Skip to main content
GET
/
violations
List violations
curl --request GET \
  --url https://app.codethreat.com/api/v1/violations \
  --header 'X-API-Key: <api-key>'
"<unknown>"

Documentation Index

Fetch the complete documentation index at: https://docs.codethreat.com/llms.txt

Use this file to discover all available pages before exploring further.

Violations API

Access and manage security violations via API.

List Violations

GET /v1/violations?repository_id=repo_123&severity=critical,high
Response: 
{
  "violations": [
    {
      "violation_id": "vio_789",
      "title": "SQL Injection in user_controller.py",
      "severity": "CRITICAL",
      "cvss_score": 9.1,
      "epss_score": 68.5,
      "type": "SAST",
      "status": "OPEN",
      "file_path": "api/user_controller.py",
      "line_number": 45
    }
  ],
  "pagination": {
    "page": 1,
    "total": 27
  }
}

Get Violation Details

GET /v1/violations/:violation_id
Response: 
{
  "violation_id": "vio_789",
  "title": "SQL Injection in user_controller.py",
  "description": "User input directly interpolated into SQL query...",
  "severity": "CRITICAL",
  "cvss_score": 9.1,
  "epss_score": 68.5,
  "type": "SAST",
  "cwe": "CWE-89",
  "status": "OPEN",
  "file_path": "api/user_controller.py",
  "line_number": 45,
  "code_snippet": "query = f\"SELECT * FROM users WHERE id = {user_id}\"",
  "remediation": "Use parameterized queries...",
  "first_detected": "2024-03-10T08:15:00Z",
  "last_seen": "2024-03-15T14:35:42Z"
}

Update Violation Status

POST /v1/violations/:violation_id/suppress
Request: 
{
  "justification": "Input validated on line 42 before use"
}

What’s Next?

Scans API

Trigger scans

Repositories API

Manage repositories

Authorizations

X-API-Key
string
header
required

API key for authentication. Generate from your organization settings.

Query Parameters

page
integer
default:1

Page number

Required range: x >= 1
limit
integer
default:20

Items per page

Required range: 1 <= x <= 100
scanId
string
repositoryId
string
severity
enum<string>
Available options:
critical,
high,
medium,
low,
info
status
enum<string>
Available options:
open,
fixed,
ignored,
false_positive
ruleId
string

Response

200 - application/json

Successful response

The response is of type any.