Skip to content

Code Insight REST API Documentation (v1)

The Code Insight REST APIs provide a standardized interface for interacting with the application.

An authorization JWT token must be included in the HTTP Authorization header using the Bearer schema. The token can be obtained from the Code Insight Web UI under the Preferences menu. To set the token, click the Authorize button below on the right, enter the JWT token in the Value field, then click Authorize and close the dialog. Once authorized, the token will be automatically included in the HTTP Authorization header for all API requests made through the Swagger UI.

Note: If accessing the REST APIs through external tools such as curl or Postman, include the token manually in the HTTP header using the following format: Authorization: Bearer JWT_TOKEN. "Bearer" must precede the actual JWT token value.

Download OpenAPI description
swagger.json
swagger.yaml
Languages
Servers
Mock server
https://codeinsightapi.redocly.app/_mock/swagger
Code Insight REST API Server
https://codeinsightapi.redocly.app/codeinsight/api

Email Templates

Internal API for fetching custom email templates and images from core server

Operations

CodebaseFolder

Operations

Deprecated APIs

Operations

Component

Operations

Files

Operations

Folder

Operations

Project API

Operations

Inventory API

Operations

inventoryWorkflow

Operations

Jobs

Operations

ldap

Operations

license

Operations

sourceCodeManagement

Operations

Reports

Operations

Rules

Operations

Scan profiles

Operations

Task

Operations

Scan API

Operations

User API

Operations

vulnerability

Operations

Get suppressed vulnerabilities

Request

Get suppressed vulnerabilities based on componentId/vulnerabilityName or both, either of them is mandatory.Only the system administrator has the permission to do this operation.

Security
bearerAuth
Query
componentIdinteger(int64)>= 1

ID of the Component

vulnerabilityNamestring

Name of the vulnerability

limitinteger(int64)>= 1

Page Size. Number Of Records to fetch per page

Default 25
offsetinteger(int64)>= 1

Page Number. Index of the page to start with(starts from 1)

Default 1
curl -i -X GET \
  'https://codeinsightapi.redocly.app/_mock/swagger/vulnerability/suppress?componentId=1&vulnerabilityName=string&limit=25&offset=1' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

OK

Bodyapplication/json
itemNumberinteger(int32)
suppressIdinteger(int64)
suppressionScopestring
vulnerabilityIdinteger(int64)
vulnerabilityNamestring
componentIdinteger(int64)
componentNamestring
suppressedBystring
suppressedDatestring
suppressionDetailsArray of objects(SuppressionDetailsResponseModel)
componentVersionIdsArray of integers(int64)
Response
application/json
{
  "itemNumber": 0,
  "suppressId": 0,
  "suppressionScope": "string",
  "vulnerabilityId": 0,
  "vulnerabilityName": "string",
  "componentId": 0,
  "componentName": "string",
  "suppressedBy": "string",
  "suppressedDate": "string",
  "suppressionDetails": [
    { … }
  ],
  "componentVersionIds": [
    0
  ]
}

Suppress vulnerability

Request

Suppress vulnerability for component version(s). System administrator only has permission for global suppression, while Developer/Security contact have permission for project-specific suppression.
Note: For GLOBAL level suppression, providing suppression details is not necessary. These details are only required for PROJECT level suppression and will be ignored if provided in the GLOBAL scope.

  • The default value for the Suppression Scope will be considered GLOBAL if left empty.
Security
bearerAuth
Bodyapplication/jsonrequired

Input model to suppress vulnerability for component versions.

componentIdinteger(int64)>= 1required

componentId

Example: 1
versionIdsArray of integers(int64)unique

versionIds

vulnerabilityNamestringrequired

vulnerabilityName

Example: "Vulnerability Name"
reasonstringrequired

reason

Example: "FALSE_POSITIVE|REMEDIATED|OTHER"
remarksstring[ 0 .. 255 ] charactersrequired

remarks

Example: "Remarks to Suppress Vulnerability"
versionScopestringSPECIFIC_VERSIONS|ALL_CURRENT_VERSIONSrequired

versionScope

Example: "SPECIFIC_VERSIONS|ALL_CURRENT_VERSIONS"
suppressionScopestringGLOBAL|PROJECTrequired

suppressionScope

Example: "GLOBAL|PROJECT"
suppressionDetailsobject(SuppressionDetails)

suppressionDetails

curl -i -X POST \
  https://codeinsightapi.redocly.app/_mock/swagger/vulnerability/suppress \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "componentId": 1,
    "versionIds": [
      0
    ],
    "vulnerabilityName": "Vulnerability Name",
    "reason": "FALSE_POSITIVE|REMEDIATED|OTHER",
    "remarks": "Remarks to Suppress Vulnerability",
    "versionScope": "SPECIFIC_VERSIONS|ALL_CURRENT_VERSIONS",
    "suppressionScope": "GLOBAL|PROJECT",
    "suppressionDetails": {
      "projectId": 123,
      "state": "RESOLVED|RESOLVED_WITH_PEDIGREE|EXPLOITABLE|IN_TRIAGE|FALSE_POSITIVE",
      "justification": "CODE_NOT_PRESENT|CODE_NOT_REACHABLE|REQUIRES_CONFIGURATION|REQUIRES_DEPENDENCY|REQUIRES_ENVIRONMENT|PROTECTED_BY_COMPILER|PROTECTED_AT_RUNTIME|PROTECTED_AT_PERIMETER|PROTECTED_BY_MITIGATING_CONTROL",
      "response": "CAN_NOT_FIX|WILL_NOT_FIX|UPDATE|ROLLBACK|WORKAROUND_AVAILABLE"
    }
  }'

Responses

OK

Bodyapplication/json
componentIdinteger(int64)>= 1required

componentId

Example: 1
versionIdsArray of integers(int64)unique

versionIds

vulnerabilityNamestringrequired

vulnerabilityName

Example: "Vulnerability Name"
reasonstringrequired

reason

Example: "FALSE_POSITIVE|REMEDIATED|OTHER"
remarksstring[ 0 .. 255 ] charactersrequired

remarks

Example: "Remarks to Suppress Vulnerability"
versionScopestringSPECIFIC_VERSIONS|ALL_CURRENT_VERSIONSrequired

versionScope

Example: "SPECIFIC_VERSIONS|ALL_CURRENT_VERSIONS"
suppressionScopestringGLOBAL|PROJECTrequired

suppressionScope

Example: "GLOBAL|PROJECT"
suppressionDetailsobject(SuppressionDetails)

suppressionDetails

Response
application/json
{
  "componentId": 1,
  "versionIds": [
    0
  ],
  "vulnerabilityName": "Vulnerability Name",
  "reason": "FALSE_POSITIVE|REMEDIATED|OTHER",
  "remarks": "Remarks to Suppress Vulnerability",
  "versionScope": "SPECIFIC_VERSIONS|ALL_CURRENT_VERSIONS",
  "suppressionScope": "GLOBAL|PROJECT",
  "suppressionDetails": {
    "projectId": 123,
    "state": "RESOLVED|RESOLVED_WITH_PEDIGREE|EXPLOITABLE|IN_TRIAGE|FALSE_POSITIVE",
    "justification": "CODE_NOT_PRESENT|CODE_NOT_REACHABLE|REQUIRES_CONFIGURATION|REQUIRES_DEPENDENCY|REQUIRES_ENVIRONMENT|PROTECTED_BY_COMPILER|PROTECTED_AT_RUNTIME|PROTECTED_AT_PERIMETER|PROTECTED_BY_MITIGATING_CONTROL",
    "response": "CAN_NOT_FIX|WILL_NOT_FIX|UPDATE|ROLLBACK|WORKAROUND_AVAILABLE"
  }
}

Get vulnerability suppress details

Request

Get vulnerability suppress details. Provide suppressId/versionId or both as inputs, either of them is mandatory.Only the system administrator has the permission to do this operation.

Security
bearerAuth
Query
suppressIdinteger(int64)>= 1

ID of suppression

componentVersionIdinteger(int64)>= 1

Id of component version

limitinteger(int64)>= 1

Page Size. Number Of Records to fetch per page

Default 25
offsetinteger(int64)>= 1

Page Number. Index of the page to start with(starts from 1)

Default 1
curl -i -X GET \
  'https://codeinsightapi.redocly.app/_mock/swagger/vulnerability/suppress/details?suppressId=1&componentVersionId=1&limit=25&offset=1' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

OK

Bodyapplication/json
suppressIdinteger(int64)
vulnerabilityNamestring
componentNamestring
versionIdinteger(int64)
versionNamestring
suppressedReasonstring
suppressedRemarksstring
suppressedBystring
suppressedDatestring
Response
application/json
{
  "suppressId": 0,
  "vulnerabilityName": "string",
  "componentName": "string",
  "versionId": 0,
  "versionName": "string",
  "suppressedReason": "string",
  "suppressedRemarks": "string",
  "suppressedBy": "string",
  "suppressedDate": "string"
}

UnSuppress vulnerability

Request

UnSuppress a vulnerability for given component versions. System administrator only has permission for Global un-suppression, while Developer/Security contact have permission for Project-specific un-suppression.
Note: If a project ID is provided, the un-suppression occurs at the PROJECT level, otherwise, it happens at the GLOBAL level.

Security
bearerAuth
Bodyapplication/jsonrequired

Input model to unSuppress vulnerability

vulnerabilityNamestringrequired

vulnerabilityName

Example: "Vulnerability Name"
componentIdinteger(int64)>= 1required

componentId

Example: 1
versionIdsArray of integers(int64)unique

versionIds

remarksstring[ 0 .. 255 ] charactersrequired

remarks

Example: "Remarks to Unsuppress Vulnerability"
projectIdinteger(int32)>= 1

projectId

Example: 1
curl -i -X POST \
  https://codeinsightapi.redocly.app/_mock/swagger/vulnerability/unSuppress \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "vulnerabilityName": "Vulnerability Name",
    "componentId": 1,
    "versionIds": [
      0
    ],
    "remarks": "Remarks to Unsuppress Vulnerability",
    "projectId": 1
  }'

Responses

OK