Security Assistant
This API forwards the incoming question and vulnerability context to an external AI model assistant and streams back the AI’s response in real-time (text/event-stream).
Authorizations
Query Parameters
Organization ID
Body
A code snippet representing the vulnerable logic or affected lines.
"try {\n const user = db.getUserById(req.query.id);\n res.send(user);\n} catch (err) {\n res.status(500).send(\"Error\");\n}\n"
CWE identifier, if applicable.
"CWE-79"
Optional name or title of the CWE.
"Cross-Site Scripting"
Line number(s) where the issue appears.
"105"
Name or path of the file containing the snippet.
"userController.js"
A question to the Security Assistant
"How to fix this?"
TRUE POSITIVE, FALSE POSITIVE or UNVERIFIED
"UNVERIFIED"
Reason of how this is identified as vulnerability from the scanner
"SQL Injection in the code"
User parameters in the Query string
"User parameters in the Query string"
Response
The response is of type string
.