Tutorials Introduction

This page aims to aggregate which API calls defined in our documentation are necessary to perform major actions. If your question wasn't answered here or you have any questions on how to perform a desired action using our Web Interface, please get in touch using the "Support" menu after you log in, or simply send an e-mail to contact {at} gauntlet.io.


Starting a Dynamic (DAST) Scan

To start a scan you need to have:

Then you just need to create a Scan, which automatically will create a ScanScanner for each selected scanner in your scan profile.

However you probably want to know when the scan ends. For that you have a few options:

  • Poolling /scan/:id: you can request from time to time /scans/:id and then check if the scan status is finished or not, as described in the API page;
  • Webhook: you can configure a webhook to notify a desired URL when a scan ends. It could be done by the web interface in "Notifications" or through the API.

After the scan is finished, you can extract its findings through our API accessing any of these models:

  • Issues: all Issues are stored in a common format in our database and can be retrieved by the API. But our operations are asynchronous, thus even if the scan is finished it doesn't mean that its issues are available. You can programmatically check that when there is a Report available for that Scan;
  • Report: you can verify if there is a Report that particular Scan. If there is, you need to access its details (/report/:id) to retrieve the download URL - which expires after a few hours.


Starting a Static (SAST) Scan

It's the same process as above, except that you have a few differences:

  • Source Code is required: you have to upload a Source Code and retrieve its ID to use in the API call to create a Scan;
  • Scan Profile must contemplate Static Scan: a Scan Profile could work for Dynamic (DAST) or Static (SAST) testing, but not both at the same time. Make sure to set up your scan profile properly.