> ## Documentation Index > Fetch the complete documentation index at: https://docs.enkryptai.com/llms.txt > Use this file to discover all available pages before exploring further. # Start a New Vulnerability Scan > Creates a new vulnerability scan job for an MCP server source repository (GitHub URL or npm package). The scan runs asynchronously in the background; use the returned `job_id` to check status and retrieve results. ## OpenAPI ````yaml POST /mcp-hub/scan openapi: 3.0.0 info: title: Enkrypt AI APIs version: 2.0.0 servers: - url: https://api.enkryptai.com security: - apiKeyAuth: [] tags: - name: Guardrails - name: Code of Conduct - name: Endpoints - name: Datasets - name: Redteam - name: Deployments - name: AI Proxy - name: Leaderboard - name: Archived - name: MCP Hub description: >- MCP Hub vulnerability scanning APIs. Submitting scans (the POST endpoints) is open to all authenticated callers. The scan **retrieval** APIs — Get Scan Job Status, Get Complete Scan Results, List Scans, and Get MCP Hub Scan Statistics (the GET endpoints) — are an **enterprise data-license feature**: they require your organization to have MCP Hub API access enabled by Enkrypt, otherwise they return `403`. Contact us at support@enkryptai.com to enable access. - name: MCP Registry Servers - name: MCP Gateways - name: MCP Playground paths: /mcp-hub/scan: post: tags: - MCP Hub summary: Start a New Vulnerability Scan description: >- Creates a new vulnerability scan job for an MCP server source repository (GitHub URL or npm package). The scan runs asynchronously in the background; use the returned `job_id` to check status and retrieve results. operationId: mcp_hub_create_scan requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/MCPHubScanRequest' examples: github-source: summary: Scan a GitHub repository value: source_url: https://github.com/user/mcp-server version_or_commit: main subdir-source: summary: Scan a subdirectory of a monorepo value: source_url: https://github.com/user/mcp-monorepo version_or_commit: main base_path: packages/server private-scan: summary: Private scan (visible only within your account) value: source_url: https://github.com/user/mcp-server is_private: true responses: '202': description: Scan job accepted content: application/json: schema: $ref: '#/components/schemas/MCPHubScanResponse' examples: new_scan: summary: New scan job created value: job_id: 123e4567-e89b-12d3-a456-426614174000 source_url: https://github.com/user/mcp-server user_email: user@example.com job_status: initializing message: Scan job created successfully '401': $ref: '#/components/responses/MCPHubUnauthorized' '422': $ref: '#/components/responses/MCPHubValidationError' components: schemas: MCPHubScanRequest: title: MCPHubScanRequest type: object required: - source_url description: Request body for starting a source-based MCP server vulnerability scan. properties: source_url: type: string description: GitHub URL or npm package name/URL to scan example: https://github.com/user/mcp-server version_or_commit: type: string nullable: true description: >- Git commit/branch/tag or npm version. Defaults to the repo's default branch when omitted. example: main base_path: type: string nullable: true description: >- Optional subdirectory path within the repository to scan (e.g., 'packages/server') example: packages/server is_private: type: boolean default: false description: Mark this scan as private (visible only within your account) MCPHubScanResponse: title: MCPHubScanResponse type: object required: - job_id - source_url - user_email - job_status - message description: Response returned when a source-based scan job is accepted. properties: job_id: type: string description: Unique identifier for the scan job example: 123e4567-e89b-12d3-a456-426614174000 source_url: type: string example: https://github.com/user/mcp-server user_email: type: string example: user@example.com job_status: type: string example: initializing message: type: string description: Human-readable status message example: Scan job created successfully MCPHubAuthErrorResponse: title: MCPHubAuthErrorResponse type: object description: Error envelope returned by the MCP Hub auth/permission failures. properties: detail: type: string MCPHubValidationError: title: MCPHubValidationError type: object description: FastAPI-style validation error response. properties: detail: type: array items: type: object required: - loc - msg - type properties: loc: type: array items: oneOf: - type: string - type: integer msg: type: string type: type: string responses: MCPHubUnauthorized: description: Unauthorized — missing or invalid Authorization header content: application/json: schema: $ref: '#/components/schemas/MCPHubAuthErrorResponse' MCPHubValidationError: description: Validation error content: application/json: schema: $ref: '#/components/schemas/MCPHubValidationError' securitySchemes: apiKeyAuth: type: apiKey in: header name: apikey ````