> ## Documentation Index
> Fetch the complete documentation index at: https://docs.endorlabs.com/llms.txt
> Use this file to discover all available pages before exploring further.
## Submitting Feedback
If you encounter incorrect, outdated, or confusing documentation on this page, submit feedback:
POST https://docs.endorlabs.com/feedback
```json
{
"path": "/api-reference/installationservice/listinstallations",
"feedback": "Description of the issue"
}
```
Only submit feedback when you have something specific and actionable to report.
# ListInstallations
> Lists all installations.
## OpenAPI
````yaml /api-reference/openapi.v3.json get /v1/namespaces/{tenant_meta.namespace}/installations
openapi: 3.0.3
info:
description: Integrate your application with Endor Labs using the REST API.
title: Endor Labs REST API Reference
version: '1.0'
servers:
- url: https://api.endorlabs.com/
security: []
tags:
- name: AISastCustomerContextService
- name: APIKeyService
- name: APIKeyValidatorService
- name: ArtifactSignatureService
- name: AuditLogService
- name: AuthenticationLogService
- name: AuthenticationService
- name: AuthorizationPolicyService
- name: BatchFileSegmentsService
- name: BatchNotificationService
- name: CallGraphDataService
- name: CodeOwnersService
- name: DependencyMetadataService
- name: EndorIgnoreEntryService
- name: ExporterService
- name: FindingLogService
- name: FindingService
- name: HuggingFaceModelService
- name: HuggingFaceOrganizationService
- name: IPAddressPolicyService
- name: IdentityProviderService
- name: InstallationService
- name: InvitationService
- name: LicenseDependencyService
- name: LicenseNoticesReportService
- name: LicenseSummaryService
- name: LinterResultService
- name: MalwareService
- name: MetricService
- name: NamespaceService
- name: NotificationService
- name: NotificationTargetService
- name: OnPremSchedulerService
- name: PRCommentConfigService
- name: PackageFirewallLogService
- name: PackageLicenseOverrideService
- name: PackageLicenseQueryService
- name: PackageLicenseService
- name: PackageManagerService
- name: PackageVersionService
- name: PluginBinaryService
- name: PolicyService
- name: PolicyTemplateService
- name: ProjectService
- name: ProvisioningResultService
- name: QueryMalwareService
- name: QueryService
- name: QuerySimilarPackagesService
- name: QueryVulnerabilityService
- name: RegistryIngestionCheckpointService
- name: RepositoryService
- name: RepositoryVersionService
- name: RuleSetImportService
- name: SBOMExportService
- name: SBOMImportService
- name: SCMCredentialService
- name: SavedQueryService
- name: ScanLogRequestService
- name: ScanProfileService
- name: ScanResultService
- name: ScanWorkflowResultService
- name: ScanWorkflowService
- name: SecretRuleService
- name: SemgrepRuleService
- name: SystemConfigService
- name: TenantService
- name: VEXExportService
- name: VectorStoreService
- name: VersionUpgradeService
- name: VulnerabilityService
paths:
/v1/namespaces/{tenant_meta.namespace}/installations:
get:
tags:
- InstallationService
summary: ListInstallations
description: Lists all installations.
operationId: InstallationService_ListInstallations
parameters:
- description: >-
Namespaces are a way to organize organizational units into virtual
groupings of resources. Namespaces must be a fully qualified name,
for example, the child namespace of namespace "endor.prod" called
"app"
is called "endor.prod.app".
in: path
name: tenant_meta.namespace
required: true
schema:
type: string
x-endor-name: Namespace
- description: >-
String of conditions to filter resources by.
Filters may include any attribute along with the following
operators:
"==", "!=", ">", ">=", "<", "<=", "Contains", "In", "Matches", and
"Exists". The logical operators "And" and "Or" are also supported.
Expressions may be combined and grouped with parentheses.
Examples:
"spec.value == 5",
"spec.value in ["a", "b", "c"]",
"(meta.name == "xyz" and "spec.value in ["a","b"]) or (spec.value ==
"c")".
in: query
name: list_parameters.filter
schema:
type: string
- description: |-
Set the page token to start from.
Use page tokens to page through list results or list specific pages.
in: query
name: list_parameters.page_token
schema:
format: int32
type: integer
- description: |-
Set the page size to limit the number of results returned.
Default: 100. Max: 500.
in: query
name: list_parameters.page_size
schema:
format: int32
type: integer
- description: >-
Action to be executed with a request. Not supported for all
endpoints.
in: query
name: list_parameters.action
schema:
type: string
- description: List of fields to return (all fields are returned by default).
in: query
name: list_parameters.mask
schema:
type: string
- description: Get data from any child namespaces as well.
in: query
name: list_parameters.traverse
schema:
type: boolean
- description: Field to sort objects by, for example, meta.name.
in: query
name: list_parameters.sort.path
schema:
type: string
- description: 'Sort order. Default: ASC.'
in: query
name: list_parameters.sort.order
schema:
default: SORT_ENTRY_ORDER_UNSPECIFIED
enum:
- SORT_ENTRY_ORDER_UNSPECIFIED
- SORT_ENTRY_ORDER_ASC
- SORT_ENTRY_ORDER_DESC
type: string
- description: |-
Return the number of objects matching the given list parameters.
If count is set to true, the response is a CountResponse.
Can be used together with filter and traverse.
in: query
name: list_parameters.count
schema:
type: boolean
- description: |-
Group the objects based on this field.
If there are multiple fields then the objects are grouped
based on the uniqueness of all fields.
Supports composite paths.
Supports arrays and maps.
in: query
name: list_parameters.group.aggregation_paths
schema:
type: string
- description: |-
Return the UUID of each object in each group as specified by
aggregation_paths.
in: query
name: list_parameters.group.show_aggregation_uuids
schema:
type: boolean
- description: |-
List of fields for which we want the unique count.
Supports arrays and maps.
in: query
name: list_parameters.group.unique_count_paths
schema:
type: string
- description: |-
List of fields for which we want the unique values.
Supports arrays and maps.
in: query
name: list_parameters.group.unique_value_paths
schema:
type: string
- description: Only return objects from PR scans that match this context id.
in: query
name: list_parameters.ci_run_uuid
schema:
type: string
- description: Page ID to retrieve.
in: query
name: list_parameters.page_id
schema:
type: string
- description: |-
Group the objects based on this time field,
for example, meta.create_time.
in: query
name: list_parameters.group_by_time.aggregation_paths
schema:
type: string
- description: Return the UUIDs of the objects in each group.
in: query
name: list_parameters.group_by_time.show_aggregation_uuids
schema:
type: boolean
- description: Interval unit by which the objects should be grouped.
in: query
name: list_parameters.group_by_time.interval
schema:
default: GROUP_BY_TIME_INTERVAL_UNSPECIFIED
enum:
- GROUP_BY_TIME_INTERVAL_UNSPECIFIED
- GROUP_BY_TIME_INTERVAL_YEAR
- GROUP_BY_TIME_INTERVAL_QUARTER
- GROUP_BY_TIME_INTERVAL_MONTH
- GROUP_BY_TIME_INTERVAL_WEEK
- GROUP_BY_TIME_INTERVAL_DAY
- GROUP_BY_TIME_INTERVAL_HOUR
- GROUP_BY_TIME_INTERVAL_MINUTE
- GROUP_BY_TIME_INTERVAL_SECOND
type: string
- description: |-
Size of the time interval to group the objects by,
for example, to group objects by 2-week intervals, set interval
to GROUP_BY_TIME_INTERVAL_WEEK and group_size to 2.
in: query
name: list_parameters.group_by_time.group_size
schema:
format: int32
type: integer
- description: |-
Beginning of the time period to group objects.
Defaults to the beginning of time.
in: query
name: list_parameters.group_by_time.start_time
schema:
format: date-time
type: string
- description: |-
End of the time period to group objects.
Defaults to the current time.
in: query
name: list_parameters.group_by_time.end_time
schema:
format: date-time
type: string
- description: >-
The mode determines how the matching objects are counted
in the produced time-series. Values allowed are:
count (default) : is the number of items matching in every interval.
sum: is the total number of items matching since the beginning of
the
aggregation time.
in: query
name: list_parameters.group_by_time.mode
schema:
type: string
- description: >-
The aggregation_field is a field on the matched objects that we want
to
perform some operation in each interval (example : min, max, avg)
in: query
name: list_parameters.group_by_time.aggregation_value_field
schema:
type: string
- description: |-
The aggreation_operator is the operator that we should use for the
aggregation. Allowed values are: min, max, sum, avg
in: query
name: list_parameters.group_by_time.aggregation_operator
schema:
type: string
- description: |-
If true, the results will not be paginated and
only the first page will be returned. The order
of the results is not guaranteed.
in: query
name: list_parameters.disable_pagination
schema:
type: boolean
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/v1ListInstallationsResponse'
description: A successful response.
default:
content:
application/json:
schema:
$ref: '#/components/schemas/googlerpcStatus'
description: An unexpected error response.
components:
schemas:
v1ListInstallationsResponse:
description: Response to the request to list installations.
properties:
count_response:
$ref: '#/components/schemas/v1CountResponse'
group_response:
$ref: '#/components/schemas/v1GroupResponse'
list:
$ref: '#/components/schemas/v1ListInstallationsResponseList'
type: object
googlerpcStatus:
description: >-
The `Status` type defines a logical error model that is suitable for
different programming environments, including REST APIs and RPC APIs. It
is
used by [gRPC](https://github.com/grpc). Each `Status` message contains
three pieces of data: error code, error message, and error details.
You can find out more about this error model and how to work with it in
the
[API Design Guide](https://cloud.google.com/apis/design/errors).
properties:
code:
description: |-
The status code, which should be an enum value of
[google.rpc.Code][google.rpc.Code].
format: int32
type: integer
details:
description: >-
A list of messages that carry the error details. There is a common
set of
message types for APIs to use.
items:
$ref: '#/components/schemas/googleprotobufAny'
type: array
message:
description: >-
A developer-facing error message, which should be in English. Any
user-facing error message should be localized and sent in the
[google.rpc.Status.details][google.rpc.Status.details] field, or
localized
by the client.
type: string
type: object
v1CountResponse:
description: Response to a list count request.
properties:
count:
description: Number of objects matching the given list parameters.
format: int32
type: integer
type: object
v1GroupResponse:
description: Response to a list group request.
properties:
groups:
additionalProperties:
$ref: '#/components/schemas/GroupResponseGroupData'
description: |-
Map indexed by values of the fields specified in aggregation_paths,
for example, {"[{"key":"meta.kind","value":"Project"}]": {
"aggregation_count": { "count": 1649 } } }.
type: object
type: object
v1ListInstallationsResponseList:
properties:
objects:
items:
$ref: '#/components/schemas/v1Installation'
type: array
response:
$ref: '#/components/schemas/v1ListResponse'
type: object
googleprotobufAny:
additionalProperties: {}
description: >-
`Any` contains an arbitrary serialized protocol buffer message along
with a
URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form
of utility functions or additional generated methods of the Any type.
Example 1: Pack and unpack a message in C++.
Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
...
}
Example 2: Pack and unpack a message in Java.
Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
any.Unpack(foo)
...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
...
}
The pack methods provided by protobuf library will by default use
'type.googleapis.com/full.type.name' as the type URL and the unpack
methods only use the fully qualified type name after the last '/'
in the type URL, for example "foo.bar.com/x/y.z" will yield type
name "y.z".
JSON
====
The JSON representation of an `Any` value uses the regular
representation of the deserialized, embedded message, with an
additional field `@type` which contains the type URL. Example:
package google.profile;
message Person {
string first_name = 1;
string last_name = 2;
}
{
"@type": "type.googleapis.com/google.profile.Person",
"firstName": ,
"lastName":
}
If the embedded message type is well-known and has a custom JSON
representation, that representation will be embedded adding a field
`value` which holds the custom JSON in addition to the `@type`
field. Example (for message [google.protobuf.Duration][]):
{
"@type": "type.googleapis.com/google.protobuf.Duration",
"value": "1.212s"
}
properties:
'@type':
description: >-
A URL/resource name that uniquely identifies the type of the
serialized
protocol buffer message. This string must contain at least
one "/" character. The last segment of the URL's path must represent
the fully qualified name of the type (as in
`path/google.protobuf.Duration`). The name should be in a canonical
form
(e.g., leading "." is not accepted).
In practice, teams usually precompile into the binary all types that
they
expect it to use in the context of Any. However, for URLs which use
the
scheme `http`, `https`, or no scheme, one can optionally set up a
type
server that maps type URLs to message definitions as follows:
* If no scheme is provided, `https` is assumed.
* An HTTP GET on the URL must yield a [google.protobuf.Type][]
value in binary format, or produce an error.
* Applications are allowed to cache lookup results based on the
URL, or have them precompiled into a binary to avoid any
lookup. Therefore, binary compatibility needs to be preserved
on changes to types. (Use versioned type names to manage
breaking changes.)
Note: this functionality is not currently available in the official
protobuf release, and it is not used for type URLs beginning with
type.googleapis.com. As of May 2023, there are no widely used type
server
implementations and no plans to implement one.
Schemes other than `http`, `https` (or the empty scheme) might be
used with implementation specific semantics.
type: string
type: object
GroupResponseGroupData:
description: Information about objects matching the given key.
properties:
aggregation_count:
$ref: '#/components/schemas/v1CountResponse'
aggregation_uuids:
description: |-
List of UUIDs of the objects in the group.
Only populated if show_aggregation_uuids is set.
items:
type: string
type: array
aggregation_value:
$ref: '#/components/schemas/v1GroupAggregationValueResponse'
unique_counts:
additionalProperties:
$ref: '#/components/schemas/v1CountResponse'
description: |-
Map of counts for the given unique_count_paths fields.
Only populated if unique_count_paths is set.
type: object
unique_values:
additionalProperties:
items:
type: object
type: array
description: |-
Map of values for the given unique_value_paths fields.
Only populated if unique_value_paths is set.
type: object
type: object
v1Installation:
description: Installation represents an installation request in the system.
properties:
meta:
$ref: '#/components/schemas/v1Meta'
processing_status:
$ref: '#/components/schemas/v1ProcessingStatus'
propagate:
description: >-
Propagate indicates that the object should be visible in child
namespaces.
type: boolean
spec:
$ref: '#/components/schemas/v1InstallationSpec'
tenant_meta:
$ref: '#/components/schemas/v1TenantMeta'
uuid:
description: The UUID of the installation.
readOnly: true
type: string
required:
- meta
- tenant_meta
type: object
v1ListResponse:
description: Response to a list request.
properties:
next_page_id:
description: The UUID of last message retrieved.
type: string
next_page_token:
description: >-
Pagination token that can be used to retrieve the next page of
results.
format: int32
type: integer
type: object
v1GroupAggregationValueResponse:
description: |-
GroupAggregationValueResponse returns the value of the aggregation if
requested.
properties:
value:
format: float
type: number
type: object
v1Meta:
description: Common fields for all Endor Labs resources.
properties:
annotations:
additionalProperties:
type: string
description: >-
Annotations can be used to attach metadata to a resource message.
Annotation values can be small or large, structured or unstructured,
and may include characters not permitted by labels.
The keys may contain alphanumerics, underscores (_), dots (.) and
dashes
(-). The values of an annotation must be 16384 bytes or smaller.
type: object
create_time:
description: |-
Time the resource was created.
Format: 2017-01-15T01:30:15.01Z
RFC 3339: https://www.ietf.org/rfc/rfc3339.txt.
format: date-time
readOnly: true
type: string
created_by:
description: |-
Name and authentication source of the user who created the object,
for example, ewok@endor.ai@google@api-key.
readOnly: true
type: string
description:
description: Resource description. Must be less than 1024 bytes.
type: string
index_data:
$ref: '#/components/schemas/v1IndexData'
kind:
description: >-
Resource kind, for example, HelloResponse.
Auto-generated using the protobuf message
proto.MessageName().Name().
readOnly: true
type: string
name:
description: Resource name. Must be 63 characters or less.
type: string
parent_kind:
description: Parent object resource kind, for example, Project.
type: string
parent_uuid:
description: Parent object UUID.
type: string
references:
additionalProperties:
$ref: '#/components/schemas/googleprotobufAny'
description: Map of objects referenced in a query API.
readOnly: true
type: object
tags:
description: >-
List of tags attached to the resource.
Tags can be used to select objects and to find collections of
objects that
satisfy certain conditions. A tag must be 255 characters or less.
items:
type: string
type: array
update_time:
description: |-
Time the resource was last updated.
Note: Updated on all create/patch/delete operations.
Format: 2017-01-15T01:30:15.01Z
RFC 3339: https://www.ietf.org/rfc/rfc3339.txt.
format: date-time
readOnly: true
type: string
updated_by:
description: >-
Name and authentication source of the last user who updated the
object,
for example, vulnerabilityingestor@endor.ai@x509.
readOnly: true
type: string
upsert_time:
description: |-
Time the resource was last upserted.
Note:
create_time is only set the first time the resource is created.
upsert_time is set every time the resource is upseted.
Format: 2017-01-15T01:30:15.01Z
RFC 3339: https://www.ietf.org/rfc/rfc3339.txt.
format: date-time
readOnly: true
type: string
version:
description: Message version.
readOnly: true
type: string
required:
- name
type: object
v1ProcessingStatus:
properties:
analytic_time:
description: |-
Last time a project was analyzed.
Format: 2017-01-15T01:30:15.01Z
RFC 3339: https://www.ietf.org/rfc/rfc3339.txt.
format: date-time
type: string
disable_automated_scan:
description: >-
This is a private package and it must not be scanned by the
background
scheduler. It will be scanned by an endorctl client instead.
Default:
false.
type: boolean
metadata:
$ref: '#/components/schemas/v1ProcessingStatusMetadata'
queue_time:
description: |-
Last time a project was queued.
Format: 2017-01-15T01:30:15.01Z
RFC 3339: https://www.ietf.org/rfc/rfc3339.txt.
format: date-time
type: string
scan_state:
$ref: '#/components/schemas/v1ScanState'
scan_time:
description: |-
Last time a project was ingested.
Format: 2017-01-15T01:30:15.01Z
RFC 3339: https://www.ietf.org/rfc/rfc3339.txt
format: date-time
type: string
type: object
v1InstallationSpec:
properties:
azure_config:
$ref: '#/components/schemas/v1AzureConfig'
bitbucket_config:
$ref: '#/components/schemas/v1BitBucketConfig'
cleanup_stale_namespaces:
description: |-
Indicates whether stale managed namespaces that no longer correspond
to groups or projects in the SCM should be automatically deleted
during installation reconciliation. Default value is false.
type: boolean
enabled_features:
items:
$ref: '#/components/schemas/SpecEnabledFeatureType'
title: Enabled features. The valid values are "git, github"
type: array
external_id:
description: The external ID of the installation.
type: string
external_name:
description: The external name of the installation.
readOnly: true
type: string
github_config:
$ref: '#/components/schemas/v1GitHubConfig'
gitlab_config:
$ref: '#/components/schemas/v1GitLabConfig'
huggingface_config:
$ref: '#/components/schemas/v1HuggingFaceConfig'
include_archived_repos:
description: >-
include_archived_repos is a boolean value that indicates if the
archived
repos should be included. Default will be off.
type: boolean
ingestion_time:
description: The last time that we ingested the installation data.
format: date-time
readOnly: true
type: string
ingestion_token:
description: |-
The API token that the scanner can use for scanning installation
related information. If it is empty, the scanner will use local
authentication information.
readOnly: true
type: string
installation_error_message:
description: |-
Message explaining why the installation is invalid.
This field is populated when invalid is true.
type: string
invalid:
description: |-
Identifies the installations that are in the system,
but potentially their corresponding configuration has been removed
from GitHub and thus we cannot authenticate. In this case,
we stop trying to re-sync with this installation.
type: boolean
login:
description: >-
The login of the account taken directly from the GitHub response
VS spec.user, which is inferred from the identity token in the
request
context.
type: string
marked_for_deletion:
description: |-
Indicates the installation is marked for deletion,
and in next sync call the installation with its related data will be
deleted.
readOnly: true
type: boolean
platform_source:
$ref: '#/components/schemas/SpecPlatformSourceType'
platform_type:
$ref: '#/components/schemas/v1PlatformSource'
project_uuids:
description: The list of projects that are associated with this installation.
items:
type: string
type: array
public:
description: Apply only to public repositories. Default value is false.
type: boolean
scm_app_uuid:
description: The UUID of the SCM app being installed.
type: string
suspended:
description: Indicates if the installation is suspended.
type: boolean
target_type:
description: The target of the installation (Organization or User).
readOnly: true
type: string
user:
description: |-
The user name of the user that initiated the installation.
Refers back to the GitHub user name.
readOnly: true
type: string
type: object
v1TenantMeta:
description: Tenant related data for the tenant containing the resource.
properties:
namespace:
description: >-
Namespaces are a way to organize organizational units into virtual
groupings of resources. Namespaces must be a fully qualified name,
for example, the child namespace of namespace "endor.prod" called
"app"
is called "endor.prod.app".
type: string
required:
- namespace
type: object
v1IndexData:
description: |-
IndexData is used to index the resource for search. It's an internal
object.
properties:
data:
items:
type: string
readOnly: true
type: array
search_score:
description: >-
search_score is the score of the resource for search. Internal use
only.
format: float
readOnly: true
type: number
tenant:
readOnly: true
type: string
will_be_deleted_at:
description: Time that the resource will be deleted.
format: date-time
readOnly: true
type: string
type: object
v1ProcessingStatusMetadata:
properties:
full_history_scan_time:
format: date-time
title: Last time a project was scanned with deep secrets scanning
type: string
type: object
v1ScanState:
default: SCAN_STATE_UNSPECIFIED
description: |-
Scan state for a project or package version.
- SCAN_STATE_NOT_PROCESSED: Object has not been processed by the system yet.
Set when the project or package is created for the first time.
A new project or package version is automatically placed in this state.
- SCAN_STATE_IDLE: Object has been scanned at least once.
- SCAN_STATE_INGESTING: Object is being scanned.
- SCAN_STATE_ANALYTIC: Object is being analyzed.
- SCAN_STATE_UNREACHABLE: Object cannot be ingested because it is not reachable from the scheduler.
- SCAN_STATE_REQUEST_FULL_RESCAN: Object is marked for a complete rescan.
This only applies to OSS projects.
- SCAN_STATE_REQUEST_INCREMENTAL_RESCAN: Object is marked for an incremental rescan, where only new packages
discovered in the scan are added. Indicates that this project should be
rescanned with a higher priority. Often because it is used by a customer
and we need any new packages to be discovered and scanned with higher
priority. If the project is put in this state, we will scan any new
packages at high priority but we will not re-scan older packages.
- SCAN_STATE_QUEUED: Object is queued to be scanned.
- SCAN_STATE_QUARANTINED: Scan scheduling was unsuccessful due to a system errors. Object is
quarantined from additional scheduling. Potentially object is an
orphan or similar situations.
enum:
- SCAN_STATE_UNSPECIFIED
- SCAN_STATE_NOT_PROCESSED
- SCAN_STATE_IDLE
- SCAN_STATE_INGESTING
- SCAN_STATE_ANALYTIC
- SCAN_STATE_UNREACHABLE
- SCAN_STATE_REQUEST_FULL_RESCAN
- SCAN_STATE_REQUEST_INCREMENTAL_RESCAN
- SCAN_STATE_QUEUED
- SCAN_STATE_QUARANTINED
type: string
v1AzureConfig:
properties:
host_url:
description: The URL of the project.
type: string
personal_access_token:
description: >-
PAT of the user doing integration to fetch resources using REST
APIs.
type: string
required:
- host_url
type: object
v1BitBucketConfig:
properties:
cloud:
$ref: '#/components/schemas/v1BitBucketCloudAuthConfig'
data_center:
$ref: '#/components/schemas/v1BitBucketDataCenterAuthConfig'
enable_full_scan:
description: >-
enable_full_scan is a boolean value that indicates if the full scan
should
be enabled.
type: boolean
enable_pr_comments:
description: >-
enable_pr_comments is a boolean value that indicates if the
automated PR
comments should be enabled.
type: boolean
enable_pr_scans:
description: >-
enable_pr_scans is a boolean value that indicates if the automated
PR scans
are enabled.
type: boolean
host_url:
description: The URL of the workspace (only for cloud) or project.
type: string
webhook_secret:
description: >-
The webhook secret configured in Bitbucket for validating incoming
webhook
events.
type: string
required:
- host_url
type: object
SpecEnabledFeatureType:
default: ENABLED_FEATURE_TYPE_UNSPECIFIED
enum:
- ENABLED_FEATURE_TYPE_UNSPECIFIED
- ENABLED_FEATURE_TYPE_GIT_SCAN
- ENABLED_FEATURE_TYPE_GITHUB_SCAN
- ENABLED_FEATURE_TYPE_SECRETS_SCAN
- ENABLED_FEATURE_TYPE_TOOLS_SCAN
- ENABLED_FEATURE_TYPE_GITHUB_ACTION_SCAN
- ENABLED_FEATURE_TYPE_SAST_SCAN
- ENABLED_FEATURE_TYPE_AI_MODELS_SCAN
type: string
v1GitHubConfig:
properties:
app_id:
description: The app id of the installation.
type: string
enable_full_scan:
description: >-
enable_full_scan is a boolean value that indicates if the full scan
should
be enabled.
type: boolean
enable_pr_comments:
description: >-
enable_pr_comments is a boolean value that indicates if the
automated PR
comments should be enabled.
type: boolean
enable_pr_scans:
description: >-
enable_pr_scans is a boolean value that indicates if the automated
PR scans
are enabled.
type: boolean
host_url:
description: The base URL of the corresponding SCM app.
type: string
include_archived_repos:
description: >-
include_archived_repos is a boolean value that indicates if the
archived
repos should be included. Default will be off.
type: boolean
installation_github_user:
readOnly: true
title: >-
installation_github_user is the Github user that initiated the
installation
type: string
type: object
v1GitLabConfig:
properties:
enable_full_scan:
description: >-
enable_full_scan is a boolean value that indicates if the full scan
should
be enabled.
type: boolean
enable_mr_comments:
description: >-
enable_mr_comments is a boolean value that indicates if the
automated MR
comments should be enabled.
type: boolean
enable_mr_scans:
description: >-
enable_mr_scans is a boolean value that indicates if the automated
MR scans
are enabled.
type: boolean
host_url:
description: The URL of the group/sub-group.
type: string
personal_access_token:
description: >-
PAT of the user doing integration to fetch resources using REST
APIs.
type: string
webhook_secret:
description: >-
The webhook secret configured in GitLab for validating incoming
webhook
events.
type: string
required:
- host_url
type: object
v1HuggingFaceConfig:
properties:
access_token:
description: |-
Optional HuggingFace API token used to authenticate requests for
private models within the organization. When omitted, only publicly
accessible models are discovered.
type: string
avatar_url:
description: Avatar URL of the HuggingFace organization.
type: string
host_url:
title: |-
The HuggingFace organization URL.
Example: "https://huggingface.co/meta-llama"
type: string
required:
- host_url
type: object
SpecPlatformSourceType:
default: PLATFORM_SOURCE_TYPE_UNSPECIFIED
description: 'Deprecated: Use platform_type instead.'
enum:
- PLATFORM_SOURCE_TYPE_UNSPECIFIED
- PLATFORM_SOURCE_TYPE_AZURE
- PLATFORM_SOURCE_TYPE_BITBUCKET
- PLATFORM_SOURCE_TYPE_GITHUB
- PLATFORM_SOURCE_TYPE_GITLAB
type: string
v1PlatformSource:
default: PLATFORM_SOURCE_UNSPECIFIED
description: Type of source control platform a resource was discovered on.
enum:
- PLATFORM_SOURCE_UNSPECIFIED
- PLATFORM_SOURCE_GITHUB
- PLATFORM_SOURCE_GITLAB
- PLATFORM_SOURCE_GITSERVER
- PLATFORM_SOURCE_BITBUCKET
- PLATFORM_SOURCE_BINARY
- PLATFORM_SOURCE_HUGGING_FACE
- PLATFORM_SOURCE_AZURE
- PLATFORM_SOURCE_ARCHIVE
- PLATFORM_SOURCE_EXTERNAL_AI_SERVICE
- PLATFORM_SOURCE_GITHUB_ENTERPRISE
type: string
v1BitBucketCloudAuthConfig:
description: Configuration for Bitbucket Cloud authentication.
properties:
access_token:
title: |-
The access token associated with the Bitbucket Cloud account.
https://support.atlassian.com/bitbucket-cloud/docs/access-tokens
type: string
app_password_config:
$ref: '#/components/schemas/v1AppPasswordConfig'
required:
- access_token
type: object
v1BitBucketDataCenterAuthConfig:
description: Configuration for Bitbucket Datacenter authentication.
properties:
http_access_token:
description: The HTTP Access Token used for Bitbucket Datacenter authentication.
type: string
required:
- http_access_token
type: object
v1AppPasswordConfig:
description: >-
AppPasswordConfig holds HTTP Basic Auth credentials for Bitbucket Cloud.
It supports both legacy App Passwords and its replacement, Atlassian
Scoped API Tokens
(https://support.atlassian.com/bitbucket-cloud/docs/api-tokens/).
Both use the same HTTP Basic Auth mechanism (username:token).
NOTE: Bitbucket App Passwords are deprecated and will be removed on June
9, 2026.
New integrations should use Scoped API Tokens.
properties:
app_password:
description: >-
The App Password or Atlassian Scoped API Token used for HTTP Basic
Auth.
Both credential types are wire-compatible (username:token in Basic
Auth header).
type: string
username:
description: >-
The username (or Atlassian account email for Scoped API Tokens) used
for
HTTP Basic Auth against Bitbucket Cloud.
type: string
required:
- username
- app_password
type: object
````