> ## Documentation Index
> Fetch the complete documentation index at: https://docs.endorlabs.com/llms.txt
> Use this file to discover all available pages before exploring further.
## Submitting Feedback
If you encounter incorrect, outdated, or confusing documentation on this page, submit feedback:
POST https://docs.endorlabs.com/feedback
```json
{
"path": "/api-reference/scanprofileservice/updatescanprofile-updates-a-specified-toolchain-profile",
"feedback": "Description of the issue"
}
```
Only submit feedback when you have something specific and actionable to report.
# UpdateScanProfile updates a specified Toolchain profile.
## OpenAPI
````yaml /api-reference/openapi.v3.json patch /v1/namespaces/{object.tenant_meta.namespace}/scan-profiles
openapi: 3.0.3
info:
description: Integrate your application with Endor Labs using the REST API.
title: Endor Labs REST API Reference
version: '1.0'
servers:
- url: https://api.endorlabs.com/
security: []
tags:
- name: AISastCustomerContextService
- name: APIKeyService
- name: APIKeyValidatorService
- name: ArtifactSignatureService
- name: AuditLogService
- name: AuthenticationLogService
- name: AuthenticationService
- name: AuthorizationPolicyService
- name: BatchFileSegmentsService
- name: BatchNotificationService
- name: CallGraphDataService
- name: CodeOwnersService
- name: DependencyMetadataService
- name: EndorIgnoreEntryService
- name: ExporterService
- name: FindingLogService
- name: FindingService
- name: HuggingFaceModelService
- name: HuggingFaceOrganizationService
- name: IPAddressPolicyService
- name: IdentityProviderService
- name: InstallationService
- name: InvitationService
- name: LicenseDependencyService
- name: LicenseNoticesReportService
- name: LicenseSummaryService
- name: LinterResultService
- name: MalwareService
- name: MetricService
- name: NamespaceService
- name: NotificationService
- name: NotificationTargetService
- name: OnPremSchedulerService
- name: PRCommentConfigService
- name: PackageFirewallLogService
- name: PackageLicenseOverrideService
- name: PackageLicenseQueryService
- name: PackageLicenseService
- name: PackageManagerService
- name: PackageVersionService
- name: PluginBinaryService
- name: PolicyService
- name: PolicyTemplateService
- name: ProjectService
- name: ProvisioningResultService
- name: QueryMalwareService
- name: QueryService
- name: QuerySimilarPackagesService
- name: QueryVulnerabilityService
- name: RegistryIngestionCheckpointService
- name: RepositoryService
- name: RepositoryVersionService
- name: RuleSetImportService
- name: SBOMExportService
- name: SBOMImportService
- name: SCMCredentialService
- name: SavedQueryService
- name: ScanLogRequestService
- name: ScanProfileService
- name: ScanResultService
- name: ScanWorkflowResultService
- name: ScanWorkflowService
- name: SecretRuleService
- name: SemgrepRuleService
- name: SystemConfigService
- name: TenantService
- name: VEXExportService
- name: VectorStoreService
- name: VersionUpgradeService
- name: VulnerabilityService
paths:
/v1/namespaces/{object.tenant_meta.namespace}/scan-profiles:
patch:
tags:
- ScanProfileService
summary: UpdateScanProfile updates a specified Toolchain profile.
operationId: ScanProfileService_UpdateScanProfile
parameters:
- description: >-
Namespaces are a way to organize organizational units into virtual
groupings of resources. Namespaces must be a fully qualified name,
for example, the child namespace of namespace "endor.prod" called
"app"
is called "endor.prod.app".
in: path
name: object.tenant_meta.namespace
required: true
schema:
type: string
x-endor-name: Namespace
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ScanProfileServiceUpdateScanProfileBody'
required: true
x-originalParamName: body
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/v1ScanProfile'
description: A successful response.
default:
content:
application/json:
schema:
$ref: '#/components/schemas/googlerpcStatus'
description: An unexpected error response.
components:
schemas:
ScanProfileServiceUpdateScanProfileBody:
description: UpdateScanProfileRequest is used by UpdateScanProfile.
properties:
object:
description: >-
ScanProfile represents the scan configuration to use across
different
projects.
properties:
meta:
$ref: '#/components/schemas/v1Meta'
propagate:
description: >-
Indicates that the object should be visible in the child
namespaces.
type: boolean
spec:
$ref: '#/components/schemas/v1ScanProfileSpec'
tenant_meta:
description: Tenant related data for the tenant containing the resource.
type: object
uuid:
description: >-
UUID is a universally unique identifier for the tool chain
profile.
readOnly: true
type: string
type: object
request:
$ref: '#/components/schemas/v1UpdateRequest'
required:
- meta
- spec
type: object
v1ScanProfile:
description: |-
ScanProfile represents the scan configuration to use across different
projects.
properties:
meta:
$ref: '#/components/schemas/v1Meta'
propagate:
description: Indicates that the object should be visible in the child namespaces.
type: boolean
spec:
$ref: '#/components/schemas/v1ScanProfileSpec'
tenant_meta:
$ref: '#/components/schemas/v1TenantMeta'
uuid:
description: UUID is a universally unique identifier for the tool chain profile.
readOnly: true
type: string
required:
- tenant_meta
- meta
- spec
type: object
googlerpcStatus:
description: >-
The `Status` type defines a logical error model that is suitable for
different programming environments, including REST APIs and RPC APIs. It
is
used by [gRPC](https://github.com/grpc). Each `Status` message contains
three pieces of data: error code, error message, and error details.
You can find out more about this error model and how to work with it in
the
[API Design Guide](https://cloud.google.com/apis/design/errors).
properties:
code:
description: |-
The status code, which should be an enum value of
[google.rpc.Code][google.rpc.Code].
format: int32
type: integer
details:
description: >-
A list of messages that carry the error details. There is a common
set of
message types for APIs to use.
items:
$ref: '#/components/schemas/googleprotobufAny'
type: array
message:
description: >-
A developer-facing error message, which should be in English. Any
user-facing error message should be localized and sent in the
[google.rpc.Status.details][google.rpc.Status.details] field, or
localized
by the client.
type: string
type: object
v1Meta:
description: Common fields for all Endor Labs resources.
properties:
annotations:
additionalProperties:
type: string
description: >-
Annotations can be used to attach metadata to a resource message.
Annotation values can be small or large, structured or unstructured,
and may include characters not permitted by labels.
The keys may contain alphanumerics, underscores (_), dots (.) and
dashes
(-). The values of an annotation must be 16384 bytes or smaller.
type: object
create_time:
description: |-
Time the resource was created.
Format: 2017-01-15T01:30:15.01Z
RFC 3339: https://www.ietf.org/rfc/rfc3339.txt.
format: date-time
readOnly: true
type: string
created_by:
description: |-
Name and authentication source of the user who created the object,
for example, ewok@endor.ai@google@api-key.
readOnly: true
type: string
description:
description: Resource description. Must be less than 1024 bytes.
type: string
index_data:
$ref: '#/components/schemas/v1IndexData'
kind:
description: >-
Resource kind, for example, HelloResponse.
Auto-generated using the protobuf message
proto.MessageName().Name().
readOnly: true
type: string
name:
description: Resource name. Must be 63 characters or less.
type: string
parent_kind:
description: Parent object resource kind, for example, Project.
type: string
parent_uuid:
description: Parent object UUID.
type: string
references:
additionalProperties:
$ref: '#/components/schemas/googleprotobufAny'
description: Map of objects referenced in a query API.
readOnly: true
type: object
tags:
description: >-
List of tags attached to the resource.
Tags can be used to select objects and to find collections of
objects that
satisfy certain conditions. A tag must be 255 characters or less.
items:
type: string
type: array
update_time:
description: |-
Time the resource was last updated.
Note: Updated on all create/patch/delete operations.
Format: 2017-01-15T01:30:15.01Z
RFC 3339: https://www.ietf.org/rfc/rfc3339.txt.
format: date-time
readOnly: true
type: string
updated_by:
description: >-
Name and authentication source of the last user who updated the
object,
for example, vulnerabilityingestor@endor.ai@x509.
readOnly: true
type: string
upsert_time:
description: |-
Time the resource was last upserted.
Note:
create_time is only set the first time the resource is created.
upsert_time is set every time the resource is upseted.
Format: 2017-01-15T01:30:15.01Z
RFC 3339: https://www.ietf.org/rfc/rfc3339.txt.
format: date-time
readOnly: true
type: string
version:
description: Message version.
readOnly: true
type: string
required:
- name
type: object
v1ScanProfileSpec:
description: Spec is the internal specification of the object.
properties:
ai_sast_analysis_parameters:
$ref: '#/components/schemas/v1AISastAnalysisParameters'
automated_scan_parameters:
$ref: '#/components/schemas/v1AutomatedScanParameters'
exporter_parameters:
$ref: '#/components/schemas/SpecExporterParameters'
is_default:
description: is_default indicates that the scan profile is the namespace default.
type: boolean
remediation_parameters:
$ref: '#/components/schemas/v1RemediationParameters'
security_review_scanner_parameters:
$ref: '#/components/schemas/SpecSecurityReviewScannerParameters'
toolchain_profile:
$ref: '#/components/schemas/v1ToolChainProfile'
type: object
v1UpdateRequest:
description: Message used for all update requests.
properties:
force:
description: |-
Force will force the update of the resource if any
checks fail.
type: boolean
update_mask:
description: Fields to update. Defaults to all fields.
type: string
type: object
v1TenantMeta:
description: Tenant related data for the tenant containing the resource.
properties:
namespace:
description: >-
Namespaces are a way to organize organizational units into virtual
groupings of resources. Namespaces must be a fully qualified name,
for example, the child namespace of namespace "endor.prod" called
"app"
is called "endor.prod.app".
type: string
required:
- namespace
type: object
googleprotobufAny:
additionalProperties: {}
description: >-
`Any` contains an arbitrary serialized protocol buffer message along
with a
URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form
of utility functions or additional generated methods of the Any type.
Example 1: Pack and unpack a message in C++.
Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
...
}
Example 2: Pack and unpack a message in Java.
Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
any.Unpack(foo)
...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
...
}
The pack methods provided by protobuf library will by default use
'type.googleapis.com/full.type.name' as the type URL and the unpack
methods only use the fully qualified type name after the last '/'
in the type URL, for example "foo.bar.com/x/y.z" will yield type
name "y.z".
JSON
====
The JSON representation of an `Any` value uses the regular
representation of the deserialized, embedded message, with an
additional field `@type` which contains the type URL. Example:
package google.profile;
message Person {
string first_name = 1;
string last_name = 2;
}
{
"@type": "type.googleapis.com/google.profile.Person",
"firstName": ,
"lastName":
}
If the embedded message type is well-known and has a custom JSON
representation, that representation will be embedded adding a field
`value` which holds the custom JSON in addition to the `@type`
field. Example (for message [google.protobuf.Duration][]):
{
"@type": "type.googleapis.com/google.protobuf.Duration",
"value": "1.212s"
}
properties:
'@type':
description: >-
A URL/resource name that uniquely identifies the type of the
serialized
protocol buffer message. This string must contain at least
one "/" character. The last segment of the URL's path must represent
the fully qualified name of the type (as in
`path/google.protobuf.Duration`). The name should be in a canonical
form
(e.g., leading "." is not accepted).
In practice, teams usually precompile into the binary all types that
they
expect it to use in the context of Any. However, for URLs which use
the
scheme `http`, `https`, or no scheme, one can optionally set up a
type
server that maps type URLs to message definitions as follows:
* If no scheme is provided, `https` is assumed.
* An HTTP GET on the URL must yield a [google.protobuf.Type][]
value in binary format, or produce an error.
* Applications are allowed to cache lookup results based on the
URL, or have them precompiled into a binary to avoid any
lookup. Therefore, binary compatibility needs to be preserved
on changes to types. (Use versioned type names to manage
breaking changes.)
Note: this functionality is not currently available in the official
protobuf release, and it is not used for type URLs beginning with
type.googleapis.com. As of May 2023, there are no widely used type
server
implementations and no plans to implement one.
Schemes other than `http`, `https` (or the empty scheme) might be
used with implementation specific semantics.
type: string
type: object
v1IndexData:
description: |-
IndexData is used to index the resource for search. It's an internal
object.
properties:
data:
items:
type: string
readOnly: true
type: array
search_score:
description: >-
search_score is the score of the resource for search. Internal use
only.
format: float
readOnly: true
type: number
tenant:
readOnly: true
type: string
will_be_deleted_at:
description: Time that the resource will be deleted.
format: date-time
readOnly: true
type: string
type: object
v1AISastAnalysisParameters:
description: Runtime parameters controlling behavior of ai sast analysis.
properties:
fp_triage:
description: enable false positive triage of sast findings using AI.
type: boolean
mode:
$ref: '#/components/schemas/AISastAnalysisParametersAISastAnalysisMode'
retriage:
description: enable retriage of sast findings using AI.
type: boolean
type: object
v1AutomatedScanParameters:
description: >-
AutomatedScanParameters represents the parameters that must be applied
during
automated cloud scans to the projects associated with the corresponding
profile.
properties:
additional_environment_variables:
description: |-
additional_environment_variables is a list of additional environment
variables that must be used, specific to languages or tools.
items:
type: string
type: array
bazel_configuration:
$ref: '#/components/schemas/AutomatedScanParametersBazelConfiguration'
call_graph_languages:
description: |-
call_graph_languages is the list of languages that should be used to
calculate call graphs. If empty, default values are used.
items:
type: string
type: array
disable_code_snippet_storage:
description: >-
disable_code_snippet_storage is a boolean value that indicates if
the source code snippet
related to a finding should be stored or displayed. Default will be
off.
type: boolean
disable_code_storage:
description: >-
disable_code_storage is a boolean value that indicates if the source
code related to a finding
should be stored or displayed. Default will be off.
type: boolean
enable_ai_sast_scan:
description: >-
enable_ai_sast_scan is a boolean value that indicates if AI SAST
scan should be requested.
type: boolean
enable_automated_pr_scans:
description: >-
enable_automated_pr_scans for this repository will allow the github
app to selectively scan PRs and merges for this repository.
If the project is not part of a github app, this setting will be
ingored.
type: boolean
enable_full_git_log_secret_scan:
description: enable_full_git_log_secret_scan for this repository.
type: boolean
enable_pr_comments:
description: enable_pr_comments for this repository.
type: boolean
enable_pr_incremental_scan:
description: >-
enable_pr_incremental_scan is a boolean value that indicates if the
PR incremental scan should be requested.
type: boolean
enable_pr_security_review_scan:
description: >-
enable_pr_security_review_scan is a boolean value that indicates if
a Security Review scan should be requested.
type: boolean
enable_remediation_action:
description: enable_remediation_action for this repository.
type: boolean
enable_sast_scan:
description: enable_sast_scan for this repository.
type: boolean
enable_secret_scan:
description: enable_secret_scan for this repository.
type: boolean
excluded_paths:
description: >-
excluded_paths is a list of paths that should be excluded from the
scan.
items:
type: string
type: array
full_pr_scan:
description: >-
full_pr_scan indicates whether a full scan should be enabled during
PRs.
type: boolean
full_push_scan:
description: >-
full_push_scan indicates whether a full scan should be enabled
during
pushes.
type: boolean
included_paths:
description: >-
included_paths is a list of paths that should be included in the
scan.
items:
type: string
type: array
languages:
description: |-
languages is a list of languages that should be scanned. If emtpy
default values are used.
items:
type: string
type: array
type: object
SpecExporterParameters:
properties:
exporter_uuids:
description: |-
exporter_uuids is the list of exporter objects that will be used for
exports at the end of the scan.
items:
type: string
type: array
type: object
v1RemediationParameters:
description: RemediationParameters holds the settings for remediation actions.
properties:
automated_pr_parameters:
$ref: '#/components/schemas/RemediationParametersAutomatedPRParameters'
type: object
SpecSecurityReviewScannerParameters:
properties:
disable_code_summary:
description: >-
disable_code_summary indicates that the code summary part of the
security review should be disabled whether or not there are
findings.
type: boolean
user_prompt:
description: >-
user_prompt is the user prompt for the security review scanner.
it is used to customize the security review scanner and give the
ability to the user to provide their own prompt to customize the
security review and the findings that are reported. This is
optional.
type: string
type: object
v1ToolChainProfile:
description: |-
ToolChainProfile represents the list of tool chains that need to be
installed.
properties:
os:
additionalProperties:
$ref: '#/components/schemas/ToolChainProfileArchitectureToolChain'
type: object
type: object
AISastAnalysisParametersAISastAnalysisMode:
default: AI_SAST_ANALYSIS_MODE_UNSPECIFIED
description: |2-
- AI_SAST_ANALYSIS_MODE_UNSPECIFIED: Options available for peforming AI triage of Sast Findings.
- AI_SAST_ANALYSIS_MODE_AGENT_FALLBACK: AI_SAST_ANALYSIS_AGENT_ZEROSHOT_CODE_API = 4; // TODO add when ready.
enum:
- AI_SAST_ANALYSIS_MODE_UNSPECIFIED
- AI_SAST_ANALYSIS_MODE_AGENT
- AI_SAST_ANALYSIS_MODE_AGENT_DEEP
- AI_SAST_ANALYSIS_MODE_AGENT_FALLBACK
type: string
AutomatedScanParametersBazelConfiguration:
properties:
bazel_exclude_targets:
description: targets that should be excluded.
items:
type: string
type: array
bazel_include_targets:
description: targets that should be included.
items:
type: string
type: array
bazel_show_internal_targets:
description: show internal targets as dependencies.
type: boolean
bazel_targets_query:
description: query that should be used for bazel scans.
type: string
bazel_workspace_path:
description: bazel workspace path.
type: string
type: object
RemediationParametersAutomatedPRParameters:
description: AutomatedPRParameters holds the settings for automated PRs.
properties:
language_parameters:
additionalProperties:
$ref: '#/components/schemas/AutomatedPRParametersLanguageParameters'
description: Language-specific parameters for the pull request.
type: object
max_open_prs:
description: Maximum number of open pull requests allowed.
format: int32
type: integer
type: object
ToolChainProfileArchitectureToolChain:
properties:
arch:
additionalProperties:
$ref: '#/components/schemas/v1ToolChains'
type: object
type: object
AutomatedPRParametersLanguageParameters:
properties:
assignees:
description: List of assignees for the pull request.
items:
type: string
type: array
labels:
description: List of labels for the pull request.
items:
type: string
type: array
reviewers:
description: List of reviewers for the pull request.
items:
type: string
type: array
type: object
v1ToolChains:
properties:
android_tool_chain:
$ref: '#/components/schemas/v1AndroidToolChain'
dotnet_tool_chain:
$ref: '#/components/schemas/v1DotNetToolChain'
environment_variables:
description: >-
environment_variables are the env variables to be set during
toolchain installation.
items:
type: string
type: array
golang_tool_chain:
$ref: '#/components/schemas/v1GolangToolChain'
java_tool_chain:
$ref: '#/components/schemas/v1JavaToolChain'
javascript_tool_chain:
$ref: '#/components/schemas/v1JavaScriptToolChain'
php_tool_chain:
$ref: '#/components/schemas/v1PHPToolChain'
python_tool_chain:
$ref: '#/components/schemas/v1PythonToolChain'
ruby_tool_chain:
$ref: '#/components/schemas/v1RubyToolChain'
rust_tool_chain:
$ref: '#/components/schemas/v1RustToolChain'
scala_tool_chain:
$ref: '#/components/schemas/v1ScalaToolChain'
swift_tool_chain:
$ref: '#/components/schemas/v1SwiftToolChain'
type: object
v1AndroidToolChain:
properties:
command_line_tools_version:
$ref: '#/components/schemas/v1ToolChainVersion'
packages:
items:
type: string
type: array
required:
- command_line_tools_version
type: object
v1DotNetToolChain:
properties:
additional_dotnet_versions:
items:
type: string
type: array
dotnet_installer_version:
$ref: '#/components/schemas/v1ToolChainVersion'
version:
$ref: '#/components/schemas/v1ToolChainVersion'
required:
- version
type: object
v1GolangToolChain:
properties:
version:
$ref: '#/components/schemas/v1ToolChainVersion'
required:
- version
type: object
v1JavaToolChain:
properties:
gradle_version:
$ref: '#/components/schemas/v1ToolChainVersion'
maven_version:
$ref: '#/components/schemas/v1ToolChainVersion'
version:
$ref: '#/components/schemas/v1ToolChainVersion'
required:
- version
type: object
v1JavaScriptToolChain:
properties:
nodejs_version:
$ref: '#/components/schemas/v1ToolChainVersion'
npm_packages:
additionalProperties:
$ref: '#/components/schemas/v1ToolChainVersion'
type: object
pnpm_version:
$ref: '#/components/schemas/v1ToolChainVersion'
rush_version:
$ref: '#/components/schemas/v1ToolChainVersion'
yarn_version:
$ref: '#/components/schemas/v1ToolChainVersion'
required:
- nodejs_version
type: object
v1PHPToolChain:
properties:
composer_version:
$ref: '#/components/schemas/v1ToolChainVersion'
version:
$ref: '#/components/schemas/v1ToolChainVersion'
required:
- version
type: object
v1PythonToolChain:
properties:
pip_packages:
additionalProperties:
$ref: '#/components/schemas/v1ToolChainVersion'
description: the key is the package name to install through pip.
type: object
poetry_version:
$ref: '#/components/schemas/v1ToolChainVersion'
version:
$ref: '#/components/schemas/v1ToolChainVersion'
required:
- version
type: object
v1RubyToolChain:
properties:
dependabot_version:
$ref: '#/components/schemas/v1ToolChainVersion'
ruby_gems:
additionalProperties:
$ref: '#/components/schemas/v1ToolChainVersion'
type: object
version:
$ref: '#/components/schemas/v1ToolChainVersion'
required:
- version
type: object
v1RustToolChain:
properties:
mirai_version:
$ref: '#/components/schemas/v1ToolChainVersion'
rustup_version:
$ref: '#/components/schemas/v1ToolChainVersion'
version:
$ref: '#/components/schemas/v1ToolChainVersion'
required:
- version
- rustup_version
type: object
v1ScalaToolChain:
properties:
java_version:
$ref: '#/components/schemas/v1ToolChainVersion'
version:
$ref: '#/components/schemas/v1ToolChainVersion'
required:
- version
type: object
v1SwiftToolChain:
properties:
additional_swift_versions:
items:
type: string
type: array
version:
$ref: '#/components/schemas/v1ToolChainVersion'
required:
- version
type: object
v1ToolChainVersion:
description: >-
ToolChainVersion defines the tool chain's source from where it can be
installed.
properties:
name:
description: name of the tool chain.
type: string
relative_tool_chain_path:
description: relative path of the tool chain in tar ball.
type: string
sha256_sum:
description: SHA256 Digest of the tool that will be downloaded.
type: string
urls:
description: http mirros from where the tool can be downloaded.
items:
type: string
type: array
type: object
````