Update a project's settings and configuration.
https://app.fossa.com/api/projects/{locator}Update a project's settings and configuration. This endpoint allows updating a wide variety of project properties including metadata, policy assignments, scanning settings, integration configurations, and more. ## Permission Requirements Most fields require Edit permission on the project. The following fields require special permissions: - `public`: Requires MakePublic permission - `policyId`, `securityPolicyId`, `qualityPolicyId`, `sbomPolicyId`, `sbomAnalysisEnabled`: Require SetPolicy permission for the respective policy type ## Special Behaviors ### Branch Management - `tracking_branches` and `hidden_branches` are mutually exclusive. Adding a branch to one will automatically remove it from the other. - Only branches can be added to these arrays; tags are filtered out automatically. ### Policy Changes - When policies or scanning settings change, the project will be automatically rescanned if the last analyzed revision is in a steady state. ### Feature Flags - `securityIssueScanningEnabled` and `qualityIssueScanningEnabled` can only be modified if the organization has the respective features enabled. - `quickImportVendoredDetectionEnabled` can only be modified if the organization has both quick import vendored detection and vendored dependency detection features enabled. - `quickImportSnippetDetectionEnabled` can only be modified if the organization has both quick import snippet detection and snippet detection features enabled. ### Issue Tracker Fields - When updating `issueTrackerCustomFields`, boolean values in the `isRequired` field may be stringified and will be automatically converted. - Custom field configurations are validated against Jira field requirements. ### Notifications - Empty notification objects are automatically filtered out. - Notification changes are processed asynchronously.
Path parameters
locatorstringrequiredThe URL-encoded locator of the project (e.g., "git+github.com/owner/repo")
Request body · application/json
Project fields to update. All fields are optional. Only the fields provided will be updated; omitted fields remain unchanged. Note: The endpoint filters out any fields not in the allowed list automatically.
titlestringDisplay name of the project
descriptionstringDetailed description of the project
urlstringProject homepage URL
notesstringInternal notes about the project
publicbooleanWhether the project is publicly accessible. Requires MakePublic permission. Public projects can be viewed by anyone with the link.
scm_urlstringSource control management URL for the project repository
manual_scm_urlbooleanWhether the SCM URL was manually provided by the user
vcs_hostenumVCS hosting provider
githubgitlabbitbucketazureotherdefault_branchstringThe default branch to analyze for this project
tracking_branchesstring[]Branches to actively track and analyze. Tags are automatically filtered out. Branches in this list are automatically removed from `hidden_branches`.
hidden_branchesstring[]Branches to hide from the UI. Tags are automatically filtered out. Branches in this list are automatically removed from `tracking_branches`.
policyIdintegerID of the licensing policy to apply to this project. Requires SetPolicy permission for LICENSING policy type.
securityPolicyIdintegerID of the security policy to apply to this project. Requires SetPolicy permission for SECURITY policy type.
qualityPolicyIdintegerID of the quality policy to apply to this project. Requires SetPolicy permission for QUALITY policy type.
sbomPolicyIdintegerID of the SBOM policy to apply to this project. Requires SetPolicy permission for SBOM policy type.
policies_approve_multilicensebooleanWhether to automatically approve dependencies with multiple licenses if any license is approved
licensingIssueScanningEnabledbooleanEnable or disable licensing issue scanning for this project
securityIssueScanningEnabledbooleanEnable or disable security vulnerability scanning for this project. Can only be modified if the organization has security features enabled.
qualityIssueScanningEnabledbooleanEnable or disable quality issue scanning for this project. Can only be modified if the organization has quality features enabled.
sbomAnalysisEnabledbooleanEnable or disable SBOM policy analysis for this project. Requires SetPolicy permission for SBOM policy type.
snippetLicensingIssueScanningEnabledbooleanEnable or disable snippet licensing issue scanning for this project
snippetSecurityIssueScanningEnabledbooleanEnable or disable snippet security issue scanning for this project
snippetAutoRejectMatchPercentageThresholdintegerMatch percentage at (or above) which snippet matches are automatically rejected. Must be an integer between 1 and 100, or `null` to disable auto-rejection.
vendoredLicensingIssueScanningEnabledbooleanEnable or disable licensing issue scanning for vendored dependencies in this project
vendoredSecurityIssueScanningEnabledbooleanEnable or disable security issue scanning for vendored dependencies in this project
vendoredQualityIssueScanningEnabledbooleanEnable or disable quality issue scanning for vendored dependencies in this project
quickImportVendoredDetectionEnabledbooleanEnable or disable vendored dependency detection during quick imports for this project. Can only be modified if the organization has quick import vendored detection and vendored dependency detection features enabled.
quickImportSnippetDetectionEnabledbooleanEnable or disable snippet detection during quick imports for this project. Can only be modified if the organization has quick import snippet detection and snippet detection features enabled.
defaultSavedOptionLicensingReportintegerID of the saved report option to use as the default for licensing reports. Must reference a report option belonging to your organization, or `null` to clear it.
defaultSavedOptionSbomintegerID of the saved report option to use as the default for SBOM reports. Must reference a report option belonging to your organization, or `null` to clear it.
invalidCredentialbooleanWhether the credential associated with this project is currently invalid.
licensingStatusCheckEnabledbooleanEnable or disable licensing issue CI/CD status checks
securityStatusCheckEnabledbooleanEnable or disable security issue CI/CD status checks
qualityStatusCheckEnabledbooleanEnable or disable quality issue CI/CD status checks
excludeBaseLayerIssuesLicensingbooleanExclude licensing issues found in container base layers
excludeBaseLayerIssuesSecuritybooleanExclude security issues found in container base layers
excludeBaseLayerIssuesQualitybooleanExclude quality issues found in container base layers
integrationhook_timeoutintegerTimeout in seconds for integration hooks (e.g., GitHub status checks)
integrationhook_fail_stateenumStatus to report when a hook times out or fails
ERRORSUCCESSissue_tracker_urlstringURL of the external issue tracker (e.g., Jira, GitHub Issues)
issue_tracker_typeenumType of issue tracker
githubjiraissueTrackerLabelsstring[]Labels to automatically apply to issues created in the tracker
issueTrackerIssueTypesstring[]Jira issue types available for this project
issueTrackerProjectIdsstring[]Jira project IDs associated with this project
issueTrackerCustomFieldsobjectCustom Jira fields configuration. The object keys are Jira field IDs, and values contain field metadata. The `isRequired` field accepts both boolean and stringified boolean values ("true"/"false").
useGlobalTrackerSettingsbooleanWhether to use organization-level issue tracker settings instead of project-specific settings
transitive_excludesstring[]List of dependency locators to exclude from analysis. Removing items from this array is logged as "un-ignoring" dependencies. Format: "fetcher+package$revision" (e.g., "npm+lodash$4.17.21")
reportCustomTextstringCustom text to include in attribution reports for this project
bom_column_settingsenum[]Columns to display in the Bill of Materials (BOM) report. Available options: All, Name, Version, Type, License, DirectLicense, DirectLicenseOrigin, DeepLicense, DeepLicenseOrigin, Description, Homepage, PrimaryLanguage, SourceLocation, ReleasePublishDate, OriginId, Tags, ComponentComment
bom_public_idstringPublic identifier for accessing the project's attribution report
labelsinteger[]Array of label IDs to associate with this project. This replaces all existing labels. Labels must exist in the organization before being assigned.
filtersobjectIssue filter IDs to apply for each issue category. This configures which saved filters are used when viewing issues for this project. Set to null or omit to clear filters.
licensingintegerSaved filter ID for licensing issues
vulnerabilityintegerSaved filter ID for security/vulnerability issues
qualityintegerSaved filter ID for quality issues
notificationsobject[]Array of notification configurations for this project. Empty notification objects are automatically filtered out. Changes are processed asynchronously alongside the main update.
idintegerNotification ID (for updates to existing notifications)
channelenumrequiredThe event channel that triggers this notification
SCANserviceenumrequiredThe service to use for sending notifications
EMAILSLACKAPI_WEBHOOKsubscribed_usersinteger[]Array of user IDs to receive EMAIL notifications
Responses
200Project updated successfully. Returns the complete project object with all updated fields
plus computed metadata including recent revisions, notifications, references, contributor count,
and dynamically populated fields.
The updated Project object. Contains all the fields that can be updated via this endpoint, plus additional computed/metadata fields like organizationId, createdAt, updatedAt, contributorCount, head/latest/last_analyzed revisions, notifications, references, and filters.
400Bad Request - Invalid input or validation erroruuidstringUnique identifier associated with the error
codeintegerfossa specific error code
messagestringmessage associated with this error
namestringname of the error
httpStatusCodeintegerhttp status code number
401UnauthorizeduuidstringUnique identifier associated with the error
codeintegerfossa specific error code
messagestringmessage associated with this error
namestringname of the error
httpStatusCodeintegerhttp status code number
403Forbidden - Insufficient permissionsuuidstringUnique identifier associated with the error
codeintegerfossa specific error code
messagestringmessage associated with this error
namestringname of the error
httpStatusCodeintegerhttp status code number
404Not Found - Project does not existuuidstringUnique identifier associated with the error
codeintegerfossa specific error code
messagestringmessage associated with this error
namestringname of the error
httpStatusCodeintegerhttp status code number
500Server ErroruuidstringUnique identifier associated with the error
codeintegerfossa specific error code
messagestringmessage associated with this error
namestringname of the error
httpStatusCodeintegerhttp status code number
Try this endpoint
Build a request and run it against app.fossa.com.
Stored in this browser for 24 hours. Try It uses a docs proxy for CORS and does not store tokens server-side.
PUT https://app.fossa.com/api/projects/git%252Bgithub.com%252Ffossas%252Ffossa-clicurl --request PUT \ --url 'https://app.fossa.com/api/projects/git%252Bgithub.com%252Ffossas%252Ffossa-cli' \ --header 'accept: application/json' \ --header 'authorization: Bearer YOUR_API_TOKEN' \ --header 'content-type: application/json' \ --data '{ "title": "Updated Project Name", "description": "New project description", "notes": "Updated internal notes"}'Real request. Mutating methods can change data.
Path params
locatorstringrequiredThe URL-encoded locator of the project (e.g., "git+github.com/owner/repo")