Request	Value
Method	POST
URL	https://api.metadefender.com/v4/repo
Throttled	Yes
Feature release date	22 Nov 2018

Summary

Source code repository scanning. Works with any public repository from Github, Bitbucket or Gitlab. When issuing the post request send a JSON body with:

source can be: github, gitlab or bitbucket. If omitted, it defaults to github.
username repository owner
repository repository name (slug)
ref branch or commit, optional, defaults to master

Our server will download the source code archive and scan it. Please be aware that free apikeys have small limits when it comes to files inside archives, for details please see our licensing page.

Just like file scan, repo scans are performed asynchronously, and each scan request is tracked by a data id. After retrieving the data id, a long polling process needs to be started, to check if the scan has finished.

Request

Header Parameters

	Description	Allowed Values	Required
apikey	give rights to use the endpoint (token authentication) (API Authentication Mechanisms)	apikey	YES
Content-Type	specify the http content type	application/json	YES

Body (payload)

	Format	Required	Example
HTTP Body	application/json	YES	`{` `"source":` `"<repository-provider>",` `"username":` `"<user-name>",` `"repository":` `"<repository-name>",` `"ref":` `"<branch/commit>"` `}`

Response

HTTP Status Codes

Please refer to Status Codes for more information.

Body

Example of successful scan request:

{
    "data_id": "Zz********************************1s",
    "status": "inqueue",
    "in_queue": "2",
    "queue_priority": "high",
    "rest_ip": "api.metadefender.com/v4"
}

Example of bad request:

{
    "success": false,
    "error": {
        "code": 400241,
        "messages": [
            "Invalid repository"
        ]
    }
}

Descriptions of response:

dataId	Data ID used for retrieving scan results. Since multiple scans can potentially be performed for the same files when any engine has a different definition time or when there is an additional engine, this is the identifier for per-scan rather than per-file.
in_queue	Counter representing the total numbers of files in the queue at the time of the request.
queue_priority	The priority of the file in scanning. Free users have normal priority, and paid used go to high.

Errors

Please refer to Errors for more information.

Sample code (Node.js)

var http = require("https");
 
var options = {
  "method": "POST",
  "hostname": "api.metadefender.com",
  "path": "/v2/repo",
  "headers": {
    "apikey": process.env.APIKEY,
    "content-type": "application/json"
  }
};
 
var req = http.request(options, function (res) {
  var chunks = [];
 
  res.on("data", function (chunk) {
    chunks.push(chunk);
  });
 
  res.on("end", function () {
    var body = Buffer.concat(chunks);
    console.log(body.toString());
  });
});
 
req.write(JSON.stringify({
    "source": "github",    
    "username": "opswat",
    "repository": "metadefender-cloudformation",
    "ref": "master"
}));
                                                                                                                                                                                                                                                                                          
req.end();

Sample code (cURL)

curl -X POST \
  https://api.metadefender.com/v4/repo \
  -H 'Content-Type: application/json' \
  -H 'apikey: ${APIKEY}' \
  -d '{
    "source": "github",    
    "username": "opswat",
    "repository": "metadefender-cloudformation",
    "ref": "master"
  }'  

2.5 Scanning a repository