Palo Alto Networks

Prisma Cloud Code Security API

A REST API for Prisma Cloud Application Security (formerly Bridgecrew) providing infrastructure-as-code scanning, software composition analysis, and supply chain security. The API supports checking Terraform, CloudFormation, Kubernetes manifests, and Dockerfiles against security policies, managing code repositories, retrieving scan results, and configuring fix suggestions. Integrates with CI/CD pipelines for shift-left security enforcement during the development lifecycle.

Documentation GitHub OpenAPI

Documentation

https://pan.dev/prisma-cloud/api/code/

Specifications

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/openapi/palo-alto-prisma-cloud-code-security-api-openapi-original.yml

Examples

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/prisma-cloud-code-security-api-code-error-example.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/prisma-cloud-code-security-api-fix-example.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/prisma-cloud-code-security-api-repository-example.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/prisma-cloud-code-security-api-scan-integration-example.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/prisma-cloud-code-security-api-scan-status-example.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/prisma-cloud-code-security-api-suppression-example.json

Schemas & Data

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/prisma-cloud-code-security-api-code-error-schema.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/prisma-cloud-code-security-api-fix-schema.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/prisma-cloud-code-security-api-repository-schema.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/prisma-cloud-code-security-api-scan-integration-schema.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/prisma-cloud-code-security-api-scan-status-schema.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/prisma-cloud-code-security-api-suppression-schema.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/prisma-cloud-code-security-api-code-error-structure.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/prisma-cloud-code-security-api-fix-structure.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/prisma-cloud-code-security-api-repository-structure.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/prisma-cloud-code-security-api-scan-integration-structure.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/prisma-cloud-code-security-api-scan-status-structure.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/prisma-cloud-code-security-api-suppression-structure.json

Other Resources

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-ld/palo-alto-prisma-cloud-code-security-api-context.jsonld

OpenAPI Specification

openapi: 3.1.0
info:
  title: Palo Alto Networks Prisma Cloud Code Security API
  description: >-
    REST API for Prisma Cloud Code Security (Application Security) providing
    programmatic access to repository management, CI/CD integration scanning,
    scan execution and status, suppression rules for policy violations, code
    errors by branch, and fix suggestions for pull requests. The API enables
    integration with version control systems such as GitHub, GitLab, Bitbucket,
    and Azure Repos, and supports scanning Terraform, CloudFormation, Kubernetes
    manifests, Dockerfiles, and other IaC frameworks using the Checkov scanning
    engine. Authentication requires a JWT token obtained from the Prisma Cloud
    CSPM /login endpoint, passed via the x-redlock-auth header.
  version: '1.0'
  contact:
    name: Palo Alto Networks Developer Support
    url: https://pan.dev/
  license:
    name: Proprietary
    url: https://www.paloaltonetworks.com/legal
servers:
- url: https://api.prismacloud.io/code/api/v1
  description: Prisma Cloud Code Security API (US region 1).
- url: https://api2.prismacloud.io/code/api/v1
  description: Prisma Cloud Code Security API (US region 2).
- url: https://api.eu.prismacloud.io/code/api/v1
  description: Prisma Cloud Code Security API (EU).
- url: https://api.anz.prismacloud.io/code/api/v1
  description: Prisma Cloud Code Security API (ANZ).
- url: https://api.sg.prismacloud.io/code/api/v1
  description: Prisma Cloud Code Security API (Singapore).
- url: https://api.ca.prismacloud.io/code/api/v1
  description: Prisma Cloud Code Security API (Canada).
security:
- redlockAuth: []
tags:
- name: Errors
  description: Code security errors and policy violations by branch.
- name: Fixes
  description: Automated fix suggestions for pull requests.
- name: Repositories
  description: VCS repository onboarding and management.
- name: Scans
  description: CI/CD scan execution, integration listing, and scan status.
- name: Suppressions
  description: Suppression rules for managing policy violations.
paths:
  /repositories:
    get:
      operationId: listRepositories
      summary: Palo Alto Networks List Connected Repositories
      description: >-
        Returns a list of all repositories that have been connected to Prisma
        Cloud Code Security. Includes repository metadata such as the source
        VCS provider, default branch, last scan time, and counts of open
        security errors.
      tags:
      - Repositories
      parameters:
      - name: offset
        in: query
        description: Number of records to skip for pagination.
        schema:
          type: integer
          default: 0
        example: 0
      - name: limit
        in: query
        description: Maximum number of records to return.
        schema:
          type: integer
          default: 25
        example: 25
      - name: search
        in: query
        description: Search term to filter repositories by name or owner.
        schema:
          type: string
        example: example-search
      - name: sourceType
        in: query
        description: Filter by VCS provider type.
        schema:
          type: string
          enum:
          - Github
          - Gitlab
          - Bitbucket
          - AzureRepos
          - githubEnterprise
          - gitlabEnterprise
          - bitbucketEnterprise
        example: Github
      responses:
        '200':
          description: Repositories returned successfully.
          content:
            application/json:
              schema:
                type: object
                properties:
                  totalCount:
                    type: integer
                    description: Total number of connected repositories.
                  repositories:
                    type: array
                    items:
                      $ref: '#/components/schemas/Repository'
              examples:
                ListRepositories200Example:
                  summary: Default listRepositories 200 response
                  x-microcks-default: true
                  value:
                    totalCount: 937
                    repositories:
                    - id: example-id
                      name: Production Agent 31
                      owner: example-owner
                      fullName: Branch Sensor 57
                      sourceType: githubEnterprise
                      defaultBranch: example-defaultBranch
                      url: https://vpn.test-corp.net/02d758
                      isPublic: true
                      lastScanDate: '2026-08-07T04:21:38Z'
                      lastScanStatus: pending
                      errorCounts: &id001
                        critical: 381
                        high: 403
                        medium: 984
                        low: 743
                        info: 996
                      createdAt: '2024-04-02T14:25:56Z'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '500':
          $ref: '#/components/responses/InternalServerError'
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
    post:
      operationId: addRepository
      summary: Palo Alto Networks Add a Repository
      description: >-
        Connects a new VCS repository to Prisma Cloud Code Security for
        automated scanning. Triggers an initial scan of the default branch
        after onboarding.
      tags:
      - Repositories
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
              - id
              - sourceType
              - owner
              - name
              properties:
                id:
                  type: string
                  description: Repository identifier in the VCS provider.
                sourceType:
                  type: string
                  enum:
                  - Github
                  - Gitlab
                  - Bitbucket
                  - AzureRepos
                  - githubEnterprise
                  - gitlabEnterprise
                  - bitbucketEnterprise
                  description: VCS provider type.
                owner:
                  type: string
                  description: Repository owner or organization name.
                name:
                  type: string
                  description: Repository name.
                defaultBranch:
                  type: string
                  description: Default branch to scan. Defaults to the VCS default branch.
            examples:
              AddRepositoryRequestExample:
                summary: Default addRepository request
                x-microcks-default: true
                value:
                  id: example-id
                  sourceType: githubEnterprise
                  owner: example-owner
                  name: Branch Policy 04
                  defaultBranch: example-defaultBranch
      responses:
        '200':
          description: Repository added successfully.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Repository'
              examples:
                AddRepository200Example:
                  summary: Default addRepository 200 response
                  x-microcks-default: true
                  value:
                    id: example-id
                    name: Production Agent 31
                    owner: example-owner
                    fullName: Branch Sensor 57
                    sourceType: githubEnterprise
                    defaultBranch: example-defaultBranch
                    url: https://vpn.test-corp.net/02d758
                    isPublic: true
                    lastScanDate: '2026-08-07T04:21:38Z'
                    lastScanStatus: pending
                    errorCounts: *id001
                    createdAt: '2024-04-02T14:25:56Z'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '500':
          $ref: '#/components/responses/InternalServerError'
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
    delete:
      operationId: removeRepository
      summary: Palo Alto Networks Remove a Repository
      description: >-
        Disconnects a repository from Prisma Cloud Code Security. Scan
        history and error records are retained for audit purposes.
      tags:
      - Repositories
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
              - id
              properties:
                id:
                  type: string
                  description: Repository identifier to remove.
                sourceType:
                  type: string
                  description: VCS provider type.
            examples:
              RemoveRepositoryRequestExample:
                summary: Default removeRepository request
                x-microcks-default: true
                value:
                  id: example-id
                  sourceType: standard
      responses:
        '200':
          description: Repository removed successfully.
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          $ref: '#/components/responses/NotFound'
        '500':
          $ref: '#/components/responses/InternalServerError'
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /scans/integrations:
    get:
      operationId: listScanIntegrations
      summary: Palo Alto Networks List CI/CD Scan Integrations
      description: >-
        Returns a list of configured CI/CD pipeline integrations for
        automated scanning. Integrations include Jenkins, GitHub Actions,
        CircleCI, GitLab CI, Azure Pipelines, and other supported CI
        platforms.
      tags:
      - Scans
      parameters:
      - name: offset
        in: query
        description: Number of records to skip for pagination.
        schema:
          type: integer
          default: 0
        example: 0
      - name: limit
        in: query
        description: Maximum number of records to return.
        schema:
          type: integer
          default: 25
        example: 25
      responses:
        '200':
          description: CI/CD integrations returned successfully.
          content:
            application/json:
              schema:
                type: object
                properties:
                  totalCount:
                    type: integer
                  integrations:
                    type: array
                    items:
                      $ref: '#/components/schemas/ScanIntegration'
              examples:
                ListScanIntegrations200Example:
                  summary: Default listScanIntegrations 200 response
                  x-microcks-default: true
                  value:
                    totalCount: 800
                    integrations:
                    - id: example-id
                      name: Corporate Agent 16
                      type: circleci
                      repositoryId: '140485'
                      enabled: true
                      createdAt: '2024-02-04T09:08:54Z'
                    - id: example-id
                      name: Corporate Agent 16
                      type: circleci
                      repositoryId: '140485'
                      enabled: true
                      createdAt: '2024-02-04T09:08:54Z'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '500':
          $ref: '#/components/responses/InternalServerError'
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /scans:
    post:
      operationId: triggerScan
      summary: Palo Alto Networks Trigger a Scan
      description: >-
        Triggers an IaC and SCA scan for a specific repository branch.
        The scan analyzes all supported file types in the repository.
        Returns a scan identifier for polling status.
      tags:
      - Scans
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
              - repositoryId
              properties:
                repositoryId:
                  type: string
                  description: Unique identifier of the repository to scan.
                branch:
                  type: string
                  description: Branch to scan. Defaults to the repository default branch.
                scanTypes:
                  type: array
                  description: Types of scans to run. Defaults to all scan types.
                  items:
                    type: string
                    enum:
                    - iac
                    - sca
                    - secrets
                    - cicd
            examples:
              TriggerScanRequestExample:
                summary: Default triggerScan request
                x-microcks-default: true
                value:
                  repositoryId: '181356'
                  branch: example-branch
                  scanTypes:
                  - iac
                  - sca
      responses:
        '200':
          description: Scan triggered successfully.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ScanStatus'
              examples:
                TriggerScan200Example:
                  summary: Default triggerScan 200 response
                  x-microcks-default: true
                  value:
                    scan_id: '905307'
                    repositoryId: '225862'
                    branch: example-branch
                    status: failed
                    startTime: '2025-06-09T14:49:57Z'
                    endTime: '2026-10-02T12:40:08Z'
                    scanTypes: &id002
                    - sca
                    - iac
                    summary: &id003
                      filesScanned: 87
                      resourcesScanned: 381
                      errorsBySeverity:
                        critical: 274
                        high: 812
                        medium: 73
                        low: 85
                        info: 478
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          $ref: '#/components/responses/NotFound'
        '500':
          $ref: '#/components/responses/InternalServerError'
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /scans/{scan_id}:
    get:
      operationId: getScanStatus
      summary: Palo Alto Networks Get Scan Status
      description: >-
        Returns the current status and summary results of a specific scan.
        Poll this endpoint to determine when a triggered scan has completed.
      tags:
      - Scans
      parameters:
      - name: scan_id
        in: path
        required: true
        description: Unique scan identifier.
        schema:
          type: string
        example: '170028'
      responses:
        '200':
          description: Scan status returned successfully.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ScanStatus'
              examples:
                GetScanStatus200Example:
                  summary: Default getScanStatus 200 response
                  x-microcks-default: true
                  value:
                    scan_id: '905307'
                    repositoryId: '225862'
                    branch: example-branch
                    status: failed
                    startTime: '2025-06-09T14:49:57Z'
                    endTime: '2026-10-02T12:40:08Z'
                    scanTypes: *id002
                    summary: *id003
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          $ref: '#/components/responses/NotFound'
        '500':
          $ref: '#/components/responses/InternalServerError'
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /suppressions:
    get:
      operationId: listSuppressions
      summary: Palo Alto Networks List Suppressions
      description: >-
        Returns a list of suppression rules for policy violations. Suppressions
        can be scoped to a specific resource, file, repository, or applied
        globally for a policy.
      tags:
      - Suppressions
      parameters:
      - name: offset
        in: query
        description: Number of records to skip for pagination.
        schema:
          type: integer
          default: 0
        example: 0
      - name: limit
        in: query
        description: Maximum number of records to return.
        schema:
          type: integer
          default: 25
        example: 25
      - name: policyId
        in: query
        description: Filter suppressions by Checkov policy ID.
        schema:
          type: string
        example: '981710'
      - name: suppressionType
        in: query
        description: Filter by suppression scope.
        schema:
          type: string
          enum:
          - Policy
          - Resources
          - Accounts
          - Tags
        example: Policy
      responses:
        '200':
          description: Suppressions returned successfully.
          content:
            application/json:
              schema:
                type: object
                properties:
                  totalCount:
                    type: integer
                    description: Total number of suppression rules.
                  suppressions:
                    type: array
                    items:
                      $ref: '#/components/schemas/Suppression'
              examples:
                ListSuppressions200Example:
                  summary: Default listSuppressions 200 response
                  x-microcks-default: true
                  value:
                    totalCount: 663
                    suppressions:
                    - suppressionId: '518567'
                      policyId: '162253'
                      policyName: Branch Policy 92
                      suppressionType: Resources
                      justification: example-justification
                      createdBy: example-createdBy
                      createdAt: '2026-05-28T01:52:46Z'
                      expirationDate: '2025-01-22T20:00:21Z'
                      suppressedErrorCount: 194
                    - suppressionId: '518567'
                      policyId: '162253'
                      policyName: Branch Policy 92
                      suppressionType: Resources
                      justification: example-justification
                      createdBy: example-createdBy
                      createdAt: '2026-05-28T01:52:46Z'
                      expirationDate: '2025-01-22T20:00:21Z'
                      suppressedErrorCount: 194
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '500':
          $ref: '#/components/responses/InternalServerError'
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
    post:
      operationId: createSuppression
      summary: Palo Alto Networks Create a Suppression
      description: >-
        Creates a suppression rule to suppress specific code security policy
        violations. Use suppressions to manage accepted risks, false positives,
        or findings addressed through compensating controls.
      tags:
      - Suppressions
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
              - policyId
              - suppressionType
              properties:
                policyId:
                  type: string
                  description: Checkov policy ID to suppress (e.g., CKV_AWS_18).
                suppressionType:
                  type: string
                  enum:
                  - Policy
                  - Resources
                  - Accounts
                  - Tags
                  description: Scope of the suppression rule.
                justification:
                  type: string
                  description: Reason for creating the suppression.
                expirationDate:
                  type: string
                  format: date-time
                  description: Optional expiration date for the suppression.
                resources:
                  type: array
                  items:
                    type: object
                    properties:
                      repositoryId:
                        type: string
                      filePath:
                        type: string
                      resourceId:
                        type: string
                  description: Specific resources to suppress. Required when suppressionType is Resources.
            examples:
              CreateSuppressionRequestExample:
                summary: Default createSuppression request
                x-microcks-default: true
                value:
                  policyId: '694864'
                  suppressionType: Resources
                  justification: example-justification
                  expirationDate: '2024-03-12T16:44:56Z'
                  resources:
                  - repositoryId: '321691'
                    filePath: /api/v1/c851d2
                    resourceId: '717744'
      responses:
        '200':
          description: Suppression created successfully.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Suppression'
              examples:
                CreateSuppression200Example:
                  summary: Default createSuppression 200 response
                  x-microcks-default: true
                  value:
                    suppressionId: '518567'
                    policyId: '162253'
                    policyName: Branch Policy 92
                    suppressionType: Resources
                    justification: example-justification
                    createdBy: example-createdBy
                    createdAt: '2026-05-28T01:52:46Z'
                    expirationDate: '2025-01-22T20:00:21Z'
                    suppressedErrorCount: 194
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '500':
          $ref: '#/components/responses/InternalServerError'
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /suppressions/{suppression_id}:
    delete:
      operationId: deleteSuppression
      summary: Palo Alto Networks Delete a Suppression
      description: Deletes a specific suppression rule. The suppressed policy violations will resume being reported.
      tags:
      - Suppressions
      parameters:
      - name: suppression_id
        in: path
        required: true
        description: Unique suppression identifier.
        schema:
          type: string
        example: '985961'
      responses:
        '200':
          description: Suppression deleted successfully.
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          $ref: '#/components/responses/NotFound'
        '500':
          $ref: '#/components/responses/InternalServerError'
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /errors/branch:
    get:
      operationId: getErrorsByBranch
      summary: Palo Alto Networks Get Errors by Branch
      description: >-
        Returns code security errors (policy violations, misconfigurations,
        and vulnerabilities) for a specific repository branch. Each error
        includes the Checkov policy ID, severity, resource name, and the
        file location where the issue was detected.
      tags:
      - Errors
      parameters:
      - name: repositoryId
        in: query
        required: true
        description: Repository identifier to retrieve errors for.
        schema:
          type: string
        example: '319189'
      - name: branch
        in: query
        description: Branch name to retrieve errors for. Defaults to the default branch.
        schema:
          type: string
        example: example-branch
      - name: severity
        in: query
        description: Filter errors by severity level.
        schema:
          type: string
          enum:
          - CRITICAL
          - HIGH
          - MEDIUM
          - LOW
          - INFO
        example: CRITICAL
      - name: errorType
        in: query
        description: Filter by error category.
        schema:
          type: string
          enum:
          - iac
          - sca
          - secrets
          - cicd
        example: sca
      - name: status
        in: query
        description: Filter by error status.
        schema:
          type: string
          enum:
          - OPEN
          - SUPPRESSED
          - FIXED
        example: SUPPRESSED
      - name: offset
        in: query
        description: Number of records to skip for pagination.
        schema:
          type: integer
          default: 0
        example: 0
      - name: limit
        in: query
        description: Maximum number of records to return.
        schema:
          type: integer
          default: 25
        example: 25
      responses:
        '200':
          description: Code errors returned successfully.
          content:
            application/json:
              schema:
                type: object
                properties:
                  totalCount:
                    type: integer
                    description: Total number of errors matching the filter criteria.
                  errors:
                    type: array
                    items:
                      $ref: '#/components/schemas/CodeError'
              examples:
                GetErrorsByBranch200Example:
                  summary: Default getErrorsByBranch 200 response
                  x-microcks-default: true
                  value:
                    totalCount: 352
                    errors:
                    - errorId: '770500'
                      policyId: '731580'
                      policyName: Staging Firewall 29
                      severity: HIGH
                      category: CICD
                      status: OPEN
                      resourceName: Corporate Agent 51
                      resourceType: custom
                      filePath: /api/v1/4ec64a
                      fileLineRange: &id004
                      - 280
                      - 370
                      repositoryId: '404787'
                      branch: example-branch
                      guideline: example-guideline
                      firstDetected: '2026-10-23T03:12:18Z'
                      lastDetected: '2024-04-11T14:31:52Z'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '500':
          $ref: '#/components/responses/InternalServerError'
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /fixes/pull_request:
    get:
      operationId: getFixSuggestionsForPR
      summary: Palo Alto Networks Get Fix Suggestions for Pull Requests
      description: >-
        Returns automated fix suggestions for misconfigurations detected in
        a pull request or branch. Each fix includes the original code snippet,
        the suggested replacement, and the policy that triggered the finding.
        Fix suggestions are available for IaC files including Terraform,
        CloudFormation, and Kubernetes manifests.
      tags:
      - Fixes
      parameters:
      - name: repositoryId
        in: query
        required: true
        description: Repository identifier to retrieve fix suggestions for.
        schema:
          type: string
        example: '432434'
      - name: branch
        in: query
        description: Branch or pull request branch to retrieve fix suggestions for.
        schema:
          type: string
        example: example-branch
      - name: filePath
        in: query
        description: Filter fix suggestions by specific file path.
        schema:
          type: string
        example: /api/v1/81ae7f
      - name: offset
        in: query
        description: Number of records to skip for pagination.
        schema:
          type: integer
          default: 0
        example: 0
      - name: limit
        in: query
        description: Maximum number of records to return.
        schema:
          type: integer
          default: 25
        example: 25
      responses:
        '200':
          description: Fix suggestions returned successfully.
          content:
            application/json:
              schema:
                type: object
                properties:
                  totalCount:
                    type: integer
                    description: Total number of available fix suggestions.
                  fixes:
                    type: array
                    items:
                      $ref: '#/components/schemas/Fix'
              examples:
                GetFixSuggestionsForPr200Example:
                  summary: Default getFixSuggestionsForPR 200 response
                  x-microcks-default: true
                  value:
                    totalCount: 786
                    fixes:
                    - fixId: '465958'
                      policyId: '290769'
                      policyName: Primary Policy 52
                      severity: INFO
                      resourceName: Staging Sensor 42
                      filePath: /api/v1/69ba75
                      lineRange: &id005
                      - 799
                      - 127
                      originalCode: example-originalCode
                      suggestedCode: example-suggestedCode
                      framework: ARM
                      repositoryId: '212627'
                      branch: example-branch
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '500':
          $ref: '#/components/responses/InternalServerError'
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
components:
  securitySchemes:
    redlockAuth:
      type: apiKey
      in: header
      name: x-redlock-auth
      description: >-
        JWT token obtained from the Prisma Cloud /login endpoint. Pass the
        token value in the x-redlock-auth header. Tokens are valid for 10
        minutes.
  responses:
    BadRequest:
      description: Invalid request parameters or body.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    Unauthorized:
      description: Invalid or expired authentication token.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    Forbidden:
      description: Insufficient permissions for this operation.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    NotFound:
      description: The requested resource was not found.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    InternalServerError:
      description: Internal server error.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas

# --- truncated at 32 KB (43 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/openapi/palo-alto-prisma-cloud-code-security-api-openapi-original.yml