Static Code Analysis Vulnerabilities

List all Static Code Analysis Vulnerabilities

List StaticAnalysisCodeVulnerabilityConnectors resources for the given application.

** Headers **

Authorization: Bearer <access_token>

** Scopes **

connectors.self:read-resource

GET

resources

static_analysis_code_vulnerability_connectors

List all Static Code Analysis Vulnerabilities

curl --request GET \
  --url https://api.vanta.com/v1/resources/static_analysis_code_vulnerability_connectors \
  --header 'Authorization: Bearer <token>'

{
  "resources": [
    {
      "displayName": "<string>",
      "uniqueId": "<string>",
      "externalUrl": "<string>",
      "occurrences": [
        {
          "path": "<string>",
          "beginLine": 123,
          "endLine": 123,
          "beginColumn": 123,
          "endColumn": 123
        }
      ],
      "severity": 123,
      "confidence": 123,
      "isResolvable": true,
      "vulnerableComponentUniqueId": "<string>",
      "description": "<string>",
      "remediationInstructions": "<string>",
      "cveId": "<string>",
      "cvss3Vector": "<string>",
      "cvss3Score": 123
    }
  ]
}

Authorizations

Authorization

string

header

required

The access token received from the authorization server in the OAuth 2.0 flow.

Query Parameters

resourceId

string

required

Vanta generated identifier for the given resource, and can be found on the developer console page. See the list of registered resources and their IDs on https://app.vanta.com/settings/developer-console/<app_id>?tab=resources

Response

200 - application/json

List of resources.

resources

object[]

Show child attributes

Sync all Static Code Analysis VulnerabilitiesTo send us data related to static code analysis vulnerabilities. Note that you must first sync `VulnerableComponent` resources before sending us this data, and this sync should reference the `uniqueId` field in the `VulnerableComponent` resource. This call replaces ALL existing `StaticAnalysisCodeVulnerabilityConnectors` resources for the given app and `source_id` - this is a "state of the world" sync. In other words, if a `StaticAnalysisCodeVulnerabilityConnectors` resource is sent for a user in a previous `sync_all` call, but is not included in a later `sync_all` call for that customer, it is assumed to no longer exist and is deleted in Vanta. ** Headers ** ``` Authorization: Bearer <access_token> ``` ** Scopes ** ``` connectors.self:write-resource ``` ** Schema ** Expand the `resources` array below for the schema of `StaticAnalysisCodeVulnerabilityConnectors`.

⌘I

List all Static Code Analysis Vulnerabilities

curl --request GET \
  --url https://api.vanta.com/v1/resources/static_analysis_code_vulnerability_connectors \
  --header 'Authorization: Bearer <token>'

{
  "resources": [
    {
      "displayName": "<string>",
      "uniqueId": "<string>",
      "externalUrl": "<string>",
      "occurrences": [
        {
          "path": "<string>",
          "beginLine": 123,
          "endLine": 123,
          "beginColumn": 123,
          "endColumn": 123
        }
      ],
      "severity": 123,
      "confidence": 123,
      "isResolvable": true,
      "vulnerableComponentUniqueId": "<string>",
      "description": "<string>",
      "remediationInstructions": "<string>",
      "cveId": "<string>",
      "cvss3Vector": "<string>",
      "cvss3Score": 123
    }
  ]
}