generated: '2026-07-15' method: generated source: openapi/checkmarx-one-openapi.yml, openapi/checkmarx-sast-openapi.yml, openapi/checkmarx-sca-openapi.yml description: Recommended x-agentic-access execution contracts, classified heuristically from the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind audience per deployment. See research/curity/agentic-governance/. summary: operations: 61 by_action_class: acting: 25 connected: 36 by_consequence: write: 25 read: 36 human_in_the_loop_required: 0 operations: - path: /auth/realms/{realm}/protocol/openid-connect/token method: post operationId: authenticate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /applications method: get operationId: listApplications x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /applications method: post operationId: createApplication x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /applications/{applicationId} method: get operationId: getApplication x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /applications/{applicationId} method: put operationId: updateApplication x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /applications/{applicationId} method: delete operationId: deleteApplication x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /projects method: get operationId: listProjects x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /projects method: post operationId: createProject x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /projects/{projectId} method: get operationId: getProject x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /projects/{projectId} method: put operationId: updateProject x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /projects/{projectId} method: delete operationId: deleteProject x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /scans method: get operationId: listScans x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /scans method: post operationId: createScan x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /scans/{scanId} method: get operationId: getScan x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /scans/{scanId} method: delete operationId: cancelScan x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /results method: get operationId: listResults x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /results/{resultId} method: get operationId: getResult x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /results/{resultId} method: patch operationId: updateResult x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /results/summary method: get operationId: getResultsSummary x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /queries method: get operationId: listQueries x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /presets method: get operationId: listPresets x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /presets/{presetId} method: get operationId: getPreset x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /groups method: get operationId: listGroups x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /configuration/project method: get operationId: getProjectConfiguration x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /configuration/project method: patch operationId: updateProjectConfiguration x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /auth/identity/connect/token method: post operationId: authenticate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /projects method: get operationId: listProjects x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /projects method: post operationId: createProject x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /projects/{projectId} method: get operationId: getProject x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /projects/{projectId} method: put operationId: updateProject x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /projects/{projectId} method: delete operationId: deleteProject x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /projects/{projectId}/sourceCode/remoteSettings/git method: get operationId: getProjectGitSettings x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /projects/{projectId}/sourceCode/remoteSettings/git method: post operationId: setProjectGitSettings x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /sast/scans method: get operationId: listScans x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /sast/scans method: post operationId: createScan x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /sast/scans/{scanId} method: get operationId: getScan x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /sast/scans/{scanId} method: patch operationId: updateScanStatus x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /sast/scans/{scanId}/resultsStatistics method: get operationId: getScanResultsStatistics x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /reports/sastScan method: post operationId: createReport x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /reports/sastScan/{reportId} method: get operationId: getReportById x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /reports/sastScan/{reportId}/status method: get operationId: getReportStatus x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /sast/engineServers method: get operationId: listEngineServers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /auth/teams method: get operationId: listTeams x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /sast/presets method: get operationId: listPresets x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /sast/presets/{presetId} method: get operationId: getPreset x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /identity/connect/token method: post operationId: authenticate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /risk-management/projects method: get operationId: listProjects x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /risk-management/projects method: post operationId: createProject x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /risk-management/projects/{projectId} method: get operationId: getProject x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /risk-management/projects/{projectId} method: put operationId: updateProject x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /risk-management/projects/{projectId} method: delete operationId: deleteProject x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /risk-management/scans method: get operationId: listScans x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /risk-management/scans method: post operationId: createScan x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /risk-management/scans/{scanId} method: get operationId: getScan x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /risk-management/risk-reports/{projectId} method: get operationId: getRiskReport x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /risk-management/risk-reports/{projectId}/vulnerabilities method: get operationId: listProjectVulnerabilities x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /risk-management/risk-reports/{projectId}/packages method: get operationId: listProjectPackages x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /risk-management/risk-reports/{projectId}/licenses method: get operationId: listProjectLicenses x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /packages/{packageType}/{packageName}/{version} method: get operationId: getPackageDetails x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /settings/projects/{projectId} method: get operationId: getProjectSettings x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /settings/projects/{projectId} method: put operationId: updateProjectSettings x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required