Source Code Analysis Request API
Description
Users can send API requests to analyze security vulnerabilities or quality issues in source code and receive responses about the status of those requests.
Request
a. The repository location of the files to analyze and, if necessary, authentication information for that repository, and b. Callback URL information to receive analysis results are required. Refer to Request to enter the API.
Response
You will receive a success or failure response immediately after sending the analysis request. For details, refer to the Response section of the Source Code Analysis Request API.
Callback
You will receive progress or analysis completion callbacks according to the callback information entered in the request. For details, refer to Callback.
For information about the analysis request process, refer to Analysis Request and Callback.
Request
{
"resultVersion": `2`,
"callbacks": [
{
"type": [
"ANALYSIS_PROGRESS"
],
"url": "CALLBACK_URL",
"headers": [
{
"key": "HEADER_KEY",
"value": "HEADER_VALUE"
}
]
}
],
"memo": "MEMO",
"sastOptions": {
"maxSourceSize": "SOURCE_SIZE",
"analysisSource": {
"type": "VCS",
"vcsInfo": {
"type": "git",
"url": "VCS_URL",
"auth": {
"id": "VCS_ID",
"password": "VCS_PASSWORD",
"authToken": "VCS_TOKEN"
},
"branch": "BRANCH_NAME",
"commitId": "COMMIT_ID",
"tag": "TAG_NAME"
}
},
"extensions": ["FILE_EXTENSION1", "FILE_EXTENSION2"],
"excludedPath": ["EXCLUDED_PATH1", "EXCLUDED_PATH2", "EXCLUDED_PATH3"]
}
}
-
Setting Analysis Exclusion Paths in Other Ways
- Create
.sparrowFile
You can enter analysis exclusion paths in the following yaml format in the remote repository that is the analysis target.
sastOption:
excludedPath:
- "EXCLUDED_PATH1"
- "EXCLUDED_PATH2"- Enter in Analysis Request
Enter options in the sastOptions field of the analysis request as follows.
"sastOptions":[
{
"key":"sparrowPropertyPath",
"value": "test"
}
]- key : sparrowPropertyPath
- value : Relative path of the option file based on the root path
If entered as above, analysis options are applied through the test file in the root path. If the test file does not exist in the root path, the .sparrow file in the root path is used.
- Priority
Options set in the analysis request have higher priority than options set in a file. Also, the file set in
sparrowPropertyPathhas higher priority than the .sparrow file. - Create
Response
✔️ Success Response
Request Success
If the analysis request is processed normally, you will receive the following response along with 200 OK.
{
"requestId": "REQUEST_ID",
"result": "SUCCESS",
"analysisList": [
{
"reqestId": "REQUEST_ID",
"analysisId": "ANALYSIS_ID",
"status": "INIT",
"toolType": "SAST",
"memo": "MEMO"
}
]
}
❌ Failure Response
Authentication Failure
If authentication information is incorrect, you will receive a 401 Unauthorized response.
Invalid Request
If the request is invalid, you will receive a 400 Bad Request response along with the following information.
resultCode: Displays the result of the request as a code. For details, refer to Result Code Collection.message: Displays an error message.
Callback
✅ Analysis Status Callback
{
"analysisId": "ANALYSIS_ID"
"requestId": "REQUEST_ID"
"type": "ANALYSIS_PROGRESS"
"status": "PRE_PROCESS"
"progress": null
"step": "STEP"
"totalStep": 5
"updateTime": "YYYY-MM-DDTHH:mm:ss.SSS±HH:mm"
}
☑️ Analysis Completion Callback
{
"analysisId": "ANALYSIS_ID"
"requestId": "REQUEST_ID"
"type": "ANALYSIS_COMPLETE"
"errorCode": null
"analysis": {
"analysisId": 2992
"requestId": 3837
"status": "COMPLETE"
"result": "SUCCESS"
"progress": null
"toolType": "SAST"
"memo": "MEMO"
"startTime": "YYYY-MM-DDTHH:mm:ss.SSS±HH:mm"
"endTime": "YYYY-MM-DDTHH:mm:ss.SSS±HH:mm"
"issueCount": "TOTAL_ISSUES"
}
}