Skip to content

Code Insight REST API Documentation (v1)

The Code Insight REST APIs provide a standardized interface for interacting with the application.

An authorization JWT token must be included in the HTTP Authorization header using the Bearer schema. The token can be obtained from the Code Insight Web UI under the Preferences menu. To set the token, click the Authorize button below on the right, enter the JWT token in the Value field, then click Authorize and close the dialog. Once authorized, the token will be automatically included in the HTTP Authorization header for all API requests made through the Swagger UI.

Note: If accessing the REST APIs through external tools such as curl or Postman, include the token manually in the HTTP header using the following format: Authorization: Bearer JWT_TOKEN. "Bearer" must precede the actual JWT token value.

Download OpenAPI description
swagger.json
swagger.yaml
Languages
Servers
Mock server
https://codeinsightapi.redocly.app/_mock/swagger
Code Insight REST API Server
https://codeinsightapi.redocly.app/codeinsight/api

Email Templates

Internal API for fetching custom email templates and images from core server

Operations

CodebaseFolder

Operations

Deprecated APIs

Operations

Component

Operations

Files

Operations

Folder

Operations

Project API

Operations

Get Project Inventory by Date

Request

Returns a list of inventory and relevant details for a given project within the given date and time. All project users including Observer, Reviewer and Analyst can view project inventory of private/public projects.

Security
bearerAuth
Path
projectIdinteger(int64)required

ID of the Project

Example: 1
Query
startTimestring

Start time for an inventory (Format: YYYY-MM-DD HH:MM:SS)

endTimestring

End time for an inventory (Format: YYYY-MM-DD HH:MM:SS)

sizeinteger(int64)

Page Size. Number Of Records to fetch per page

Default 100
pageinteger(int64)

Page Number. Index of the page to start with(starts from 1)

Default 1
curl -i -X GET \
  'https://codeinsightapi.redocly.app/_mock/swagger/project/inventoryLite/1?startTime=string&endTime=string&size=100&page=1' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

OK

Get Scan Status

Request

Returns a scan status for a given taskId which is obtained from /projectScan/{projectId}

Security
bearerAuth
Path
taskIdinteger(int64)required

ID of the project scan task

Example: 1
curl -i -X GET \
  https://codeinsightapi.redocly.app/_mock/swagger/project/scanStatus/1 \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

SCHEDULED | ACTIVE | TERMINATED | FAILED | COMPLETED

Bodyapplication/json
string
Enum"new""scheduled""active""waiting on update""waiting on library refresh""canceled""terminated""failed""completed"
Response
application/json
"new"

Upload Project Files.

Request

Uploads and extracts a codebase zip file for a project. (* Maximum supported file size is 10GB.). Upload only files with extensions zip,tar,tar.gz and 7z. Do not upload any .gz files directly without archiving it in a tar file. The upload result may come wrong if any compressed files uploaded directly without archiving it. Only Project Admin and Analyst can upload project codebase to a project.
Try it out is not available for this API. This API can be tested using conventional REST API clients such as postman or cURL.
When calling this API from a REST client, you need to run curl as follows

curl -X POST "http://HOST:PORT/codeinsight/api/project/uploadProjectCodebase?projectId=PROJECT_ID&deleteExistingFileOnServer=true&expansionLevel=1" -H "accept: application/json" -H "Authorization: Bearer JWT_TOKEN" -H "content-type: application/octet-stream" --data-binary "@path/filename.zip"
Security
bearerAuth
Query
projectIdinteger(int64)required

ID of the Project

Example: projectId=1
deleteExistingFileOnServerboolean

Delete existing files on server. By deleting exiting files on the server, all existing project codebase files will be permanently removed from the scan server. If you rescan the project without replacing these files via a new upload, the scan results for the removed files will be permanently deleted.

Default false
expansionLevelinteger(int64)

Codebase expansion level for the project. 1: None | 2: First level | 3: Recursive level . If the expansionLevel parameter is not provided, the codebase will get extracted as 'None' by default.

deleteArchiveAfterExpandboolean

Delete inner archives after expansion

Default false
archiveDirSuffixstring

Suffix to be added to the expanded folder. Value cannot be more than 20 characters and cannot contain the following special characters \ / : * ? " < > | \0 (Example: _Expanded)

Bodyapplication/octet-streamrequired

Zipped codebase to scan

booleanread-only
curl -i -X POST \
  'https://codeinsightapi.redocly.app/_mock/swagger/project/uploadProjectCodebase?projectId=1&deleteExistingFileOnServer=false&expansionLevel=0&deleteArchiveAfterExpand=false&archiveDirSuffix=string' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/octet-stream' \
  -d true

Responses

OK

Inventory API

Operations

inventoryWorkflow

Operations

Jobs

Operations

ldap

Operations

license

Operations

sourceCodeManagement

Operations

Reports

Operations

Rules

Operations

Scan profiles

Operations

Task

Operations

Scan API

Operations

User API

Operations

vulnerability

Operations