Projects & Targets

Projects

A project in Ariftly is a container that groups a target with its scan history, settings, and team access.

Creating a project

Projects can be created via the dashboard or API:

curl -X POST https://api.ariftly.io/v1/projects \
  -H "Authorization: Bearer $ARIFTLY_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Production App",
    "target_type": "url",
    "target": "https://myapp.example.com"
  }'

Project settings

Each project has configurable settings:

Setting	Description	Default
`default_detectors`	Detectors run if not specified in scan request	All available
`scan_schedule`	Cron expression for scheduled scans	None
`thresholds`	Risk score limits for CI/CD gates	None
`notifications`	Email / webhook alerts on scan completion	None
`detector_weights`	Custom detector weights for score calculation	See Risk Scoring

Targets

A target defines what Ariftly scans. There are three target types:

URL targets

Scan a live web application. Ariftly crawls the URL and its linked pages up to a configurable depth.

{
  "target_type": "url",
  "target": "https://myapp.example.com",
  "target_options": {
    "crawl_depth": 3,
    "max_pages": 100,
    "include_paths": ["/app/*"],
    "exclude_paths": ["/api/*", "/admin/*"]
  }
}

Repository targets

Scan a source code repository. Ariftly clones the repository (using a provided access token) and runs static analysis.

{
  "target_type": "repository",
  "target": "https://github.com/myorg/myapp",
  "target_options": {
    "branch": "main",
    "access_token": "ghp_xxxx"
  }
}

tip

For repository scans, create a read-only GitHub App or deploy key rather than using a personal access token.

API targets

Scan a REST or GraphQL API endpoint. Ariftly analyzes the API specification or probes endpoints directly.

{
  "target_type": "api",
  "target": "https://api.myapp.example.com",
  "target_options": {
    "spec_url": "https://api.myapp.example.com/openapi.json",
    "auth_header": "Authorization: Bearer test-token"
  }
}

Environments

Projects support multiple environments (e.g., staging, production) so you can run scans against different deployment targets under the same project umbrella.

curl -X POST https://api.ariftly.io/v1/projects/proj_abc123/scans \
  -H "Authorization: Bearer $ARIFTLY_API_KEY" \
  -d '{
    "environment": "staging",
    "target_override": "https://staging.myapp.example.com",
    "detectors": ["security"]
  }'

Projects​

Creating a project​

Project settings​

Targets​

URL targets​

Repository targets​

API targets​

Environments​