Cycode
Application Security- Overview
- Setup
- Data & mappings
- Operations & API
- Changelog
The Cycode Connector integrates with the Cycode Application Security Posture Management (ASPM) platform to synchronize security findings and the organizational assets they relate to. It fetches violations from the Cycode V4 violations API (SAST, SCA, secrets, Infrastructure as Code, and CI/CD security domains), the policies that define those violation types, and the repositories and projects the violations are found in.
A single pull of the violations API is cached locally and then filtered client-side into three finding models (SAST findings, SCA findings, and generic violations). Likewise, a single pull of the policies API is filtered client-side into three definition models.
Category: Application Security
Data retrieved from Cycode
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Repository | Yes | Code Repository |
| Project | Yes | Code Project |
| SAST Finding | Yes | Static Code Finding |
| SCA Finding | Yes | Open Source Finding |
| Violation | Yes | Violation |
| SAST Finding Definition | Yes | Static Code Finding Definition |
| SCA Finding Definition | Yes | Open Source Finding Definition |
| Violation Definition | Yes | Violation Definition |
Model relationships
For detailed steps on how to view the data retrieved from Cycode in the Brinqa Platform, see How to view your data.
Connection settings
When setting up a data integration, select Cycode from the Connector dropdown and provide the following:
| Setting | Required | Default | Description |
|---|---|---|---|
| API URL | No | https://api.cycode.com | Cycode API URL |
| Client ID | Yes | — | Cycode Client ID |
| Client secret | Yes | — | Cycode Client secret |
| Legacy API URL | Yes | https://app.cycode.com | Cycode Legacy API URL |
| Page size | No | 100 | Maximum number of records to get per API request |
| Maximum retries | No | 5 | The maximum number of retry attempts before giving up a request |
| Parallel requests | No | min(4, available processors) | Maximum number of parallel API requests |
| SSL / TLS | No | false | Skip certificate verification |
Authentication
The connector uses an OAuth 2.0 client-credentials style token exchange. The client ID and secret are exchanged for a short-lived bearer token, which is attached to every subsequent request.
Endpoint
| Method | URL |
|---|---|
POST | https://api.cycode.com/api/v1/auth/api-token |
Request Headers
| Header | Value |
|---|---|
Content-Type | application/json |
Request Body
{
"clientId": "your-client-id",
"secret": "your-client-secret"
}
Sample Response
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"expires_in": "2026-02-07T02:49:05Z",
"refresh_token": "dGhpcyBpcyBhIHJlZnJlc2ggdG9rZW4..."
}
Response Fields
| Field | Type | Description |
|---|---|---|
token | String | Bearer token for API requests |
expires_in | Instant | Token expiration timestamp; the token is treated as expired five seconds before this time |
refresh_token | String | Token for refreshing access |
Usage
Once authenticated, all subsequent API requests include the bearer token in the Authorization header, along with Content-Type: application/json and X-Requested-With: brinqa:
Authorization: Bearer <token>
The token is cached and re-requested automatically when it expires.
Base URLs
The connector talks to two hosts:
- API base URL (
url, defaulthttps://api.cycode.com) — used for the V4 endpointsv4/violationsandv4/projects. - App base URL (
legacyUrl, defaulthttps://app.cycode.com) — used forapi/repositoriesandapi/policies.
How to obtain Cycode credentials
Obtain the required credentials (legacyUrl, clientId, clientSecret) from your Cycode administrator or the Cycode admin console, then enter them in the connection settings above.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes:
Repository
| Source Field Name | SDM Attribute |
|---|---|
RepositoryResource.alertCounts.critical | CRITICAL_ALERTS |
RepositoryResource.alertCounts.high | HIGH_ALERTS |
RepositoryResource.alertCounts.info | INFO_ALERTS |
RepositoryResource.alertCounts.low | LOW_ALERTS |
RepositoryResource.alertCounts.medium | MEDIUM_ALERTS |
RepositoryResource.id | UID |
RepositoryResource.isFork | IS_FORK |
RepositoryResource.isPrivate | IS_PRIVATE |
RepositoryResource.labels | TAGS |
RepositoryResource.name | NAME |
RepositoryResource.organization.id | ORG_ID |
RepositoryResource.organization.name | ORG_NAME |
RepositoryResource.project | PROJECT |
RepositoryResource.projectId | PROJECT_ID |
RepositoryResource.scmCreated | SCM_CREATED |
RepositoryResource.scmCreated | SOURCE_CREATED_DATE |
RepositoryResource.scmProjects | SCM_PROJECTS |
RepositoryResource.scmProvider | CATEGORIES |
RepositoryResource.scmProvider | SCM_PROVIDER |
RepositoryResource.teamRepositoryPermissions | TEAM_REPOSITORY_PERMISSIONS |
RepositoryResource.url | URL |
RepositoryResource.visibility | VISIBILITY |
| — | STATUS |
| — | LAST_CAPTURED |
Project
| Source Field Name | SDM Attribute |
|---|---|
ProjectResource.assets[].assetId | ASSET_IDS |
ProjectResource.businessImpact | BUSINESS_IMPACT |
ProjectResource.created | SOURCE_CREATED_DATE |
ProjectResource.createdBy | CREATED_BY |
ProjectResource.description | DESCRIPTION |
ProjectResource.hasCollisions | HAS_COLLISIONS |
ProjectResource.id | UID |
ProjectResource.isArchived | STATUS |
ProjectResource.isArchived | IS_ARCHIVED |
ProjectResource.labels | TAGS |
ProjectResource.maxRiskedDetectionId | MAX_RISKED_DETECTION_ID |
ProjectResource.maxRiskScore | MAX_RISK_SCORE |
ProjectResource.maxRiskScoreSampledAt | MAX_RISK_SCORE_SAMPLED_AT |
ProjectResource.members[].memberId | MEMBER_IDS |
ProjectResource.modified | SOURCE_LAST_MODIFIED |
ProjectResource.name | NAME |
ProjectResource.parentGroupId | PARENT_GROUP_ID |
ProjectResource.projectIssueTrackings[].integrationId | PROJECT_ISSUE_TRACKING_IDS |
ProjectResource.projectType | PROJECT_TYPE |
ProjectResource.projectType | CATEGORIES |
ProjectResource.teamMembers[].teamMemberId | TEAM_MEMBER_IDS |
| — | LAST_CAPTURED |
SAST Finding
| Source Field Name | SDM Attribute |
|---|---|
detectionDetails.advisorySeverity | ADVISORY_SEVERITY |
detectionDetails.alert.affectedPackageName | AFFECTED_PACKAGE_NAME |
detectionDetails.alert.cveIdentifier | CVE_IDENTIFIER |
detectionDetails.alert.description | ALERT_DESCRIPTION |
detectionDetails.alert.firstPatchedVersion | FIRST_PATCHED_VERSION |
detectionDetails.alert.ghsaIdentifier | GHSA_IDENTIFIER |
detectionDetails.alert.lockFilePath | LOCK_FILE_PATH |
detectionDetails.alert.packageDescription | PACKAGE_DESCRIPTION |
detectionDetails.alert.summary | ALERT_SUMMARY |
detectionDetails.alert.vulnerableRequirements | VULNERABLE_REQUIREMENTS |
detectionDetails.branchId | BRANCH_ID |
detectionDetails.branchName | BRANCH_NAME |
detectionDetails.branchUrl | BRANCH_URL |
detectionDetails.buildTool | BUILD_TOOL |
detectionDetails.commitId | COMMIT_ID |
detectionDetails.cvssScore | CVSS_SCORE |
detectionDetails.cwe | CWE |
detectionDetails.dependencyPaths | DEPENDENCY_PATHS |
detectionDetails.detectionSource | DETECTION_SOURCE |
detectionDetails.ecosystem | ECOSYSTEM |
detectionDetails.endPosition | END_POSITION |
detectionDetails.entityType | ENTITY_TYPE |
detectionDetails.epss / detectionDetails.epssInfo.epss | EPSS |
detectionDetails.epssInfo.updatedAt | EPSS_UPDATED_AT |
detectionDetails.exploitability | EXPLOITABILITY |
detectionDetails.exploitabilityMaturity | EXPLOITABILITY_MATURITY |
detectionDetails.externalScannerId | EXTERNAL_SCANNER_ID |
detectionDetails.fileExtension | FILE_EXTENSION |
detectionDetails.fileName | FILE_NAME |
detectionDetails.filePath | PATH |
detectionDetails.fileUrl | FILE_URL |
detectionDetails.hasFixInVersion | HAS_FIX_IN_VERSION |
detectionDetails.hasFixSuggestion | HAS_FIX_SUGGESTION |
detectionDetails.isDefaultBranch | IS_DEFAULT_BRANCH |
detectionDetails.isDevDependency | IS_DEV_DEPENDENCY |
detectionDetails.isDirectDependency | IS_DIRECT_DEPENDENCY |
detectionDetails.isReachable | IS_REACHABLE |
detectionDetails.isRemediable | IS_REMEDIABLE |
detectionDetails.isSuggestedFirstPatchedVersion | IS_SUGGESTED_FIRST_PATCHED_VERSION |
detectionDetails.languages | LANGUAGES |
detectionDetails.line | LINE |
detectionDetails.lineInFile | LINE_IN_FILE |
detectionDetails.lineType | LINE_TYPE |
detectionDetails.manifestFilePath | MANIFEST_FILE_PATH |
detectionDetails.mergeCommitAllowed | MERGE_COMMIT_ALLOWED |
detectionDetails.organizationId | ORGANIZATION_ID |
detectionDetails.organizationName | ORGANIZATION_NAME |
detectionDetails.ossf.commit | OSSF_COMMIT |
detectionDetails.ossf.date | OSSF_DATE |
detectionDetails.ossf.score | OSSF_SCORE |
detectionDetails.ossf.scorecardReportUrl | OSSF_SCORECARD_URL |
detectionDetails.owasp | OWASP |
detectionDetails.packageEcosystem | PACKAGE_ECOSYSTEM |
detectionDetails.packageName | PACKAGE_NAME |
detectionDetails.packageVersion | PACKAGE_VERSION |
detectionDetails.packageVersionId | PACKAGE_VERSION_ID |
detectionDetails.policyId | POLICY_ID |
detectionDetails.projectPath | PROJECT_PATH |
detectionDetails.pullRequestNumber | PULL_REQUEST_NUMBER |
detectionDetails.rebaseMergeAllowed | REBASE_MERGE_ALLOWED |
detectionDetails.remediationMetadata.isMajorVersionChangeRequiredForPatch | IS_MAJOR_VERSION_CHANGE_REQUIRED |
detectionDetails.repositoryId | REPOSITORY_ID |
detectionDetails.repositoryName | REPOSITORY_NAME |
detectionDetails.repositoryProjectId | REPOSITORY_PROJECT_ID |
detectionDetails.repositoryUrl | REPOSITORY_URL |
detectionDetails.resolvingMethodType | RESOLVING_METHOD_TYPE |
detectionDetails.squashMergeAllowed | SQUASH_MERGE_ALLOWED |
detectionDetails.startPosition | START_POSITION |
detectionDetails.uniqueResourceId | UNIQUE_RESOURCE_ID |
detectionDetails.vulnerabilityDescription | VULNERABILITY_DESCRIPTION |
detectionDetails.vulnerabilityId | VULNERABILITY_ID |
detectionDetails.vulnerableComponent | VULNERABLE_COMPONENT |
detectionDetails.vulnerableComponentVersion | VULNERABLE_COMPONENT_VERSION |
detectionDetails.vulnerableResource | VULNERABLE_RESOURCE |
ViolationResource.assigneeId | ASSIGNEE_ID |
ViolationResource.category | CATEGORY |
ViolationResource.classification.classificationId | CLASSIFICATION_ID |
ViolationResource.classification.classificationLevel | CLASSIFICATION_LEVEL |
ViolationResource.correlationMessage | CORRELATION_MESSAGE |
ViolationResource.createdDate | DETECTED_AT |
ViolationResource.detectionId | DETECTION_ID |
ViolationResource.detectionRuleId | DETECTION_RULE_ID |
ViolationResource.detectionTypeId | DETECTION_TYPE_ID |
ViolationResource.effectivePolicyName | TYPE |
ViolationResource.effectivePolicyName | POLICY_NAME |
ViolationResource.externalSeverity | EXTERNAL_SEVERITY |
ViolationResource.firstClosedAt | FIRST_CLOSED_AT |
ViolationResource.id | UID |
ViolationResource.id | NAME |
ViolationResource.isHidden | IS_HIDDEN |
ViolationResource.isPendingReview | IS_PENDING_REVIEW |
ViolationResource.isPolicyDisabled | IS_POLICY_DISABLED |
ViolationResource.labels | LABELS |
ViolationResource.lastDetectedAt | LAST_DETECTED_AT |
ViolationResource.metadata | METADATA |
ViolationResource.policyLabels | POLICY_LABELS |
ViolationResource.policyTags | POLICY_TAGS |
ViolationResource.priority | PRIORITY |
ViolationResource.projectIds | PROJECT_IDS |
ViolationResource.provider | PROVIDER |
ViolationResource.remediable | REMEDIABLE |
ViolationResource.riskScore | RISK_SCORE |
ViolationResource.riskScoreSeverity | RISK_SCORE_SEVERITY |
ViolationResource.rootId | ROOT_ID |
ViolationResource.scanAggregationId | SCAN_AGGREGATION_ID |
ViolationResource.scanId | SCAN_ID |
ViolationResource.sdlcStages | SDLC_STAGES |
ViolationResource.severity | SEVERITY |
ViolationResource.slaStatus | SLA_STATUS |
ViolationResource.sourceEntityId | SOURCE_ENTITY_ID |
ViolationResource.sourceEntityId | TARGETS |
ViolationResource.sourceEntityName | SOURCE_ENTITY_NAME |
ViolationResource.sourceEntityType | SOURCE_ENTITY_TYPE |
ViolationResource.sourcePolicyType | SOURCE_POLICY_TYPE |
ViolationResource.status | PROVIDER_STATUS |
ViolationResource.status | SOURCE_STATUS |
ViolationResource.statusChangeMessage | STATUS_CHANGE_MESSAGE |
ViolationResource.statusReason | STATUS_REASON |
ViolationResource.statusUpdatedAt | STATUS_UPDATED_AT |
ViolationResource.statusUpdatedById | STATUS_UPDATED_BY_ID |
ViolationResource.subCategoryV2 | SUB_CATEGORY |
ViolationResource.tags | TAGS |
ViolationResource.tenantId | TENANT_ID |
ViolationResource.updatedDate | UPDATED_DATE |
| — | LAST_CAPTURED |
SCA Finding
| Source Field Name | SDM Attribute |
|---|---|
detectionDetails.advisorySeverity | ADVISORY_SEVERITY |
detectionDetails.alert.affectedPackageName | AFFECTED_PACKAGE_NAME |
detectionDetails.alert.cveIdentifier | CVE_IDENTIFIER |
detectionDetails.alert.description | ALERT_DESCRIPTION |
detectionDetails.alert.firstPatchedVersion | FIRST_PATCHED_VERSION |
detectionDetails.alert.ghsaIdentifier | GHSA_IDENTIFIER |
detectionDetails.alert.lockFilePath | LOCK_FILE_PATH |
detectionDetails.alert.packageDescription | PACKAGE_DESCRIPTION |
detectionDetails.alert.summary | ALERT_SUMMARY |
detectionDetails.alert.vulnerableRequirements | VULNERABLE_REQUIREMENTS |
detectionDetails.branchId | BRANCH_ID |
detectionDetails.branchName | BRANCH_NAME |
detectionDetails.branchUrl | BRANCH_URL |
detectionDetails.buildTool | BUILD_TOOL |
detectionDetails.commitId | COMMIT_ID |
detectionDetails.cvssScore | CVSS_SCORE |
detectionDetails.cwe | CWE |
detectionDetails.dependencyPaths | DEPENDENCY_PATHS |
detectionDetails.detectionSource | DETECTION_SOURCE |
detectionDetails.ecosystem | ECOSYSTEM |
detectionDetails.endPosition | END_POSITION |
detectionDetails.entityType | ENTITY_TYPE |
detectionDetails.epss / detectionDetails.epssInfo.epss | EPSS |
detectionDetails.epssInfo.updatedAt | EPSS_UPDATED_AT |
detectionDetails.exploitability | EXPLOITABILITY |
detectionDetails.exploitabilityMaturity | EXPLOITABILITY_MATURITY |
detectionDetails.externalScannerId | EXTERNAL_SCANNER_ID |
detectionDetails.fileExtension | FILE_EXTENSION |
detectionDetails.fileName | FILE_NAME |
detectionDetails.filePath | PATH |
detectionDetails.fileUrl | FILE_URL |
detectionDetails.hasFixInVersion | HAS_FIX_IN_VERSION |
detectionDetails.hasFixSuggestion | HAS_FIX_SUGGESTION |
detectionDetails.isDefaultBranch | IS_DEFAULT_BRANCH |
detectionDetails.isDevDependency | IS_DEV_DEPENDENCY |
detectionDetails.isDirectDependency | IS_DIRECT_DEPENDENCY |
detectionDetails.isReachable | IS_REACHABLE |
detectionDetails.isRemediable | IS_REMEDIABLE |
detectionDetails.isSuggestedFirstPatchedVersion | IS_SUGGESTED_FIRST_PATCHED_VERSION |
detectionDetails.languages | LANGUAGES |
detectionDetails.line | LINE |
detectionDetails.lineInFile | LINE_IN_FILE |
detectionDetails.lineType | LINE_TYPE |
detectionDetails.manifestFilePath | MANIFEST_FILE_PATH |
detectionDetails.mergeCommitAllowed | MERGE_COMMIT_ALLOWED |
detectionDetails.organizationId | ORGANIZATION_ID |
detectionDetails.organizationName | ORGANIZATION_NAME |
detectionDetails.ossf.commit | OSSF_COMMIT |
detectionDetails.ossf.date | OSSF_DATE |
detectionDetails.ossf.score | OSSF_SCORE |
detectionDetails.ossf.scorecardReportUrl | OSSF_SCORECARD_URL |
detectionDetails.owasp | OWASP |
detectionDetails.packageEcosystem | PACKAGE_ECOSYSTEM |
detectionDetails.packageName | PACKAGE_NAME |
detectionDetails.packageVersion | PACKAGE_VERSION |
detectionDetails.packageVersionId | PACKAGE_VERSION_ID |
detectionDetails.policyId | POLICY_ID |
detectionDetails.projectPath | PROJECT_PATH |
detectionDetails.pullRequestNumber | PULL_REQUEST_NUMBER |
detectionDetails.rebaseMergeAllowed | REBASE_MERGE_ALLOWED |
detectionDetails.remediationMetadata.isMajorVersionChangeRequiredForPatch | IS_MAJOR_VERSION_CHANGE_REQUIRED |
detectionDetails.repositoryId | REPOSITORY_ID |
detectionDetails.repositoryName | REPOSITORY_NAME |
detectionDetails.repositoryProjectId | REPOSITORY_PROJECT_ID |
detectionDetails.repositoryUrl | REPOSITORY_URL |
detectionDetails.resolvingMethodType | RESOLVING_METHOD_TYPE |
detectionDetails.squashMergeAllowed | SQUASH_MERGE_ALLOWED |
detectionDetails.startPosition | START_POSITION |
detectionDetails.uniqueResourceId | UNIQUE_RESOURCE_ID |
detectionDetails.vulnerabilityDescription | VULNERABILITY_DESCRIPTION |
detectionDetails.vulnerabilityId | VULNERABILITY_ID |
detectionDetails.vulnerableComponent | VULNERABLE_COMPONENT |
detectionDetails.vulnerableComponentVersion | VULNERABLE_COMPONENT_VERSION |
detectionDetails.vulnerableResource | VULNERABLE_RESOURCE |
ViolationResource.assigneeId | ASSIGNEE_ID |
ViolationResource.category | CATEGORY |
ViolationResource.classification.classificationId | CLASSIFICATION_ID |
ViolationResource.classification.classificationLevel | CLASSIFICATION_LEVEL |
ViolationResource.correlationMessage | CORRELATION_MESSAGE |
ViolationResource.createdDate | DETECTED_AT |
ViolationResource.detectionId | DETECTION_ID |
ViolationResource.detectionRuleId | DETECTION_RULE_ID |
ViolationResource.detectionTypeId | DETECTION_TYPE_ID |
ViolationResource.effectivePolicyName | TYPE |
ViolationResource.effectivePolicyName | POLICY_NAME |
ViolationResource.externalSeverity | EXTERNAL_SEVERITY |
ViolationResource.firstClosedAt | FIRST_CLOSED_AT |
ViolationResource.id | UID |
ViolationResource.id | NAME |
ViolationResource.isHidden | IS_HIDDEN |
ViolationResource.isPendingReview | IS_PENDING_REVIEW |
ViolationResource.isPolicyDisabled | IS_POLICY_DISABLED |
ViolationResource.labels | LABELS |
ViolationResource.lastDetectedAt | LAST_DETECTED_AT |
ViolationResource.metadata | METADATA |
ViolationResource.policyLabels | POLICY_LABELS |
ViolationResource.policyTags | POLICY_TAGS |
ViolationResource.priority | PRIORITY |
ViolationResource.projectIds | PROJECT_IDS |
ViolationResource.provider | PROVIDER |
ViolationResource.remediable | REMEDIABLE |
ViolationResource.riskScore | RISK_SCORE |
ViolationResource.riskScoreSeverity | RISK_SCORE_SEVERITY |
ViolationResource.rootId | ROOT_ID |
ViolationResource.scanAggregationId | SCAN_AGGREGATION_ID |
ViolationResource.scanId | SCAN_ID |
ViolationResource.sdlcStages | SDLC_STAGES |
ViolationResource.severity | SEVERITY |
ViolationResource.slaStatus | SLA_STATUS |
ViolationResource.sourceEntityId | SOURCE_ENTITY_ID |
ViolationResource.sourceEntityId | TARGETS |
ViolationResource.sourceEntityName | SOURCE_ENTITY_NAME |
ViolationResource.sourceEntityType | SOURCE_ENTITY_TYPE |
ViolationResource.sourcePolicyType | SOURCE_POLICY_TYPE |
ViolationResource.status | PROVIDER_STATUS |
ViolationResource.status | SOURCE_STATUS |
ViolationResource.statusChangeMessage | STATUS_CHANGE_MESSAGE |
ViolationResource.statusReason | STATUS_REASON |
ViolationResource.statusUpdatedAt | STATUS_UPDATED_AT |
ViolationResource.statusUpdatedById | STATUS_UPDATED_BY_ID |
ViolationResource.subCategoryV2 | SUB_CATEGORY |
ViolationResource.tags | TAGS |
ViolationResource.tenantId | TENANT_ID |
ViolationResource.updatedDate | UPDATED_DATE |
| — | LAST_CAPTURED |
Violation
| Source Field Name | SDM Attribute |
|---|---|
detectionDetails.advisorySeverity | ADVISORY_SEVERITY |
detectionDetails.alert.affectedPackageName | AFFECTED_PACKAGE_NAME |
detectionDetails.alert.cveIdentifier | CVE_IDENTIFIER |
detectionDetails.alert.description | ALERT_DESCRIPTION |
detectionDetails.alert.firstPatchedVersion | FIRST_PATCHED_VERSION |
detectionDetails.alert.ghsaIdentifier | GHSA_IDENTIFIER |
detectionDetails.alert.lockFilePath | LOCK_FILE_PATH |
detectionDetails.alert.packageDescription | PACKAGE_DESCRIPTION |
detectionDetails.alert.summary | ALERT_SUMMARY |
detectionDetails.alert.vulnerableRequirements | VULNERABLE_REQUIREMENTS |
detectionDetails.branchId | BRANCH_ID |
detectionDetails.branchName | BRANCH_NAME |
detectionDetails.branchUrl | BRANCH_URL |
detectionDetails.buildTool | BUILD_TOOL |
detectionDetails.commitId | COMMIT_ID |
detectionDetails.cvssScore | CVSS_SCORE |
detectionDetails.cwe | CWE |
detectionDetails.dependencyPaths | DEPENDENCY_PATHS |
detectionDetails.detectionSource | DETECTION_SOURCE |
detectionDetails.ecosystem | ECOSYSTEM |
detectionDetails.endPosition | END_POSITION |
detectionDetails.entityType | ENTITY_TYPE |
detectionDetails.epss / detectionDetails.epssInfo.epss | EPSS |
detectionDetails.epssInfo.updatedAt | EPSS_UPDATED_AT |
detectionDetails.exploitability | EXPLOITABILITY |
detectionDetails.exploitabilityMaturity | EXPLOITABILITY_MATURITY |
detectionDetails.externalScannerId | EXTERNAL_SCANNER_ID |
detectionDetails.fileExtension | FILE_EXTENSION |
detectionDetails.fileName | FILE_NAME |
detectionDetails.filePath | PATH |
detectionDetails.fileUrl | FILE_URL |
detectionDetails.hasFixInVersion | HAS_FIX_IN_VERSION |
detectionDetails.hasFixSuggestion | HAS_FIX_SUGGESTION |
detectionDetails.isDefaultBranch | IS_DEFAULT_BRANCH |
detectionDetails.isDevDependency | IS_DEV_DEPENDENCY |
detectionDetails.isDirectDependency | IS_DIRECT_DEPENDENCY |
detectionDetails.isReachable | IS_REACHABLE |
detectionDetails.isRemediable | IS_REMEDIABLE |
detectionDetails.isSuggestedFirstPatchedVersion | IS_SUGGESTED_FIRST_PATCHED_VERSION |
detectionDetails.languages | LANGUAGES |
detectionDetails.line | LINE |
detectionDetails.lineInFile | LINE_IN_FILE |
detectionDetails.lineType | LINE_TYPE |
detectionDetails.manifestFilePath | MANIFEST_FILE_PATH |
detectionDetails.mergeCommitAllowed | MERGE_COMMIT_ALLOWED |
detectionDetails.organizationId | ORGANIZATION_ID |
detectionDetails.organizationName | ORGANIZATION_NAME |
detectionDetails.ossf.commit | OSSF_COMMIT |
detectionDetails.ossf.date | OSSF_DATE |
detectionDetails.ossf.score | OSSF_SCORE |
detectionDetails.ossf.scorecardReportUrl | OSSF_SCORECARD_URL |
detectionDetails.owasp | OWASP |
detectionDetails.packageEcosystem | PACKAGE_ECOSYSTEM |
detectionDetails.packageName | PACKAGE_NAME |
detectionDetails.packageVersion | PACKAGE_VERSION |
detectionDetails.packageVersionId | PACKAGE_VERSION_ID |
detectionDetails.policyId | POLICY_ID |
detectionDetails.projectPath | PROJECT_PATH |
detectionDetails.pullRequestNumber | PULL_REQUEST_NUMBER |
detectionDetails.rebaseMergeAllowed | REBASE_MERGE_ALLOWED |
detectionDetails.remediationMetadata.isMajorVersionChangeRequiredForPatch | IS_MAJOR_VERSION_CHANGE_REQUIRED |
detectionDetails.repositoryId | REPOSITORY_ID |
detectionDetails.repositoryName | REPOSITORY_NAME |
detectionDetails.repositoryProjectId | REPOSITORY_PROJECT_ID |
detectionDetails.repositoryUrl | REPOSITORY_URL |
detectionDetails.resolvingMethodType | RESOLVING_METHOD_TYPE |
detectionDetails.squashMergeAllowed | SQUASH_MERGE_ALLOWED |
detectionDetails.startPosition | START_POSITION |
detectionDetails.uniqueResourceId | UNIQUE_RESOURCE_ID |
detectionDetails.vulnerabilityDescription | VULNERABILITY_DESCRIPTION |
detectionDetails.vulnerabilityId | VULNERABILITY_ID |
detectionDetails.vulnerableComponent | VULNERABLE_COMPONENT |
detectionDetails.vulnerableComponentVersion | VULNERABLE_COMPONENT_VERSION |
detectionDetails.vulnerableResource | VULNERABLE_RESOURCE |
ViolationResource.assigneeId | ASSIGNEE_ID |
ViolationResource.category | CATEGORY |
ViolationResource.classification.classificationId | CLASSIFICATION_ID |
ViolationResource.classification.classificationLevel | CLASSIFICATION_LEVEL |
ViolationResource.correlationMessage | CORRELATION_MESSAGE |
ViolationResource.createdDate | DETECTED_AT |
ViolationResource.detectionId | DETECTION_ID |
ViolationResource.detectionRuleId | DETECTION_RULE_ID |
ViolationResource.detectionTypeId | DETECTION_TYPE_ID |
ViolationResource.effectivePolicyName | TYPE |
ViolationResource.effectivePolicyName | POLICY_NAME |
ViolationResource.externalSeverity | EXTERNAL_SEVERITY |
ViolationResource.firstClosedAt | FIRST_CLOSED_AT |
ViolationResource.id | UID |
ViolationResource.id | NAME |
ViolationResource.isHidden | IS_HIDDEN |
ViolationResource.isPendingReview | IS_PENDING_REVIEW |
ViolationResource.isPolicyDisabled | IS_POLICY_DISABLED |
ViolationResource.labels | LABELS |
ViolationResource.lastDetectedAt | LAST_DETECTED_AT |
ViolationResource.metadata | METADATA |
ViolationResource.policyLabels | POLICY_LABELS |
ViolationResource.policyTags | POLICY_TAGS |
ViolationResource.priority | PRIORITY |
ViolationResource.projectIds | PROJECT_IDS |
ViolationResource.provider | PROVIDER |
ViolationResource.remediable | REMEDIABLE |
ViolationResource.riskScore | RISK_SCORE |
ViolationResource.riskScoreSeverity | RISK_SCORE_SEVERITY |
ViolationResource.rootId | ROOT_ID |
ViolationResource.scanAggregationId | SCAN_AGGREGATION_ID |
ViolationResource.scanId | SCAN_ID |
ViolationResource.sdlcStages | SDLC_STAGES |
ViolationResource.severity | SEVERITY |
ViolationResource.slaStatus | SLA_STATUS |
ViolationResource.sourceEntityId | SOURCE_ENTITY_ID |
ViolationResource.sourceEntityId | TARGETS |
ViolationResource.sourceEntityName | SOURCE_ENTITY_NAME |
ViolationResource.sourceEntityType | SOURCE_ENTITY_TYPE |
ViolationResource.sourcePolicyType | SOURCE_POLICY_TYPE |
ViolationResource.status | PROVIDER_STATUS |
ViolationResource.status | SOURCE_STATUS |
ViolationResource.statusChangeMessage | STATUS_CHANGE_MESSAGE |
ViolationResource.statusReason | STATUS_REASON |
ViolationResource.statusUpdatedAt | STATUS_UPDATED_AT |
ViolationResource.statusUpdatedById | STATUS_UPDATED_BY_ID |
ViolationResource.subCategoryV2 | SUB_CATEGORY |
ViolationResource.tags | TAGS |
ViolationResource.tenantId | TENANT_ID |
ViolationResource.updatedDate | UPDATED_DATE |
| — | LAST_CAPTURED |
SAST Finding Definition
| Source Field Name | SDM Attribute |
|---|---|
PolicyResource.category | CATEGORY |
PolicyResource.categoryV2 | CATEGORY_V2 |
PolicyResource.createdAt | CREATED_AT |
PolicyResource.description | DESCRIPTION |
PolicyResource.detectionRuleIds | DETECTION_RULE_IDS |
PolicyResource.displayName | DISPLAY_NAME |
PolicyResource.displayName / name / policyId | UID |
PolicyResource.displayName / name / policyId | NAME |
PolicyResource.iacProviders | IAC_PROVIDERS |
PolicyResource.isEnabled | IS_ENABLED |
PolicyResource.labels | LABELS |
PolicyResource.labels | TAGS |
PolicyResource.languages (overridden by ruleContent.languages when present) | LANGUAGES |
PolicyResource.lastUpdatedAt | LAST_UPDATED_AT |
PolicyResource.policyId | SOURCE_ID |
PolicyResource.policyIds | POLICY_IDS |
PolicyResource.policyTags | POLICY_TAGS |
PolicyResource.policyType | POLICY_TYPE |
PolicyResource.policyType | CATEGORIES |
PolicyResource.policyTypeV2 | POLICY_TYPE_V2 |
PolicyResource.providers | PROVIDERS |
PolicyResource.sdlcStages | SDLC_STAGES |
PolicyResource.secretType | SECRET_TYPE |
PolicyResource.securityTools | SECURITY_TOOLS |
PolicyResource.severities | SEVERITIES |
PolicyResource.severity | SEVERITY |
PolicyResource.severity | SOURCE_SEVERITY |
PolicyResource.severity | SEVERITY_SCORE |
PolicyResource.source | SOURCE |
ruleContent.cvss | CVSS |
ruleContent.cwe | CWE |
ruleContent.owasp | OWASP |
ruleContent.references | REFERENCES |
ruleContent.remediation | REMEDIATION |
ruleContent.scannerId | SCANNER_ID |
ruleContent.systemDetectionRuleId | SYSTEM_DETECTION_RULE_ID |
| — | LAST_CAPTURED |
SCA Finding Definition
| Source Field Name | SDM Attribute |
|---|---|
PolicyResource.category | CATEGORY |
PolicyResource.categoryV2 | CATEGORY_V2 |
PolicyResource.createdAt | CREATED_AT |
PolicyResource.description | DESCRIPTION |
PolicyResource.detectionRuleIds | DETECTION_RULE_IDS |
PolicyResource.displayName | DISPLAY_NAME |
PolicyResource.displayName / name / policyId | UID |
PolicyResource.displayName / name / policyId | NAME |
PolicyResource.iacProviders | IAC_PROVIDERS |
PolicyResource.isEnabled | IS_ENABLED |
PolicyResource.labels | LABELS |
PolicyResource.labels | TAGS |
PolicyResource.languages (overridden by ruleContent.languages when present) | LANGUAGES |
PolicyResource.lastUpdatedAt | LAST_UPDATED_AT |
PolicyResource.policyId | SOURCE_ID |
PolicyResource.policyIds | POLICY_IDS |
PolicyResource.policyTags | POLICY_TAGS |
PolicyResource.policyType | POLICY_TYPE |
PolicyResource.policyType | CATEGORIES |
PolicyResource.policyTypeV2 | POLICY_TYPE_V2 |
PolicyResource.providers | PROVIDERS |
PolicyResource.sdlcStages | SDLC_STAGES |
PolicyResource.secretType | SECRET_TYPE |
PolicyResource.securityTools | SECURITY_TOOLS |
PolicyResource.severities | SEVERITIES |
PolicyResource.severity | SEVERITY |
PolicyResource.severity | SOURCE_SEVERITY |
PolicyResource.severity | SEVERITY_SCORE |
PolicyResource.source | SOURCE |
ruleContent.cvss | CVSS |
ruleContent.cwe | CWE |
ruleContent.owasp | OWASP |
ruleContent.references | REFERENCES |
ruleContent.remediation | REMEDIATION |
ruleContent.scannerId | SCANNER_ID |
ruleContent.systemDetectionRuleId | SYSTEM_DETECTION_RULE_ID |
| — | LAST_CAPTURED |
Violation Definition
| Source Field Name | SDM Attribute |
|---|---|
PolicyResource.category | CATEGORY |
PolicyResource.categoryV2 | CATEGORY_V2 |
PolicyResource.createdAt | CREATED_AT |
PolicyResource.description | DESCRIPTION |
PolicyResource.detectionRuleIds | DETECTION_RULE_IDS |
PolicyResource.displayName | DISPLAY_NAME |
PolicyResource.displayName / name / policyId | UID |
PolicyResource.displayName / name / policyId | NAME |
PolicyResource.iacProviders | IAC_PROVIDERS |
PolicyResource.isEnabled | IS_ENABLED |
PolicyResource.labels | LABELS |
PolicyResource.labels | TAGS |
PolicyResource.languages (overridden by ruleContent.languages when present) | LANGUAGES |
PolicyResource.lastUpdatedAt | LAST_UPDATED_AT |
PolicyResource.policyId | SOURCE_ID |
PolicyResource.policyIds | POLICY_IDS |
PolicyResource.policyTags | POLICY_TAGS |
PolicyResource.policyType | POLICY_TYPE |
PolicyResource.policyType | CATEGORIES |
PolicyResource.policyTypeV2 | POLICY_TYPE_V2 |
PolicyResource.providers | PROVIDERS |
PolicyResource.sdlcStages | SDLC_STAGES |
PolicyResource.secretType | SECRET_TYPE |
PolicyResource.securityTools | SECURITY_TOOLS |
PolicyResource.severities | SEVERITIES |
PolicyResource.severity | SEVERITY |
PolicyResource.severity | SOURCE_SEVERITY |
PolicyResource.severity | SEVERITY_SCORE |
PolicyResource.source | SOURCE |
ruleContent.cvss | CVSS |
ruleContent.cwe | CWE |
ruleContent.owasp | OWASP |
ruleContent.references | REFERENCES |
ruleContent.remediation | REMEDIATION |
ruleContent.scannerId | SCANNER_ID |
ruleContent.systemDetectionRuleId | SYSTEM_DETECTION_RULE_ID |
| — | LAST_CAPTURED |
Operations & API
Expand each connector object to see its operation options, delta-sync behavior, and the API it uses. See connector operation options for how to apply operation options (keys and values are case-sensitive).
Repository
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint · Endpoint:
GET api/repositories
Project
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint · Endpoint:
GET v4/projects
SAST Finding
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint · Endpoint:
GET v4/violations - Default filters: client-side
violationType == "SAST"
SCA Finding
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint · Endpoint:
GET v4/violations - Default filters: client-side
violationType == "vulnerable_code_dependency"andsubCategoryV2 == "Dependency Vulnerability"
Violation
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint · Endpoint:
GET v4/violations - Default filters: client-side — all violations that are not SAST and not SCA
SAST Finding Definition
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint · Endpoint:
GET api/policies - Default filters: client-side
policyType == "SAST"
SCA Finding Definition
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint · Endpoint:
GET api/policies - Default filters: client-side
policyType == "SCA"
Violation Definition
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint · Endpoint:
GET api/policies - Default filters: client-side — all policies that are not SAST and not SCA
Changelog
The Cycode connector has undergone the following changes:
| Version | Description | Migration Steps |
|---|---|---|
| 3.0.1 | Improvements - Documentation: every model — repositories, projects, findings (SAST, SCA, and generic violations), and their policy definitions — now carries a complete, self-contained attribute reference. The published connector documentation page now lists all models and their fields instead of dropping the finding and definition models. | N/A |
| 3.0.0 | Overview The Cycode connector integrates with the Cycode Application Security Posture Management (ASPM) platform to synchronize repositories, projects, and security findings across SAST, SCA, secrets, Infrastructure as Code (IaC), and CI/CD domains, along with the policy definitions behind those findings. Category: Application Security Models | N/A |