Scan Endpoint
Submit code for security analysis.
POST /api/v1/scan
Analyzes source code files for AI agent security vulnerabilities.
Request
Headers:
| Header | Required | Description |
|---|---|---|
Authorization | Yes | Bearer YOUR_API_KEY |
Content-Type | Yes | multipart/form-data |
Body (multipart form):
| Field | Type | Required | Description |
|---|---|---|---|
file | File | Yes | Source file to scan (can send multiple) |
Supported file types:
- Python (
.py) - JavaScript (
.js,.jsx) - TypeScript (
.ts,.tsx) - Go (
.go) - YAML (
.yaml,.yml) - JSON (
.json)
Response
{
"success": true,
"risk_score": 65,
"findings_count": 3,
"critical_count": 0,
"high_count": 2,
"medium_count": 1,
"low_count": 0,
"findings": [
{
"id": "f8a3b2c1",
"severity": "HIGH",
"file": "agent.py",
"line": 42,
"column": 12,
"message": "User input directly concatenated into LLM prompt",
"cwe": "CWE-77",
"owasp": "LLM01"
}
],
"files_scanned": 5,
"scan_duration": "2.1s"
}Response Fields
| Field | Type | Description |
|---|---|---|
success | boolean | Whether the scan completed |
risk_score | integer | Overall risk score (0-100) |
findings_count | integer | Total number of findings |
critical_count | integer | Critical severity findings |
high_count | integer | High severity findings |
medium_count | integer | Medium severity findings |
low_count | integer | Low severity findings |
findings | array | List of security findings |
files_scanned | integer | Number of files analyzed |
scan_duration | string | Time taken for analysis |
Finding Object
| Field | Type | Description |
|---|---|---|
id | string | Unique finding identifier |
severity | string | CRITICAL, HIGH, MEDIUM, or LOW |
file | string | File path where issue was found |
line | integer | Line number |
column | integer | Column number |
message | string | Description of the vulnerability |
cwe | string | CWE identifier (e.g., CWE-77) |
owasp | string | OWASP LLM Top 10 category |
Severity Levels
| Severity | Description |
|---|---|
CRITICAL | Immediate risk, fix before deployment |
HIGH | Significant risk, fix before release |
MEDIUM | Moderate risk, fix in normal cycle |
LOW | Minor risk, address when convenient |
Example Request
curl -X POST https://api.inkog.io/api/v1/scan \
-H "Authorization: Bearer YOUR_API_KEY" \
-F "file=@./src/agent.py" \
-F "file=@./src/tools.py"Scanning a Directory
To scan multiple files, send each file as a separate form field:
# Find all Python files and scan them
find ./src -name "*.py" -exec curl -X POST https://api.inkog.io/api/v1/scan \
-H "Authorization: Bearer YOUR_API_KEY" \
-F "file=@{}" \;Or use the CLI for easier directory scanning:
inkog scan ./srcLast updated on