Create a scan schedule
POST/api/v1/projects/:project_id/schedules
Add a recurring scan schedule to the project.
- Enum cadence only (
weekly/biweekly/monthly+ weekday / day-of-month +hour_utc);next_run_atis server-computed. - Validated against the assessment registry: a sourceless project
cannot schedule a code audit (
project_has_no_source); a black-box schedule requires configuredblackbox_configtarget URLs. - Gated by the admission-only
release_scheduled_scansflag (404 when off) — the same flag the materializer checks before creating runs. Existing schedules stay readable/editable when it flips off. - Scope required:
projects:update+ manager-or-above. - Archived projects reject the write (409).
Request
Responses
- 200
- 400
- 401
- 403
- 404
- 409
- 422
- 429
- 500
Successful Response
Bad request — malformed input or failed validation.
Missing, expired, or invalid credentials.
Authenticated but not authorized for this resource. Note: cross-organization reads return 404, not 403.
Resource not found, or hidden for tenant-enumeration safety (the caller lacks permission to know whether the resource exists).
Conflict — the current resource state does not allow this operation (e.g. assessment already started, email already in use).
Semantic validation failure — request shape was valid but contents were not.
Too many requests — rate limited. Retry after the window resets.
Internal server error — unexpected failure.