# ZeroPath Documentation ## Docs - [Audit log event](https://zeropath.com/docs/api-reference/audit_log_event.md): Webhook event AUDIT_LOG_EVENT - [Inbound webhook](https://zeropath.com/docs/api-reference/inbound_webhook.md): Webhook event INBOUND_WEBHOOK - [Create Bitbucket OAuth Installation (MSP)](https://zeropath.com/docs/api-reference/installations/create-bitbucket-oauth-installation-msp.md) - [Create Bitbucket Workspace Access Token Installation](https://zeropath.com/docs/api-reference/installations/create-bitbucket-workspace-access-token-installation.md) - [Create GitHub app installation](https://zeropath.com/docs/api-reference/installations/create-github-app-installation.md) - [Create GitLab installation](https://zeropath.com/docs/api-reference/installations/create-gitlab-installation.md) - [Get installation repositories](https://zeropath.com/docs/api-reference/installations/get-installation-repositories.md) - [Update GitLab installation](https://zeropath.com/docs/api-reference/installations/update-gitlab-installation.md) - [API Reference](https://zeropath.com/docs/api-reference/introduction.md): Integrate ZeroPath's security scanning into your applications and workflows - [Approve patch](https://zeropath.com/docs/api-reference/issues/approve-patch.md) - [Archive issue](https://zeropath.com/docs/api-reference/issues/archive-issue.md) - [Delete issue](https://zeropath.com/docs/api-reference/issues/delete-issue.md) - [Generate patch](https://zeropath.com/docs/api-reference/issues/generate-patch.md) - [Get issue](https://zeropath.com/docs/api-reference/issues/get-issue.md) - [Mark issue as false positive](https://zeropath.com/docs/api-reference/issues/mark-issue-as-false-positive.md) - [Mark issue as true positive](https://zeropath.com/docs/api-reference/issues/mark-issue-as-true-positive.md) - [Resolve issue](https://zeropath.com/docs/api-reference/issues/resolve-issue.md) - [Search issues](https://zeropath.com/docs/api-reference/issues/search-issues.md): Search for security issues across your repositories. You can filter by various criteria including custom rule ID. - [Unarchive issue](https://zeropath.com/docs/api-reference/issues/unarchive-issue.md) - [Unresolve issue](https://zeropath.com/docs/api-reference/issues/unresolve-issue.md) - [Update issue severity](https://zeropath.com/docs/api-reference/issues/update-issue-severity.md) - [Long running scan](https://zeropath.com/docs/api-reference/long_running_scan.md): Webhook event LONG_RUNNING_SCAN - [New vulnerabilities full scan](https://zeropath.com/docs/api-reference/new_vulnerabilities_full_scan.md): Webhook event NEW_VULNERABILITIES_FULL_SCAN - [New vulnerabilities pr](https://zeropath.com/docs/api-reference/new_vulnerabilities_pr.md): Webhook event NEW_VULNERABILITIES_PR - [Create an organization](https://zeropath.com/docs/api-reference/organizations/create-an-organization.md) - [Delete an organization](https://zeropath.com/docs/api-reference/organizations/delete-an-organization.md) - [Invite a user to an organization](https://zeropath.com/docs/api-reference/organizations/invite-a-user-to-an-organization.md) - [List organizations](https://zeropath.com/docs/api-reference/organizations/list-organizations.md) - [Patch pr denied](https://zeropath.com/docs/api-reference/patch_pr_denied.md): Webhook event PATCH_PR_DENIED - [Pr blocked](https://zeropath.com/docs/api-reference/pr_blocked.md): Webhook event PR_BLOCKED - [Pr merged with issues](https://zeropath.com/docs/api-reference/pr_merged_with_issues.md): Webhook event PR_MERGED_WITH_ISSUES - [Pr scan complete](https://zeropath.com/docs/api-reference/pr_scan_complete.md): Webhook event PR_SCAN_COMPLETE - [Pr scan started](https://zeropath.com/docs/api-reference/pr_scan_started.md): Webhook event PR_SCAN_STARTED - [Create a new referral](https://zeropath.com/docs/api-reference/referrals/create-a-new-referral.md): Submit a referral for a demo. This is an unauthenticated endpoint. - [Repo added](https://zeropath.com/docs/api-reference/repo_added.md): Webhook event REPO_ADDED - [Report complete](https://zeropath.com/docs/api-reference/report_complete.md): Webhook event REPORT_COMPLETE - [Add a BitBucket repository to zeropath](https://zeropath.com/docs/api-reference/repositories/add-a-bitbucket-repository-to-zeropath.md) - [Add a GitHub repository to zeropath](https://zeropath.com/docs/api-reference/repositories/add-a-github-repository-to-zeropath.md) - [Add a GitLab repository to zeropath](https://zeropath.com/docs/api-reference/repositories/add-a-gitlab-repository-to-zeropath.md) - [Create standalone repository](https://zeropath.com/docs/api-reference/repositories/create-standalone-repository.md) - [Delete repository](https://zeropath.com/docs/api-reference/repositories/delete-repository.md) - [Get repositories](https://zeropath.com/docs/api-reference/repositories/get-repositories.md) - [Get repository branches](https://zeropath.com/docs/api-reference/repositories/get-repository-branches.md): Fetches available branches for a linked repository. Supports GitHub, GitLab, Bitbucket, and Generic Git (best-effort). - [Link GitHub repository with Personal Access Token](https://zeropath.com/docs/api-reference/repositories/link-github-repository-with-personal-access-token.md) - [Reset scanner settings](https://zeropath.com/docs/api-reference/repositories/reset-scanner-settings.md): Delete custom scanner settings for the provided repositories - [Resolve repository by URL](https://zeropath.com/docs/api-reference/repositories/resolve-repository-by-url.md): Given a repository URL and VCS, returns the matching repository and provider object IDs - [Set check status visibility](https://zeropath.com/docs/api-reference/repositories/set-check-status-visibility.md) - [Set max PR timeout minutes](https://zeropath.com/docs/api-reference/repositories/set-max-pr-timeout-minutes.md) - [Set PR branch format](https://zeropath.com/docs/api-reference/repositories/set-pr-branch-format.md) - [Set PR commit message format](https://zeropath.com/docs/api-reference/repositories/set-pr-commit-message-format.md) - [Set PR description template](https://zeropath.com/docs/api-reference/repositories/set-pr-description-template.md) - [Set PR scan clean summary enabled](https://zeropath.com/docs/api-reference/repositories/set-pr-scan-clean-summary-enabled.md) - [Set PR scan issue and clean summaries together](https://zeropath.com/docs/api-reference/repositories/set-pr-scan-issue-and-clean-summaries-together.md): Atomically enables or disables both PR issue-summary comments and clean-scan summary comments for a repository - [Set PR scan issue summary enabled](https://zeropath.com/docs/api-reference/repositories/set-pr-scan-issue-summary-enabled.md) - [Set PR scanning enabled](https://zeropath.com/docs/api-reference/repositories/set-pr-scanning-enabled.md) - [Set PR title template](https://zeropath.com/docs/api-reference/repositories/set-pr-title-template.md) - [Set scan branch](https://zeropath.com/docs/api-reference/repositories/set-scan-branch.md) - [Create custom rule](https://zeropath.com/docs/api-reference/rules/create-custom-rule.md): Create a new natural language security rule that will be applied during scans - [Delete custom rule](https://zeropath.com/docs/api-reference/rules/delete-custom-rule.md): Delete a custom rule - [Get custom rule](https://zeropath.com/docs/api-reference/rules/get-custom-rule.md): Get details of a specific custom rule including associated repositories - [List custom rules](https://zeropath.com/docs/api-reference/rules/list-custom-rules.md): List all custom rules for the organization, optionally filtered by repository - [Update custom rule](https://zeropath.com/docs/api-reference/rules/update-custom-rule.md): Update an existing natural language security rule - [Get SCA package](https://zeropath.com/docs/api-reference/sca/get-sca-package.md) - [Get SCA vulnerability](https://zeropath.com/docs/api-reference/sca/get-sca-vulnerability.md) - [List manifests for a repository](https://zeropath.com/docs/api-reference/sca/list-manifests-for-a-repository.md): Fetch manifests associated with a repository scan along with dependency counts. - [List packages for an SCA manifest](https://zeropath.com/docs/api-reference/sca/list-packages-for-an-sca-manifest.md): Retrieve deduplicated dependency records for a specific manifest. - [List SCA alert facet options](https://zeropath.com/docs/api-reference/sca/list-sca-alert-facet-options.md): Retrieve lists of facet options for alerts, currently languages. - [List SCA alerts](https://zeropath.com/docs/api-reference/sca/list-sca-alerts.md): List consolidated SCA alerts with filters for language, severity, and reachability. - [List SCA facet options](https://zeropath.com/docs/api-reference/sca/list-sca-facet-options.md): Retrieve global lists of dependencies and advisories for filter UIs. - [List SCA licenses](https://zeropath.com/docs/api-reference/sca/list-sca-licenses.md): List licenses grouped with their packages for the user's repositories. - [List SCA repositories with dependency inventory](https://zeropath.com/docs/api-reference/sca/list-sca-repositories-with-dependency-inventory.md): Fetch repositories along with aggregated dependency inventory data. - [List SCA vulnerabilities](https://zeropath.com/docs/api-reference/sca/list-sca-vulnerabilities.md): Search and paginate SCA package vulnerabilities derived from inventory and metadata. - [Sca new cve](https://zeropath.com/docs/api-reference/sca_new_cve.md): Webhook event SCA_NEW_CVE - [Sca new issue](https://zeropath.com/docs/api-reference/sca_new_issue.md): Webhook event SCA_NEW_ISSUE - [Sca scan complete](https://zeropath.com/docs/api-reference/sca_scan_complete.md): Webhook event SCA_SCAN_COMPLETE - [Sca scan failed](https://zeropath.com/docs/api-reference/sca_scan_failed.md): Webhook event SCA_SCAN_FAILED - [Sca scan started](https://zeropath.com/docs/api-reference/sca_scan_started.md): Webhook event SCA_SCAN_STARTED - [Scan complete](https://zeropath.com/docs/api-reference/scan_complete.md): Webhook event SCAN_COMPLETE - [Scan failed](https://zeropath.com/docs/api-reference/scan_failed.md): Webhook event SCAN_FAILED - [Scan scheduled](https://zeropath.com/docs/api-reference/scan_scheduled.md): Webhook event SCAN_SCHEDULED - [Scan started](https://zeropath.com/docs/api-reference/scan_started.md): Webhook event SCAN_STARTED - [Get scan schedules](https://zeropath.com/docs/api-reference/scans/get-scan-schedules.md) - [List scans](https://zeropath.com/docs/api-reference/scans/list-scans.md) - [Scan standalone repository](https://zeropath.com/docs/api-reference/scans/scan-standalone-repository.md) - [Start a new scan](https://zeropath.com/docs/api-reference/scans/start-a-new-scan.md) - [Upsert scan schedule](https://zeropath.com/docs/api-reference/scans/upsert-scan-schedule.md) - [Get issues by PR author](https://zeropath.com/docs/api-reference/stats/get-issues-by-pr-author.md) - [Get issues by repository](https://zeropath.com/docs/api-reference/stats/get-issues-by-repository.md) - [Get issues by severity](https://zeropath.com/docs/api-reference/stats/get-issues-by-severity.md) - [Get issues by vulnerability class](https://zeropath.com/docs/api-reference/stats/get-issues-by-vulnerability-class.md) - [Get security posture](https://zeropath.com/docs/api-reference/stats/get-security-posture.md) - [Get summary statistics](https://zeropath.com/docs/api-reference/stats/get-summary-statistics.md) - [Get time saved](https://zeropath.com/docs/api-reference/stats/get-time-saved.md) - [Get top critical issues](https://zeropath.com/docs/api-reference/stats/get-top-critical-issues.md) - [Vulnerability patched](https://zeropath.com/docs/api-reference/vulnerability_patched.md): Webhook event VULNERABILITY_PATCHED - [Vulnerability reopened](https://zeropath.com/docs/api-reference/vulnerability_reopened.md): Webhook event VULNERABILITY_REOPENED - [Vulnerability status changed](https://zeropath.com/docs/api-reference/vulnerability_status_changed.md): Webhook event VULNERABILITY_STATUS_CHANGED - [API Tokens](https://zeropath.com/docs/authentication/api-tokens.md): Create and manage API tokens for programmatic access to ZeroPath - [Enterprise SSO & Directory Sync](https://zeropath.com/docs/authentication/enterprise-sso.md): Set up SAML/OIDC single sign-on, SCIM user provisioning, and HRIS directory sync for your organization - [Changelog](https://zeropath.com/docs/changelog.md): Product updates and announcements - [Installation](https://zeropath.com/docs/cli/installation.md): Install and set up the ZeroPath CLI on your system - [ZeroPath CLI](https://zeropath.com/docs/cli/introduction.md): Command-line access to ZeroPath's AI-powered security scanning platform - [VS Code Extension](https://zeropath.com/docs/developer-tools/vscode.md): Browse vulnerabilities, view scan results, and apply fixes directly in Visual Studio Code - [Documentation](https://zeropath.com/docs/index.md): Auto-fix novel vulnerabilities and reduce false positives at scale with ZeroPath. - [Jira Integration](https://zeropath.com/docs/integrations/jira.md): Sync ZeroPath findings with Jira for streamlined issue tracking and remediation workflows - [Linear Integration](https://zeropath.com/docs/integrations/linear.md): Push ZeroPath findings to Linear for developer-friendly vulnerability tracking - [Slack Integration](https://zeropath.com/docs/integrations/slack.md): Receive real-time scan notifications and vulnerability alerts in your Slack channels - [Wiz Integration](https://zeropath.com/docs/integrations/wiz.md): Upload scanner results to Wiz and leverage exposure-based dynamic tagging - [Exposure Information](https://zeropath.com/docs/integrations/wiz-exposure.md): Pull exposure data from Wiz to identify internet-exposed applications - [UVM Integration](https://zeropath.com/docs/integrations/wiz-uvm.md): Push ZeroPath scanner results to Wiz Universal Vulnerability Management - [MCP Installation](https://zeropath.com/docs/mcp/installation.md): Install and configure the ZeroPath MCP Server for your AI tool - [MCP Server](https://zeropath.com/docs/mcp/overview.md): Query and manage ZeroPath findings from MCP-compatible AI tools - [MCP Tools Reference](https://zeropath.com/docs/mcp/tools.md): Complete reference for all tools available through the ZeroPath MCP Server - [AI AppSec Assistant](https://zeropath.com/docs/platform/ai-assistant.md): An autonomous AI agent that triages findings, responds to security events, and manages your AppSec posture across runs - [Compliance & GRC](https://zeropath.com/docs/platform/compliance.md): Turn continuous security scanning into continuous compliance with automated evidence collection, control mapping, and GRC platform integrations - [Custom Rules](https://zeropath.com/docs/platform/custom-rules.md): Create and manage custom SAST rules using natural language to enforce organization-specific security policies - [Repository Context](https://zeropath.com/docs/platform/repo-context.md): Give ZeroPath background knowledge about your codebase to improve scan accuracy and reduce false positives - [Reports](https://zeropath.com/docs/platform/reports.md): Generate and export security reports from your scan data - [Scanner Settings](https://zeropath.com/docs/platform/scanner-settings.md): Configure scanning behavior, schedules, and feature toggles per repository - [Teams & Permissions](https://zeropath.com/docs/platform/teams.md): Manage team access, roles, and fine-grained permissions across your organization - [Quick Start](https://zeropath.com/docs/quickstart.md): Get started with ZeroPath's AI-powered security platform in just a few minutes - [SCA Overview](https://zeropath.com/docs/sca/overview.md): How ZeroPath discovers, inventories, and alerts on vulnerable packages - [SCA SBOM Exports](https://zeropath.com/docs/sca/sbom-exports.md): CycloneDX, SPDX, and VEX artifacts backed by the ZeroPath SCA inventory - [Auto-Fix & Patches](https://zeropath.com/docs/scanning/auto-fix.md): Automatically generate fix patches and pull requests for detected vulnerabilities - [Fix Verification](https://zeropath.com/docs/scanning/fix-verification.md): Verify that your PR fixes a known vulnerability by referencing it in the PR description - [IaC Scanning](https://zeropath.com/docs/scanning/iac.md): Identify misconfigurations in your infrastructure-as-code before deployment - [PR Scanning](https://zeropath.com/docs/scanning/pr-scanning.md): Catch vulnerabilities before they reach your main branch with automated pull request scanning - [SAST Overview](https://zeropath.com/docs/scanning/sast-overview.md): Find business logic vulnerabilities like broken auth, IDOR and more with fewer false positives. - [Secrets Scanning](https://zeropath.com/docs/scanning/secrets.md): Detect hardcoded secrets, API keys, and credentials across your codebase - [Webhooks](https://zeropath.com/docs/webhook/introduction.md): Receive real-time notifications about security events in your repositories ## OpenAPI Specs - [v1](https://zeropath.com/openapi/v1.yaml) - [webhooks](https://zeropath.com/openapi/webhooks.yaml) - [openapi](https://zeropath.com/docs/api-reference/openapi.json) ## Optional - [Dashboard](https://zeropath.com/app) - [Status](https://status.zeropath.com)