Project API Key Scopes

When creating an API key in the project settings, you can predefine access permissions for that key by selecting the relative scopes. The following table describes the permissions that each scope provides.

ScopeDescription
auth-objects:readAllows viewing authentication objects
auth-objects:testAllows testing an authentication object during its configuration
auth-objects:writeAllows creating, editing, and deleting authentication objects
botEnables communication between a Repeater and the Bright engine
discoveriesProvides unrestricted access to discoveries
discoveries:readAllows viewing existing discoveries
entry-pointsProvides unrestricted access to entry points
entry-points:manageAllows creating, editing, deleting, testing and previewing changes made to entrypoints
entry-points:readAllows viewing entry points
files:readAllows reading and downloading files from the storage
files:writeAllows to associate files with projects, clone files, upload or delete them
integration.repos:readAllows viewing resources of the integrated services, for example, GitHub repositories, Slack channels, or Jira boards
issues:manageAllows execution and saving scan issues as new
issues:readAllows viewing detected scan issues
projects-issues:writeAllows users to manage project issues: to change severity, status, and assignee
projects:editAllows editing project name, number of concurrent scans, adding associated GitHub or Gitlab repositories, Slack channels, Azure or Jira boards, managing webhooks
projects:readAllows viewing of available projects and project issues. This scope is required for running a scan
repeaters:readAllows viewing organization’s repeaters
repeaters:writeAllows creating, editing, and deleting a repeater, as well as testing repeater connection to a network
scan-labels:manageAllows editing labels in scans that are already running or have been finished
scansProvides unrestricted access to scan management. org:read scope is also required to run and manage scans
scans:deleteAllows deleting scans
scans:manageAllows editing scan settings
scans:readAllows viewing existing scans
scans:runAllows running and retesting scans
scans:stopAllows stopping scans
scripts:readAllows viewing repeater’s scripts
scripts:writeAllows creating, editing, and deleting repeater’s scripts