Skip to main content
POST
/
api
/
v1
/
sca
/
vulnerabilities
/
search
List SCA vulnerabilities
curl --request POST \
  --url https://zeropath.com/api/v1/sca/vulnerabilities/search \
  --header 'Content-Type: application/json' \
  --header 'X-ZeroPath-API-Token-Id: <api-key>' \
  --header 'X-ZeroPath-API-Token-Secret: <api-key>' \
  --data '
{
  "organizationId": "<string>",
  "repositoryIds": [
    "<string>"
  ],
  "page": 1,
  "pageSize": 50,
  "searchQuery": "<string>",
  "ecosystems": [
    "<string>"
  ],
  "groupBy": "none",
  "advisoryQuery": "<string>",
  "dependencyNames": [
    "<string>"
  ],
  "reachability": [],
  "hasWizExposure": true
}
'
{
  "vulnerabilities": [
    {
      "id": "<string>",
      "package": {
        "id": "<string>",
        "name": "<string>",
        "version": "<string>",
        "ecosystem": "<string>",
        "manifestPath": "<string>",
        "manifestStartLine": 123,
        "manifestEndLine": 123,
        "manifestStartColumn": 123,
        "manifestEndColumn": 123
      },
      "metadata": {
        "id": "<string>",
        "packageIdentifier": "<string>",
        "aliases": [
          "<string>"
        ],
        "references": [
          "<string>"
        ],
        "summary": "<string>",
        "description": "<string>",
        "severityScore": 123
      },
      "repositoryId": "<string>",
      "branch": "<string>",
      "commitSha": "<string>",
      "codeScanVulnerabilityId": "<string>",
      "count": 123,
      "items": "<array>"
    }
  ],
  "totalCount": 123,
  "page": 123,
  "pageSize": 123
}

Authorizations

X-ZeroPath-API-Token-Id
string
header
required
X-ZeroPath-API-Token-Secret
string
header
required

Body

application/json
organizationId
string
repositoryIds
string[]
page
integer
default:1
Required range: x >= 1
pageSize
integer
default:50
Required range: x >= 1
searchQuery
string
ecosystems
string[]
groupBy
enum<string>
default:none

Group vulnerabilities by CVE or by CVE+manifest

Available options:
none,
cve,
cve_manifest
advisoryQuery
string

Filter by advisory identifier or alias (CVE, GHSA, etc.)

dependencyNames
string[]

Filter by dependency/package names (contains match)

transitivity
enum<string>

Filter by direct vs transitive dependencies. When omitted, returns both direct and transitive.

Available options:
direct,
transitive
reachability
enum<string>[]

Filter by exploitability status. When omitted, defaults to all three: reachable, needs_review, and unreachable.

Available options:
reachable,
needs_review,
unreachable
hasWizExposure
enum<boolean>

Filter to vulnerabilities associated with applications exposed by Wiz

Available options:
true

Response

Successful response

vulnerabilities
object[]
totalCount
integer
page
integer
pageSize
integer