Code Insight REST API Documentation (v1)
Copy for LLM
Copy page as Markdown for LLMs
View as Markdown
Open this page as Markdown
Open in ChatGPT
Get insights from ChatGPT
Open in Claude
Get insights from Claude
Connect to Cursor
Install MCP server on Cursor
Connect to VS Code
Install MCP server on VS Code

The Code Insight REST APIs provide a standardized interface for interacting with the application.

An authorization JWT token must be included in the HTTP Authorization header using the Bearer schema. The token can be obtained from the Code Insight Web UI under the Preferences menu. To set the token, click the Authorize button below on the right, enter the JWT token in the Value field, then click Authorize and close the dialog. Once authorized, the token will be automatically included in the HTTP Authorization header for all API requests made through the Swagger UI.

Note: If accessing the REST APIs through external tools such as curl or Postman, include the token manually in the HTTP header using the following format: Authorization: Bearer JWT_TOKEN. "Bearer" must precede the actual JWT token value.

Download OpenAPI description

swagger.json

swagger.yaml

Servers

Mock server

https://codeinsightapi.redocly.app/_mock/swagger

Code Insight REST API Server

https://codeinsightapi.redocly.app/codeinsight/api

Email Templates

Internal API for fetching custom email templates and images from core server

Operations

CodebaseFolder

Operations

Deprecated APIs

Operations

Component

Operations

Files

Operations

Folder

Operations

Project API

Operations

Import Project Data

Request

Imports project data for a given projectId. Only Project Owner and Analyst can Import Project Data into a private project.
Try it out is not available for this API. This API can be tested using conventional REST API clients such as postman or cURL
When calling this API from a REST client, you need to run either of the curl commands.
Save the required attributes in a json or a text file for project import and provide that file in the command. If you are using text file, don't give .txt extension.

curl -H "Authorization:Bearer %jwt%" -F importFile=@"fileToImport.zip" -F projectImportModel=@"JsonFile.json Or textFile;type=application/json" http://localhost:8888/codeinsight/api/projects/%projectId%/import

Or else, instead of providing file, you can directly define the attributes for projectImportModel inside curly braces.
Provide 'FileMatchingCriteria' either of the below values:
COMPLETE_FILEPATH|PARTIAL_FILEPATH|FILENAME|MD5|MD5_AND_FILENAME|MD5_AND_COMPLETE_FILEPATH|MD5_AND_PARTIAL_FILEPATH

Security

bearerAuth

Path

projectIdinteger(int32)>= 1required

Bodymultipart/form-data

File to importobject

Project Import Modelobject(ProjectImportModel)

curl -i -X POST \
  'https://codeinsightapi.redocly.app/_mock/swagger/projects/{projectId}/import' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: multipart/form-data' \
  -F 'Project Import Model[createEmptyInventory]=false' \
  -F 'Project Import Model[overwriteInventoryNotes]=true' \
  -F 'Project Import Model[addFilesToInventory]=true' \
  -F 'Project Import Model[inventoryFileMatchingCriteria]=COMPLETE_FILEPATH' \
  -F 'Project Import Model[inventoryDirectoryDepth]=1' \
  -F 'Project Import Model[markFilesAsReviewed]=true' \
  -F 'Project Import Model[reviewFileMatchingCriteria]=MD5_AND_COMPLETE_FILEPATH' \
  -F 'Project Import Model[reviewDirectoryDepth]=1' \
  -F 'Project Import Model[resetInventoryUsage]=true'

Responses

Import Sbom

Request

Imports Sbom for a given projectId. Only Project Owner and Analyst can Import Project Sbom into a private project.
Try it out is not available for this API. This API can be tested using conventional REST API clients such as postman or cURL. When calling this API from a REST client, you need to run either of the curl commands.

curl -H "Authorization:Bearer %jwt%" -F sbomFile=@"fileToImport.json;type=application/json" http://localhost:8888/codeinsight/api/projects/%projectId%/importSbom

Security

bearerAuth

Path

projectIdinteger(int32)>= 1required

Bodymultipart/form-data

Sbom File to importobject

sbomFileobject(FormDataContentDisposition)

Delete SBOM bucketstring

curl -i -X POST \
  'https://codeinsightapi.redocly.app/_mock/swagger/projects/{projectId}/importSbom' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: multipart/form-data' \
  -F 'sbomFile[type]=string' \
  -F 'sbomFile[parameters][property1]=string' \
  -F 'sbomFile[parameters][property2]=string' \
  -F 'sbomFile[fileName]=string' \
  -F 'sbomFile[creationDate]=2019-08-24T14:15:22Z' \
  -F 'sbomFile[modificationDate]=2019-08-24T14:15:22Z' \
  -F 'sbomFile[readDate]=2019-08-24T14:15:22Z' \
  -F 'sbomFile[size]=0' \
  -F 'sbomFile[name]=string' \
  -F 'Delete SBOM bucket=string'

Responses

Generate ReportDeprecated

Request

This API is deprecated please refer to /projects/{projectId}/reports/{reportId}/generate to Generate a report.
Refer /projects/{projectId}/reports/{reportId}/download to Download a report.
Generates Reports (PROJECT, AUDIT, NOTICES, CUSTOM_REPORT) for a given projectId. For CUSTOM_REPORT provide the name of the report. All project users including Observer, Reviewer and Analyst can generate reports for private projects.
Try it out is not available for this API. This API can be tested using conventional REST API clients such as postman or cURL.
When calling this API from a REST client, you need to redirect output to a zip file as follows

curl -X GET "http://HOST:PORT/codeinsight/api/project/generateReport?reportType=REPORT_TYPE&projectId=PROJECT_ID" -H "accept: application/octet-stream" -H "Authorization: Bearer JWT_TOKEN" > report.zip

Security

bearerAuth

Query

projectIdinteger(int64)required

ID of the Project

Example: projectId=1

reportTypestringrequired

Report Type

Example: reportType=PROJECT

otherProjectIdinteger(int64)>= 1

Project Id of the secondary project to be included in the report. This parameter is required, if the enableProjectPicker property for this report type is set to true. (Example: 2)

curl -i -X GET \
  'https://codeinsightapi.redocly.app/_mock/swagger/project/generateReport?projectId=1&reportType=PROJECT&otherProjectId=1' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

Bodyapplication/octet-stream

Inventory API

Operations

inventoryWorkflow

Operations

Jobs

Operations

ldap

Operations

license

Operations

sourceCodeManagement

Operations

Reports

Operations

Rules

Operations

Scan profiles

Operations

Task

Operations

Scan API

Operations

User API

Operations

vulnerability

Operations

Email Templates

CodebaseFolder

Deprecated APIs

Component

Files

Folder

Project API

Import Project Data

Request

Responses

Was this helpful?

Import Sbom

Request

Responses

Was this helpful?

Generate ReportDeprecated

Request

Responses

Was this helpful?

Inventory API

inventoryWorkflow

Jobs

ldap

license

sourceCodeManagement

Reports

Rules

Scan profiles

Task

Scan API

User API

vulnerability

Code Insight REST API Documentation (v1)CopyCopy for LLMCopy page as Markdown for LLMsView as MarkdownOpen this page as MarkdownOpen in ChatGPTGet insights from ChatGPTOpen in ClaudeGet insights from ClaudeConnect to CursorInstall MCP server on CursorConnect to VS CodeInstall MCP server on VS Code

Email Templates

CodebaseFolder

Deprecated APIs

Component

Files

Folder

Project API

Import Project Data

RequestExpand all

Responses

Was this helpful?

Import Sbom

RequestExpand all

Responses

Was this helpful?

Generate ReportDeprecated

Request

Responses

Was this helpful?

Inventory API

inventoryWorkflow

Jobs

ldap

license

sourceCodeManagement

Reports

Rules

Scan profiles

Task

Scan API

User API

vulnerability

Request

Request