Scan Templates

Scan templates let you save frequently used scan configurations for quick reuse. Instead of specifying the scan type, options, priority, and tags every time, create a template once and launch scans from it by providing only the target.

Benefits

• Consistency — Apply identical scan settings across every execution
• Speed — Launch scans with a single request containing only the target
• Standardization — Share standardized scan configurations across your team
• CI/CD Integration — Reference templates by ID in your automation pipelines

Create a Template

Endpoint

POST /api/v1/scan-templates

Required scope: templates:create

Request

curl -X POST https://api.cert-ix.com/scan-api/api/v1/scan-templates \
  -H "X-API-Key: $CERTIX_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Container CI Scan",
    "description": "Vulnerability scan for container images in CI pipeline",
    "scanType": "trivy",
    "priority": "high",
    "options": {
      "scanners": ["vuln", "misconfig", "secret"],
      "severity": ["CRITICAL", "HIGH"]
    },
    "tags": ["ci", "container", "production"]
  }'

Request Parameters

Field	Type	Required	Description
name	string	Yes	Human-readable template name (max 255 chars)
description	string	No	Template purpose and behavior description
scanType	string	Yes	Scan engine to use
targetType	string	No	Default target type
priority	string	No	Default priority: critical, high, normal, low
options	object	No	Scan engine options (same as used in POST /scans)
config	object	No	Engine configuration overrides
tags	string[]	No	Tags for organization and filtering
timeout	integer	No	Max scan duration in seconds

Response (201 Created)

{
  "success": true,
  "data": {
    "id": "tmpl-a1b2c3d4-e5f6-7890-abcd-ef1234567890",
    "tenantId": "7b5b0610-2947-412f-a869-4683da321fcf",
    "name": "Container CI Scan",
    "scanType": "trivy",
    "priority": "high",
    "options": {
      "scanners": ["vuln", "misconfig", "secret"],
      "severity": ["CRITICAL", "HIGH"]
    },
    "tags": ["ci", "container", "production"],
    "usageCount": 0,
    "createdAt": "2026-03-06T10:00:00Z"
  }
}

List Templates

GET /api/v1/scan-templates

Required scope: templates:read

Parameter	Type	Default	Description
page	integer	1	Page number
limit	integer	20	Results per page (max: 100)

Get a Template

GET /api/v1/scan-templates/:templateId

Required scope: templates:read

Returns the full template configuration including options, config, tags, and usage statistics.

Update a Template

PATCH /api/v1/scan-templates/:templateId

Required scope: templates:update

curl -X PATCH https://api.cert-ix.com/scan-api/api/v1/scan-templates/$TEMPLATE_ID \
  -H "X-API-Key: $CERTIX_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "priority": "critical",
    "options": {
      "scanners": ["vuln", "misconfig", "secret", "license"],
      "severity": ["CRITICAL", "HIGH", "MEDIUM"]
    }
  }'

Updatable fields: name, description, priority, options, config, tags, timeout.

Delete a Template

DELETE /api/v1/scan-templates/:templateId

Required scope: templates:delete

nota

Deleting a template does not affect scans already launched from it.

Launch a Scan from a Template

Launch a scan using a template's pre-configured options. Just provide the target — everything else is inherited from the template.

Endpoint

POST /api/v1/scan-templates/:templateId/launch

Required scope: scans:create

Request

curl -X POST https://api.cert-ix.com/scan-api/api/v1/scan-templates/$TEMPLATE_ID/launch \
  -H "X-API-Key: $CERTIX_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "target": "registry.example.com/myapp:latest"
  }'

Launch Parameters

Field	Type	Required	Description
target	string	Yes	The scan target
name	string	No	Override the scan name (otherwise uses template name)
priority	string	No	Override the priority
tags	string[]	No	Additional tags (merged with template tags)

Response (201 Created)

{
  "success": true,
  "data": {
    "id": "scan-new-uuid",
    "scanType": "trivy",
    "name": "Container CI Scan",
    "target": "registry.example.com/myapp:latest",
    "status": "queued",
    "priority": "high",
    "templateId": "tmpl-a1b2c3d4-e5f6-7890-abcd-ef1234567890",
    "tags": ["ci", "container", "production"],
    "createdAt": "2026-03-06T10:05:00Z"
  }
}

The templateId is included in the scan response for traceability. The template's usageCount is also incremented.

Template Use Cases

CI/CD Integration

Reference templates by ID in your pipelines. This decouples scan configuration from CI/CD logic — update the template without modifying your pipeline.

# .github/workflows/security-scan.yml
- name: Run security scan
  run: |
    curl -X POST "$CERTIX_URL/scan-templates/$TEMPLATE_ID/launch" \
      -H "X-API-Key: $CERTIX_API_KEY" \
      -H "Content-Type: application/json" \
      -d '{"target": "ghcr.io/${{ github.repository }}:${{ github.sha }}"}'

Batch Scanning

Launch the same template against multiple targets:

TARGETS=("app1.example.com" "app2.example.com" "app3.example.com")

for TARGET in "${TARGETS[@]}"; do
  curl -s -X POST "$BASE_URL/scan-templates/$TEMPLATE_ID/launch" \
    -H "X-API-Key: $API_KEY" \
    -H "Content-Type: application/json" \
    -d "{\"target\": \"$TARGET\", \"name\": \"Batch scan - $TARGET\"}"
  echo "Scan launched for: $TARGET"
done

Common Template Examples

Quick Network Scan:

{
  "name": "Quick Network Scan",
  "scanType": "nmap",
  "options": { "topPorts": 100, "timing": "T4", "serviceDetection": true }
}

OWASP Web Assessment:

{
  "name": "OWASP Web Assessment",
  "scanType": "zap",
  "priority": "high",
  "options": { "scanPolicy": "full", "spiderMaxDepth": 5, "ajaxSpider": true, "activeScan": true }
}

Full Security Assessment:

{
  "name": "Full Sentinel Assessment",
  "scanType": "sentinel",
  "priority": "high",
  "options": { "depth": "deep", "correlate": true, "riskScore": true }
}

---

Next Steps:

• Webhooks →
• Usage Analytics →
• Code Examples →