> ## Documentation Index
> Fetch the complete documentation index at: https://developer.vanta.com/llms.txt
> Use this file to discover all available pages before exploring further.

# List code changes for an audit

> Retrieves code changes population data for an audit.

This endpoint provides access to code change records (pull requests)
visible to auditors during an audit engagement.

Supports filtering by:
- `search`: Searches code change titles and repository names (case-insensitive)
- `sourcesMatchesAny`: Filters by version control source (accepted values: github, gitlab, bitbucket, azuredevops)
- `closedAfterDate` / `closedBeforeDate`: Filters by the closed date range

Uses cursor-based pagination. To paginate:
1. Make initial request with desired `pageSize`
2. Check `results.pageInfo.hasNextPage`
3. Use `results.pageInfo.endCursor` as `pageCursor` for next request

Results are sorted by closed date (newest first). This sort order is
fixed and cannot be customized via query parameters.

Rate limit: 10 requests / minute.



## OpenAPI

````yaml https://spec.speakeasy.com/vanta/vanta/conduct-an-audit-with-code-samples get /audits/{auditId}/assets/code-changes
openapi: 3.0.0
info:
  title: Conduct an audit
  version: 1.0.0
  description: >-
    The Auditor API lets audit firms conduct audits from a tool outside of
    Vanta. Unlock data syncing with Vanta through this API.


    **Note for Vanta Gov (FedRAMP) customers:** Select `Vanta Gov (FedRAMP)`
    from the server dropdown to issue requests against
    `https://api.vanta-gov.com`. The OAuth token URL shown below defaults to the
    commercial host — replace it with `https://api.vanta-gov.com/oauth/token`.
  termsOfService: https://www.vanta.com/terms
  license:
    name: UNLICENSED
  contact:
    name: API Support
    url: https://help.vanta.com/
    email: support@vanta.com
servers:
  - url: https://api.vanta.com/v1
    description: US Region API
  - url: https://api.vanta-gov.com/v1
    description: Vanta Gov (FedRAMP)
security: []
paths:
  /audits/{auditId}/assets/code-changes:
    get:
      tags:
        - Audits
      summary: List code changes for an audit
      description: >-
        Retrieves code changes population data for an audit.


        This endpoint provides access to code change records (pull requests)

        visible to auditors during an audit engagement.


        Supports filtering by:

        - `search`: Searches code change titles and repository names
        (case-insensitive)

        - `sourcesMatchesAny`: Filters by version control source (accepted
        values: github, gitlab, bitbucket, azuredevops)

        - `closedAfterDate` / `closedBeforeDate`: Filters by the closed date
        range


        Uses cursor-based pagination. To paginate:

        1. Make initial request with desired `pageSize`

        2. Check `results.pageInfo.hasNextPage`

        3. Use `results.pageInfo.endCursor` as `pageCursor` for next request


        Results are sorted by closed date (newest first). This sort order is

        fixed and cannot be customized via query parameters.


        Rate limit: 10 requests / minute.
      operationId: ListCodeChanges
      parameters:
        - description: The audit ID
          in: path
          name: auditId
          required: true
          schema:
            type: string
        - description: Maximum number of results per page (1-100, default 10)
          in: query
          name: pageSize
          required: false
          schema:
            $ref: '#/components/schemas/PageSize'
        - description: Pagination cursor from previous response
          in: query
          name: pageCursor
          required: false
          schema:
            $ref: '#/components/schemas/PageCursor'
        - description: Search term for filtering by code change title or repository name
          in: query
          name: search
          required: false
          schema:
            type: string
        - description: >-
            Filter code changes by version control source (accepted values:
            github, gitlab, bitbucket, azuredevops)
          in: query
          name: sourcesMatchesAny
          required: false
          schema:
            type: array
            items:
              $ref: '#/components/schemas/ApiCodeChangeSource'
        - description: Filter code changes closed on or after this date (ISO 8601)
          in: query
          name: closedAfterDate
          required: false
          schema:
            type: string
            format: date-time
        - description: Filter code changes closed on or before this date (ISO 8601)
          in: query
          name: closedBeforeDate
          required: false
          schema:
            type: string
            format: date-time
      responses:
        '200':
          description: Paginated list of code changes with pagination metadata
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PaginatedResponse_CodeChange_'
              examples:
                Example 1:
                  value:
                    results:
                      pageInfo:
                        hasNextPage: true
                        hasPreviousPage: false
                        startCursor: code_change_12345
                        endCursor: code_change_12345
                      data:
                        - id: code_change_12345
                          codeChange: fix-auth-bug
                          identifier: '101'
                          service: github
                          repository: vanta/obsidian
                          openedAt: '2025-01-25T14:30:00.000Z'
                          closedAt: '2025-03-25T14:30:00.000Z'
      security:
        - bearerAuth: []
      x-codeSamples:
        - lang: typescript
          label: ListCodeChanges
          source: |-
            import { Vanta } from "vanta-auditor-api-sdk";

            const vanta = new Vanta({
              bearerAuth: process.env["VANTA_BEARER_AUTH"] ?? "",
            });

            async function run() {
              const result = await vanta.audits.listCodeChanges({
                auditId: "<id>",
              });

              console.log(result);
            }

            run();
        - lang: java
          label: ListCodeChanges
          source: >-
            package hello.world;


            import com.vanta.vanta_auditor_api.Vanta;

            import
            com.vanta.vanta_auditor_api.models.operations.ListCodeChangesRequest;

            import
            com.vanta.vanta_auditor_api.models.operations.ListCodeChangesResponse;

            import java.lang.Exception;


            public class Application {

                public static void main(String[] args) throws Exception {

                    Vanta sdk = Vanta.builder()
                            .bearerAuth(System.getenv().getOrDefault("BEARER_AUTH", ""))
                        .build();

                    ListCodeChangesRequest req = ListCodeChangesRequest.builder()
                            .auditId("<id>")
                            .build();

                    ListCodeChangesResponse res = sdk.audits().listCodeChanges()
                            .request(req)
                            .call();

                    if (res.paginatedResponseCodeChange().isPresent()) {
                        System.out.println(res.paginatedResponseCodeChange().get());
                    }
                }
            }
components:
  schemas:
    PageSize:
      type: integer
      format: int32
      default: 10
      description: >-
        Controls the maximum number of items returned in one response from the
        API.
      minimum: 1
      maximum: 100
    PageCursor:
      type: string
      description: >-
        A marker or pointer, telling the API where to start fetching items for
        the subsequent page in a paginated dataset.

        Note that the requested page will not include the item that corresponds
        to this cursor but will start from the one immediately

        after this cursor.
    ApiCodeChangeSource:
      type: string
      enum:
        - github
        - gitlab
        - bitbucket
        - azuredevops
      description: Version control source service name for code changes.
    PaginatedResponse_CodeChange_:
      properties:
        results:
          properties:
            data:
              items:
                $ref: '#/components/schemas/CodeChange'
              type: array
            pageInfo:
              $ref: '#/components/schemas/PageInfo'
          required:
            - data
            - pageInfo
          type: object
      required:
        - results
      type: object
      additionalProperties: false
    CodeChange:
      description: >-
        Code change data.


        `id` and `codeChange` are required. All other fields are optional to
        support customizable field visibility.


        Omitted keys mean the column is not in the response; `null` means the
        column is present but empty.
      properties:
        id:
          type: string
          description: Code change record ID - always present.
          example: 5f2c939a52855e725c8d5824
        codeChange:
          type: string
          description: Code change title (e.g. PR title) - always present.
          example: fix-auth-bug
        identifier:
          type: string
          description: Code change identifier (e.g. PR number).
          example: '101'
        service:
          type: string
          description: >-
            Version control source where the change originated.

            Known values are listed in {@link ApiCodeChangeSource}; other
            strings may

            appear if a new source is onboarded before this enum is updated.
          example: github
        repository:
          type: string
          description: Repository name.
          example: vanta/obsidian
        openedAt:
          type: string
          format: date-time
          description: Date the code change was opened.
          example: '2025-01-25T14:30:00.000Z'
        closedAt:
          type: string
          format: date-time
          description: Date the code change was merged/closed.
          example: '2025-03-25T14:30:00.000Z'
      required:
        - id
        - codeChange
      type: object
      additionalProperties: false
    PageInfo:
      description: Provides information about the pagination of a dataset.
      properties:
        endCursor:
          type: string
          nullable: true
          description: >-
            The cursor that points to the end of the current page, or null if
            there is no such cursor.
        hasNextPage:
          type: boolean
          description: Indicates if there is another page after the current page.
        hasPreviousPage:
          type: boolean
          description: Indicates if there is a page before the current page.
        startCursor:
          type: string
          nullable: true
          description: >-
            The cursor that points to the start of the current page, or null if
            there is no such cursor.
      required:
        - endCursor
        - hasNextPage
        - hasPreviousPage
        - startCursor
      type: object
      additionalProperties: false
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer

````