Legacy SAST API

Get a scan

Mend SAST API (24.9.2.5)

Mend Static Application Security Testing Solution Web API

Download OpenAPI description

sast-api.json

sast-api.yaml

Overview

Mend Support support@mend.io

Servers

https://api-docs.mend.io/sast/

Applications

Operations

Configurations

Operations

SAST Engines

Operations

Groups

Operations

Users

Operations

Scans

Operations

Get a list of scans

Request

Retrieve a list of scans.

Query

summaryboolean

Return only general information if this parameter is set to true.

limitinteger

Number of scans to return. Can't be greater than 1000.

pageinteger

Page number, used in combination with limit.

querystring

Narrow down the query to scans with names matching the parameter value.

sortstring

Field by which to sort the list. Supported values: name, createdTime (default).

orderstring

Order direction. Supported values: ascend, descend (default).

filterstring

Filter the scans by status. Comma-separated list of values is accepted, e.g. Finished,Running,Failed.

No request payload

Responses

Bodyapplication/jsonArray [

activeCliFeaturesArray of strings

createdBystring

createdTimestring

currentLanguagestring

expirationstring

groupVisibilityArray of strings

idstring

languagesArray of strings

lastUpdateTimestring

logCtxstring

markedForDeletionboolean

messagestring

metadataobject(models.Metadata)

namestringrequired

orgIdstring

parametersobject(models.ScanParameters)

parentAppIdstring

parentAppNamestring

platformstring

productIdstring

resultsArray of objects(models.EngineResults)

scmobject(models.Scm)

startTimestring

statsobject(models.ScanStats)

statusstring

versionFlagstring

]

Response

application/json

[
  {
    "activeCliFeatures": [ … ],
    "createdBy": "string",
    "createdTime": "string",
    "currentLanguage": "string",
    "expiration": "string",
    "groupVisibility": [ … ],
    "id": "string",
    "languages": [ … ],
    "lastUpdateTime": "string",
    "logCtx": "string",
    "markedForDeletion": true,
    "message": "string",
    "metadata": { … },
    "name": "string",
    "orgId": "string",
    "parameters": { … },
    "parentAppId": "string",
    "parentAppName": "string",
    "platform": "string",
    "productId": "string",
    "results": [ … ],
    "scm": { … },
    "startTime": "string",
    "stats": { … },
    "status": "string",
    "versionFlag": "string"
  }
]

Delete a scan

Request

Delete a scan by ID.

Path

idstringrequired

Scan ID

No request payload

Responses

Bodyapplication/json

messagestring

Example: "Operation succeeded"

resultany

successboolean

Example: true

Response

application/json

{
  "message": "Operation succeeded",
  "result": null,
  "success": true
}

Get a scan

Request

Get a scan by ID.

Path

scanIdstringrequired

ID of the scan to get

No request payload

Responses

Bodyapplication/json

createdBystring

createdTimestring

idstring

languagesArray of strings

messagestring

namestring

parentAppIdstring

parentAppNamestring

scmobject(dto.Scm)

statsobject(dto.ScanStats)

statusstring

versionFlagstring

Response

application/json

{
  "createdBy": "string",
  "createdTime": "string",
  "id": "string",
  "languages": [
    "string"
  ],
  "message": "string",
  "name": "string",
  "parentAppId": "string",
  "parentAppName": "string",
  "scm": {
    "commit": { … }
  },
  "stats": {
    "criticalSeverityFindingsCount": 0,
    "dataFlowsCount": 0,
    "duration": "string",
    "findingsCount": 0,
    "highSeverityFindingsCount": 0,
    "lowSeverityFindingsCount": 0,
    "mediumSeverityFindingsCount": 0,
    "testedFiles": 0,
    "testedLines": 0,
    "totalFiles": 0,
    "totalLines": 0
  },
  "status": "string",
  "versionFlag": "string"
}

Get configuration of a scan

Request

Get configuration of a scan with an ID.

Path

scanIdstringrequired

ID of the scan for which to get configuration

No request payload

Responses

Bodyapplication/json

almTriggerstring

emailTriggerstring

engineParamsArray of objects(dto.EngineConfig)

enginesArray of integers

exclusionsArray of strings

incrementalboolean

slackTriggerstring

targetobject(dto.ScanTarget)

Response

application/json

{
  "almTrigger": "string",
  "emailTrigger": "string",
  "engineParams": [
    { … }
  ],
  "engines": [
    0
  ],
  "exclusions": [
    "string"
  ],
  "incremental": true,
  "slackTrigger": "string",
  "target": {
    "path": "string",
    "source": "string",
    "type": "string"
  }
}

Get a difference in findings between two scans

Request

Retrieve a list of newly introduced and/or resolved findings.

Path

scanIdstringrequired

ID of the first scan

previousScanIdstringrequired

ID of the second (previous) scan. It has to identify a scan that is older than the one identified by scanId.

No request payload

Responses

Bodyapplication/json

newFindingsArray of objects(models.Vulnerability)

resolvedFindingsArray of objects(models.Vulnerability)

Response

application/json

{
  "newFindings": [
    { … }
  ],
  "resolvedFindings": [
    { … }
  ]
}

Get a list of scan findings

Request

Get a list of findings of a scan with an ID.

Path

scanIdstringrequired

ID of the scan for which to get findings

No request payload

Responses

Bodyapplication/jsonArray [

ageRatingnumber

Between 0 and 10

almIssuesobject(dto.FindingAlmIssues)

appIdstring

baselineboolean

commentsArray of objects(dto.FindingComment)

confidenceRatingnumber

Between 0 and 10

createdTimestring

dataFlowsArray of objects(dto.DataFlowSummary)

descriptionstring

hasRemediationboolean

idstring

Uniquely identifies the finding across multiple scans

isNewboolean

projectIdstring

ratingnumber

Between 0 and 10

reviewedboolean

scanIdstring

Uniquely identifies the scan this finding was loaded from

severitystring

severityRatingnumber

Between 0 and 10

sharedStepobject(dto.FindingSharedStep)

snapshotIdstring

Uniquely identifies the finding within a scan, it's equivalent to the pair of id and scanId

suppressedboolean

suppressedBystring

suppressionMessagestring

Always empty if suppressed is not set

suppressionTimestring

typeobject(dto.VulnerabilityType)

workflowViolationsArray of objects(dto.Workflow)

workflowViolationsCountinteger

]

Response

application/json

[
  {
    "ageRating": 0,
    "almIssues": { … },
    "appId": "string",
    "baseline": true,
    "comments": [ … ],
    "confidenceRating": 0,
    "createdTime": "string",
    "dataFlows": [ … ],
    "description": "string",
    "hasRemediation": true,
    "id": "string",
    "isNew": true,
    "projectId": "string",
    "rating": 0,
    "reviewed": true,
    "scanId": "string",
    "severity": "string",
    "severityRating": 0,
    "sharedStep": { … },
    "snapshotId": "string",
    "suppressed": true,
    "suppressedBy": "string",
    "suppressionMessage": "string",
    "suppressionTime": "string",
    "type": { … },
    "workflowViolations": [ … ],
    "workflowViolationsCount": 0
  }
]

Get a list of finding data flows

Request

Get a list of data flows of a finding in a scan.

Path

scanIdstringrequired

ID of the scan for which to get data flows

findingIdstringrequired

ID of the finding for which to get data flows

No request payload

Responses

Bodyapplication/jsonArray [

ageRatingnumber

Between 0 and 10

confidenceRatingnumber

Between 0 and 10

createdTimestring

filterobject(dto.Filter)

functionCallsArray of objects(dto.CallStackItem)

idstring

inputFlowArray of objects(dto.CallStackItem)

inputKindstring

inputSourcestring

isNewboolean

ratingnumber

Between 0 and 10

sinkstring

sinkFilestring

sinkKindstring

sinkLineinteger

sinkSnippetstring

]

Response

application/json

[
  {
    "ageRating": 0,
    "confidenceRating": 0,
    "createdTime": "string",
    "filter": { … },
    "functionCalls": [ … ],
    "id": "string",
    "inputFlow": [ … ],
    "inputKind": "string",
    "inputSource": "string",
    "isNew": true,
    "rating": 0,
    "sink": "string",
    "sinkFile": "string",
    "sinkKind": "string",
    "sinkLine": 0,
    "sinkSnippet": "string"
  }
]

Find the highest priority findings.

Request

Retrieve a list of findings prioritized by rating.

Path

scanIdstringrequired

Scan ID

Query

limitinteger

Number of findings to return. Has to be positive and can't be greater than 1000.

engineIdinteger

Narrow down the search to a single engine

No request payload

Responses

Bodyapplication/jsonArray [

ageRatingnumber

Between 0 and 10

almIssuesobject(dto.FindingAlmIssues)

appIdstring

baselineboolean

commentsArray of objects(dto.FindingComment)

confidenceRatingnumber

Between 0 and 10

createdTimestring

dataFlowsArray of objects(dto.DataFlowSummary)

descriptionstring

hasRemediationboolean

idstring

Uniquely identifies the finding across multiple scans

isNewboolean

projectIdstring

ratingnumber

Between 0 and 10

reviewedboolean

scanIdstring

Uniquely identifies the scan this finding was loaded from

severitystring

severityRatingnumber

Between 0 and 10

sharedStepobject(dto.FindingSharedStep)

snapshotIdstring

Uniquely identifies the finding within a scan, it's equivalent to the pair of id and scanId

suppressedboolean

suppressedBystring

suppressionMessagestring

Always empty if suppressed is not set

suppressionTimestring

typeobject(dto.VulnerabilityType)

workflowViolationsArray of objects(dto.Workflow)

workflowViolationsCountinteger

]

Response

application/json

[
  {
    "ageRating": 0,
    "almIssues": { … },
    "appId": "string",
    "baseline": true,
    "comments": [ … ],
    "confidenceRating": 0,
    "createdTime": "string",
    "dataFlows": [ … ],
    "description": "string",
    "hasRemediation": true,
    "id": "string",
    "isNew": true,
    "projectId": "string",
    "rating": 0,
    "reviewed": true,
    "scanId": "string",
    "severity": "string",
    "severityRating": 0,
    "sharedStep": { … },
    "snapshotId": "string",
    "suppressed": true,
    "suppressedBy": "string",
    "suppressionMessage": "string",
    "suppressionTime": "string",
    "type": { … },
    "workflowViolations": [ … ],
    "workflowViolationsCount": 0
  }
]

Get a list of scan's vulnerability types

Request

Retrieve a list of vulnerability types registered in a scan.

Path

scanIdstringrequired

ID of the scan for which to get vulnerability types

No request payload

Responses

Bodyapplication/jsonArray [

capecobject(dto.CapecInfo)

commonIdstring

cweobject(dto.CweInfo)

descriptionstring

engineIdinteger

hipaaobject(dto.HipaaInfo)

hitrustobject(dto.HitrustInfo)

idinteger

languagestring

namestring

nistobject(dto.NistInfo)

orderinteger

owaspobject(dto.OwaspInfo)

owasp2021object(dto.Owasp2021Info)

pcidssobject(dto.PcidssInfo)

recommendationsArray of strings

referencesArray of strings

sansTop25object(dto.SansTop25Info)

sarifstring

sarifLevelstring

severitystring

severityRatingnumber

]

Response

application/json

[
  {
    "capec": { … },
    "commonId": "string",
    "cwe": { … },
    "description": "string",
    "engineId": 0,
    "hipaa": { … },
    "hitrust": { … },
    "id": 0,
    "language": "string",
    "name": "string",
    "nist": { … },
    "order": 0,
    "owasp": { … },
    "owasp2021": { … },
    "pcidss": { … },
    "recommendations": [ … ],
    "references": [ … ],
    "sansTop25": { … },
    "sarif": "string",
    "sarifLevel": "string",
    "severity": "string",
    "severityRating": 0
  }
]

Templates

Operations

Findings

Operations

Data flows

Operations

Mend SAST API (24.9.2.5)

Applications

Configurations

SAST Engines

Groups

Users

Scans

Get a list of scans

Request

Responses

Was this helpful?

Delete a scan

Request

Responses

Was this helpful?

Get a scan

Request

Responses

Was this helpful?

Get configuration of a scan

Request

Responses

Was this helpful?

Get a difference in findings between two scans

Request

Responses

Was this helpful?

Get a list of scan findings

Request

Responses

Was this helpful?

Get a list of finding data flows

Request

Responses

Was this helpful?

Find the highest priority findings.

Request

Responses

Was this helpful?

Get a list of scan's vulnerability types

Request

Responses

Was this helpful?

Templates

Findings

Data flows