Update a project's settings and configuration.

puthttps://app.fossa.com/api/projects/{locator}

Update a project's settings and configuration. This endpoint allows updating a wide variety of project properties including metadata, policy assignments, scanning settings, integration configurations, and more. ## Permission Requirements Most fields require Edit permission on the project. The following fields require special permissions: - `public`: Requires MakePublic permission - `policyId`, `securityPolicyId`, `qualityPolicyId`, `sbomPolicyId`, `sbomAnalysisEnabled`: Require SetPolicy permission for the respective policy type ## Special Behaviors ### Branch Management - `tracking_branches` and `hidden_branches` are mutually exclusive. Adding a branch to one will automatically remove it from the other. - Only branches can be added to these arrays; tags are filtered out automatically. ### Policy Changes - When policies or scanning settings change, the project will be automatically rescanned if the last analyzed revision is in a steady state. ### Feature Flags - `securityIssueScanningEnabled` and `qualityIssueScanningEnabled` can only be modified if the organization has the respective features enabled. - `quickImportVendoredDetectionEnabled` can only be modified if the organization has both quick import vendored detection and vendored dependency detection features enabled. - `quickImportSnippetDetectionEnabled` can only be modified if the organization has both quick import snippet detection and snippet detection features enabled. ### Issue Tracker Fields - When updating `issueTrackerCustomFields`, boolean values in the `isRequired` field may be stringified and will be automatically converted. - Custom field configurations are validated against Jira field requirements. ### Notifications - Empty notification objects are automatically filtered out. - Notification changes are processed asynchronously.

Path parameters

locatorstringrequired

The URL-encoded locator of the project (e.g., "git+github.com/owner/repo")

Request body · application/json

Project fields to update. All fields are optional. Only the fields provided will be updated; omitted fields remain unchanged. Note: The endpoint filters out any fields not in the allowed list automatically.

titlestring

Display name of the project

descriptionstring

Detailed description of the project

urlstring

Project homepage URL

notesstring

Internal notes about the project

publicboolean

Whether the project is publicly accessible. Requires MakePublic permission. Public projects can be viewed by anyone with the link.

scm_urlstring

Source control management URL for the project repository

manual_scm_urlboolean

Whether the SCM URL was manually provided by the user

vcs_hostenum

VCS hosting provider

githubgitlabbitbucketazureother
default_branchstring

The default branch to analyze for this project

tracking_branchesstring[]

Branches to actively track and analyze. Tags are automatically filtered out. Branches in this list are automatically removed from `hidden_branches`.

hidden_branchesstring[]

Branches to hide from the UI. Tags are automatically filtered out. Branches in this list are automatically removed from `tracking_branches`.

policyIdinteger

ID of the licensing policy to apply to this project. Requires SetPolicy permission for LICENSING policy type.

securityPolicyIdinteger

ID of the security policy to apply to this project. Requires SetPolicy permission for SECURITY policy type.

qualityPolicyIdinteger

ID of the quality policy to apply to this project. Requires SetPolicy permission for QUALITY policy type.

sbomPolicyIdinteger

ID of the SBOM policy to apply to this project. Requires SetPolicy permission for SBOM policy type.

policies_approve_multilicenseboolean

Whether to automatically approve dependencies with multiple licenses if any license is approved

licensingIssueScanningEnabledboolean

Enable or disable licensing issue scanning for this project

securityIssueScanningEnabledboolean

Enable or disable security vulnerability scanning for this project. Can only be modified if the organization has security features enabled.

qualityIssueScanningEnabledboolean

Enable or disable quality issue scanning for this project. Can only be modified if the organization has quality features enabled.

sbomAnalysisEnabledboolean

Enable or disable SBOM policy analysis for this project. Requires SetPolicy permission for SBOM policy type.

snippetLicensingIssueScanningEnabledboolean

Enable or disable snippet licensing issue scanning for this project

snippetSecurityIssueScanningEnabledboolean

Enable or disable snippet security issue scanning for this project

snippetAutoRejectMatchPercentageThresholdinteger

Match percentage at (or above) which snippet matches are automatically rejected. Must be an integer between 1 and 100, or `null` to disable auto-rejection.

vendoredLicensingIssueScanningEnabledboolean

Enable or disable licensing issue scanning for vendored dependencies in this project

vendoredSecurityIssueScanningEnabledboolean

Enable or disable security issue scanning for vendored dependencies in this project

vendoredQualityIssueScanningEnabledboolean

Enable or disable quality issue scanning for vendored dependencies in this project

quickImportVendoredDetectionEnabledboolean

Enable or disable vendored dependency detection during quick imports for this project. Can only be modified if the organization has quick import vendored detection and vendored dependency detection features enabled.

quickImportSnippetDetectionEnabledboolean

Enable or disable snippet detection during quick imports for this project. Can only be modified if the organization has quick import snippet detection and snippet detection features enabled.

defaultSavedOptionLicensingReportinteger

ID of the saved report option to use as the default for licensing reports. Must reference a report option belonging to your organization, or `null` to clear it.

defaultSavedOptionSbominteger

ID of the saved report option to use as the default for SBOM reports. Must reference a report option belonging to your organization, or `null` to clear it.

invalidCredentialboolean

Whether the credential associated with this project is currently invalid.

licensingStatusCheckEnabledboolean

Enable or disable licensing issue CI/CD status checks

securityStatusCheckEnabledboolean

Enable or disable security issue CI/CD status checks

qualityStatusCheckEnabledboolean

Enable or disable quality issue CI/CD status checks

excludeBaseLayerIssuesLicensingboolean

Exclude licensing issues found in container base layers

excludeBaseLayerIssuesSecurityboolean

Exclude security issues found in container base layers

excludeBaseLayerIssuesQualityboolean

Exclude quality issues found in container base layers

integrationhook_timeoutinteger

Timeout in seconds for integration hooks (e.g., GitHub status checks)

integrationhook_fail_stateenum

Status to report when a hook times out or fails

ERRORSUCCESS
issue_tracker_urlstring

URL of the external issue tracker (e.g., Jira, GitHub Issues)

issue_tracker_typeenum

Type of issue tracker

githubjira
issueTrackerLabelsstring[]

Labels to automatically apply to issues created in the tracker

issueTrackerIssueTypesstring[]

Jira issue types available for this project

issueTrackerProjectIdsstring[]

Jira project IDs associated with this project

issueTrackerCustomFieldsobject

Custom Jira fields configuration. The object keys are Jira field IDs, and values contain field metadata. The `isRequired` field accepts both boolean and stringified boolean values ("true"/"false").

useGlobalTrackerSettingsboolean

Whether to use organization-level issue tracker settings instead of project-specific settings

transitive_excludesstring[]

List of dependency locators to exclude from analysis. Removing items from this array is logged as "un-ignoring" dependencies. Format: "fetcher+package$revision" (e.g., "npm+lodash$4.17.21")

reportCustomTextstring

Custom text to include in attribution reports for this project

bom_column_settingsenum[]

Columns to display in the Bill of Materials (BOM) report. Available options: All, Name, Version, Type, License, DirectLicense, DirectLicenseOrigin, DeepLicense, DeepLicenseOrigin, Description, Homepage, PrimaryLanguage, SourceLocation, ReleasePublishDate, OriginId, Tags, ComponentComment

bom_public_idstring

Public identifier for accessing the project's attribution report

labelsinteger[]

Array of label IDs to associate with this project. This replaces all existing labels. Labels must exist in the organization before being assigned.

filtersobject

Issue filter IDs to apply for each issue category. This configures which saved filters are used when viewing issues for this project. Set to null or omit to clear filters.

licensinginteger

Saved filter ID for licensing issues

vulnerabilityinteger

Saved filter ID for security/vulnerability issues

qualityinteger

Saved filter ID for quality issues

notificationsobject[]

Array of notification configurations for this project. Empty notification objects are automatically filtered out. Changes are processed asynchronously alongside the main update.

idinteger

Notification ID (for updates to existing notifications)

channelenumrequired

The event channel that triggers this notification

SCAN
serviceenumrequired

The service to use for sending notifications

EMAILSLACKAPI_WEBHOOK
subscribed_usersinteger[]

Array of user IDs to receive EMAIL notifications

Responses

200Project updated successfully. Returns the complete project object with all updated fields plus computed metadata including recent revisions, notifications, references, contributor count, and dynamically populated fields.
object

The updated Project object. Contains all the fields that can be updated via this endpoint, plus additional computed/metadata fields like organizationId, createdAt, updatedAt, contributorCount, head/latest/last_analyzed revisions, notifications, references, and filters.

400Bad Request - Invalid input or validation error
uuidstring

Unique identifier associated with the error

codeinteger

fossa specific error code

messagestring

message associated with this error

namestring

name of the error

httpStatusCodeinteger

http status code number

401Unauthorized
uuidstring

Unique identifier associated with the error

codeinteger

fossa specific error code

messagestring

message associated with this error

namestring

name of the error

httpStatusCodeinteger

http status code number

403Forbidden - Insufficient permissions
uuidstring

Unique identifier associated with the error

codeinteger

fossa specific error code

messagestring

message associated with this error

namestring

name of the error

httpStatusCodeinteger

http status code number

404Not Found - Project does not exist
uuidstring

Unique identifier associated with the error

codeinteger

fossa specific error code

messagestring

message associated with this error

namestring

name of the error

httpStatusCodeinteger

http status code number

500Server Error
uuidstring

Unique identifier associated with the error

codeinteger

fossa specific error code

messagestring

message associated with this error

namestring

name of the error

httpStatusCodeinteger

http status code number

Try this endpoint

Build a request and run it against app.fossa.com.

Bearer

Stored in this browser for 24 hours. Try It uses a docs proxy for CORS and does not store tokens server-side.

PUT https://app.fossa.com/api/projects/git%252Bgithub.com%252Ffossas%252Ffossa-cli
curl --request PUT \  --url 'https://app.fossa.com/api/projects/git%252Bgithub.com%252Ffossas%252Ffossa-cli' \  --header 'accept: application/json' \  --header 'authorization: Bearer YOUR_API_TOKEN' \  --header 'content-type: application/json' \  --data '{  "title": "Updated Project Name",  "description": "New project description",  "notes": "Updated internal notes"}'

Real request. Mutating methods can change data.

Click Try It to run a request and see the response here.
Enter a Bearer token before running this request.

Path params

locatorstringrequired

The URL-encoded locator of the project (e.g., "git+github.com/owner/repo")

application/json