Get AppSec Pull Request scans

Cortex XSIAM Platform APIs
get /public_api/appsec/v1/scans/pr

Pull Request (PR) scans are initiated by events triggered by version control systems such as GitHub, GitLab, Bitbucket and Azure Repos, or via webhooks. These scans are run on default or non-default branches containing open PRs or Merge Requests (MR) from your integrated repositories.

Get the details of PR scans.

How to access Pull Request scans in the UI: Under Modules select Application Security Pull Request Scans (under Scans).

Required licenses: Cortex XSIAM Premium. In Cortex XSIAM Enterprise and Cortex NG SIEM, requires the Cortex Cloud Posture Management add-on. Not supported in Cortex XSIAM Enterprise Plus.

Request headers
Authorization String required

{api_key}
Example: UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP
x-xdr-auth-id String required

{api_key_id}
Example: 241
Query parameters
organizationName String
Example: organizationName_example
repositories array[String]
branchName String
Example: branchName_example
prId String
Example: prId_example
prTitle String
Example: prTitle_example
prStatus ScanStatus
scanHealth ScanHealthEnum
days Double
double
Example: 1.2
Default: 7
offset Double
double
Example: 1.2
Default: 0
limit Double
double
Example: 1.2
Default: 100
CLIENT REQUEST
curl -X 'GET'
-H 'Accept: application/json'
-H 'Authorization: UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ' -H 'x-xdr-auth-id: 241'
'https://api-yourfqdn/public_api/appsec/v1/scans/pr?organizationName=organizationName_example&repositories=&branchName=branchName_example&prId=prId_example&prTitle=prTitle_example&prStatus=&scanHealth=&days=1.2&offset=1.2&limit=1.2'
import http.client conn = http.client.HTTPSConnection("api-yourfqdn") headers = { 'Authorization': "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ", 'x-xdr-auth-id': "241" } conn.request("GET", "/public_api/appsec/v1/scans/pr?organizationName=SOME_STRING_VALUE&repositories=SOME_ARRAY_VALUE&branchName=SOME_STRING_VALUE&prId=SOME_STRING_VALUE&prTitle=SOME_STRING_VALUE&prStatus=SOME_STRING_VALUE&scanHealth=SOME_STRING_VALUE&days=SOME_NUMBER_VALUE&offset=SOME_NUMBER_VALUE&limit=SOME_NUMBER_VALUE", headers=headers) res = conn.getresponse() data = res.read() print(data.decode("utf-8"))
require 'uri' require 'net/http' require 'openssl' url = URI("https://api-yourfqdn/public_api/appsec/v1/scans/pr?organizationName=SOME_STRING_VALUE&repositories=SOME_ARRAY_VALUE&branchName=SOME_STRING_VALUE&prId=SOME_STRING_VALUE&prTitle=SOME_STRING_VALUE&prStatus=SOME_STRING_VALUE&scanHealth=SOME_STRING_VALUE&days=SOME_NUMBER_VALUE&offset=SOME_NUMBER_VALUE&limit=SOME_NUMBER_VALUE") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true http.verify_mode = OpenSSL::SSL::VERIFY_NONE request = Net::HTTP::Get.new(url) request["Authorization"] = 'UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ' request["x-xdr-auth-id"] = '241' response = http.request(request) puts response.read_body
const data = null; const xhr = new XMLHttpRequest(); xhr.withCredentials = true; xhr.addEventListener("readystatechange", function () { if (this.readyState === this.DONE) { console.log(this.responseText); } }); xhr.open("GET", "https://api-yourfqdn/public_api/appsec/v1/scans/pr?organizationName=SOME_STRING_VALUE&repositories=SOME_ARRAY_VALUE&branchName=SOME_STRING_VALUE&prId=SOME_STRING_VALUE&prTitle=SOME_STRING_VALUE&prStatus=SOME_STRING_VALUE&scanHealth=SOME_STRING_VALUE&days=SOME_NUMBER_VALUE&offset=SOME_NUMBER_VALUE&limit=SOME_NUMBER_VALUE"); xhr.setRequestHeader("Authorization", "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP "); xhr.setRequestHeader("x-xdr-auth-id", "241"); xhr.send(data);
HttpResponse<String> response = Unirest.get("https://api-yourfqdn/public_api/appsec/v1/scans/pr?organizationName=SOME_STRING_VALUE&repositories=SOME_ARRAY_VALUE&branchName=SOME_STRING_VALUE&prId=SOME_STRING_VALUE&prTitle=SOME_STRING_VALUE&prStatus=SOME_STRING_VALUE&scanHealth=SOME_STRING_VALUE&days=SOME_NUMBER_VALUE&offset=SOME_NUMBER_VALUE&limit=SOME_NUMBER_VALUE") .header("Authorization", "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ") .header("x-xdr-auth-id", "241") .asString();
import Foundation let headers = [ "Authorization": "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ", "x-xdr-auth-id": "241" ] let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/public_api/appsec/v1/scans/pr?organizationName=SOME_STRING_VALUE&repositories=SOME_ARRAY_VALUE&branchName=SOME_STRING_VALUE&prId=SOME_STRING_VALUE&prTitle=SOME_STRING_VALUE&prStatus=SOME_STRING_VALUE&scanHealth=SOME_STRING_VALUE&days=SOME_NUMBER_VALUE&offset=SOME_NUMBER_VALUE&limit=SOME_NUMBER_VALUE")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "GET" request.allHTTPHeaderFields = headers let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume()
<?php $curl = curl_init(); curl_setopt_array($curl, [ CURLOPT_URL => "https://api-yourfqdn/public_api/appsec/v1/scans/pr?organizationName=SOME_STRING_VALUE&repositories=SOME_ARRAY_VALUE&branchName=SOME_STRING_VALUE&prId=SOME_STRING_VALUE&prTitle=SOME_STRING_VALUE&prStatus=SOME_STRING_VALUE&scanHealth=SOME_STRING_VALUE&days=SOME_NUMBER_VALUE&offset=SOME_NUMBER_VALUE&limit=SOME_NUMBER_VALUE", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "GET", CURLOPT_HTTPHEADER => [ "Authorization: UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ", "x-xdr-auth-id: 241" ], ]); $response = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($err) { echo "cURL Error #:" . $err; } else { echo $response; }
CURL *hnd = curl_easy_init(); curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "GET"); curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/public_api/appsec/v1/scans/pr?organizationName=SOME_STRING_VALUE&repositories=SOME_ARRAY_VALUE&branchName=SOME_STRING_VALUE&prId=SOME_STRING_VALUE&prTitle=SOME_STRING_VALUE&prStatus=SOME_STRING_VALUE&scanHealth=SOME_STRING_VALUE&days=SOME_NUMBER_VALUE&offset=SOME_NUMBER_VALUE&limit=SOME_NUMBER_VALUE"); struct curl_slist *headers = NULL; headers = curl_slist_append(headers, "Authorization: UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP "); headers = curl_slist_append(headers, "x-xdr-auth-id: 241"); curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers); CURLcode ret = curl_easy_perform(hnd);
var client = new RestClient("https://api-yourfqdn/public_api/appsec/v1/scans/pr?organizationName=SOME_STRING_VALUE&repositories=SOME_ARRAY_VALUE&branchName=SOME_STRING_VALUE&prId=SOME_STRING_VALUE&prTitle=SOME_STRING_VALUE&prStatus=SOME_STRING_VALUE&scanHealth=SOME_STRING_VALUE&days=SOME_NUMBER_VALUE&offset=SOME_NUMBER_VALUE&limit=SOME_NUMBER_VALUE"); var request = new RestRequest(Method.GET); request.AddHeader("Authorization", "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP "); request.AddHeader("x-xdr-auth-id", "241"); IRestResponse response = client.Execute(request);
Responses

Ok

Body
application/json
[
issuesFoundobject
Additional propertiesnumberdouble
findingsSeverityBreakdownobject
Additional propertiesnumberdouble
findingsTypesBreakdownobject
Additional propertiesnumberdouble
issuesTypesBreakdownobject
Additional propertiesnumberdouble
pullRequestTitlestring
integrationIdstring
repositoryIdstring

ID of the scanned repository

scanIdstring
providerstring
userEmailstring
blockingPolicyNamestring
blockingPolicyIdstring
scanHealthstring (Enum)

The health of the scan. Valid values include:

  • ERROR: Indicates an error with the scan
  • PARTIALLY_COMPLETED: Indicates that the scan executed partially with some scan modules succeeded and others failing
  • IN_PROGRESS: The scan is in progress
  • COMPLETED: Indicates that the scan is complete
Allowed values:"COMPLETED""ERROR""PARTIALLY_COMPLETED""IN_PROGRESS"
scanDatestring

The timestamp of the last scan execution

commitIdstring

The commit included in the PR

pullRequestStatusstring (Enum)

Status of the PR scan. Valid values include:

  • PASSED
  • PASSED_WITH_ISSUES
  • BLOCKED
  • IN_PROGRESS
  • ERROR
  • FAILED
Allowed values:"ERROR""FAILED""IN_PROGRESS""PASSED""PASSED_WITH_ISSUES"
pullRequestIdstring

The ID of the PR

branchNamestring

Name of the branch analyzed during the scan

organizationNamestring

Specifies the organizatio owning the repository

repoNamestring
]
RESPONSE
[ { "issuesFound": {}, "findingsSeverityBreakdown": {}, "findingsTypesBreakdown": {}, "issuesTypesBreakdown": {}, "pullRequestTitle": "example", "integrationId": "example", "repositoryId": "example", "scanId": "example", "provider": "example", "userEmail": "example", "blockingPolicyName": "example", "blockingPolicyId": "example", "scanHealth": "COMPLETED", "scanDate": "example", "commitId": "example", "pullRequestStatus": "ERROR", "pullRequestId": "example", "branchName": "example", "organizationName": "example", "repoName": "example" } ]