POST
/api/security/scansCreate a scan
Submit a repository, branch, and scan profile for analysis.
Developer docs
Build security scanning into your pipeline
Use the Shomar API to start SAST scans, retrieve findings, export compliance evidence, and connect security checks to CI/CD workflows.
Base URL
https://api.shomarsec.com/v1Authentication
Send API tokens using the Authorization header.
Support
Email support@shomarsec.com for sandbox access.
Quickstart
- 1. Create an API token from Dashboard settings.
- 2. Submit a scan request with a repository URL and branch.
- 3. Poll the scan endpoint until the status is complete.
- 4. Use returned findings to open remediation tasks or fail a CI/CD job.
curl -X POST https://api.shomarsec.com/v1/security/scans \
-H "Authorization: Bearer $SHOMAR_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"repository_url": "https://github.com/acme/payments-api",
"branch": "main",
"scan_type": "sast",
"frameworks": ["owasp-top-10", "popia", "ndpr"]
}'Core endpoints
GET
/api/security/scans/{scan_id}Fetch scan results
Retrieve severity counts, findings, remediation guidance, and compliance mappings.
POST
/api/security/compliance/assessRun compliance assessment
Evaluate evidence and scan findings against POPIA, NDPR, Kenya DPA, or custom controls.