Skip to main content
POST
/
v3
/
enterprise
/
organizations
/
{org_id}
/
code-scans
/
{scan_id}
/
findings
/
{finding_id}
/
remediate
Remediate Code Scan Finding
curl --request POST \
  --url https://api.devin.ai/v3/enterprise/organizations/{org_id}/code-scans/{scan_id}/findings/{finding_id}/remediate \
  --header 'Authorization: Bearer <token>'
{
  "finding_id": "<string>",
  "session_id": "<string>"
}

Permissions

Requires a service user with the UseAccountCodeScans permission at the enterprise level.

Behavior

Launches a Devin session to remediate the specified code scan finding: the session analyzes the vulnerable code, implements a fix, and opens a pull request. The session is attributed to the calling principal (the service user or PAT that made the request). Returns 409 Conflict if the finding already has a remediation session.

Authorizations

Authorization
string
header
required

Service User credential (prefix: cog_)

Path Parameters

org_id
string
required

Organization ID (prefix: org-)

Example:

"org-abc123def456"

scan_id
string
required
finding_id
string
required

Response

Successful Response

The remediation session launched for a code scan finding.

finding_id
string
required

The finding that is being remediated.

session_id
string
required

ID of the Devin session launched to remediate the finding.