# Mend SAST API

Mend Static Application Security Testing Solution Web API

Version: 24.9.2.5

## Servers

```
/sast
```

## Security

### ApiKeyAuth

API token taken from the <b>Settings | API TOKEN</b> page in the web application<br><b>Recommended for direct communication with the API</b>

Type: apiKey
In: header
Name: X-Auth-Token

### Bearer

Access token obtained via login endpoint<br>Remember to add the <b>Bearer</b> prefix to the header, e.g. <b>Bearer &lt;token&gt;</b>

Type: apiKey
In: header
Name: Authorization

## Download OpenAPI description

[Mend SAST API](https://api-docs.mend.io/_spec/sast/sast-api.yaml)

## Applications

### Get a list of applications.

 - [GET /api/applications](https://api-docs.mend.io/sast/sast-api/applications/getapplications.md): Retrieve a list of all applications.

If summary is set to true then:

metrics.totalScans is not set
metrics.fixedVulnerabilities is not set
metrics.newVulnerabilities is not set
metrics.newCritical is not set
metrics.newHigh is not set
metrics.newMedium is not set
metrics.newLow is not set
metrics.dateCounts only contains data for the latest scan


### Create an application.

 - [POST /api/applications](https://api-docs.mend.io/sast/sast-api/applications/createapplication.md): Create a new application.

### Delete an application

 - [DELETE /api/applications/{id}](https://api-docs.mend.io/sast/sast-api/applications/deleteapplication.md): Delete an application by ID.

### Get an application.

 - [GET /api/applications/{id}](https://api-docs.mend.io/sast/sast-api/applications/getapplication.md): Retrieve an application by ID.

### Update an application

 - [PUT /api/applications/{id}](https://api-docs.mend.io/sast/sast-api/applications/updateapplication.md): Update an application by ID.

### Get scans for an application

 - [GET /api/applications/{id}/scans](https://api-docs.mend.io/sast/sast-api/applications/getapplicationscans.md): Retrieve a list of application scans.

## Configurations

### Get Azure DevOps configuration

 - [GET /api/config/azuredevops](https://api-docs.mend.io/sast/sast-api/configurations/getazuredevopscredentials.md): Get Azure DevOps issue tracking configuration.

### Create or update Azure DevOps configuration.

 - [PUT /api/config/azuredevops](https://api-docs.mend.io/sast/sast-api/configurations/createazuredevopscredentials.md): Create or update Azure DevOps configuration to be used when submitting vulnerability issues.

### Get Azure DevOps triggers.

 - [GET /api/config/azuredevops/triggers](https://api-docs.mend.io/sast/sast-api/configurations/getazuredevopstriggers.md): Get a list of all Azure DevOps triggers.

### Create an Azure DevOps trigger configuration

 - [POST /api/config/azuredevops/triggers](https://api-docs.mend.io/sast/sast-api/configurations/createazuredevopstrigger.md): Create an Azure DevOps trigger configuration to be used when submitting vulnerability issues.

### Delete an Azure DevOps trigger configuration

 - [DELETE /api/config/azuredevops/triggers/{id}](https://api-docs.mend.io/sast/sast-api/configurations/deleteazuredevopstrigger.md): Delete an Azure DevOps trigger configuration by ID.

### Update an Azure DevOps trigger configuration

 - [PUT /api/config/azuredevops/triggers/{id}](https://api-docs.mend.io/sast/sast-api/configurations/updateazuredevopstrigger.md): Update an Azure DevOps trigger configuration by ID.

### Get Jira configuration

 - [GET /api/config/jira](https://api-docs.mend.io/sast/sast-api/configurations/getjiraconfiguration.md): Get Jira issue tracking configuration.

### Create or update Jira configuration.

 - [PUT /api/config/jira](https://api-docs.mend.io/sast/sast-api/configurations/savejiracredentials.md): Create or update Jira configuration to be used when submitting vulnerability issues.

### Get Jira triggers configuration

 - [GET /api/config/jira/triggers](https://api-docs.mend.io/sast/sast-api/configurations/getjiratriggers.md): Get configuration of triggers for Jira issue tracking.

### Create a Jira trigger configuration

 - [POST /api/config/jira/triggers](https://api-docs.mend.io/sast/sast-api/configurations/createjiratrigger.md): Create Jira trigger configuration to be used when submitting vulnerability issues.

### Delete a Jira trigger configuration

 - [DELETE /api/config/jira/triggers/{id}](https://api-docs.mend.io/sast/sast-api/configurations/deletejiratrigger.md): Delete a Jira trigger configuration by ID.

### Update a Jira trigger configuration

 - [PUT /api/config/jira/triggers/{id}](https://api-docs.mend.io/sast/sast-api/configurations/updatejiratrigger.md): Update a Jira trigger configuration by ID.

## SAST Engines

### Gets a list of all SAST engines

 - [GET /api/engines](https://api-docs.mend.io/sast/sast-api/sast-engines/getengines.md): Retrieves a list of available engines with supported programming languages names and engine IDs. Engine ID is used in scan configurations.

### Get a SAST engine

 - [GET /api/engines/{id}](https://api-docs.mend.io/sast/sast-api/sast-engines/getengine.md): Retrieve engine details corresponding to ID parameter. The response includes engine ID, supported language, a list of tracked variables and a list of vulnerability types (name, risk level).

## Groups

### Get user groups

 - [GET /api/groups](https://api-docs.mend.io/sast/sast-api/groups/getgroups.md): Get all user groups.

### Create a user group

 - [POST /api/groups](https://api-docs.mend.io/sast/sast-api/groups/creategroup.md): Create a user group.

### Delete a group

 - [DELETE /api/groups/{id}](https://api-docs.mend.io/sast/sast-api/groups/deletegroup.md): Delete a user group by ID. Only empty user groups can be deleted.

### Get a group

 - [GET /api/groups/{id}](https://api-docs.mend.io/sast/sast-api/groups/getgroup.md): Find a user group by ID.

### Update a group

 - [PUT /api/groups/{id}](https://api-docs.mend.io/sast/sast-api/groups/updategroup.md): Update a user group by ID.

### Remove a user from a group

 - [DELETE /api/groups/{id}/remove/{userId}](https://api-docs.mend.io/sast/sast-api/groups/removegroupmember.md): Remove a use rfrom a user group.

### Add a user to a group

 - [PUT /api/groups/{id}/remove/{userId}](https://api-docs.mend.io/sast/sast-api/groups/addgroupmember.md): Remove a use rfrom a user group.

## Users

### User authentication endpoint.

 - [POST /api/login](https://api-docs.mend.io/sast/sast-api/users/login.md): Log in to the application.

### Get a list of users.

 - [GET /api/users](https://api-docs.mend.io/sast/sast-api/users/getusers.md): Get a list of users.

### Create a user.

 - [POST /api/users](https://api-docs.mend.io/sast/sast-api/users/createuser.md): Create a user.

### Delete a user

 - [DELETE /api/users/{id}](https://api-docs.mend.io/sast/sast-api/users/deleteuser.md): Delete a user by ID.

### Get a user.

 - [GET /api/users/{id}](https://api-docs.mend.io/sast/sast-api/users/getuser.md): Find a user by ID.

### Update a user

 - [PUT /api/users/{id}](https://api-docs.mend.io/sast/sast-api/users/updateuser.md): Update a user by ID.

## Scans

### Get a list of scans

 - [GET /api/scans](https://api-docs.mend.io/sast/sast-api/scans/getscans.md): Retrieve a list of scans.

### Delete a scan

 - [DELETE /api/scans/{id}](https://api-docs.mend.io/sast/sast-api/scans/deletescan.md): Delete a scan by ID.

### Get a scan

 - [GET /api/v2/scans/{scanId}](https://api-docs.mend.io/sast/sast-api/scans/getscanv2.md): Get a scan by ID.

### Get configuration of a scan

 - [GET /api/v2/scans/{scanId}/config](https://api-docs.mend.io/sast/sast-api/scans/getscanconfigv2.md): Get configuration of a scan with an ID.

### Get a difference in findings between two scans

 - [GET /api/v2/scans/{scanId}/difference/{previousScanId}](https://api-docs.mend.io/sast/sast-api/scans/getscandifferencev2.md): Retrieve a list of newly introduced and/or resolved findings.

### Get a list of scan findings

 - [GET /api/v2/scans/{scanId}/findings](https://api-docs.mend.io/sast/sast-api/scans/listscanfindingsv2.md): Get a list of findings of a scan with an ID.

### Get a list of finding data flows

 - [GET /api/v2/scans/{scanId}/findings/{findingId}/data-flows](https://api-docs.mend.io/sast/sast-api/scans/listfindingdataflowsv2.md): Get a list of data flows of a finding in a scan.

### Find the highest priority findings.

 - [GET /api/v2/scans/{scanId}/prioritized-findings](https://api-docs.mend.io/sast/sast-api/scans/listprioritizedscanfindingsv2.md): Retrieve a list of findings prioritized by rating.

### Get a list of scan's vulnerability types

 - [GET /api/v2/scans/{scanId}/vulnerability-types](https://api-docs.mend.io/sast/sast-api/scans/listscanvulnerabilitytypesv2.md): Retrieve a list of vulnerability types registered in a scan.

### Get a list of scan findings

 - [GET /api/v2/scans/{scanId}/findings](https://api-docs.mend.io/sast/sast-api/findings/listscanfindingsv2.md): Get a list of findings of a scan with an ID.

### Get a list of finding data flows

 - [GET /api/v2/scans/{scanId}/findings/{findingId}/data-flows](https://api-docs.mend.io/sast/sast-api/findings/listfindingdataflowsv2.md): Get a list of data flows of a finding in a scan.

### Find the highest priority findings.

 - [GET /api/v2/scans/{scanId}/prioritized-findings](https://api-docs.mend.io/sast/sast-api/findings/listprioritizedscanfindingsv2.md): Retrieve a list of findings prioritized by rating.

### Get a list of finding data flows

 - [GET /api/v2/scans/{scanId}/findings/{findingId}/data-flows](https://api-docs.mend.io/sast/sast-api/data-flows/listfindingdataflowsv2.md): Get a list of data flows of a finding in a scan.

## Findings

### Get a list of scan findings

 - [GET /api/v2/scans/{scanId}/findings](https://api-docs.mend.io/sast/sast-api/scans/listscanfindingsv2.md): Get a list of findings of a scan with an ID.

### Get a list of finding data flows

 - [GET /api/v2/scans/{scanId}/findings/{findingId}/data-flows](https://api-docs.mend.io/sast/sast-api/scans/listfindingdataflowsv2.md): Get a list of data flows of a finding in a scan.

### Find the highest priority findings.

 - [GET /api/v2/scans/{scanId}/prioritized-findings](https://api-docs.mend.io/sast/sast-api/scans/listprioritizedscanfindingsv2.md): Retrieve a list of findings prioritized by rating.

### Selectively update multiple findings

 - [PATCH /api/v2/scans/{scanId}/bulk/findings](https://api-docs.mend.io/sast/sast-api/findings/bulkpatchfindingv2.md): Selectively update multiple findings.

### Get a list of scan findings

 - [GET /api/v2/scans/{scanId}/findings](https://api-docs.mend.io/sast/sast-api/findings/listscanfindingsv2.md): Get a list of findings of a scan with an ID.

### Selectively update a finding

 - [PATCH /api/v2/scans/{scanId}/findings/{findingId}](https://api-docs.mend.io/sast/sast-api/findings/patchfindingv2.md): Selectively update a finding.

### Post a comment under a finding

 - [POST /api/v2/scans/{scanId}/findings/{findingId}/comments](https://api-docs.mend.io/sast/sast-api/findings/postfindingcommentv2.md): Post a comment under a finding in a scan.

### Get a list of finding data flows

 - [GET /api/v2/scans/{scanId}/findings/{findingId}/data-flows](https://api-docs.mend.io/sast/sast-api/findings/listfindingdataflowsv2.md): Get a list of data flows of a finding in a scan.

### Find the highest priority findings.

 - [GET /api/v2/scans/{scanId}/prioritized-findings](https://api-docs.mend.io/sast/sast-api/findings/listprioritizedscanfindingsv2.md): Retrieve a list of findings prioritized by rating.

### Get a list of finding data flows

 - [GET /api/v2/scans/{scanId}/findings/{findingId}/data-flows](https://api-docs.mend.io/sast/sast-api/data-flows/listfindingdataflowsv2.md): Get a list of data flows of a finding in a scan.

## Data flows

### Get a list of finding data flows

 - [GET /api/v2/scans/{scanId}/findings/{findingId}/data-flows](https://api-docs.mend.io/sast/sast-api/scans/listfindingdataflowsv2.md): Get a list of data flows of a finding in a scan.

### Get a list of finding data flows

 - [GET /api/v2/scans/{scanId}/findings/{findingId}/data-flows](https://api-docs.mend.io/sast/sast-api/findings/listfindingdataflowsv2.md): Get a list of data flows of a finding in a scan.

### Get a list of finding data flows

 - [GET /api/v2/scans/{scanId}/findings/{findingId}/data-flows](https://api-docs.mend.io/sast/sast-api/data-flows/listfindingdataflowsv2.md): Get a list of data flows of a finding in a scan.

## Templates

### Get scan configuration templates

 - [GET /api/templates](https://api-docs.mend.io/sast/sast-api/templates/getscantemplates.md): Get a list of scan configuration templates.

### Create a scan template

 - [POST /api/templates](https://api-docs.mend.io/sast/sast-api/templates/createscantemplate.md): Create a scan template configuration.

### Delete a scan template.

 - [DELETE /api/templates/{id}](https://api-docs.mend.io/sast/sast-api/templates/deletescantemplate.md): Delete a scan template by ID.

### Get a scan template by ID

 - [GET /api/templates/{id}](https://api-docs.mend.io/sast/sast-api/templates/getscantemplate.md): Find a scan template by ID.