Skip to main content
Manage links between application source code and target hostnames. Source repos enable source-aware JS extensions to read, list, and search source files during scanning.

GET /api/source-repos — List Source Repos

Query parameters:
ParameterTypeDefaultDescription
hostnamestringFilter by exact hostname
limitint50Number of repos to return (max 500)
offsetint0Offset for pagination
# List all source repos
curl -s http://localhost:9002/api/source-repos | jq .

# Filter by hostname
curl -s 'http://localhost:9002/api/source-repos?hostname=app.example.com' | jq .

{
  "data": [
    {
      "id": 1,
      "hostname": "app.example.com",
      "name": "my-app",
      "root_path": "/home/user/src/my-app",
      "repo_type": "git",
      "language": "python",
      "framework": "django",
      "endpoints": ["/api/users", "/api/login"],
      "route_params": ["id", "uuid"],
      "sinks": ["sql.exec"],
      "tags": ["backend"],
      "third_party_scan_status": "completed",
      "third_party_scan_at": "2026-02-19T11:00:00Z",
      "created_at": "2026-02-19T10:00:00Z",
      "updated_at": "2026-02-19T11:00:00Z"
    }
  ],
  "total": 1,
  "limit": 50,
  "offset": 0,
  "has_more": false
}

POST /api/source-repos — Create Source Repo

Request body:
FieldTypeRequiredDescription
hostnamestringYesTarget hostname to link
root_pathstringYesAbsolute filesystem path to source root
namestringNoDisplay name (defaults to hostname)
repo_typestringNogit, folder, or archive (defaults to folder)
languagestringNoPrimary programming language
frameworkstringNoFramework (e.g. express, django, spring)
scan_uuidstringNoLink to a specific scan UUID
endpointsstring[]NoKnown application endpoints
route_paramsstring[]NoKnown route parameters
sinksstring[]NoKnown dangerous sinks
tagsstring[]NoTags for categorization
metadataobjectNoArbitrary metadata
curl -s -X POST http://localhost:9002/api/source-repos \
  -H "Content-Type: application/json" \
  -d '{
    "hostname": "app.example.com",
    "root_path": "/home/user/src/my-app",
    "repo_type": "git",
    "language": "python",
    "framework": "django"
  }' | jq .

{
  "id": 1,
  "hostname": "app.example.com",
  "name": "app.example.com",
  "root_path": "/home/user/src/my-app",
  "repo_type": "git",
  "language": "python",
  "framework": "django",
  "third_party_scan_status": "",
  "created_at": "2026-02-19T10:00:00Z",
  "updated_at": "2026-02-19T10:00:00Z"
}

GET /api/source-repos/:id — Get Source Repo

curl -s http://localhost:9002/api/source-repos/1 | jq .

PUT /api/source-repos/:id — Update Source Repo

Partially updates a source repo. Only provided fields are overwritten. 
curl -s -X PUT http://localhost:9002/api/source-repos/1 \
  -H "Content-Type: application/json" \
  -d '{
    "language": "go",
    "framework": "fiber",
    "tags": ["backend", "api"]
  }' | jq .

DELETE /api/source-repos/:id — Delete Source Repo

curl -s -X DELETE http://localhost:9002/api/source-repos/1 | jq .

{
  "message": "source repo deleted",
  "id": 1
}