2.5 Scanning a repository

Request

Value

Method

POST

URL

https://api.metadefender.com/v4/repo

Throttled

Yes

Feature release date

22 Nov 2018

Summary

Source code repository scanning. Works with any public repository from Github, Bitbucket or Gitlab. When issuing the post request send a JSON body with:

  • source can be: github, gitlab or bitbucket. If omitted, it defaults to github.

  • username repository owner

  • repository repository name (slug)

  • ref branch or commit, optional, defaults to master

Our server will download the source code archive and scan it. Please be aware that free apikeys have small limits when it comes to files inside archives, for details please see our licensing page.

Just like file scan, repo scans are performed asynchronously, and each scan request is tracked by a data id. After retrieving the data id, a long polling process needs to be started, to check if the scan has finished.

Request

Header Parameters

 

Description

Allowed Values

Required

apikey

give rights to use the endpoint (token authentication) (API Authentication Mechanisms)

apikey

YES

Content-Type

specify the http content type

application/json

YES

Body (payload)

 

Format

Required

Example

HTTP Body

application/json

YES

{
"source": "<repository-provider>",
"username": "<user-name>",
"repository": "<repository-name>",
"ref": "<branch/commit>"
}

Response

HTTP Status Codes

Please refer to Status Codes for more information.

Body

Example of successful scan request:

{
"data_id": "Zz********************************1s",
"status": "inqueue",
"in_queue": "2",
"queue_priority": "high",
"rest_ip": "api.metadefender.com/v4"
}

Example of bad request:

{
"success": false,
"error": {
"code": 400241,
"messages": [
"Invalid repository"
]
}
}

Descriptions of response:

dataId

Data ID used for retrieving scan results. Since multiple scans can potentially be performed for the same files when any engine has a different definition time or when there is an additional engine, this is the identifier for per-scan rather than per-file.

in_queue

Counter representing the total numbers of files in the queue at the time of the request.

queue_priority

The priority of the file in scanning. Free users have normal priority, and paid used go to high.

Errors

Please refer to Errors for more information.

Sample code (Node.js)

var http = require("https");
 
var options = {
"method": "POST",
"hostname": "api.metadefender.com",
"path": "/v2/repo",
"headers": {
"apikey": process.env.APIKEY,
"content-type": "application/json"
}
};
 
var req = http.request(options, function (res) {
var chunks = [];
 
res.on("data", function (chunk) {
chunks.push(chunk);
});
 
res.on("end", function () {
var body = Buffer.concat(chunks);
console.log(body.toString());
});
});
 
req.write(JSON.stringify({
"source": "github",
"username": "opswat",
"repository": "metadefender-cloudformation",
"ref": "master"
}));
req.end();

Sample code (cURL)

curl -X POST \
https://api.metadefender.com/v4/repo \
-H 'Content-Type: application/json' \
-H 'apikey: ${APIKEY}' \
-d '{
"source": "github",
"username": "opswat",
"repository": "metadefender-cloudformation",
"ref": "master"
}'