Scans API Reference

MergeBase’s Scans API provides REST access to scan data.  Our Scans API is based on Nucleus Security‘s “Custom Scan Import Format.”  Note:  you DO NOT need to be a user or customer of Nucleus Security to enable and integrate with this endpoint.


Every request must include an HTTP Authorization header as follows:

X-Authorization: <api-key>

The api-key is provided from the “Enable MergeBase Rest Endpoint” section of the MergeBase configuration page.

REST Endpoints

GET /api/n/scans

Returns a list of instances with summary scan data for the customer associated with the API key.

JSON Data:

    "scan_date""2019-05-14 19:18:22",



GET /api/n/scans/<instance_id>

Returns the latest scan for the instance identified by instance-id (same as the scan file upload format).

JSON Data Example:

  "scan_date""2019-05-14 19:18:22",
  "scan_id": <instance-id>,
  "assets": [
      "findings": [
          "finding_name""CVE(s) found in .../fileupload@1.3.2",
          "finding_description""Component has 1 known vulnerability (1 rated critical)",
          "finding_output""Package fileupload was found to be vulnerable ...",
          "finding_reference": {
            "vulnerable version""1.3.2"
          "finding_name""CVE(s) found in .../commons-lang@2.4",
          "finding_description""Component has 1 known vulnerability",
          "finding_reference": {
            "vulnerable version""2.4"

Download your copy now!

[contact-form-7 id="271" title="White Paper Download"]

Discover More from MergeBase

Core Product

BuildGreen is a powerful solution for identifying the real risk of open source at build time or in existing applications

Learn how BuildGreen can protects your Enterprise

Add RunTime Protection

RunGreen detects and defends against known-vulnerabilities at runtime.

Learn why Runtime Protection Matters

Optional Developer Add-on

CodeGreen is an early-warning defence for your in-house development and integrates directly into code repositories

Quick Start - For Free