DryRun API

Programmatic access to DryRun Security findings, scans, configurations, and insights via the Simple API.

DryRun Simple API

The DryRun Simple API provides programmatic access to your organization's security data: findings, scans, deepscans, configurations, repositories, and insights.

Swagger UI: https://simple-api.dryrun.security/api-docs/index.html
OpenAPI (v3.0) spec: https://simple-api.dryrun.security/api-docs/v1/swagger.yaml
Base URL: https://simple-api.dryrun.security/v1

Authentication

For information on creating and managing API keys, see the API Access Keys page. All API requests require a valid API key sent in the Authorization header using the Bearer scheme.

Quick Start

Most endpoints are scoped to an account. You will need:

account_id - provided by the DryRun Security platform (e.g., 12345678-1234-1234-1234-1234567890ab)
repository_id - a UUID for a repository

Typical workflow:

List your accessible accounts.
Pick an account, then list repositories in that account.
Use repository IDs to fetch scans and findings.

Step 1: List accounts

curl \
  -H "Authorization: Bearer $DRYRUN_API_KEY" \
  "https://simple-api.dryrun.security/v1/accounts"

Example response:

{
  "data": [
    {
      "account_id": "22222222-2222-2222-2222-222222222222",
      "org_name": "SampleOrg",
      ...
    }
  ]
}

Step 2: Get repositories

curl -X 'GET' \
  -H 'Authorization: Bearer $DRYRUN_API_KEY' \
  'https://simple-api.dryrun.security/v1/accounts/22222222-2222-2222-2222-222222222222/repositories'

Example response:

{
  "data": [
    {
      "id": "11111111-1111-1111-1111-111111111111",
      "name": "some-demo-repo-name",
      ...
    }
  ]
}

Step 3: Get findings for a repository

curl -X 'GET' \
  -H 'Authorization: Bearer $DRYRUN_API_KEY' \
  'https://simple-api.dryrun.security/v1/accounts/22222222-2222-2222-2222-222222222222/repositories/11111111-1111-1111-1111-111111111111/findings'

Example response:

{
  "data": [
    {
      "id": "00000000-0000-0000-0000-000000000000",
      "dashboard_url": "https://app.dryrun.security/risk-register/44444444-4444-4444-4444-444444444444",
      "severity": "error",
      "type": "Missing Authorization and IDOR in User Deletion",
      "description": "The new DELETE /users/{id} endpoint is registered without any authentication or authorization middleware...",
      "filename": "backend/main.go",
      "line_start": 516,
      "line_end": 553,
      "created_at": "2026-03-03T00:00:00Z"
    },
    ...
  ]
}

Endpoint Reference

Accounts

GET /v1/accounts List all accounts accessible by the API key.

Retrieve all accounts that the authenticated API key has access to, including organization information.

Responses

200 - accounts listed

Example (curl)

curl \
  -H "Authorization: Bearer $DRYRUN_API_KEY" \
  "https://simple-api.dryrun.security/v1/accounts"

Repositories

GET /v1/accounts/{account_id}/repositories List all repositories for an account.

Retrieve all repositories associated with the specified account.

Parameters

Name	In	Required	Type	Description
account_id	path	yes	string	Account ID

Responses

200 - repositories listed

Example (curl)

curl \
  -H "Authorization: Bearer $DRYRUN_API_KEY" \
  "https://simple-api.dryrun.security/v1/accounts/{account_id}/repositories"

Scans

GET /v1/accounts/{account_id}/repositories/{repository_id}/scans List PR scans for a repository.

List PR scans for a repository. Supports filtering by status, date, and pagination.

Parameters

Name	In	Required	Type	Description
account_id	path	yes	string	Account ID
repository_id	path	yes	string	Repository ID

Responses

200 - scans listed

Example (curl)

curl \
  -H "Authorization: Bearer $DRYRUN_API_KEY" \
  "https://simple-api.dryrun.security/v1/accounts/{account_id}/repositories/{repository_id}/scans"

GET /v1/accounts/{account_id}/repositories/{repository_id}/scans/{id} Get detailed PR scan results including findings.

Get detailed results for a specific PR scan, including all findings.

Parameters

Name	In	Required	Type	Description
account_id	path	yes	string	Account ID
repository_id	path	yes	string	Repository ID
id	path	yes	string	Scan ID

Responses

200 - scan found

Example (curl)

curl \
  -H "Authorization: Bearer $DRYRUN_API_KEY" \
  "https://simple-api.dryrun.security/v1/accounts/{account_id}/repositories/{repository_id}/scans/{id}"

Findings

GET /v1/accounts/{account_id}/repositories/{repository_id}/findings List all PR findings for a repository.

List all PR findings for a repository. Each finding includes a dashboard_url linking to the finding in the DryRun Security dashboard.

Parameters

Name	In	Required	Type	Description
account_id	path	yes	string	Account ID
repository_id	path	yes	string	Repository ID

Responses

200 - findings listed

Example (curl)

curl \
  -H "Authorization: Bearer $DRYRUN_API_KEY" \
  "https://simple-api.dryrun.security/v1/accounts/{account_id}/repositories/{repository_id}/findings"

GET /v1/accounts/{account_id}/all_findings List all findings across PR scans, DeepScans, SCA, and code policies for an account.

List all findings across PR scans, DeepScans, SCA, and code policies for an account. By default, returns only findings from the latest scan. Results are sorted by newest first.

Parameters

Name	In	Required	Type	Description
account_id	path	yes	string	Account ID
days	query	yes	integer	Filter to findings from the last N days (1-365)
finding_type	query	no	string	Filter by finding type. One of: deepscan, pullrequest, sca, code_policy, all. Defaults to 'all'
severity	query	no	string	Filter by severity (comma-separated: critical, high, medium, low)
repository_id	query	no	string	Filter by repository ID
branch	query	no	string	Filter SCA and DeepScan findings by branch name. When omitted, returns findings from the default branch. Does not affect PR or code policy findings.
all_results	query	no	boolean	When true, returns all findings including historical scans. Defaults to false (latest scan only).
page	query	no	integer	Page number (default: 1)
per_page	query	no	integer	Results per page (default: 50, max: 100)

Responses

200 - findings listed

Example (curl)

curl \
  -H "Authorization: Bearer $DRYRUN_API_KEY" \
  "https://simple-api.dryrun.security/v1/accounts/{account_id}/all_findings?days=30"

Finding Triage

POST /v1/accounts/{account_id}/findings/{finding_id}/triage Set a triage category for a finding.

Set a triage category for a finding to track its resolution status.

Parameters

Name	In	Required	Type	Description
account_id	path	yes	string	Account ID
finding_id	path	yes	string	Finding ID

Request Body

{
  "triage_category": "false_positive"
}

Valid values for triage_category: false_positive, wont_fix, accepted_risk, in_progress.

Responses

200 - triage category set

Example (curl)

curl -X POST \
  -H "Authorization: Bearer $DRYRUN_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"triage_category": "false_positive"}' \
  "https://simple-api.dryrun.security/v1/accounts/{account_id}/findings/{finding_id}/triage"

GET /v1/accounts/{account_id}/findings/{finding_id}/triage Get the triage status for a finding.

Retrieve the current triage status for a specific finding.

Parameters

Name	In	Required	Type	Description
account_id	path	yes	string	Account ID
finding_id	path	yes	string	Finding ID

Responses

200 - triage status returned

Example (curl)

curl \
  -H "Authorization: Bearer $DRYRUN_API_KEY" \
  "https://simple-api.dryrun.security/v1/accounts/{account_id}/findings/{finding_id}/triage"

DELETE /v1/accounts/{account_id}/findings/{finding_id}/triage Remove the triage category from a finding.

Remove the triage category from a finding, resetting its triage status.

Parameters

Name	In	Required	Type	Description
account_id	path	yes	string	Account ID
finding_id	path	yes	string	Finding ID

Responses

200 - triage category removed

Example (curl)

curl -X DELETE \
  -H "Authorization: Bearer $DRYRUN_API_KEY" \
  "https://simple-api.dryrun.security/v1/accounts/{account_id}/findings/{finding_id}/triage"

Deepscans

GET /v1/accounts/{account_id}/deepscans List all deepscans for an account.

Retrieve all deepscans associated with the specified account.

Parameters

Name	In	Required	Type	Description
account_id	path	yes	string	Account ID

Responses

200 - deepscans listed

Example (curl)

curl \
  -H "Authorization: Bearer $DRYRUN_API_KEY" \
  "https://simple-api.dryrun.security/v1/accounts/{account_id}/deepscans"

GET /v1/accounts/{account_id}/repositories/{repository_id}/deepscans List deepscans for a repository.

Retrieve all deepscans for a specific repository.

Parameters

Name	In	Required	Type	Description
account_id	path	yes	string	Account ID
repository_id	path	yes	string	Repository ID

Responses

200 - deepscans listed

Example (curl)

curl \
  -H "Authorization: Bearer $DRYRUN_API_KEY" \
  "https://simple-api.dryrun.security/v1/accounts/{account_id}/repositories/{repository_id}/deepscans"

GET /v1/accounts/{account_id}/repositories/{repository_id}/deepscans/{deepscan_id}/results List findings for a specific deepscan.

Retrieve all findings from a specific deepscan run.

Parameters

Name	In	Required	Type	Description
account_id	path	yes	string	Account ID
repository_id	path	yes	string	Repository ID
deepscan_id	path	yes	string	DeepScan ID

Responses

200 - deepscan results listed

Example (curl)

curl \
  -H "Authorization: Bearer $DRYRUN_API_KEY" \
  "https://simple-api.dryrun.security/v1/accounts/{account_id}/repositories/{repository_id}/deepscans/{deepscan_id}/results"

GET /v1/accounts/{account_id}/repositories/{repository_id}/deepscans/{deepscan_id}/sca_results List SCA findings for a specific DeepScan run.

List SCA findings for a specific DeepScan run.

Parameters

Name	In	Required	Type	Description
account_id	path	yes	string	Account ID
repository_id	path	yes	string	Repository ID
deepscan_id	path	yes	string	DeepScan ID
severity	query	no	string	Filter by severity (comma-separated). Valid values: critical, high, medium, low

Response Fields

id, dashboard_url, title, description, severity, package_name, package_version, package_ecosystem, cve_id, cvss_score, fixed_version, remediation, locations, references, created_at

Responses

200 - SCA results listed

Example (curl)

curl \
  -H "Authorization: Bearer <your-api-key>" \
  "https://simple-api.dryrun.security/v1/accounts/{account_id}/repositories/{repository_id}/deepscans/{deepscan_id}/sca_results"

Configurations

GET /v1/accounts/{account_id}/configurations List configurations for an account.

Retrieve all configurations associated with the specified account.

Parameters

Name	In	Required	Type	Description
account_id	path	yes	string	Account ID

Responses

200 - configurations listed

Example (curl)

curl \
  -H "Authorization: Bearer $DRYRUN_API_KEY" \
  "https://simple-api.dryrun.security/v1/accounts/{account_id}/configurations"

POST /v1/accounts/{account_id}/configurations Create a new configuration.

Create a new configuration for the specified account.

Parameters

Name	In	Required	Type	Description
account_id	path	yes	string	Account ID

Request Body

{
  "configuration": {
    "name": "string",
    "configuration": {
      "comment": "disabled",
      "show_scan_confirmation": false,
      "risk_threshold": 0,
      "analyzers": {},
      "code_policies": [
        {
          "id": null,
          "enabled": null,
          "silent": null,
          "blocking": null
        }
      ],
      "notifications": {
        "enabled": false,
        "deduplicate": false,
        "integrationNames": [null]
      }
    }
  },
  "repositories": [
    "00000000-0000-0000-0000-000000000000"
  ]
}

Responses

201 - configuration created

Example (curl)

curl -X POST \
  -H "Authorization: Bearer $DRYRUN_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"configuration": {"name": "My Config", "configuration": {"comment": "disabled", "risk_threshold": 0, "analyzers": {}}}, "repositories": []}' \
  "https://simple-api.dryrun.security/v1/accounts/{account_id}/configurations"

POST /v1/accounts/{account_id}/configurations/assign_repositories Assign a configuration to multiple repositories.

Assign a configuration to one or more repositories by ID, name, or pattern.

Parameters

Name	In	Required	Type	Description
account_id	path	yes	string	Account ID

Request Body

{
  "configuration_id": "00000000-0000-0000-0000-000000000000",
  "repository_ids": [
    "00000000-0000-0000-0000-000000000000"
  ],
  "repository_names": [
    "string"
  ],
  "repository_pattern": "string"
}

Responses

200 - repositories assigned

Example (curl)

curl -X POST \
  -H "Authorization: Bearer $DRYRUN_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"configuration_id": "CONFIG_ID", "repository_ids": ["REPO_ID"]}' \
  "https://simple-api.dryrun.security/v1/accounts/{account_id}/configurations/assign_repositories"

POST /v1/accounts/{account_id}/configurations/bulk_update Bulk update multiple configurations.

Apply the same updates to multiple configurations at once.

Parameters

Name	In	Required	Type	Description
account_id	path	yes	string	Account ID

Request Body

{
  "configuration_ids": [
    "00000000-0000-0000-0000-000000000000"
  ],
  "updates": {
    "comment": "disabled",
    "show_scan_confirmation": false,
    "risk_threshold": 0,
    "analyzers": {},
    "code_policies": [
      {
        "id": "00000000-0000-0000-0000-000000000000",
        "enabled": false,
        "silent": false,
        "blocking": false
      }
    ],
    "notifications": {
      "enabled": false,
      "deduplicate": false,
      "integrationNames": ["string"]
    }
  }
}

Responses

200 - configurations updated

Example (curl)

curl -X POST \
  -H "Authorization: Bearer $DRYRUN_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"configuration_ids": ["CONFIG_ID_1", "CONFIG_ID_2"], "updates": {"risk_threshold": 5}}' \
  "https://simple-api.dryrun.security/v1/accounts/{account_id}/configurations/bulk_update"

GET /v1/accounts/{account_id}/configurations/{id} Get a single configuration.

Retrieve details for a specific configuration.

Parameters

Name	In	Required	Type	Description
account_id	path	yes	string	Account ID
id	path	yes	string	Configuration ID

Responses

200 - configuration found

Example (curl)

curl \
  -H "Authorization: Bearer $DRYRUN_API_KEY" \
  "https://simple-api.dryrun.security/v1/accounts/{account_id}/configurations/{id}"

PUT /v1/accounts/{account_id}/configurations/{id} Update a configuration.

Update an existing configuration.

Parameters

Name	In	Required	Type	Description
account_id	path	yes	string	Account ID
id	path	yes	string	Configuration ID

Request Body

{
  "configuration": {
    "name": "string",
    "configuration": {
      "comment": "disabled",
      "show_scan_confirmation": false,
      "risk_threshold": 0,
      "analyzers": {},
      "code_policies": [
        {
          "id": null,
          "enabled": null,
          "silent": null,
          "blocking": null
        }
      ],
      "notifications": {
        "enabled": false,
        "deduplicate": false,
        "integrationNames": [null]
      }
    }
  }
}

Responses

200 - configuration updated

Example (curl)

curl -X PUT \
  -H "Authorization: Bearer $DRYRUN_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"configuration": {"name": "Updated Config", "configuration": {"risk_threshold": 5}}}' \
  "https://simple-api.dryrun.security/v1/accounts/{account_id}/configurations/{id}"

DELETE /v1/accounts/{account_id}/configurations/{id} Delete a configuration.

Permanently delete a configuration. This action cannot be undone.

Parameters

Name	In	Required	Type	Description
account_id	path	yes	string	Account ID
id	path	yes	string	Configuration ID

Responses

200 - configuration deleted

Example (curl)

curl -X DELETE \
  -H "Authorization: Bearer $DRYRUN_API_KEY" \
  "https://simple-api.dryrun.security/v1/accounts/{account_id}/configurations/{id}"

Analyzers

GET /v1/accounts/{account_id}/analyzers List available analyzers.

Retrieve all enabled and visible analyzers. Use the slug field as the key in configuration analyzer settings.

Parameters

Name	In	Required	Type	Description
account_id	path	yes	string	Account ID

Responses

200 - analyzers listed

Example (curl)

curl \
  -H "Authorization: Bearer $DRYRUN_API_KEY" \
  "https://simple-api.dryrun.security/v1/accounts/{account_id}/analyzers"

Custom Policies

GET /v1/accounts/{account_id}/custom_policies List all Custom Code Policies for an account.

Retrieve all Custom Code Policies associated with the specified account.

Parameters

Name	In	Required	Type	Description
account_id	path	yes	string	Account ID

Responses

200 - custom policies listed

Example (curl)

curl \
  -H "Authorization: Bearer $DRYRUN_API_KEY" \
  "https://simple-api.dryrun.security/v1/accounts/{account_id}/custom_policies"

Insights

GET /v1/accounts/{account_id}/insights Retrieve the daily insights digest.

Retrieve the daily insights digest for an account. Supports an optional date query parameter in YYYY-MM-DD format.

Parameters

Name	In	Required	Type	Description
account_id	path	yes	string	Account ID
date	query	no	string	Date in YYYY-MM-DD format

Responses

200 - insights returned

Example (curl)

curl \
  -H "Authorization: Bearer $DRYRUN_API_KEY" \
  "https://simple-api.dryrun.security/v1/accounts/{account_id}/insights?date=2026-01-15"

Conventions

IDs and scoping: account_id is required for most endpoints. repository_id is required for repository-scoped endpoints.
Response shape: Most list endpoints return a top-level data array.
Errors: If an item is not found, endpoints return 404 with {"error": "not found"}.

Support

If you have questions about authentication, account access, or expected responses, contact DryRun Security support and include the endpoint URL you called, the HTTP status code, and the request_id header (if present).