

### Mark folder as reviewed/unreviewed

 - [PUT /codebasefolder/{folderId}/review](https://codeinsightapi.redocly.app/swagger/codebasefolder/updatefolderreview.md): For the given folderId mark as reviewed/unreviewed. Only the Analyst has the permission to do this operation.

## Deprecated APIs

### Component Lookup (deprecated)

 - [GET /component/lookup](https://codeinsightapi.redocly.app/swagger/deprecated-apis/componentlookup.md): This API is Deprecated and new API is codeinsight/api/components/search

### Generate Report (deprecated)

 - [GET /project/generateReport](https://codeinsightapi.redocly.app/swagger/deprecated-apis/generatereport.md): This API is deprecated please refer to /projects/{projectId}/reports/{reportId}/generate to Generate a report.
Refer /projects/{projectId}/reports/{reportId}/download to Download a report.
Generates Reports (PROJECT, AUDIT, NOTICES, CUSTOM_REPORT) for a given projectId. For CUSTOM_REPORT provide the name of the report. All project users including Observer, Reviewer and Analyst can generate reports for private projects.
Try it out is not available for this API. This API can be tested using conventional REST API clients such as postman or cURL.
When calling this API from a REST client, you need to redirect output to a zip file as follows

curl -X GET "http://HOST:PORT/codeinsight/api/project/generateReport?reportType=REPORT_TYPE&projectId=PROJECT_ID" -H "accept: application/octet-stream" -H "Authorization: Bearer JWT_TOKEN" > report.zip

### Create Project (deprecated)

 - [POST /project/createProject](https://codeinsightapi.redocly.app/swagger/deprecated-apis/createproject.md): Use the enhanced '/projects' api.

### Import Project Data (deprecated)

 - [POST /importer/importProjectData](https://codeinsightapi.redocly.app/swagger/deprecated-apis/importprojectdata.md): Imports project data for a given projectId. Only Project Owner and Analyst can Import Project Data into a private project.
Try it out is not available for this API. This API can be tested using conventional REST API clients such as postman or cURL
When calling this API from a REST client, you need to run curl as follows

curl -X POST "http://HOST:PORT/codeinsight/api/importer/importProjectData?projectId=PROJECT_ID&checkInventory=false&checkReviewed=false&createEmptyInventory=false&overwriteInventoryNotes=true" -H "accept: application/json" -H "Authorization: Bearer JWT_TOKEN" -H "content-type: application/octet-stream" --data-binary "@path/filename.zip"

Since this is deprecated, you can find the new api under projects api i.e., /projects/{projectId}/import

### Component Lookup (deprecated)

 - [GET /component/lookup](https://codeinsightapi.redocly.app/swagger/component/componentlookup.md): This API is Deprecated and new API is codeinsight/api/components/search

### Generate Report (deprecated)

 - [GET /project/generateReport](https://codeinsightapi.redocly.app/swagger/project-api/generatereport.md): This API is deprecated please refer to /projects/{projectId}/reports/{reportId}/generate to Generate a report.
Refer /projects/{projectId}/reports/{reportId}/download to Download a report.
Generates Reports (PROJECT, AUDIT, NOTICES, CUSTOM_REPORT) for a given projectId. For CUSTOM_REPORT provide the name of the report. All project users including Observer, Reviewer and Analyst can generate reports for private projects.
Try it out is not available for this API. This API can be tested using conventional REST API clients such as postman or cURL.
When calling this API from a REST client, you need to redirect output to a zip file as follows

curl -X GET "http://HOST:PORT/codeinsight/api/project/generateReport?reportType=REPORT_TYPE&projectId=PROJECT_ID" -H "accept: application/octet-stream" -H "Authorization: Bearer JWT_TOKEN" > report.zip

### Create Project (deprecated)

 - [POST /project/createProject](https://codeinsightapi.redocly.app/swagger/project-api/createproject.md): Use the enhanced '/projects' api.

## Component

### Component Lookup (deprecated)

 - [GET /component/lookup](https://codeinsightapi.redocly.app/swagger/deprecated-apis/componentlookup.md): This API is Deprecated and new API is codeinsight/api/components/search

### Component Search

 - [GET /components/search](https://codeinsightapi.redocly.app/swagger/component/componentsearch.md): Search for the components based on the given input and return list of components which includes registered,popular and unpopular.Response will not include vulnerabilities and licenses of the version

### Create a component custom version

 - [POST /components/{componentId}/versions](https://codeinsightapi.redocly.app/swagger/component/createcomponentversion.md): Create a component custom version

### Create a custom component

 - [POST /components](https://codeinsightapi.redocly.app/swagger/component/createcustomcomponent.md): Creates a custom component

### Delete a component custom version

 - [DELETE /components/{componentId}/versions/{id}](https://codeinsightapi.redocly.app/swagger/component/deletecomponentversion.md): Delete a custom version using the component ID and version ID. All existing inventory that uses this version will have its version changed to Unknown. You must have the Library Manager permission to delete a custom version.

### Delete a custom component

 - [DELETE /components/{id}](https://codeinsightapi.redocly.app/swagger/component/deletecustomcomponent.md): Delete a custom component using the component ID. All existing inventory that uses this component will be changed to work in progress. You must have the Library Manager permission to delete a custom component.

### Get Component

 - [GET /components/{componentId}](https://codeinsightapi.redocly.app/swagger/component/getcomponent.md): Get Component by id.

### Get Component version details

 - [GET /components/versions/{id}](https://codeinsightapi.redocly.app/swagger/component/getversiondetails.md): Get Component version details

### Get Component version vulnerabilities

 - [GET /components/{versionId}/vulnerabilities](https://codeinsightapi.redocly.app/swagger/component/getvulnerabilties.md): Get vulnerability details of a component version

### Component Lookup (deprecated)

 - [GET /component/lookup](https://codeinsightapi.redocly.app/swagger/component/componentlookup.md): This API is Deprecated and new API is codeinsight/api/components/search

## Project API

### Generate Report (deprecated)

 - [GET /project/generateReport](https://codeinsightapi.redocly.app/swagger/deprecated-apis/generatereport.md): This API is deprecated please refer to /projects/{projectId}/reports/{reportId}/generate to Generate a report.
Refer /projects/{projectId}/reports/{reportId}/download to Download a report.
Generates Reports (PROJECT, AUDIT, NOTICES, CUSTOM_REPORT) for a given projectId. For CUSTOM_REPORT provide the name of the report. All project users including Observer, Reviewer and Analyst can generate reports for private projects.
Try it out is not available for this API. This API can be tested using conventional REST API clients such as postman or cURL.
When calling this API from a REST client, you need to redirect output to a zip file as follows

curl -X GET "http://HOST:PORT/codeinsight/api/project/generateReport?reportType=REPORT_TYPE&projectId=PROJECT_ID" -H "accept: application/octet-stream" -H "Authorization: Bearer JWT_TOKEN" > report.zip

### Create Project (deprecated)

 - [POST /project/createProject](https://codeinsightapi.redocly.app/swagger/deprecated-apis/createproject.md): Use the enhanced '/projects' api.

### Get Project Inventories Delta from latest scan

 - [GET /project/inventoryDeltaFromLastScan/{projectId}](https://codeinsightapi.redocly.app/swagger/project-api/getmodifiedprojectinventorybyproject.md): Returns a Delta list of inventory after latest scan and relevant details for a given project. All project users including Observer, Reviewer and Analyst can view project inventory of private/public projects.

### Get Project Id

 - [GET /project/id](https://codeinsightapi.redocly.app/swagger/project-api/getprojectid.md): Returns projectId for a given projectName.

### Get Project Inventory

 - [GET /project/inventory/{projectId}](https://codeinsightapi.redocly.app/swagger/project-api/getprojectinventory.md): Returns a list of inventory and inventory details for a given project; includes a flag for a short/long version. All project users including Observer, Reviewer and Analyst can view project inventory of private projects.

### Get Project Inventory by Date

 - [GET /project/inventoryLite/{projectId}](https://codeinsightapi.redocly.app/swagger/project-api/getprojectinventorybydate.md): Returns a list of inventory and relevant details for a given project within the given date and time. All project users including Observer, Reviewer and Analyst can view project inventory of private/public projects.

### Get Scan Status

 - [GET /project/scanStatus/{taskId}](https://codeinsightapi.redocly.app/swagger/project-api/getprojectscanstatus.md): Returns a scan status for a given taskId which is obtained from /projectScan/{projectId}

### Upload Project Files.

 - [POST /project/uploadProjectCodebase](https://codeinsightapi.redocly.app/swagger/project-api/uploadproject.md): Uploads and extracts a codebase zip file for a project. (* Maximum supported file size is 10GB.). Upload only files with extensions zip,tar,tar.gz and 7z. Do not upload any .gz files directly without archiving it in a tar file. The upload result may come wrong if any compressed files uploaded directly without archiving it. Only Project Admin and Analyst can upload project codebase to a project.
Try it out is not available for this API. This API can be tested using conventional REST API clients such as postman or cURL.
When calling this API from a REST client, you need to run curl as follows

curl -X POST "http://HOST:PORT/codeinsight/api/project/uploadProjectCodebase?projectId=PROJECT_ID&deleteExistingFileOnServer=true&expansionLevel=1" -H "accept: application/json" -H "Authorization: Bearer JWT_TOKEN" -H "content-type: application/octet-stream" --data-binary "@path/filename.zip"

### Export Project Data

 - [GET /project/exportProjectData](https://codeinsightapi.redocly.app/swagger/project-api/exportprojectdata.md): Exports project data for a given projectId. Only Project Admin and Analyst can Export Project Data from a project.
Try it out is not available for this API. This API can be tested using conventional REST API clients such as postman or cURL.
When calling this API from a REST client, you need to redirect output to a zip file as follows

curl -X GET "http://HOST:PORT/codeinsight/api/project/exportProjectData?projectId=PROJECT_ID" -H "accept: application/octet-stream" -H "Authorization: Bearer JWT_TOKEN" > export.zip

### Download Report

 - [GET /projects/{projectId}/reports/{reportId}/download](https://codeinsightapi.redocly.app/swagger/project-api/downloadreport.md): Download Reports (PROJECT, AUDIT, NOTICES, CUSTOM_REPORT) for a given projectId. For ALL Reports we need to provide the id of the report. All project users including Observer, Reviewer and Analyst can download reports for private projects.
If a task is in progress the response will be 202 and the status will be provided in the header for e.g(ACTIVE, SCHEDULED).
Try it out is not available for this API. This API can be tested using conventional REST API clients such as postman or cURL.
When calling this API from a REST client, you need to redirect output to a zip file as follows

curl -X GET "http://HOST:PORT/codeinsight/api/projects/{projectId}/reports/{reportId}/download?taskId={taskId}" -H "accept: application/octet-stream" -H "Authorization: Bearer JWT_TOKEN" > report.zip

### Generate Report

 - [POST /projects/{projectId}/reports/{reportId}/generate](https://codeinsightapi.redocly.app/swagger/project-api/generatereport_1.md): Generates Reports (PROJECT, AUDIT, NOTICES, CUSTOM_REPORT) for a given projectId. For ALL Reports we need to provide the id of the report. All project users including Observer, Reviewer and Analyst can generate reports for private projects.

### Add child projects to parent project

 - [POST /projects/{projectId}/children](https://codeinsightapi.redocly.app/swagger/project-api/addchildprojects.md): Add child projects to parent project.

### Remove child Projects from parent project

 - [DELETE /projects/{projectId}/children](https://codeinsightapi.redocly.app/swagger/project-api/removechildprojects.md): Remove child project from parent project

### Users

 - [GET /projects/{projectId}/users](https://codeinsightapi.redocly.app/swagger/project-api/getprojectuserrole.md): Get Project Users with respect to Role

### Assign Role

 - [POST /projects/{projectId}/users](https://codeinsightapi.redocly.app/swagger/project-api/assignprojectrole.md): Assign a Users to a specific Project Role.Here "ownerId refers to the "contactId of the project.

### Unassign Project Role

 - [DELETE /projects/{projectId}/users](https://codeinsightapi.redocly.app/swagger/project-api/unassignprojectroles.md): Remove User(s) from a specific Project Role

### Get Projects

 - [GET /projects](https://codeinsightapi.redocly.app/swagger/project-api/getprojects.md): Get All The Projects

### Create Project

 - [POST /projects](https://codeinsightapi.redocly.app/swagger/project-api/createproject_1.md): Creates a project for the given input, updates project custom field values and returns projectId with success message.

### Get Project Information

 - [GET /projects/{projectId}](https://codeinsightapi.redocly.app/swagger/project-api/getprojectbyid.md): Get Project Information By Id

### Update Project

 - [PUT /projects/{projectId}](https://codeinsightapi.redocly.app/swagger/project-api/updateproject.md): Updates a project, custom field values for the given projectId.Here "owner" field refers to the "contact" of the project.

### Delete a project, deletion operation will be added to queue. To get status of project deletion use jobs/{jobId} API

 - [DELETE /projects/{projectId}](https://codeinsightapi.redocly.app/swagger/project-api/deleteproject.md): Deleting a project will delete all project inventory, custom field values, corresponding notes and all code base files permanently from the server.

### get all child projects

 - [GET /projects/{projectId}/childProjects](https://codeinsightapi.redocly.app/swagger/project-api/getallchildprojects.md): Get all child projects. parentProject property will not be shown in the response.

### get all parent projects

 - [GET /projects/{projectId}/parentProjects](https://codeinsightapi.redocly.app/swagger/project-api/getallparentprojects.md): Get all parent projects. childProject property will not be shown in the response.

### Fetch all scanned files for a project

 - [GET /projects/{projectId}/allscannedfiles](https://codeinsightapi.redocly.app/swagger/project-api/getallscannedfiles.md)

### Fetch Evidences for a project

 - [GET /projects/{projectId}/evidences](https://codeinsightapi.redocly.app/swagger/project-api/getevidences.md)

### Get Id of file or folder

 - [GET /projects/{projectId}/files](https://codeinsightapi.redocly.app/swagger/project-api/getfileorfolderid.md): Returns the ID of file and/or folder

### Get Project Contact

 - [GET /projects/{projectId}/contact](https://codeinsightapi.redocly.app/swagger/project-api/getprojectcontact.md): Get project contact for the given projectId.

### Update Project Contact

 - [PUT /projects/{projectId}/contact](https://codeinsightapi.redocly.app/swagger/project-api/updateprojectcontact.md): Updates project contact for the given projectId.

### Get project inventories for the given scan-agent or scan-server alias

 - [GET /projects/{projectId}/inventories/{alias}](https://codeinsightapi.redocly.app/swagger/project-api/getprojectinventoriesbyalias.md): Returns all inventories of the project associated with the given scan-agent or scan-server alias

### Get Inventory Summary of the project

 - [GET /projects/{projectId}/inventorySummary](https://codeinsightapi.redocly.app/swagger/project-api/getprojectinventorysummary.md): Get Project level inventory summary

### Fetch all scan nodes (alias) of a project

 - [GET /projects/{projectId}/scanNodes](https://codeinsightapi.redocly.app/swagger/project-api/getscannodes.md): Returns all the alias node information of a project

### project status

 - [PUT /projects/{projectId}/status](https://codeinsightapi.redocly.app/swagger/project-api/updateprojectstatus.md): Updates the status of a project. 
 By default, a newly created project has the status "Not Started". After scanning begins, the status is automatically updated to "Analysis In Progress".
Note: ProjectAction can be specified with below values: 
- Update Status Only: Only updates the status of the project, if project status is kept COMPLETED, it will lock the current project. 
- Lock Child Projects: Locks all child projects of the current project. (allowed only if project status is kept COMPLETED)
- Unlock Child Projects: Unlocks all child projects of the current project. (allowed only if project status is not COMPLETED)
Use projectAction to control the locking behavior in relation to the project's current status.

### Upload Report.

 - [POST /projects/uploadReport](https://codeinsightapi.redocly.app/swagger/project-api/uploadreport.md): Uploads and extracts a report zip file for a project.curl -H "Authorization: Bearer %jwt%" --form projectId=%projectId% --form reportId=%reportId% --form file=@"pdf_reports.zip" http://localhost:8888/codeinsight/api/projects/uploadReport

### Import Project Data

 - [POST /projects/{projectId}/import](https://codeinsightapi.redocly.app/swagger/project-api/importprojectdata_1.md): Imports project data for a given projectId. Only Project Owner and Analyst can Import Project Data into a private project.
Try it out is not available for this API. This API can be tested using conventional REST API clients such as postman or cURL
When calling this API from a REST client, you need to run either of the curl commands.
Save the required attributes in a json or a text file for project import and provide that file in the command. If you are using text file, don't give .txt extension.

curl -H "Authorization:Bearer %jwt%" -F importFile=@"fileToImport.zip" -F projectImportModel=@"JsonFile.json Or textFile;type=application/json" http://localhost:8888/codeinsight/api/projects/%projectId%/import

Or else, instead of providing file, you can directly define the attributes for projectImportModel inside curly braces.
Provide 'FileMatchingCriteria' either of the below values:
COMPLETE_FILEPATH|PARTIAL_FILEPATH|FILENAME|MD5|MD5_AND_FILENAME|MD5_AND_COMPLETE_FILEPATH|MD5_AND_PARTIAL_FILEPATH

### Import Sbom

 - [POST /projects/{projectId}/importSbom](https://codeinsightapi.redocly.app/swagger/project-api/importsbom.md): Imports Sbom for a given projectId. Only Project Owner and Analyst can Import Project Sbom into a private project.
Try it out is not available for this API. This API can be tested using conventional REST API clients such as postman or cURL. When calling this API from a REST client, you need to run either of the curl commands.

curl -H "Authorization:Bearer %jwt%" -F sbomFile=@"fileToImport.json;type=application/json" http://localhost:8888/codeinsight/api/projects/%projectId%/importSbom

### Generate Report (deprecated)

 - [GET /project/generateReport](https://codeinsightapi.redocly.app/swagger/project-api/generatereport.md): This API is deprecated please refer to /projects/{projectId}/reports/{reportId}/generate to Generate a report.
Refer /projects/{projectId}/reports/{reportId}/download to Download a report.
Generates Reports (PROJECT, AUDIT, NOTICES, CUSTOM_REPORT) for a given projectId. For CUSTOM_REPORT provide the name of the report. All project users including Observer, Reviewer and Analyst can generate reports for private projects.
Try it out is not available for this API. This API can be tested using conventional REST API clients such as postman or cURL.
When calling this API from a REST client, you need to redirect output to a zip file as follows

curl -X GET "http://HOST:PORT/codeinsight/api/project/generateReport?reportType=REPORT_TYPE&projectId=PROJECT_ID" -H "accept: application/octet-stream" -H "Authorization: Bearer JWT_TOKEN" > report.zip

### Create Project (deprecated)

 - [POST /project/createProject](https://codeinsightapi.redocly.app/swagger/project-api/createproject.md): Use the enhanced '/projects' api.

## Files

### Get details of a file by Id

 - [GET /files/{fileId}](https://codeinsightapi.redocly.app/swagger/files/getfiledetails.md): Get file details of a given fileId. If the remote flag is true, it'll fetch the corresponding remote file info, otherwise by default the flag is false and scanner file information will be shown.

### Mark file reviewed/unreviewed

 - [PUT /files/{fileId}/review](https://codeinsightapi.redocly.app/swagger/files/updatefilereview.md): For the given fileId mark as reviewed/unreviewed. Only the Analyst has the permission to do this operation.

## Folder

### Create Folder

 - [POST /folders](https://codeinsightapi.redocly.app/swagger/folder/createfolder.md): Creates a folder for the given name and returns folderId with success message.

### Get Folder By Id

 - [GET /folders/{folderId}](https://codeinsightapi.redocly.app/swagger/folder/getfolder.md): Get existing folder by folderId

### Update folder details

 - [PUT /folders/{folderId}](https://codeinsightapi.redocly.app/swagger/folder/updatefolder.md): Update folder details for the given folderId.

### Delete a folder

 - [DELETE /folders/{folderId}](https://codeinsightapi.redocly.app/swagger/folder/deletefolder.md): Deleting a folder will delete all subfolders, contained projects will be associated wih the parent folder(Projects(0)).

### Get folders based on the name provided

 - [GET /folders/search](https://codeinsightapi.redocly.app/swagger/folder/searchfolders.md): Return folders based on the name provided

## Inventory API

### Add Files and/or Folders to Inventory

 - [PUT /inventories/{inventoryId}/files](https://codeinsightapi.redocly.app/swagger/inventory-api/addfilestoinventory.md): Add files and/or folders to inventory item and returns the response message

### Create Inventory

 - [POST /inventories](https://codeinsightapi.redocly.app/swagger/inventory-api/createinventory.md): Create an inventory. Name and Inventory type is a mandatory field.

Note: Value for rememberLicense can be GLOBAL or INVENTORY (default).
- GLOBAL: Saves and applies the component version and license mapping to the current inventory and all future inventories across projects.
- INVENTORY: Updates only the current inventory. Future inventories will use the original license mapping.

### Get details of an inventory

 - [GET /inventories/{inventoryId}](https://codeinsightapi.redocly.app/swagger/inventory-api/getinventorybyid.md): Get details of an inventory.

### Update Inventory

 - [PUT /inventories/{inventoryId}](https://codeinsightapi.redocly.app/swagger/inventory-api/updateinventory.md): Update an inventory for a given inventoryId.

Note: Value for rememberLicense can be GLOBAL or INVENTORY (default).
- GLOBAL: Saves and applies the component version and license mapping to the current inventory and all future inventories across projects.
- INVENTORY: Updates only the current inventory. Future inventories will use the original license mapping.

### Delete the inventory

 - [DELETE /inventories/{inventoryId}](https://codeinsightapi.redocly.app/swagger/inventory-api/deleteinventory.md): delete inventory

### Get history of an inventory

 - [GET /inventories/{inventoryId}/history](https://codeinsightapi.redocly.app/swagger/inventory-api/fetchhistory.md): Fetches the history for a given inventoryId, changes are grouped based on the revision id.

### Get children of an inventory

 - [GET /inventories/{inventoryId}/children](https://codeinsightapi.redocly.app/swagger/inventory-api/fetchinventorychildren.md): Fetches the children for a given inventoryId.

### Get parents of an inventory

 - [GET /inventories/{inventoryId}/parents](https://codeinsightapi.redocly.app/swagger/inventory-api/fetchinventoryparents.md): Fetches the parents for a given inventoryId.

### Get All Inventories by Date

 - [GET /inventories/searchByDate](https://codeinsightapi.redocly.app/swagger/inventory-api/getallprojectinventoriesbydate.md): Returns a list of inventories and relevant details within the given date and time. All users can view project inventories of public projects and users with permission can view the inventories of private project

### Get the inventories of file/folder ids

 - [GET /inventories/search](https://codeinsightapi.redocly.app/swagger/inventory-api/getinventory.md): Returns the inventories file and/or folder ids

### Get vulnerability analysis details of an inventory

 - [GET /inventories/{inventoryId}/vulnerabilities/analysis](https://codeinsightapi.redocly.app/swagger/inventory-api/getvulnerabilityanalysis.md): Get vulnerability analysis details of an inventory.

### Get vulnerability details of an inventory

 - [GET /inventories/{inventoryId}/vulnerabilities](https://codeinsightapi.redocly.app/swagger/inventory-api/getvulnerabilties_1.md): Get vulnerability details of an inventory.

### Update notices text

 - [PUT /inventories/{inventoryId}/notices](https://codeinsightapi.redocly.app/swagger/inventory-api/noticestextinventory.md): Update notices text for the given inventory

### Publish Inventory

 - [PUT /inventories/{inventoryId}/publish](https://codeinsightapi.redocly.app/swagger/inventory-api/publishinventory.md): Publish an inventory for a given inventoryId

### Recall Inventory

 - [PUT /inventories/{inventoryId}/recall](https://codeinsightapi.redocly.app/swagger/inventory-api/recallinventory.md): Recall an inventory for a given inventoryId

### inventory status

 - [PUT /inventories/{inventoryId}/status](https://codeinsightapi.redocly.app/swagger/inventory-api/updateinventorystatus.md): update an inventory status with DRAFT, APPROVED and REJECTED status.The approve/reject inventory affects Manual Review task only. Any changes made to Inventory will not affect Remediation and Miscellaneous tasks. On Approving Inventory, Inventory gets Approved and Manual review task will be closed with Approve status. On Rejecting Inventory, Inventory gets Rejected by creating an open Remediation task and the Manual review task will be closed with Reject status.

## inventoryWorkflow

### Get workflow details for an inventory

 - [GET /inventories/{inventoryId}/workflows](https://codeinsightapi.redocly.app/swagger/inventoryworkflow/getworkflowbyinventoryid.md): Get workflow details for an inventory

### workflows

 - [POST /inventories/{inventoryId}/workflows](https://codeinsightapi.redocly.app/swagger/inventoryworkflow/createworkflow.md): Create or update workflow for an inventory

## Jobs

### Export project inventory to SBOM Insights

 - [POST /jobs/sbomexport/{projectId}](https://codeinsightapi.redocly.app/swagger/jobs/addexporttosbominsightstask.md): Export project to SBOM Insights operation will be added to queue. To get status of Export to SBOM Insights use jobs/{jobId} API

### Update project notices

 - [POST /jobs/notices/{projectId}](https://codeinsightapi.redocly.app/swagger/jobs/addupdatenoticestask.md): Update notices operation will be added to queue. To get status of update notices use jobs/{jobId} API

### Get Job details based on the jobId provided

 - [GET /jobs/{jobId}](https://codeinsightapi.redocly.app/swagger/jobs/getjobdetails.md): Returns Job details for a given JobId which is obtained from /jobs/all

### Get jobs details based on filters

 - [GET /jobs](https://codeinsightapi.redocly.app/swagger/jobs/getjobs.md): Returns jobs in descending order with pagination based on jobType, status, projectId, triggeredBy, jobsHistoryInDays

## ldap

### Trigger ldap sync

 - [POST /ldap/sync](https://codeinsightapi.redocly.app/swagger/ldap/triggerldapsync.md): Trigger on demand ldap sync if already configured.Only the system admin has the permission to do this operation.

### Update LDAP password

 - [PUT /ldap/password](https://codeinsightapi.redocly.app/swagger/ldap/updateldappassword.md): Update the LDAP password used for authentication and user synchronization. Only system administrators have permission to perform this operation.

## license

### License Lookup

 - [GET /license/lookup](https://codeinsightapi.redocly.app/swagger/license/licenselookup.md): Returns  id, name, priority, url, description, text, shortName and spdxIdentifier for a given license ID or license Name.

### Create a custom license

 - [POST /licenses](https://codeinsightapi.redocly.app/swagger/license/createlicenses.md): Creates a custom license

### Edit Custom License

 - [PUT /licenses/{licenseId}](https://codeinsightapi.redocly.app/swagger/license/editcustomlicense.md): Only users with Library Manager permission can edit a custom license.

### Delete a custom license

 - [DELETE /licenses/{licenseId}](https://codeinsightapi.redocly.app/swagger/license/deletecustomlicense.md): Delete a custom license using the license ID. All existing inventory that uses this license will have its license changed to Unknown. You must have the Library Manager permission to delete a custom license.

### Update Licenses External Id

 - [PATCH /licenses/{licenseId}](https://codeinsightapi.redocly.app/swagger/license/updatelicenseexternalid.md): Update Licenses External Id. 
Only users with Library Manager permission can update the External Id of a license. 
The licenseId should be a valid license id and the externalId should not exceed 255 characters.

### Get All Licenses

 - [GET /licenses/listAll](https://codeinsightapi.redocly.app/swagger/license/getalllicenses.md): Returns all license details. If onlyCustom is true, returns only custom licenses. Supports pagination with page and size parameters.

### License lookup based on short name

 - [GET /licenses/{shortName}](https://codeinsightapi.redocly.app/swagger/license/licenselookupshortname.md): Returns  id, name, priority, url, description, text and spdxIdentifier for a given shortName.

## sourceCodeManagement

### Perforce scmInstances

 - [PUT /scmInstances/Perforce](https://codeinsightapi.redocly.app/swagger/sourcecodemanagement/updateperforcescminstance.md): Updates an instance of Perforce SCM.

### Perforce scmInstances

 - [POST /scmInstances/Perforce](https://codeinsightapi.redocly.app/swagger/sourcecodemanagement/createperforcescminstance.md): Create a new instance of Perforce SCM.
url - URL in the format: &lt;protocol&gt;:&lt;host&gt;:&lt;port&gt;/&lt;depot&gt;,or else configured P4PORT will be taken a default url.
userName/password - userName/password or else configured P4USER/P4PASSWD will be taken a default.
branchSpec - branchSpec(&lt;Depot&gt;/&lt;ProjectPath&gt;)
changeListNum/label - changeListNum/label Or leave blank to sync to the head revision.

### Git scmInstances

 - [PUT /scmInstances/Git](https://codeinsightapi.redocly.app/swagger/sourcecodemanagement/updategitscminstance.md): Updates an instance of Git SCM.
url* - Enter one repository URL and branch/ tag/ commit ID in individual fields or one or more repository URLs separated by comma.
You can include a branch, tag, or commit ID notation as part of the URL.
userName/password - userName/password for authenticated access to the repository. Leave blank for anonymous or SSH access.
branch/commitId/tag - branch, tag or commit ID. Specify one of these values. Or leave blank to sync to the master branch.
These three fields will be considered only when single URL is provided without branch/ tag/ commit ID properties in the URL.
expansionLevel - (Optional, Integer, default: 1, values: 1/2/3) Control archive extraction depth: 1=None (no extraction), 2=Top-level archives only, 3=Recursive (nested archives).
deleteArchiveAfterExpand - (Optional, Boolean, default: false) Delete archive files after extraction to save disk space. Note: This field is only applicable when expansionLevel is 2 or 3.
archiveDirSuffix - (Optional, String, max: 20 chars) Suffix to be added to the expanded folder. Value cannot be more than 20 characters and cannot contain the following special characters: \ / : * ? "  | \0 (Example: _Expanded). Note: This field is only applicable when expansionLevel is 2 or 3.

### Git scmInstances

 - [POST /scmInstances/Git](https://codeinsightapi.redocly.app/swagger/sourcecodemanagement/creategitscminstance.md): Create a new instance of Git SCM.
url* - Enter one repository URL and branch/ tag/ commit ID in individual fields or one or more repository URLs separated by comma.
You can include a branch, tag, or commit ID notation as part of the URL.
userName/password - userName/password for authenticated access to the repository. Leave blank for anonymous or SSH access.
branch/commitId/tag - branch, tag or commit ID. Specify one of these values. Or leave blank to sync to the master branch.
These three fields will be considered only when single URL is provided without branch/ tag/ commit ID properties in the URL.
expansionLevel - (Optional, Integer, default: 1, values: 1/2/3) Control archive extraction depth: 1=None (no extraction), 2=Top-level archives only, 3=Recursive (nested archives).
deleteArchiveAfterExpand - (Optional, Boolean, default: false) Delete archive files after extraction to save disk space. Note: This field is only applicable when expansionLevel is 2 or 3.
archiveDirSuffix - (Optional, String, max: 20 chars) Suffix to be added to the expanded folder. Value cannot be more than 20 characters and cannot contain the following special characters: \ / : * ? "  | \0 (Example: _Expanded). Note: This field is only applicable when expansionLevel is 2 or 3.

### scmInstances

 - [GET /scmInstances](https://codeinsightapi.redocly.app/swagger/sourcecodemanagement/getscminstance.md): Fetch details of scm instances of a project.

### scmInstances

 - [POST /scmInstances](https://codeinsightapi.redocly.app/swagger/sourcecodemanagement/testscminstanceconnection.md): Test connection api for scm instances

### scmInstances

 - [DELETE /scmInstances](https://codeinsightapi.redocly.app/swagger/sourcecodemanagement/deletescminstance.md): Deletes an instance of a particular SCMType.

### Subversion scmInstances

 - [PUT /scmInstances/Subversion](https://codeinsightapi.redocly.app/swagger/sourcecodemanagement/updatesvnscminstance.md): Updates an instance of Subversion SCM.

### Subversion scmInstances

 - [POST /scmInstances/Subversion](https://codeinsightapi.redocly.app/swagger/sourcecodemanagement/createsvnscminstance.md): Create a new instance of Subversion SCM.
url* - URL in the format: &lt;protocol&gt;://&lt;host&gt;/&lt;svnroot&gt;/&lt;repository&gt;
userName/password - userName/password or leave blank for anonymous connection
revisionNumber - revision for which you want to create workspace and run scan on the same.

### TFS scmInstances

 - [PUT /scmInstances/TFS](https://codeinsightapi.redocly.app/swagger/sourcecodemanagement/updatetfsscminstance.md): Updates an instance of TFS SCM.

### TFS scmInstances

 - [POST /scmInstances/TFS](https://codeinsightapi.redocly.app/swagger/sourcecodemanagement/createtfsscminstance.md): Create a new instance of TFS SCM.
url* - URL in the below format:
&lt;protocol&gt;:&lt;host&gt;:&lt;port&gt;/&lt;tfsroot&gt;/&lt;collection&gt;/&lt;project&gt;
URL format for TFS 2016 and above:
&lt;protocol&gt;:&lt;host&gt;:&lt;port&gt;/&lt;collection&gt;/&lt;project&gt;
userName/password* - userName/password for authentication
changeSet - changeset you wish to sync.If Changeset is not provided, latest revision will be synced unless Label is specified.
label - Label you wish to sync. If Label is not provided, latest revision will be synced unless changeset is specified.

## Reports

### Get Reports

 - [GET /reports](https://codeinsightapi.redocly.app/swagger/reports/searchreports.md): Get existing reports

### Update Report

 - [PUT /reports](https://codeinsightapi.redocly.app/swagger/reports/updatereport.md): Update existing report

### Create Report

 - [POST /reports](https://codeinsightapi.redocly.app/swagger/reports/createreport.md): Add new report. All the report options, if given will have datatype as String/text.

### Get Report By Id

 - [GET /reports/{reportId}](https://codeinsightapi.redocly.app/swagger/reports/getreport.md): Get existing report by reportId

### Delete Report by Id

 - [DELETE /reports/{reportId}](https://codeinsightapi.redocly.app/swagger/reports/deletereport.md): Delete the report by report id

## Rules

### Get Rules

 - [GET /rules](https://codeinsightapi.redocly.app/swagger/rules/getrules.md): Get existing custom rules

### Update Rule

 - [PUT /rules](https://codeinsightapi.redocly.app/swagger/rules/updaterule.md): Update existing rule.

Note: Value for detectionCriteria is an array of string Eg. detectionCriteria: ["filepath1 or folderpath1","filepath2 or folderpath2"].

Parameters fileInfo and ruleInfo are mutually exclusive. 
 Only users with Library Manager role can update rules.

### Create Rule

 - [POST /rules](https://codeinsightapi.redocly.app/swagger/rules/createrule.md): Add new rule with either file info or rule info.

Note: Value for detectionCriteria is an array of string Eg. detectionCriteria: ["filepath1 or folderpath1","filepath2 or folderpath2"].

Parameters fileInfo and ruleInfo are mutually exclusive. 
 Only users with Library Manager role can create rules.

### Get Rule By Id

 - [GET /rules/{ruleId}](https://codeinsightapi.redocly.app/swagger/rules/getrule.md): Get existing rule by ruleId

### Delete Rule

 - [DELETE /rules/{ruleId}](https://codeinsightapi.redocly.app/swagger/rules/deleterule.md): Delete existing rule. 
 Only users with Library Manager role can delete rules.

### Disable Rules

 - [PUT /rules/disable](https://codeinsightapi.redocly.app/swagger/rules/disablerules.md): Disable multiple rules by their IDs. Disabled rules will not be applied during project scanning. Only users with Library Manager role can disable rules.

### Enable Rules

 - [PUT /rules/enable](https://codeinsightapi.redocly.app/swagger/rules/enablerules.md): Enable multiple rules. Enabled rules will be applied during project scanning. Only users with Library Manager role can enable rules.

## Scan profiles

### Get DependencyScopes

 - [GET /profiles/dependencyScope](https://codeinsightapi.redocly.app/swagger/scan-profiles/getdependencyscopes.md): Get DependencyScopes

### Get profiles for project

 - [GET /profiles/{projectId}](https://codeinsightapi.redocly.app/swagger/scan-profiles/getscanprofile.md): Get profiles for project

## Task

### Assign Alm Issues

 - [POST /tasks/{taskId}/issues](https://codeinsightapi.redocly.app/swagger/task/assignalmissuestotask.md): Assign Alm Issues to task

### Close Task

 - [PUT /tasks/{taskId}/close](https://codeinsightapi.redocly.app/swagger/task/closetask.md): Close Task

### Create Task

 - [POST /tasks](https://codeinsightapi.redocly.app/swagger/task/createtask.md): Create Task

### Get Task

 - [GET /tasks/{taskId}](https://codeinsightapi.redocly.app/swagger/task/gettask.md): Get Task

### Update Task

 - [PUT /tasks/{taskId}](https://codeinsightapi.redocly.app/swagger/task/updatetask.md): Update Task

### Reassign Task

 - [PUT /tasks/{taskId}/reassign](https://codeinsightapi.redocly.app/swagger/task/reassigntask.md): Reassign Task

### Get Tasks based on the search Terms

 - [GET /tasks/search](https://codeinsightapi.redocly.app/swagger/task/searchtask.md): Return Tasks associated with the search term

## Scan API

### Project Scan

 - [POST /scanResource/projectScan/{projectId}](https://codeinsightapi.redocly.app/swagger/scan-api/addprojectscantask.md): Initiates a scan for a given project, specified by the projectId. Returns the taskId corresponding to the scan task. The taskId can be used to check the scan status. Only Project Admin and Analyst can invoke a scan of a project.

## User API

### activate User

 - [PUT /users/{loginId}/activate](https://codeinsightapi.redocly.app/swagger/user-api/activateuser.md): Activate a User

### Create User

 - [POST /users](https://codeinsightapi.redocly.app/swagger/user-api/createuser.md): Creates a user

### deactivate User

 - [PUT /users/{loginId}/deactivate](https://codeinsightapi.redocly.app/swagger/user-api/deactivateuser.md): Deactivate a User

### manage Permission

 - [PUT /users/{loginId}/permission](https://codeinsightapi.redocly.app/swagger/user-api/managepermission.md): Manage User Permission for the existing user in the system. This will remove the permission mapped earlier and the current request permissions will be considered always.

### Search Users

 - [GET /users/search](https://codeinsightapi.redocly.app/swagger/user-api/searchuser.md): Search User By id or login

## vulnerability

### Get suppressed vulnerabilities

 - [GET /vulnerability/suppress](https://codeinsightapi.redocly.app/swagger/vulnerability/getsuppressedvulnerability.md): Get suppressed vulnerabilities based on componentId/vulnerabilityName or both, either of them is mandatory.Only the system administrator has the permission to do this operation.

### Suppress vulnerability

 - [POST /vulnerability/suppress](https://codeinsightapi.redocly.app/swagger/vulnerability/suppressvulnerability.md): Suppress vulnerability for component version(s). System administrator only has permission for global suppression, while Developer/Security contact have permission for project-specific suppression.Note: For GLOBAL level suppression, providing suppression details is not necessary. These details are only required for PROJECT level suppression and will be ignored if provided in the GLOBAL scope.  
- The default value for the Suppression Scope will be considered GLOBAL if left empty.

### Get vulnerability suppress details

 - [GET /vulnerability/suppress/details](https://codeinsightapi.redocly.app/swagger/vulnerability/getsuppressedvulnerabilitydetails.md): Get vulnerability suppress details. Provide suppressId/versionId or both as inputs, either of them is mandatory.Only the system administrator has the permission to do this operation.

### UnSuppress vulnerability

 - [POST /vulnerability/unSuppress](https://codeinsightapi.redocly.app/swagger/vulnerability/unsuppressvulnerability.md): UnSuppress a vulnerability for given component versions. System administrator only has permission for Global un-suppression, while Developer/Security contact have permission for Project-specific un-suppression.Note: If a project ID is provided, the un-suppression occurs at the PROJECT level, otherwise, it happens at the GLOBAL level.