Skip to content

Code Insight REST API Documentation (v1)

The Code Insight REST APIs provide a standardized interface for interacting with the application.

An authorization JWT token must be included in the HTTP Authorization header using the Bearer schema. The token can be obtained from the Code Insight Web UI under the Preferences menu. To set the token, click the Authorize button below on the right, enter the JWT token in the Value field, then click Authorize and close the dialog. Once authorized, the token will be automatically included in the HTTP Authorization header for all API requests made through the Swagger UI.

Note: If accessing the REST APIs through external tools such as curl or Postman, include the token manually in the HTTP header using the following format: Authorization: Bearer JWT_TOKEN. "Bearer" must precede the actual JWT token value.

Download OpenAPI description
swagger.json
swagger.yaml
Languages
Servers
Mock server
https://codeinsightapi.redocly.app/_mock/swagger
Code Insight REST API Server
https://codeinsightapi.redocly.app/codeinsight/api

Email Templates

Internal API for fetching custom email templates and images from core server

Operations

CodebaseFolder

Operations

Deprecated APIs

Operations

Component LookupDeprecated

Request

This API is Deprecated and new API is codeinsight/api/components/search

Security
bearerAuth
Query
keywordstringrequired

Any Keyword (Example: GNU)

sizeinteger(int64)

Page Size

Default 100
pageinteger(int64)

Page Number

Default 1
curl -i -X GET \
  'https://codeinsightapi.redocly.app/_mock/swagger/component/lookup?keyword=string&size=100&page=1' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

OK

Bodyapplication/json
string
Response
application/json
"string"

Generate ReportDeprecated

Request

This API is deprecated please refer to /projects/{projectId}/reports/{reportId}/generate to Generate a report.
Refer /projects/{projectId}/reports/{reportId}/download to Download a report.
Generates Reports (PROJECT, AUDIT, NOTICES, CUSTOM_REPORT) for a given projectId. For CUSTOM_REPORT provide the name of the report. All project users including Observer, Reviewer and Analyst can generate reports for private projects.
Try it out is not available for this API. This API can be tested using conventional REST API clients such as postman or cURL.
When calling this API from a REST client, you need to redirect output to a zip file as follows

curl -X GET "http://HOST:PORT/codeinsight/api/project/generateReport?reportType=REPORT_TYPE&projectId=PROJECT_ID" -H "accept: application/octet-stream" -H "Authorization: Bearer JWT_TOKEN" > report.zip
Security
bearerAuth
Query
projectIdinteger(int64)required

ID of the Project

Example: projectId=1
reportTypestringrequired

Report Type

Example: reportType=PROJECT
otherProjectIdinteger(int64)>= 1

Project Id of the secondary project to be included in the report. This parameter is required, if the enableProjectPicker property for this report type is set to true. (Example: 2)

curl -i -X GET \
  'https://codeinsightapi.redocly.app/_mock/swagger/project/generateReport?projectId=1&reportType=PROJECT&otherProjectId=1' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

OK

Bodyapplication/octet-stream

Create ProjectDeprecated

Request

Use the enhanced '/projects' api.

Security
bearerAuth
Bodyapplication/jsonrequired

To create a project the projectName field is required and other fields are optional. If the optional fields are left blank, the 'Project Default' values are applied for them.

projectNamestringrequired

projectName

Example: "eportal"
projectTypestring

projectType

Enum"INVENTORY_ONLY""STANDARD"
Example: "INVENTORY_ONLY | default: STANDARD"
descriptionstring

description

Example: "description"
projectFolderNamestring

projectFolderName

Example: "eportal-v1"
policyProfileNamestring

policyProfileName

Example: "Default License Policy Profile"
scanProfileNamestring

scanProfileName

Enum"Basic Scan Profile (Without CL)""Standard Scan Profile""Comprehensive Scan Profile"
Example: "Basic Scan - Without CL | default: Standard Scan Profile"
ownerLoginstring

ownerLogin

Example: "admin"
riskstring

risk

Enum"HIGH""MEDIUM""LOW"
Example: "HIGH | default: MEDIUM"
privateProjectstring

privateProject

Example: "false"
autoPublishstring

autoPublish

Example: "true"
markAssociatedFilesAsReviewedstring

markAssociatedFilesAsReviewed

Example: "true"
curl -i -X POST \
  https://codeinsightapi.redocly.app/_mock/swagger/project/createProject \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "projectName": "eportal",
    "projectType": "INVENTORY_ONLY | default: STANDARD",
    "description": "description",
    "projectFolderName": "eportal-v1",
    "policyProfileName": "Default License Policy Profile",
    "scanProfileName": "Basic Scan - Without CL | default: Standard Scan Profile",
    "ownerLogin": "admin",
    "risk": "HIGH | default: MEDIUM",
    "privateProject": "false",
    "autoPublish": "true",
    "markAssociatedFilesAsReviewed": "true"
  }'

Responses

OK

Bodyapplication/json
integer(int32)
Response
application/json
0

Import Project DataDeprecated

Request

Imports project data for a given projectId. Only Project Owner and Analyst can Import Project Data into a private project.
Try it out is not available for this API. This API can be tested using conventional REST API clients such as postman or cURL
When calling this API from a REST client, you need to run curl as follows

curl -X POST "http://HOST:PORT/codeinsight/api/importer/importProjectData?projectId=PROJECT_ID&checkInventory=false&checkReviewed=false&createEmptyInventory=false&overwriteInventoryNotes=true" -H "accept: application/json" -H "Authorization: Bearer JWT_TOKEN" -H "content-type: application/octet-stream" --data-binary "@path/filename.zip"

Since this is deprecated, you can find the new api under projects api i.e., /projects/{projectId}/import

Security
bearerAuth
Query
projectIdinteger(int64)required

ID of the Project

Example: projectId=1
checkInventorystring

Check file MD5 for inventory. If enabled, only files with matching MD5 in the import data file and the scanned file will be associated to inventory.

checkReviewedstring

Check file MD5 for review. If enabled, only files with matching MD5 in the import data file and the scanned file will be marked as reviewed.

createEmptyInventorystring

Create inventory even if no matching file is found. By default value of this parameter is retrieved from the Project Setting(On data import or rescan, delete inventory with no associated files). If you wish to override the project setting you can pass true or false.

overwriteInventoryNotesstring

Choose to overwrite or append inventory notes (Audit Notes, Notices Text, Usage Guidance, Remediation Notes). By default notes will be overwritten if the inventory is same. If set to false, notes will be appended to existing ones.

Bodyapplication/octet-streamrequired

Project data to import

string(binary)read-only
Default ""
curl -i -X POST \
  'https://codeinsightapi.redocly.app/_mock/swagger/importer/importProjectData?projectId=1&checkInventory=string&checkReviewed=string&createEmptyInventory=string&overwriteInventoryNotes=string' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/octet-stream'

Responses

OK

Bodyapplication/json
Response
application/json
null

Component

Operations

Files

Operations

Folder

Operations

Project API

Operations

Inventory API

Operations

inventoryWorkflow

Operations

Jobs

Operations

ldap

Operations

license

Operations

sourceCodeManagement

Operations

Reports

Operations

Rules

Operations

Scan profiles

Operations

Task

Operations

Scan API

Operations

User API

Operations

vulnerability

Operations