runScan | Start a security scan against entrypoints. Supports targeting by specific entrypointIds or by entrypointStatuses (e.g., ["new", "changed", "vulnerable"]). For test configuration, provide either tests or templateId. For private/local targets, specify a connected repeater via repeaters. | Run a security scan on your API endpoints to detect vulnerabilities like SQL injection, XSS, etc. |
getScanStatus | Get the current status of a scan run. | Monitor the progress of an ongoing security scan to know when it completes. |
stopScan | Stop a running scan. Only succeeds when the scan is in a stoppable state. | Cancel an in-progress security scan that is no longer needed. |
listScans | List scans for a project. | Review past scan results or check the status of multiple ongoing scans. |
getScanLogs | Get engine logs for a scan with optional severity, search, and cursor filters. | Debug scan issues and review detailed engine activity during a scan. |
getScanWarnings | Get scan errors and warnings with mitigation details when available. | Diagnose scan problems and find actionable mitigations. |
listScanVulnerabilities | List security vulnerabilities found during a specific scan with filters and pagination. | Review security findings for a particular scan run. |
getScanVulnerability | Get detailed information about a specific vulnerability found during a scan, including additional API detail fields when available. | Inspect individual vulnerability details including evidence and reproduction steps. |
listScanEntrypoints | List entrypoints observed during a specific scan. | Inspect scan coverage, connectivity, response statuses, and scan-to-project entrypoint mapping. |
getScanEntrypoint | Get detailed request/response data for a scan entrypoint. | Review exact HTTP requests and responses captured during a scan. |
runDiscovery | Discover API endpoints using crawling (crawlerUrls) or API definitions (fileId from uploadApiDefinition). For private/local targets, specify a connected repeater via repeaters. | Automatically find all API endpoints in your application before running security scans. |
getDiscoveryStatus | Get the current status of a discovery run. | Check if endpoint discovery has completed and how many endpoints were found. |
stopDiscovery | Stop a running discovery. Only succeeds when the discovery is in a stoppable state. | Cancel an in-progress discovery that is no longer needed. |
listDiscoveries | List discoveries for a project. | Review past discovery runs or monitor ongoing endpoint discovery. |
getDiscoveryLogs | Get engine logs for a discovery with optional severity, search, and cursor filters. | Debug discovery issues and review detailed engine activity. |
getDiscoveryWarnings | Get warnings recorded on a discovery run. | Diagnose discovery problems and review warnings. |
listDiscoveryEntrypoints | List entrypoints observed during a specific discovery. | Inspect discovery coverage, connectivity, and response statuses. |
getDiscoveryEntrypoint | Get detailed request/response data for a discovery entrypoint. | Review exact HTTP requests and responses captured during discovery. |
uploadApiDefinition | Upload an API definition file (OpenAPI/Swagger) by URL or content. Returns a file ID to reference in discovery runs. | Import your OpenAPI/Swagger spec to automatically create entrypoints for scanning. |
listEntrypoints | List discovered API endpoints/URLs for a project. | Review all discovered endpoints before selecting which ones to include in a security scan. |
getEntrypoint | Get detailed information about a specific entrypoint by ID, including headers, body, and configuration. | Retrieve the full entrypoint definition to inspect or modify it. |
addEntrypoint | Add a new entrypoint to a project. Entrypoints define HTTP requests that can be used for security scanning. | Manually add a specific API endpoint for security testing when automatic discovery isn't suitable. |
editEntrypoint | Update an existing entrypoint in a project. | Modify an endpoint's request headers, body, or authentication settings before scanning. |
deleteEntrypoint | Delete an entrypoint from a project. This operation cannot be undone. | Remove an entrypoint that is no longer needed for testing. |
listVulnerabilities | List security vulnerabilities found for a project. | Review all discovered security vulnerabilities after scans complete. |
listAuths | List authentication configurations for a project. | Find authentication configs to use when scanning endpoints that require login. |
getAuth | Get a single authentication configuration by ID. | Inspect auth configuration details before attaching to scans or discoveries. |
addAuth | Create a new authentication configuration (auth object). | Define authentication for protected endpoints when no existing config is available. |
editAuth | Update an existing authentication configuration. | Modify authentication details for protected endpoints. |
deleteAuth | Delete an authentication configuration. This operation cannot be undone. | Remove an auth config that is no longer needed. |
testAuth | Run an authentication test and return a verification verdict with per-result evidence. | Validate that an auth configuration works correctly before using it in scans. |
listProjects | List all projects available to the API key. | Find the project ID you need before running scans or discoveries. |
listTests | List available security tests (e.g., SQL injection, XSS) that can be run in scans. | See all available security test types to choose which vulnerabilities to test for. |
createRepeater | Create a repeater for accessing private/local targets. The response includes arguments for starting the repeater with the Bright CLI. | Set up access to scan internal/private APIs that aren't publicly accessible. |
deleteRepeater | Delete a repeater. This operation cannot be undone. | Remove a repeater that is no longer needed. |
listRepeaters | List repeaters that route traffic to private/local targets. | Check if your repeater is connected before attempting to scan private targets. |
