> ## Documentation Index
> Fetch the complete documentation index at: https://docs.corgea.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Upload Scan

> Upload a completed scan report from CLI tools. This endpoint receives pre-generated scan results from Semgrep, Snyk, Checkmarx, CodeQL, and Fortify and integrates them into the system.



## OpenAPI

````yaml /api-reference/openapi.json post /scan-upload
openapi: 3.0.0
info:
  title: Corgea API
  version: 1.0.0
  description: >-
    API for interacting with Corgea's scanning and vulnerability management
    features
servers:
  - url: https://www.corgea.app/api/v1
    description: Production server
security:
  - CorgeaToken: []
  - BearerAuth: []
paths:
  /scan-upload:
    post:
      tags:
        - Uploading 3rd Party Scan
      summary: Upload Scan
      description: >-
        Upload a completed scan report from CLI tools. This endpoint receives
        pre-generated scan results from Semgrep, Snyk, Checkmarx, CodeQL, and
        Fortify and integrates them into the system.
      operationId: scanUpload
      parameters:
        - name: run_id
          in: query
          required: true
          schema:
            type: string
          description: The ID of the run associated with the scan report
        - name: engine
          in: query
          required: true
          schema:
            type: string
            enum:
              - checkmarx
              - codeql
              - fortify
              - semgrep
              - snyk
          description: The engine used for the scan
        - name: project
          in: query
          required: true
          schema:
            type: string
          description: The name of the project
        - name: repo_data
          in: query
          required: false
          schema:
            type: string
          description: >-
            Base64-encoded JSON string containing repository information
            (branch_name, integration_url, etc.)
      requestBody:
        required: true
        description: The scan report content as UTF-8 text (typically SARIF or JSON format)
        content:
          text/plain:
            schema:
              type: string
      responses:
        '200':
          description: Scan report uploaded successfully
          content:
            application/json:
              schema:
                type: object
                properties:
                  status:
                    type: string
                    example: ok
        '400':
          description: Invalid request or content
          content:
            application/json:
              schema:
                type: object
                properties:
                  status:
                    type: string
                    example: invalid content
components:
  securitySchemes:
    CorgeaToken:
      type: apiKey
      in: header
      name: CORGEA-TOKEN
      description: API key for authentication
    BearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: OAuth2 access token (JWT) in the Authorization header

````