SCA Enterprise API
All endpoints require authentication via
X-API-Keyheader or JWT Bearer token. The base URL ishttps://codestax.co/api.
Vulnerability Detail
Get Vulnerability Detail
Returns full enriched detail for a specific vulnerability finding, including NVD data, EPSS score, KEV status, and references.
GET /api/sca/vulnerability/{issue_id}curl -H "X-API-Key: YOUR_API_KEY" \
https://codestax.co/api/sca/vulnerability/501Response:
{
"id": 501,
"cve_id": "CVE-2026-1234",
"package_name": "lodash",
"severity": "critical",
"cvss_score": 9.8,
"epss_score": 0.42,
"kev_listed": true,
"description": "Prototype pollution in lodash...",
"references": ["https://nvd.nist.gov/vuln/detail/CVE-2026-1234"],
"triage_status": "open"
}Triage Workflow
Update Triage Status
Sets the triage status and justification for a finding.
PUT /api/sca/triage/{issue_id}curl -X PUT \
-H "X-API-Key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"status": "accepted_risk", "justification": "Internal service, not exposed"}' \
https://codestax.co/api/sca/triage/501Request Body:
| Field | Type | Description |
|---|---|---|
status | string | open, accepted_risk, not_applicable, false_positive, wont_fix, in_progress, fixed |
justification | string | Reason for the triage decision |
assigned_to | integer | User ID to assign (optional) |
Bulk Triage
Updates triage status for multiple findings at once.
POST /api/sca/triage/bulkGet Triage Summary
Returns triage status counts for a repository.
GET /api/sca/triage/summary/{repository_id}Response:
{
"open": 12,
"accepted_risk": 3,
"false_positive": 5,
"in_progress": 2,
"fixed": 18
}Comments
Add Comment to Finding
POST /api/sca/comments/{issue_id}curl -X POST \
-H "X-API-Key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"comment": "Verified this is not exploitable in our config"}' \
https://codestax.co/api/sca/comments/501Get Comments for Finding
GET /api/sca/comments/{issue_id}Webhooks
Create Webhook
Registers a webhook to receive notifications on scan events.
POST /api/sca/webhookscurl -X POST \
-H "X-API-Key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"name": "Slack alerts", "channel_type": "slack", "webhook_url": "https://hooks.slack.com/...", "on_critical_vuln": true}' \
https://codestax.co/api/sca/webhooksList Webhooks
GET /api/sca/webhooksUpdate Webhook
PUT /api/sca/webhooks/{webhook_id}Delete Webhook
DELETE /api/sca/webhooks/{webhook_id}Test Webhook
Sends a test payload to verify connectivity.
POST /api/sca/webhooks/{webhook_id}/testGet Delivery History
GET /api/sca/webhooks/{webhook_id}/deliveriesSLA Management
Get SLA Policy
GET /api/sca/sla-policyCreate / Update SLA Policy
Sets remediation deadlines by severity level.
POST /api/sca/sla-policyRequest Body:
| Field | Type | Description |
|---|---|---|
critical_days | integer | Days to remediate critical findings |
high_days | integer | Days to remediate high findings |
medium_days | integer | Days to remediate medium findings |
low_days | integer | Days to remediate low findings |
Get SLA Status
Returns current SLA compliance status for a repository, including overdue findings.
GET /api/sca/sla-status/{repository_id}Response:
{
"compliant": false,
"overdue": 3,
"breaches": [
{ "issue_id": 501, "severity": "critical", "days_overdue": 5 }
]
}CI/CD Integration
CI/CD Status Check
Evaluates the latest scan results and returns a pass/fail for CI/CD pipelines.
POST /api/sca/cicd/checkcurl -X POST \
-H "X-API-Key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"repository_id": 7, "fail_on": "high"}' \
https://codestax.co/api/sca/cicd/checkResponse:
{
"status": "fail",
"critical": 2,
"high": 5,
"reason": "2 critical vulnerabilities exceed threshold"
}Get Status Badge
Returns an SVG badge for embedding in README files.
GET /api/sca/cicd/badge/{repository_id}curl https://codestax.co/api/sca/cicd/badge/7 -o badge.svgResponse: SVG image (image/svg+xml).
Auto-Fix
Create Fix Pull Request
Generates a pull request with dependency upgrades that resolve known vulnerabilities.
POST /api/sca/auto-pr/{repository_id}Response:
{
"pr_url": "https://github.com/org/my-app/pull/42",
"upgrades": [
{ "package": "lodash", "from": "4.17.20", "to": "4.17.21" }
]
}