Skip to main content
GET
/
mcp-hub
/
scan
/
{job_id}
/
status
Get Scan Job Status
curl --request GET \
  --url https://api.enkryptai.com/mcp-hub/scan/{job_id}/status \
  --header 'apikey: <api-key>'
{
  "job_id": "123e4567-e89b-12d3-a456-426614174000",
  "source_url": "https://github.com/user/mcp-server",
  "user_email": "user@example.com",
  "version_or_commit": "main",
  "scan_version": "1.0.0-20251006",
  "job_status": "scanning_tools",
  "created_at": "2025-10-06T10:00:00",
  "started_at": "2025-10-06T10:00:05",
  "completed_at": null,
  "error_message": null,
  "is_official": false,
  "is_private": false,
  "scan_type": "source",
  "repo_name": "user/mcp-server",
  "endpoint_url": null,
  "auth_type": null,
  "org_id": null,
  "user_id": null,
  "project_name": null,
  "registry_name": null,
  "total_tools_scanned": 5,
  "tools_scanned_successfully": 3,
  "scanned_tools": [
    {
      "tool_name": "tool1",
      "scan_status": "success"
    },
    {
      "tool_name": "tool2",
      "scan_status": "success"
    }
  ]
}

Documentation Index

Fetch the complete documentation index at: https://docs.enkryptai.com/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

โ€‹
apikey
string
header
required

Path Parameters

โ€‹
job_id
string<uuid>
required

Unique scan job UUID

Example:

"123e4567-e89b-12d3-a456-426614174000"

Response

Job status retrieved

Status of a scan job with progress information. Ownership/registry fields (org_id, user_id, project_name, registry_name) are only populated for private jobs; for public jobs they are returned as null. These fields mirror the x-enkrypt-* response headers.

โ€‹
job_id
string
required
โ€‹
source_url
string
required
โ€‹
user_email
string
required
โ€‹
version_or_commit
string | null
required
โ€‹
scan_version
string
required
โ€‹
job_status
string
required
โ€‹
created_at
string
required
โ€‹
started_at
string | null
required
โ€‹
completed_at
string | null
required
โ€‹
error_message
string | null
required
โ€‹
source_version
string | null
โ€‹
total_scan_time
string | null
โ€‹
total_tools_scanned
integer | null
โ€‹
tools_scanned_successfully
integer | null
โ€‹
tools_with_errors
integer | null
โ€‹
total_vulnerabilities
integer | null
โ€‹
overall_severity
string | null
โ€‹
overall_severity_score
number | null
โ€‹
is_official
boolean | null

Whether the scanned server is an official registry entry. Mirrors x-enkrypt-is-official header.

โ€‹
is_private
boolean | null

Whether the scan is private (scoped to the calling account). Mirrors x-enkrypt-is-private header.

โ€‹
scan_type
enum<string> | null

Scan type. Mirrors x-enkrypt-scan-type header.

Available options:
source,
hosted,
null
โ€‹
repo_name
string | null

Repository / server identifier. Mirrors x-enkrypt-repo-name header.

โ€‹
endpoint_url
string | null

Hosted MCP server endpoint URL (hosted scans only). Mirrors x-enkrypt-endpoint-url header.

โ€‹
auth_type
string | null

Authentication type used for the hosted scan (hosted scans only). Mirrors x-enkrypt-auth-type header.

โ€‹
org_id
string<uuid> | null

Organization ID. Only populated when the job is private.

โ€‹
user_id
string<uuid> | null

User ID. Only populated when the job is private.

โ€‹
project_name
string | null

Project name. Only populated when the job is private.

โ€‹
registry_name
string | null

Registry name. Only populated when the job is private.

โ€‹
scanned_tools
object[] | null

Per-tool scan results (present once tool scanning has started)