API Endpoints
Replace
YOUR_API_KEYwith your actual API key in all examples below. The base URL ishttps://codestax.co/api.
Health Check
Check API Status
GET /api/healthcurl https://codestax.co/api/health{ "status": "ok" }Scans
List All Scans
Returns all scans for your organization, enriched with repository names.
GET /api/scanscurl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/scansResponse:
[
{
"id": 42,
"repo_id": 7,
"repo_name": "my-app",
"org_id": 1,
"status": "completed",
"scan_type": "deep",
"issues_count": 12,
"created_at": "2026-03-12T10:00:00Z",
"completed_at": "2026-03-12T10:05:00Z"
}
]Get Scan Details
GET /api/scans/{scan_id}curl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/scans/42Get Scan Issues
Returns all findings for a scan. Automatically triggers AI enrichment for the top 5 critical/high/medium issues missing remediation advice.
GET /api/scans/{scan_id}/issuescurl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/scans/42/issuesResponse:
[
{
"id": 101,
"scan_id": 42,
"title": "SQL Injection in query builder",
"severity": "critical",
"tool": "semgrep",
"file_path": "src/db/queries.py",
"line_number": 45,
"description": "User input concatenated into SQL query...",
"remediation": "Use parameterized queries instead...",
"cwe_id": "CWE-89",
"cvss_score": 9.8
}
]Trigger a Scan
Queues a new security scan for a repository. Rate limited to 10 requests per minute.
POST /api/scans/trigger/{repo_id}Smart scan (faster, targets common vulnerabilities):
curl -X POST \
-H "X-API-Key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"type": "smart"}' \
https://codestax.co/api/scans/trigger/7Deep scan (comprehensive, all scanners):
curl -X POST \
-H "X-API-Key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"type": "deep"}' \
https://codestax.co/api/scans/trigger/7For private repos — pass your Git provider token:
curl -X POST \
-H "X-API-Key: YOUR_API_KEY" \
-H "X-GitHub-Token: ghp_xxxxxxxxxxxx" \
-H "Content-Type: application/json" \
-d '{"type": "smart"}' \
https://codestax.co/api/scans/trigger/7Request Body:
| Field | Type | Default | Description |
|---|---|---|---|
type | string | "smart" | "smart" or "deep" |
tier | string | "80" | Scanner tier/threshold |
Response:
{
"id": 43,
"repo_id": 7,
"org_id": 1,
"status": "pending",
"scan_type": "smart",
"issues_count": 0,
"created_at": "2026-03-13T10:00:00Z"
}Repositories
List Repositories
Returns all repositories in your organization with their latest scan status.
GET /api/repositoriescurl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/repositoriesResponse:
[
{
"id": 7,
"name": "my-app",
"url": "https://github.com/org/my-app",
"source": "github",
"total_issues": 5,
"latest_scan_status": "completed",
"latest_scan_type": "deep"
}
]List Provider Repositories
Fetch available repositories from your connected Git provider (for importing).
GET /api/repositories/provider/{provider}# List GitHub repos available to import
curl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/repositories/provider/github# List Bitbucket repos
curl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/repositories/provider/bitbucketImport Repositories (Bulk)
Import one or more repositories. Enforces plan limits and skips duplicates.
POST /api/repositories/bulkcurl -X POST \
-H "X-API-Key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '[
{
"name": "my-app",
"url": "https://github.com/org/my-app",
"source": "github"
},
{
"name": "backend-api",
"url": "https://github.com/org/backend-api",
"source": "github"
}
]' \
https://codestax.co/api/repositories/bulkDelete a Repository
Removes a repository and all associated data (scans, issues, dependencies, reviews).
DELETE /api/repositories/{repo_id}curl -X DELETE \
-H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/repositories/7Response:
{ "message": "Repository disconnected" }SCA (Software Composition Analysis)
Check SCA Availability
Verify that the Trivy scanner is available.
GET /api/sca/statuscurl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/sca/statusTrigger SCA Scan
Start an SCA scan for a repository. Rate limited to 10 requests per minute.
POST /api/sca/scancurl -X POST \
-H "X-API-Key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"repository_id": 7}' \
https://codestax.co/api/sca/scanFor private repos:
curl -X POST \
-H "X-API-Key: YOUR_API_KEY" \
-H "X-GitHub-Token: ghp_xxxxxxxxxxxx" \
-H "Content-Type: application/json" \
-d '{"repository_id": 7}' \
https://codestax.co/api/sca/scanResponse:
{
"scan_id": 15,
"status": "pending",
"message": "SCA scan queued successfully"
}Get SCA Scan Status
Poll for scan progress (0–100%).
GET /api/sca/status/{repository_id}curl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/sca/status/7Response:
{
"status": "scanning",
"scan_id": 15,
"progress": 65,
"started_at": "2026-03-13T10:00:00Z",
"issues_count": 0,
"message": "Scanning dependencies..."
}Get SCA Findings
Returns vulnerability findings. Optionally filter by severity.
GET /api/sca/findings/{repository_id}# All findings
curl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/sca/findings/7
# Critical only
curl -H "X-API-Key: YOUR_API_KEY" \
"https://codestax.co/api/sca/findings/7?severity=critical"Response:
[
{
"id": 201,
"severity": "critical",
"title": "Prototype Pollution in lodash",
"description": "Versions before 4.17.21 are vulnerable...",
"file_path": "package-lock.json",
"status": "open",
"cvss_score": 9.1,
"cwe_id": "CWE-1321",
"risk_score": 95
}
]Get Dependencies
Returns the full dependency list with versions and vulnerability counts.
GET /api/sca/dependencies/{repository_id}curl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/sca/dependencies/7Response:
[
{
"id": 301,
"name": "lodash",
"version": "4.17.20",
"latest_version": "4.17.21",
"is_outdated": true,
"license": "MIT",
"license_type": "permissive",
"package_manager": "npm",
"vulnerability_count": 2,
"vulnerabilities": [
{
"cve_id": "CVE-2021-23337",
"severity": "high",
"cvss_score": 7.2,
"fixed_version": "4.17.21"
}
]
}
]Get Dependency Vulnerabilities
Get all vulnerabilities for a specific dependency.
GET /api/sca/dependency/{dependency_id}/vulnerabilitiescurl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/sca/dependency/301/vulnerabilitiesResponse:
{
"dependency": {
"id": 301,
"name": "lodash",
"version": "4.17.20"
},
"vulnerability_count": 2,
"vulnerabilities": [
{
"id": 501,
"cve_id": "CVE-2021-23337",
"severity": "high",
"cvss_score": 7.2,
"cwe_id": "CWE-77",
"title": "Command Injection in lodash",
"description": "...",
"fixed_version": "4.17.21",
"remediation": "Upgrade to lodash >= 4.17.21",
"nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23337"
}
]
}Get SCA Summary
High-level vulnerability summary and scores.
GET /api/sca/summary/{repository_id}curl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/sca/summary/7Get SCA Settings
GET /api/sca/settings/{repository_id}curl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/sca/settings/7Update SCA Settings
Configure exclusions, Jira integration, email alerts, and scan schedules.
POST /api/sca/settings/{repository_id}curl -X POST \
-H "X-API-Key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"exclude_paths": ["test/", "docs/"],
"jira_enabled": true,
"jira_project_key": "SEC",
"jira_auto_create": true,
"jira_min_severity": "high",
"email_enabled": true,
"email_recipients": "team@example.com",
"email_on_new_vulns": true,
"schedule_enabled": true,
"cron_expression": "0 2 * * 1",
"scan_type": "deep"
}' \
https://codestax.co/api/sca/settings/7Get Remediation Advice
AI-powered remediation guidance for a specific vulnerability.
GET /api/sca/remediation/{finding_id}curl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/sca/remediation/201Response:
{
"vulnerability_id": 201,
"package_name": "lodash",
"current_version": "4.17.20",
"fixed_version": "4.17.21",
"risk_score": 95,
"upgrade_command": "npm install lodash@4.17.21",
"breaking_changes": [],
"mitigation_steps": [
"Update lodash to >= 4.17.21",
"Run tests to verify compatibility"
],
"alternative_packages": ["radash", "es-toolkit"]
}Export SBOM
Export a Software Bill of Materials in SPDX or CycloneDX format.
GET /api/sca/sbom/{repository_id}/export# SPDX format (default)
curl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/sca/sbom/7/export
# CycloneDX format
curl -H "X-API-Key: YOUR_API_KEY" \
"https://codestax.co/api/sca/sbom/7/export?format=cyclonedx"
# Save to file
curl -H "X-API-Key: YOUR_API_KEY" \
"https://codestax.co/api/sca/sbom/7/export?format=spdx" \
-o sbom.jsonLicense Compliance
Check dependency licenses against your compliance policy.
GET /api/sca/license-compliance/{repository_id}curl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/sca/license-compliance/7Supply Chain Security
Get supply chain security metrics, scores, and risk indicators.
GET /api/sca/supply-chain/{repository_id}curl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/sca/supply-chain/7Response:
{
"has_scan": true,
"scan_id": 15,
"scanned_at": "2026-03-13T10:05:00Z",
"total_dependencies": 142,
"vulnerability_summary": { "critical": 1, "high": 3, "medium": 8, "low": 12 },
"license_summary": { "permissive": 120, "copyleft": 15, "unknown": 7 },
"scores": {
"security_score": 72,
"license_compliance_score": 88,
"overall_health_score": 80
},
"risk_indicators": ["1 critical vulnerability", "7 unknown licenses"],
"recommendations": ["Upgrade lodash to fix CVE-2021-23337"]
}Get Outdated Dependencies
GET /api/sca/outdated/{repository_id}curl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/sca/outdated/7Get Prioritized Vulnerabilities
Returns vulnerabilities ranked by priority score. Useful for triage.
GET /api/sca/priority/{repository_id}# Top 50 (default)
curl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/sca/priority/7
# Top 10
curl -H "X-API-Key: YOUR_API_KEY" \
"https://codestax.co/api/sca/priority/7?limit=10"Response:
{
"vulnerabilities": [
{
"id": 501,
"cve_id": "CVE-2021-23337",
"package_name": "lodash",
"severity": "high",
"cvss_score": 7.2,
"priority_score": 95,
"priority_label": "critical",
"fix_available": true,
"fixed_version": "4.17.21",
"exploitability": "high",
"title": "Command Injection in lodash",
"recommendation": "Upgrade to >= 4.17.21"
}
],
"stats": { "total": 24, "fixable": 18 },
"scan_id": 15,
"scan_date": "2026-03-13T10:05:00Z"
}Compare Scans (Diff)
Compare dependencies between two scans. Omit scan IDs to compare the latest two.
GET /api/sca/diff/{repository_id}# Compare latest two scans
curl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/sca/diff/7
# Compare specific scans
curl -H "X-API-Key: YOUR_API_KEY" \
"https://codestax.co/api/sca/diff/7?scan1=14&scan2=15"Response:
{
"scan1": 14,
"scan2": 15,
"added": [{ "name": "axios", "version": "1.6.0" }],
"removed": [{ "name": "request", "version": "2.88.2" }],
"updated": [{ "name": "lodash", "from": "4.17.20", "to": "4.17.21" }],
"unchanged": 139,
"vulnerability_change": { "added": 1, "resolved": 3 },
"summary": "1 added, 1 removed, 1 updated. Net -2 vulnerabilities."
}Get Dependency Health
GET /api/sca/health/{repository_id}curl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/sca/health/7Get SCA Trends
Security trends from the last 7 scans.
GET /api/sca/trends/{repository_id}curl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/sca/trends/7Get SCA History
GET /api/sca/history/{repository_id}curl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/sca/history/7Dependency Graph
Get the dependency tree for visualization.
GET /api/sca/graph/{repository_id}curl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/sca/graph/7Get Package Alternatives
AI-powered suggestions for alternative packages (e.g., replacing copyleft-licensed ones).
GET /api/sca/alternatives/{package_name}# Single package
curl -H "X-API-Key: YOUR_API_KEY" \
"https://codestax.co/api/sca/alternatives/left-pad?license=BSD-3-Clause&package_manager=npm"Batch alternatives:
POST /api/sca/alternativescurl -X POST \
-H "X-API-Key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"packages": [
{ "name": "moment", "version": "2.29.4", "license": "MIT", "license_type": "permissive" },
{ "name": "request", "version": "2.88.2", "license": "Apache-2.0", "license_type": "permissive" }
]
}' \
https://codestax.co/api/sca/alternativesAI Recommendations
Get or generate AI-powered recommendations for your dependency issues.
# Get cached recommendations
curl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/sca/recommendations/7
# Force refresh
curl -H "X-API-Key: YOUR_API_KEY" \
"https://codestax.co/api/sca/recommendations/7?force_refresh=true"
# Generate new recommendations
curl -X POST \
-H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/sca/recommendations/7/generate
# Update recommendation status
curl -X PATCH \
-H "X-API-Key: YOUR_API_KEY" \
"https://codestax.co/api/sca/recommendations/42/status?status=mitigated"
# Auto-check resolved recommendations
curl -X POST \
-H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/sca/recommendations/check-resolved/7Recommendation statuses: open, mitigated, closed, ignored
AI License Enrichment
Identify unknown licenses using AI.
# Enrich unknown licenses
curl -X POST \
-H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/sca/enrich-licenses/7
# Check enrichment progress
curl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/sca/enrich-status/7
# Full AI enrichment (licenses + vulns + versions)
curl -X POST \
-H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/sca/enrich-all/7
# Get AI analysis
curl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/sca/ai-analysis/7Compliance Path
Get a roadmap to 100% license compliance.
GET /api/sca/compliance-path/{repository_id}curl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/sca/compliance-path/7Reports
Download PDF Report
Generate and download a compliance-ready PDF report (SOC 2, ISO 27001).
GET /api/reports/{repo_id}/downloadcurl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/reports/7/download \
-o codestax-report.pdfThe response is a PDF file (Content-Type: application/pdf).
Security Center
Get Security Stats
Returns your organization’s overall security posture.
GET /api/security/statscurl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/security/statsResponse:
{
"total_vulnerabilities": 47,
"critical": 2,
"high": 8,
"medium": 22,
"low": 15,
"compliance_score": 60,
"secrets_detected": 3,
"vulnerabilities_by_type": [
{ "name": "SQL Injection", "count": 4 },
{ "name": "XSS", "count": 7 }
],
"history": [
{ "date": "2026-03-06", "issues": 52 },
{ "date": "2026-03-13", "issues": 47 }
],
"has_scans": true
}Compliance score formula:
max(0, 100 - critical×20 - high×10 - medium×2)
API Keys
List API Keys
GET /api/api-keyscurl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/api-keysResponse:
[
{
"id": 1,
"name": "CI Pipeline",
"key_prefix": "ch_a1b2c3d4",
"permissions": ["read:scans", "read:repos"],
"is_active": true,
"last_used": "2026-03-13T08:00:00Z",
"use_count": 142,
"created_at": "2026-02-01T10:00:00Z",
"expires_at": null
}
]The full key value is never returned in list responses.
Create API Key
POST /api/api-keyscurl -X POST \
-H "X-API-Key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "GitHub Actions",
"permissions": ["read:scans", "read:repos"],
"expires_in_days": 90
}' \
https://codestax.co/api/api-keysRequest Body:
| Field | Type | Default | Description |
|---|---|---|---|
name | string | required | Display name for the key |
permissions | string[] | ["read:scans", "read:repos"] | Permission scopes |
expires_in_days | integer | null | null | Days until expiry (null = never) |
Response:
{
"id": 2,
"name": "GitHub Actions",
"key": "ch_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9d0e1f2",
"key_prefix": "ch_a1b2c3d4",
"permissions": ["read:scans", "read:repos"],
"created_at": "2026-03-13T10:00:00Z",
"expires_at": "2026-06-11T10:00:00Z"
}The full
keyis only shown once. Store it securely.
Revoke API Key
DELETE /api/api-keys/{key_id}curl -X DELETE \
-H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/api-keys/2Response:
{ "message": "API key revoked" }Toggle API Key
Enable or disable a key without deleting it.
POST /api/api-keys/{key_id}/togglecurl -X POST \
-H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/api-keys/1/toggleResponse:
{ "message": "API key disabled", "is_active": false }Scheduled Scans
List Scheduled Scans
GET /api/scheduled-scans# All scheduled scans
curl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/scheduled-scans
# Filter by repository
curl -H "X-API-Key: YOUR_API_KEY" \
"https://codestax.co/api/scheduled-scans?repo_id=7"Response:
[
{
"id": 1,
"repo_id": 7,
"cron_expression": "0 2 * * 1",
"scan_type": "deep",
"is_active": true,
"last_run": "2026-03-10T02:00:00Z",
"next_run": "2026-03-17T02:00:00Z",
"run_count": 12,
"trigger_on_push": false,
"trigger_branch": "main",
"created_at": "2026-01-15T10:00:00Z"
}
]Create Scheduled Scan
POST /api/scheduled-scans# Weekly deep scan every Monday at 2 AM UTC
curl -X POST \
-H "X-API-Key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"repo_id": 7,
"cron_expression": "0 2 * * 1",
"scan_type": "deep",
"is_active": true,
"trigger_on_push": false,
"trigger_branch": "main"
}' \
https://codestax.co/api/scheduled-scansRequest Body:
| Field | Type | Default | Description |
|---|---|---|---|
repo_id | integer | required | Repository ID |
cron_expression | string | "0 0 * * *" | Cron schedule (UTC) |
scan_type | string | "smart" | "smart" or "deep" |
is_active | boolean | true | Enable immediately |
trigger_on_push | boolean | false | Also scan on git push |
trigger_branch | string | "main" | Branch to monitor |
Common cron schedules:
| Cron | Schedule |
|---|---|
0 2 * * * | Daily at 2 AM UTC |
0 2 * * 1 | Weekly on Monday at 2 AM UTC |
0 0 1 * * | Monthly on the 1st at midnight UTC |
0 */6 * * * | Every 6 hours |
Update Scheduled Scan
PATCH /api/scheduled-scans/{schedule_id}curl -X PATCH \
-H "X-API-Key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"repo_id": 7,
"cron_expression": "0 0 * * *",
"scan_type": "smart",
"is_active": true,
"trigger_on_push": true,
"trigger_branch": "main"
}' \
https://codestax.co/api/scheduled-scans/1Toggle Scheduled Scan
POST /api/scheduled-scans/{schedule_id}/togglecurl -X POST \
-H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/scheduled-scans/1/toggleDelete Scheduled Scan
DELETE /api/scheduled-scans/{schedule_id}curl -X DELETE \
-H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/scheduled-scans/1Response:
{ "message": "Scheduled scan deleted" }Webhooks
GitHub Webhook
Receive GitHub push and pull request events. Configured via Settings → Integrations → GitHub in the dashboard.
POST /api/webhooks/githubThis endpoint is called by GitHub, not by you directly. It verifies requests using the X-Hub-Signature-256 HMAC header.
Handled events:
| Event | Action | What Happens |
|---|---|---|
ping | — | Returns { "message": "Pong!" } |
pull_request | opened | Creates a PR review and queues security analysis |
pull_request | synchronize | Re-analyzes on new commits |
pull_request | reopened | Re-analyzes reopened PRs |
Setting up the webhook:
- Go to your GitHub repo → Settings → Webhooks → Add webhook
- Payload URL:
https://codestax.co/api/webhooks/github - Content type:
application/json - Secret: Your webhook secret from CodeStax settings
- Events: Select “Pull requests”
CI/CD Examples
GitHub Actions
name: CodeStax Security Scan
on: [push, pull_request]
jobs:
security:
runs-on: ubuntu-latest
steps:
- name: Trigger CodeStax scan
run: |
RESPONSE=$(curl -s -X POST \
-H "X-API-Key: ${{ secrets.CODESTAX_API_KEY }}" \
-H "Content-Type: application/json" \
-d '{"type": "smart"}' \
https://codestax.co/api/scans/trigger/${{ vars.CODESTAX_REPO_ID }})
echo "Scan triggered: $RESPONSE"
SCAN_ID=$(echo $RESPONSE | jq -r '.id')
echo "SCAN_ID=$SCAN_ID" >> $GITHUB_ENV
- name: Wait for scan
run: |
for i in $(seq 1 60); do
STATUS=$(curl -s \
-H "X-API-Key: ${{ secrets.CODESTAX_API_KEY }}" \
https://codestax.co/api/scans/$SCAN_ID | jq -r '.status')
echo "Scan status: $STATUS"
if [ "$STATUS" = "completed" ] || [ "$STATUS" = "failed" ]; then
break
fi
sleep 10
done
- name: Check results
run: |
ISSUES=$(curl -s \
-H "X-API-Key: ${{ secrets.CODESTAX_API_KEY }}" \
https://codestax.co/api/scans/$SCAN_ID/issues)
CRITICAL=$(echo $ISSUES | jq '[.[] | select(.severity=="critical")] | length')
echo "Critical issues: $CRITICAL"
if [ "$CRITICAL" -gt 0 ]; then
echo "::error::Found $CRITICAL critical vulnerabilities"
exit 1
fiGitLab CI
codestax-scan:
stage: test
script:
- |
RESPONSE=$(curl -s -X POST \
-H "X-API-Key: $CODESTAX_API_KEY" \
-H "Content-Type: application/json" \
-d '{"type": "smart"}' \
https://codestax.co/api/scans/trigger/$CODESTAX_REPO_ID)
SCAN_ID=$(echo $RESPONSE | jq -r '.id')
echo "Scan $SCAN_ID triggered"
# Poll until complete
while true; do
STATUS=$(curl -s -H "X-API-Key: $CODESTAX_API_KEY" \
https://codestax.co/api/scans/$SCAN_ID | jq -r '.status')
[ "$STATUS" = "completed" ] || [ "$STATUS" = "failed" ] && break
sleep 10
done
# Fail on critical issues
CRITICAL=$(curl -s -H "X-API-Key: $CODESTAX_API_KEY" \
https://codestax.co/api/scans/$SCAN_ID/issues | \
jq '[.[] | select(.severity=="critical")] | length')
[ "$CRITICAL" -gt 0 ] && exit 1Shell Script
#!/bin/bash
# codestax-scan.sh — Trigger a scan and download the report
set -e
API_KEY="YOUR_API_KEY"
REPO_ID=7
BASE="https://codestax.co/api"
echo "Triggering deep scan..."
SCAN_ID=$(curl -s -X POST \
-H "X-API-Key: $API_KEY" \
-H "Content-Type: application/json" \
-d '{"type": "deep"}' \
"$BASE/scans/trigger/$REPO_ID" | jq -r '.id')
echo "Scan ID: $SCAN_ID — waiting for completion..."
while true; do
STATUS=$(curl -s -H "X-API-Key: $API_KEY" \
"$BASE/scans/$SCAN_ID" | jq -r '.status')
echo " Status: $STATUS"
[[ "$STATUS" == "completed" || "$STATUS" == "failed" ]] && break
sleep 15
done
echo "Fetching issues..."
curl -s -H "X-API-Key: $API_KEY" \
"$BASE/scans/$SCAN_ID/issues" | jq '.[] | {title, severity, file_path}'
echo "Downloading PDF report..."
curl -s -H "X-API-Key: $API_KEY" \
"$BASE/reports/$REPO_ID/download" -o report.pdf
echo "Done! Report saved to report.pdf"Response:
{
"status": "healthy",
"environment": "production"
}No authentication required.