Scan Templates
Scan templates let you save frequently used scan configurations for quick reuse. Instead of specifying the scan type, options, priority, and tags every time, create a template once and launch scans from it by providing only the target.
Benefits​
- Consistency — Apply identical scan settings across every execution
- Speed — Launch scans with a single request containing only the target
- Standardization — Share standardized scan configurations across your team
- CI/CD Integration — Reference templates by ID in your automation pipelines
Create a Template​
Endpoint​
POST /api/v1/scan-templates
Required scope: templates:create
Request​
curl -X POST https://api.cert-ix.com/scan-api/api/v1/scan-templates \
-H "X-API-Key: $CERTIX_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "Container CI Scan",
"description": "Vulnerability scan for container images in CI pipeline",
"scanType": "trivy",
"priority": "high",
"options": {
"scanners": ["vuln", "misconfig", "secret"],
"severity": ["CRITICAL", "HIGH"]
},
"tags": ["ci", "container", "production"]
}'
Request Parameters​
| Field | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Human-readable template name (max 255 chars) |
description | string | No | Template purpose and behavior description |
scanType | string | Yes | Scan engine to use |
targetType | string | No | Default target type |
priority | string | No | Default priority: critical, high, normal, low |
options | object | No | Scan engine options (same as used in POST /scans) |
config | object | No | Engine configuration overrides |
tags | string[] | No | Tags for organization and filtering |
timeout | integer | No | Max scan duration in seconds |
Response (201 Created)​
{
"success": true,
"data": {
"id": "tmpl-a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"tenantId": "7b5b0610-2947-412f-a869-4683da321fcf",
"name": "Container CI Scan",
"scanType": "trivy",
"priority": "high",
"options": {
"scanners": ["vuln", "misconfig", "secret"],
"severity": ["CRITICAL", "HIGH"]
},
"tags": ["ci", "container", "production"],
"usageCount": 0,
"createdAt": "2026-03-06T10:00:00Z"
}
}
List Templates​
GET /api/v1/scan-templates
Required scope: templates:read
| Parameter | Type | Default | Description |
|---|---|---|---|
page | integer | 1 | Page number |
limit | integer | 20 | Results per page (max: 100) |
Get a Template​
GET /api/v1/scan-templates/:templateId
Required scope: templates:read
Returns the full template configuration including options, config, tags, and usage statistics.
Update a Template​
PATCH /api/v1/scan-templates/:templateId
Required scope: templates:update
curl -X PATCH https://api.cert-ix.com/scan-api/api/v1/scan-templates/$TEMPLATE_ID \
-H "X-API-Key: $CERTIX_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"priority": "critical",
"options": {
"scanners": ["vuln", "misconfig", "secret", "license"],
"severity": ["CRITICAL", "HIGH", "MEDIUM"]
}
}'
Updatable fields: name, description, priority, options, config, tags, timeout.
Delete a Template​
DELETE /api/v1/scan-templates/:templateId
Required scope: templates:delete
Deleting a template does not affect scans already launched from it.
Launch a Scan from a Template​
Launch a scan using a template's pre-configured options. Just provide the target — everything else is inherited from the template.
Endpoint​
POST /api/v1/scan-templates/:templateId/launch
Required scope: scans:create
Request​
curl -X POST https://api.cert-ix.com/scan-api/api/v1/scan-templates/$TEMPLATE_ID/launch \
-H "X-API-Key: $CERTIX_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"target": "registry.example.com/myapp:latest"
}'
Launch Parameters​
| Field | Type | Required | Description |
|---|---|---|---|
target | string | Yes | The scan target |
name | string | No | Override the scan name (otherwise uses template name) |
priority | string | No | Override the priority |
tags | string[] | No | Additional tags (merged with template tags) |
Response (201 Created)​
{
"success": true,
"data": {
"id": "scan-new-uuid",
"scanType": "trivy",
"name": "Container CI Scan",
"target": "registry.example.com/myapp:latest",
"status": "queued",
"priority": "high",
"templateId": "tmpl-a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"tags": ["ci", "container", "production"],
"createdAt": "2026-03-06T10:05:00Z"
}
}
The templateId is included in the scan response for traceability. The template's usageCount is also incremented.
Template Use Cases​
CI/CD Integration​
Reference templates by ID in your pipelines. This decouples scan configuration from CI/CD logic — update the template without modifying your pipeline.
# .github/workflows/security-scan.yml
- name: Run security scan
run: |
curl -X POST "$CERTIX_URL/scan-templates/$TEMPLATE_ID/launch" \
-H "X-API-Key: $CERTIX_API_KEY" \
-H "Content-Type: application/json" \
-d '{"target": "ghcr.io/${{ github.repository }}:${{ github.sha }}"}'
Batch Scanning​
Launch the same template against multiple targets:
TARGETS=("app1.example.com" "app2.example.com" "app3.example.com")
for TARGET in "${TARGETS[@]}"; do
curl -s -X POST "$BASE_URL/scan-templates/$TEMPLATE_ID/launch" \
-H "X-API-Key: $API_KEY" \
-H "Content-Type: application/json" \
-d "{\"target\": \"$TARGET\", \"name\": \"Batch scan - $TARGET\"}"
echo "Scan launched for: $TARGET"
done
Common Template Examples​
Quick Network Scan:
{
"name": "Quick Network Scan",
"scanType": "nmap",
"options": { "topPorts": 100, "timing": "T4", "serviceDetection": true }
}
OWASP Web Assessment:
{
"name": "OWASP Web Assessment",
"scanType": "zap",
"priority": "high",
"options": { "scanPolicy": "full", "spiderMaxDepth": 5, "ajaxSpider": true, "activeScan": true }
}
Full Security Assessment:
{
"name": "Full Sentinel Assessment",
"scanType": "sentinel",
"priority": "high",
"options": { "depth": "deep", "correlate": true, "riskScore": true }
}
Next Steps: