Custom Assessment and Remediation Release 2.7 API

December 15, 2025

Before understanding the API release highlights, learn more about the API server URL to be used in your API requests by referring to the Know Your Qualys API Server URL section. For this API Release Notes, <qualys_base_url> is mentioned in the sample API requests.

Import and Create Scripts from GitLab 

You can now import scripts from your private or public GitLab repositories using CAR Script-based APIs to create and execute them on your assets.

The following APIs are enhanced to import scripts from GitLab:

New Input Parameters

The following new input parameters are introduced in the above APIs:

Parameters Mandatory/
Optional		 Data Type Description
importedScript
FromGitLab		 Optional

(Mandatory if you want to import scripts from GitLab)

 Boolean Provide true if you want to import the script from GitLab.

Accepted Values: true, false
gitLabDetails Optional

(Mandatory if you want to import scripts from GitLab)

 Object Includes all GitLab script details.
  inputUrl Optional

(Mandatory if you are importing scripts using GitLab URL)

 String Provide the complete GitLab URL to the script.

Notes:

  • Do not use a permalink from GitLab to fetch a script. A permalink points to a specific version of a file at a particular commit (for example: https://gitlab.com/username/project/-/blob/abcd1234/file.txt, where abcd1234 is the commit hash). Using a permalink prevents the script from syncing because it always refers to an older, fixed commit.
  • Always use the Web URL from the browser’s address bar instead. Ensure you always copy the Web URL only up to the filename.extension. Do not copy the text "?ref_type=heads" from the URL. 
repoUser Optional

(Mandatory if you are importing scripts using GitLab parameters)

 String Provide the name of the GitLab user.
repoName Optional

(Mandatory if you are importing scripts using GitLab parameters)

 String Provide the name of the GitLab repository.
filePath Optional

(Mandatory if you are importing scripts using GitLab parameters)

 String Provide the complete GitLab file path to the script.
branch Optional String Provide the GitLab branch name.

Default Value: main
token Optional

(Mandatory if you are importing scripts from the GitLab private repository)

 String Provide the GitLab token to access a private GitLab repository.
syncEnabled Optional Boolean Enable the script to sync with GitLab.

Accepted Values: true, false
onDemandSync Optional Boolean Enable the script to sync with GitLab on demand.

Accepted Values: true, false
autoSync Optional Boolean Enable the script to sync automatically with the GitLab repository every four hours.

Accepted Values: true, false
importedFrom
PrivateRepo		 Optional

(Mandatory if you are importing scripts from the GitLab private repository)

 Boolean Set to true when the script is being imported from a private GitLab repository.

Accepted Values: true, false

Create Script API: Import Script from GitLab

New or Updated API Updated
API Endpoint /sm/v6/script
Method  POST
DTD or XSD changes Not Applicable

Use this API to create a script by fetching the script content from your public or private GitLab repository.

Sample: Create a Custom Script with GitLab URL using Public RepositorySample: Create a Custom Script with GitLab URL using Public Repository

API Request

curl -X POST 
'<qualys_base_url>/sm/v6/script'
--header 'Accept: application/vnd.qualys.car.api.v6.0+json' 
--header 'Authorization: Bearer <authToken>' 
--header 'Content-Type: application/json' 
--data 
'{
  "title": "Script_Title",
  "description": "Sample description",
  "typeName": "Custom Script",
  "subType": "Response",
  "platform": "WINDOWS",
  "languageId": 4,
  "importedScriptFromGitLab": true,
  "gitLabDetails": {
    "inputUrl": "<Public GitLab URL>",
    "syncEnabled": true,
    "onDemandSync": true,
    "branch": "main"
  },
  "scriptApprovalUserConsent": true,
  "threshold": 900,
  "thresholdTimeUnit": "SECOND",
  "severity": 1,
  "categoryId": 105
}'

API Response

{
    "errorCode": "0",
    "message": "Script created successfully",
    "body": {
        "id": 100504
    }
}

Sample: Create a Custom Script with GitLab URL using Private RepositorySample: Create a Custom Script with GitLab URL using Private Repository

API Request

curl -X POST
  '<qualys_base_url>/sm/v6/script'
  --header 'Accept: application/vnd.qualys.car.api.v6.0+json'
  --header 'Authorization: Bearer <authToken>'
  --header 'Content-Type: application/json'
  --data-raw '{
  "title": "Script Title",
  "description": "Sample description",
  "typeName": "Custom Script",
  "subType": "Response",
  "platform": "WINDOWS",
  "languageId": 4,
  "importedScriptFromGitLab": true,
  "gitLabDetails": {
    "inputUrl": "<Private GitLab URL>",
    "syncEnabled": true,
    "autoSync": true,
    "branch": "main",
    "importedFromPrivateRepo": true,
    "token": "<Private GitLab repo token>"
  },
  "scriptApprovalUserConsent": true,
  "threshold": 172800,
  "thresholdTimeUnit": "SECOND",
  "severity": 2,
  "categoryId": 105,
  "hasParameters": false
}

API Response

     {
    "errorCode": "0",
    "message": "Script created successfully",
    "body": {
        "id": 100504
    }
}

Sample: Create a Custom Script with GitLab Parameters using Public RepositorySample: Create a Custom Script with GitLab Parameters using Public Repository

API Request

curl -X POST 
'<qualys_base_url>/sm/v6/script'
--header 'Accept: application/vnd.qualys.car.api.v6.0+json' 
--header 'Authorization: Bearer <authToken>' 
--header 'Content-Type: application/json' 
--data
'{
  "title": "Script Title",
  "typeName": "Custom Script",
  "subType": "Response",
  "platform": "WINDOWS",
  "languageId": 4,
  "importedScriptFromGitLab": true,
  "scriptApprovalUserConsent": false,
  "gitLabDetails": {
    "filePath": "<Public GitLab file path>",
    "repoUser": "<Public GitLab repo username>",
    "repoName": "<Public GitLab repor name>"
  }
}'

API Response

{
    "errorCode": "0",
    "message": "Script created successfully",
    "body": {
        "id": 100504
    }
}

Sample: Create a Custom Script with GitLab Parameters using Private RepositorySample: Create a Custom Script with GitLab Parameters using Private Repository

API Request

curl -X POST
  '<qualys_base_url>/sm/v6/script'
  --header 'Accept: application/vnd.qualys.car.api.v6.0+json'
  --header 'Authorization: Bearer <authToken>'
  --header 'Content-Type: application/json'
  --data- '{
    "title": "Script title",
    "description": "sample description",
    "typeName": "Custom Script",
    "subType": "Response",
    "platform": "WINDOWS",
    "languageId": 4,
    "importedScriptFromGitLab": true,
    "gitLabDetails": {
      "filePath": "<private GitLab file path>",
      "repoUser": "<Private GitLab repo user>",
      "repoName": "<private GitLab repo name>",
      "syncEnabled": true,
      "autoSync": true,
      "branch": "main",
      "importedFromPrivateRepo": true,
      "token": "<private GitLab repo token>"
    },
    "scriptApprovalUserConsent": true,
    "threshold": 172800,
    "thresholdTimeUnit": "SECOND",
    "severity": 2,
    "categoryId": 105,
    "hasParameters": false
  }'

API Response

{
    "errorCode": "0",
    "message": "Script created successfully",
    "body": {
        "id": 100504
    }
}

For more information, refer to the CAR API User Guide.

Update Scripts API: Update Script Imported from GitLab

New or Updated API Updated
API Endpoint /sm/v4/script/{ScriptId}
Method  PATCH
DTD or XSD changes Not Applicable

Use this API to update the script created by fetching the script content from your public or private GitLab repository.

Sample: Update a Custom Script Created with GitLab URL using Public RepositorySample: Update a Custom Script Created with GitLab URL using Public Repository

API Request

curl -X PATCH
  '<qualys_base_url>/sm/v4/script/{Scriptid}'
  --header 'Accept: application/vnd.qualys.car.api.v4.0+json'
  --header 'Authorization: Bearer <authToken>'
  --header 'Content-Type: application/json'
  --data-raw
'{
  "title": "Script_Title",
  "description": "Sample description",
  "typeName": "Custom Script",
  "subType": "Response",
  "platform": "WINDOWS",
  "languageId": 4,
  "importedScriptFromGitLab": true,
  "gitLabDetails": {
    "inputUrl": "<Public GitLab URL>",
    "syncEnabled": true,
    "onDemandSync": true,
    "branch": "main"
  },
  "scriptApprovalUserConsent": true,
  "threshold": 900,
  "thresholdTimeUnit": "SECOND",
  "severity": 1,
  "categoryId": 105
}'

API Response

{
  "id": "273968",
  "message": "Updated successfully"
}

Sample: Update a Custom Script Created with GitLab URL using Private RepositorySample: Update a Custom Script Created with GitLab URL using Private Repository

API Request

curl -X PATCH
  '<qualys_base_url>/sm/v4/script/{Scriptid}'
  --header 'Accept: application/vnd.qualys.car.api.v4.0+json'
  --header 'Authorization: Bearer <authToken>'
  --header 'Content-Type: application/json'
  --data-raw '{
    "title": "Script Title",
    "description": "Sample description",
    "typeName": "Custom Script",
    "subType": "Response",
    "platform": "WINDOWS",
    "languageId": 4,
    "importedScriptFromGitLab": true,
    "gitLabDetails": {
      "inputUrl": "<Private GitLab URL>",
      "syncEnabled": true,
      "autoSync": true,
      "branch": "main",
      "importedFromPrivateRepo": true,
      "token": "<Private GitLab repo token>"
    },
    "scriptApprovalUserConsent": true,
    "threshold": 172800,
    "thresholdTimeUnit": "SECOND",
    "severity": 2,
    "categoryId": 105,
    "hasParameters": false
  }'

API Response

{
  "id": "273968",
  "message": "Updated successfully"
}

Sample: Update a Custom Script Created with GitLab Parameters using Public RepositorySample: Update a Custom Script Created with GitLab Parameters using Public Repository

API Request

curl -X PATCH
  '<qualys_base_url>/sm/v4/script/{Scriptid}'
  --header 'Accept: application/vnd.qualys.car.api.v4.0+json'
  --header 'Authorization: Bearer <authToken>'
  --header 'Content-Type: application/json'
  --data-raw '{
    "title": "Script Title",
    "typeName": "Custom Script",
    "subType": "Response",
    "platform": "WINDOWS",
    "languageId": 4,
    "importedScriptFromGitLab": true,
    "scriptApprovalUserConsent": false,
    "gitLabDetails": {
      "filePath": "<Public GitLab file path>",
      "repoUser": "<Public GitLab repo username>",
      "repoName": "<Public GitLab repo name>"
    }
  }'

API Response

{
  "id": "273968",
  "message": "Updated successfully"
}

Sample: Update a Custom Script Created with GitLab Parameters using Private RepositorySample: Update a Custom Script Created with GitLab Parameters using Private Repository

API Request

curl -X PATCH
  '<qualys_base_url>/sm/v4/script/{Scriptid}'
  --header 'Accept: application/vnd.qualys.car.api.v4.0+json'
  --header 'Authorization: Bearer <authToken>'
  --header 'Content-Type: application/json'
  --data-raw '{
    "title": "Script title",
    "description": "sample description",
    "typeName": "Custom Script",
    "subType": "Response",
    "platform": "WINDOWS",
    "languageId": 4,
    "importedScriptFromGitLab": true,
    "gitLabDetails": {
      "filePath": "<Private GitLab file path>",
      "repoUser": "<Private GitLab repo user>",
      "repoName": "<Private GitLab repo name>",
      "syncEnabled": true,
      "autoSync": true,
      "branch": "main",
      "importedFromPrivateRepo": true,
      "token": "<Private GitLab repo token>"
    },
    "scriptApprovalUserConsent": true,
    "threshold": 172800,
    "thresholdTimeUnit": "SECOND",
    "severity": 2,
    "categoryId": 105,
    "hasParameters": false
  }'

API Response

{
  "id": "273968",
  "message": "Updated successfully"
}

For more information, refer to the CAR API User Guide.

Bulk Deprecate Scripts API

New or Updated API New
API Endpoint /sm/v1/scripts/bulk/deprecate
Method  POST
DTD or XSD changes Not Applicable

Use this API to deprecate multiple scripts.

Input ParametersInput Parameters

Parameter Mandatory/ Optional Data Type Description
ids Mandatory Array Provides the script IDs you want to deprecate.

Sample: Deprecate Scripts in BulkSample: Deprecate Scripts in Bulk

API Request

curl -X POST
  '<qualys_base_url>/sm/v1/scripts/bulk/deprecate'
  --header 'Authorization: Bearer <authToken>'
  --header 'Content-Type: application/json'
  --data '{
    "ids": [12053, 12060, 12061, 12062]
  }'

API Response

{
  "body": {
    "success": {
      "ids": [
        12053,
        12060,
        12061,
        12062
      ],
      "message": "Processed Ids"
    },
    "failure": {
      "ids": [],
      "message": "Invalid Ids"
    }
  }
}

© 2025 Qualys, Inc. All rights reserved. Privacy Policy.