Skip to main content

Scanning API

This page documents the scan endpoints that match the current route structure in the codebase. Use the X-CLOUDGENI-API-KEY header for all examples here.

Repository Static Analysis

Create a Checkov-backed static analysis run for a repository: 
curl --fail --silent --show-error \
  -X POST \
  -H "Content-Type: application/json" \
  -H "X-CLOUDGENI-API-KEY: $CLOUDGENI_API_KEY" \
  "$CLOUDGENI_API_URL/api/v1/organizations/$CLOUDGENI_ORG_ID/repositories/$CLOUDGENI_REPO_ID/static-analysis" \
  -d '{
    "analysisEngine": "checkov",
    "excludedPaths": []
  }'
Fetch the current active analysis for the repository: 
curl --fail --silent --show-error \
  -H "X-CLOUDGENI-API-KEY: $CLOUDGENI_API_KEY" \
  "$CLOUDGENI_API_URL/api/v1/organizations/$CLOUDGENI_ORG_ID/repositories/$CLOUDGENI_REPO_ID/static-analysis?current=true"
Fetch findings for a specific analysis: 
curl --fail --silent --show-error \
  -H "X-CLOUDGENI-API-KEY: $CLOUDGENI_API_KEY" \
  "$CLOUDGENI_API_URL/api/v1/organizations/$CLOUDGENI_ORG_ID/repositories/$CLOUDGENI_REPO_ID/static-analysis/$CLOUDGENI_ANALYSIS_ID/findings?limit=50"

Repository IaC Scans

Create an IaC repository scan: 
curl --fail --silent --show-error \
  -X POST \
  -H "Content-Type: application/json" \
  -H "X-CLOUDGENI-API-KEY: $CLOUDGENI_API_KEY" \
  "$CLOUDGENI_API_URL/api/v1/organizations/$CLOUDGENI_ORG_ID/repositories/$CLOUDGENI_REPO_ID/iac-scans" \
  -d '{}'
Use this when you want the repository scan flow exposed by the iac-scans routes rather than the Checkov-only static analysis flow.

Cloud Infra Scans

Create a cloud scan against an existing cloud integration: 
curl --fail --silent --show-error \
  -X POST \
  -H "Content-Type: application/json" \
  -H "X-CLOUDGENI-API-KEY: $CLOUDGENI_API_KEY" \
  "$CLOUDGENI_API_URL/api/v1/organizations/$CLOUDGENI_ORG_ID/cloud/$CLOUDGENI_INTEGRATION_ID/prowler-ocsf/infra-scans" \
  -d '{}'
The analysisEngine segment is part of the route. Current values used by the product include:
  • prowler-ocsf
  • aws-security-hub
  • azure-defender
You can also pass optional cloud-scan fields such as credentialId and regions when the route supports them.

Cloud Scan Findings

Fetch findings for a specific cloud scan: 
curl --fail --silent --show-error \
  -H "X-CLOUDGENI-API-KEY: $CLOUDGENI_API_KEY" \
  "$CLOUDGENI_API_URL/api/v1/organizations/$CLOUDGENI_ORG_ID/cloud/$CLOUDGENI_INTEGRATION_ID/prowler-ocsf/infra-scans/$CLOUDGENI_SCAN_ID/findings?limit=100"
You can filter cloud findings with query parameters such as:
  • severity
  • status
  • resourceType
  • resourceId
  • framework

CLI Equivalents

If you would rather not call raw HTTP: 
cloudgeni repo static-analysis create --org <org> --repo <repo>
cloudgeni repo iac-scan create --org <org> --repo <repo>

Use This Page With CI

These are the same endpoint shapes used in the CI examples for: