Skip to main content

Checkmarx SCA (REST) API - Scan Recalculation

This API is used for running a Scan Recalculation on an existing project. This is done by taking the dependencies identified in a previous scan and re-assessing the risks affecting your project based on the current data. There is no need to resubmit the source code in order to run scan recalculation since it uses the dependency resolution output from the previous scan. Any state changes or comments that have been made since the last scan are implemented when you run a scan recalculation on the project.

Warning

This API does not run a full SCA scan of your project. To run a full SCA scan, use the Scan Upload endpoints.

Notice

This API is supported both for Checkmarx One and SCA standalone accounts.

Scan Recalculations URLs

Notice

This API is supported both for Checkmarx One and SCA standalone accounts.

Checkmarx One

The following base URLs are used for these APIs, depending on your environment:

  • US Environment - https://ast.checkmarx.net/api/sca/scan-runner/scans/recalculate

  • US2 Environment - https://us.ast.checkmarx.net/api/sca/scan-runner/scans/recalculate

  • EU Environment - https://eu.ast.checkmarx.net/api/sca/scan-runner/scans/recalculate

  • EU2 Environment - https://eu-2.ast.checkmarx.net/api/sca/scan-runner/scans/recalculate

  • DEU Environment - https://deu.ast.checkmarx.net/api/sca/scan-runner/scans/recalculate

  • Australia & New Zealand – https://anz.ast.checkmarx.net/api/sca/scan-runner/scans/recalculate

  • India - https://ind.ast.checkmarx.net/api/sca/scan-runner/scans/recalculate

  • Singapore - https://sng.ast.checkmarx.net/api/sca/scan-runner/scans/recalculate

  • UAE - https://mea.ast.checkmarx.net/api/sca/scan-runner/scans/recalculate

Checkmarx SCA Standalone

  • US Environment - https://api-sca.checkmarx.net/scan-runner/scans/recalculate

  • EU Environment - https://eu.api-sca.checkmarx.net/scan-runner/scans/recalculate

Workflow

  1. Create a project, run a scan and review and triage the results.

  2. Use POST /package-vulnerabilities and/or POST /package-supply-chain-risks to change the states and add comments for specific vulnerabilities and supply chain risks.

  3. Use this API to run scan recalculation.

    Warning

    Management of Risk changes don't take affect until either a scan recalculation is done or a new scan is run on the project. For Checkmarx One users, scan recalculation is done using the API described here.

POST Run scan recalculation

Description

Run scan recalculation on a project. The success response returns the scanId which can be used to retrieve the results from the recalculated scan.

Media Type (header)

Authorization: Bearer <access_token>

Accept: application/json

Curl Sample

curl --request POST \
  --url 'https://api-sca.checkmarx.net/scan-runner/scans/recalculate' \
  --header 'Accept: text/plain, application/json, text/json' \
  --header 'Content-Type: multipart/form-data' \
  --form projectId=8a9e6629-7544-478a-a8b0-92e6f6894bb0

Parameters

Body Parameter - Required

Format: multipart/form-data

Parameter

Type

Description

projectId

string

Specify the unique identifier of the project on which you would like to run the scan recalculation.

Success Response

Attributes:

Attribute

Type

Description

scanId

string

The unique identifier of the scan that was generated by the recalculation.

Error Response

In this section: