Skip to main content
POST
/
project
/
{projectId}
/
results
/
sca
/
autofix
Analyze SCA vulnerabilities for autofix candidates
curl --request POST \
  --url https://api-eu.cybedefend.com/project/{projectId}/results/sca/autofix \
  --header 'Content-Type: application/json' \
  --header 'x-api-key: <api-key>' \
  --data '
{
  "vulnerabilityIds": [
    "550e8400-e29b-41d4-a716-446655440000"
  ],
  "updateLevel": "auto",
  "singleFix": false,
  "createPr": false,
  "targetBranch": "main"
}
'
{
  "projectId": "550e8400-e29b-41d4-a716-446655440000",
  "success": true,
  "status": "ok",
  "message": "Found fixes for 3 out of 5 vulnerabilities",
  "results": [
    {
      "vulnerabilityId": "550e8400-e29b-41d4-a716-446655440000",
      "cveId": "CVE-2020-7598",
      "severity": "HIGH",
      "vulnerablePackage": "minimist",
      "vulnerableVersion": "0.0.8",
      "dependencyPath": [
        "[email protected]",
        "[email protected]"
      ],
      "ecosystem": "npm",
      "isTransitive": true,
      "fixCandidates": [
        {
          "parentPackage": "mkdirp",
          "currentVersion": "0.5.1",
          "proposedVersion": "0.5.5",
          "vulnerableChild": "minimist",
          "vulnerableChildVersion": "0.0.8",
          "requiredChildVersion": "1.2.2",
          "updateType": "patch",
          "isValid": true,
          "fixedChildVersion": "1.2.6"
        }
      ],
      "hasFixAvailable": true,
      "testedVersionsCount": 5,
      "status": "ok",
      "summary": "Prototype Pollution in minimist",
      "fileName": "package-lock.json",
      "recommendedFix": {
        "parentPackage": "mkdirp",
        "currentVersion": "0.5.1",
        "proposedVersion": "0.5.5",
        "vulnerableChild": "minimist",
        "vulnerableChildVersion": "0.0.8",
        "requiredChildVersion": "1.2.2",
        "updateType": "patch",
        "isValid": true,
        "fixedChildVersion": "1.2.6"
      },
      "errorMessage": "<string>",
      "installCommand": "npm install [email protected]"
    }
  ],
  "totalVulnerabilities": 5,
  "fixableCount": 3,
  "unfixableCount": 1,
  "errorCount": 1,
  "jobId": "sca-autofix-550e8400-e29b-41d4-a716-446655440000-0"
}

Authorizations

​
x-api-key
string
header
required

API Key for authentication. You can generate an API key from your personal settings.

Path Parameters

​
projectId
string<uuid>
required

Project identifier

Body

application/json
​
vulnerabilityIds
string[]
required

Array of SCA vulnerability detection IDs to analyze

Example:
["550e8400-e29b-41d4-a716-446655440000"]
​
updateLevel
enum<string>
default:auto

Maximum update level allowed: patch, minor, major, or auto (auto-escalates from patch to major)

Available options:
patch,
minor,
major,
auto
Example:

"auto"

​
singleFix
boolean
default:false

If true, stop at first valid fix found (faster). If false, find all possible fixes.

Example:

false

​
createPr
boolean
default:false

If true, create a Pull Request with the fixes. Requires project to be linked to GitHub/GitLab.

Example:

false

​
targetBranch
string

Target branch name for the PR. If not specified, uses the default branch.

Example:

"main"

Response

SCA AutoFix analysis completed successfully

​
projectId
string
required

Project ID

Example:

"550e8400-e29b-41d4-a716-446655440000"

​
success
boolean
required

True if at least one vulnerability has a fix

Example:

true

​
status
enum<string>
required

Overall status: ok, partial, no_fix, or error

Available options:
ok,
partial,
no_fix,
error
Example:

"ok"

​
message
string
required

Human-friendly summary

Example:

"Found fixes for 3 out of 5 vulnerabilities"

​
results
object[]
required

Results for each vulnerability

​
totalVulnerabilities
number
required

Total number of vulnerabilities analyzed

Example:

5

​
fixableCount
number
required

Number of vulnerabilities with fixes available

Example:

3

​
unfixableCount
number
required

Number of vulnerabilities without fixes

Example:

1

​
errorCount
number
required

Number of vulnerabilities that failed analysis

Example:

1

​
jobId
string

Job ID for polling status (only set when status is "queued" or "processing")

Example:

"sca-autofix-550e8400-e29b-41d4-a716-446655440000-0"