Endpoint
POST https://api.vulnzap.com/api/scan/commit
Description
Scans specific files from a commit for security vulnerabilities using Faraday’s multi-agent engine. Ideal for incremental scans and CI/CD pipelines.
Request Body
Repository identifier (e.g., owner/repo)
Array of file objects to scan
Relative file path (e.g., src/api/auth.ts)
Optional identifier for tracking purposes
Response
Whether the request was successful
Scan job details
Unique job identifier (UUID v4)
Project identifier (UUID v4)
Job status: pending, running, completed, failed
Human-readable status message
Example Request
curl -X POST https://api.vulnzap.com/api/scan/commit \
-H "x-api-key: your_api_key_here" \
-H "Content-Type: application/json" \
-d '{
"commitHash": "abc123def456",
"repository": "owner/repo",
"branch": "main",
"files": [
{
"name": "src/auth.js",
"content": "const password = \"hardcoded123\";"
}
]
}'
Example Response
{
"success": true,
"data": {
"jobId": "550e8400-e29b-41d4-a716-446655440000",
"projectId": "7c9e6679-7425-40de-944b-e07fc1f90ae7",
"status": "pending",
"message": "Commit scan started successfully"
}
}
Error Responses
{
"success": false,
"error": "Invalid request body. Missing required field: files"
}
Next Steps
After initiating a scan:
- Use SSE for real-time updates: Connect to
/commit/:jobId/events for live progress
- Poll for status: Call
/jobs/:jobId to check scan progress and retrieve results
Real-Time Updates
Stream live scan progress with Server-Sent Events
