The Cortex Cloud Application Security Data Source APIs provide programmatic lifecycle management for existing integrations such as version control platforms, CI/CD pipelines, and third-party security tools.
These APIs automate day-to-day governance by allowing you to programmatically create new data sources, list, inspect, update, and delete integrations to audit coverage, modify repository scopes, monitor health, and decommission retired tools.
Scope: These APIs manage the full integration lifecycle, including initial creation and configuration. They do not execute security scans or enforce prevention policies, which are handled natively by the platform once a source is connected.
Prerequisites
Before calling the data sources APIs, verify the following requirements:
API key pair: Generate an API key (Key ID + Key Secret) from → → in the Cortex Cloud tenant. The API key must have sufficient permissions to manage integrations
Authentication headers: All requests require the
x-xdr-auth-idheader (Key ID) and theAuthorizationheader (Key Secret). Refer to the Cortex Cloud Platform APIs documentation for the exact authentication formatBase URL: The base URL depends on the tenant region. The data sources API path is
/public_api/appsec/v1/data_source_instancesRBAC permissions: The API key must be associated with a role that grants read access to list and inspect integrations, and write access to create, update, or delete integrations in the ASPM module
License: A Cortex Cloud Runtime Security or Cortex Cloud Posture Management base license with the Application Security add-on is required
Data source categories
AppSec data source integrations span multiple categories aligned to the SDLC lifecycle. Each category serves a distinct role in the Code-to-Cloud trace. Understanding the categories is essential for filtering integrations through the API and for building coverage audit scripts.
Category | Integration types | SDLC stage |
|---|---|---|
Version Control Systems |
| Code |
CI Tools |
| Build |
CI/CD Systems |
| Build/Deploy |
Third-Party Vendors |
| Cross-stage |
Generic Collectors |
| Cross-stage |
Type category filtering:
When listing data sources through the API, use the type_category query parameter to scope the response:
DEFAULT: Native integrations: VCS, CI tools, CI/CD systems, and the Cortex CLI (CORTEX_CLI), and the generic collectorEXTERNAL_VENDOR_INTEGRATIONS: Third-party vendor integrations: Semgrep, SonarQube, Veracode, Snyk, JFrog
Supported API operations
The data sources public API exposes four endpoints under the base path /public_api/appsec/v1/integrations.
Operation | Method | Endpoint | Description |
|---|---|---|---|
List data sources |
|
| List all AppSec data source integrations. Filter by |
Get data source by ID |
|
| Retrieve the full details of a specific data source integration by its unique identifier |
Create data source |
|
| Create and configure a new AppSec data source integration (VCS, CI/CD, or third-party scanner) |
Update data source |
|
| Update the repository selection, selection type, or external project mappings for an existing data source integration |
Delete data source |
|
| Delete a data source integration. Removes the integration and all associated repository mappings |
Upload SAST findings |
|
| Upload SAST findings from third-party security tools to Cortex Cloud Application Security using the Collector API. Accepts scan results in SARIF v2.1.0 format |
For the complete interactive API reference, including request/response schemas and field-level documentation, refer to the Cortex Cloud Platform APIs — Data Sources documentation.