Skip to content
Contact us
  • There are no suggestions because the search field is empty.

Aspen Adapt API: Send CWE Findings to Security Journey

Learn how to use the Aspen Adapt API to send CWE findings from your code scanning tools to Security Journey for centralized tracking, analysis, and targeted training recommendations.

Security Journey Aspen Adapt API

Overview

The Security Journey Aspen Adapt API allows you to report Common Weakness Enumeration (CWE) findings from your code scanning tools directly into Security Journey. This enables centralized vulnerability tracking, trend analysis, and targeted training recommendations.
 

Requirements

  • You must be a Security Journey Admin to generate and manage API keys.
  • Aspen Adapt must be enabled for your tenant.

Generating an API Key

  1. In Security Journey, go to More > Admin > Connections > Aspen Integrations.
  2. Select Create Aspen Key.
  3. Enter a name for the key.
  4. Copy the key and store it in a secure location.

Authentication

All requests to the Adapt API must include the API key in the Authorization header as a Bearer token.
 
For example: Authorization: Bearer {YOUR_API_TOKEN}
 

API Documentation

The Aspen Adapt API route to record CWEs is: 

POST
https://api.securityjourney.com/integrations/cwes

Headers

Authorization: Bearer {your_api_token}
Content-Type: application/json

Request Body

All data must be sent as a JSON object.
 
Required Fields
Field Type Description
cwes array of strings CWE identifiers (e.g., "CWE-79")
gitCommitterEmail string Email of the committer
gitHeadSha string Full commit SHA at time of scan
 Optional Fields
Field Type Description
gitRepo string Repository name
username string SCM username
prNumber integer Pull/merge request number

Note: We will only store your gitRepo, username, and prNumber if these settings are enabled in your Security Journey Aspen Adapt configuration. To confirm or update these settings click here.  

Examples Successful Request and Responses

Request
{

"cwes": ["CWE-79", "CWE-89", "CWE-22"],

"gitCommitterEmail": "jane.doe@example.com",

"gitHeadSha": "a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2",

"gitRepo": "my-org/my-service",

"username": "janedoe",

"prNumber": 42

}
Response – 200 OK
{

"recorded": true,

"cwes": [79, 89, 22]

}

Error Responses

Status Code Description
400 Bad Request Missing required fields or invalid CWE format
401 Unauthorized Missing or invalid API key
403 Forbidden API key lacks required permissions
409 Conflict Aspen Adapt not enabled
Example Error (400)
{
  "code": 3,
  "message": "committer email and git sha are required"
}

CWE Formatting

The API accepts multiple CWE formats and automatically normalizes them: 
"CWE-79"
"cwe-89"
"CWE_22"
"200"
Example cURL Request
curl -X POST https://api.securityjourney.com/integrations/cwes \
  -H "Authorization: Bearer {your_api_token}" \
  -H "Content-Type: application/json" \
  -d '{
    "cwes": ["CWE-79", "CWE-89"],
    "gitCommitterEmail": "jane.doe@example.com",
    "gitHeadSha": "a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2",
    "gitRepo": "my-org/my-service",
    "username": "janedoe",
    "prNumber": 42
  }'

Summary

By integrating with the Aspen Adapt API, you can automatically send CWE findings from your scanning tools into Security Journey, enabling:

  • Centralized vulnerability tracking
  • Developer-specific insights
  • Data-driven training recommendations