SCA Core API
All endpoints require authentication via
X-API-Keyheader or JWT Bearer token. The base URL ishttps://codestax.co/api.
Scan Management
Trigger SCA Scan
Queues a new SCA (dependency vulnerability) scan for a repository.
POST /api/sca/scancurl -X POST \
-H "X-API-Key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"repository_id": 7, "scan_type": "sca"}' \
https://codestax.co/api/sca/scanRequest Body:
| Field | Type | Description |
|---|---|---|
repository_id | integer | Target repository ID |
scan_type | string | Scan type (default "sca") |
Response:
{
"scan_id": 101,
"status": "pending",
"message": "SCA scan queued"
}Get Scan Status
GET /api/sca/status/{repository_id}curl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/sca/status/7Response:
{
"repository_id": 7,
"status": "completed",
"scan_id": 101,
"started_at": "2026-03-20T10:00:00Z",
"completed_at": "2026-03-20T10:02:30Z"
}Get Scan History
GET /api/sca/history/{repository_id}Returns a list of past SCA scans for the repository.
Findings & Dependencies
Get Vulnerability Findings
Returns vulnerability findings for the latest SCA scan. Supports filtering and pagination.
GET /api/sca/findings/{repository_id}curl -H "X-API-Key: YOUR_API_KEY" \
"https://codestax.co/api/sca/findings/7?severity=critical&limit=20"Query Parameters:
| Parameter | Type | Default | Description |
|---|---|---|---|
skip | integer | 0 | Offset for pagination |
limit | integer | 50 | Max results to return |
severity | string | — | Filter by severity (critical, high, medium, low) |
search | string | — | Search by CVE ID or package name |
Response:
{
"findings": [
{
"id": 501,
"cve_id": "CVE-2026-1234",
"package_name": "lodash",
"installed_version": "4.17.20",
"fixed_version": "4.17.21",
"severity": "critical",
"cvss_score": 9.8,
"epss_score": 0.42
}
],
"total": 38
}Get Dependencies
Returns all dependencies detected in the repository.
GET /api/sca/dependencies/{repository_id}Query Parameters:
| Parameter | Type | Default | Description |
|---|---|---|---|
skip | integer | 0 | Offset for pagination |
limit | integer | 100 | Max results to return |
Response:
{
"dependencies": [
{
"name": "express",
"version": "4.18.2",
"ecosystem": "npm",
"is_direct": true,
"license": "MIT"
}
],
"total": 142
}Get Severity Summary
Returns an aggregate count of vulnerabilities grouped by severity.
GET /api/sca/summary/{repository_id}curl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/sca/summary/7Response:
{
"critical": 2,
"high": 8,
"medium": 15,
"low": 23,
"total": 48
}Analysis & Visualization
Get Outdated Packages
Returns packages with newer versions available, including live registry version checks.
GET /api/sca/outdated/{repository_id}Get Dependency Graph
Returns nodes and edges for rendering a dependency graph visualization.
GET /api/sca/graph/{repository_id}Response:
{
"nodes": [
{ "id": "express@4.18.2", "label": "express", "version": "4.18.2", "vulnerabilities": 0 }
],
"edges": [
{ "source": "express@4.18.2", "target": "body-parser@1.20.1" }
]
}Get Prioritized Vulnerabilities
Returns vulnerabilities ranked by a composite score (CVSS, EPSS, KEV status, reachability).
GET /api/sca/priority/{repository_id}Get Dependency Diff
Compares dependencies between two scans to show added, removed, and changed packages.
GET /api/sca/diff/{repository_id}Get Security Trends
Returns vulnerability counts over time for trend analysis.
GET /api/sca/trends/{repository_id}SBOM & Remediation
Export SBOM
Exports a CycloneDX JSON Software Bill of Materials for the repository.
GET /api/sca/sbom/{repository_id}/exportcurl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/sca/sbom/7/export \
-o sbom.jsonResponse: CycloneDX 1.5 JSON document.
Get Remediation Advice
Returns AI-generated remediation guidance for a specific finding.
GET /api/sca/remediation/{finding_id}curl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/sca/remediation/501Response:
{
"finding_id": 501,
"recommendation": "Upgrade lodash to >=4.17.21",
"breaking_changes": false,
"confidence": "high"
}