Update Code Repository Settings
Updates the code repositories to scan. The list of code repositories to scan is updated in a single shot.
To invoke this endpoint in the Console UI:
Navigate to Defend > Vulnerabilities > Code repositories.
Under the GitHub repositories scan scope table, add a scope item using + Add scope
Note: If your table is not present add an item to the table by clicking Add the first item.
Click the Save button.
General Set up and Scan Process
This endpoint works hand-in-hand with the
To set up Prisma Cloud to scan your code repositories:
Add a scan scope with this endpoint (
/settings/coderepos), where the principle component is the account information for the service that hosts your code repositories.
For example, specify the the credentials of your GitHub account. You can further refine the scope by specifying which repos to scan using explicit strings or pattern matching. Scan all repos by specifying a wildcard.
Prisma Cloud auto-discovers all code repositories in each scan scope.
The system invokes the GET
/coderepos/discoverendpoint to discover the available repositories using the credential ID provided.
The list of auto-discovered code repositories is passed to the scanner for evaluation.
The scanner uses the corresponding
/policies/vulnerability/codereposendpoint to assess each code repository.
Each scan scope is specified as an element in the endpoint's payload array.
Itemize the repositories to scan in the
A wildcard tells Prisma Cloud to scan all repos in the account.
The critical fields for this endpoint are:
type- Hosting service, such as GitHub (
credentialID- Credential, from the credentials store, that Prisma Cloud uses to authenticate with the hosting service.
repositories- List of repository names. The format is
Refer to the following example cURL command that overwrites all code repository scan scopes with a single new scan scope:
$ curl 'https://<CONSOLE>/api/v<VERSION>/settings/coderepos' \
-X PUT \
-u <USER> \
-H 'Content-Type: application/json' \
This scan scope includes all repositories in the GitHub account that can be accessed with
Note: No response will be returned upon successful execution.
- Array [
ID of the credentials in the credentials store to use for authenticating with the code repo service provider.
Paths in the repository the scanner ignores when looking for manifest files to evaluate.
Additional manifest files for the scanner to evaluate. Explicitly specify manifest filenames when you use non-standard naming schemes. (e.g., prod-requirements.txt).
Indicates whether this specification is meant for (unauthenticated) public-only scanning (true) or private as well (false).
Repository names to scan. The format is
Python version to consider when resolving Python dependencies. The default value is the latest version.
Possible values: [
CodeRepoProviderType is the type of provider for the code repository, e.g., GitHub, GitLab etc