Overview

The REST API is the primary way that data are retrieved from Kiuwan. This guide is intended for developers who want to write applications that can interact with the Kiuwan API. It contains a full reference of API calls. It also shows you how authentication works and all about service quotas.

Be sure that you have a Kiuwan account and a Kiuwan username and password. Every REST API request must be authenticated. We recommend to use a different account for development purpose, in order to protect yourself and your production quota service.

REST-API diagram

Calling style and data format

There are several ways for calling Kiuwan REST API from your application. You can do it directly from Javascript —no server side code is required— or you can use a client library, depending on your server side technology.

The data format is JSON (Javascript Object Notation). It is a common, language-independent data format that provides a simple text representation of arbitrary data structures. For more information, see json.org.

The endpoints and their parmeters are case-sensitive. In case you call the API with a URL that does not exist in this document, you will receive a 404 error. If the names of the optional parameters are incorrect, the call will be the same as the call without these parameters. On the other hand, there are endpoints with all optional parameters, in this case, you can find the explanation in the description.

Swagger / OpenAPI specification

Kiuwan provides a Swagger / OpenAPI specification of its public REST API. There are many generators available that you can use to create a client for the language that suits your needs. You can download the Kiuwan REST API OpenAPI specification here:

Working with API

if you are a Kiuwan on-premise user, you should point your API calls to the configured kiuwan on-premise host, using the scheme your installation is running under (http / https).

Schema

All API access is over HTTPS, and accessed from the api.kiuwan.com domain.

All data is sent and received as JSON, except the endpoints witch generates reports that returns files or in the case of error this endpoints will return JSON object. All timestamps are returned in ISO 8601 format:
YYYY-MM-DDTHH:MM:SSZ

Example:

$ curl -i --user [YOUR USERNAME]:[YOUR PASSWORD] https://api.kiuwan.com/apps/kiuwan
HTTP/1.1 200 OK
Date: Tue, 09 Jul 2013 08:40:04 GMT
Server: Restlet-Framework/2.1.2
Accept-Ranges: bytes
X-QuotaLimit: 1000
X-QuotaLimit-Remaining: 993
Content-Type: application/json;charset=UTF-8
Set-Cookie: JSESSIONID=B28iXS4GthtHVOysVg6fjnDK.undefined; Path=/saas; Secure; HttpOnly
Set-Cookie: ROUTEID=.saas1; path=/saas
Via: 1.1 api.kiuwan.com
Transfer-Encoding: chunked
{"name":"kiuwan","description":"kiuwan","label":"","date":"2013-05-27T11:11:15Z","encoding":"UTF-8","languages":[{"name":"java","size":64328},{"name":"sql","size":1}],"quality_model":"CQM","ordered_by":"Jerry Fish","Risk index":{"value":0.03973296594074194},"Quality indicator":{"value":84.67472661535454,"children":[{"name":"Efficiency","value":88.75956383609372},{"name":"Maintainability","value":59.62314522711728},{"name":"Portability","value":98.37209493445182},{"name":"Reliability","value":93.53795131980435},{"name":"Security","value":99.8542334844733}]},"Effort to target":{"value":42.19999999999999,"children":[{"name":"Efficiency","value":0.0},{"name":"Maintainability","value":42.19999999999999},{"name":"Portability","value":0.0},{"name":"Reliability","value":0.0},{"name":"Security","value":0.0}]},"Main metrics":[{"name":"Files","value":996.0},{"name":"Lines of code","value":64329.0},{"name":"Duplicated code","value":0.12281122303922935},{"name":"Complexity","value":1.461493497004238},{"name":"Very high defects","value":101.0},{"name":"Total defects","value":10277.0}]}

The parameters of the different endpoints can be of the following types:

Type Description

Query

Query parameters are a defined set of parameters attached to the end of a url. They are extensions of the URL that are used to help define specific content or actions based on the data being passed.
To append query params to the end of a URL, a ‘?’ Is added followed immediately by a query parameter.
To add multiple parameters, an ‘&’ is added in between each. These can be created by any variation of object types or lengths such as String, Arrays and Numbers.

Path

Path parameters are components of a URL path that can vary. They are typically used to point to a specific resource within a collection, such as a user identified by ID. A URL can have several path parameters, each denoted with curly braces { }.

Body

The POST, PUT and PATCH requests can have the request body (payload), such as JSON or XML data. The request body is called a body parameter. There can be only one body parameter, although the operation may have other parameters (path, query, header).

Authentication and authorization

Every request your application sends to the Kiuwan REST API must identify your application. You can do that by using HTTP Basic, which also authorizes the request.

Most client software provides a simple mechanism for supplying a user name and password and will build the required authentication headers automatically. For example, you can specify the --user argument with curl as follows:

$ curl --user [YOUR USERNAME]:[YOUR PASSWORD] https://api.kiuwan.com/info

Once you have been identified with a valid user and password, you will have access to your private quality results. Even, you will have access to public accounts and their quality results.

Example with query params:

$ curl --user [YOUR USERNAME]:[YOUR PASSWORD] https://api.kiuwan.com/applications/last_analysis?application=my_app

Working with lists and pages

If the answer of your request is composed by a list of elements —a list of applications, analysis or defects, for example—, it will be paginated. You will find an indication if a function request allows pagination in API reference. You can manage pagination with two parameters:

Parameter name Description Default value Valid range of values

page

Page number of the request

1

[1-INF]

count

The number of the elements per page

500

[1-5000]

An example of call in curl is:

curl -i --user [YOUR USERNAME]:[YOUR PASSWORD] https://api.kiuwan.com/apps/analysis/A-7e3-16e5b1aad2a/defects?page=2&count=50

For POST endpoints an example is:

curl -i --user [YOUR USERNAME]:[YOUR PASSWORD] -d "{""applicationName"": ""appName"", ""pagination"": {""page"": 1, ""count"": 50 }}" -H "Content-Type: application/json" -X POST https://api.kiuwan.com/arch/list

Quota service

In order to protect the performance, Kiuwan establish a Quota service for each authenticated user. The request will be limited to 1000 per hour. You can check the returned HTTP headers of any API request to see your current status:

$ curl -i --user jerry@kiuwan.com:j3rryf1sh https://api.kiuwan.com/info
HTTP/1.1 200 OK
Status: 200 OK
X-QuotaLimit: 1000
X-QuotaLimit-Remaining: 966

Examples

In this chapter we will show how to call the API for different languages:

Curl

You can curl an endpoint using directly your credentials:

curl -i --user [YOUR USERNAME]:[YOUR PASSWORD] https://api.kiuwan.com/...

Or specifying a basic authorization hash:

curl -i -H "Authorization: Basic [[BASIC AUTH HASH]]" https://api.kiuwan.com/...

Java

import io.swagger.client.*;
import io.swagger.client.auth.*;
import io.swagger.client.model.*;
import io.swagger.client.api.ActionPlanApi;

public class KiuwanRestApiExample {

    public static void main(String[] args) {
        ApiClient defaultClient = Configuration.getDefaultApiClient();

        // Configure HTTP basic authorization: basicAuth
        HttpBasicAuth basicAuth = (HttpBasicAuth) defaultClient.getAuthentication("basicAuth");
        basicAuth.setUsername("YOUR USERNAME");
        basicAuth.setPassword("YOUR PASSWORD");

		// Instance API operation
		ApplicationApi applicationApi = new ApplicationApi(defaultClient);
        try {
            for (ApplicationBean app : applicationApi.getApplications()) {
				System.out.println(app);
			}
        } catch (ApiException e) {
            System.err.println("Exception when calling ApplicationApi#getApplications");
            e.printStackTrace();
        }
    }

}

Android

import io.swagger.client.api.ActionPlanApi;

public class ActionPlanApiExample {

    public static void main(String[] args) {
		// Instance API operation
        ActionPlanApi apiInstance = new ActionPlanApi();
        String application = application_example; // String | Application name
        String name = name_example; // String | Action plan name
        String creation = creation_example; // String | Creation date
        try {
            apiInstance.generateReportCSV(application, name, creation);
        } catch (ApiException e) {
            System.err.println("Exception when calling ActionPlanApi#generateReportCSV");
            e.printStackTrace();
        }
    }
}

Obj-C

Configuration *apiConfig = [Configuration sharedConfig];

// Configure HTTP basic authorization (authentication scheme: basicAuth)
[apiConfig setUsername:@"YOUR_USERNAME"];
[apiConfig setPassword:@"YOUR_PASSWORD"];

String *application = application_example; // Application name
String *name = name_example; // Action plan name
String *creation = creation_example; // Creation date (optional)

// Instance API operation
ActionPlanApi *apiInstance = [[ActionPlanApi alloc] init];

[apiInstance generateReportCSVWith:application
    name:name
    creation:creation
        completionHandler: ^(NSError* error) {
            if (error) {
                NSLog(@"Error: %@", error);
            }
        }];

JavaScript

var KiuwanRestApiClient = require('kiuwan_rest_api_client');
var defaultClient = KiuwanRestApiClient.ApiClient.instance;

// Configure HTTP basic authorization: basicAuth
var basicAuth = defaultClient.authentications['basicAuth'];
basicAuth.username = 'YOUR USERNAME'
basicAuth.password = 'YOUR PASSWORD'

// Instance API operation
var api = new KiuwanRestApiClient.ActionPlanApi()

var application = application_example; // {String} Application name
var name = name_example; // {String} Action plan name
var opts = {
  'creation': creation_example // {String} Creation date
};

var callback = function(error, data, response) {
  if (error) {
    console.error(error);
  } else {
    console.log('API called successfully.');
  }
};
api.generateReportCSV(application, name, opts, callback);

C#

using System;
using System.Diagnostics;
using IO.Swagger.Api;
using IO.Swagger.Client;
using IO.Swagger.Model;

namespace Example
{
    public class generateReportCSVExample
    {
        public void main()
        {

            // Configure HTTP basic authorization: basicAuth
            Configuration.Default.Username = "YOUR_USERNAME";
            Configuration.Default.Password = "YOUR_PASSWORD";

			// Instance API operation
            var apiInstance = new ActionPlanApi();
            var application = application_example;  // String | Application name
            var name = name_example;  // String | Action plan name
            var creation = creation_example;  // String | Creation date (optional)

            try
            {
                apiInstance.generateReportCSV(application, name, creation);
            }
            catch (Exception e)
            {
                Debug.Print("Exception when calling ActionPlanApi.generateReportCSV: " + e.Message );
            }
        }
    }
}

PHP

<?php
require_once(__DIR__ . '/vendor/autoload.php');

// Configure HTTP basic authorization: basicAuth
Swagger\Client\Configuration::getDefaultConfiguration()->setUsername('YOUR_USERNAME');
Swagger\Client\Configuration::getDefaultConfiguration()->setPassword('YOUR_PASSWORD');

// Instance API operation
$api_instance = new Swagger\Client\Api\ActionPlanApi();
$application = application_example; // String | Application name
$name = name_example; // String | Action plan name
$creation = creation_example; // String | Creation date

try {
    $api_instance->generateReportCSV($application, $name, $creation);
} catch (Exception $e) {
    echo 'Exception when calling ActionPlanApi->generateReportCSV: ', $e->getMessage(), PHP_EOL;
}
?>

Perl

use Data::Dumper;
use WWW::SwaggerClient::Configuration;
use WWW::SwaggerClient::ActionPlanApi;

# Configure HTTP basic authorization: basicAuth
$WWW::SwaggerClient::Configuration::username = 'YOUR_USERNAME';
$WWW::SwaggerClient::Configuration::password = 'YOUR_PASSWORD';

# Instance API operation
my $api_instance = WWW::SwaggerClient::ActionPlanApi->new();
my $application = application_example; # String | Application name
my $name = name_example; # String | Action plan name
my $creation = creation_example; # String | Creation date

eval {
    $api_instance->generateReportCSV(application => $application, name => $name, creation => $creation);
};
if ($@) {
    warn "Exception when calling ActionPlanApi->generateReportCSV: $@\n";
}

Python

from __future__ import print_statement
import time
import swagger_client
from swagger_client.rest import ApiException
from pprint import pprint

# Configure HTTP basic authorization: basicAuth
swagger_client.configuration.username = 'YOUR_USERNAME'
swagger_client.configuration.password = 'YOUR_PASSWORD'

# Instance API operation
api_instance = swagger_client.ActionPlanApi()
application = application_example # String | Application name
name = name_example # String | Action plan name
creation = creation_example # String | Creation date (optional)

try:
    api_instance.generate_report_csv(application, name, creation=creation)
except ApiException as e:
    print("Exception when calling ActionPlanApi->generateReportCSV: %s\n" % e)

Error codes

The REST API returns the next error codes when something in the request goes wrong.

Error code Cause HTTP status code

00

Internal server error.

500

01

Quota limit reached.

429

02

Access denied.

403

03

Application not found.

404

04

Analysis not found.

404

05

Bad JSON format.

400

06

Application already exists.

409

07

Bad datetime format.

400

08

Bad model id.

400

09

Limit exceeded.

403

10

Bad analysis result id format.

400

11

Bad artifact id format.

400

12

Bad customer id format.

400

13

Model not found.

404

14

Portfolio value not found.

404

15

Portfolio not found.

404

16

Duplicated portfolio name found.

400

17

User not found.

404

18

Override option not indicated.

400

19

Unknown role assignment mode.

400

20

Role not found.

404

21

Invalid parameter.

400

22

Unknown management feature name.

400

23

Target out of range.

400

24

Unknown business value.

400

25

User already exists.

400

26

Duplicated application name.

400

27

Duplicated portfolio value.

400

28

User group not found.

404

29

User group with indicated name already exists.

400

30

Indicated provider not found.

404

31

You do not have permissions to view the portfolio definitions.

403

32

(Not used)

33

Duplicated business value in the request.

400

34

Duplicated provider in the request.

400

35

Not in ISO 8601 format.

400

36

Action plan not found.

404

37

Rule not found.

404

38

Delivery not found.

404

39

Checkpoint not found.

404

40

Input modelId does not match a valid model

400

41

Duplicated tag

400

42

Defect not found

404

43

Audit not found

404

44

Analysis is running

404

45

Analysis failed

404

46

Invalid value

400

The response status will be HTTP status code indicated in the table above. Additionally, the response will contain an array of errors, each error will have a couple of fields:

  • "code": Error code

  • "message": Error message

For example:

{
  "errors": [
    {
      "code": "04",
      "message": "Analysis not found."
    }
  ]
}

Endpoints

This section shows all available endpoints in Kiuwan REST API.

ActionPlan

Get progress summary of an action plan

GET /actionPlan
Description

Obtains the current and the past main metrics and indicators of an application for an action plan. If there are more than one action plans with the same name, this endpoint returns the most recent action plan’s information.

Parameters
Type Name Description Model

Query

application
required

Application name

string

Query

creation
optional

Action plan creation date

string (date-time)

Query

name
required

Action plan name

string

Responses
HTTP Code Description Model

200

Successful retrieval of an action plan

403

Access denied

No Content

404

Resource not found

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/actionPlan?application=myApp&name=ActionPlan1&creation=2019-08-03T10%3A15%3A30Z
Example HTTP response
Response 200
{
  "name" : "ActionPlan1",
  "description" : "Action Plan for security defects",
  "creation" : "2019-10-31T14:50:05.227Z",
  "expiration" : "2019-11-31T14:50:05.227Z",
  "createdBy" : "The Boss",
  "assignedTo" : "John Smith",
  "progress" : 32.5,
  "estimate" : "1h 56m",
  "pendingEffort" : "30m",
  "purged" : false,
  "riskIndexBefore" : 19.22,
  "globalIndicatorBefore" : 7.21,
  "effortToTargetBefore" : 31.8,
  "qualityIndicatorsBefore" : "{'Efficiency':53.21, 'Portability':72.9, 'Maintainability':21.9, 'Reliability':13.12, 'Security':38.32 }",
  "riskIndexAfter" : 9.3,
  "globalIndicatorAfter" : 23.5,
  "effortToTargetAfter" : 8.23,
  "qualityIndicatorsAfter" : "{'Efficiency':15.28, 'Portability':7.23, 'Maintainability':71.1, 'Reliability':31.2, 'Security':23.21 }",
  "metrics" : {
    "string" : 0.0
  }
}

Get all defects of an action plan

GET /actionPlan/defects/all
Description

Obtains all defects included in an action plan. If there are more than one action plans with the same name, this endpoint returns the most recent action plan’s information.

Parameters
Type Name Description Model

Query

application
required

Application name

string

Query

creation
optional

Action plan creation date

string (date-time)

Query

name
required

Action plan name

string

Responses
HTTP Code Description Model

200

Successful retrieval of an action plan defects

400

Invalid creation date format

No Content

403

Access denied

No Content

404

Resource not found

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/actionPlan/defects/all?application=myApp&name=ActionPlan1&creation=2019-08-03T10%3A15%3A30Z
Example HTTP response
Response 200
{
  "name" : "ActionPlan1",
  "description" : "Action Plan for security defects",
  "creation" : "2019-10-31T14:50:05.227Z",
  "expiration" : "2019-11-31T14:50:05.227Z",
  "createdBy" : "The Boss",
  "assignedTo" : "John Smith",
  "progress" : 32.5,
  "estimate" : "1h 56m",
  "pendingEffort" : "30m",
  "purged" : false,
  "allDefects" : [ {
    "defectId" : 16558118,
    "file" : "FileSystemRepository.java",
    "line" : 368,
    "code" : "\t\t\tout.println(sql);",
    "muted" : false,
    "vulnerabilityType" : "Injection",
    "explanation" : "Reflected XSS: user_input",
    "status" : "None",
    "cweId" : 79,
    "ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
    "rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
    "language" : "java",
    "characteristic" : "Security",
    "priority" : "Very High",
    "effort" : "30m",
    "modelId" : 6252,
    "securityDetail" : {
      "cweId" : 79,
      "category" : "xss",
      "resource" : "web",
      "container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
      "injectionPoint" : "string",
      "variableDeclaration" : "String sql",
      "sourceFile" : "FileSystemRepository.java",
      "sourceLine" : 70,
      "sourceCode" : "\t\t\tString val = request.getParameter(item);",
      "sourceCategory" : "user_input",
      "sourceResource" : "web",
      "sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
      "sourceInjectionPoint" : "string",
      "frames" : [ {
        "index" : 0,
        "file" : "FileSystemRepository.java",
        "lineNumber" : 32,
        "lineText" : "\t\t\tString val = request.getParameter(item);",
        "category" : "user_input",
        "resource" : "web",
        "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "injectionPoint" : "string",
        "variableDeclaration" : "string"
      } ],
      "datapaths" : [ {
        "index" : 1,
        "kind" : "sink",
        "varname" : "user",
        "lineNumber" : 32,
        "lineText" : "\t\t\tString val = request.getParameter(item);",
        "indirect" : true,
        "file" : "FileSystemRepository.java",
        "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "localId" : 1,
        "localParentId" : 1
      } ]
    }
  } ]
}

Get pending defects of an action plan

GET /actionPlan/defects/pending
Description

Obtains the pending defects of an action plan compared with a concrete analysis. If there are more than one action plans with the same name, this endpoint returns the most recent action plan’s information. If there are more than one analysis with the same label, uses the most recent analysis of them.

Parameters
Type Name Description Model

Query

analysisLabel
optional

Analysis label. If empty it compares with last analysis

string

Query

application
required

Application name

string

Query

asc
optional

Sort ascending: true/false

enum (true, false)

Query

characteristics
optional

Comma-separated list of characteristics to filter by

enum (Efficiency, Maintainability, Portability, Reliability, Security)

Query

creation
optional

Action plan creation date

string (date-time)

Query

fileContains
optional

Use this param to filter defects by file name

string

Query

languages
optional

Comma-separated list of languages to filter by

string

Query

limit
optional

Max number of defects returned

integer

Query

name
required

Action plan name

string

Query

orderBy
optional

Sorting criteria: priority/effort

enum (priority, effort)

Query

priorities
optional

Comma-separated list of priorities(Very low, Low, Normal, High, Very high) to filter by

enum (Very low, Low, Normal, High, Very high)

Responses
HTTP Code Description Model

200

Successful retrieval of an action plan pending defects

400

Invalid creation date format

No Content

403

Access denied

No Content

404

Resource not found

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/actionPlan/defects/pending?application=myApp&name=ActionPlan1&analysisLabel=A-7e3-16dc9e2913&asc=true&characteristics=Security%2C+Efficiency&creation=2019-08-03T10%3A15%3A30Z&fileContains=FileSystemRepository.java&languages=java%2C+php&limit=100&orderBy=priority&priorities=Very+high%2C+High
Example HTTP response
Response 200
{
  "name" : "ActionPlan1",
  "description" : "Action Plan for security defects",
  "creation" : "2019-10-31T14:50:05.227Z",
  "expiration" : "2019-11-31T14:50:05.227Z",
  "createdBy" : "The Boss",
  "assignedTo" : "John Smith",
  "progress" : 32.5,
  "estimate" : "1h 56m",
  "pendingEffort" : "30m",
  "purged" : false,
  "pendingDefects" : [ {
    "defectId" : 16558118,
    "file" : "FileSystemRepository.java",
    "line" : 368,
    "code" : "\t\t\tout.println(sql);",
    "muted" : false,
    "vulnerabilityType" : "Injection",
    "explanation" : "Reflected XSS: user_input",
    "status" : "None",
    "cweId" : 79,
    "ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
    "rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
    "language" : "java",
    "characteristic" : "Security",
    "priority" : "Very High",
    "effort" : "30m",
    "modelId" : 6252,
    "securityDetail" : {
      "cweId" : 79,
      "category" : "xss",
      "resource" : "web",
      "container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
      "injectionPoint" : "string",
      "variableDeclaration" : "String sql",
      "sourceFile" : "FileSystemRepository.java",
      "sourceLine" : 70,
      "sourceCode" : "\t\t\tString val = request.getParameter(item);",
      "sourceCategory" : "user_input",
      "sourceResource" : "web",
      "sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
      "sourceInjectionPoint" : "string",
      "frames" : [ {
        "index" : 0,
        "file" : "FileSystemRepository.java",
        "lineNumber" : 32,
        "lineText" : "\t\t\tString val = request.getParameter(item);",
        "category" : "user_input",
        "resource" : "web",
        "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "injectionPoint" : "string",
        "variableDeclaration" : "string"
      } ],
      "datapaths" : [ {
        "index" : 1,
        "kind" : "sink",
        "varname" : "user",
        "lineNumber" : 32,
        "lineText" : "\t\t\tString val = request.getParameter(item);",
        "indirect" : true,
        "file" : "FileSystemRepository.java",
        "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "localId" : 1,
        "localParentId" : 1
      } ]
    }
  } ]
}

Get removed defects of an action plan

GET /actionPlan/defects/removed
Description

Obtains the removed defects of an action plan compared with a concrete analysis. If there are more than one action plans with the same name, this endpoint returns the most recent action plan’s information. If there are more than one analysis with the same label, uses the most recent analysis of them.

Parameters
Type Name Description Model

Query

analysisLabel
optional

Analysis label. If empty it compares with last analysis

string

Query

application
required

Application name

string

Query

creation
optional

Action plan creation date

string (date-time)

Query

name
required

Action plan name

string

Responses
HTTP Code Description Model

200

Successful retrieval of an action plan removed defects

400

Invalid creation date format

No Content

403

Access denied

No Content

404

Resource not found

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/actionPlan/defects/removed?application=myApp&name=ActionPlan1&analysisLabel=A-7e3-16dc9e2913&creation=2019-08-03T10%3A15%3A30Z
Example HTTP response
Response 200
{
  "name" : "ActionPlan1",
  "description" : "Action Plan for security defects",
  "creation" : "2019-10-31T14:50:05.227Z",
  "expiration" : "2019-11-31T14:50:05.227Z",
  "createdBy" : "The Boss",
  "assignedTo" : "John Smith",
  "progress" : 32.5,
  "estimate" : "1h 56m",
  "pendingEffort" : "30m",
  "purged" : false,
  "removedDefects" : [ {
    "defectId" : 16558118,
    "file" : "FileSystemRepository.java",
    "line" : 368,
    "code" : "\t\t\tout.println(sql);",
    "muted" : false,
    "vulnerabilityType" : "Injection",
    "explanation" : "Reflected XSS: user_input",
    "status" : "None",
    "cweId" : 79,
    "ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
    "rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
    "language" : "java",
    "characteristic" : "Security",
    "priority" : "Very High",
    "effort" : "30m",
    "modelId" : 6252,
    "securityDetail" : {
      "cweId" : 79,
      "category" : "xss",
      "resource" : "web",
      "container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
      "injectionPoint" : "string",
      "variableDeclaration" : "String sql",
      "sourceFile" : "FileSystemRepository.java",
      "sourceLine" : 70,
      "sourceCode" : "\t\t\tString val = request.getParameter(item);",
      "sourceCategory" : "user_input",
      "sourceResource" : "web",
      "sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
      "sourceInjectionPoint" : "string",
      "frames" : [ {
        "index" : 0,
        "file" : "FileSystemRepository.java",
        "lineNumber" : 32,
        "lineText" : "\t\t\tString val = request.getParameter(item);",
        "category" : "user_input",
        "resource" : "web",
        "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "injectionPoint" : "string",
        "variableDeclaration" : "string"
      } ],
      "datapaths" : [ {
        "index" : 1,
        "kind" : "sink",
        "varname" : "user",
        "lineNumber" : 32,
        "lineText" : "\t\t\tString val = request.getParameter(item);",
        "indirect" : true,
        "file" : "FileSystemRepository.java",
        "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "localId" : 1,
        "localParentId" : 1
      } ]
    }
  } ]
}

Get available action plans

GET /actionPlans
Description

List action plans of an application.

Parameters
Type Name Description Model

Query

application
required

Application name

string

Responses
HTTP Code Description Model

200

Successful retrieval of action plans

403

Access denied

No Content

404

Application does not exist

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/actionPlans?application=myApp
Example HTTP response
Response 200
[ {
  "name" : "ActionPlan1",
  "description" : "Action Plan for security defects",
  "creation" : "2019-10-31T14:50:05.227Z",
  "expiration" : "2019-11-31T14:50:05.227Z",
  "createdBy" : "The Boss",
  "assignedTo" : "John Smith",
  "progress" : 32.5,
  "estimate" : "1h 56m",
  "pendingEffort" : "30m",
  "purged" : false
} ]

ActionPlan-Reports

Get progress report of an action plan

GET /actionPlan/progress/export
Description

Get progress report of an action plan or JSON with errors

Parameters
Type Name Description Model Default

Query

application
required

Application name

string

Query

creation
optional

Action plan creation date

string (date-time)

Query

name
required

Action plan name

string

Query

type
optional

Type of report

enum (CSV, PDF)

"PDF"

Responses
HTTP Code Description Model

200

Successful retrieval of an action plan progress report

file

400

Invalid parameter

No Content

403

Access denied

No Content

404

Resource not found

No Content

500

Internal server error

No Content

Produces
  • application/pdf

  • text/csv

  • application/json

Example HTTP request
Request path
/actionPlan/progress/export?application=myApp&name=ActionPlan1&creation=2019-08-03T10%3A15%3A30Z&type=PDF

Get security report of an action plan

GET /actionPlan/security/export
Description

Get security report of an action plan or JSON with errors

Parameters
Type Name Description Model Default

Query

application
required

Application name

string

Query

creation
optional

Action plan creation date

string (date-time)

Query

name
required

Action plan name

string

Query

type
optional

Type of report

enum (CSV, PDF)

"PDF"

Responses
HTTP Code Description Model

200

Successful retrieval of an action plan progress report

file

400

Invalid parameter

No Content

403

Access denied

No Content

404

Resource not found

No Content

500

Internal server error

No Content

Produces
  • application/pdf

  • text/csv

  • application/json

Example HTTP request
Request path
/actionPlan/security/export?application=myApp&name=ActionPlan1&creation=2019-08-03T10%3A15%3A30Z&type=PDF

Get security progress report of an action plan

GET /actionPlan/security/progress/export
Description

Get security progress report of an action plan or JSON with errors

Parameters
Type Name Description Model Default

Query

application
required

Application name

string

Query

creation
optional

Action plan creation date

string (date-time)

Query

name
required

Action plan name

string

Query

type
optional

Type of report

enum (CSV, PDF)

"PDF"

Responses
HTTP Code Description Model

200

Successful retrieval of an action plan progress report

file

400

Invalid parameter

No Content

403

Access denied

No Content

404

Resource not found

No Content

500

Internal server error

No Content

Produces
  • application/pdf

  • text/csv

  • application/json

Example HTTP request
Request path
/actionPlan/security/progress/export?application=myApp&name=ActionPlan1&creation=2019-08-03T10%3A15%3A30Z&type=PDF

Analyses

Get list of analysis

GET /analysis/list
Description

List analysis with different parameters to filter data. See parameters section.

Parameters
Type Name Description Model Default

Query

applicationName
optional

Application name to filter results

string

Query

auditStatus
optional

Audit status to filter analysis (only apply to analysis that has audits)

enum (OK, FAIL)

Query

count
optional

How many analysis in each page (defaults to 500)

integer

500

Query

deliveries
optional

If the list of analysis must include only deliveries (true) or ignore deliveries (false), if this parameter has not value then all analysis will be returned

boolean

Query

endDate
optional

End date to search

string

Query

initDate
optional

Initial date to start search

string

Query

page
optional

Number of results page (defaults to 1)

integer

1

Query

status
optional

Status to filter analysis

enum (SUCCESS, FAIL, INPROGRESS)

Responses
HTTP Code Description Model

200

Successful retrieval of analysis list

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/analysis/list?applicationName=myApp&auditStatus=OK&count=500&deliveries=true&endDate=2019-11-01T23%3A59%3A59Z&initDate=2019-11-01T00%3A00%3A00Z&page=1&status=SUCCESS
Example HTTP response
Response 200
[ {
  "name" : "android",
  "description" : "GitHub Android App",
  "auditName" : "Kiuwan default audit",
  "applicationBusinessValue" : "CRITICAL",
  "applicationProvider" : "Lab",
  "applicationPortfolios" : "{ 'country': 'spain' }",
  "label" : "14.10.2019_1",
  "date" : "2019-10-14T15:15:15Z",
  "modelId" : 6252,
  "encoding" : "UTF-8",
  "analysisCode" : "A-ZBA-234820349",
  "analysisURL" : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349",
  "auditResultURL" : "string",
  "analysisBusinessValue" : "CRITICAL",
  "analysisProvider" : "Lab",
  "analysisPortfolios" : "{ 'country': 'spain' }",
  "analysisStatus" : "FINISHED",
  "languages" : [ {
    "name" : "metric name",
    "size" : 4013
  } ],
  "architecture" : {
    "languages" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "types" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "relations" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "tags" : "tag1",
    "groupTags" : "group1"
  },
  "insightsData" : {
    "components" : 29,
    "vulnerabilities" : 15,
    "licenses" : 8,
    "duplicates" : 8,
    "risks" : [ {
      "name" : "string",
      "risk" : {
        "string" : 0
      }
    } ]
  },
  "analysisScope" : "Complete delivery",
  "changeRequest" : "CR_13.01.2020",
  "changeRequestStatus" : "Resolved",
  "branchName" : "master",
  "baselineAnalysisCode" : "A-7e3-16dc9e29131",
  "deliveryFiles" : {
    "count" : 132
  },
  "deliveryDefects" : {
    "newDefects" : 3,
    "removedDefects" : 0,
    "defects" : 582
  },
  "auditResult" : {
    "auditName" : "Kiuwan default audit",
    "description" : "Default audit provided by Kiuwan. Checks if there are new defects. The audit will not pass if there are any.",
    "approvalThreshold" : 50.0,
    "overallResult" : "FAIL",
    "score" : 0.0,
    "checkpointResults" : [ {
      "checkpoint" : "1",
      "result" : "FAIL",
      "name" : "No new defects",
      "description" : "If a new defect is detected, the checkpoint will not pass.",
      "weight" : 1,
      "mandatory" : true,
      "type" : "Threshold for maximum new defects",
      "score" : 0.0,
      "violatedRules" : [ {
        "ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
        "modelId" : 6252,
        "defectsCount" : 72,
        "suppressedDefectsCount" : 0,
        "filesCount" : 11,
        "effort" : "36h 00",
        "characteristic" : "Security",
        "vulnerabilityType" : "Injection",
        "tags" : "[CERT-J:IDS51-J,CWE:79,CWEScope:Access-Control,CWEScope:Availability,CWEScope:Confidentiality,CWEScope:Integrity,essential,OWASP:2013:A3,OWASP:2017:A7,OWASP-M:2014:M7,PCI-DSS:6.5.7,SANS25:2010:1,SANS25:2011:4,WASC:08]",
        "priority" : "Very High",
        "language" : "Java",
        "files" : {
          "href" : "https://api.kiuwan.com/audits/checkpoints/violatedrules/files/defects?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&checkpoint=3452&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java"
        }
      } ]
    } ]
  },
  "quality_model" : "CQM",
  "ordered_by" : "github software",
  "Risk index" : {
    "name" : "metric name",
    "size" : 4013
  },
  "Quality indicator" : {
    "name" : "metric name",
    "size" : 4013
  },
  "Effort to target" : {
    "name" : "metric name",
    "size" : 4013
  },
  "Main metrics" : [ {
    "name" : "metric name",
    "size" : 4013
  } ],
  "Security" : "{ 'Rating': 1, {'3Stars':104.6,'5Stars':255.9,'2Stars':64.89,'4Stars':247.4}"
} ]

Get list of all analysis codes for an application

GET /applications/analyses
Description

List all analysis codes for an application.

Parameters
Type Name Description Model Default

Query

application
required

Application name

string

Query

count
optional

Limit results

integer

Query

filterPurgedAnalyses
optional

Set to true to not retrieve purged analyses

enum (true, false)

"true"

Query

success
optional

Set to true or false to retrieve only succeeded or failed, respectively

enum (true, false)

Responses
HTTP Code Description Model

200

Successful retrieval of analyses list

< AnalysisResponse > array

403

Access denied

No Content

404

Application does not exist

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/applications/analyses?application=myApp&count=100&filterPurgedAnalyses=true&success=true
Example HTTP response
Response 200
[ {
  "code" : "A-7e3-16dc9e29131",
  "label" : "14.10.2019_1",
  "creationDate" : "2019-10-14T15:15:15Z",
  "qualityModel" : "CQM",
  "modelId" : "string",
  "encoding" : "UTF-8",
  "invoker" : "github software",
  "status" : "RUNNING",
  "errorCode" : "string",
  "unparsedFiles" : [ {
    "file" : "FileSystemSQL.java",
    "cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1.  Encountered: ALTER"
  } ],
  "analysisScope" : "Baseline",
  "changeRequest" : "CR_14-10-2019_1",
  "changeRequestStatus" : "Resolved",
  "branchName" : "master",
  "auditResult" : "FAIL",
  "analysisBusinessValue" : "CRITICAL",
  "analysisProvider" : "Lab",
  "analysisPortfolios" : "{ 'country': 'spain' }",
  "metrics" : "{'com.optimyth.CQM.defectsByPriority.Priority 1': 163,'com.optimyth.CQM.defectsByPriority.Priority 2': 201,'com.optimyth.CQM.defectsByPriority.Priority 3': 159,'com.optimyth.CQM.defectsByPriority.Priority 4': 17,'com.optimyth.CQM.defectsByPriority.Priority 5': 41}"
} ]

Get list of files with metric values and defects of the latest analysis

GET /applications/files
Description

List files with metric values and defects of the latest analysis for the named application.

Parameters
Type Name Description Model

Query

application
required

Application name

string

Responses
HTTP Code Description Model

200

Successful retrieval of analysis files list

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/applications/files?application=myApp
Example HTTP response
Response 200
{
  "name" : "android",
  "description" : "GitHub Android App",
  "auditName" : "Kiuwan default audit",
  "applicationBusinessValue" : "CRITICAL",
  "applicationProvider" : "Lab",
  "applicationPortfolios" : "{ 'country': 'spain' }",
  "label" : "14.10.2019_1",
  "date" : "2019-10-14T15:15:15Z",
  "modelId" : 6252,
  "encoding" : "UTF-8",
  "analysisCode" : "A-ZBA-234820349",
  "analysisURL" : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349",
  "auditResultURL" : "string",
  "analysisBusinessValue" : "CRITICAL",
  "analysisProvider" : "Lab",
  "analysisPortfolios" : "{ 'country': 'spain' }",
  "analysisStatus" : "FINISHED",
  "languages" : [ {
    "name" : "metric name",
    "size" : 4013
  } ],
  "architecture" : {
    "languages" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "types" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "relations" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "tags" : "tag1",
    "groupTags" : "group1"
  },
  "insightsData" : {
    "components" : 29,
    "vulnerabilities" : 15,
    "licenses" : 8,
    "duplicates" : 8,
    "risks" : [ {
      "name" : "string",
      "risk" : {
        "string" : 0
      }
    } ]
  },
  "files_count" : 124,
  "count" : 100,
  "page" : 1,
  "files" : [ {
    "name" : "FileSystemRepository.java",
    "metrics_count" : 17,
    "metrics" : [ {
      "name" : "metric name",
      "size" : 4013
    } ],
    "defects_count" : 5,
    "defects" : [ {
      "defectId" : 16558118,
      "file" : "FileSystemRepository.java",
      "line" : 368,
      "code" : "\t\t\tout.println(sql);",
      "muted" : false,
      "vulnerabilityType" : "Injection",
      "explanation" : "Reflected XSS: user_input",
      "status" : "None",
      "cweId" : 79,
      "ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
      "rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
      "language" : "java",
      "characteristic" : "Security",
      "priority" : "Very High",
      "effort" : "30m",
      "modelId" : 6252,
      "securityDetail" : {
        "cweId" : 79,
        "category" : "xss",
        "resource" : "web",
        "container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
        "injectionPoint" : "string",
        "variableDeclaration" : "String sql",
        "sourceFile" : "FileSystemRepository.java",
        "sourceLine" : 70,
        "sourceCode" : "\t\t\tString val = request.getParameter(item);",
        "sourceCategory" : "user_input",
        "sourceResource" : "web",
        "sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "sourceInjectionPoint" : "string",
        "frames" : [ {
          "index" : 0,
          "file" : "FileSystemRepository.java",
          "lineNumber" : 32,
          "lineText" : "\t\t\tString val = request.getParameter(item);",
          "category" : "user_input",
          "resource" : "web",
          "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
          "injectionPoint" : "string",
          "variableDeclaration" : "string"
        } ],
        "datapaths" : [ {
          "index" : 1,
          "kind" : "sink",
          "varname" : "user",
          "lineNumber" : 32,
          "lineText" : "\t\t\tString val = request.getParameter(item);",
          "indirect" : true,
          "file" : "FileSystemRepository.java",
          "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
          "localId" : 1,
          "localParentId" : 1
        } ]
      }
    } ]
  } ],
  "quality_model" : "CQM",
  "ordered_by" : "github software",
  "Risk index" : {
    "name" : "metric name",
    "size" : 4013
  },
  "Quality indicator" : {
    "name" : "metric name",
    "size" : 4013
  },
  "Effort to target" : {
    "name" : "metric name",
    "size" : 4013
  },
  "Main metrics" : [ {
    "name" : "metric name",
    "size" : 4013
  } ],
  "Security" : "{ 'Rating': 1, {'3Stars':104.6,'5Stars':255.9,'2Stars':64.89,'4Stars':247.4}"
}

Get last analysis

GET /applications/last_analysis
Description

Retrieves last analysis for the authenticated user and the application indicated.

Parameters
Type Name Description Model

Query

application
required

Application name

string

Responses
HTTP Code Description Model

200

Successful retrieval of applications

403

Access denied

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/applications/last_analysis?application=myApp
Example HTTP response
Response 200
{
  "name" : "android",
  "description" : "GitHub Android App",
  "auditName" : "Kiuwan default audit",
  "applicationBusinessValue" : "CRITICAL",
  "applicationProvider" : "Lab",
  "applicationPortfolios" : "{ 'country': 'spain' }",
  "label" : "14.10.2019_1",
  "date" : "2019-10-14T15:15:15Z",
  "modelId" : 6252,
  "encoding" : "UTF-8",
  "analysisCode" : "A-ZBA-234820349",
  "analysisURL" : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349",
  "auditResultURL" : "string",
  "analysisBusinessValue" : "CRITICAL",
  "analysisProvider" : "Lab",
  "analysisPortfolios" : "{ 'country': 'spain' }",
  "analysisStatus" : "FINISHED",
  "languages" : [ {
    "name" : "metric name",
    "size" : 4013
  } ],
  "architecture" : {
    "languages" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "types" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "relations" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "tags" : "tag1",
    "groupTags" : "group1"
  },
  "insightsData" : {
    "components" : 29,
    "vulnerabilities" : 15,
    "licenses" : 8,
    "duplicates" : 8,
    "risks" : [ {
      "name" : "string",
      "risk" : {
        "string" : 0
      }
    } ]
  },
  "quality_model" : "CQM",
  "ordered_by" : "github software",
  "Risk index" : {
    "name" : "metric name",
    "size" : 4013
  },
  "Quality indicator" : {
    "name" : "metric name",
    "size" : 4013
  },
  "Effort to target" : {
    "name" : "metric name",
    "size" : 4013
  },
  "Main metrics" : [ {
    "name" : "metric name",
    "size" : 4013
  } ],
  "Security" : "{ 'Rating': 1, {'3Stars':104.6,'5Stars':255.9,'2Stars':64.89,'4Stars':247.4}"
}

Get application analysis

GET /apps/analysis/{code}
Description

Retrieves analysis results for a concrete analysis specified by code parameter.

Parameters
Type Name Description Model

Path

code
required

Analysis code

string

Responses
HTTP Code Description Model

200

Successful retrieval of application analysis

403

Access denied

No Content

404

Application does not exist

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/apps/analysis/A-7e3-16dc9e29131
Example HTTP response
Response 200
{
  "name" : "android",
  "description" : "GitHub Android App",
  "auditName" : "Kiuwan default audit",
  "applicationBusinessValue" : "CRITICAL",
  "applicationProvider" : "Lab",
  "applicationPortfolios" : "{ 'country': 'spain' }",
  "label" : "14.10.2019_1",
  "date" : "2019-10-14T15:15:15Z",
  "modelId" : 6252,
  "encoding" : "UTF-8",
  "analysisCode" : "A-ZBA-234820349",
  "analysisURL" : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349",
  "auditResultURL" : "string",
  "analysisBusinessValue" : "CRITICAL",
  "analysisProvider" : "Lab",
  "analysisPortfolios" : "{ 'country': 'spain' }",
  "analysisStatus" : "FINISHED",
  "languages" : [ {
    "name" : "metric name",
    "size" : 4013
  } ],
  "architecture" : {
    "languages" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "types" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "relations" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "tags" : "tag1",
    "groupTags" : "group1"
  },
  "insightsData" : {
    "components" : 29,
    "vulnerabilities" : 15,
    "licenses" : 8,
    "duplicates" : 8,
    "risks" : [ {
      "name" : "string",
      "risk" : {
        "string" : 0
      }
    } ]
  },
  "analysisScope" : "Complete delivery",
  "changeRequest" : "CR_13.01.2020",
  "changeRequestStatus" : "Resolved",
  "branchName" : "master",
  "baselineAnalysisCode" : "A-7e3-16dc9e29131",
  "deliveryFiles" : {
    "count" : 132
  },
  "deliveryDefects" : {
    "newDefects" : 3,
    "removedDefects" : 0,
    "defects" : 582
  },
  "auditResult" : {
    "auditName" : "Kiuwan default audit",
    "description" : "Default audit provided by Kiuwan. Checks if there are new defects. The audit will not pass if there are any.",
    "approvalThreshold" : 50.0,
    "overallResult" : "FAIL",
    "score" : 0.0,
    "checkpointResults" : [ {
      "checkpoint" : "1",
      "result" : "FAIL",
      "name" : "No new defects",
      "description" : "If a new defect is detected, the checkpoint will not pass.",
      "weight" : 1,
      "mandatory" : true,
      "type" : "Threshold for maximum new defects",
      "score" : 0.0,
      "violatedRules" : [ {
        "ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
        "modelId" : 6252,
        "defectsCount" : 72,
        "suppressedDefectsCount" : 0,
        "filesCount" : 11,
        "effort" : "36h 00",
        "characteristic" : "Security",
        "vulnerabilityType" : "Injection",
        "tags" : "[CERT-J:IDS51-J,CWE:79,CWEScope:Access-Control,CWEScope:Availability,CWEScope:Confidentiality,CWEScope:Integrity,essential,OWASP:2013:A3,OWASP:2017:A7,OWASP-M:2014:M7,PCI-DSS:6.5.7,SANS25:2010:1,SANS25:2011:4,WASC:08]",
        "priority" : "Very High",
        "language" : "Java",
        "files" : {
          "href" : "https://api.kiuwan.com/audits/checkpoints/violatedrules/files/defects?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&checkpoint=3452&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java"
        }
      } ]
    } ]
  },
  "quality_model" : "CQM",
  "ordered_by" : "github software",
  "Risk index" : {
    "name" : "metric name",
    "size" : 4013
  },
  "Quality indicator" : {
    "name" : "metric name",
    "size" : 4013
  },
  "Effort to target" : {
    "name" : "metric name",
    "size" : 4013
  },
  "Main metrics" : [ {
    "name" : "metric name",
    "size" : 4013
  } ],
  "Security" : "{ 'Rating': 1, {'3Stars':104.6,'5Stars':255.9,'2Stars':64.89,'4Stars':247.4}"
}

Get list of analysis defects

GET /apps/analysis/{code}/defects
Description

List analysis defects for a concrete analysis specified by analysisCode parameter.

Parameters
Type Name Description Model Default

Path

code
required

Analysis code

string

Query

asc
optional

Set to true to sort ascending (default is not set), false for descending

enum (true, false)

Query

characteristics
optional

Comma-separated list of characteristics to filter by

enum (Efficiency, Maintainability, Portability, Reliability, Security)

Query

count
optional

How many defects in each page (defaults to 500)

integer

500

Query

fileContains
optional

Use this param to filter defects by file name

string

Query

languages
optional

Comma-separated list of languages to filter by

string

Query

orderBy
optional

Sorting criteria (one of 'priority' or 'effort')

enum (priority, effort)

Query

page
optional

Number of results page (defaults to 1)

integer

1

Query

priorities
optional

Comma-separated list of priorities(Very low, Low, Normal, High, Very high) to filter by

enum (Very low, Low, Normal, High, Very high)

Responses
HTTP Code Description Model

200

Successful retrieval of analysis defects list

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/apps/analysis/A-7e3-16e5b1aad2a/defects?asc=true&characteristics=Security%2C+Efficiency&count=500&fileContains=FileSystemRepository.java&languages=java%2C+php&orderBy=priority&page=1&priorities=Very+high%2C+High
Example HTTP response
Response 200
{
  "name" : "android",
  "description" : "GitHub Android App",
  "auditName" : "Kiuwan default audit",
  "applicationBusinessValue" : "CRITICAL",
  "applicationProvider" : "Lab",
  "applicationPortfolios" : "{ 'country': 'spain' }",
  "label" : "14.10.2019_1",
  "date" : "2019-10-14T15:15:15Z",
  "modelId" : 6252,
  "encoding" : "UTF-8",
  "analysisCode" : "A-ZBA-234820349",
  "analysisURL" : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349",
  "auditResultURL" : "string",
  "analysisBusinessValue" : "CRITICAL",
  "analysisProvider" : "Lab",
  "analysisPortfolios" : "{ 'country': 'spain' }",
  "analysisStatus" : "FINISHED",
  "languages" : [ {
    "name" : "metric name",
    "size" : 4013
  } ],
  "architecture" : {
    "languages" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "types" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "relations" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "tags" : "tag1",
    "groupTags" : "group1"
  },
  "insightsData" : {
    "components" : 29,
    "vulnerabilities" : 15,
    "licenses" : 8,
    "duplicates" : 8,
    "risks" : [ {
      "name" : "string",
      "risk" : {
        "string" : 0
      }
    } ]
  },
  "defects_count" : 581,
  "activeDefects_count" : 575,
  "supressedDefects_count" : 6,
  "count" : 500,
  "page" : 1,
  "defects" : [ {
    "defectId" : 16558118,
    "file" : "FileSystemRepository.java",
    "line" : 368,
    "code" : "\t\t\tout.println(sql);",
    "muted" : false,
    "vulnerabilityType" : "Injection",
    "explanation" : "Reflected XSS: user_input",
    "status" : "None",
    "cweId" : 79,
    "ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
    "rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
    "language" : "java",
    "characteristic" : "Security",
    "priority" : "Very High",
    "effort" : "30m",
    "modelId" : 6252,
    "securityDetail" : {
      "cweId" : 79,
      "category" : "xss",
      "resource" : "web",
      "container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
      "injectionPoint" : "string",
      "variableDeclaration" : "String sql",
      "sourceFile" : "FileSystemRepository.java",
      "sourceLine" : 70,
      "sourceCode" : "\t\t\tString val = request.getParameter(item);",
      "sourceCategory" : "user_input",
      "sourceResource" : "web",
      "sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
      "sourceInjectionPoint" : "string",
      "frames" : [ {
        "index" : 0,
        "file" : "FileSystemRepository.java",
        "lineNumber" : 32,
        "lineText" : "\t\t\tString val = request.getParameter(item);",
        "category" : "user_input",
        "resource" : "web",
        "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "injectionPoint" : "string",
        "variableDeclaration" : "string"
      } ],
      "datapaths" : [ {
        "index" : 1,
        "kind" : "sink",
        "varname" : "user",
        "lineNumber" : 32,
        "lineText" : "\t\t\tString val = request.getParameter(item);",
        "indirect" : true,
        "file" : "FileSystemRepository.java",
        "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "localId" : 1,
        "localParentId" : 1
      } ]
    }
  } ],
  "quality_model" : "CQM",
  "ordered_by" : "github software",
  "Risk index" : {
    "name" : "metric name",
    "size" : 4013
  },
  "Quality indicator" : {
    "name" : "metric name",
    "size" : 4013
  },
  "Effort to target" : {
    "name" : "metric name",
    "size" : 4013
  },
  "Main metrics" : [ {
    "name" : "metric name",
    "size" : 4013
  } ],
  "Security" : "{ 'Rating': 1, {'3Stars':104.6,'5Stars':255.9,'2Stars':64.89,'4Stars':247.4}"
}

Get comparison of the defects found in two different analysis

GET /apps/analysis/{code}/defects/compare/{previouscode}
Description

Get the net number of new and removed defects and violated rules after comparing 2 given analyses.

Parameters
Type Name Description Model

Path

code
required

Analysis code

string

Path

previouscode
required

Previous analysis code

string

Responses
HTTP Code Description Model

200

Successful retrieval of analysis compare defects

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/apps/analysis/A-7e3-16e5b1aad2a/defects/compare/A-7e3-16dc9e29131
Example HTTP response
Response 200
{
  "Main analysis code" : "A-7e3-16e5b1aad2a",
  "Previous analysis code" : "A-7e3-16dc9e29131",
  "New violated rules count" : 1,
  "Removed violated rules count" : 0,
  "New defects count" : 3,
  "Removed defects count" : 0
}

Get the list of new/removed defects in a comparison

GET /apps/analysis/{code}/defects/compare/{previouscode}/{defectstype}
Description

Get the list of new/removed defects in an analysis from the previous analysis.

Parameters
Type Name Description Model

Path

code
required

Analysis code

string

Path

defectstype
required

Either 'new' or 'removed'

enum (new, removed)

Path

previouscode
required

Previous analysis code

string

Responses
HTTP Code Description Model

200

Successful retrieval of new or removed defects for an analysis

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/apps/analysis/A-7e3-16e5b1aad2a/defects/compare/A-7e3-16dc9e29131/new
Example HTTP response
Response 200
{
  "count" : 3,
  "page" : 1,
  "Main analysis code" : "A-7e3-16e5b1aad2a",
  "Previous analysis code" : "A-7e3-16dc9e29131",
  "New violated rules count" : 1,
  "Removed violated rules count" : 0,
  "New defects count" : 3,
  "Removed defects count" : 0,
  "New defects" : [ {
    "defectId" : 16558118,
    "file" : "FileSystemRepository.java",
    "line" : 368,
    "code" : "\t\t\tout.println(sql);",
    "muted" : false,
    "vulnerabilityType" : "Injection",
    "explanation" : "Reflected XSS: user_input",
    "status" : "None",
    "cweId" : 79,
    "ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
    "rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
    "language" : "java",
    "characteristic" : "Security",
    "priority" : "Very High",
    "effort" : "30m",
    "modelId" : 6252,
    "securityDetail" : {
      "cweId" : 79,
      "category" : "xss",
      "resource" : "web",
      "container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
      "injectionPoint" : "string",
      "variableDeclaration" : "String sql",
      "sourceFile" : "FileSystemRepository.java",
      "sourceLine" : 70,
      "sourceCode" : "\t\t\tString val = request.getParameter(item);",
      "sourceCategory" : "user_input",
      "sourceResource" : "web",
      "sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
      "sourceInjectionPoint" : "string",
      "frames" : [ {
        "index" : 0,
        "file" : "FileSystemRepository.java",
        "lineNumber" : 32,
        "lineText" : "\t\t\tString val = request.getParameter(item);",
        "category" : "user_input",
        "resource" : "web",
        "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "injectionPoint" : "string",
        "variableDeclaration" : "string"
      } ],
      "datapaths" : [ {
        "index" : 1,
        "kind" : "sink",
        "varname" : "user",
        "lineNumber" : 32,
        "lineText" : "\t\t\tString val = request.getParameter(item);",
        "indirect" : true,
        "file" : "FileSystemRepository.java",
        "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "localId" : 1,
        "localParentId" : 1
      } ]
    }
  } ],
  "Removed defects" : [ {
    "defectId" : 16558118,
    "file" : "FileSystemRepository.java",
    "line" : 368,
    "code" : "\t\t\tout.println(sql);",
    "muted" : false,
    "vulnerabilityType" : "Injection",
    "explanation" : "Reflected XSS: user_input",
    "status" : "None",
    "cweId" : 79,
    "ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
    "rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
    "language" : "java",
    "characteristic" : "Security",
    "priority" : "Very High",
    "effort" : "30m",
    "modelId" : 6252,
    "securityDetail" : {
      "cweId" : 79,
      "category" : "xss",
      "resource" : "web",
      "container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
      "injectionPoint" : "string",
      "variableDeclaration" : "String sql",
      "sourceFile" : "FileSystemRepository.java",
      "sourceLine" : 70,
      "sourceCode" : "\t\t\tString val = request.getParameter(item);",
      "sourceCategory" : "user_input",
      "sourceResource" : "web",
      "sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
      "sourceInjectionPoint" : "string",
      "frames" : [ {
        "index" : 0,
        "file" : "FileSystemRepository.java",
        "lineNumber" : 32,
        "lineText" : "\t\t\tString val = request.getParameter(item);",
        "category" : "user_input",
        "resource" : "web",
        "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "injectionPoint" : "string",
        "variableDeclaration" : "string"
      } ],
      "datapaths" : [ {
        "index" : 1,
        "kind" : "sink",
        "varname" : "user",
        "lineNumber" : 32,
        "lineText" : "\t\t\tString val = request.getParameter(item);",
        "indirect" : true,
        "file" : "FileSystemRepository.java",
        "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "localId" : 1,
        "localParentId" : 1
      } ]
    }
  } ]
}

Get list of files with metric values and defects for a specific analysis

GET /apps/analysis/{code}/files
Description

List files with metric values and defects for a specific analysis.

Parameters
Type Name Description Model

Path

code
required

Analysis code

string

Responses
HTTP Code Description Model

200

Successful retrieval of analysis files

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/apps/analysis/A-7e3-16e5b1aad2a/files
Example HTTP response
Response 200
{
  "name" : "android",
  "description" : "GitHub Android App",
  "auditName" : "Kiuwan default audit",
  "applicationBusinessValue" : "CRITICAL",
  "applicationProvider" : "Lab",
  "applicationPortfolios" : "{ 'country': 'spain' }",
  "label" : "14.10.2019_1",
  "date" : "2019-10-14T15:15:15Z",
  "modelId" : 6252,
  "encoding" : "UTF-8",
  "analysisCode" : "A-ZBA-234820349",
  "analysisURL" : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349",
  "auditResultURL" : "string",
  "analysisBusinessValue" : "CRITICAL",
  "analysisProvider" : "Lab",
  "analysisPortfolios" : "{ 'country': 'spain' }",
  "analysisStatus" : "FINISHED",
  "languages" : [ {
    "name" : "metric name",
    "size" : 4013
  } ],
  "architecture" : {
    "languages" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "types" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "relations" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "tags" : "tag1",
    "groupTags" : "group1"
  },
  "insightsData" : {
    "components" : 29,
    "vulnerabilities" : 15,
    "licenses" : 8,
    "duplicates" : 8,
    "risks" : [ {
      "name" : "string",
      "risk" : {
        "string" : 0
      }
    } ]
  },
  "files_count" : 124,
  "count" : 100,
  "page" : 1,
  "files" : [ {
    "name" : "FileSystemRepository.java",
    "metrics_count" : 17,
    "metrics" : [ {
      "name" : "metric name",
      "size" : 4013
    } ],
    "defects_count" : 5,
    "defects" : [ {
      "defectId" : 16558118,
      "file" : "FileSystemRepository.java",
      "line" : 368,
      "code" : "\t\t\tout.println(sql);",
      "muted" : false,
      "vulnerabilityType" : "Injection",
      "explanation" : "Reflected XSS: user_input",
      "status" : "None",
      "cweId" : 79,
      "ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
      "rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
      "language" : "java",
      "characteristic" : "Security",
      "priority" : "Very High",
      "effort" : "30m",
      "modelId" : 6252,
      "securityDetail" : {
        "cweId" : 79,
        "category" : "xss",
        "resource" : "web",
        "container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
        "injectionPoint" : "string",
        "variableDeclaration" : "String sql",
        "sourceFile" : "FileSystemRepository.java",
        "sourceLine" : 70,
        "sourceCode" : "\t\t\tString val = request.getParameter(item);",
        "sourceCategory" : "user_input",
        "sourceResource" : "web",
        "sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "sourceInjectionPoint" : "string",
        "frames" : [ {
          "index" : 0,
          "file" : "FileSystemRepository.java",
          "lineNumber" : 32,
          "lineText" : "\t\t\tString val = request.getParameter(item);",
          "category" : "user_input",
          "resource" : "web",
          "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
          "injectionPoint" : "string",
          "variableDeclaration" : "string"
        } ],
        "datapaths" : [ {
          "index" : 1,
          "kind" : "sink",
          "varname" : "user",
          "lineNumber" : 32,
          "lineText" : "\t\t\tString val = request.getParameter(item);",
          "indirect" : true,
          "file" : "FileSystemRepository.java",
          "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
          "localId" : 1,
          "localParentId" : 1
        } ]
      }
    } ]
  } ],
  "quality_model" : "CQM",
  "ordered_by" : "github software",
  "Risk index" : {
    "name" : "metric name",
    "size" : 4013
  },
  "Quality indicator" : {
    "name" : "metric name",
    "size" : 4013
  },
  "Effort to target" : {
    "name" : "metric name",
    "size" : 4013
  },
  "Main metrics" : [ {
    "name" : "metric name",
    "size" : 4013
  } ],
  "Security" : "{ 'Rating': 1, {'3Stars':104.6,'5Stars':255.9,'2Stars':64.89,'4Stars':247.4}"
}

Analyses-Reports

Get defects CSV report of an analysis

GET /applications/analysis/defects/export
Description

Obtains a CSV report of the specified analysis code or the last analysis of the application name.

Parameters
Type Name Description Model

Query

application
optional

Application name

string

Query

code
optional

Analysis code

string

Responses
HTTP Code Description Model

200

Successfully retrieval of report

file

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • text/csv

  • application/json

Example HTTP request
Request path
/applications/analysis/defects/export?application=myApp&code=A-7e3-16e5b1aad2a

Get security PDF report of an analysis

GET /applications/analysis/security/summary/export
Description

Obtains a security report of the specified analysis code or the last analysis of the application name in PDF format.

Parameters
Type Name Description Model

Query

application
optional

Application name

string

Query

code
optional

Analysis code

string

Responses
HTTP Code Description Model

200

Successfully retrieval of report

file

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/pdf

  • application/json

Example HTTP request
Request path
/applications/analysis/security/summary/export?application=myApp&code=A-7e3-16e5b1aad2a

Get PDF report of an analysis

GET /applications/analysis/summary/export
Description

Obtains a report of the specified analysis code or the last analysis of the application name in PDF format.

Parameters
Type Name Description Model

Query

application
optional

Application name

string

Query

code
optional

Analysis code

string

Responses
HTTP Code Description Model

200

Successfully retrieval of report

file

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/pdf

  • application/json

Example HTTP request
Request path
/applications/analysis/summary/export?application=myApp&code=A-7e3-16e5b1aad2a

Get security CSV/Threadfix report of an analysis

GET /applications/analysis/vulnerabilities/export
Description

Obtains a security report of the specified analysis code or the last analysis of the application name in CSV or Threadfix format.

Parameters
Type Name Description Model Default

Query

application
optional

Application name

string

Query

code
optional

Analysis code

string

Query

type
optional

type of report

enum (CSV, THREADFIX)

"CSV"

Responses
HTTP Code Description Model

200

Successfully retrieval of report

file

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • text/csv

  • application/json

Example HTTP request
Request path
/applications/analysis/vulnerabilities/export?application=myApp&code=A-7e3-16e5b1aad2a&type=CSV

Application

Get applications

GET /applications
Description

Retrieves applications for the authenticated user.

Responses
HTTP Code Description Model

200

Successful retrieval of applications

403

Access denied

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/applications
Example HTTP response
Response 200
[ {
  "name" : "android",
  "description" : "GitHub Android App",
  "auditName" : "Kiuwan default audit",
  "applicationBusinessValue" : "CRITICAL",
  "applicationProvider" : "Lab",
  "applicationPortfolios" : "{ 'country': 'spain' }",
  "quality_model" : "CQM"
} ]

Get list of application defects

GET /applications/defects
Description

List application defects for the indicated application.

Parameters
Type Name Description Model Default

Query

application
required

Application name

string

Query

asc
optional

Set to true to sort ascending (default is not set), false for descending

enum (true, false)

Query

characteristics
optional

Comma-separated list of characteristics to filter by

enum (Efficiency, Maintainability, Portability, Reliability, Security)

Query

count
optional

How many defects in each page (defaults to 500)

integer

500

Query

fileContains
optional

Use this param to filter defects by file name

string

Query

languages
optional

Comma-separated list of languages to filter by

string

Query

orderBy
optional

Sorting criteria (one of 'priority' or 'effort')

enum (priority, effort)

Query

page
optional

Number of results page (defaults to 1)

integer

1

Query

priorities
optional

Comma-separated list of priorities(Very low, Low, Normal, High, Very high) to filter by

enum (Very low, Low, Normal, High, Very high)

Responses
HTTP Code Description Model

200

Successful retrieval of analysis defects list

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/applications/defects?application=myApp&asc=true&characteristics=Security%2C+Efficiency&count=500&fileContains=FileSystemRepository.java&languages=java%2C+php&orderBy=priority&page=1&priorities=Very+high%2C+High
Example HTTP response
Response 200
{
  "name" : "android",
  "description" : "GitHub Android App",
  "auditName" : "Kiuwan default audit",
  "applicationBusinessValue" : "CRITICAL",
  "applicationProvider" : "Lab",
  "applicationPortfolios" : "{ 'country': 'spain' }",
  "label" : "14.10.2019_1",
  "date" : "2019-10-14T15:15:15Z",
  "modelId" : 6252,
  "encoding" : "UTF-8",
  "analysisCode" : "A-ZBA-234820349",
  "analysisURL" : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349",
  "auditResultURL" : "string",
  "analysisBusinessValue" : "CRITICAL",
  "analysisProvider" : "Lab",
  "analysisPortfolios" : "{ 'country': 'spain' }",
  "analysisStatus" : "FINISHED",
  "languages" : [ {
    "name" : "metric name",
    "size" : 4013
  } ],
  "architecture" : {
    "languages" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "types" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "relations" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "tags" : "tag1",
    "groupTags" : "group1"
  },
  "insightsData" : {
    "components" : 29,
    "vulnerabilities" : 15,
    "licenses" : 8,
    "duplicates" : 8,
    "risks" : [ {
      "name" : "string",
      "risk" : {
        "string" : 0
      }
    } ]
  },
  "defects_count" : 581,
  "activeDefects_count" : 575,
  "supressedDefects_count" : 6,
  "count" : 500,
  "page" : 1,
  "defects" : [ {
    "defectId" : 16558118,
    "file" : "FileSystemRepository.java",
    "line" : 368,
    "code" : "\t\t\tout.println(sql);",
    "muted" : false,
    "vulnerabilityType" : "Injection",
    "explanation" : "Reflected XSS: user_input",
    "status" : "None",
    "cweId" : 79,
    "ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
    "rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
    "language" : "java",
    "characteristic" : "Security",
    "priority" : "Very High",
    "effort" : "30m",
    "modelId" : 6252,
    "securityDetail" : {
      "cweId" : 79,
      "category" : "xss",
      "resource" : "web",
      "container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
      "injectionPoint" : "string",
      "variableDeclaration" : "String sql",
      "sourceFile" : "FileSystemRepository.java",
      "sourceLine" : 70,
      "sourceCode" : "\t\t\tString val = request.getParameter(item);",
      "sourceCategory" : "user_input",
      "sourceResource" : "web",
      "sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
      "sourceInjectionPoint" : "string",
      "frames" : [ {
        "index" : 0,
        "file" : "FileSystemRepository.java",
        "lineNumber" : 32,
        "lineText" : "\t\t\tString val = request.getParameter(item);",
        "category" : "user_input",
        "resource" : "web",
        "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "injectionPoint" : "string",
        "variableDeclaration" : "string"
      } ],
      "datapaths" : [ {
        "index" : 1,
        "kind" : "sink",
        "varname" : "user",
        "lineNumber" : 32,
        "lineText" : "\t\t\tString val = request.getParameter(item);",
        "indirect" : true,
        "file" : "FileSystemRepository.java",
        "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "localId" : 1,
        "localParentId" : 1
      } ]
    }
  } ],
  "quality_model" : "CQM",
  "ordered_by" : "github software",
  "Risk index" : {
    "name" : "metric name",
    "size" : 4013
  },
  "Quality indicator" : {
    "name" : "metric name",
    "size" : 4013
  },
  "Effort to target" : {
    "name" : "metric name",
    "size" : 4013
  },
  "Main metrics" : [ {
    "name" : "metric name",
    "size" : 4013
  } ],
  "Security" : "{ 'Rating': 1, {'3Stars':104.6,'5Stars':255.9,'2Stars':64.89,'4Stars':247.4}"
}

Get list of application vulnerabilities in Threadfix format

GET /applications/defects/export/threadfix
Description

List application vulnerabilities in Threadfix format for the given application or analysis code.

Parameters
Type Name Description Model

Query

application
optional

Application name

string

Query

code
optional

Analysis code

string

Responses
HTTP Code Description Model

200

Successful retrieval of vulnerabilities in Threadfix format

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/applications/defects/export/threadfix?application=myApp&code=A-7e3-16e5b1aad2a
Example HTTP response
Response 200
{
  "collectionType" : "SAST",
  "created" : "2020-01-15T11:23:45",
  "exported" : "2020-02-17T11:23:45",
  "source" : "kiuwan",
  "findings" : [ {
    "nativeId" : "1",
    "severity" : "MEDIUM",
    "nativeSeverity" : "MEDIUM",
    "summary" : "CORS policy (Cross-origin resource sharing) too broad",
    "mappings" : [ {
      "mappingType" : "CWE",
      "vendorOtherType" : "kiuwan",
      "value" : "89",
      "primary" : true
    } ],
    "scannerDetail" : "Too much allowed origins in HTML5 Access-Control-Allow-Origin header. Traditionally, web browsers...",
    "scannerRecommendation" : "Do not use Access-Control-Allow-Origin: * in CORS headers. This permits any origin to read data from...",
    "staticDetails" : {
      "dataFlow" : [ {
        "file" : "MyClass.java",
        "lineNumber" : 17,
        "columnNumber" : 14,
        "parameter" : "cmd.CommandText",
        "text" : "String a = request.getParameter(...)",
        "sequence" : 1
      } ],
      "parameter" : "cmd.CommandText"
    },
    "metadata" : {
      "string" : "string"
    },
    "tags" : [ "string" ],
    "comments" : [ "string" ]
  } ],
  "metadata" : {
    "string" : "string"
  },
  "executiveSummary" : "After an automated Kiuwan analysis of myApp, it was found to be..."
}

Get applications filtered

GET /applications/list
Description

Retrieves applications for the authenticated user filtered.

Parameters
Type Name Description Model Default

Query

applicationName
optional

Application name to filter

string

Query

asc
optional

Ascending or descending order

boolean

Query

count
optional

How many applications in each page (defaults to 500)

integer

500

Query

endDateAnalysis
optional

End date to start search applications that are analyzed before this date

string

Query

exactApplicationName
optional

Indicates if the applicationName must be equals (ignore case). Only apply if applicationName is provided

boolean

Query

initDateAnalysis
optional

Initial date to start search applications that are analyzed after this date

string

Query

orderBy
optional

'Order by' for results

enum (applicationName, analysisDate)

Query

page
optional

Number of results page (defaults to 1)

integer

1

Responses
HTTP Code Description Model

200

Successful retrieval of applications filtered

400

Bad request

No Content

403

Access denied

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/applications/list?applicationName=myApp&asc=true&count=500&endDateAnalysis=2019-11-01T23%3A59%3A59Z&exactApplicationName=true&initDateAnalysis=2019-11-01T00%3A00%3A00Z&orderBy=applicationName&page=1
Example HTTP response
Response 200
[ {
  "name" : "android",
  "description" : "GitHub Android App",
  "auditName" : "Kiuwan default audit",
  "applicationBusinessValue" : "CRITICAL",
  "applicationProvider" : "Lab",
  "applicationPortfolios" : "{ 'country': 'spain' }",
  "quality_model" : "CQM"
} ]

Get analysis global metrics

GET /metrics
Description

Obtains the global metrics of indicated analysis.

Parameters
Type Name Description Model

Query

code
required

Analysis code

string

Responses
HTTP Code Description Model

200

Successfully retrieval of global metrics map

< string, object > map

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/metrics?code=A-7e3-16e5b1aad2a
Example HTTP response
Response 200
"object"

Get suppression rules

GET /qualitymodel/suppressions
Description

Get suppression rules for application given as parameter.

Parameters
Type Name Description Model

Query

application
required

Application name

string

Responses
HTTP Code Description Model

200

Successfully retrieval of suppression rules

string

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/xml

  • application/json

Example HTTP request
Request path
/qualitymodel/suppressions?application=myApp
Example HTTP response
Response 200
"string"

Architecture

Get list of sources that impact on a component with the specified targetId

POST /arch/impact/searchSources
Description

List of sources that impact on a component with the specified targetId in analysis for a concrete analysis specified by analysisCode parameter or application name specified in applicationName parameter by filters and pagination.

Parameters
Type Name Description Model

Body

body
required

Analysis impact request for sources

Responses
HTTP Code Description Model

200

Successful retrieval of sources list

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

Produces
  • application/json

Example HTTP request
Request path
/arch/impact/searchSources
Request body
{
  "applicationName" : "myApp",
  "analysisCode" : "A-7e3-16dc9e29131",
  "analysisImpactCode" : "0143dde8-3d81-44ac-ab77-fb5132c0f3b0",
  "sourceFilter" : {
    "contains" : "custom.js",
    "notContains" : "testFactory",
    "languages" : "java,javascript",
    "types" : "program,element,map,class",
    "analyzed" : true,
    "fileName" : "custom.js",
    "tags" : "myTag1,myTag2",
    "groupTags" : [ {
      "name" : "Servlets",
      "value" : "FileServlet"
    } ]
  },
  "sourceIds" : [ 0 ],
  "targetId" : 41144504,
  "navigationFilter" : {
    "relations" : "contains,uses,update",
    "direction" : "out",
    "depth" : 2
  },
  "pagination" : {
    "page" : 1,
    "count" : 500,
    "total" : 5654
  }
}
Example HTTP response
Response 200
{
  "pagination" : {
    "page" : 1,
    "count" : 500,
    "total" : 5654
  },
  "data" : [ {
    "id" : 23,
    "dn" : "app=myApp,class=com.myCompany.myApp.file.CSRFServlet",
    "name" : "com.myCompany.myApp.CSRFServlet",
    "type" : "class",
    "language" : "java",
    "tags" : "Security,CSRF",
    "grouptags" : "{'Servlet': 'FileServlet'}",
    "artifacts" : "{0}/src/main/java/com/myCompany/myApp/CSRFServlet",
    "analyzed" : true,
    "loc" : 210.0,
    "quality" : 0.0,
    "dupCode" : 0.0,
    "ccn" : 15.0,
    "effort" : 0.0,
    "groupedCount" : 1,
    "other" : "{ 'componentType': 'class', 'j2eeType': 'class', 'description': 'class java' }"
  } ],
  "analysisImpactCode" : "0143dde8-3d81-44ac-ab77-fb5132c0f3b0"
}

Get list of impacted components

POST /arch/impact/searchTargets
Description

List impacted components in analysis for a concrete analysis specified by analysisCode parameter or application name specified in applicationName parameter by filters and pagination.

Parameters
Type Name Description Model

Body

body
required

Analysis impact request

Responses
HTTP Code Description Model

200

Successful retrieval of impacted components list

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

Produces
  • application/json

Example HTTP request
Request path
/arch/impact/searchTargets
Request body
{
  "applicationName" : "myApp",
  "analysisCode" : "A-7e3-16dc9e29131",
  "analysisImpactCode" : "0143dde8-3d81-44ac-ab77-fb5132c0f3b0",
  "sourceFilter" : {
    "contains" : "custom.js",
    "notContains" : "testFactory",
    "languages" : "java,javascript",
    "types" : "program,element,map,class",
    "analyzed" : true,
    "fileName" : "custom.js",
    "tags" : "myTag1,myTag2",
    "groupTags" : [ {
      "name" : "Servlets",
      "value" : "FileServlet"
    } ]
  },
  "targetFilter" : {
    "contains" : "custom.js",
    "notContains" : "testFactory",
    "languages" : "java,javascript",
    "types" : "program,element,map,class",
    "analyzed" : true,
    "fileName" : "custom.js",
    "tags" : "myTag1,myTag2",
    "groupTags" : [ {
      "name" : "Servlets",
      "value" : "FileServlet"
    } ]
  },
  "sourceIds" : [ 0 ],
  "targetIds" : [ 0 ],
  "navigationFilter" : {
    "relations" : "contains,uses,update",
    "direction" : "out",
    "depth" : 2
  },
  "pagination" : {
    "page" : 1,
    "count" : 500,
    "total" : 5654
  }
}
Example HTTP response
Response 200
{
  "pagination" : {
    "page" : 1,
    "count" : 500,
    "total" : 5654
  },
  "data" : [ {
    "id" : 23,
    "dn" : "app=myApp,class=com.myCompany.myApp.file.CSRFServlet",
    "name" : "com.myCompany.myApp.CSRFServlet",
    "type" : "class",
    "language" : "java",
    "tags" : "Security,CSRF",
    "grouptags" : "{'Servlet': 'FileServlet'}",
    "artifacts" : "{0}/src/main/java/com/myCompany/myApp/CSRFServlet",
    "analyzed" : true,
    "loc" : 210.0,
    "quality" : 0.0,
    "dupCode" : 0.0,
    "ccn" : 15.0,
    "effort" : 0.0,
    "groupedCount" : 1,
    "other" : "{ 'componentType': 'class', 'j2eeType': 'class', 'description': 'class java' }"
  } ],
  "analysisImpactCode" : "0143dde8-3d81-44ac-ab77-fb5132c0f3b0"
}

Get sub graph of analysis impact

POST /arch/impact/subGraph
Description

Get sub graph of analysis impact in analysis for a concrete analysis specified by analysisCode parameter or application name specified in applicationName parameter by source id and target id.

Parameters
Type Name Description Model

Body

body
required

Get sub graph of analysis impact

Responses
HTTP Code Description Model

200

Successful retrieval of analysis inpact sub graph

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

Produces
  • application/json

Example HTTP request
Request path
/arch/impact/subGraph
Request body
{
  "applicationName" : "myApp",
  "analysisCode" : "A-7e3-16dc9e29131",
  "sourceId" : 5463,
  "targetId" : 5467,
  "navigationFilter" : {
    "relations" : "contains,uses,update",
    "direction" : "out",
    "depth" : 2
  }
}
Example HTTP response
Response 200
{
  "components" : [ {
    "id" : 23,
    "dn" : "app=myApp,class=com.myCompany.myApp.file.CSRFServlet",
    "name" : "com.myCompany.myApp.CSRFServlet",
    "type" : "class",
    "language" : "java",
    "tags" : "Security,CSRF",
    "grouptags" : "{'Servlet': 'FileServlet'}",
    "artifacts" : "{0}/src/main/java/com/myCompany/myApp/CSRFServlet",
    "analyzed" : true,
    "loc" : 210.0,
    "quality" : 0.0,
    "dupCode" : 0.0,
    "ccn" : 15.0,
    "effort" : 0.0,
    "groupedCount" : 1,
    "other" : "{ 'componentType': 'class', 'j2eeType': 'class', 'description': 'class java' }"
  } ],
  "relations" : [ {
    "source" : 5473,
    "target" : 5468,
    "type" : "uses"
  } ]
}

Get list of components by filter and pagination

POST /arch/list
Description

List components in analysis for a concrete analysis specified by analysisCode parameter or application name specified in applicationName parameter by filter and pagination.

Parameters
Type Name Description Model

Body

body
required

List components request

Responses
HTTP Code Description Model

200

Successful retrieval of components list

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

Produces
  • application/json

Example HTTP request
Request path
/arch/list
Request body
{
  "applicationName" : "myApp",
  "analysisCode" : "A-7e3-16dc9e29131",
  "pagination" : {
    "page" : 1,
    "count" : 500,
    "total" : 5654
  },
  "filter" : {
    "contains" : "custom.js",
    "notContains" : "testFactory",
    "languages" : "java,javascript",
    "types" : "program,element,map,class",
    "analyzed" : true,
    "fileName" : "custom.js",
    "tags" : "myTag1,myTag2",
    "groupTags" : [ {
      "name" : "Servlets",
      "value" : "FileServlet"
    } ]
  }
}
Example HTTP response
Response 200
{
  "pagination" : {
    "page" : 1,
    "count" : 500,
    "total" : 5654
  },
  "data" : [ {
    "id" : 23,
    "dn" : "app=myApp,class=com.myCompany.myApp.file.CSRFServlet",
    "name" : "com.myCompany.myApp.CSRFServlet",
    "type" : "class",
    "language" : "java",
    "tags" : "Security,CSRF",
    "grouptags" : "{'Servlet': 'FileServlet'}",
    "artifacts" : "{0}/src/main/java/com/myCompany/myApp/CSRFServlet",
    "analyzed" : true,
    "loc" : 210.0,
    "quality" : 0.0,
    "dupCode" : 0.0,
    "ccn" : 15.0,
    "effort" : 0.0,
    "groupedCount" : 1,
    "other" : "{ 'componentType': 'class', 'j2eeType': 'class', 'description': 'class java' }"
  } ]
}

Audit

Get audit result

GET /auditResult
Description

Get an audit result with defects count by priority

Parameters
Type Name Description Model

Query

deliveryCode
required

Delivery code

string

Responses
HTTP Code Description Model

200

Successful retrieval of audit result

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/auditResult?deliveryCode=A-7e3-16e5b1aad2a
Example HTTP response
Response 200
{
  "analysisCode" : "A-7e3-16e5b1aad2a",
  "passAudit" : false,
  "label" : "cr_21.11.2019",
  "creationTimestamp" : "2019-11-21T12:51:40Z",
  "metrics" : "{'com.optimyth.CQM.defectsByPriority.Priority 2': 2,'com.optimyth.CQM.defectsByPriority.Priority 3': 1}"
}

Get audit result defects

GET /auditResult/defects
Description

Get defects of an audit result

Parameters
Type Name Description Model

Query

asc
optional

Sort ascending: true/false

enum (true, false)

Query

characteristics
optional

Comma-separated list of characteristics to filter by

enum (Efficiency, Maintainability, Portability, Reliability, Security)

Query

deliveryCode
required

Delivery code

string

Query

fileContains
optional

Use this param to filter defects by file name

string

Query

languages
optional

Comma-separated list of languages to filter by

string

Query

limit
optional

Max number of defects returned

integer (int32)

Query

orderBy
optional

Sorting criteria: priority/effort

enum (priority, effort)

Query

priorities
optional

Comma-separated list of priorities(Very low, Low, Normal, High, Very high) to filter by

enum (Very low, Low, Normal, High, Very high)

Responses
HTTP Code Description Model

200

Successful retrieval of audit result defects

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/auditResult/defects?deliveryCode=A-7e3-16e5b1aad2a&asc=true&characteristics=Security%2C+Efficiency&fileContains=FileSystemRepository.java&languages=java%2C+php&limit=100&orderBy=priority&priorities=Very+high%2C+High
Example HTTP response
Response 200
[ {
  "defectId" : 16558118,
  "file" : "FileSystemRepository.java",
  "line" : 368,
  "code" : "\t\t\tout.println(sql);",
  "muted" : false,
  "vulnerabilityType" : "Injection",
  "explanation" : "Reflected XSS: user_input",
  "status" : "None",
  "cweId" : 79,
  "ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
  "rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
  "language" : "java",
  "characteristic" : "Security",
  "priority" : "Very High",
  "effort" : "30m",
  "modelId" : 6252,
  "securityDetail" : {
    "cweId" : 79,
    "category" : "xss",
    "resource" : "web",
    "container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
    "injectionPoint" : "string",
    "variableDeclaration" : "String sql",
    "sourceFile" : "FileSystemRepository.java",
    "sourceLine" : 70,
    "sourceCode" : "\t\t\tString val = request.getParameter(item);",
    "sourceCategory" : "user_input",
    "sourceResource" : "web",
    "sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
    "sourceInjectionPoint" : "string",
    "frames" : [ {
      "index" : 0,
      "file" : "FileSystemRepository.java",
      "lineNumber" : 32,
      "lineText" : "\t\t\tString val = request.getParameter(item);",
      "category" : "user_input",
      "resource" : "web",
      "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
      "injectionPoint" : "string",
      "variableDeclaration" : "string"
    } ],
    "datapaths" : [ {
      "index" : 1,
      "kind" : "sink",
      "varname" : "user",
      "lineNumber" : 32,
      "lineText" : "\t\t\tString val = request.getParameter(item);",
      "indirect" : true,
      "file" : "FileSystemRepository.java",
      "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
      "localId" : 1,
      "localParentId" : 1
    } ]
  }
} ]

Get list of files

GET /audits/checkpoints/violatedrules/files
Description

List files with a violated rule of an audit

Parameters
Type Name Description Model

Query

application
required

Application name

string

Query

checkpoint
required

Checkpoint id

string

Query

deliveryCode
required

Delivery code

string

Query

ruleCode
required

Rule code

string

Responses
HTTP Code Description Model

200

Successful retrieval of files list

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/audits/checkpoints/violatedrules/files?application=myApp&checkpoint=3452&deliveryCode=A-7e3-16e5b1aad2a&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule
Example HTTP response
Response 200
[ {
  "file" : "src/main/java/com/myCompany/myApp/CSRFServlet.java",
  "defectsCount" : 1,
  "defects" : {
    "href" : "https://api.kiuwan.com/audits/checkpoints/violatedrules/files/defects?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&checkpoint=3452&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java"
  }
} ]

Get list of defects of file

GET /audits/checkpoints/violatedrules/files/defects
Description

List defects in a file

Parameters
Type Name Description Model

Query

application
required

Application name

string

Query

checkpoint
required

Checkpoint id

string

Query

deliveryCode
required

Delivery code

string

Query

file
required

File name

string

Query

ruleCode
required

Rule code

string

Responses
HTTP Code Description Model

200

Successful retrieval of defects line list

< DefectLineResponse > array

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/audits/checkpoints/violatedrules/files/defects?application=myApp&checkpoint=3452&deliveryCode=A-7e3-16e5b1aad2a&file=FileSystemRepository.java&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule
Example HTTP response
Response 200
[ {
  "code" : "\\t\\t\\te.printStackTrace();",
  "line" : 101,
  "muted" : true
} ]

Get audit result PDF report

GET /audits/result/export
Description

Obtains an audit report of the specified delivery in PDF format. It is necessary an analysis code or an application name and change request

Parameters
Type Name Description Model

Query

application
optional

Application name

string

Query

changeRequest
optional

Change request

string

Query

code
optional

Analysis code

string

Query

deliveryLabel
optional

Delivery label

string

Responses
HTTP Code Description Model

200

Successful retrieval of an audit result report

file

400

Invalid parameter

No Content

403

Access denied

No Content

404

Resource not found

No Content

500

Internal server error

No Content

Produces
  • application/pdf

  • application/json

Example HTTP request
Request path
/audits/result/export?application=myApp&changeRequest=CR_11.01.2020&code=A-7e3-16e5b1aad2a&deliveryLabel=delivery_11.01.2020

Defect

Create suppresion rule for a defect

POST /defect/{defectId}/mute
Description

Create a suppression rule for this defect.

Parameters
Type Name Description Model

Path

defectId
required

Defect identifier

integer (int64)

Query

comment
optional

Mute comment

string

Query

why
optional

Mute reason

enum (NONE, FALSE_POSITIVE, TOO_MANY_DEFECTS, GENERATED_CODE, TOO_COMPLEX_CODE, OTHER)

Responses
HTTP Code Description Model

200

Successfully created a suppression rule

No Content

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/defect/17375778/mute?comment=Muted+this+defect+because+it+is+generated+code&why=GENERATED_CODE

Get defect notes

GET /defect/{defectId}/notes
Description

Obtains the list of notes associated to this defect.

Parameters
Type Name Description Model

Path

defectId
required

Defect identifier

integer (int64)

Responses
HTTP Code Description Model

200

Successful retrieval of a defect notes list

< DefectNoteResponse > array

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/defect/17375778/notes
Example HTTP response
Response 200
[ {
  "date" : "2019/05/02 14:26",
  "user" : "John Smith",
  "text" : "To review by security experts"
} ]

Update the status of a defect

POST /defect/{defectId}/status
Description

Update status of this defect and add a note, possible status are (NONE, TO_REVIEW, REVIEWED)

Parameters
Type Name Description Model

Path

defectId
required

Defect identifier

integer (int64)

Query

note
optional

Note detail

string

Query

status
required

Defect status

enum (NONE, TO_REVIEW, REVIEWED)

Responses
HTTP Code Description Model

200

Successfully updated defect status

No Content

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/defect/17375778/status?status=TO_REVIEW&note=To+review+by+security+experts

Get violated rules of an analysis

GET /violatedrules
Description

Obtains the list of violated rules of an analysis for the authenticated user.

Parameters
Type Name Description Model

Query

analysisCode
optional

Analysis code

string

Query

application
required

Application name

string

Query

characteristic
optional

CQM characteristic

enum (Efficiency, Maintainability, Portability, Reliability, Security)

Query

language
optional

CQM technology

string

Query

onlyCodeSecurity
optional

Only Code Security rules

enum (true, false)

Query

priority
optional

Rule priority

enum (Very low, Low, Normal, High, Very high)

Query

tag
optional

Rule tag

string

Query

vulnerabilityType
optional

Vulnerability type

enum ('Permissions, privileges and access controls', 'Injection', 'Error handling and fault isolation', 'Other', 'Encryption and randomness', 'Misconfiguration', 'Design error', 'Initialization and shutdown', 'Control flow management', 'File handling', 'Number handling', 'System element isolation', 'Buffer handling', 'Information leaks', 'Pointer and reference handling')

Responses
HTTP Code Description Model

200

Successful retrieval of violated rules list

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/violatedrules?application=myApp&analysisCode=A-7e3-16e5b1aad2a&characteristic=Security&language=java&onlyCodeSecurity=true&priority=Very+high&tag=hardcoded-path&vulnerabilityType=Injection
Example HTTP response
Response 200
[ {
  "ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
  "modelId" : 6252,
  "defectsCount" : 72,
  "suppressedDefectsCount" : 0,
  "filesCount" : 11,
  "effort" : "36h 00",
  "characteristic" : "Security",
  "vulnerabilityType" : "Injection",
  "tags" : "[CERT-J:IDS51-J,CWE:79,CWEScope:Access-Control,CWEScope:Availability,CWEScope:Confidentiality,CWEScope:Integrity,essential,OWASP:2013:A3,OWASP:2017:A7,OWASP-M:2014:M7,PCI-DSS:6.5.7,SANS25:2010:1,SANS25:2011:4,WASC:08]",
  "priority" : "Very High",
  "language" : "Java",
  "files" : {
    "href" : "https://api.kiuwan.com/audits/checkpoints/violatedrules/files/defects?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&checkpoint=3452&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java"
  }
} ]

Get files of a violated rule

GET /violatedrules/files
Description

Obtains the list of files where the violated rule affects.

Parameters
Type Name Description Model

Query

analysisCode
required

Analysis code

string

Query

application
required

Application name

string

Query

ruleCode
required

Rule code

string

Responses
HTTP Code Description Model

200

Successful retrieval of files with defects

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/violatedrules/files?analysisCode=A-7e3-16e5b1aad2a&application=myApp&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule
Example HTTP response
Response 200
[ {
  "file" : "src/main/java/com/myCompany/myApp/CSRFServlet.java",
  "defectsCount" : 1,
  "defects" : {
    "href" : "https://api.kiuwan.com/audits/checkpoints/violatedrules/files/defects?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&checkpoint=3452&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java"
  }
} ]

Get defects of file

GET /violatedrules/files/defects
Description

Obtains the list of defects in a file for a concrete violated rule.

Parameters
Type Name Description Model

Query

analysisCode
required

Analysis code

string

Query

application
required

Application name

string

Query

file
required

File name including path

string

Query

ruleCode
required

Rule code

string

Responses
HTTP Code Description Model

200

Successful retrieval of defect lines

< DefectLineResponse > array

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/violatedrules/files/defects?analysisCode=A-7e3-16e5b1aad2a&application=myApp&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule
Example HTTP response
Response 200
[ {
  "code" : "\\t\\t\\te.printStackTrace();",
  "line" : 101,
  "muted" : true
} ]

Delivery

Get deliveries of an application

GET /applications/deliveries
Description

Obtains the deliveries indicating the name of the application.

Parameters
Type Name Description Model Default

Query

application
required

Application name

string

Query

auditSuccess
optional

Set to true or false to retrieve only succeeded or failed audit delivery, respectively

enum (true, false)

Query

changeRequestFilter
optional

To filter deliveries by changeRequest

string

Query

count
optional

Limit results

integer

Query

filterPurgedAnalyses
optional

Set to true to not retrieve purged analyses

enum (true, false)

"true"

Query

maxdays
optional

Max number of days old of deliveries returned

integer (int32)

Query

page
optional

Number of results page (defaults to 1)

integer

1

Responses
HTTP Code Description Model

200

Successful retrieval of deliveries list

< AnalysisResponse > array

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/applications/deliveries?application=myApp&auditSuccess=true&changeRequestFilter=CR_21.11.1019&count=500&filterPurgedAnalyses=true&maxdays=30&page=1
Example HTTP response
Response 200
[ {
  "code" : "A-7e3-16dc9e29131",
  "label" : "14.10.2019_1",
  "creationDate" : "2019-10-14T15:15:15Z",
  "qualityModel" : "CQM",
  "modelId" : "string",
  "encoding" : "UTF-8",
  "invoker" : "github software",
  "status" : "RUNNING",
  "errorCode" : "string",
  "unparsedFiles" : [ {
    "file" : "FileSystemSQL.java",
    "cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1.  Encountered: ALTER"
  } ],
  "analysisScope" : "Baseline",
  "changeRequest" : "CR_14-10-2019_1",
  "changeRequestStatus" : "Resolved",
  "branchName" : "master",
  "auditResult" : "FAIL",
  "analysisBusinessValue" : "CRITICAL",
  "analysisProvider" : "Lab",
  "analysisPortfolios" : "{ 'country': 'spain' }",
  "metrics" : "{'com.optimyth.CQM.defectsByPriority.Priority 1': 163,'com.optimyth.CQM.defectsByPriority.Priority 2': 201,'com.optimyth.CQM.defectsByPriority.Priority 3': 159,'com.optimyth.CQM.defectsByPriority.Priority 4': 17,'com.optimyth.CQM.defectsByPriority.Priority 5': 41}"
} ]

Get information of a delivery by code

GET /deliveries/{code}
Description

Obtains the information of delivery indicating the code of the delivery.

Parameters
Type Name Description Model

Path

code
required

Delivery code

string

Responses
HTTP Code Description Model

200

Successful retrieval of delivery information

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/deliveries/A-7e3-16e5b1aad2a
Example HTTP response
Response 200
{
  "name" : "android",
  "description" : "GitHub Android App",
  "auditName" : "Kiuwan default audit",
  "applicationBusinessValue" : "CRITICAL",
  "applicationProvider" : "Lab",
  "applicationPortfolios" : "{ 'country': 'spain' }",
  "label" : "14.10.2019_1",
  "date" : "2019-10-14T15:15:15Z",
  "modelId" : 6252,
  "encoding" : "UTF-8",
  "analysisCode" : "A-ZBA-234820349",
  "analysisURL" : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349",
  "auditResultURL" : "string",
  "analysisBusinessValue" : "CRITICAL",
  "analysisProvider" : "Lab",
  "analysisPortfolios" : "{ 'country': 'spain' }",
  "analysisStatus" : "FINISHED",
  "languages" : [ {
    "name" : "metric name",
    "size" : 4013
  } ],
  "architecture" : {
    "languages" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "types" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "relations" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "tags" : "tag1",
    "groupTags" : "group1"
  },
  "insightsData" : {
    "components" : 29,
    "vulnerabilities" : 15,
    "licenses" : 8,
    "duplicates" : 8,
    "risks" : [ {
      "name" : "string",
      "risk" : {
        "string" : 0
      }
    } ]
  },
  "analysisScope" : "Complete delivery",
  "changeRequest" : "CR_13.01.2020",
  "changeRequestStatus" : "Resolved",
  "branchName" : "master",
  "baselineAnalysisCode" : "A-7e3-16dc9e29131",
  "deliveryFiles" : {
    "count" : 132
  },
  "deliveryDefects" : {
    "newDefects" : 3,
    "removedDefects" : 0,
    "defects" : 582
  },
  "auditResult" : {
    "auditName" : "Kiuwan default audit",
    "description" : "Default audit provided by Kiuwan. Checks if there are new defects. The audit will not pass if there are any.",
    "approvalThreshold" : 50.0,
    "overallResult" : "FAIL",
    "score" : 0.0,
    "checkpointResults" : [ {
      "checkpoint" : "1",
      "result" : "FAIL",
      "name" : "No new defects",
      "description" : "If a new defect is detected, the checkpoint will not pass.",
      "weight" : 1,
      "mandatory" : true,
      "type" : "Threshold for maximum new defects",
      "score" : 0.0,
      "violatedRules" : [ {
        "ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
        "modelId" : 6252,
        "defectsCount" : 72,
        "suppressedDefectsCount" : 0,
        "filesCount" : 11,
        "effort" : "36h 00",
        "characteristic" : "Security",
        "vulnerabilityType" : "Injection",
        "tags" : "[CERT-J:IDS51-J,CWE:79,CWEScope:Access-Control,CWEScope:Availability,CWEScope:Confidentiality,CWEScope:Integrity,essential,OWASP:2013:A3,OWASP:2017:A7,OWASP-M:2014:M7,PCI-DSS:6.5.7,SANS25:2010:1,SANS25:2011:4,WASC:08]",
        "priority" : "Very High",
        "language" : "Java",
        "files" : {
          "href" : "https://api.kiuwan.com/audits/checkpoints/violatedrules/files/defects?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&checkpoint=3452&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java"
        }
      } ]
    } ]
  },
  "quality_model" : "CQM",
  "ordered_by" : "github software",
  "Risk index" : {
    "name" : "metric name",
    "size" : 4013
  },
  "Quality indicator" : {
    "name" : "metric name",
    "size" : 4013
  },
  "Effort to target" : {
    "name" : "metric name",
    "size" : 4013
  },
  "Main metrics" : [ {
    "name" : "metric name",
    "size" : 4013
  } ],
  "Security" : "{ 'Rating': 1, {'3Stars':104.6,'5Stars':255.9,'2Stars':64.89,'4Stars':247.4}"
}

Documentation

Get rule’s documentation

GET /doc/rule
Description

Obtains the documentation of a rule.

Parameters
Type Name Description Model

Query

application
required

Application name

string

Query

code
required

Rule code

string

Query

modelId
required

Model id

string

Responses
HTTP Code Description Model

200

Successful retrieval of rule documentation

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/doc/rule?application=myApp&code=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule&modelId=4525
Example HTTP response
Response 200
{
  "description" : "Software places user-controlled input in page content. An attacker could inject browser script code that is executed\nin the client browser. The end-user is the attacked subject, and the software is the vehicle for the attack.\nThere are two main kinds of XSS:\n\n* Reflected XSS: Attacker causes victim to supply malicious content to a vulnerable web application, which\n  renders HTML content embedding a malicious script executed in victim's browser. A variation of this is named\n  DOM-based XSS, where the vulnerable software does not generate content depending on user input but include\n  script code that use user-controlled input.\n\n* Persisted XSS: Attacker provides malicious content to vulnerable application. When other user access to\n  vulnerable pages that embed without proper neutralization the attacker content, script code is executed in the\n  victim's browser.\n\nThe script executed in the victim's browser could perform malicious activities.\n\nMany browsers could limit the damage via security restrictions (e.g. 'same origin policy'), but user browsers\ngenerally allow scripting languages (e.g. JavaScript) in their browsers (disabling JavaScript severely limits\na web site).",
  "code" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
  "references" : "http://cwe.mitre.org/data/definitions/79.html,https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet,https://www.google.es/about/appsecurity/learning/xss/,https://www.securecoding.cert.org/confluence/display/java/IDS51-J.+Properly+encode+or+escape+output",
  "benefits" : "string",
  "drawbacks" : "string",
  "violationCode" : "import javax.servlet.http.HttpServletRequest;\nimport javax.servlet.http.HttpServletResponse;\nimport java.io.IOException;\nimport java.io.PrintWriter;\n\npublic class CrossSiteScriptingCode {\n  public void directXSS(HttpServletRequest req, HttpServletResponse res) throws IOException {\n    PrintWriter w = res.getWriter();\n    w.println( req.getParameter(\\\"input\\\") ); // VIOLATION\n  }\n}",
  "fixedCode" : "import javax.servlet.http.HttpServletRequest;\nimport javax.servlet.http.HttpServletResponse;\nimport java.io.IOException;\nimport java.io.PrintWriter;\nimport org.owasp.html.*;\n\npublic class CrossSiteScriptingCode {\n  public void directXSS(HttpServletRequest req, HttpServletResponse res) throws IOException {\n    PrintWriter w = res.getWriter();\n    // OWASP Java HTML Sanitizer (upgrade to r88 or later)\n    // Use your own security library if needed\n    PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);\n    String safeHTML = policy.sanitize( req.getParameter(\\\"input\\\") );\n    w.println(safeHTML); // OK\n  }\n}",
  "tags" : "['CWEScope:Access-Control','CWEScope:Availability','CWEScope:Confidentiality','CWEScope:Integrity','essential']",
  "normatives" : "['CERT-J:IDS51-J','CWE:79','OWASP:2013:A3','OWASP:2017:A7','OWASP-M:2014:M7','PCI-DSS:6.5.7','SANS25:2010:1','SANS25:2011:4','WASC:08']"
}

GlobalStats

Get the user information

GET /stats
Description

Obtains the user’s global information about locs, files and analysis as JSON.

Responses
HTTP Code Description Model

200

Successful retrieval of global information

403

Access denied

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/stats
Example HTTP response
Response 200
[ {
  "name" : "analysis",
  "value" : 3806.0
} ]

Information

Get user info

GET /info
Description

Obtains the user’s information

Responses
HTTP Code Description Model

200

Successful retrieval of user’s information

403

Access denied

No Content

404

Resource not found

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/info
Example HTTP response
Response 200
{
  "username" : "John Smith",
  "organization" : "MyCompany"
}

Insights

Get list of components

GET /insights/analysis/components
Description

List components in analysis for an application name specified in application parameter and a concrete analysis specified by analysisCode parameter.

Parameters
Type Name Description Model

Query

analysisCode
required

Analysis code

string

Query

application
required

Application name

string

Responses
HTTP Code Description Model

200

Successful retrieval of insight components list

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/insights/analysis/components?analysisCode=A-7e3-16e5b1aad2a&application=myApp
Example HTTP response
Response 200
{
  "data" : [ {
    "id" : 178,
    "artifact" : "org.springframework:spring-aop",
    "version" : "3.2.13.RELEASE",
    "filename" : "spring-aop-3.2.13.RELEASE.jar",
    "language" : "java",
    "obsolescenceRisk" : "medium",
    "licenseRisk" : "unknown",
    "securityRisk" : "high",
    "sources" : [ {
      "path" : "pom.xml",
      "artifact" : "org.springframework:spring-context",
      "version" : "3.2.13.RELEASE",
      "child" : [ {
        "repository" : "MAVEN",
        "artifact" : "org.springframework:spring-aop",
        "version" : "3.2.13.RELEASE",
        "child" : [ {
          "repository" : "MAVEN",
          "artifact" : "org.springframework:spring-aop",
          "version" : "3.2.13.RELEASE",
          "child" : [ "..." ]
        } ]
      } ]
    } ],
    "vulnerabilities" : [ {
      "id" : 108742,
      "cve" : "CVE-2018-11039",
      "cwe" : "CWE-20",
      "description" : "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.",
      "severity" : "Low"
    } ]
  } ]
}

Get list of licenses

GET /insights/analysis/licenses
Description

List licenses in analysis for an application name specified in application parameter and a concrete analysis specified by analysisCode parameter.

Parameters
Type Name Description Model

Query

analysisCode
required

Analysis code

string

Query

application
required

Application name

string

Responses
HTTP Code Description Model

200

Successful retrieval of insight licenses detail list

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/insights/analysis/licenses?analysisCode=A-7e3-16e5b1aad2a&application=myApp
Example HTTP response
Response 200
{
  "data" : [ {
    "id" : 23,
    "license" : "Apache License 2.0",
    "component" : "8",
    "spdxCode" : "Apache-2.0",
    "type" : "Permissive",
    "url" : "https://spdx.org/licenses/Apache-2.0.html",
    "risk" : "none",
    "permissions" : "[\"COMMERCIAL\",\"MODIFY\",\"DISTRIBUTE\",\"SUBLICENSE\",\"PRIVATE\",\"USE_PATENT_CLAIMS\",\"PLACE_WARRANTY\"]",
    "limitations" : "[\"HOLD_LIABLE\",\"USE_TRADEMARK\"]",
    "conditions" : "[\"INCL_COPYRIGHT\",\"INCL_LICENSE\",\"STATE_CHANGES\",\"INCLUDE_NOTICE\"]",
    "components" : [ {
      "id" : 357,
      "artifact" : "org.springframework:spring-core",
      "version" : "3.2.13.RELEASE",
      "description" : "Spring Core"
    } ]
  } ]
}

Get list of obsolescences

GET /insights/analysis/obsolescence
Description

List obsolescences in analysis for an application name specified in application parameter and a concrete analysis specified by analysisCode parameter.

Parameters
Type Name Description Model

Query

analysisCode
required

Analysis code

string

Query

application
required

Application name

string

Responses
HTTP Code Description Model

200

Successful retrieval of insight obsolescence detail list

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/insights/analysis/obsolescence?analysisCode=A-7e3-16e5b1aad2a&application=myApp
Example HTTP response
Response 200
{
  "data" : [ {
    "component" : "commons-logging:commons-logging",
    "language" : "java",
    "usedVersion" : "1.1.3",
    "dateUsed" : "2013/05/16",
    "lastVersion" : "1.2",
    "dateLast" : "2014/07/05",
    "release" : "1",
    "outOfDate" : "1y 50d",
    "timeInactivity" : "5y 194d",
    "obsolescenceRisk" : "3.33",
    "risk" : "Medium",
    "description" : "Commons Logging is a thin adapter allowing configurable bridging to other,\n    well known logging systems."
  } ]
}

Get insight security detail list

GET /insights/analysis/security
Description

List security in analysis for an application name specified in application parameter and a concrete analysis specified by analysisCode parameter.

Parameters
Type Name Description Model

Query

analysisCode
required

Analysis code

string

Query

application
required

Application name

string

Responses
HTTP Code Description Model

200

Successful retrieval of insight security detail list

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/insights/analysis/security?analysisCode=A-7e3-16e5b1aad2a&application=myApp
Example HTTP response
Response 200
{
  "data" : [ {
    "id" : 86896,
    "cve" : "CVE-2016-5007",
    "cwe" : "CWE-264",
    "lastModified" : "2017/05/25 19:29",
    "exploitabilitySubscore" : "10",
    "impactSubscore" : "2.9",
    "getcVSSv2BaseScore" : "5",
    "securityRisk" : "MEDIUM",
    "description" : "Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.",
    "components" : [ {
      "id" : 357,
      "artifact" : "org.springframework:spring-core",
      "version" : "3.2.13.RELEASE",
      "description" : "Spring Core"
    } ]
  } ]
}

Get PDF report of insight

GET /insights/analysis/summary/export
Description

Obtains an insight report for an application name specified in application parameter and a concrete analysis specified by analysisCode parameter.

Parameters
Type Name Description Model

Query

analysisCode
required

Analysis code

string

Query

application
required

Application name

string

Responses
HTTP Code Description Model

200

Successful retrieval of of report

file

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/pdf

  • application/json

Example HTTP request
Request path
/insights/analysis/summary/export?analysisCode=A-7e3-16e5b1aad2a&application=myApp

Languages

Get languages

GET /languages
Description

Obtains a map of languages specifying the language code and the language name

Responses
HTTP Code Description Model

200

Successfully retrieval of languages map

< string, string > map

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/languages
Example HTTP response
Response 200
"object"

Management

Create application

POST /applications
Description

Creates a new application in your account.

Parameters
Type Name Description Model

Body

body
required

the application to create

Responses
HTTP Code Description Model

200

Successfully created application

No Content

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

Produces
  • application/json

Example HTTP request
Request path
/applications
Request body
{
  "name" : "myApp",
  "model" : "CQM",
  "description" : "GitHub Android App",
  "portfolios" : [ {
    "portfolioName" : "country",
    "portfolioValue" : "spain"
  } ],
  "targets" : {
    "string" : 0.0
  },
  "newName" : "myNewApp",
  "businessValue" : "CRITICAL",
  "provider" : "Lab",
  "modelId" : 1243,
  "newModelId" : 1345
}

Update application with query parameter

PUT /applications
Description

Modifies the information of an application in your account.

Parameters
Type Name Description Model

Body

body
required

the application to modify

Responses
HTTP Code Description Model

200

Successfully modified application

No Content

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

Produces
  • application/json

Example HTTP request
Request path
/applications
Request body
{
  "name" : "myApp",
  "model" : "CQM",
  "description" : "GitHub Android App",
  "portfolios" : [ {
    "portfolioName" : "country",
    "portfolioValue" : "spain"
  } ],
  "targets" : {
    "string" : 0.0
  },
  "newName" : "myNewApp",
  "businessValue" : "CRITICAL",
  "provider" : "Lab",
  "modelId" : 1243,
  "newModelId" : 1345
}

Delete application

DELETE /applications
Description

Deletes an application of your account.

Parameters
Type Name Description Model

Query

application
required

Application name

string

Responses
HTTP Code Description Model

200

Successfully deleted application

No Content

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/applications?application=myApp

Update application

PUT /applications/{application}
Description

Modifies the information of an application in your account.

Parameters
Type Name Description Model

Path

application
required

Application name

string

Body

body
required

the application to modify

Responses
HTTP Code Description Model

200

Successfully updated application

No Content

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

Produces
  • application/json

Example HTTP request
Request path
/applications/myApp
Request body
{
  "name" : "myApp",
  "model" : "CQM",
  "description" : "GitHub Android App",
  "portfolios" : [ {
    "portfolioName" : "country",
    "portfolioValue" : "spain"
  } ],
  "targets" : {
    "string" : 0.0
  },
  "newName" : "myNewApp",
  "businessValue" : "CRITICAL",
  "provider" : "Lab",
  "modelId" : 1243,
  "newModelId" : 1345
}

Get users roles for application

GET /applications/{application}/users/roles
Description

Get users roles for application. Use 'username' and 'exactUsername' to filter results.

Parameters
Type Name Description Model

Path

application
required

Application name

string

Query

exactUsername
optional

Indicates if the username must be equals (ignore case). Only apply if username is provided

boolean

Query

username
optional

'username' mask to filter results

string

Responses
HTTP Code Description Model

200

Successful retrieval users application roles

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/applications/myApp/users/roles?exactUsername=true&username=john.smith%40myCompany.com
Example HTTP response
Response 200
{
  "username" : "username",
  "roleName" : "None",
  "override" : true
}

Portfolio

Create or update portfolio definitions

POST /portfolios
Description

Creates or update portfolio definitions for an account.

Parameters
Type Name Description Model

Body

body
required

Portfolio to be saved

Responses
HTTP Code Description Model

200

Successfully created or updated portfolio definition

No Content

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

Produces
  • application/json

Example HTTP request
Request path
/portfolios
Request body
{
  "name" : "provider",
  "description" : "List of company providers",
  "isSystemPortfolio" : true,
  "values" : "['Lab', 'Factory']"
}

Get portfolio definitions

GET /portfolios
Description

Obtains the portfolio definitions of an account.

Responses
HTTP Code Description Model

200

Successful retrieval of portfolio definitions list

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/portfolios
Example HTTP response
Response 200
[ {
  "name" : "provider",
  "description" : "List of company providers",
  "isSystemPortfolio" : true,
  "values" : "['Lab', 'Factory']"
} ]

Get users roles by portfolio

GET /portfolios/{portfolio}/users/roles
Description

List the users roles for the portfolio. Use 'username', 'exactUsername', 'portfolioValue' and 'exactPortfolioValue' to filter results.

Parameters
Type Name Description Model

Path

portfolio
required

Portfolio name

string

Query

exactPortfolioValue
optional

Indicates if the portfolioValue must be equals (ignore case). Only apply if portfolioValue is provided

boolean

Query

exactUsername
optional

Indicates if the username must be equals (ignore case). Only apply if username is provided

boolean

Query

portfolioValue
optional

'portfolioValue' mask to filter results

string

Query

username
optional

'username' mask to filter results

string

Responses
HTTP Code Description Model

200

Successful retrieval portfolio users roles

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/portfolios/businessValue/users/roles?exactPortfolioValue=true&exactUsername=true&portfolioValue=high&username=username
Example HTTP response
Response 200
[ {
  "type" : "CUSTOM",
  "username" : "username",
  "portfolioValue" : "Asia",
  "roleName" : "Write"
} ]

Get list of portfolio values by portfolio name

GET /portfolios/{portfolio}/values/list
Description

List all portfolio values asociated to portfolio name. This endpoint return an error code 15 if the portfolio name not exists, in other case, it return the list of portfolio values.

Parameters
Type Name Description Model

Path

portfolio
required

Portfolio name

string

Responses
HTTP Code Description Model

200

Successful retrieval list of portfolio value for this portfolio name

< string > array

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/portfolios/businessValue/values/list
Example HTTP response
Response 200
[ "string" ]

Get if portfolio and portfolio value exists

GET /portfolios/{portfolio}/{value}/exists
Description

Check if portfolio and portfolio value exists. This endpoint return an error code 15 if the portfolio name not exists and return true if exists the pair protfolio name and value and false if exists portfolio name but not exists the portfolio value for this portfolio name.

Parameters
Type Name Description Model

Path

portfolio
required

Portfolio name

string

Path

value
required

Portfolio value

string

Responses
HTTP Code Description Model

200

Successful retrieval if portfolio name and portfolio value exists

boolean

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/portfolios/businessValue/high/exists
Example HTTP response
Response 200
true

Security

Get permissions for an action

GET /security/permissions/{action}
Description

Returns grant information on the specified action for the authenticated user. Recognized actions: MUTE_DEFECTS, CHANGE_DEFECT_STATUS

Parameters
Type Name Description Model

Path

action
required

Action name

enum (MUTE_DEFECTS, CHANGE_DEFECT_STATUS)

Query

appId
optional

Application identifier

string

Query

application
optional

Application name

string

Responses
HTTP Code Description Model

200

Successful retrieval of grant information

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/security/permissions/MUTE_DEFECTS?appId=234&application=myApp
Example HTTP response
Response 200
{
  "actionCode" : "MUTE_DEFECTS",
  "granted" : true
}

User

Get applications roles by user

GET /user/{username}/applications/roles
Description

List the applications roles for the username. Use 'applicationName' and 'exactApplicationName' to filter results.

Parameters
Type Name Description Model

Path

username
required

User name

string

Query

applicationName
optional

'applicationName' mask to filter results

string

Query

exactApplicationName
optional

Indicates if the applicationName must be equals (ignore case). Only apply if applicationName is provided

boolean

Responses
HTTP Code Description Model

200

Successful retrieval user applications roles

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/user/john.smith%40myCompany.com/applications/roles?applicationName=myApp&exactApplicationName=true
Example HTTP response
Response 200
[ {
  "name" : "ApplicationInJapan",
  "roleName" : "None",
  "override" : true
} ]

Get portfolios roles by user

GET /user/{username}/portfolios/roles
Description

List the portfolios roles for the username. Use 'portfolioName', 'exactPortfolioName', 'portfolioValue' and 'exactPortfolioValue' to filter results.

Parameters
Type Name Description Model

Path

username
required

User name

string

Query

exactPortfolioName
optional

Indicates if the portfolioName must be equals (ignore case). Only apply if portfolioName is provided

boolean

Query

exactPortfolioValue
optional

Indicates if the portfolioValue must be equals (ignore case). Only apply if portfolioValue is provided

boolean

Query

portfolioName
optional

'portfolioName' mask to filter results

string

Query

portfolioValue
optional

'portfolioValue' mask to filter results

string

Responses
HTTP Code Description Model

200

Successful retrieval user portfolios roles

< PortfolioRoleData > array

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/user/john.smith%40myCompany.com/portfolios/roles?exactPortfolioName=true&exactPortfolioValue=true&portfolioName=businessValue&portfolioValue=high
Example HTTP response
Response 200
[ {
  "type" : "CUSTOM",
  "portfolioName" : "Region",
  "portfolioValue" : "Asia",
  "roleName" : "Write"
} ]

Create user

POST /users
Description

Creates a new user in your account.

Parameters
Type Name Description Model

Body

body
required

the user to create

Responses
HTTP Code Description Model

200

Successfully created user

No Content

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

Produces
  • application/json

Example HTTP request
Request path
/users
Request body
{
  "username" : "john.smith@myCompany.com",
  "firstName" : "John",
  "lastName" : "Smith",
  "enabled" : true,
  "email" : "john.smith@myCompany.com",
  "generatePassword" : true,
  "regeneratePassword" : false,
  "enableLoginWithPassword" : true,
  "accessControlConfiguration" : {
    "assignmentMode" : "OVERWRITE",
    "overrideUserGroupConfig" : true,
    "managementFeatures" : "['MANAGE_APPLICATIONS','MANAGE_MODELS']",
    "portfolioRoles" : [ {
      "type" : "CUSTOM",
      "portfolioName" : "Region",
      "portfolioValue" : "Asia",
      "roleName" : "Write"
    } ],
    "applicationRoles" : [ {
      "name" : "ApplicationInJapan",
      "roleName" : "None",
      "override" : true
    } ],
    "businessValueRoles" : [ {
      "type" : "SYSTEM",
      "portfolioValue" : "CRITICAL",
      "roleName" : "Readonly"
    } ],
    "providerRoles" : [ {
      "type" : "SYSTEM",
      "portfolioValue" : "Provider1",
      "roleName" : "Write"
    } ]
  }
}

Get list of users

GET /users
Description

List the users of your account. Use 'username' and 'emailAddress' (logical AND) to filter results.

Parameters
Type Name Description Model

Query

emailAddress
optional

'emailAddress' mask to filter results

string

Query

exactUsername
optional

Indicates if the username must be equals (ignore case). Only apply if username is provided

boolean

Query

username
optional

'username' mask to filter results

string

Responses
HTTP Code Description Model

200

Successful retrieval of users list

< UserDetailResponse > array

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/users?emailAddress=john.smith%40myCompany.com&exactUsername=true&username=john.smith%40myCompany.com
Example HTTP response
Response 200
[ {
  "username" : "john.smith@myCompany.com",
  "firstName" : "John",
  "lastName" : "Smith",
  "enabled" : true,
  "email" : "john.smith@myCompany.com",
  "isOwner" : false,
  "enableLoginWithPassword" : true
} ]

Get list of users and application permissions

GET /users/applications/permissions
Description

List the users of your account with their application permissions. Use 'username' and 'emailAddress' and 'applicationName' (logical AND) to filter results.

Parameters
Type Name Description Model

Query

applicationName
optional

'applicationName' mask to filter results

string

Query

emailAddress
optional

'emailAddress' mask to filter results

string

Query

exactApplicationName
optional

Indicates if the applicationName must be equals (ignore case). Only apply if applicationName is provided

boolean

Query

exactUsername
optional

Indicates if the username must be equals (ignore case). Only apply if username is provided

boolean

Query

username
optional

'username' mask to filter results

string

Responses
HTTP Code Description Model

200

Successful retrieval of users list with their application permissions

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/users/applications/permissions?applicationName=myApp&emailAddress=john.smith%40myCompany.com&exactApplicationName=true&exactUsername=true&username=john.smith%40myCompany.com
Example HTTP response
Response 200
[ {
  "username" : "john.smith@myCompany.com",
  "email" : "john.smith@myCompany.com",
  "firstName" : "John",
  "lastName" : "Smith",
  "managementFeatures" : "['MANAGE_APPLICATIONS','MANAGE_MODELS']",
  "enabled" : true,
  "supportEnabled" : true,
  "overrideUserGroup" : true,
  "manageApplications" : true,
  "manageUsers" : true,
  "manageModels" : true,
  "manageAudits" : true,
  "manageReports" : true,
  "applicationPermissionsData" : [ {
    "applicationName" : "myApp",
    "roleName" : "None",
    "override" : true,
    "deleteActionPlans" : true,
    "deleteAnalysis" : true,
    "deleteDeliveries" : true,
    "executeAnalysis" : true,
    "executeDeliveries" : true,
    "exportActionPlansJira" : true,
    "muteDefects" : true,
    "changeDefectStatus" : true,
    "saveActionPlans" : true,
    "viewApplicationData" : true,
    "viewDeliveries" : true
  } ]
} ]

Update user

PUT /users/{username}
Description

Modifies the information of an user in your account.

Parameters
Type Name Description Model

Path

username
required

User name

string

Body

body
required

the user to update

Responses
HTTP Code Description Model

200

Successfully updated user

No Content

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

Produces
  • application/json

Example HTTP request
Request path
/users/john.smith%40myCompany.com
Request body
{
  "username" : "john.smith@myCompany.com",
  "firstName" : "John",
  "lastName" : "Smith",
  "enabled" : true,
  "email" : "john.smith@myCompany.com",
  "generatePassword" : true,
  "regeneratePassword" : false,
  "enableLoginWithPassword" : true,
  "accessControlConfiguration" : {
    "assignmentMode" : "OVERWRITE",
    "overrideUserGroupConfig" : true,
    "managementFeatures" : "['MANAGE_APPLICATIONS','MANAGE_MODELS']",
    "portfolioRoles" : [ {
      "type" : "CUSTOM",
      "portfolioName" : "Region",
      "portfolioValue" : "Asia",
      "roleName" : "Write"
    } ],
    "applicationRoles" : [ {
      "name" : "ApplicationInJapan",
      "roleName" : "None",
      "override" : true
    } ],
    "businessValueRoles" : [ {
      "type" : "SYSTEM",
      "portfolioValue" : "CRITICAL",
      "roleName" : "Readonly"
    } ],
    "providerRoles" : [ {
      "type" : "SYSTEM",
      "portfolioValue" : "Provider1",
      "roleName" : "Write"
    } ]
  }
}

Delete user

DELETE /users/{username}
Description

Delete a user of your account.

Parameters
Type Name Description Model

Path

username
required

User name

string

Responses
HTTP Code Description Model

200

Successfully deleted user

No Content

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

  • text/plain

Produces
  • application/json

Example HTTP request
Request path
/users/john.smith%40myCompany.com

UserGroup

Create user group

POST /userGroups
Description

Creates a new user group in your account.

Parameters
Type Name Description Model

Body

body
required

The user group to create

Responses
HTTP Code Description Model

200

Successfully created an user group

No Content

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

Produces
  • application/json

Example HTTP request
Request path
/userGroups
Request body
{
  "name" : "CMSDevelopers",
  "newName" : "CMS_Developers",
  "users" : "john.smith@myCompany.com, kelly.smith@myCompany.com",
  "accessControlConfiguration" : {
    "assignmentMode" : "OVERWRITE",
    "overrideUserGroupConfig" : true,
    "managementFeatures" : "['MANAGE_APPLICATIONS','MANAGE_MODELS']",
    "portfolioRoles" : [ {
      "type" : "CUSTOM",
      "portfolioName" : "Region",
      "portfolioValue" : "Asia",
      "roleName" : "Write"
    } ],
    "applicationRoles" : [ {
      "name" : "ApplicationInJapan",
      "roleName" : "None",
      "override" : true
    } ],
    "businessValueRoles" : [ {
      "type" : "SYSTEM",
      "portfolioValue" : "CRITICAL",
      "roleName" : "Readonly"
    } ],
    "providerRoles" : [ {
      "type" : "SYSTEM",
      "portfolioValue" : "Provider1",
      "roleName" : "Write"
    } ]
  }
}

Get list of user groups

GET /userGroups
Description

List the user groups of your account.

Responses
HTTP Code Description Model

200

Successful retrieval of user groups list

< UserGroupResponse > array

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/userGroups
Example HTTP response
Response 200
[ {
  "name" : "CMSDevelopers",
  "users" : "john.smith@myCompany.com, kelly.smith@myCompany.com"
} ]

Update user group

PUT /userGroups/{name}
Description

Modifies the information of an user group in your account.

Parameters
Type Name Description Model

Path

name
required

User group name

string

Body

body
required

The user group to modify

Responses
HTTP Code Description Model

200

Successfully modified an user group

No Content

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

Produces
  • application/json

Example HTTP request
Request path
/userGroups/CMSDevelopers
Request body
{
  "name" : "CMSDevelopers",
  "newName" : "CMS_Developers",
  "users" : "john.smith@myCompany.com, kelly.smith@myCompany.com",
  "accessControlConfiguration" : {
    "assignmentMode" : "OVERWRITE",
    "overrideUserGroupConfig" : true,
    "managementFeatures" : "['MANAGE_APPLICATIONS','MANAGE_MODELS']",
    "portfolioRoles" : [ {
      "type" : "CUSTOM",
      "portfolioName" : "Region",
      "portfolioValue" : "Asia",
      "roleName" : "Write"
    } ],
    "applicationRoles" : [ {
      "name" : "ApplicationInJapan",
      "roleName" : "None",
      "override" : true
    } ],
    "businessValueRoles" : [ {
      "type" : "SYSTEM",
      "portfolioValue" : "CRITICAL",
      "roleName" : "Readonly"
    } ],
    "providerRoles" : [ {
      "type" : "SYSTEM",
      "portfolioValue" : "Provider1",
      "roleName" : "Write"
    } ]
  }
}

Delete user group

DELETE /userGroups/{name}
Description

Deletes a user group of your account.

Parameters
Type Name Description Model

Path

name
required

User group name

string

Responses
HTTP Code Description Model

200

Successfully deleted an user group

No Content

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

  • text/plain

Produces
  • application/json

Example HTTP request
Request path
/userGroups/CMSDevelopers

Model

AccessControlConfigurationData

Name Description Model

applicationRoles
optional

Application roles list
Example : [ "ApplicationRoleData" ]

assignmentMode
optional

Indicates how to update the permissions. Can be ADD, DELETE or OVERWRITE.
Example : "OVERWRITE"

enum (ADD, DELETE, OVERWRITE)

businessValueRoles
optional

Business value portofolio roles list
Example : [ "BusinessValuePortfolioRoleData" ]

managementFeatures
optional

Management features to enable/disable. Allowed values are { MANAGE_APPLICATIONS | MANAGE_ALL_USERS | MANAGE_MODELS }
Example : "['MANAGE_APPLICATIONS','MANAGE_MODELS']"

< string > array

overrideUserGroupConfig
optional

Indicates if override user group config or not
Example : true

boolean

portfolioRoles
optional

Portfolio roles list
Example : [ "PortfolioRoleData" ]

< PortfolioRoleData > array

providerRoles
optional

Provider portfolio roles list
Example : [ "ProviderPortfolioRoleData" ]

ActionPlanDefectsResponse

Name Description Model

allDefects
optional

List of action plan defects
Example : [ "DefectDetailResponse" ]

assignedTo
optional

User assigned to this action plan
Example : "John Smith"

string

createdBy
optional

User action plan creator
Example : "The Boss"

string

creation
optional

Creation time
Example : "2019-10-31T14:50:05.227Z"

string

description
optional

Action plan Description
Example : "Action Plan for security defects"

string

estimate
optional

Total effort estimated time
Example : "1h 56m"

string

expiration
optional

Expiration time
Example : "2019-11-31T14:50:05.227Z"

string

name
optional

Action plan name
Example : "ActionPlan1"

string

pendingEffort
optional

Pending effort estimated time
Example : "30m"

string

progress
optional

Action plan progress
Example : 32.5

number (double)

purged
optional

Indicates if the action plan is purged
Example : false

boolean

ActionPlanDetailResponse

Name Description Model

assignedTo
optional

User assigned to this action plan
Example : "John Smith"

string

createdBy
optional

User action plan creator
Example : "The Boss"

string

creation
optional

Creation time
Example : "2019-10-31T14:50:05.227Z"

string

description
optional

Action plan Description
Example : "Action Plan for security defects"

string

estimate
optional

Total effort estimated time
Example : "1h 56m"

string

expiration
optional

Expiration time
Example : "2019-11-31T14:50:05.227Z"

string

name
optional

Action plan name
Example : "ActionPlan1"

string

pendingEffort
optional

Pending effort estimated time
Example : "30m"

string

progress
optional

Action plan progress
Example : 32.5

number (double)

purged
optional

Indicates if the action plan is purged
Example : false

boolean

ActionPlanPendingDefectsResponse

Name Description Model

assignedTo
optional

User assigned to this action plan
Example : "John Smith"

string

createdBy
optional

User action plan creator
Example : "The Boss"

string

creation
optional

Creation time
Example : "2019-10-31T14:50:05.227Z"

string

description
optional

Action plan Description
Example : "Action Plan for security defects"

string

estimate
optional

Total effort estimated time
Example : "1h 56m"

string

expiration
optional

Expiration time
Example : "2019-11-31T14:50:05.227Z"

string

name
optional

Action plan name
Example : "ActionPlan1"

string

pendingDefects
optional

List of action plan pending defects
Example : [ "DefectDetailResponse" ]

pendingEffort
optional

Pending effort estimated time
Example : "30m"

string

progress
optional

Action plan progress
Example : 32.5

number (double)

purged
optional

Indicates if the action plan is purged
Example : false

boolean

ActionPlanProgressResponse

Name Description Model

assignedTo
optional

User assigned to this action plan
Example : "John Smith"

string

createdBy
optional

User action plan creator
Example : "The Boss"

string

creation
optional

Creation time
Example : "2019-10-31T14:50:05.227Z"

string

description
optional

Action plan Description
Example : "Action Plan for security defects"

string

effortToTargetAfter
optional

Effort to target after action plan
Example : 8.23

number (double)

effortToTargetBefore
optional

Effort to target before action plan
Example : 31.8

number (double)

estimate
optional

Total effort estimated time
Example : "1h 56m"

string

expiration
optional

Expiration time
Example : "2019-11-31T14:50:05.227Z"

string

globalIndicatorAfter
optional

Global indicator after action plan
Example : 23.5

number (double)

globalIndicatorBefore
optional

Global indicator before action plan
Example : 7.21

number (double)

metrics
optional

Map of action plan metrics
Example : { "string" : 0.0 }

< string, number (double) > map

name
optional

Action plan name
Example : "ActionPlan1"

string

pendingEffort
optional

Pending effort estimated time
Example : "30m"

string

progress
optional

Action plan progress
Example : 32.5

number (double)

purged
optional

Indicates if the action plan is purged
Example : false

boolean

qualityIndicatorsAfter
optional

Map of quality indicators after action plan
Example : "{'Efficiency':15.28, 'Portability':7.23, 'Maintainability':71.1, 'Reliability':31.2, 'Security':23.21 }"

< string, number (double) > map

qualityIndicatorsBefore
optional

Map of quality indicators before action plan
Example : "{'Efficiency':53.21, 'Portability':72.9, 'Maintainability':21.9, 'Reliability':13.12, 'Security':38.32 }"

< string, number (double) > map

riskIndexAfter
optional

Risk index after action plan
Example : 9.3

number (double)

riskIndexBefore
optional

Risk index before action plan
Example : 19.22

number (double)

ActionPlanRemovedDefectsResponse

Name Description Model

assignedTo
optional

User assigned to this action plan
Example : "John Smith"

string

createdBy
optional

User action plan creator
Example : "The Boss"

string

creation
optional

Creation time
Example : "2019-10-31T14:50:05.227Z"

string

description
optional

Action plan Description
Example : "Action Plan for security defects"

string

estimate
optional

Total effort estimated time
Example : "1h 56m"

string

expiration
optional

Expiration time
Example : "2019-11-31T14:50:05.227Z"

string

name
optional

Action plan name
Example : "ActionPlan1"

string

pendingEffort
optional

Pending effort estimated time
Example : "30m"

string

progress
optional

Action plan progress
Example : 32.5

number (double)

purged
optional

Indicates if the action plan is purged
Example : false

boolean

removedDefects
optional

List of action plan removed defects
Example : [ "DefectDetailResponse" ]

AnalysisDefectsResponse

Name Description Model

Effort to target
optional

Effort to target metric
Example : MetricValueData

Main metrics
optional

Main metrics list
Example : [ "MetricValueData" ]

< MetricValueData > array

Quality indicator
optional

Quality indicator metric
Example : MetricValueData

Risk index
optional

Risk index metric
Example : MetricValueData

Security
optional
read-only

Map of security metrics
Example : "{ 'Rating': 1, {'3Stars':104.6,'5Stars':255.9,'2Stars':64.89,'4Stars':247.4}"

< string, object > map

activeDefects_count
optional

Active defects count
Example : 575

integer (int32)

analysisBusinessValue
optional

Analysis business value
Example : "CRITICAL"

enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL)

analysisCode
optional

Analysis code
Example : "A-ZBA-234820349"

string

analysisPortfolios
optional

Map of analysis portfolios
Example : "{ 'country': 'spain' }"

< string, string > map

analysisProvider
optional

Analysis provider
Example : "Lab"

string

analysisStatus
optional

Analysis status
Example : "FINISHED"

enum (EXECUTING, FINISHED, FINISHED_WITH_ERROR)

analysisURL
optional

Kiuwan link to view the analysis detail
Example : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349"

string

applicationBusinessValue
optional

Application business value
Example : "CRITICAL"

enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL)

applicationPortfolios
optional

Map of application portfolios
Example : "{ 'country': 'spain' }"

< string, string > map

applicationProvider
optional

Application provider
Example : "Lab"

string

architecture
optional

Architecture detail
Example : MetadataArchitectureData

auditName
optional

Application audit name
Example : "Kiuwan default audit"

string

auditResultURL
optional

Kiuwan link to view the audit result of the analisys
Example : "string"

string

count
optional

Number of defects in this response
Example : 500

integer (int32)

date
optional

Analysis creation date
Example : "2019-10-14T15:15:15Z"

string

defects
optional

Defects detail list
Example : [ "DefectDetailResponse" ]

defects_count
optional

Defects count
Example : 581

integer (int32)

description
optional

Application description
Example : "GitHub Android App"

string

encoding
optional

Analysis encoding
Example : "UTF-8"

string

insightsData
optional

Insights metadata
Example : MetadataInsightsData

label
optional

Analysis label
Example : "14.10.2019_1"

string

languages
optional

Languages metric list
Example : [ "MetricValueData" ]

< MetricValueData > array

modelId
optional

Analysis model identifier
Example : 6252

integer (int64)

name
optional

Application name
Example : "android"

string

ordered_by
optional

Analysis user invoker
Example : "github software"

string

page
optional

Page number
Example : 1

integer (int32)

quality_model
optional

Application quality model name
Example : "CQM"

string

supressedDefects_count
optional

Supressed defects count
Example : 6

integer (int32)

AnalysisFilesResponse

Name Description Model

Effort to target
optional

Effort to target metric
Example : MetricValueData

Main metrics
optional

Main metrics list
Example : [ "MetricValueData" ]

< MetricValueData > array

Quality indicator
optional

Quality indicator metric
Example : MetricValueData

Risk index
optional

Risk index metric
Example : MetricValueData

Security
optional
read-only

Map of security metrics
Example : "{ 'Rating': 1, {'3Stars':104.6,'5Stars':255.9,'2Stars':64.89,'4Stars':247.4}"

< string, object > map

analysisBusinessValue
optional

Analysis business value
Example : "CRITICAL"

enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL)

analysisCode
optional

Analysis code
Example : "A-ZBA-234820349"

string

analysisPortfolios
optional

Map of analysis portfolios
Example : "{ 'country': 'spain' }"

< string, string > map

analysisProvider
optional

Analysis provider
Example : "Lab"

string

analysisStatus
optional

Analysis status
Example : "FINISHED"

enum (EXECUTING, FINISHED, FINISHED_WITH_ERROR)

analysisURL
optional

Kiuwan link to view the analysis detail
Example : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349"

string

applicationBusinessValue
optional

Application business value
Example : "CRITICAL"

enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL)

applicationPortfolios
optional

Map of application portfolios
Example : "{ 'country': 'spain' }"

< string, string > map

applicationProvider
optional

Application provider
Example : "Lab"

string

architecture
optional

Architecture detail
Example : MetadataArchitectureData

auditName
optional

Application audit name
Example : "Kiuwan default audit"

string

auditResultURL
optional

Kiuwan link to view the audit result of the analisys
Example : "string"

string

count
optional

Number of files in this response
Example : 100

integer (int32)

date
optional

Analysis creation date
Example : "2019-10-14T15:15:15Z"

string

description
optional

Application description
Example : "GitHub Android App"

string

encoding
optional

Analysis encoding
Example : "UTF-8"

string

files
optional

Files list
Example : [ "FileData" ]

< FileData > array

files_count
optional

Number of files
Example : 124

integer (int32)

insightsData
optional

Insights metadata
Example : MetadataInsightsData

label
optional

Analysis label
Example : "14.10.2019_1"

string

languages
optional

Languages metric list
Example : [ "MetricValueData" ]

< MetricValueData > array

modelId
optional

Analysis model identifier
Example : 6252

integer (int64)

name
optional

Application name
Example : "android"

string

ordered_by
optional

Analysis user invoker
Example : "github software"

string

page
optional

Page number
Example : 1

integer (int32)

quality_model
optional

Application quality model name
Example : "CQM"

string

AnalysisResponse

Name Description Model

analysisBusinessValue
optional

Analysis business value
Example : "CRITICAL"

enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL)

analysisPortfolios
optional

Map of analysis portfolios
Example : "{ 'country': 'spain' }"

< string, object > map

analysisProvider
optional

Analysis provider
Example : "Lab"

string

analysisScope
optional

Analysis scope
Example : "Baseline"

enum (Baseline, Complete delivery, Partial delivery)

auditResult
optional

Delivery audit result
Example : "FAIL"

string

branchName
optional

Delivery branch name
Example : "master"

string

changeRequest
optional

Delivery change request
Example : "CR_14-10-2019_1"

string

changeRequestStatus
optional

Change request status
Example : "Resolved"

enum (Resolved, In progress)

code
optional

Analysis code
Example : "A-7e3-16dc9e29131"

string

creationDate
optional

Analysis creation date
Example : "2019-10-14T15:15:15Z"

string

encoding
optional

Analysis enconding
Example : "UTF-8"

string

errorCode
optional

Analysis error code
Example : "string"

string

invoker
optional

Analysis user invoker
Example : "github software"

string

label
optional

Analysis label
Example : "14.10.2019_1"

string

metrics
optional

Map of analysis metrics
Example : "{'com.optimyth.CQM.defectsByPriority.Priority 1': 163,'com.optimyth.CQM.defectsByPriority.Priority 2': 201,'com.optimyth.CQM.defectsByPriority.Priority 3': 159,'com.optimyth.CQM.defectsByPriority.Priority 4': 17,'com.optimyth.CQM.defectsByPriority.Priority 5': 41}"

< string, number (double) > map

modelId
optional

Model indentifier
Example : "string"

string

qualityModel
optional

Quality model
Example : "CQM"

string

status
optional

Analysis status
Example : "RUNNING"

enum (INQUEUE, FAIL, SUCCESS, RUNNING)

unparsedFiles
optional

Unparsed files list
Example : [ "UnparsedFileData" ]

< UnparsedFileData > array

AnalysisResultResponse

Name Description Model

Effort to target
optional

Effort to target metric
Example : MetricValueData

Main metrics
optional

Main metrics list
Example : [ "MetricValueData" ]

< MetricValueData > array

Quality indicator
optional

Quality indicator metric
Example : MetricValueData

Risk index
optional

Risk index metric
Example : MetricValueData

Security
optional
read-only

Map of security metrics
Example : "{ 'Rating': 1, {'3Stars':104.6,'5Stars':255.9,'2Stars':64.89,'4Stars':247.4}"

< string, object > map

analysisBusinessValue
optional

Analysis business value
Example : "CRITICAL"

enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL)

analysisCode
optional

Analysis code
Example : "A-ZBA-234820349"

string

analysisPortfolios
optional

Map of analysis portfolios
Example : "{ 'country': 'spain' }"

< string, string > map

analysisProvider
optional

Analysis provider
Example : "Lab"

string

analysisScope
optional

Analysis scope
Example : "Complete delivery"

enum (Baseline, Complete delivery, Partial delivery)

analysisStatus
optional

Analysis status
Example : "FINISHED"

enum (EXECUTING, FINISHED, FINISHED_WITH_ERROR)

analysisURL
optional

Kiuwan link to view the analysis detail
Example : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349"

string

applicationBusinessValue
optional

Application business value
Example : "CRITICAL"

enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL)

applicationPortfolios
optional

Map of application portfolios
Example : "{ 'country': 'spain' }"

< string, string > map

applicationProvider
optional

Application provider
Example : "Lab"

string

architecture
optional

Architecture detail
Example : MetadataArchitectureData

auditName
optional

Application audit name
Example : "Kiuwan default audit"

string

auditResult
optional

Delivery audit result detail
Example : AuditAnalysisResultResponse

auditResultURL
optional

Kiuwan link to view the audit result of the analisys
Example : "string"

string

baselineAnalysisCode
optional

Baseline analysis code
Example : "A-7e3-16dc9e29131"

string

branchName
optional

Delivery branch name
Example : "master"

string

changeRequest
optional

Delivery change request
Example : "CR_13.01.2020"

string

changeRequestStatus
optional

Delivery change request status
Example : "Resolved"

enum (Resolved, In progress)

date
optional

Analysis creation date
Example : "2019-10-14T15:15:15Z"

string

deliveryDefects
optional

Delivery defects
Example : DeliveryDefectsData

deliveryFiles
optional

Delivery files detail
Example : DeliveryFilesData

description
optional

Application description
Example : "GitHub Android App"

string

encoding
optional

Analysis encoding
Example : "UTF-8"

string

insightsData
optional

Insights metadata
Example : MetadataInsightsData

label
optional

Analysis label
Example : "14.10.2019_1"

string

languages
optional

Languages metric list
Example : [ "MetricValueData" ]

< MetricValueData > array

modelId
optional

Analysis model identifier
Example : 6252

integer (int64)

name
optional

Application name
Example : "android"

string

ordered_by
optional

Analysis user invoker
Example : "github software"

string

quality_model
optional

Application quality model name
Example : "CQM"

string

ApplicationAnalysisResponse

Name Description Model

Effort to target
optional

Effort to target metric
Example : MetricValueData

Main metrics
optional

Main metrics list
Example : [ "MetricValueData" ]

< MetricValueData > array

Quality indicator
optional

Quality indicator metric
Example : MetricValueData

Risk index
optional

Risk index metric
Example : MetricValueData

Security
optional
read-only

Map of security metrics
Example : "{ 'Rating': 1, {'3Stars':104.6,'5Stars':255.9,'2Stars':64.89,'4Stars':247.4}"

< string, object > map

analysisBusinessValue
optional

Analysis business value
Example : "CRITICAL"

enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL)

analysisCode
optional

Analysis code
Example : "A-ZBA-234820349"

string

analysisPortfolios
optional

Map of analysis portfolios
Example : "{ 'country': 'spain' }"

< string, string > map

analysisProvider
optional

Analysis provider
Example : "Lab"

string

analysisStatus
optional

Analysis status
Example : "FINISHED"

enum (EXECUTING, FINISHED, FINISHED_WITH_ERROR)

analysisURL
optional

Kiuwan link to view the analysis detail
Example : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349"

string

applicationBusinessValue
optional

Application business value
Example : "CRITICAL"

enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL)

applicationPortfolios
optional

Map of application portfolios
Example : "{ 'country': 'spain' }"

< string, string > map

applicationProvider
optional

Application provider
Example : "Lab"

string

architecture
optional

Architecture detail
Example : MetadataArchitectureData

auditName
optional

Application audit name
Example : "Kiuwan default audit"

string

auditResultURL
optional

Kiuwan link to view the audit result of the analisys
Example : "string"

string

date
optional

Analysis creation date
Example : "2019-10-14T15:15:15Z"

string

description
optional

Application description
Example : "GitHub Android App"

string

encoding
optional

Analysis encoding
Example : "UTF-8"

string

insightsData
optional

Insights metadata
Example : MetadataInsightsData

label
optional

Analysis label
Example : "14.10.2019_1"

string

languages
optional

Languages metric list
Example : [ "MetricValueData" ]

< MetricValueData > array

modelId
optional

Analysis model identifier
Example : 6252

integer (int64)

name
optional

Application name
Example : "android"

string

ordered_by
optional

Analysis user invoker
Example : "github software"

string

quality_model
optional

Application quality model name
Example : "CQM"

string

ApplicationManagementRequest

Name Description Model

businessValue
optional

Application business value
Example : "CRITICAL"

enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL)

description
optional

Application description
Example : "GitHub Android App"

string

model
optional

Application model name
Example : "CQM"

string

modelId
optional

Application model identifier
Example : 1243

integer (int64)

name
required

Application name
Example : "myApp"

string

newModelId
optional

New model identifier
Example : 1345

integer (int64)

newName
optional

New application name
Example : "myNewApp"

string

portfolios
optional

Application portfolios list
Example : [ "PortfolioData" ]

< PortfolioData > array

provider
optional

Application provider
Example : "Lab"

string

targets
optional

Application targets map
Example : { "string" : 0.0 }

< string, number (double) > map

ApplicationPermissionsData

Name Description Model

applicationName
optional

Application name
Example : "myApp"

string

changeDefectStatus
optional

If the user can change the status of a defect in this application
Example : true

boolean

deleteActionPlans
optional

If the user can delete action plan for this application
Example : true

boolean

deleteAnalysis
optional

If the user can delete analysis for this application
Example : true

boolean

deleteDeliveries
optional

If the user can delete deliveries for this application
Example : true

boolean

executeAnalysis
optional

If the user can execute analysis for this application
Example : true

boolean

executeDeliveries
optional

If the user can execute deliveries plan for this application
Example : true

boolean

exportActionPlansJira
optional

If the user can export action plan to JIRA for this application
Example : true

boolean

muteDefects
optional

If the user can mute defects for this application
Example : true

boolean

override
optional

Indicates if override the configuration or not
Example : true

boolean

roleName
optional

Name of the role assigned to user
Example : "None"

string

saveActionPlans
optional

If the user can save action plan for this application
Example : true

boolean

viewApplicationData
optional

If the user can see application data for this application
Example : true

boolean

viewDeliveries
optional

If the user can see deliveries for this application
Example : true

boolean

ApplicationResponse

Name Description Model

applicationBusinessValue
optional

Application business value
Example : "CRITICAL"

enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL)

applicationPortfolios
optional

Map of application portfolios
Example : "{ 'country': 'spain' }"

< string, string > map

applicationProvider
optional

Application provider
Example : "Lab"

string

auditName
optional

Application audit name
Example : "Kiuwan default audit"

string

description
optional

Application description
Example : "GitHub Android App"

string

name
optional

Application name
Example : "android"

string

quality_model
optional

Application quality model name
Example : "CQM"

string

ApplicationRoleData

Name Description Model

name
optional

Application name
Example : "ApplicationInJapan"

string

override
optional

Indicates if override the configuration or not
Example : true

boolean

roleName
optional

Name of the role to assign
Example : "None"

string

AuditAnalysisResultResponse

Name Description Model

approvalThreshold
optional

Audit approval threshold
Example : 50.0

number (double)

auditName
optional

Audit name
Example : "Kiuwan default audit"

string

checkpointResults
optional

List of checkpoint results
Example : [ "CheckpointResultData" ]

description
optional

Audit description
Example : "Default audit provided by Kiuwan. Checks if there are new defects. The audit will not pass if there are any."

string

overallResult
optional

Audit overall result
Example : "FAIL"

enum (OK, FAIL)

score
optional

Score
Example : 0.0

number (double)

AuditResultResponse

Name Description Model

analysisCode
optional

Analysis code
Example : "A-7e3-16e5b1aad2a"

string

creationTimestamp
optional

Audit creation time
Example : "2019-11-21T12:51:40Z"

string

label
optional

Audit label
Example : "cr_21.11.2019"

string

metrics
optional

Audit metrics
Example : "{'com.optimyth.CQM.defectsByPriority.Priority 2': 2,'com.optimyth.CQM.defectsByPriority.Priority 3': 1}"

< string, number (double) > map

passAudit
optional

Indicates if the audit has been passed
Example : false

boolean

AuthorizationResponse

Name Description Model

actionCode
optional

The action code
Example : "MUTE_DEFECTS"

string

granted
optional

Indicates if the action is granted or not
Example : true

boolean

BusinessValuePortfolioRoleData

Name Description Model

portfolioValue
optional

Portfolio value
Example : "CRITICAL"

string

roleName
optional

Name of the role to assign
Example : "Readonly"

string

type
optional

Portfolio type
Example : "SYSTEM"

enum (SYSTEM)

CheckpointResultData

Name Description Model

checkpoint
optional

Checkpoint
Example : "1"

string

description
optional

Checkpont decription
Example : "If a new defect is detected, the checkpoint will not pass."

string

mandatory
optional

Indicates if the checkpoint is mandatory or not
Example : true

boolean

name
optional

Checkpoint name
Example : "No new defects"

string

result
optional

Checkpoint result
Example : "FAIL"

enum (OK, FAIL)

score
optional

Checkpoint score
Example : 0.0

number (double)

type
optional

Checkpoint type
Example : "Threshold for maximum new defects"

string

violatedRules
optional

List of violated rules
Example : [ "ViolatedRuleResponse" ]

weight
optional

Weight
Example : 1

integer (int32)

ComponentDetailResponse

Name Description Model

analyzed
optional

Analyzed
Example : true

boolean

artifacts
optional

Artifacts list
Example : "{0}/src/main/java/com/myCompany/myApp/CSRFServlet"

< object > array

ccn
optional

Cyclomatic complexity number
Example : 15.0

number (double)

dn
optional

Name identifier description
Example : "app=myApp,class=com.myCompany.myApp.file.CSRFServlet"

string

dupCode
optional

Duplicated code
Example : 0.0

number (double)

effort
optional

Effort value
Example : 0.0

number (double)

groupedCount
optional

Grouped count
Example : 1

integer (int32)

grouptags
optional

Map of group tags
Example : "{'Servlet': 'FileServlet'}"

< string, string > map

id
optional

Identifier
Example : 23

integer (int64)

language
optional

Language
Example : "java"

string

loc
optional

Lines of code
Example : 210.0

number (double)

name
optional

Component name
Example : "com.myCompany.myApp.CSRFServlet"

string

other
optional

Map of additional properties
Example : "{ 'componentType': 'class', 'j2eeType': 'class', 'description': 'class java' }"

< string, object > map

quality
optional

Quality indicator value
Example : 0.0

number (double)

tags
optional

Component Tags
Example : "Security,CSRF"

< object > array

type
optional

Component type
Example : "class"

string

ComponentSimpleRestData

Name Description Model

artifact
optional

Artifact name
Example : "org.springframework:spring-core"

string

description
optional

Artifact description
Example : "Spring Core"

string

id
optional

Component identifier
Example : 357

integer (int64)

version
optional

Artifact version
Example : "3.2.13.RELEASE"

string

DataFlowElement

Name Description Model

columnNumber
optional

Column number
Example : 14

integer (int32)

file
optional

Data flow file
Example : "MyClass.java"

string

lineNumber
optional

Line number
Example : 17

integer (int32)

parameter
optional

Source, sink or frame injection point
Example : "cmd.CommandText"

string

sequence
optional

Sequence number
Example : 1

integer (int32)

text
optional

Code text
Example : "String a = request.getParameter(…​)"

string

DatapathData

Name Description Model

container
optional

Container
Example : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)"

string

file
optional

Datapath file
Example : "FileSystemRepository.java"

string

index
optional

Datapath index
Example : 1

integer (int32)

indirect
optional

If is a indirect datapath
Example : true

boolean

kind
optional

Datapath kind
Example : "sink"

enum (assign, call, other, sink, source)

lineNumber
optional

Line number
Example : 32

integer (int32)

lineText
optional

Line text
Example : "\t\t\tString val = request.getParameter(item);"

string

localId
optional

Local id for this vulnerability
Example : 1

integer (int32)

localParentId
optional

Parent id of this datapath
Example : 1

integer (int32)

varname
optional

Datapath tainted variable name
Example : "user"

string

DefectDetailResponse

Name Description Model

characteristic
optional

Characteristic
Example : "Security"

enum (Efficiency, Maintainability, Portability, Reliability, Security)

code
optional

Code
Example : "\t\t\tout.println(sql);"

string

cweId
optional

CWE identifier
Example : 79

integer (int32)

defectId
optional

Defect identifier
Example : 16558118

integer (int64)

effort
optional

Effort
Example : "30m"

string

explanation
optional

Defect explanation
Example : "Reflected XSS: user_input"

string

file
optional

Defect file
Example : "FileSystemRepository.java"

string

language
optional

Technology (List of supported technologies in https://www.kiuwan.com/docs/display/K5/Kiuwan+Supported+Technologies)
Example : "java"

string

line
optional

Defect line
Example : 368

integer (int32)

modelId
optional

Model identifier
Example : 6252

integer (int64)

muted
optional

Indicates if the defect is muted
Example : false

boolean

priority
optional

Priority
Example : "Very High"

enum (Very Low, Low, Normal, High, Very High)

rule
optional

Broken rule
Example : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"

string

ruleCode
optional

Rule code
Example : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule"

string

securityDetail
optional

Security detail
Example : VulnerabilityData

status
optional

Defect status
Example : "None"

enum (None, To review, Reviewed)

vulnerabilityType
optional

Vulnerability type (More info in https://www.kiuwan.com/docs/display/K5/Kiuwan+Vulnerability+Types)
Example : "Injection"

string

DefectLineResponse

Name Description Model

code
optional

Defect code
Example : "\\t\\t\\te.printStackTrace();"

string

line
optional

Defect line
Example : 101

integer (int32)

muted
optional

Indicates if the defect is muted
Example : true

boolean

DefectNoteResponse

Name Description Model

date
optional

Note date
Example : "2019/05/02 14:26"

string

text
optional

Note description
Example : "To review by security experts"

string

user
optional

User name
Example : "John Smith"

string

DefectsDeltaDetailResponse

Name Description Model

Main analysis code
optional

Main analysis code
Example : "A-7e3-16e5b1aad2a"

string

New defects
optional

New defects
Example : [ "DefectDetailResponse" ]

New defects count
optional

New defects count
Example : 3

integer (int32)

New violated rules count
optional

New violated rules count
Example : 1

integer (int32)

Previous analysis code
optional

Previous analysis code
Example : "A-7e3-16dc9e29131"

string

Removed defects
optional

Removed defects
Example : [ "DefectDetailResponse" ]

Removed defects count
optional

Removed defects count
Example : 0

integer (int32)

Removed violated rules count
optional

Removed violated rules count
Example : 0

integer (int32)

count
optional

Number of defects in this response
Example : 3

integer (int32)

page
optional

Page number
Example : 1

integer (int32)

DefectsDeltaResponse

Name Description Model

Main analysis code
optional

Main analysis code
Example : "A-7e3-16e5b1aad2a"

string

New defects count
optional

New defects count
Example : 3

integer (int32)

New violated rules count
optional

New violated rules count
Example : 1

integer (int32)

Previous analysis code
optional

Previous analysis code
Example : "A-7e3-16dc9e29131"

string

Removed defects count
optional

Removed defects count
Example : 0

integer (int32)

Removed violated rules count
optional

Removed violated rules count
Example : 0

integer (int32)

DeliveryDefectsData

Name Description Model

defects
optional

Total defects
Example : 582

integer (int32)

newDefects
optional

Number of new defects
Example : 3

integer (int32)

removedDefects
optional

Number of removed defects
Example : 0

integer (int32)

DeliveryFilesData

Name Description Model

count
optional

Files count
Example : 132

integer (int32)

FileData

Name Description Model

defects
optional

Detail of defects in the file
Example : [ "DefectDetailResponse" ]

defects_count
optional

Number of defects in the file
Example : 5

integer (int32)

metrics
optional

File metrics
Example : [ "MetricValueData" ]

< MetricValueData > array

metrics_count
optional

Metrics count
Example : 17

integer (int32)

name
optional

File name
Example : "FileSystemRepository.java"

string

FileWithDefectsResponse

Name Description Model

defects
optional

Link to the defects line
Example : HrefData

defectsCount
optional

Number of defects
Example : 1

integer (int64)

file
optional

File name
Example : "src/main/java/com/myCompany/myApp/CSRFServlet.java"

string

FilterData

Name Description Model

analyzed
optional

Is analyzed filter
Example : true

boolean

contains
optional

Contains filter
Example : "custom.js"

string

fileName
optional

File name filter
Example : "custom.js"

string

groupTags
optional

List of group tags filter
Example : [ "GroupTagData" ]

< GroupTagData > array

languages
optional

Languages filter, comma-separated list of languages to filter by (List of supported technologies in https://www.kiuwan.com/docs/display/K5/Kiuwan+Supported+Technologies)
Example : "java,javascript"

string

notContains
optional

Not contains filter
Example : "testFactory"

string

tags
optional

Tags filter, Comma-separated list of tags to filter by
Example : "myTag1,myTag2"

string

types
optional

Types filter, comma-separated list of types to filter by
Example : "program,element,map,class"

string

Finding

Name Description Model

comments
optional

Comments list
Example : [ "string" ]

< string > array

mappings
optional

Mapping with different codes as CWE or kiuwan code
Example : [ "Mapping" ]

< Mapping > array

metadata
optional

Metadata information with language, characteristic, vulnerability type, effort, status and muted
Example : { "string" : "string" }

< string, string > map

nativeId
optional

Native id
Example : "1"

string

nativeSeverity
optional

Kiuwan severity
Example : "MEDIUM"

string

scannerDetail
optional

Rule description
Example : "Too much allowed origins in HTML5 Access-Control-Allow-Origin header. Traditionally, web browsers…​"

string

scannerRecommendation
optional

Rule remediation
Example : "Do not use Access-Control-Allow-Origin: * in CORS headers. This permits any origin to read data from…​"

string

severity
optional

Threadfix severity
Example : "MEDIUM"

enum (UNKNOWN, INFO, LOW, MEDIUM, HIGH, CRITICAL)

staticDetails
optional

Violation details
Example : StaticDetails

summary
optional

Rule name
Example : "CORS policy (Cross-origin resource sharing) too broad"

string

tags
optional

Tags list
Example : [ "string" ]

< string > array

FrameData

Name Description Model

category
optional

Frame category
Example : "user_input"

string

container
optional

Container
Example : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)"

string

file
optional

Frame file
Example : "FileSystemRepository.java"

string

index
optional

Frame index
Example : 0

integer (int32)

injectionPoint
optional

InjectionPoint
Example : "string"

string

lineNumber
optional

Line number
Example : 32

integer (int32)

lineText
optional

Line text
Example : "\t\t\tString val = request.getParameter(item);"

string

resource
optional

Resource
Example : "web"

string

variableDeclaration
optional

Variable declaration
Example : "string"

string

GlobalCounterResponse

Name Description Model

name
optional

Global counter name
Example : "analysis"

string

value
optional

Global counter value
Example : 3806.0

number (double)

GroupTagData

Name Description Model

name
optional

Group tag name
Example : "Servlets"

string

value
optional

Group tag value
Example : "FileServlet"

string

HrefData

Name Description Model

href
optional

Defect link
Example : "https://api.kiuwan.com/audits/checkpoints/violatedrules/files/defects?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&checkpoint=3452&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java"

string

InsightsComponentRestBean

Name Description Model

artifact
optional

Artifact name
Example : "org.springframework:spring-aop"

string

filename
optional

File name
Example : "spring-aop-3.2.13.RELEASE.jar"

string

id
optional

Component identifier
Example : 178

integer (int64)

language
optional

Technology
Example : "java"

string

licenseRisk
optional

Component license risk (high, medium, low, none, unknown)
Example : "unknown"

enum (high, medium, low, none, unknown)

obsolescenceRisk
optional

Component obsolescence risk (high, medium, low, none, unknown)
Example : "medium"

enum (high, medium, low, none, unknown)

securityRisk
optional

Component security risk (high, medium, low, none, unknown)
Example : "high"

enum (high, medium, low, none, unknown)

sources
optional

Sources list
Example : [ "SourceRootSimpleRestData" ]

version
optional

Artifact version
Example : "3.2.13.RELEASE"

string

vulnerabilities
optional

Vulnerabilities list
Example : [ "VulnerabilityRestData" ]

LicenseRestData

Name Description Model

component
optional

Number of components with this license
Example : "8"

string

components
optional

List of components with this license
Example : [ "ComponentSimpleRestData" ]

conditions
optional

License conditions
Example : "[\"INCL_COPYRIGHT\",\"INCL_LICENSE\",\"STATE_CHANGES\",\"INCLUDE_NOTICE\"]"

string

id
optional

License identifier
Example : 23

integer (int64)

license
optional

License name
Example : "Apache License 2.0"

string

limitations
optional

License limitations
Example : "[\"HOLD_LIABLE\",\"USE_TRADEMARK\"]"

string

permissions
optional

License permissions
Example : "[\"COMMERCIAL\",\"MODIFY\",\"DISTRIBUTE\",\"SUBLICENSE\",\"PRIVATE\",\"USE_PATENT_CLAIMS\",\"PLACE_WARRANTY\"]"

string

risk
optional

License risk
Example : "none"

enum (High, Medium, Low, None, Unknown)

spdxCode
optional

SPDX code (Software Package Data Exchange)
Example : "Apache-2.0"

string

type
optional

License type
Example : "Permissive"

enum (Copyleft, Copyrighted, NonOpenSource, Permissive, Propietary, PublicDomain, Unknown, WeakCopyleft)

url
optional

Link to license description
Example : "https://spdx.org/licenses/Apache-2.0.html"

string

ListComponentsRequest

It is necessary to indicate the name of the application or the analysis code

Name Description Model

analysisCode
optional

Analysis Code
Example : "A-7e3-16dc9e29131"

string

applicationName
optional

Application name
Example : "myApp"

string

filter
optional

Filter
Example : FilterData

pagination
optional

Pagination
Example : PaginationData

ListComponentsResponse

Name Description Model

data
optional

List of components
Example : [ "ComponentDetailResponse" ]

pagination
optional

Pagination
Example : PaginationData

ListInsightsComponentsResponse

Name Description Model

data
optional

Insights components detail list
Example : [ "InsightsComponentRestBean" ]

ListLicensesResponse

Name Description Model

data
optional

Insights components license detail list
Example : [ "LicenseRestData" ]

< LicenseRestData > array

ListObsolescencesResponse

Name Description Model

data
optional

Insights components obsolescence detail list
Example : [ "ObsolescenceRestData" ]

ListSecuritiesResponse

Name Description Model

data
optional

Insights vulnerabilities detail list
Example : [ "SecurityRestData" ]

< SecurityRestData > array

Mapping

Name Description Model

mappingType
optional

Mapping type
Example : "CWE"

enum (CWE, CVE, OTHER, TOOL_VENDOR)

primary
optional

True depending on whether this is the primary for the mappingType
Example : true

boolean

value
optional

Mapping value (CWE id or Kiuwan rule code)
Example : "89"

string

vendorOtherType
optional

Other type vendor. Required for 'OTHER' and 'TOOL_VENDOR' mappingType; optional for 'CWE' and 'CVE'
Example : "kiuwan"

string

MetadataArchitectureData

Name Description Model

groupTags
optional

List of groups
Example : "group1"

< string, < string > array > map

languages
optional

Number of different languages
Example : [ "ValueCountData" ]

< ValueCountData > array

relations
optional

Number of relations
Example : [ "ValueCountData" ]

< ValueCountData > array

tags
optional

List of tags
Example : "tag1"

< string > array

types
optional

Number of different types
Example : [ "ValueCountData" ]

< ValueCountData > array

MetadataInsightsData

Name Description Model

components
optional

Number of components in current analysis
Example : 29

integer (int32)

duplicates
optional

Number of duplicated components in current analysis
Example : 8

integer (int32)

licenses
optional

Number of different licenses in current analysis
Example : 8

integer (int32)

risks
optional

Risk metadata for current analysis. Risk components by vulnerabilities, by licenses and obsolescence
Example : [ "MetadataInsightsRiskData" ]

vulnerabilities
optional

Number of vulnerabilities in current analysis
Example : 15

integer (int32)

MetadataInsightsRiskData

Name Description Model

name
optional

Risk name. by vulnerabilities, by licenses and obsolescence
Example : "string"

string

risk
optional

Map with number of components by severity
Example : { "string" : 0 }

< string, integer (int32) > map

MetricValueData

Name Description Model

name
optional

Metric name
Example : "metric name"

string

size
optional

Metric size
Example : 4013

integer (int32)

NavigationFilterData

Name Description Model

depth
optional

Depth
Example : 2

integer (int32)

direction
optional

Direction (in, out, any; default: out)
Example : "out"

enum (in, out, any)

relations
optional

Comma separated list of component relations (calls, configuration, delete, includes, inherits…)
Example : "contains,uses,update"

string

ObsolescenceRestData

Name Description Model

component
optional

Component name
Example : "commons-logging:commons-logging"

string

dateLast
optional

Component last version date
Example : "2014/07/05"

string

dateUsed
optional

Component used version date
Example : "2013/05/16"

string

description
optional

Component description
Example : "Commons Logging is a thin adapter allowing configurable bridging to other,\n well known logging systems."

string

language
optional

Technology (List of supported technologies in https://www.kiuwan.com/docs/display/K5/Kiuwan+Supported+Technologies)
Example : "java"

string

lastVersion
optional

Component last version
Example : "1.2"

string

obsolescenceRisk
optional

Component obsolescence risk number, between 0-10
Example : "3.33"

string

outOfDate
optional

Number of days between used and last version
Example : "1y 50d"

string

release
optional

Number of releases between used and last version
Example : "1"

string

risk
optional

Component obsolescence risk (High, Medium, Low)
Example : "Medium"

enum (High, Medium, Low)

timeInactivity
optional

Number of days from last version date
Example : "5y 194d"

string

usedVersion
optional

Component used version
Example : "1.1.3"

string

PaginationData

Name Description Model

count
optional

Number of components per page
Example : 500

integer (int32)

page
optional

Page number
Example : 1

integer (int32)

total
optional

Total Components
Example : 5654

integer (int64)

PortfolioData

Name Description Model

portfolioName
optional

Portfolio name
Example : "country"

string

portfolioValue
optional

Portfolio value
Example : "spain"

string

PortfolioDefinitionData

Name Description Model

description
optional

Portfolio description
Example : "List of company providers"

string

isSystemPortfolio
optional

Indicates if it is a system portfolio
Example : true

boolean

name
required

Portfolio name
Example : "provider"

string

values
optional

Portfolio values
Example : "['Lab', 'Factory']"

< string > array

PortfolioRoleData

Name Description Model

portfolioName
optional

Portfolio name
Example : "Region"

string

portfolioValue
optional

Portfolio value
Example : "Asia"

string

roleName
optional

Name of the role to assign
Example : "Write"

string

type
optional

Portfolio type (CUSTOM, SYSTEM)
Example : "CUSTOM"

enum (CUSTOM, SYSTEM)

ProviderPortfolioRoleData

Name Description Model

portfolioValue
optional

Portfolio value
Example : "Provider1"

string

roleName
optional

Name of the role to assign
Example : "Write"

string

type
optional

Portfolio type
Example : "SYSTEM"

enum (SYSTEM)

RelationRestData

Name Description Model

source
optional

Source
Example : 5473

integer (int64)

target
optional

Target
Example : 5468

integer (int64)

type
optional

Relation type
Example : "uses"

string

RuleDocumentationResponse

Name Description Model

benefits
optional

Rule benefits
Example : "string"

string

code
optional

Rule code
Example : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule"

string

description
optional

Rule description
Example : "Software places user-controlled input in page content. An attacker could inject browser script code that is executed\nin the client browser. The end-user is the attacked subject, and the software is the vehicle for the attack.\nThere are two main kinds of XSS:\n\n* Reflected XSS: Attacker causes victim to supply malicious content to a vulnerable web application, which\n renders HTML content embedding a malicious script executed in victim’s browser. A variation of this is named\n DOM-based XSS, where the vulnerable software does not generate content depending on user input but include\n script code that use user-controlled input.\n\n* Persisted XSS: Attacker provides malicious content to vulnerable application. When other user access to\n vulnerable pages that embed without proper neutralization the attacker content, script code is executed in the\n victim’s browser.\n\nThe script executed in the victim’s browser could perform malicious activities.\n\nMany browsers could limit the damage via security restrictions (e.g. 'same origin policy'), but user browsers\ngenerally allow scripting languages (e.g. JavaScript) in their browsers (disabling JavaScript severely limits\na web site)."

string

drawbacks
optional

Rule drawbacks
Example : "string"

string

fixedCode
optional

Fixed code example
Example : "import javax.servlet.http.HttpServletRequest;\nimport javax.servlet.http.HttpServletResponse;\nimport java.io.IOException;\nimport java.io.PrintWriter;\nimport org.owasp.html.*;\n\npublic class CrossSiteScriptingCode {\n public void directXSS(HttpServletRequest req, HttpServletResponse res) throws IOException {\n PrintWriter w = res.getWriter();\n // OWASP Java HTML Sanitizer (upgrade to r88 or later)\n // Use your own security library if needed\n PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);\n String safeHTML = policy.sanitize( req.getParameter(\\\"input\\\") );\n w.println(safeHTML); // OK\n }\n}"

string

normatives
optional

Rule normatives list
Example : "['CERT-J:IDS51-J','CWE:79','OWASP:2013:A3','OWASP:2017:A7','OWASP-M:2014:M7','PCI-DSS:6.5.7','SANS25:2010:1','SANS25:2011:4','WASC:08']"

< string > array

references
optional

Comma separated list of rule references
Example : "http://cwe.mitre.org/data/definitions/79.html,https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet,https://www.google.es/about/appsecurity/learning/xss/,https://www.securecoding.cert.org/confluence/display/java/IDS51-J.+Properly+encode+or+escape+output"

string

tags
optional

Rule tags list
Example : "['CWEScope:Access-Control','CWEScope:Availability','CWEScope:Confidentiality','CWEScope:Integrity','essential']"

< string > array

violationCode
optional

Violation code example
Example : "import javax.servlet.http.HttpServletRequest;\nimport javax.servlet.http.HttpServletResponse;\nimport java.io.IOException;\nimport java.io.PrintWriter;\n\npublic class CrossSiteScriptingCode {\n public void directXSS(HttpServletRequest req, HttpServletResponse res) throws IOException {\n PrintWriter w = res.getWriter();\n w.println( req.getParameter(\\\"input\\\") ); // VIOLATION\n }\n}"

string

Scan

Name Description Model

collectionType
optional

Collection type
Example : "SAST"

string

created
optional

Creation date in format yyyy-MM-dd’T’HH:mm:ssZZ
Example : "2020-01-15T11:23:45"

string

executiveSummary
optional

Executive summary
Example : "After an automated Kiuwan analysis of myApp, it was found to be…​"

string

exported
optional

Export date in format yyyy-MM-dd’T’HH:mm:ssZZ
Example : "2020-02-17T11:23:45"

string

findings
optional

Findings found in this analysis
Example : [ "Finding" ]

< Finding > array

metadata
optional

Metadata information with agent version, engine version, model name, model version and execution time
Example : { "string" : "string" }

< string, string > map

source
optional

Export source
Example : "kiuwan"

string

SearchImpactResponse

Name Description Model

analysisImpactCode
optional

Analysis impact code
Example : "0143dde8-3d81-44ac-ab77-fb5132c0f3b0"

string

data
optional

List of components
Example : [ "ComponentDetailResponse" ]

pagination
optional

Pagination
Example : PaginationData

SearchSourcesImpactRequest

It is mandatory at least one of the following parameters, application name, analysis code or analysis impact code. If you have already indicated the analysis impact code, the navigation filter is not necessary, in other cases it is. Indicating the pagination filter is necessary in any case.

Name Description Model

analysisCode
optional

Analysis code
Example : "A-7e3-16dc9e29131"

string

analysisImpactCode
optional

Analysis impact code
Example : "0143dde8-3d81-44ac-ab77-fb5132c0f3b0"

string

applicationName
optional

Application name
Example : "myApp"

string

navigationFilter
optional

Navigation filter
Example : NavigationFilterData

pagination
required

Pagination
Example : PaginationData

sourceFilter
optional

Source Filter
Example : FilterData

sourceIds
optional

Source identifiers
Example : [ 0 ]

< integer (int64) > array

targetId
optional

Target identificator
Example : 41144504

integer (int64)

SearchTargetsImpactRequest

It is mandatory at least one of the following parameters, application name, analysis code or analysis impact code. If you have already indicated the analysis impact code, the navigation filter is not necessary, in other cases it is. Indicating the pagination filter is necessary in any case.

Name Description Model

analysisCode
optional

Analysis code
Example : "A-7e3-16dc9e29131"

string

analysisImpactCode
optional

Analysis impact code
Example : "0143dde8-3d81-44ac-ab77-fb5132c0f3b0"

string

applicationName
optional

Application name
Example : "myApp"

string

navigationFilter
optional

Navigation filter
Example : NavigationFilterData

pagination
required

Pagination
Example : PaginationData

sourceFilter
optional

Source filter
Example : FilterData

sourceIds
optional

Source identificators
Example : [ 0 ]

< integer (int64) > array

targetFilter
optional

Target filter
Example : FilterData

targetIds
optional

Target identificators
Example : [ 0 ]

< integer (int64) > array

SecurityRestData

Name Description Model

components
optional

Components list affected by this vulnerability
Example : [ "ComponentSimpleRestData" ]

cve
optional

CVE reference (Common Vulnerabilities and Exposures)
Example : "CVE-2016-5007"

string

cwe
optional

CWE reference (Common Weakness Enumeration Specification)
Example : "CWE-264"

string

description
optional

Vulnerability description
Example : "Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences."

string

exploitabilitySubscore
optional

Vulnerability exploitable sub-score
Example : "10"

string

getcVSSv2BaseScore
optional

Vulnerability CVSS v2 base score
Example : "5"

string

id
optional

Vulnerability identifier
Example : 86896

integer (int64)

impactSubscore
optional

Vulnerability impact sub-score
Example : "2.9"

string

lastModified
optional

Last modified date
Example : "2017/05/25 19:29"

string

securityRisk
optional

Component security risk (high, medium, low, none, unknown)
Example : "MEDIUM"

string

SourceChildSimpleRestData

Name Description Model

artifact
optional

Source artifact name
Example : "org.springframework:spring-aop"

string

child
optional

Source childs list
Example : [ "SourceChildSimpleRestData" ]

repository
optional

Repository name
Example : "MAVEN"

string

version
optional

Source version
Example : "3.2.13.RELEASE"

string

SourceRootSimpleRestData

Name Description Model

artifact
optional

Source artifact name
Example : "org.springframework:spring-context"

string

child
optional

Source childs list
Example : [ "SourceChildSimpleRestData" ]

path
optional

Source path
Example : "pom.xml"

string

version
optional

Source version
Example : "3.2.13.RELEASE"

string

StaticDetails

Name Description Model

dataFlow
optional

Data flow
Example : [ "DataFlowElement" ]

< DataFlowElement > array

parameter
optional

Injection point
Example : "cmd.CommandText"

string

SubGraphImpactRequest

It is necessary to indicate the name of the application or the analysis code, as well as the source and the target identifier

Name Description Model

analysisCode
optional

Analysis code
Example : "A-7e3-16dc9e29131"

string

applicationName
optional

Application name
Example : "myApp"

string

navigationFilter
required

Navigation filter
Example : NavigationFilterData

sourceId
required

Source identifier
Example : 5463

integer (int64)

targetId
required

Target identifier
Example : 5467

integer (int64)

SubGraphImpactResponse

Name Description Model

components
optional

List of components
Example : [ "ComponentDetailResponse" ]

relations
optional

List of relations
Example : [ "RelationRestData" ]

< RelationRestData > array

UnparsedFileData

Name Description Model

cause
optional

Cause
Example : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"

string

file
optional

Unparsed file name
Example : "FileSystemSQL.java"

string

UserApplicationRoleResponse

Name Description Model

override
optional

Indicates if override the configuration or not
Example : true

boolean

roleName
optional

Role name
Example : "None"

string

username
optional

User name
Example : "username"

string

UserAppsPermissionsResponse

Name Description Model

applicationPermissionsData
optional

List of applicaction names and their permissions for this user
Example : [ "ApplicationPermissionsData" ]

email
optional

User email
Example : "john.smith@myCompany.com"

string

enabled
optional

Indicates if the user is enabled or not
Example : true

boolean

firstName
optional

User first name
Example : "John"

string

lastName
optional

User last name
Example : "Smith"

string

manageApplications
optional

Indicates if the user has permissions to manage applications
Example : true

boolean

manageAudits
optional

Indicates if the user has permissions to manage audits
Example : true

boolean

manageModels
optional

Indicates if the user has permissions to manage models
Example : true

boolean

manageReports
optional

Indicates if the user has permissions to manage reports
Example : true

boolean

manageUsers
optional

Indicates if the user has permissions to manage users
Example : true

boolean

managementFeatures
optional

Management features. Allowed values are { MANAGE_APPLICATIONS | MANAGE_ALL_USERS | MANAGE_MODELS }
Example : "['MANAGE_APPLICATIONS','MANAGE_MODELS']"

< string > array

overrideUserGroup
optional

Indicates if the user override group permissions
Example : true

boolean

supportEnabled
optional

Indicates if the user has the support enabled
Example : true

boolean

username
optional

User name
Example : "john.smith@myCompany.com"

string

UserDetailResponse

Name Description Model

email
optional

User email
Example : "john.smith@myCompany.com"

string

enableLoginWithPassword
optional

Indicates if the user has enable login with password
Example : true

boolean

enabled
optional

Indicates if the user is enabled or not
Example : true

boolean

firstName
optional

User first name
Example : "John"

string

isOwner
optional

Indicates if the user is the account owner
Example : false

boolean

lastName
optional

User last name
Example : "Smith"

string

username
optional

User name
Example : "john.smith@myCompany.com"

string

UserGroupRequest

Name Description Model

accessControlConfiguration
optional

User access control configuration details
Example : AccessControlConfigurationData

name
required

User group name
Example : "CMSDevelopers"

string

newName
optional

User group new name
Example : "CMS_Developers"

string

users
optional

Group users list
Example : "john.smith@myCompany.com, kelly.smith@myCompany.com"

< string > array

UserGroupResponse

Name Description Model

name
optional

User group name
Example : "CMSDevelopers"

string

users
optional

Group users list
Example : "john.smith@myCompany.com, kelly.smith@myCompany.com"

< string > array

UserInformationResponse

Name Description Model

organization
optional

Organization name
Example : "MyCompany"

string

username
optional

User name
Example : "John Smith"

string

UserManagementRequest

Name Description Model

accessControlConfiguration
optional

User access control configuration details
Example : AccessControlConfigurationData

email
required

User email
Example : "john.smith@myCompany.com"

string

enableLoginWithPassword
optional

Indicates if the user has enable login with password
Example : true

boolean

enabled
required

Indicates if the user is enabled
Example : true

boolean

firstName
required

User first name
Example : "John"

string

generatePassword
optional

True to generate a random password
Example : true

boolean

lastName
required

User last name
Example : "Smith"

string

regeneratePassword
optional

True to regenerate the user password
Example : false

boolean

username
required

User name
Example : "john.smith@myCompany.com"

string

UserPortfolioRoleData

Name Description Model

portfolioValue
optional

Portfolio value
Example : "Asia"

string

roleName
optional

Name of the role
Example : "Write"

string

type
optional

Portfolio type (CUSTOM, SYSTEM)
Example : "CUSTOM"

enum (CUSTOM, SYSTEM)

username
optional

User name
Example : "username"

string

ValueCountData

Name Description Model

count
optional

Number of elements with same property
Example : 22

integer (int64)

value
optional

Name of property (language, type, relation)
Example : "java"

string

ViolatedRuleResponse

Name Description Model

characteristic
optional

CQM characteristic
Example : "Security"

enum (Efficiency, Maintainability, Portability, Reliability, Security)

defectsCount
optional

Number of defects
Example : 72

integer (int64)

effort
optional

Rule effort
Example : "36h 00"

string

files
optional

Link to files
Example : HrefData

filesCount
optional

Number of files
Example : 11

integer (int64)

language
optional

CQM technology (List of supported technologies in https://www.kiuwan.com/docs/display/K5/Kiuwan+Supported+Technologies)
Example : "Java"

string

modelId
optional

Model identifier
Example : 6252

integer (int64)

priority
optional

CQM priority
Example : "Very High"

enum (Very Low, Low, Normal, High, Very High)

ruleCode
optional

Rule code
Example : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule"

string

suppressedDefectsCount
optional

Number of suppressed defects
Example : 0

integer (int64)

tags
optional

Tags list
Example : "[CERT-J:IDS51-J,CWE:79,CWEScope:Access-Control,CWEScope:Availability,CWEScope:Confidentiality,CWEScope:Integrity,essential,OWASP:2013:A3,OWASP:2017:A7,OWASP-M:2014:M7,PCI-DSS:6.5.7,SANS25:2010:1,SANS25:2011:4,WASC:08]"

< string > array

vulnerabilityType
optional

Vulnerability type (More info in https://www.kiuwan.com/docs/display/K5/Kiuwan+Vulnerability+Types)
Example : "Injection"

string

VulnerabilityData

Name Description Model

category
optional

Sink category
Example : "xss"

string

container
optional

Container
Example : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)"

string

cweId
optional

CWE identifier
Example : 79

integer (int32)

datapaths
optional

Vulnerability datapaths
Example : [ "DatapathData" ]

< DatapathData > array

frames
optional

Vulnerability frames
Example : [ "FrameData" ]

< FrameData > array

injectionPoint
optional

InjectionPoint
Example : "string"

string

resource
optional

Resource
Example : "web"

string

sourceCategory
optional

Source category
Example : "user_input"

string

sourceCode
optional

Source code
Example : "\t\t\tString val = request.getParameter(item);"

string

sourceContainer
optional

Source container
Example : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)"

string

sourceFile
optional

Source file
Example : "FileSystemRepository.java"

string

sourceInjectionPoint
optional

Source injection point
Example : "string"

string

sourceLine
optional

Source line
Example : 70

integer (int32)

sourceResource
optional

Source resource
Example : "web"

string

variableDeclaration
optional

Variable declaration
Example : "String sql"

string

VulnerabilityRestData

Name Description Model

cve
optional

CVE reference (Common Vulnerabilities and Exposures)
Example : "CVE-2018-11039"

string

cwe
optional

CWE reference (Common Weakness Enumeration Specification)
Example : "CWE-20"

string

description
optional

Vulnerability description
Example : "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack."

string

id
optional

Vulnerability identifier
Example : 108742

integer (int64)

severity
optional

Vulnerability severity (High, Medium, Low)
Example : "Low"

enum (High, Medium, Low)