Checkmarx

Checkmarx One API

Unified API for Checkmarx One cloud-native application security platform.

GitHub OpenAPI

Documentation

📖
Documentation
https://checkmarx.com/resource/documents/en/34965-128036-checkmarx-one-api.html
📖
APIReference
https://checkmarx.com/resource/documents/en/34965-128036-api-reference.html

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/checkmarx/refs/heads/main/openapi/checkmarx-one-openapi.yml

Other Resources

🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/checkmarx/refs/heads/main/capabilities/one-applications.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/checkmarx/refs/heads/main/capabilities/one-authentication.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/checkmarx/refs/heads/main/capabilities/one-configuration.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/checkmarx/refs/heads/main/capabilities/one-groups.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/checkmarx/refs/heads/main/capabilities/one-presets.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/checkmarx/refs/heads/main/capabilities/one-projects.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/checkmarx/refs/heads/main/capabilities/one-queries.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/checkmarx/refs/heads/main/capabilities/one-results.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/checkmarx/refs/heads/main/capabilities/one-scans.yaml

OpenAPI Specification

checkmarx-one-openapi.yml Raw ↑ 
openapi: 3.1.0
info:
  title: Checkmarx One API
  description: >-
    Unified REST API for the Checkmarx One cloud-native application security
    platform, providing consolidated access to SAST, SCA, KICS, and other
    security scanning capabilities through a single API with project
    management, scan orchestration, and results retrieval.
  version: '1.0'
  contact:
    name: Checkmarx Support
    url: https://support.checkmarx.com/
  termsOfService: https://checkmarx.com/terms-of-use/
externalDocs:
  description: Checkmarx One API Documentation
  url: https://checkmarx.com/resource/documents/en/34965-128036-checkmarx-one-api.html
servers:
  - url: https://ast.checkmarx.net/api
    description: Checkmarx One (US)
  - url: https://eu.ast.checkmarx.net/api
    description: Checkmarx One (EU)
tags:
  - name: Applications
    description: Manage applications that group related projects
  - name: Authentication
    description: Obtain and manage authentication tokens via OAuth 2.0
  - name: Configuration
    description: Manage project and tenant-level scan configuration
  - name: Groups
    description: Manage access control groups
  - name: Presets
    description: Manage scan configuration presets
  - name: Projects
    description: Manage scanning projects and their configuration
  - name: Queries
    description: Manage custom SAST queries and presets
  - name: Results
    description: Retrieve and manage scan results and findings
  - name: Scans
    description: Trigger, monitor, and manage security scans
security:
  - bearerAuth: []
paths:
  /auth/realms/{realm}/protocol/openid-connect/token:
    post:
      operationId: authenticate
      summary: Checkmarx Obtain access token
      description: >-
        Authenticate using OAuth 2.0 client credentials via the Checkmarx
        One IAM service to obtain a bearer token for API access.
      tags:
        - Authentication
      parameters:
        - name: realm
          in: path
          required: true
          description: Authentication realm name
          schema:
            type: string
            example: your-tenant
      requestBody:
        required: true
        content:
          application/x-www-form-urlencoded:
            schema:
              type: object
              required:
                - grant_type
                - client_id
                - client_secret
              properties:
                grant_type:
                  type: string
                  enum:
                    - client_credentials
                    - refresh_token
                  description: OAuth 2.0 grant type
                client_id:
                  type: string
                  description: API key client ID
                client_secret:
                  type: string
                  description: API key client secret
                refresh_token:
                  type: string
                  description: Refresh token (when using refresh_token grant)
      responses:
        '200':
          description: Authentication successful
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/TokenResponse'
        '401':
          description: Invalid credentials
      security: []
  /applications:
    get:
      operationId: listApplications
      summary: Checkmarx List applications
      description: >-
        Retrieve all applications. Applications are logical groupings
        of related projects for organizational purposes.
      tags:
        - Applications
      parameters:
        - name: offset
          in: query
          description: Pagination offset
          schema:
            type: integer
            default: 0
        - name: limit
          in: query
          description: Number of results to return
          schema:
            type: integer
            default: 20
        - name: name
          in: query
          description: Filter by application name
          schema:
            type: string
      responses:
        '200':
          description: List of applications
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApplicationListResponse'
        '401':
          description: Unauthorized
    post:
      operationId: createApplication
      summary: Checkmarx Create an application
      description: Create a new application to group related projects.
      tags:
        - Applications
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateApplicationRequest'
      responses:
        '201':
          description: Application created
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Application'
        '400':
          description: Invalid request
        '401':
          description: Unauthorized
  /applications/{applicationId}:
    get:
      operationId: getApplication
      summary: Checkmarx Get application details
      description: Retrieve details of a specific application.
      tags:
        - Applications
      parameters:
        - $ref: '#/components/parameters/applicationId'
      responses:
        '200':
          description: Application details
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Application'
        '401':
          description: Unauthorized
        '404':
          description: Application not found
    put:
      operationId: updateApplication
      summary: Checkmarx Update an application
      description: Update an existing application's properties.
      tags:
        - Applications
      parameters:
        - $ref: '#/components/parameters/applicationId'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UpdateApplicationRequest'
      responses:
        '204':
          description: Application updated
        '400':
          description: Invalid request
        '401':
          description: Unauthorized
        '404':
          description: Application not found
    delete:
      operationId: deleteApplication
      summary: Checkmarx Delete an application
      description: Delete an application. Projects within will be unassigned.
      tags:
        - Applications
      parameters:
        - $ref: '#/components/parameters/applicationId'
      responses:
        '204':
          description: Application deleted
        '401':
          description: Unauthorized
        '404':
          description: Application not found
  /projects:
    get:
      operationId: listProjects
      summary: Checkmarx List projects
      description: >-
        Retrieve all projects with optional filtering by name, group,
        or tag.
      tags:
        - Projects
      parameters:
        - name: offset
          in: query
          description: Pagination offset
          schema:
            type: integer
            default: 0
        - name: limit
          in: query
          description: Number of results to return
          schema:
            type: integer
            default: 20
        - name: name
          in: query
          description: Filter by project name
          schema:
            type: string
        - name: groups
          in: query
          description: Filter by group IDs (comma-separated)
          schema:
            type: string
        - name: tags-keys
          in: query
          description: Filter by tag keys
          schema:
            type: string
        - name: tags-values
          in: query
          description: Filter by tag values
          schema:
            type: string
      responses:
        '200':
          description: List of projects
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ProjectListResponse'
        '401':
          description: Unauthorized
    post:
      operationId: createProject
      summary: Checkmarx Create a project
      description: >-
        Create a new project for security scanning. A project represents
        a code repository or application component to be scanned.
      tags:
        - Projects
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateProjectRequest'
      responses:
        '201':
          description: Project created
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Project'
        '400':
          description: Invalid request
        '401':
          description: Unauthorized
  /projects/{projectId}:
    get:
      operationId: getProject
      summary: Checkmarx Get project details
      description: Retrieve details of a specific project by ID.
      tags:
        - Projects
      parameters:
        - $ref: '#/components/parameters/projectId'
      responses:
        '200':
          description: Project details
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Project'
        '401':
          description: Unauthorized
        '404':
          description: Project not found
    put:
      operationId: updateProject
      summary: Checkmarx Update a project
      description: Update an existing project's configuration.
      tags:
        - Projects
      parameters:
        - $ref: '#/components/parameters/projectId'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UpdateProjectRequest'
      responses:
        '204':
          description: Project updated
        '400':
          description: Invalid request
        '401':
          description: Unauthorized
        '404':
          description: Project not found
    delete:
      operationId: deleteProject
      summary: Checkmarx Delete a project
      description: Delete a project and all its associated scans and results.
      tags:
        - Projects
      parameters:
        - $ref: '#/components/parameters/projectId'
      responses:
        '204':
          description: Project deleted
        '401':
          description: Unauthorized
        '404':
          description: Project not found
  /scans:
    get:
      operationId: listScans
      summary: Checkmarx List scans
      description: >-
        Retrieve scans with optional filtering by project, status,
        and scan type.
      tags:
        - Scans
      parameters:
        - name: offset
          in: query
          description: Pagination offset
          schema:
            type: integer
            default: 0
        - name: limit
          in: query
          description: Number of results to return
          schema:
            type: integer
            default: 20
        - name: project-id
          in: query
          description: Filter by project ID
          schema:
            type: string
            format: uuid
        - name: statuses
          in: query
          description: Filter by scan statuses (comma-separated)
          schema:
            type: string
        - name: sort
          in: query
          description: Sort field and direction
          schema:
            type: string
            example: -created_at
      responses:
        '200':
          description: List of scans
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ScanListResponse'
        '401':
          description: Unauthorized
    post:
      operationId: createScan
      summary: Checkmarx Create a new scan
      description: >-
        Initiate a new security scan for a project. The scan can include
        SAST, SCA, KICS, and other scan types based on project configuration.
      tags:
        - Scans
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateScanRequest'
      responses:
        '201':
          description: Scan created and queued
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Scan'
        '400':
          description: Invalid request
        '401':
          description: Unauthorized
  /scans/{scanId}:
    get:
      operationId: getScan
      summary: Checkmarx Get scan details
      description: Retrieve details and status of a specific scan.
      tags:
        - Scans
      parameters:
        - $ref: '#/components/parameters/scanId'
      responses:
        '200':
          description: Scan details
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Scan'
        '401':
          description: Unauthorized
        '404':
          description: Scan not found
    delete:
      operationId: cancelScan
      summary: Checkmarx Cancel a scan
      description: Cancel a running or queued scan.
      tags:
        - Scans
      parameters:
        - $ref: '#/components/parameters/scanId'
      responses:
        '204':
          description: Scan canceled
        '401':
          description: Unauthorized
        '404':
          description: Scan not found
  /results:
    get:
      operationId: listResults
      summary: Checkmarx List scan results
      description: >-
        Retrieve vulnerability results for a scan, with optional
        filtering by severity, state, and scan type.
      tags:
        - Results
      parameters:
        - name: scan-id
          in: query
          required: true
          description: Scan ID to retrieve results for
          schema:
            type: string
            format: uuid
        - name: offset
          in: query
          description: Pagination offset
          schema:
            type: integer
            default: 0
        - name: limit
          in: query
          description: Number of results to return
          schema:
            type: integer
            default: 20
        - name: severity
          in: query
          description: Filter by severity (comma-separated)
          schema:
            type: string
        - name: state
          in: query
          description: Filter by result state (comma-separated)
          schema:
            type: string
        - name: status
          in: query
          description: Filter by result status
          schema:
            type: string
            enum:
              - NEW
              - RECURRENT
      responses:
        '200':
          description: List of results
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ResultListResponse'
        '401':
          description: Unauthorized
  /results/{resultId}:
    get:
      operationId: getResult
      summary: Checkmarx Get result details
      description: Retrieve detailed information about a specific finding.
      tags:
        - Results
      parameters:
        - name: resultId
          in: path
          required: true
          description: Result unique identifier
          schema:
            type: string
            format: uuid
      responses:
        '200':
          description: Result details
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Result'
        '401':
          description: Unauthorized
        '404':
          description: Result not found
    patch:
      operationId: updateResult
      summary: Checkmarx Update result state
      description: >-
        Update the triage state of a result, such as confirming,
        marking as not exploitable, or setting to proposed not exploitable.
      tags:
        - Results
      parameters:
        - name: resultId
          in: path
          required: true
          description: Result unique identifier
          schema:
            type: string
            format: uuid
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UpdateResultRequest'
      responses:
        '200':
          description: Result updated
        '401':
          description: Unauthorized
        '404':
          description: Result not found
  /results/summary:
    get:
      operationId: getResultsSummary
      summary: Checkmarx Get results summary
      description: >-
        Retrieve an aggregated summary of scan results grouped by
        severity and status.
      tags:
        - Results
      parameters:
        - name: scan-id
          in: query
          required: true
          description: Scan ID to summarize
          schema:
            type: string
            format: uuid
      responses:
        '200':
          description: Results summary
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ResultsSummary'
        '401':
          description: Unauthorized
  /queries:
    get:
      operationId: listQueries
      summary: Checkmarx List SAST queries
      description: Retrieve a list of available SAST queries and presets.
      tags:
        - Queries
      parameters:
        - name: offset
          in: query
          description: Pagination offset
          schema:
            type: integer
        - name: limit
          in: query
          description: Number of results to return
          schema:
            type: integer
      responses:
        '200':
          description: List of queries
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/Query'
        '401':
          description: Unauthorized
  /presets:
    get:
      operationId: listPresets
      summary: Checkmarx List scan presets
      description: >-
        Retrieve all available scan presets that define which queries
        and rules to apply during scans.
      tags:
        - Presets
      responses:
        '200':
          description: List of presets
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/Preset'
        '401':
          description: Unauthorized
  /presets/{presetId}:
    get:
      operationId: getPreset
      summary: Checkmarx Get preset details
      description: Retrieve details of a specific scan preset.
      tags:
        - Presets
      parameters:
        - name: presetId
          in: path
          required: true
          description: Preset unique identifier
          schema:
            type: integer
      responses:
        '200':
          description: Preset details
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Preset'
        '401':
          description: Unauthorized
        '404':
          description: Preset not found
  /groups:
    get:
      operationId: listGroups
      summary: Checkmarx List groups
      description: Retrieve all access control groups for the tenant.
      tags:
        - Groups
      responses:
        '200':
          description: List of groups
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/Group'
        '401':
          description: Unauthorized
  /configuration/project:
    get:
      operationId: getProjectConfiguration
      summary: Checkmarx Get project scan configuration
      description: >-
        Retrieve the scan configuration for a project, including
        engine-specific settings for SAST, SCA, and KICS.
      tags:
        - Configuration
      parameters:
        - name: project-id
          in: query
          required: true
          description: Project ID
          schema:
            type: string
            format: uuid
      responses:
        '200':
          description: Project configuration
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/ProjectConfiguration'
        '401':
          description: Unauthorized
    patch:
      operationId: updateProjectConfiguration
      summary: Checkmarx Update project scan configuration
      description: >-
        Update the scan configuration for a project, including
        SAST preset, exclusion filters, and engine settings.
      tags:
        - Configuration
      parameters:
        - name: project-id
          in: query
          required: true
          description: Project ID
          schema:
            type: string
            format: uuid
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: array
              items:
                $ref: '#/components/schemas/ProjectConfiguration'
      responses:
        '204':
          description: Configuration updated
        '400':
          description: Invalid request
        '401':
          description: Unauthorized
components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: >-
        OAuth 2.0 bearer token obtained via client credentials from
        the Checkmarx One IAM service
  parameters:
    applicationId:
      name: applicationId
      in: path
      required: true
      description: Application unique identifier
      schema:
        type: string
        format: uuid
    projectId:
      name: projectId
      in: path
      required: true
      description: Project unique identifier
      schema:
        type: string
        format: uuid
    scanId:
      name: scanId
      in: path
      required: true
      description: Scan unique identifier
      schema:
        type: string
        format: uuid
  schemas:
    TokenResponse:
      type: object
      properties:
        access_token:
          type: string
          description: OAuth 2.0 access token
        token_type:
          type: string
          description: Token type
          example: Bearer
        expires_in:
          type: integer
          description: Token expiration time in seconds
        refresh_token:
          type: string
          description: Refresh token
    ApplicationListResponse:
      type: object
      properties:
        totalCount:
          type: integer
          description: Total number of applications
        filteredTotalCount:
          type: integer
          description: Total count after filtering
        applications:
          type: array
          items:
            $ref: '#/components/schemas/Application'
    Application:
      type: object
      properties:
        id:
          type: string
          format: uuid
          description: Application unique identifier
        name:
          type: string
          description: Application name
        description:
          type: string
          description: Application description
        criticality:
          type: integer
          description: Application criticality level (1-5)
          minimum: 1
          maximum: 5
        rules:
          type: array
          items:
            $ref: '#/components/schemas/ApplicationRule'
          description: Rules for auto-assigning projects
        projectIds:
          type: array
          items:
            type: string
            format: uuid
          description: IDs of projects in this application
        tags:
          type: object
          additionalProperties:
            type: string
          description: Key-value tags
        createdAt:
          type: string
          format: date-time
          description: Creation timestamp
        updatedAt:
          type: string
          format: date-time
          description: Last update timestamp
    ApplicationRule:
      type: object
      properties:
        type:
          type: string
          description: Rule type
        value:
          type: string
          description: Rule value pattern
    CreateApplicationRequest:
      type: object
      required:
        - name
      properties:
        name:
          type: string
          description: Application name
        description:
          type: string
          description: Application description
        criticality:
          type: integer
          description: Application criticality (1-5)
          default: 3
        rules:
          type: array
          items:
            $ref: '#/components/schemas/ApplicationRule'
        tags:
          type: object
          additionalProperties:
            type: string
    UpdateApplicationRequest:
      type: object
      properties:
        name:
          type: string
          description: Application name
        description:
          type: string
          description: Application description
        criticality:
          type: integer
          description: Application criticality (1-5)
        rules:
          type: array
          items:
            $ref: '#/components/schemas/ApplicationRule'
        tags:
          type: object
          additionalProperties:
            type: string
    ProjectListResponse:
      type: object
      properties:
        totalCount:
          type: integer
          description: Total number of projects
        filteredTotalCount:
          type: integer
          description: Total count after filtering
        projects:
          type: array
          items:
            $ref: '#/components/schemas/Project'
    Project:
      type: object
      properties:
        id:
          type: string
          format: uuid
          description: Project unique identifier
        name:
          type: string
          description: Project name
        groups:
          type: array
          items:
            type: string
          description: Group IDs the project belongs to
        repoUrl:
          type: string
          description: Repository URL
        mainBranch:
          type: string
          description: Main branch name
        origin:
          type: string
          description: Project creation origin
        tags:
          type: object
          additionalProperties:
            type: string
          description: Key-value tags
        criticality:
          type: integer
          description: Project criticality level (1-5)
        createdAt:
          type: string
          format: date-time
          description: Creation timestamp
        updatedAt:
          type: string
          format: date-time
          description: Last update timestamp
    CreateProjectRequest:
      type: object
      required:
        - name
      properties:
        name:
          type: string
          description: Project name
        groups:
          type: array
          items:
            type: string
          description: Group IDs to assign
        repoUrl:
          type: string
          description: Source repository URL
        mainBranch:
          type: string
          description: Main branch name
          default: main
        origin:
          type: string
          description: Project origin
        tags:
          type: object
          additionalProperties:
            type: string
        criticality:
          type: integer
          description: Project criticality (1-5)
          default: 3
    UpdateProjectRequest:
      type: object
      properties:
        name:
          type: string
          description: Project name
        groups:
          type: array
          items:
            type: string
        repoUrl:
          type: string
        mainBranch:
          type: string
        tags:
          type: object
          additionalProperties:
            type: string
        criticality:
          type: integer
    ScanListResponse:
      type: object
      properties:
        totalCount:
          type: integer
          description: Total number of scans
        filteredTotalCount:
          type: integer
          description: Total count after filtering
        scans:
          type: array
          items:
            $ref: '#/components/schemas/Scan'
    Scan:
      type: object
      properties:
        id:
          type: string
          format: uuid
          description: Scan unique identifier
        status:
          type: string
          enum:
            - Queued
            - Running
            - Completed
            - Partial
            - Failed
            - Canceled
          description: Overall scan status
        statusDetails:
          type: array
          items:
            $ref: '#/components/schemas/ScanStatusDetail'
          description: Per-engine scan status
        projectId:
          type: string
          format: uuid
          description: Associated project ID
        projectName:
          type: string
          description: Associated project name
        branch:
          type: string
          description: Source branch scanned
        engines:
          type: array
          items:
            type: string
            enum:
              - sast
              - sca
              - kics
              - apisec
          description: Scan engines used
        sourceType:
          type: string
          description: Source origin type
        sourceOrigin:
          type: string
          description: Source origin detail
        initiator:
          type: string
          description: User or system that initiated the scan
        tags:
          type: object
          additionalProperties:
            type: string
        createdAt:
          type: string
          format: date-time
          description: Scan creation timestamp
        updatedAt:
          type: string
          format: date-time
          description: Last update timestamp
    ScanStatusDetail:
      type: object
      properties:
        name:
          type: string
          description: Engine name
        status:
          type: string
          description: Engine-specific scan status
        details:
          type: string
          description: Status details message
    CreateScanRequest:
      type: object
      required:
        - project
        - type
        - handler
      properties:
        project:
          type: object
          required:
            - id
          properties:
            id:
              type: string
              format: uuid
              description: Project ID to scan
        type:
          type: string
          enum:
            - git
            - upload
          description: Source type
        handler:
          type: object
          properties:
            repoUrl:
              type: string
              description: Git repository URL (for git type)
            branch:
              type: string
              description: Branch to scan (for git type)
            uploadUrl:
              type: string
              description: Pre-signed upload URL (for upload type)
        config:
          type: array
          items:
            type: object
            properties:
              type:
                type: string
                enum:
                  - sast
                  - sca
                  - kics
                  - apisec
              value:
                type: object
                additionalProperties: true
          description: Per-engine scan configuration
        tags:
          type: object
          additionalProperties:
            type: string
    ResultListResponse:
      type: object
      properties:
        totalCount:
          type: integer
          description: Total number of results
        results:
          type: array
          items:
            $ref: '#/components/schemas/Result'
    Result:
      type: object
      properties:
        id:
          type: string
          format: uuid
          description: Result unique identifier
        similarityId:
          type: string
          description: Similarity ID for tracking across scans
        status:
          type: string
          enum:
            - NEW
            - RECURRENT
          description: Result status
        state:
          type: string
          enum:
            - TO_VERIFY
            - NOT_EXPLOITABLE
            - PROPOSED_NOT_EXPLOITABLE
       

# --- truncated at 32 KB (38 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/checkmarx/refs/heads/main/openapi/checkmarx-one-openapi.yml