Skip to content

Applications and scans

Applications

Applications represent the projects or services you monitor. Each application has:

  • Name and slug - unique identifier used in URLs
  • API token - used for programmatic scan ingestion
  • Versions - multiple versions for tracking changes over time

Create an application

POST /api/applications
Content-Type: application/json

{
  "name": "My Web App",
  "slug": "my-web-app"
}

API token

Each application has an auto-generated API token for the /api/ingest endpoint. Tokens can be regenerated from the application detail page.

Application versions

Versions allow you to track findings across different releases. Key features:

  • Version comparison - compare findings between two versions to see new, fixed, and still-present issues
  • Automatic versioning - each scan can target a specific version

Compare versions

GET /api/applications/{id}/versions/compare?from=1.0&to=1.1

Scans

A scan represents a single upload of scanner results. Each scan contains:

  • Scanner type - detected automatically from the file format
  • Status - processing status (pending, completed, failed)
  • Version - optional application version tag
  • Findings - the parsed vulnerabilities

List scans

GET /api/scans?application_id={id}&limit=20

Scan detail

GET /api/scans/{id}