> ## Documentation Index > Fetch the complete documentation index at: https://docs.corgea.app/llms.txt > Use this file to discover all available pages before exploring further. # Start New Scan > Initiates a new BLAST scan with file upload. Accepts one or more files for scanning. ## OpenAPI ````yaml /api-reference/openapi.json post /start-scan openapi: 3.0.0 info: title: Corgea API version: 1.0.0 description: >- API for interacting with Corgea's scanning and vulnerability management features servers: - url: https://www.corgea.app/api/v1 description: Production server security: - CorgeaToken: [] - BearerAuth: [] paths: /start-scan: post: tags: - Starting Corgea Scan summary: Start New Scan description: >- Initiates a new BLAST scan with file upload. Accepts one or more files for scanning. operationId: startScan requestBody: required: true content: multipart/form-data: schema: type: object required: - scan_type - files properties: scan_type: type: string enum: - blast default: blast description: Currently only blast scan is supported repo_url: type: string description: The URL of the repository (optional) branch: type: string description: The branch to be scanned (optional) sha: type: string description: The commit SHA to be scanned (optional) files: type: array items: type: string format: binary description: >- Source code files to be scanned. For BLAST scans, only a single file is currently supported. responses: '200': description: Scan initiated successfully content: application/json: schema: type: object properties: message: type: string example: Successfully initiated upload at /tmp/uploads/transfer_id transfer_id: type: string format: uuid example: c9b0a8c7-f9b4-4c10-9d58-cd4c7e1c9c52 status: type: string enum: - OK example: OK '400': description: Bad request - validation errors content: application/json: schema: type: object properties: status: type: string example: error message: type: string example: No files uploaded for blast examples: no_files: summary: No files uploaded value: status: error message: No files uploaded for blast multiple_files: summary: Multiple files for BLAST scan value: status: error message: Multiple files uploaded for blast scan_not_enabled: summary: Scan type not enabled value: status: error message: Only Blast scan is currently enabled by the API file_validation_error: summary: File validation failed value: status: error message: 'File validation error: Invalid file type or size' '403': description: Permission denied content: application/json: schema: type: object properties: error: type: string example: Permission denied components: securitySchemes: CorgeaToken: type: apiKey in: header name: CORGEA-TOKEN description: API key for authentication BearerAuth: type: http scheme: bearer bearerFormat: JWT description: OAuth2 access token (JWT) in the Authorization header ````