Tests

This document uses the REST API. For more details, see the Authentication for API page.

Create a new test. (Early Access)

post

Create a new test.

Provide the items to be tested by Snyk as well as any configuration parameters for the test to be run.

Currently, scans using the Open Source (SCA) and Code Analysis (SAST) scanners can be run using the Test API.

Tests begun through the Test API yield lists of Findings when finished. These Findings can be retrieved using the ListFindings endpoint.

Successfully creating a new Test will yield a Job ID that can be used to poll for the Test's completion via the GetJob endpoint.

Required permissions

View Organization (org.read)
Test packages (org.package.test)

Authorizations

AuthorizationstringRequired

API key value must be prefixed with "Token ".

Path parameters

org_idstring · uuidRequired

Snyk Org ID under which to run or query information about a Job or Test.

Query parameters

versionstringRequired

The API version requested.

Header parameters

snyk-request-idstring · uuidOptional

A unique ID assigned to each API request, for tracing and troubleshooting.

Snyk clients can optionally provide this ID.

snyk-interaction-idstring · min: 36 · max: 128Optional

Identifies the Snyk client interaction in which this API request occurs.

The identifier is an opaque string. though at the time of writing it may either be a uuid or a urn containing a uuid and some metadata.

Body

TestRequestBody represents the request body used when creating an Test.

Responses

202

The request has been accepted for processing, but processing has not yet completed.

application/vnd.api+json

400

Invalid input

application/vnd.api+json

post

/orgs/{org_id}/tests

POST /rest/orgs/{org_id}/tests?version=text HTTP/1.1
Host: api.snyk.io
Authorization: YOUR_API_KEY
Content-Type: application/vnd.api+json
Accept: */*
Content-Length: 1258

{
  "data": {
    "attributes": {
      "config": {
        "local_policy": {
          "fail_on_upgradable": false,
          "ignores": [
            {
              "created_at": "2026-02-23T18:05:10.994Z",
              "expires_at": "2026-02-23T18:05:10.994Z",
              "path": [
                "[email protected]",
                "org.apache.logging.log4j:[email protected]"
              ],
              "reason": "False positive",
              "skip_if_fixable": true,
              "vuln_id": "SNYK-JAVA-ORGAPACHELOGGINGLOG4J-31456"
            }
          ],
          "reachability_filter": "reachable",
          "risk_score_threshold": 1,
          "severity_threshold": "critical",
          "suppress_pending_ignores": false
        },
        "project_business_criticality": "text",
        "project_environment": [
          "text"
        ],
        "project_lifecycle": [
          "text"
        ],
        "project_tags": [
          "text"
        ],
        "publish_report": true,
        "scan_config": {
          "secrets": {}
        },
        "target_name": "text",
        "target_reference": "text",
        "timeout": {
          "outcome": "pass",
          "seconds": 1
        }
      },
      "resources": [
        {
          "resource": {
            "content_type": "source",
            "file_patterns": [
              "*.go"
            ],
            "repository_url": "https://example.com/source/repo",
            "revision_id": "abcde12345",
            "type": "upload"
          },
          "type": "base"
        },
        {
          "resource": {
            "ref_id": "6BD4F5E2-D4E8-4C6B-BB0E-ECF0A70423F5",
            "reference_type": "target",
            "type": "snyk_ref"
          },
          "type": "base"
        }
      ],
      "sdlc_stage": "ide",
      "subject": {
        "bundle_id": "text",
        "locator": {
          "paths": [
            "text"
          ],
          "type": "local_path"
        },
        "type": "deepcode_bundle"
      },
      "subject_locators": [
        {
          "paths": [
            "package.json"
          ],
          "type": "local_path"
        }
      ],
      "user_public_id": "text"
    },
    "type": "tests"
  }
}

{
  "data": {
    "attributes": {
      "created_at": "2026-02-23T18:05:10.994Z",
      "status": "pending"
    },
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "type": "test_jobs"
  },
  "jsonapi": {
    "version": "1.0"
  },
  "links": {
    "related": "https://example.com",
    "self": "https://example.com",
    "ANY_ADDITIONAL_PROPERTY": "https://example.com"
  },
  "meta": {
    "ANY_ADDITIONAL_PROPERTY": "anything"
  }
}

Get a test. (Early Access)

get

Get a test.

A Test returned through this endpoint is intended to be a completed Test with results. The data returned through this endpoint does not contain the Findings for the Test, but a description of the Test that was run and its status.

Tests that completed successfully are marked with an appropriate outcome according to the configured Thresholds.

Facts about the Test (e.g. how many dependencies were present in a Tested SBOM) are attached to this response as well as a summary of the Findings uncovered during the Test.

Any Errors or Warnings that occurred during the Test will be present in the response from this endpoint.

The response will also contain a link to the first page of the Test's Findings.

Required permissions

View Organization (org.read)

Authorizations

AuthorizationstringRequired

API key value must be prefixed with "Token ".

Path parameters

org_idstring · uuidRequired

Snyk Org ID under which to run or query information about a Job or Test.

test_idstring · uuidRequired

Test ID returned from the Test API to query.

Query parameters

versionstringRequired

The API version requested.

Header parameters

snyk-request-idstring · uuidOptional

A unique ID assigned to each API request, for tracing and troubleshooting.

Snyk clients can optionally provide this ID.

snyk-interaction-idstring · min: 36 · max: 128Optional

Identifies the Snyk client interaction in which this API request occurs.

The identifier is an opaque string. though at the time of writing it may either be a uuid or a urn containing a uuid and some metadata.

Responses

200

Successful API response with a single resource

application/vnd.api+json

400

Invalid input

application/vnd.api+json

get

/orgs/{org_id}/tests/{test_id}

GET /rest/orgs/{org_id}/tests/{test_id}?version=text HTTP/1.1
Host: api.snyk.io
Authorization: YOUR_API_KEY
Accept: */*

{
  "data": {
    "attributes": {
      "config": {
        "local_policy": {
          "fail_on_upgradable": false,
          "ignores": [
            {
              "created_at": "2026-02-23T18:05:10.994Z",
              "expires_at": "2026-02-23T18:05:10.994Z",
              "path": [
                "[email protected]",
                "org.apache.logging.log4j:[email protected]"
              ],
              "reason": "False positive",
              "skip_if_fixable": true,
              "vuln_id": "SNYK-JAVA-ORGAPACHELOGGINGLOG4J-31456"
            }
          ],
          "reachability_filter": "reachable",
          "risk_score_threshold": 1,
          "severity_threshold": "critical",
          "suppress_pending_ignores": false
        },
        "project_business_criticality": "text",
        "project_environment": [
          "text"
        ],
        "project_lifecycle": [
          "text"
        ],
        "project_tags": [
          "text"
        ],
        "publish_report": true,
        "scan_config": {
          "secrets": {}
        },
        "target_name": "text",
        "target_reference": "text",
        "timeout": {
          "outcome": "pass",
          "seconds": 1
        }
      },
      "created_at": "2026-02-23T18:05:10.994Z",
      "effective_summary": {
        "count": 30,
        "count_by": {
          "result_type": {
            "sast": 12,
            "sca": 18
          },
          "severity": {
            "critical": 2,
            "high": 3,
            "low": 15,
            "medium": 10
          }
        }
      },
      "outcome": {
        "breached_policies": {
          "ids": [
            "123e4567-e89b-12d3-a456-426614174000"
          ],
          "local_policy": true
        },
        "reason": "policy_breach",
        "result": "pass"
      },
      "raw_summary": {
        "count": 30,
        "count_by": {
          "result_type": {
            "sast": 12,
            "sca": 18
          },
          "severity": {
            "critical": 2,
            "high": 3,
            "low": 15,
            "medium": 10
          }
        }
      },
      "resources": [
        {
          "resource": {
            "content_type": "source",
            "file_patterns": [
              "*.go"
            ],
            "repository_url": "https://example.com/source/repo",
            "revision_id": "abcde12345",
            "type": "upload"
          },
          "type": "base"
        },
        {
          "resource": {
            "ref_id": "6BD4F5E2-D4E8-4C6B-BB0E-ECF0A70423F5",
            "reference_type": "target",
            "type": "snyk_ref"
          },
          "type": "base"
        }
      ],
      "sdlc_stage": "ide",
      "state": {
        "errors": [
          {
            "code": "text",
            "detail": "text",
            "id": "123e4567-e89b-12d3-a456-426614174000",
            "links": {
              "about": "https://example.com",
              "ANY_ADDITIONAL_PROPERTY": "https://example.com"
            },
            "meta": {},
            "source": {
              "parameter": "text",
              "pointer": "text"
            },
            "status": "text",
            "title": "text"
          }
        ],
        "execution": "pending",
        "warnings": [
          {
            "code": "text",
            "detail": "text",
            "id": "123e4567-e89b-12d3-a456-426614174000",
            "links": {
              "about": "https://example.com",
              "ANY_ADDITIONAL_PROPERTY": "https://example.com"
            },
            "meta": {},
            "source": {
              "parameter": "text",
              "pointer": "text"
            },
            "status": "text",
            "title": "text"
          }
        ]
      },
      "subject": {
        "bundle_id": "text",
        "locator": {
          "paths": [
            "text"
          ],
          "type": "local_path"
        },
        "type": "deepcode_bundle"
      },
      "subject_locators": [
        {
          "paths": [
            "package.json"
          ],
          "type": "local_path"
        }
      ],
      "test_facts": [
        {
          "total_dependency_count": 1,
          "type": "dependency_count_fact"
        }
      ],
      "user_public_id": "text"
    },
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "links": {
      "findings": "https://example.com"
    },
    "type": "tests"
  },
  "jsonapi": {
    "version": "1.0"
  },
  "links": {
    "related": "https://example.com",
    "self": "https://example.com",
    "ANY_ADDITIONAL_PROPERTY": "https://example.com"
  },
  "meta": {
    "ANY_ADDITIONAL_PROPERTY": "anything"
  }
}

Get a test job. (Early Access)

get

Get a test job.

The Test API is Asynchronous, and Tests begun through the API are assigned a Job ID which references the in-progress Test. The Job ID is provided in a successful response from the CreateTest endpoint.

This endpoint is used to poll for the status of a Test using its associated Job ID.

When the Job is Finished and the Test is ready for consumption, the Related link will be populated in the response with a link to the finished Test entity.

Required permissions

View Organization (org.read)

Authorizations

AuthorizationstringRequired

API key value must be prefixed with "Token ".

Path parameters

org_idstring · uuidRequired

Snyk Org ID under which to run or query information about a Job or Test.

job_idstring · uuidRequired

Job ID returned from the Test API to query.

Query parameters

versionstringRequired

The API version requested.

Header parameters

snyk-request-idstring · uuidOptional

A unique ID assigned to each API request, for tracing and troubleshooting.

Snyk clients can optionally provide this ID.

snyk-interaction-idstring · min: 36 · max: 128Optional

Identifies the Snyk client interaction in which this API request occurs.

The identifier is an opaque string. though at the time of writing it may either be a uuid or a urn containing a uuid and some metadata.

Responses

200

Successful API response with a single resource

application/vnd.api+json

303

Redirect to another resource after async processing.

application/vnd.api+json

400

Invalid input

application/vnd.api+json

get

/orgs/{org_id}/test_jobs/{job_id}

GET /rest/orgs/{org_id}/test_jobs/{job_id}?version=text HTTP/1.1
Host: api.snyk.io
Authorization: YOUR_API_KEY
Accept: */*

{
  "data": {
    "attributes": {
      "created_at": "2026-02-23T18:05:10.994Z",
      "status": "pending"
    },
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "relationships": {
      "test": {
        "data": {
          "id": "123e4567-e89b-12d3-a456-426614174000",
          "type": "tests"
        }
      }
    },
    "type": "test_jobs"
  },
  "jsonapi": {
    "version": "1.0"
  },
  "links": {
    "related": "https://example.com",
    "self": "https://example.com",
    "ANY_ADDITIONAL_PROPERTY": "https://example.com"
  },
  "meta": {
    "ANY_ADDITIONAL_PROPERTY": "anything"
  }
}

PreviousTest (v1)NextUniversal Broker

Last updated 5 months ago

Was this helpful?

hashtagCreate a new test. (Early Access)

Required permissions

hashtagGet a test. (Early Access)

Required permissions

hashtagGet a test job. (Early Access)

Required permissions

Create a new test. (Early Access)

Get a test. (Early Access)

Get a test job. (Early Access)