API Reference
REST API v1
The Gritcadence API lets you export findings, manage repositories, and configure rule overrides programmatically. Base URL: https://api.gritcadence.com/v1
Authentication
All API requests require a bearer token in the Authorization header. Generate tokens from your dashboard under Settings → API Tokens.
$ curl https://api.gritcadence.com/v1/findings \
-H "Authorization: Bearer <your-token>"
Findings
| Method | Endpoint | Description |
|---|---|---|
| GET | /findings |
List all findings. Filter by repo, severity, state, rule_id. |
| GET | /findings/{id} |
Get a single finding by ID, including full code context and taint trace. |
| PATCH | /findings/{id} |
Update finding state. Valid states: open, suppressed, resolved. |
| GET | /findings/export |
Export findings as JSON or CSV. Supports date range filter. |
Example response:
1{
2 "id": "f_01HXYZ",
3 "rule_id": "GRCD-0081",
4 "severity": "high",
5 "state": "open",
6 "file": "app/views/users.py",
7 "line": 42,
8 "message": "SQL injection risk in cursor.execute()",
9 "cwe": "CWE-89",
10 "pr_number": 412
11}
Repositories
| Method | Endpoint | Description |
|---|---|---|
| GET | /repos |
List all connected repositories. |
| GET | /repos/{id}/scans |
List scan history for a repository. |
| POST | /repos/{id}/scan |
Trigger a manual scan on the default branch. |
Rules
| Method | Endpoint | Description |
|---|---|---|
| GET | /rules |
List all built-in rules. Filter by language, owasp, cwe. |
| PATCH | /repos/{id}/rule-overrides |
Override severity or disable a rule for a specific repo. |
Rate limit: 1,000 requests/hour per token. Contact [email protected] for higher limits on Team plan.