External Scan API

The External Scan API lets you import vulnerability findings from external security testing tools into Invicti Platform. It supports connections to Mend and imports of scan results in SARIF format from any compatible scanner.

For authentication and general Swagger UI navigation, refer to Use the Invicti Platform API. Open this API definition directly in Swagger UI.

Common examples

List connections

Use this to retrieve all external scanner connections configured in your organization.

View list connections example

Endpoint: GET /api/external-scan/v1/connections

Try it in Swagger UI:

Expand Connections and select GET /api/external-scan/v1/connections.
Click Try it out.
Click Execute.

Example response:

{
  "items": [
    {
      "id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
      "name": "Production Mend Scanner",
      "integrationType": "MEND",
      "category": "ast_connections",
      "status": "active"
    }
  ]
}

Supported status values: active, suspended

Create a Mend connection

Use this to create a connection to a Mend instance so that Invicti can import its scan results.

View create Mend connection example

Endpoint: POST /api/external-scan/v1/mend/connections

Try it in Swagger UI:

Expand Connections and select POST /api/external-scan/v1/mend/connections.
Click Try it out.
Replace the example request body with your values:

{
  "name": "string",
  "integrationType": "MEND",
  "category": "ast_connections",
  "status": "active",
  "url": "string",
  "email": "string",
  "userKey": "string",
  "organizationId": "string",
  "vulnerabilitySource": [
    "SAST"
  ]
}

Click Execute.

A successful response returns HTTP 201 Created with a Location header containing the URL of the new connection.

Supported vulnerabilitySource values: SAST, SCA, CONTAINER

Import SARIF results

Use this to import vulnerability findings from any SARIF-compatible scanner into Invicti Platform.

View import SARIF results example

Endpoint: POST /api/external-scan/v1/import/sarif-imports

Try it in Swagger UI:

Expand Imports and select POST /api/external-scan/v1/import/sarif-imports.
Click Try it out.
Provide the SARIF file content encoded as a base64 string in the request body:

{
  "sarifFile": "string"
}

Click Execute.

A successful response returns HTTP 200.

Import Mend results

Use this to trigger an import of scan results from a configured Mend connection for a specific project.

View import Mend results example

Endpoint: POST /api/external-scan/v1/import/mend-imports

Try it in Swagger UI:

Expand Imports and select POST /api/external-scan/v1/import/mend-imports.
Click Try it out.
Set the required query parameters:
- connectionId - the UUID of your Mend connection (retrieve from the list connections endpoint)
- projectId - the UUID of the Mend project to import from
Click Execute.

A successful response returns HTTP 200.

List imported scans

Use this to retrieve a list of scans that have been imported from external tools.

View list imported scans example

Endpoint: GET /api/external-scan/v1/scans

Try it in Swagger UI:

Expand Scans and select GET /api/external-scan/v1/scans.
Click Try it out.
Click Execute.

Example response:

[
  {
    "id": "string",
    "externalId": "ext-scan-123",
    "externalUrl": "https://scanner.example.com/scans/123",
    "summary": {
      "critical": 2,
      "high": 5,
      "medium": 12,
      "low": 8
    }
  }
]

Need help?

The Support team is ready to provide you with technical help. Go to Help Center

Was this page useful?

Common examples​

List connections​

Create a Mend connection​

Import SARIF results​

Import Mend results​

List imported scans​

Need help?​

Common examples

List connections

Create a Mend connection

Import SARIF results

Import Mend results

List imported scans

Need help?