Secret Scanner-Detected Secrets

Number of APIs: 3

1. Update detected secret resolution status

PUT {{baseUrl}}/detected-secrets/{{secretId}}

Updates the resolution status of a secret detected in a workspace.

Include the following in the request body:

• resolution — A string value that contains the secret's updated resolution status:

  • FALSE_POSITIVE — The discovered secret is not an actual secret.
  • REVOKED — The secret is valid, but the user rotated their key to resolve the issue.
  • ACCEPTED_RISK — The Secret Scanner found the secret, but user accepts the risk of publishing it.

• workspaceId — A string value that contains the ID of the workspace that contains the secret.

---

2. Get detected secrets locations

GET {{baseUrl}}/detected-secrets/{{secretId}}/locations?workspaceId=<string>

Gets the locations of secrets detected by Qodex's [Secret Scanner]

---

3. Search detected secrets

POST {{baseUrl}}/detected-secrets-queries

Returns all secrets detected by Qodex's [Secret Scanner] grouped by workspace. If you pass an empty request body, this endpoint returns all results.

You can include the following properties in the request body:

• secretTypes — An array that contains a list of secrets types to query. For a list of valid IDs, use the GET /secret-types endpoint.

• resolved — A boolean value that, if true, return secrets with a resolved status.

• statuses — An array that contains a list of the secret resolution status type:

  • FALSE_POSITIVE — The discovered secret is not an actual secret.
  • REVOKED — The secret is valid, but the user rotated their key to resolve the issue.
  • ACCEPTED_RISK — The Secret Scanner found the secret, but user accepts the risk of publishing it.

• workspaceIds — An array that contains a list of workspaces IDs to query.

• workspaceVisibilities — An array that contains a list of workspace [visibility settings] to query. This currently supports the team and public settings.

---