Overview
The REST API is the primary way that data are retrieved from Kiuwan. This guide is intended for developers who want to write applications that can interact with the Kiuwan API. It contains a full reference of API calls. It also shows you how authentication works and all about service quotas.
Be sure that you have a Kiuwan account and a Kiuwan username and password. Every REST API request must be authenticated. We recommend to use a different account for development purpose, in order to protect yourself and your production quota service.
Calling style and data format
There are several ways for calling Kiuwan REST API from your application. You can do it directly from Javascript —no server side code is required— or you can use a client library, depending on your server side technology.
The data format is JSON (Javascript Object Notation). It is a common, language-independent data format that provides a simple text representation of arbitrary data structures. For more information, see json.org.
| The endpoints and their parmeters are case-sensitive. In case you call the API with a URL that does not exist in this document, you will receive a 404 error. If the names of the optional parameters are incorrect, the call will be the same as the call without these parameters. On the other hand, there are endpoints with all optional parameters, in this case, you can find the explanation in the description. |
Swagger / OpenAPI specification
Kiuwan provides a Swagger / OpenAPI specification of its public REST API. There are many generators available that you can use to create a client for the language that suits your needs. You can download the Kiuwan REST API OpenAPI specification here:
Working with API
| if you are a Kiuwan on-premise user, you should point your API calls to the configured kiuwan on-premise host, using the scheme your installation is running under (http / https). |
Schema
All API access is over HTTPS, and accessed from the api.kiuwan.com domain.
| All data is sent and received as JSON, except the endpoints witch generates reports that returns files or in the case of error this endpoints will return JSON object. All timestamps are returned in ISO 8601 format: |
YYYY-MM-DDTHH:MM:SSZExample:
$ curl -i --user [YOUR USERNAME]:[YOUR PASSWORD] https://api.kiuwan.com/apps/kiuwan
HTTP/1.1 200 OK
Date: Tue, 09 Jul 2013 08:40:04 GMT
Server: Restlet-Framework/2.1.2
Accept-Ranges: bytes
X-QuotaLimit: 1000
X-QuotaLimit-Remaining: 993
Content-Type: application/json;charset=UTF-8
Set-Cookie: JSESSIONID=B28iXS4GthtHVOysVg6fjnDK.undefined; Path=/saas; Secure; HttpOnly
Set-Cookie: ROUTEID=.saas1; path=/saas
Via: 1.1 api.kiuwan.com
Transfer-Encoding: chunked
{"name":"kiuwan","description":"kiuwan","label":"","date":"2013-05-27T11:11:15Z","encoding":"UTF-8","languages":[{"name":"java","size":64328},{"name":"sql","size":1}],"quality_model":"CQM","ordered_by":"Jerry Fish","Risk index":{"value":0.03973296594074194},"Quality indicator":{"value":84.67472661535454,"children":[{"name":"Efficiency","value":88.75956383609372},{"name":"Maintainability","value":59.62314522711728},{"name":"Portability","value":98.37209493445182},{"name":"Reliability","value":93.53795131980435},{"name":"Security","value":99.8542334844733}]},"Effort to target":{"value":42.19999999999999,"children":[{"name":"Efficiency","value":0.0},{"name":"Maintainability","value":42.19999999999999},{"name":"Portability","value":0.0},{"name":"Reliability","value":0.0},{"name":"Security","value":0.0}]},"Main metrics":[{"name":"Files","value":996.0},{"name":"Lines of code","value":64329.0},{"name":"Duplicated code","value":0.12281122303922935},{"name":"Complexity","value":1.461493497004238},{"name":"Very high defects","value":101.0},{"name":"Total defects","value":10277.0}]}The parameters of the different endpoints can be of the following types:
| Type | Description |
|---|---|
Query |
Query parameters are a defined set of parameters attached to the end of a url. They are extensions of the URL that are used to help define specific content or actions based on the data being passed. |
Path |
Path parameters are components of a URL path that can vary. They are typically used to point to a specific resource within a collection, such as a user identified by ID. A URL can have several path parameters, each denoted with curly braces { }. |
Body |
The POST, PUT and PATCH requests can have the request body (payload), such as JSON or XML data. The request body is called a body parameter. There can be only one body parameter, although the operation may have other parameters (path, query, header). |
Authentication and authorization
Every request your application sends to the Kiuwan REST API must identify your application. You can do that by using HTTP Basic, which also authorizes the request.
Most client software provides a simple mechanism for supplying a user name and password and will build the required authentication headers automatically. For example, you can specify the --user argument with curl as follows:
$ curl --user [YOUR USERNAME]:[YOUR PASSWORD] https://api.kiuwan.com/infoOnce you have been identified with a valid user and password, you will have access to your private quality results. Even, you will have access to public accounts and their quality results.
Example with query params:
$ curl --user [YOUR USERNAME]:[YOUR PASSWORD] https://api.kiuwan.com/applications/last_analysis?application=my_appIn case that Single Sign-On is activated in your account, for custom programs using Kiuwan REST-API calls, you have to add a new header (X-KW-CORPORATE-DOMAIN-ID) to indicate the Domain ID to pass the BASIC authentication.
Example of curl execution for accounts with Single Sign-On enabled:
$ curl -H "X-KW-CORPORATE-DOMAIN-ID: {domain.id}" --user [YOUR USERNAME]:[YOUR PASSWORD] https://api.kiuwan.com/info| In order to use REST-API on customers with Single Sign-On, the user must have been authorized by the administrator to continue using Kiuwan credentials. And, in this case, the user must authenticate not only providing their username and password in Kiuwan, but also indicating the domain to which they belong to. |
Working with lists and pages
If the answer of your request is composed by a list of elements —a list of applications, analysis or defects, for example—, it will be paginated. You will find an indication if a function request allows pagination in API reference. You can manage pagination with two parameters:
| Parameter name | Description | Default value | Valid range of values |
|---|---|---|---|
page |
Page number of the request |
1 |
[1-INF] |
count |
The number of the elements per page |
500 |
[1-5000] |
An example of call in curl is:
curl -i --user [YOUR USERNAME]:[YOUR PASSWORD] https://api.kiuwan.com/apps/analysis/A-7e3-16e5b1aad2a/defects?page=2&count=50
For POST endpoints an example is:
curl -i --user [YOUR USERNAME]:[YOUR PASSWORD] -d "{""applicationName"": ""appName"", ""pagination"": {""page"": 1, ""count"": 50 }}" -H "Content-Type: application/json" -X POST https://api.kiuwan.com/arch/list
Quota service
In order to protect the performance, Kiuwan establish a Quota service for each authenticated user. The request will be limited to 1000 per hour. You can check the returned HTTP headers of any API request to see your current status:
$ curl -i --user jerry@kiuwan.com:j3rryf1sh https://api.kiuwan.com/info
HTTP/1.1 200 OK
Status: 200 OK
X-QuotaLimit: 1000
X-QuotaLimit-Remaining: 966Examples
In this chapter we will show how to call the API for different languages:
Curl
You can curl an endpoint using directly your credentials:
curl -i --user [YOUR USERNAME]:[YOUR PASSWORD] https://api.kiuwan.com/...Or specifying a basic authorization hash:
curl -i -H "Authorization: Basic [[BASIC AUTH HASH]]" https://api.kiuwan.com/...Java
import io.swagger.client.*;
import io.swagger.client.auth.*;
import io.swagger.client.model.*;
import io.swagger.client.api.ActionPlanApi;
public class KiuwanRestApiExample {
public static void main(String[] args) {
ApiClient defaultClient = Configuration.getDefaultApiClient();
// Configure HTTP basic authorization: basicAuth
HttpBasicAuth basicAuth = (HttpBasicAuth) defaultClient.getAuthentication("basicAuth");
basicAuth.setUsername("YOUR USERNAME");
basicAuth.setPassword("YOUR PASSWORD");
// Instance API operation
ApplicationApi applicationApi = new ApplicationApi(defaultClient);
try {
for (ApplicationBean app : applicationApi.getApplications()) {
System.out.println(app);
}
} catch (ApiException e) {
System.err.println("Exception when calling ApplicationApi#getApplications");
e.printStackTrace();
}
}
}Android
import io.swagger.client.api.ActionPlanApi;
public class ActionPlanApiExample {
public static void main(String[] args) {
// Instance API operation
ActionPlanApi apiInstance = new ActionPlanApi();
String application = application_example; // String | Application name
String name = name_example; // String | Action plan name
String creation = creation_example; // String | Creation date
try {
apiInstance.generateReportCSV(application, name, creation);
} catch (ApiException e) {
System.err.println("Exception when calling ActionPlanApi#generateReportCSV");
e.printStackTrace();
}
}
}Obj-C
Configuration *apiConfig = [Configuration sharedConfig];
// Configure HTTP basic authorization (authentication scheme: basicAuth)
[apiConfig setUsername:@"YOUR_USERNAME"];
[apiConfig setPassword:@"YOUR_PASSWORD"];
String *application = application_example; // Application name
String *name = name_example; // Action plan name
String *creation = creation_example; // Creation date (optional)
// Instance API operation
ActionPlanApi *apiInstance = [[ActionPlanApi alloc] init];
[apiInstance generateReportCSVWith:application
name:name
creation:creation
completionHandler: ^(NSError* error) {
if (error) {
NSLog(@"Error: %@", error);
}
}];JavaScript
var KiuwanRestApiClient = require('kiuwan_rest_api_client');
var defaultClient = KiuwanRestApiClient.ApiClient.instance;
// Configure HTTP basic authorization: basicAuth
var basicAuth = defaultClient.authentications['basicAuth'];
basicAuth.username = 'YOUR USERNAME'
basicAuth.password = 'YOUR PASSWORD'
// Instance API operation
var api = new KiuwanRestApiClient.ActionPlanApi()
var application = application_example; // {String} Application name
var name = name_example; // {String} Action plan name
var opts = {
'creation': creation_example // {String} Creation date
};
var callback = function(error, data, response) {
if (error) {
console.error(error);
} else {
console.log('API called successfully.');
}
};
api.generateReportCSV(application, name, opts, callback);C#
using System;
using System.Diagnostics;
using IO.Swagger.Api;
using IO.Swagger.Client;
using IO.Swagger.Model;
namespace Example
{
public class generateReportCSVExample
{
public void main()
{
// Configure HTTP basic authorization: basicAuth
Configuration.Default.Username = "YOUR_USERNAME";
Configuration.Default.Password = "YOUR_PASSWORD";
// Instance API operation
var apiInstance = new ActionPlanApi();
var application = application_example; // String | Application name
var name = name_example; // String | Action plan name
var creation = creation_example; // String | Creation date (optional)
try
{
apiInstance.generateReportCSV(application, name, creation);
}
catch (Exception e)
{
Debug.Print("Exception when calling ActionPlanApi.generateReportCSV: " + e.Message );
}
}
}
}PHP
<?php
require_once(__DIR__ . '/vendor/autoload.php');
// Configure HTTP basic authorization: basicAuth
Swagger\Client\Configuration::getDefaultConfiguration()->setUsername('YOUR_USERNAME');
Swagger\Client\Configuration::getDefaultConfiguration()->setPassword('YOUR_PASSWORD');
// Instance API operation
$api_instance = new Swagger\Client\Api\ActionPlanApi();
$application = application_example; // String | Application name
$name = name_example; // String | Action plan name
$creation = creation_example; // String | Creation date
try {
$api_instance->generateReportCSV($application, $name, $creation);
} catch (Exception $e) {
echo 'Exception when calling ActionPlanApi->generateReportCSV: ', $e->getMessage(), PHP_EOL;
}
?>Perl
use Data::Dumper;
use WWW::SwaggerClient::Configuration;
use WWW::SwaggerClient::ActionPlanApi;
# Configure HTTP basic authorization: basicAuth
$WWW::SwaggerClient::Configuration::username = 'YOUR_USERNAME';
$WWW::SwaggerClient::Configuration::password = 'YOUR_PASSWORD';
# Instance API operation
my $api_instance = WWW::SwaggerClient::ActionPlanApi->new();
my $application = application_example; # String | Application name
my $name = name_example; # String | Action plan name
my $creation = creation_example; # String | Creation date
eval {
$api_instance->generateReportCSV(application => $application, name => $name, creation => $creation);
};
if ($@) {
warn "Exception when calling ActionPlanApi->generateReportCSV: $@\n";
}Python
import swagger_client
# Instance API operation
api_instance = swagger_client.ActionPlanApi()
# Configure HTTP basic authorization: basicAuth
api_instance.api_client.configuration.username = 'username.demo'
api_instance.api_client.configuration.password = "xxxxxxx"
# Run the desired method
application = "Abap" # String | Application name
print(api_instance.get_action_plans(application))Error codes
The REST API returns the next error codes when something in the request goes wrong.
| Error code | Cause | HTTP status code |
|---|---|---|
00 |
Internal server error. |
500 |
01 |
Quota limit reached. |
429 |
02 |
Access denied. |
403 |
03 |
Application not found. |
404 |
04 |
Analysis not found. |
404 |
05 |
Bad JSON format. |
400 |
06 |
Application already exists. |
409 |
07 |
Bad datetime format. |
400 |
08 |
Bad model id. |
400 |
09 |
Limit exceeded. |
403 |
10 |
Bad analysis result id format. |
400 |
11 |
Bad artifact id format. |
400 |
12 |
Bad customer id format. |
400 |
13 |
Model not found. |
404 |
14 |
Portfolio value not found. |
404 |
15 |
Portfolio not found. |
404 |
16 |
Duplicated portfolio name found. |
400 |
17 |
User not found. |
404 |
18 |
Override option not indicated. |
400 |
19 |
Unknown role assignment mode. |
400 |
20 |
Role not found. |
404 |
21 |
Invalid parameter. |
400 |
22 |
Unknown management feature name. |
400 |
23 |
Target out of range. |
400 |
24 |
Unknown business value. |
400 |
25 |
User already exists. |
400 |
26 |
Duplicated application name. |
400 |
27 |
Duplicated portfolio value. |
400 |
28 |
User group not found. |
404 |
29 |
User group with indicated name already exists. |
400 |
30 |
Indicated provider not found. |
404 |
31 |
You do not have permissions to view the portfolio definitions. |
403 |
32 |
(Not used) |
|
33 |
Duplicated business value in the request. |
400 |
34 |
Duplicated provider in the request. |
400 |
35 |
Not in ISO 8601 format. |
400 |
36 |
Action plan not found. |
404 |
37 |
Rule not found. |
404 |
38 |
Delivery not found. |
404 |
39 |
Checkpoint not found. |
404 |
40 |
Input modelId does not match a valid model |
400 |
41 |
Duplicated tag |
400 |
42 |
Defect not found |
404 |
43 |
Audit not found |
404 |
44 |
Analysis is running |
404 |
45 |
Analysis failed |
404 |
46 |
Invalid value |
400 |
47 |
Custom Software Artifact not found |
404 |
48 |
Custom Software Artifact already exists |
400 |
49 |
Private Vulnerability not found |
404 |
50 |
Private Vulnerability already exists |
400 |
51 |
Software Artifact not found |
404 |
52 |
License not found |
404 |
53 |
Relation Software Artifact and license not found |
404 |
The response status will be HTTP status code indicated in the table above. Additionally, the response will contain an array of errors, each error will have a couple of fields:
-
"code": Error code
-
"message": Error message
For example:
{
"errors": [
{
"code": "04",
"message": "Analysis not found."
}
]
}Endpoints
This section shows all available endpoints in Kiuwan REST API.
ActionPlan
Get progress summary of an action plan
GET /actionPlan
Description
Obtains the current and the past main metrics and indicators of an application for an action plan. If there are more than one action plans with the same name, this endpoint returns the most recent action plan’s information.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
application |
Application name |
string |
Query |
creation |
Action plan creation date |
string (date-time) |
Query |
name |
Action plan name |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of an action plan |
|
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/actionPlan?application=myApp&name=ActionPlan1&creation=2019-08-03T10%3A15%3A30ZExample HTTP response
Response 200
{
"name": "ActionPlan1",
"description": "Action Plan for security defects",
"creation": "2019-10-31T14:50:05.227Z",
"expiration": "2019-11-31T14:50:05.227Z",
"createdBy": "The Boss",
"assignedTo": "John Smith",
"progress": 32.5,
"estimate": "1h 56m",
"pendingEffort": "30m",
"purged": false,
"riskIndexBefore": 19.22,
"globalIndicatorBefore": 7.21,
"effortToTargetBefore": 31.8,
"qualityIndicatorsBefore": {
"Efficiency": 53.21,
"Portability": 72.9,
"Maintainability": 21.9,
"Reliability ": 13.12,
"Security ": 38.32
},
"riskIndexAfter": 9.3,
"globalIndicatorAfter": 23.5,
"effortToTargetAfter": 8.23,
"qualityIndicatorsAfter": {
"Efficiency": 15.28,
"Portability": 7.23,
"Maintainability": 71.1,
"Reliability": 31.2,
"Security": 23.21
},
"metrics": {
"string": 0.0
}
}Get all defects of an action plan
GET /actionPlan/defects/all
Description
Obtains all defects included in an action plan. If there are more than one action plans with the same name, this endpoint returns the most recent action plan’s information.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
application |
Application name |
string |
Query |
creation |
Action plan creation date |
string (date-time) |
Query |
name |
Action plan name |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of an action plan defects |
|
400 |
Invalid creation date format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/actionPlan/defects/all?application=myApp&name=ActionPlan1&creation=2019-08-03T10%3A15%3A30ZExample HTTP response
Response 200
{
"name" : "ActionPlan1",
"description" : "Action Plan for security defects",
"creation" : "2019-10-31T14:50:05.227Z",
"expiration" : "2019-11-31T14:50:05.227Z",
"createdBy" : "The Boss",
"assignedTo" : "John Smith",
"progress" : 32.5,
"estimate" : "1h 56m",
"pendingEffort" : "30m",
"purged" : false,
"allDefects" : [ {
"defectId" : 16558118,
"file" : "FileSystemRepository.java",
"line" : 368,
"code" : "\t\t\tout.println(sql);",
"muted" : false,
"vulnerabilityType" : "Injection",
"explanation" : "Reflected XSS: user_input",
"status" : "None",
"cweId" : 79,
"ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
"rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"language" : "java",
"characteristic" : "Security",
"priority" : "Very High",
"effort" : "30m",
"modelId" : 6252,
"securityDetail" : {
"cweId" : 79,
"category" : "xss",
"resource" : "web",
"container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
"injectionPoint" : "string",
"variableDeclaration" : "String sql",
"sourceFile" : "FileSystemRepository.java",
"sourceLine" : 70,
"sourceCode" : "\t\t\tString val = request.getParameter(item);",
"sourceCategory" : "user_input",
"sourceResource" : "web",
"sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"sourceInjectionPoint" : "string",
"frames" : [ {
"index" : 0,
"file" : "FileSystemRepository.java",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"category" : "user_input",
"resource" : "web",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"injectionPoint" : "string",
"variableDeclaration" : "string"
} ],
"datapaths" : [ {
"index" : 1,
"kind" : "sink",
"varname" : "user",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"indirect" : true,
"file" : "FileSystemRepository.java",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"localId" : 1,
"localParentId" : 1
} ]
}
} ]
}Get pending defects of an action plan
GET /actionPlan/defects/pending
Description
Obtains the pending defects of an action plan compared with a concrete analysis. If there are more than one action plans with the same name, this endpoint returns the most recent action plan’s information. If there are more than one analysis with the same label, uses the most recent analysis of them.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
analysisLabel |
Analysis label. If empty it compares with last analysis |
string |
Query |
application |
Application name |
string |
Query |
asc |
Sort ascending: true/false |
enum (true, false) |
Query |
characteristics |
Comma-separated list of characteristics to filter by |
enum (Efficiency, Maintainability, Portability, Reliability, Security) |
Query |
creation |
Action plan creation date |
string (date-time) |
Query |
fileContains |
Use this param to filter defects by file name |
string |
Query |
languages |
Comma-separated list of languages to filter by |
string |
Query |
limit |
Max number of defects returned |
integer |
Query |
name |
Action plan name |
string |
Query |
orderBy |
Sorting criteria: priority/effort |
enum (priority, effort) |
Query |
priorities |
Comma-separated list of priorities(Very low, Low, Normal, High, Very high) to filter by |
enum (Very low, Low, Normal, High, Very high) |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of an action plan pending defects |
|
400 |
Invalid creation date format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/actionPlan/defects/pending?application=myApp&name=ActionPlan1&analysisLabel=A-7e3-16dc9e2913&asc=true&characteristics=Security%2C+Efficiency&creation=2019-08-03T10%3A15%3A30Z&fileContains=FileSystemRepository.java&languages=java%2C+php&limit=100&orderBy=priority&priorities=Very+high%2C+HighExample HTTP response
Response 200
{
"name" : "ActionPlan1",
"description" : "Action Plan for security defects",
"creation" : "2019-10-31T14:50:05.227Z",
"expiration" : "2019-11-31T14:50:05.227Z",
"createdBy" : "The Boss",
"assignedTo" : "John Smith",
"progress" : 32.5,
"estimate" : "1h 56m",
"pendingEffort" : "30m",
"purged" : false,
"pendingDefects" : [ {
"defectId" : 16558118,
"file" : "FileSystemRepository.java",
"line" : 368,
"code" : "\t\t\tout.println(sql);",
"muted" : false,
"vulnerabilityType" : "Injection",
"explanation" : "Reflected XSS: user_input",
"status" : "None",
"cweId" : 79,
"ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
"rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"language" : "java",
"characteristic" : "Security",
"priority" : "Very High",
"effort" : "30m",
"modelId" : 6252,
"securityDetail" : {
"cweId" : 79,
"category" : "xss",
"resource" : "web",
"container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
"injectionPoint" : "string",
"variableDeclaration" : "String sql",
"sourceFile" : "FileSystemRepository.java",
"sourceLine" : 70,
"sourceCode" : "\t\t\tString val = request.getParameter(item);",
"sourceCategory" : "user_input",
"sourceResource" : "web",
"sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"sourceInjectionPoint" : "string",
"frames" : [ {
"index" : 0,
"file" : "FileSystemRepository.java",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"category" : "user_input",
"resource" : "web",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"injectionPoint" : "string",
"variableDeclaration" : "string"
} ],
"datapaths" : [ {
"index" : 1,
"kind" : "sink",
"varname" : "user",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"indirect" : true,
"file" : "FileSystemRepository.java",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"localId" : 1,
"localParentId" : 1
} ]
}
} ]
}Get removed defects of an action plan
GET /actionPlan/defects/removed
Description
Obtains the removed defects of an action plan compared with a concrete analysis. If there are more than one action plans with the same name, this endpoint returns the most recent action plan’s information. If there are more than one analysis with the same label, uses the most recent analysis of them.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
analysisLabel |
Analysis label. If empty it compares with last analysis |
string |
Query |
application |
Application name |
string |
Query |
creation |
Action plan creation date |
string (date-time) |
Query |
name |
Action plan name |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of an action plan removed defects |
|
400 |
Invalid creation date format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/actionPlan/defects/removed?application=myApp&name=ActionPlan1&analysisLabel=A-7e3-16dc9e2913&creation=2019-08-03T10%3A15%3A30ZExample HTTP response
Response 200
{
"name" : "ActionPlan1",
"description" : "Action Plan for security defects",
"creation" : "2019-10-31T14:50:05.227Z",
"expiration" : "2019-11-31T14:50:05.227Z",
"createdBy" : "The Boss",
"assignedTo" : "John Smith",
"progress" : 32.5,
"estimate" : "1h 56m",
"pendingEffort" : "30m",
"purged" : false,
"removedDefects" : [ {
"defectId" : 16558118,
"file" : "FileSystemRepository.java",
"line" : 368,
"code" : "\t\t\tout.println(sql);",
"muted" : false,
"vulnerabilityType" : "Injection",
"explanation" : "Reflected XSS: user_input",
"status" : "None",
"cweId" : 79,
"ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
"rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"language" : "java",
"characteristic" : "Security",
"priority" : "Very High",
"effort" : "30m",
"modelId" : 6252,
"securityDetail" : {
"cweId" : 79,
"category" : "xss",
"resource" : "web",
"container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
"injectionPoint" : "string",
"variableDeclaration" : "String sql",
"sourceFile" : "FileSystemRepository.java",
"sourceLine" : 70,
"sourceCode" : "\t\t\tString val = request.getParameter(item);",
"sourceCategory" : "user_input",
"sourceResource" : "web",
"sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"sourceInjectionPoint" : "string",
"frames" : [ {
"index" : 0,
"file" : "FileSystemRepository.java",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"category" : "user_input",
"resource" : "web",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"injectionPoint" : "string",
"variableDeclaration" : "string"
} ],
"datapaths" : [ {
"index" : 1,
"kind" : "sink",
"varname" : "user",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"indirect" : true,
"file" : "FileSystemRepository.java",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"localId" : 1,
"localParentId" : 1
} ]
}
} ]
}Get available action plans
GET /actionPlans
Description
List action plans of an application.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
application |
Application name |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of action plans |
< ActionPlanDetailResponse > array |
403 |
Access denied |
No Content |
404 |
Application does not exist |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/actionPlans?application=myAppExample HTTP response
Response 200
[
{
"name": "ActionPlan1",
"description": "Action Plan for security defects",
"creation": "2019-10-31T14:50:05.227Z",
"expiration": "2019-11-31T14:50:05.227Z",
"createdBy": "The Boss",
"assignedTo": "John Smith",
"progress": 32.5,
"estimate": "1h 56m",
"pendingEffort": "30m",
"purged": false
}
...
...
...
{
"name": "plan2",
"description": "",
"creation": "2021-10 18T05:57:42Z",
"expiration": "2021-10-18T22:00:00Z",
"createdBy": "Administrator Site",
"progress": 0.0,
"estimate": "3h 00",
"pendingEffort": "180h",
"purged": false
}
]ActionPlan-Reports
Get progress report of an action plan
GET /actionPlan/progress/export
Description
Get progress report of an action plan or JSON with errors
Parameters
| Type | Name | Description | Model | Default |
|---|---|---|---|---|
Query |
application |
Application name |
string |
|
Query |
creation |
Action plan creation date |
string (date-time) |
|
Query |
name |
Action plan name |
string |
|
Query |
type |
Type of report |
enum (CSV, PDF) |
|
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of an action plan progress report |
file |
400 |
Invalid parameter |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/pdf -
text/csv -
application/json
Example HTTP request
Request path
/actionPlan/progress/export?application=myApp&name=ActionPlan1&creation=2019-08-03T10%3A15%3A30Z&type=PDFGet security report of an action plan
GET /actionPlan/security/export
Description
Get security report of an action plan or JSON with errors
Parameters
| Type | Name | Description | Model | Default |
|---|---|---|---|---|
Query |
application |
Application name |
string |
|
Query |
creation |
Action plan creation date |
string (date-time) |
|
Query |
name |
Action plan name |
string |
|
Query |
type |
Type of report |
enum (CSV, PDF) |
|
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of an action plan progress report |
file |
400 |
Invalid parameter |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/pdf -
text/csv -
application/json
Example HTTP request
Request path
/actionPlan/security/export?application=myApp&name=ActionPlan1&creation=2019-08-03T10%3A15%3A30Z&type=PDFGet security progress report of an action plan
GET /actionPlan/security/progress/export
Description
Get security progress report of an action plan or JSON with errors
Parameters
| Type | Name | Description | Model | Default |
|---|---|---|---|---|
Query |
application |
Application name |
string |
|
Query |
creation |
Action plan creation date |
string (date-time) |
|
Query |
name |
Action plan name |
string |
|
Query |
type |
Type of report |
enum (CSV, PDF) |
|
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of an action plan progress report |
file |
400 |
Invalid parameter |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/pdf -
text/csv -
application/json
Example HTTP request
Request path
/actionPlan/security/progress/export?application=myApp&name=ActionPlan1&creation=2019-08-03T10%3A15%3A30Z&type=PDFActivity
Get list of users activity
GET /activity
Description
List users activity with different parameters to filter data. See parameters section.
Parameters
| Type | Name | Description | Model | Default |
|---|---|---|---|---|
Query |
action |
Action name to filter results |
string |
|
Query |
affectedApplication |
Filter results by affected items: Application |
string |
|
Query |
affectedAudit |
Filter results by affected items: Audit |
string |
|
Query |
affectedModel |
Filter results by affected items: Model |
string |
|
Query |
affectedUser |
Filter results by affected items: User |
string |
|
Query |
count |
The number of activities to display (defaults to 10) |
integer |
|
Query |
description |
Activity description |
string |
|
Query |
elementType |
Type of activity |
string |
|
Query |
endDate |
Filter by date range - ending with the date |
string |
|
Query |
sortBy |
The field to sort by |
enum (action, user, date, elementType, description) |
|
Query |
sortOrder |
The sort order |
enum (asc, desc) |
|
Query |
startDate |
Filter by date range - starting from the date |
string |
|
Query |
startIndex |
The number of start index to display (defaults to 1) |
integer |
|
Query |
user |
User which did the activity |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of activity data |
|
400 |
Malformed request |
No Content |
403 |
Access denied |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/activity?action=CREATE&affectedApplication=myApp&affectedAudit=myAudit&affectedModel=CQM&affectedUser=otherUser&count=10&description=uploaded+results&elementType=Analysis&endDate=2019-11-01T23%3A59%3A59Z&sortBy=date&sortOrder=asc&startDate=2019-11-01T00%3A00%3A00Z&startIndex=1&user=userExample HTTP response
Response 200
{
"totalResults" : 1,
"itemsPerPage" : 10,
"startIndex" : 1,
"activity" : [ {
"action" : "CREATE",
"user" : "user",
"date" : "2019-11-23T12:22:34Z",
"elementType" : "Analysis KLA",
"description" : "The user \"username\" logged in",
"affectedItems" : [ {
"type" : "Application",
"value" : "myAppName",
"oldValue" : "myOldAppName"
} ]
} ]
}Analyses
Delete analysis
DELETE /analysis
Description
Delete the specified analysis. The analysis code parameter can refernce a baseline or a delivery. Runnning or enqueued analyses can be also deleted. Note that when a baseline analysis is specified, all its related deliveries will be deleted as well. This endpoint returns the deleted analyses' codes.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
analysisCode |
Analysis code to delete |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Analysis deleted successfully |
< string > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/analysis?analysisCode=A-7e3-16e5b1aad2aExample HTTP response
Response 200
[
"string1"
...
...
...
...
"stringN"
]Get list of analysis
GET /analysis/list
Description
List analysis with different parameters to filter data. See parameters section.
Parameters
| Type | Name | Description | Model | Default |
|---|---|---|---|---|
Query |
applicationName |
Application name to filter results |
string |
|
Query |
auditStatus |
Audit status to filter analysis (only apply to analysis that has audits) |
enum (OK, FAIL) |
|
Query |
count |
How many analysis in each page (defaults to 500) |
integer |
|
Query |
deliveries |
If the list of analysis must include only deliveries (true) or ignore deliveries (false), if this parameter has not value then all analysis will be returned |
boolean |
|
Query |
endDate |
End date to search |
string |
|
Query |
initDate |
Initial date to start search |
string |
|
Query |
page |
Number of results page (defaults to 1) |
integer |
|
Query |
status |
Status to filter analysis |
enum (SUCCESS, FAIL, INPROGRESS) |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of analysis list |
< AnalysisSearchResponse > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/analysis/list?applicationName=myApp&auditStatus=OK&count=500&deliveries=true&endDate=2019-11-01T23%3A59%3A59Z&initDate=2019-11-01T00%3A00%3A00Z&page=1&status=SUCCESSExample HTTP response
Response 200
[
{
"applicationName": "myApp",
"code": "A-7e3-16dc9e29131",
"label": "14.10.2019_1",
"creationDate": "2019-10-14T15:15:15Z",
"qualityModel": "CQM",
"modelId": "string",
"encoding": "UTF-8",
"invoker": "github software",
"status": "RUNNING",
"errorCode": "string",
"unparsedFiles": [
{
"file": "FileSystemSQL.java",
"cause": "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
}
],
"analysisScope": "Baseline",
"changeRequest": "CR_14-10-2019_1",
"changeRequestStatus": "Resolved",
"branchName": "master",
"auditResult": "FAIL",
"analysisBusinessValue": "CRITICAL",
"analysisProvider": "Lab",
"analysisPortfolios": {
" country: ": " spain "
},
"metrics": {
" com.optimyth.CQM.defectsByPriority.Priority 1 ": 163,
" com.optimyth.CQM.defectsByPriority.Priority 2 ": 201,
" com.optimyth.CQM.defectsByPriority.Priority 3 ": 159,
" com.optimyth.CQM.defectsByPriority.Priority 4 ": 17,
"com.optimyth.CQM.defectsByPriority.Priority5": 41
}
},
...
...
...
{
"applicationName": "new_app",
"code": "A-7e5-17bc58e385b",
"label": "",
"creationDate": "2021-09-08T13:15:00Z",
"qualityModel": "CQM",
"encoding": "UTF-8",
"invoker": "sysadmin",
"status": "SUCCESS",
"unparsedFiles": [],
"analysisScope": "Baseline",
"analysisBusinessValue": "CRITICAL",
"analysisPortfolios": {},
"metrics": {
" com.optimyth.CQM.defectsByPriority.Priority 1 ": 0.0,
" com.optimyth.CQM.defectsByPriority.Priority 2 ": 14.0,
" com.optimyth.CQM.defectsByPriority.Priority 3 ": 19.0,
" com.optimyth.CQM.defectsByPriority.Priority 4 ": 0.0,
" com.optimyth.CQM.defectsByPriority.Priority 5 ": 1.0,
" com.optimyth.CQM.securityDefectsByPriority.Priority 1 ": 0.0,
" com.optimyth.CQM.securityDefectsByPriority.Priority 3 ": 9.0,
" com.optimyth.CQM.securityDefectsByPriority.Priority 4 ": 0.0,
" com.optimyth.CQM.securityDefectsByPriority.Priority 5 ": 1.0
}
}
]Get list of all analysis codes for an application
GET /applications/analyses
Description
List all analysis codes for an application.
Parameters
| Type | Name | Description | Model | Default |
|---|---|---|---|---|
Query |
application |
Application name |
string |
|
Query |
count |
Limit results |
integer |
|
Query |
filterPurgedAnalyses |
Set to true to not retrieve purged analyses |
enum (true, false) |
|
Query |
success |
Set to true or false to retrieve only succeeded or failed, respectively |
enum (true, false) |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of analyses list |
< AnalysisResponse > array |
403 |
Access denied |
No Content |
404 |
Application does not exist |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/applications/analyses?application=myApp&count=100&filterPurgedAnalyses=true&success=trueExample HTTP response
Response 200
[ {
"code": "A-7e3-16dc9e29131",
"label": "14.10.2019_1",
"creationDate": "2019-10-14T15:15:15Z",
"qualityModel": "CQM",
"modelId": "string",
"encoding": "UTF-8",
"invoker": "github software",
"status": "RUNNING",
"errorCode": "string",
"unparsedFiles": [
{
"file": "FileSystemSQL.java",
"cause": "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
}
],
"analysisScope": "Baseline",
"changeRequest": "CR_14-10-2019_1",
"changeRequestStatus": "Resolved",
"branchName": "master",
"auditResult": "FAIL",
"analysisBusinessValue": "CRITICAL",
"analysisProvider": "Lab",
"analysisPortfolios": {
"country": "spain"
},
"metrics": {
"com.optimyth.CQM.defectsByPriority.Priority 1": 163,
"com.optimyth.CQM.defectsByPriority.Priority 2": 201,
"com.optimyth.CQM.defectsByPriority.Priority 3": 159,
"com.optimyth.CQM.defectsByPriority.Priority 4": 17,
"com.optimyth.CQM.defectsByPriority.Priority 5": 41
}
},
...
...
...
{
"code": "A-7e3-16dc9e29131",
"label": "14.10.2019_1",
"creationDate": "2019-10-14T15:15:15Z",
"qualityModel": "CQM",
"modelId": "string",
"encoding": "UTF-8",
"invoker": "github software",
"status": "RUNNING",
"errorCode": "string",
"unparsedFiles": [
{
"file": "FileSystemSQL.java",
"cause": "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
}
],
"analysisScope": "Baseline",
"changeRequest": "CR_14-10-2019_1",
"changeRequestStatus": "Resolved",
"branchName": "master",
"auditResult": "FAIL",
"analysisBusinessValue": "CRITICAL",
"analysisProvider": "Lab",
"analysisPortfolios": {
"country": "spain"
},
"metrics": {
"com.optimyth.CQM.defectsByPriority.Priority 1": 163,
"com.optimyth.CQM.defectsByPriority.Priority 2": 201,
"com.optimyth.CQM.defectsByPriority.Priority 3": 159,
"com.optimyth.CQM.defectsByPriority.Priority 4": 17,
"com.optimyth.CQM.defectsByPriority.Priority 5": 41
}
} ]Get list of files with metric values and defects of the latest analysis
GET /applications/files
Description
List files with metric values and defects of the latest analysis for the named application.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
application |
Application name |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of analysis files list |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/applications/files?application=myAppExample HTTP response
Response 200
{
"name" : "android",
"description" : "GitHub Android App",
"auditName" : "Kiuwan default audit",
"applicationBusinessValue" : "CRITICAL",
"applicationProvider" : "Lab",
"applicationPortfolios" : "{ "country": "spain" }",
"creationDate" : "2020-07-22T15:34:53Z",
"label" : "14.10.2019_1",
"date" : "2019-10-14T15:15:15Z",
"modelId" : 6252,
"encoding" : "UTF-8",
"analysisCode" : "A-ZBA-234820349",
"analysisURL" : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349",
"auditResultURL" : "string",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"analysisStatus" : "FINISHED",
"languages" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"architecture" : {
"languages" : [ {
"value" : "java",
"count" : 22
} ],
"types" : [ {
"value" : "java",
"count" : 22
} ],
"relations" : [ {
"value" : "java",
"count" : 22
} ],
"tags" : "tag1",
"groupTags" : "group1"
},
"insightsData" : {
"components" : 29,
"vulnerabilities" : 15,
"licenses" : 8,
"duplicates" : 8,
"risks" : [ {
"name" : "string",
"risk" : {
"string" : 0
}
} ]
},
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"files_count" : 124,
"count" : 100,
"page" : 1,
"files" : [ {
"name" : "FileSystemRepository.java",
"metrics_count" : 17,
"metrics" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"defects_count" : 5,
"defects" : [ {
"defectId" : 16558118,
"file" : "FileSystemRepository.java",
"line" : 368,
"code" : "\t\t\tout.println(sql);",
"muted" : false,
"vulnerabilityType" : "Injection",
"explanation" : "Reflected XSS: user_input",
"status" : "None",
"cweId" : 79,
"ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
"rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"language" : "java",
"characteristic" : "Security",
"priority" : "Very High",
"effort" : "30m",
"modelId" : 6252,
"securityDetail" : {
"cweId" : 79,
"category" : "xss",
"resource" : "web",
"container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
"injectionPoint" : "string",
"variableDeclaration" : "String sql",
"sourceFile" : "FileSystemRepository.java",
"sourceLine" : 70,
"sourceCode" : "\t\t\tString val = request.getParameter(item);",
"sourceCategory" : "user_input",
"sourceResource" : "web",
"sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"sourceInjectionPoint" : "string",
"frames" : [ {
"index" : 0,
"file" : "FileSystemRepository.java",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"category" : "user_input",
"resource" : "web",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"injectionPoint" : "string",
"variableDeclaration" : "string"
} ],
"datapaths" : [ {
"index" : 1,
"kind" : "sink",
"varname" : "user",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"indirect" : true,
"file" : "FileSystemRepository.java",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"localId" : 1,
"localParentId" : 1
} ]
}
} ]
} ],
"lastSuccessfulBaseline" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"lastSuccessfulDelivery" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"quality_model" : "CQM",
"ordered_by" : "github software",
"Risk index" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Quality indicator" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Effort to target" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Main metrics" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"Security" : "{ "Rating": 1, {"3Stars":104.6,"5Stars":255.9,"2Stars":64.89,"4Stars":247.4}"
}Get last analysis
GET /applications/last_analysis
Description
Retrieves last analysis for the authenticated user and the application indicated.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
application |
Application name |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of applications |
|
403 |
Access denied |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/applications/last_analysis?application=myAppExample HTTP response
Response 200
{
"name" : "android",
"description" : "GitHub Android App",
"auditName" : "Kiuwan default audit",
"applicationBusinessValue" : "CRITICAL",
"applicationProvider" : "Lab",
"applicationPortfolios" : "{ "country": "spain" }",
"creationDate" : "2020-07-22T15:34:53Z",
"label" : "14.10.2019_1",
"date" : "2019-10-14T15:15:15Z",
"modelId" : 6252,
"encoding" : "UTF-8",
"analysisCode" : "A-ZBA-234820349",
"analysisURL" : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349",
"auditResultURL" : "string",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"analysisStatus" : "FINISHED",
"languages" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"architecture" : {
"languages" : [ {
"value" : "java",
"count" : 22
} ],
"types" : [ {
"value" : "java",
"count" : 22
} ],
"relations" : [ {
"value" : "java",
"count" : 22
} ],
"tags" : "tag1",
"groupTags" : "group1"
},
"insightsData" : {
"components" : 29,
"vulnerabilities" : 15,
"licenses" : 8,
"duplicates" : 8,
"risks" : [ {
"name" : "string",
"risk" : {
"string" : 0
}
} ]
},
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"lastSuccessfulBaseline" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"lastSuccessfulDelivery" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"quality_model" : "CQM",
"ordered_by" : "github software",
"Risk index" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Quality indicator" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Effort to target" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Main metrics" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"Security" : "{ "Rating": 1, {"3Stars":104.6,"5Stars":255.9,"2Stars":64.89,"4Stars":247.4}"
}Get application analysis
GET /apps/analysis/{code}
Description
Retrieves analysis results for a concrete analysis specified by code parameter.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Path |
code |
Analysis code |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of application analysis |
|
403 |
Access denied |
No Content |
404 |
Application does not exist |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/apps/analysis/A-7e3-16dc9e29131Example HTTP response
Response 200
{
"name" : "android",
"description" : "GitHub Android App",
"auditName" : "Kiuwan default audit",
"applicationBusinessValue" : "CRITICAL",
"applicationProvider" : "Lab",
"applicationPortfolios" : "{ "country": "spain" }",
"creationDate" : "2020-07-22T15:34:53Z",
"label" : "14.10.2019_1",
"date" : "2019-10-14T15:15:15Z",
"modelId" : 6252,
"encoding" : "UTF-8",
"analysisCode" : "A-ZBA-234820349",
"analysisURL" : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349",
"auditResultURL" : "string",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"analysisStatus" : "FINISHED",
"languages" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"architecture" : {
"languages" : [ {
"value" : "java",
"count" : 22
} ],
"types" : [ {
"value" : "java",
"count" : 22
} ],
"relations" : [ {
"value" : "java",
"count" : 22
} ],
"tags" : "tag1",
"groupTags" : "group1"
},
"insightsData" : {
"components" : 29,
"vulnerabilities" : 15,
"licenses" : 8,
"duplicates" : 8,
"risks" : [ {
"name" : "string",
"risk" : {
"string" : 0
}
} ]
},
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Complete delivery",
"changeRequest" : "CR_13.01.2020",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"baselineAnalysisCode" : "A-7e3-16dc9e29131",
"deliveryFiles" : {
"count" : 132
},
"deliveryDefects" : {
"newDefects" : 3,
"removedDefects" : 0,
"defects" : 582
},
"auditResult" : {
"auditName" : "Kiuwan default audit",
"description" : "Default audit provided by Kiuwan. Checks if there are new defects. The audit will not pass if there are any.",
"approvalThreshold" : 50.0,
"overallResult" : "FAIL",
"score" : 0.0,
"checkpointResults" : [ {
"checkpoint" : "1",
"result" : "FAIL",
"name" : "No new defects",
"description" : "If a new defect is detected, the checkpoint will not pass.",
"weight" : 1,
"mandatory" : true,
"type" : "Threshold for maximum new defects",
"score" : 0.0,
"violatedRules" : [ {
"ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
"modelId" : 6252,
"defectsCount" : 72,
"suppressedDefectsCount" : 0,
"filesCount" : 11,
"effort" : "36h 00",
"characteristic" : "Security",
"vulnerabilityType" : "Injection",
"tags" : "[CERT-J:IDS51-J,CWE:79,CWEScope:Access-Control,CWEScope:Availability,CWEScope:Confidentiality,CWEScope:Integrity,essential,OWASP:2013:A3,OWASP:2017:A7,OWASP-M:2014:M7,PCI-DSS:6.5.7,SANS25:2010:1,SANS25:2011:4,WASC:08]",
"priority" : "Very High",
"language" : "Java",
"files" : {
"href" : "https://api.kiuwan.com/audits/checkpoints/violatedrules/files/defects?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&checkpoint=3452&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java"
}
} ]
} ]
},
"lastSuccessfulBaseline" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"lastSuccessfulDelivery" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"quality_model" : "CQM",
"ordered_by" : "github software",
"Risk index" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Quality indicator" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Effort to target" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Main metrics" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"Security" : "{ "Rating": 1, {"3Stars":104.6,"5Stars":255.9,"2Stars":64.89,"4Stars":247.4}"
}Get list of analysis defects
GET /apps/analysis/{code}/defects
Description
List analysis defects for a concrete analysis specified by analysisCode parameter.
Parameters
| Type | Name | Description | Model | Default |
|---|---|---|---|---|
Path |
code |
Analysis code |
string |
|
Query |
asc |
Set to true to sort ascending (default is not set), false for descending |
enum (true, false) |
|
Query |
characteristics |
Comma-separated list of characteristics to filter by |
enum (Efficiency, Maintainability, Portability, Reliability, Security) |
|
Query |
count |
How many defects in each page (defaults to 500) |
integer |
|
Query |
fileContains |
Use this param to filter defects by file name |
string |
|
Query |
languages |
Comma-separated list of languages to filter by |
string |
|
Query |
muted |
Use this param to filter defects by their mute status |
enum (true, false) |
|
Query |
orderBy |
Sorting criteria (one of 'priority' or 'effort') |
enum (priority, effort) |
|
Query |
page |
Number of results page (defaults to 1) |
integer |
|
Query |
priorities |
Comma-separated list of priorities(Very low, Low, Normal, High, Very high) to filter by |
enum (Very low, Low, Normal, High, Very high) |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of analysis defects list |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/apps/analysis/A-7e3-16e5b1aad2a/defects?asc=true&characteristics=Security%2C+Efficiency&count=500&fileContains=FileSystemRepository.java&languages=java%2C+php&muted=true&orderBy=priority&page=1&priorities=Very+high%2C+HighExample HTTP response
Response 200
{
"name" : "android",
"description" : "GitHub Android App",
"auditName" : "Kiuwan default audit",
"applicationBusinessValue" : "CRITICAL",
"applicationProvider" : "Lab",
"applicationPortfolios" : "{ "country": "spain" }",
"creationDate" : "2020-07-22T15:34:53Z",
"label" : "14.10.2019_1",
"date" : "2019-10-14T15:15:15Z",
"modelId" : 6252,
"encoding" : "UTF-8",
"analysisCode" : "A-ZBA-234820349",
"analysisURL" : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349",
"auditResultURL" : "string",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"analysisStatus" : "FINISHED",
"languages" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"architecture" : {
"languages" : [ {
"value" : "java",
"count" : 22
} ],
"types" : [ {
"value" : "java",
"count" : 22
} ],
"relations" : [ {
"value" : "java",
"count" : 22
} ],
"tags" : "tag1",
"groupTags" : "group1"
},
"insightsData" : {
"components" : 29,
"vulnerabilities" : 15,
"licenses" : 8,
"duplicates" : 8,
"risks" : [ {
"name" : "string",
"risk" : {
"string" : 0
}
} ]
},
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"defects_count" : 581,
"activeDefects_count" : 575,
"supressedDefects_count" : 6,
"count" : 500,
"page" : 1,
"defects" : [ {
"defectId" : 16558118,
"file" : "FileSystemRepository.java",
"line" : 368,
"code" : "\t\t\tout.println(sql);",
"muted" : false,
"vulnerabilityType" : "Injection",
"explanation" : "Reflected XSS: user_input",
"status" : "None",
"cweId" : 79,
"ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
"rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"language" : "java",
"characteristic" : "Security",
"priority" : "Very High",
"effort" : "30m",
"modelId" : 6252,
"securityDetail" : {
"cweId" : 79,
"category" : "xss",
"resource" : "web",
"container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
"injectionPoint" : "string",
"variableDeclaration" : "String sql",
"sourceFile" : "FileSystemRepository.java",
"sourceLine" : 70,
"sourceCode" : "\t\t\tString val = request.getParameter(item);",
"sourceCategory" : "user_input",
"sourceResource" : "web",
"sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"sourceInjectionPoint" : "string",
"frames" : [ {
"index" : 0,
"file" : "FileSystemRepository.java",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"category" : "user_input",
"resource" : "web",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"injectionPoint" : "string",
"variableDeclaration" : "string"
} ],
"datapaths" : [ {
"index" : 1,
"kind" : "sink",
"varname" : "user",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"indirect" : true,
"file" : "FileSystemRepository.java",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"localId" : 1,
"localParentId" : 1
} ]
}
} ],
"lastSuccessfulBaseline" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"lastSuccessfulDelivery" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"quality_model" : "CQM",
"ordered_by" : "github software",
"Risk index" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Quality indicator" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Effort to target" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Main metrics" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"Security" : "{ "Rating": 1, {"3Stars":104.6,"5Stars":255.9,"2Stars":64.89,"4Stars":247.4}"
}Get comparison of the defects found in two different analysis
GET /apps/analysis/{code}/defects/compare/{previouscode}
Description
Get the net number of new and removed defects and violated rules after comparing 2 given analyses.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Path |
code |
Analysis code |
string |
Path |
previouscode |
Previous analysis code |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of analysis compare defects |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/apps/analysis/A-7e3-16e5b1aad2a/defects/compare/A-7e3-16dc9e29131Example HTTP response
Response 200
{
"Main analysis code" : "A-7e3-16e5b1aad2a",
"Previous analysis code" : "A-7e3-16dc9e29131",
"New violated rules count" : 1,
"Removed violated rules count" : 0,
"New defects count" : 3,
"Removed defects count" : 0
}Get the list of new/removed defects in a comparison
GET /apps/analysis/{code}/defects/compare/{previouscode}/{defectstype}
Description
Get the list of new/removed defects in an analysis from the previous analysis.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Path |
code |
Analysis code |
string |
Path |
defectstype |
Either 'new' or 'removed' |
enum (new, removed) |
Path |
previouscode |
Previous analysis code |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of new or removed defects for an analysis |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/apps/analysis/A-7e3-16e5b1aad2a/defects/compare/A-7e3-16dc9e29131/newExample HTTP response
Response 200
{
"count" : 3,
"page" : 1,
"Main analysis code" : "A-7e3-16e5b1aad2a",
"Previous analysis code" : "A-7e3-16dc9e29131",
"New violated rules count" : 1,
"Removed violated rules count" : 0,
"New defects count" : 3,
"Removed defects count" : 0,
"New defects" : [ {
"defectId" : 16558118,
"file" : "FileSystemRepository.java",
"line" : 368,
"code" : "\t\t\tout.println(sql);",
"muted" : false,
"vulnerabilityType" : "Injection",
"explanation" : "Reflected XSS: user_input",
"status" : "None",
"cweId" : 79,
"ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
"rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"language" : "java",
"characteristic" : "Security",
"priority" : "Very High",
"effort" : "30m",
"modelId" : 6252,
"securityDetail" : {
"cweId" : 79,
"category" : "xss",
"resource" : "web",
"container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
"injectionPoint" : "string",
"variableDeclaration" : "String sql",
"sourceFile" : "FileSystemRepository.java",
"sourceLine" : 70,
"sourceCode" : "\t\t\tString val = request.getParameter(item);",
"sourceCategory" : "user_input",
"sourceResource" : "web",
"sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"sourceInjectionPoint" : "string",
"frames" : [ {
"index" : 0,
"file" : "FileSystemRepository.java",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"category" : "user_input",
"resource" : "web",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"injectionPoint" : "string",
"variableDeclaration" : "string"
} ],
"datapaths" : [ {
"index" : 1,
"kind" : "sink",
"varname" : "user",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"indirect" : true,
"file" : "FileSystemRepository.java",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"localId" : 1,
"localParentId" : 1
} ]
}
} ],
"Removed defects" : [ {
"defectId" : 16558118,
"file" : "FileSystemRepository.java",
"line" : 368,
"code" : "\t\t\tout.println(sql);",
"muted" : false,
"vulnerabilityType" : "Injection",
"explanation" : "Reflected XSS: user_input",
"status" : "None",
"cweId" : 79,
"ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
"rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"language" : "java",
"characteristic" : "Security",
"priority" : "Very High",
"effort" : "30m",
"modelId" : 6252,
"securityDetail" : {
"cweId" : 79,
"category" : "xss",
"resource" : "web",
"container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
"injectionPoint" : "string",
"variableDeclaration" : "String sql",
"sourceFile" : "FileSystemRepository.java",
"sourceLine" : 70,
"sourceCode" : "\t\t\tString val = request.getParameter(item);",
"sourceCategory" : "user_input",
"sourceResource" : "web",
"sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"sourceInjectionPoint" : "string",
"frames" : [ {
"index" : 0,
"file" : "FileSystemRepository.java",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"category" : "user_input",
"resource" : "web",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"injectionPoint" : "string",
"variableDeclaration" : "string"
} ],
"datapaths" : [ {
"index" : 1,
"kind" : "sink",
"varname" : "user",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"indirect" : true,
"file" : "FileSystemRepository.java",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"localId" : 1,
"localParentId" : 1
} ]
}
} ]
}Get list of files with metric values and defects for a specific analysis
GET /apps/analysis/{code}/files
Description
List files with metric values and defects for a specific analysis.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Path |
code |
Analysis code |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of analysis files |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/apps/analysis/A-7e3-16e5b1aad2a/filesExample HTTP response
Response 200
{
"name" : "android",
"description" : "GitHub Android App",
"auditName" : "Kiuwan default audit",
"applicationBusinessValue" : "CRITICAL",
"applicationProvider" : "Lab",
"applicationPortfolios" : "{ "country": "spain" }",
"creationDate" : "2020-07-22T15:34:53Z",
"label" : "14.10.2019_1",
"date" : "2019-10-14T15:15:15Z",
"modelId" : 6252,
"encoding" : "UTF-8",
"analysisCode" : "A-ZBA-234820349",
"analysisURL" : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349",
"auditResultURL" : "string",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"analysisStatus" : "FINISHED",
"languages" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"architecture" : {
"languages" : [ {
"value" : "java",
"count" : 22
} ],
"types" : [ {
"value" : "java",
"count" : 22
} ],
"relations" : [ {
"value" : "java",
"count" : 22
} ],
"tags" : "tag1",
"groupTags" : "group1"
},
"insightsData" : {
"components" : 29,
"vulnerabilities" : 15,
"licenses" : 8,
"duplicates" : 8,
"risks" : [ {
"name" : "string",
"risk" : {
"string" : 0
}
} ]
},
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"files_count" : 124,
"count" : 100,
"page" : 1,
"files" : [ {
"name" : "FileSystemRepository.java",
"metrics_count" : 17,
"metrics" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"defects_count" : 5,
"defects" : [ {
"defectId" : 16558118,
"file" : "FileSystemRepository.java",
"line" : 368,
"code" : "\t\t\tout.println(sql);",
"muted" : false,
"vulnerabilityType" : "Injection",
"explanation" : "Reflected XSS: user_input",
"status" : "None",
"cweId" : 79,
"ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
"rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"language" : "java",
"characteristic" : "Security",
"priority" : "Very High",
"effort" : "30m",
"modelId" : 6252,
"securityDetail" : {
"cweId" : 79,
"category" : "xss",
"resource" : "web",
"container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
"injectionPoint" : "string",
"variableDeclaration" : "String sql",
"sourceFile" : "FileSystemRepository.java",
"sourceLine" : 70,
"sourceCode" : "\t\t\tString val = request.getParameter(item);",
"sourceCategory" : "user_input",
"sourceResource" : "web",
"sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"sourceInjectionPoint" : "string",
"frames" : [ {
"index" : 0,
"file" : "FileSystemRepository.java",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"category" : "user_input",
"resource" : "web",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"injectionPoint" : "string",
"variableDeclaration" : "string"
} ],
"datapaths" : [ {
"index" : 1,
"kind" : "sink",
"varname" : "user",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"indirect" : true,
"file" : "FileSystemRepository.java",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"localId" : 1,
"localParentId" : 1
} ]
}
} ]
} ],
"lastSuccessfulBaseline" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"lastSuccessfulDelivery" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"quality_model" : "CQM",
"ordered_by" : "github software",
"Risk index" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Quality indicator" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Effort to target" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Main metrics" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"Security" : "{ "Rating": 1, {"3Stars":104.6,"5Stars":255.9,"2Stars":64.89,"4Stars":247.4}"
}Analyses-Reports
Get defects CSV report of an analysis
GET /applications/analysis/defects/export
Description
Obtains a CSV report of the specified analysis code or the last analysis of the application name.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
application |
Application name |
string |
Query |
code |
Analysis code |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successfully retrieval of report |
file |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
text/csv -
application/json
Example HTTP request
Request path
/applications/analysis/defects/export?application=myApp&code=A-7e3-16e5b1aad2aGet security PDF report of an analysis
GET /applications/analysis/security/summary/export
Description
Obtains a security report of the specified analysis code or the last analysis of the application name in PDF format.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
application |
Application name |
string |
Query |
code |
Analysis code |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successfully retrieval of report |
file |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/pdf -
application/json
Example HTTP request
Request path
/applications/analysis/security/summary/export?application=myApp&code=A-7e3-16e5b1aad2aGet PDF report of an analysis
GET /applications/analysis/summary/export
Description
Obtains a report of the specified analysis code or the last analysis of the application name in PDF format.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
application |
Application name |
string |
Query |
code |
Analysis code |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successfully retrieval of report |
file |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/pdf -
application/json
Example HTTP request
Request path
/applications/analysis/summary/export?application=myApp&code=A-7e3-16e5b1aad2aGet security CSV/Threadfix report of an analysis
GET /applications/analysis/vulnerabilities/export
Description
Obtains a security report of the specified analysis code or the last analysis of the application name in CSV or Threadfix format.
Parameters
| Type | Name | Description | Model | Default |
|---|---|---|---|---|
Query |
application |
Application name |
string |
|
Query |
code |
Analysis code |
string |
|
Query |
type |
type of report |
enum (CSV, THREADFIX) |
|
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successfully retrieval of report |
file |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
text/csv -
application/json
Example HTTP request
Request path
/applications/analysis/vulnerabilities/export?application=myApp&code=A-7e3-16e5b1aad2a&type=CSVApplication
Get applications
GET /applications
Description
Retrieves applications for the authenticated user.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
activityInfo |
controls wether to included creation, baseline and delivery info |
enum (true, false) |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of applications |
< ApplicationResponse > array |
403 |
Access denied |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/applications?activityInfo=trueExample HTTP response
Response 200
[
{
"name": "android",
"description": "GitHub Android App",
"auditName": "Kiuwan default audit",
"applicationBusinessValue": "CRITICAL",
"applicationProvider": "Lab",
"applicationPortfolios": {
" country ": " spain "
},
"creationDate": "2020-07-22T15:34:53Z",
"lastSuccessfulBaseline": {
"code": "A-7e3-16dc9e29131",
"label": "14.10.2019_1",
"creationDate": "2019-10-14T15:15:15Z",
"qualityModel": "CQM",
"modelId": "string",
"encoding": "UTF-8",
"invoker": "github software",
"status": "RUNNING",
"errorCode": "string",
"unparsedFiles": [
{
"file": "FileSystemSQL.java",
"cause": "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
}
],
"analysisScope": "Baseline",
"changeRequest": "CR_14-10-2019_1",
"changeRequestStatus": "Resolved",
"branchName": "master",
"auditResult": "FAIL",
"analysisBusinessValue": "CRITICAL",
"analysisProvider": "Lab",
"analysisPortfolios": {
" country ": " spain "
},
"metrics": {
" com.optimyth.CQM.defectsByPriority.Priority 1 ": 163,
" com.optimyth.CQM.defectsByPriority.Priority 2 ": 201,
" com.optimyth.CQM.defectsByPriority.Priority 3 ": 159,
" com.optimyth.CQM.defectsByPriority.Priority 4 ": 17,
" com.optimyth.CQM.defectsByPriority.Priority 5 ": 41
}
},
"lastSuccessfulDelivery": {
"code": "A-7e3-16dc9e29131",
"label": "14.10.2019_1",
"creationDate": "2019-10-14T15:15:15Z",
"qualityModel": "CQM",
"modelId": "string",
"encoding": "UTF-8",
"invoker": "github software",
"status": "RUNNING",
"errorCode": "string",
"unparsedFiles": [
{
"file": "FileSystemSQL.java",
"cause": "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
}
],
"analysisScope": "Baseline",
"changeRequest": "CR_14-10-2019_1",
"changeRequestStatus": "Resolved",
"branchName": "master",
"auditResult": "FAIL",
"analysisBusinessValue": "CRITICAL",
"analysisProvider": "Lab",
"analysisPortfolios": {
" country ": " spain "
},
" metrics ": {
" com.optimyth.CQM.defectsByPriority.Priority 1 ": 163,
" com.optimyth.CQM.defectsByPriority.Priority 2 ": 201,
" com.optimyth.CQM.defectsByPriority.Priority 3 ": 159,
" com.optimyth.CQM.defectsByPriority.Priority 4 ": 17,
" com.optimyth.CQM.defectsByPriority.Priority 5 ": 41
}
},
" quality_model ": " CQM "
},
...
...
...
{
"name": "test",
"description": "",
"auditName": "Default audit",
"applicationBusinessValue": "CRITICAL",
"applicationPortfolios": {},
"creationDate": "2021-09-06T11:29:33Z",
"lastSuccessfulBaseline": {
"code": "A-7e5-17bdda7a77d",
"label": "",
"creationDate": "2021-09-13T05:38:33Z"
},
"lastSuccessfulDelivery": {
"code": "A-7e5-17c086231ec",
"label": "",
"creationDate": "2021-09-21T12:42:50Z",
"analysisScope": "Complete delivery",
"changeRequest": "",
"changeRequestStatus": "In progress",
"branchName": ""
},
"quality_model": "CQM"
}
]Get list of application defects
GET /applications/defects
Description
List application defects for the indicated application.
Parameters
| Type | Name | Description | Model | Default |
|---|---|---|---|---|
Query |
application |
Application name |
string |
|
Query |
asc |
Set to true to sort ascending (default is not set), false for descending |
enum (true, false) |
|
Query |
characteristics |
Comma-separated list of characteristics to filter by |
enum (Efficiency, Maintainability, Portability, Reliability, Security) |
|
Query |
count |
How many defects in each page (defaults to 500) |
integer |
|
Query |
fileContains |
Use this param to filter defects by file name |
string |
|
Query |
languages |
Comma-separated list of languages to filter by |
string |
|
Query |
orderBy |
Sorting criteria (one of 'priority' or 'effort') |
enum (priority, effort) |
|
Query |
page |
Number of results page (defaults to 1) |
integer |
|
Query |
priorities |
Comma-separated list of priorities(Very low, Low, Normal, High, Very high) to filter by |
enum (Very low, Low, Normal, High, Very high) |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of analysis defects list |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/applications/defects?application=myApp&asc=true&characteristics=Security%2C+Efficiency&count=500&fileContains=FileSystemRepository.java&languages=java%2C+php&orderBy=priority&page=1&priorities=Very+high%2C+HighExample HTTP response
Response 200
{
"name" : "android",
"description" : "GitHub Android App",
"auditName" : "Kiuwan default audit",
"applicationBusinessValue" : "CRITICAL",
"applicationProvider" : "Lab",
"applicationPortfolios" : "{ "country": "spain" }",
"creationDate" : "2020-07-22T15:34:53Z",
"label" : "14.10.2019_1",
"date" : "2019-10-14T15:15:15Z",
"modelId" : 6252,
"encoding" : "UTF-8",
"analysisCode" : "A-ZBA-234820349",
"analysisURL" : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349",
"auditResultURL" : "string",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"analysisStatus" : "FINISHED",
"languages" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"architecture" : {
"languages" : [ {
"value" : "java",
"count" : 22
} ],
"types" : [ {
"value" : "java",
"count" : 22
} ],
"relations" : [ {
"value" : "java",
"count" : 22
} ],
"tags" : "tag1",
"groupTags" : "group1"
},
"insightsData" : {
"components" : 29,
"vulnerabilities" : 15,
"licenses" : 8,
"duplicates" : 8,
"risks" : [ {
"name" : "string",
"risk" : {
"string" : 0
}
} ]
},
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"defects_count" : 581,
"activeDefects_count" : 575,
"supressedDefects_count" : 6,
"count" : 500,
"page" : 1,
"defects" : [ {
"defectId" : 16558118,
"file" : "FileSystemRepository.java",
"line" : 368,
"code" : "\t\t\tout.println(sql);",
"muted" : false,
"vulnerabilityType" : "Injection",
"explanation" : "Reflected XSS: user_input",
"status" : "None",
"cweId" : 79,
"ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
"rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"language" : "java",
"characteristic" : "Security",
"priority" : "Very High",
"effort" : "30m",
"modelId" : 6252,
"securityDetail" : {
"cweId" : 79,
"category" : "xss",
"resource" : "web",
"container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
"injectionPoint" : "string",
"variableDeclaration" : "String sql",
"sourceFile" : "FileSystemRepository.java",
"sourceLine" : 70,
"sourceCode" : "\t\t\tString val = request.getParameter(item);",
"sourceCategory" : "user_input",
"sourceResource" : "web",
"sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"sourceInjectionPoint" : "string",
"frames" : [ {
"index" : 0,
"file" : "FileSystemRepository.java",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"category" : "user_input",
"resource" : "web",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"injectionPoint" : "string",
"variableDeclaration" : "string"
} ],
"datapaths" : [ {
"index" : 1,
"kind" : "sink",
"varname" : "user",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"indirect" : true,
"file" : "FileSystemRepository.java",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"localId" : 1,
"localParentId" : 1
} ]
}
} ],
"lastSuccessfulBaseline" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"lastSuccessfulDelivery" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"quality_model" : "CQM",
"ordered_by" : "github software",
"Risk index" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Quality indicator" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Effort to target" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Main metrics" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"Security" : "{ "Rating": 1, {"3Stars":104.6,"5Stars":255.9,"2Stars":64.89,"4Stars":247.4}"
}Get Application Defects Still Open since date
GET /applications/defects/stillopen
Description
Get Application defects still open on latest analysis( or atAnalysisCode if provided) sinceDate (or previous sinceAnalysisCode if provided). Can be filtered by onlySecurity or by withRuleTag. Paginated
Parameters
| Type | Name | Description | Model | Default |
|---|---|---|---|---|
Query |
application |
Application Name |
string |
|
Query |
atAnalysisCode |
Find defects that were already open on this Analysis |
string |
|
Query |
count |
How many defects in each page (defaults to 500) |
integer |
|
Query |
onlyCodeSecurity |
Only Defects on Code Security rules |
enum (true, false) |
|
Query |
page |
Number of results page (defaults to 1) |
integer |
|
Query |
sinceAnalysisCode |
Find defects still open at this analyis |
string |
|
Query |
sinceDate |
Defects open since this date |
string |
|
Query |
withRuleTags |
Only Defects Open from the Rules with the matching tags (split by ',') |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of defects still open |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/applications/defects/stillopen?application=MyApp&atAnalysisCode=A-7e3-16e5b1aad2a&count=500&onlyCodeSecurity=true&page=1&sinceAnalysisCode=A-7e3-16e5b1aad2a&sinceDate=2019-11-01T00%3A00%3A00Z&withRuleTags=hardcoded-pathExample HTTP response
Response 200
{
"sinceAnalysisCode" : "A-7e3-16e5b1aad2a",
"atAnalysisCode" : "A-7e3-16dc9e29131",
"sinceDate" : "2020-03-01T12:00:00Z",
"ruleTags" : "PCI-DSS:6.5.1,cwe99",
"securityOnly" : true,
"totalDefects" : 132,
"count" : 3,
"page" : 1,
"defects" : [ {
"defectId" : 16558118,
"file" : "FileSystemRepository.java",
"line" : 368,
"code" : "\t\t\tout.println(sql);",
"muted" : false,
"vulnerabilityType" : "Injection",
"explanation" : "Reflected XSS: user_input",
"status" : "None",
"cweId" : 79,
"ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
"rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"language" : "java",
"characteristic" : "Security",
"priority" : "Very High",
"effort" : "30m",
"modelId" : 6252,
"securityDetail" : {
"cweId" : 79,
"category" : "xss",
"resource" : "web",
"container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
"injectionPoint" : "string",
"variableDeclaration" : "String sql",
"sourceFile" : "FileSystemRepository.java",
"sourceLine" : 70,
"sourceCode" : "\t\t\tString val = request.getParameter(item);",
"sourceCategory" : "user_input",
"sourceResource" : "web",
"sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"sourceInjectionPoint" : "string",
"frames" : [ {
"index" : 0,
"file" : "FileSystemRepository.java",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"category" : "user_input",
"resource" : "web",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"injectionPoint" : "string",
"variableDeclaration" : "string"
} ],
"datapaths" : [ {
"index" : 1,
"kind" : "sink",
"varname" : "user",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"indirect" : true,
"file" : "FileSystemRepository.java",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"localId" : 1,
"localParentId" : 1
} ]
}
} ]
}Get applications filtered
GET /applications/list
Description
Retrieves applications for the authenticated user filtered.
Parameters
| Type | Name | Description | Model | Default |
|---|---|---|---|---|
Query |
activityInfo |
controls wether to included creation, baseline and delivery info |
enum (true, false) |
|
Query |
applicationName |
Application name to filter |
string |
|
Query |
asc |
Ascending or descending order |
boolean |
|
Query |
count |
How many applications in each page (defaults to 500) |
integer |
|
Query |
endDateAnalysis |
End date to start search applications that are analyzed before this date |
string |
|
Query |
exactApplicationName |
Indicates if the applicationName must be equals (ignore case). Only apply if applicationName is provided |
boolean |
|
Query |
initDateAnalysis |
Initial date to start search applications that are analyzed after this date |
string |
|
Query |
orderBy |
'Order by' for results |
enum (applicationName, analysisDate) |
|
Query |
page |
Number of results page (defaults to 1) |
integer |
|
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of applications filtered |
< ApplicationResponse > array |
400 |
Bad request |
No Content |
403 |
Access denied |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/applications/list?activityInfo=true&applicationName=myApp&asc=true&count=500&endDateAnalysis=2019-11-01T23%3A59%3A59Z&exactApplicationName=true&initDateAnalysis=2019-11-01T00%3A00%3A00Z&orderBy=applicationName&page=1Example HTTP response
Response 200
[
{
"name": "android",
"description": "GitHub Android App",
"auditName": "Kiuwan default audit",
"applicationBusinessValue": "CRITICAL",
"applicationProvider": "Lab",
"applicationPortfolios": {
" country ": " spain "
},
"creationDate": "2020-07-22T15:34:53Z",
"lastSuccessfulBaseline": {
"code": "A-7e3-16dc9e29131",
"label": "14.10.2019_1",
"creationDate": "2019-10-14T15:15:15Z",
"qualityModel": "CQM",
"modelId": "string",
"encoding": "UTF-8",
"invoker": "github software",
"status": "RUNNING",
"errorCode": "string",
"unparsedFiles": [
{
"file": "FileSystemSQL.java",
"cause": "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
}
],
"analysisScope": "Baseline",
"changeRequest": "CR_14-10-2019_1",
"changeRequestStatus": "Resolved",
"branchName": "master",
"auditResult": "FAIL",
"analysisBusinessValue": "CRITICAL",
"analysisProvider": "Lab",
"analysisPortfolios": {
" country ": " spain "
},
"metrics": {
" com.optimyth.CQM.defectsByPriority.Priority 1 ": 163,
" com.optimyth.CQM.defectsByPriority.Priority 2 ": 201,
" com.optimyth.CQM.defectsByPriority.Priority 3 ": 159,
" com.optimyth.CQM.defectsByPriority.Priority 4 ": 17,
" com.optimyth.CQM.defectsByPriority.Priority 5 ": 41
}
},
"lastSuccessfulDelivery": {
"code": "A-7e3-16dc9e29131",
"label": "14.10.2019_1",
"creationDate": "2019-10-14T15:15:15Z",
"qualityModel": "CQM",
"modelId": "string",
"encoding": "UTF-8",
"invoker": "github software",
"status": "RUNNING",
"errorCode": "string",
"unparsedFiles": [
{
"file": "FileSystemSQL.java",
"cause": "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
}
],
"analysisScope": "Baseline",
"changeRequest": "CR_14-10-2019_1",
"changeRequestStatus": "Resolved",
"branchName": "master",
"auditResult": "FAIL",
"analysisBusinessValue": "CRITICAL",
"analysisProvider": "Lab",
"analysisPortfolios": {
" country ": " spain "
},
" metrics ": {
" com.optimyth.CQM.defectsByPriority.Priority 1 ": 163,
" com.optimyth.CQM.defectsByPriority.Priority 2 ": 201,
" com.optimyth.CQM.defectsByPriority.Priority 3 ": 159,
" com.optimyth.CQM.defectsByPriority.Priority 4 ": 17,
" com.optimyth.CQM.defectsByPriority.Priority 5 ": 41
}
},
" quality_model ": " CQM "
},
...
...
...
{
"name": "test",
"description": "",
"auditName": "Default audit",
"applicationBusinessValue": "CRITICAL",
"applicationPortfolios": {},
"creationDate": "2021-09-06T11:29:33Z",
"lastSuccessfulBaseline": {
"code": "A-7e5-17bdda7a77d",
"label": "",
"creationDate": "2021-09-13T05:38:33Z"
},
"lastSuccessfulDelivery": {
"code": "A-7e5-17c086231ec",
"label": "",
"creationDate": "2021-09-21T12:42:50Z",
"analysisScope": "Complete delivery",
"changeRequest": "",
"changeRequestStatus": "In progress",
"branchName": ""
},
"quality_model": "CQM"
}
]Get First date of defect
GET /applications/{application}/defect/{defectId}/firstdate
Description
Retrieves the first date when a defect was detected
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Path |
application |
Application Name |
string |
Path |
defectId |
Defect ID |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of date |
string (date-time) |
403 |
Access denied |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/applications/MyApp/defect/17375778/firstdateExample HTTP response
Response 200
"string"Get Application mute patterns
GET /applications/{application}/mutepatterns
Description
Get Application mute patterns
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Path |
application |
Application Name |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of Mute Patterns |
< MutePatternResponse > array |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/applications/MyApp/mutepatternsExample HTTP response
Response 200
[ {
"reason": "TOO_MANY_DEFECTS",
"comment": "Created after review meeting",
"customerId": 12334,
"lineText": " throw new NullPointerException();",
"sourceLineText": "string",
"lineNumber": 113,
"lastActionDate": "2021-10-1T15:15:15Z",
"lastActionUserName": "Administrator Site (sysadmin)",
"lastMuteAction": "MUTEACTION_CREATE",
"fileName": "path/to/file.java",
"fileNamePatterns": "extras/*",
"ruleName": "Avoid launching NullPointerExceptions",
"ruleCode": "OPT.JAVA.EXCP.AvoidThrowNullPointerExceptions",
"active": true
},
...
...
...
{
"reason": "NONE",
"comment": "",
"lastActionDate": "2021-09-27T13:24:35Z",
"lastActionUserName": "Administrator Site (sysadmin)",
"lastMuteAction": "MUTEACTION_CREATE",
"fileName": "extras/src/main/java/com/google/gson/graph/GraphAdapterBuilder.java",
"ruleName": "Cyclomatic complexity",
"ruleCode": "OPT.JAVA.CMETRICS.TCC",
"active": true
} ]Get analysis global metrics
GET /metrics
Description
Obtains the global metrics of indicated analysis.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
code |
Analysis code |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successfully retrieval of global metrics map |
< string, object > map |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/metrics?code=A-7e3-16e5b1aad2aExample HTTP response
Response 200
"object"Get suppression rules
GET /qualitymodel/suppressions
Description
Get suppression rules for application given as parameter.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
application |
Application name |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successfully retrieval of suppression rules |
string |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/xml -
application/json
Example HTTP request
Request path
/qualitymodel/suppressions?application=myAppExample HTTP response
Response 200
"string"Architecture
Get list of sources that impact on a component with the specified targetId
POST /arch/impact/searchSources
Description
List of sources that impact on a component with the specified targetId in analysis for a concrete analysis specified by analysisCode parameter or application name specified in applicationName parameter by filters and pagination.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Body |
body |
Analysis impact request for sources |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of sources list |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/arch/impact/searchSourcesRequest body
{
"applicationName" : "myApp",
"analysisCode" : "A-7e3-16dc9e29131",
"analysisImpactCode" : "0143dde8-3d81-44ac-ab77-fb5132c0f3b0",
"sourceFilter" : {
"contains" : "custom.js",
"notContains" : "testFactory",
"languages" : "java,javascript",
"types" : "program,element,map,class",
"analyzed" : true,
"fileName" : "custom.js",
"tags" : "myTag1,myTag2",
"groupTags" : [ {
"name" : "Servlets",
"value" : "FileServlet"
} ]
},
"sourceIds" : [ 0 ],
"targetId" : 41144504,
"navigationFilter" : {
"relations" : "contains,uses,update",
"direction" : "out",
"depth" : 2
},
"pagination" : {
"page" : 1,
"count" : 500,
"total" : 5654
}
}Example HTTP response
Response 200
{
"pagination" : {
"page" : 1,
"count" : 500,
"total" : 5654
},
"data" : [ {
"id" : 23,
"dn" : "app=myApp,class=com.myCompany.myApp.file.CSRFServlet",
"name" : "com.myCompany.myApp.CSRFServlet",
"type" : "class",
"language" : "java",
"tags" : "Security,CSRF",
"grouptags" : "{"Servlet": "FileServlet"}",
"artifacts" : "{0}/src/main/java/com/myCompany/myApp/CSRFServlet",
"analyzed" : true,
"loc" : 210.0,
"quality" : 0.0,
"dupCode" : 0.0,
"ccn" : 15.0,
"effort" : 0.0,
"groupedCount" : 1,
"other" : "{ "componentType": "class", "j2eeType": "class", "description": "class java" }"
} ],
"analysisImpactCode" : "0143dde8-3d81-44ac-ab77-fb5132c0f3b0"
}Get list of impacted components
POST /arch/impact/searchTargets
Description
List impacted components in analysis for a concrete analysis specified by analysisCode parameter or application name specified in applicationName parameter by filters and pagination.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Body |
body |
Analysis impact request |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of impacted components list |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/arch/impact/searchTargetsRequest body
{
"applicationName" : "myApp",
"analysisCode" : "A-7e3-16dc9e29131",
"analysisImpactCode" : "0143dde8-3d81-44ac-ab77-fb5132c0f3b0",
"sourceFilter" : {
"contains" : "custom.js",
"notContains" : "testFactory",
"languages" : "java,javascript",
"types" : "program,element,map,class",
"analyzed" : true,
"fileName" : "custom.js",
"tags" : "myTag1,myTag2",
"groupTags" : [ {
"name" : "Servlets",
"value" : "FileServlet"
} ]
},
"targetFilter" : {
"contains" : "custom.js",
"notContains" : "testFactory",
"languages" : "java,javascript",
"types" : "program,element,map,class",
"analyzed" : true,
"fileName" : "custom.js",
"tags" : "myTag1,myTag2",
"groupTags" : [ {
"name" : "Servlets",
"value" : "FileServlet"
} ]
},
"sourceIds" : [ 0 ],
"targetIds" : [ 0 ],
"navigationFilter" : {
"relations" : "contains,uses,update",
"direction" : "out",
"depth" : 2
},
"pagination" : {
"page" : 1,
"count" : 500,
"total" : 5654
}
}Example HTTP response
Response 200
{
"pagination" : {
"page" : 1,
"count" : 500,
"total" : 5654
},
"data" : [ {
"id" : 23,
"dn" : "app=myApp,class=com.myCompany.myApp.file.CSRFServlet",
"name" : "com.myCompany.myApp.CSRFServlet",
"type" : "class",
"language" : "java",
"tags" : "Security,CSRF",
"grouptags" : "{"Servlet": "FileServlet"}",
"artifacts" : "{0}/src/main/java/com/myCompany/myApp/CSRFServlet",
"analyzed" : true,
"loc" : 210.0,
"quality" : 0.0,
"dupCode" : 0.0,
"ccn" : 15.0,
"effort" : 0.0,
"groupedCount" : 1,
"other" : "{ "componentType": "class", "j2eeType": "class", "description": "class java" }"
} ],
"analysisImpactCode" : "0143dde8-3d81-44ac-ab77-fb5132c0f3b0"
}Get sub graph of analysis impact
POST /arch/impact/subGraph
Description
Get sub graph of analysis impact in analysis for a concrete analysis specified by analysisCode parameter or application name specified in applicationName parameter by source id and target id.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Body |
body |
Get sub graph of analysis impact |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of analysis inpact sub graph |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/arch/impact/subGraphRequest body
{
"applicationName" : "myApp",
"analysisCode" : "A-7e3-16dc9e29131",
"sourceId" : 5463,
"targetId" : 5467,
"navigationFilter" : {
"relations" : "contains,uses,update",
"direction" : "out",
"depth" : 2
}
}Example HTTP response
Response 200
{
"components" : [ {
"id" : 23,
"dn" : "app=myApp,class=com.myCompany.myApp.file.CSRFServlet",
"name" : "com.myCompany.myApp.CSRFServlet",
"type" : "class",
"language" : "java",
"tags" : "Security,CSRF",
"grouptags" : "{"Servlet": "FileServlet"}",
"artifacts" : "{0}/src/main/java/com/myCompany/myApp/CSRFServlet",
"analyzed" : true,
"loc" : 210.0,
"quality" : 0.0,
"dupCode" : 0.0,
"ccn" : 15.0,
"effort" : 0.0,
"groupedCount" : 1,
"other" : "{ "componentType": "class", "j2eeType": "class", "description": "class java" }"
} ],
"relations" : [ {
"source" : 5473,
"target" : 5468,
"type" : "uses"
} ]
}Get list of components by filter and pagination
POST /arch/list
Description
List components in analysis for a concrete analysis specified by analysisCode parameter or application name specified in applicationName parameter by filter and pagination.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Body |
body |
List components request |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of components list |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/arch/listRequest body
{
"applicationName" : "myApp",
"analysisCode" : "A-7e3-16dc9e29131",
"pagination" : {
"page" : 1,
"count" : 500,
"total" : 5654
},
"filter" : {
"contains" : "custom.js",
"notContains" : "testFactory",
"languages" : "java,javascript",
"types" : "program,element,map,class",
"analyzed" : true,
"fileName" : "custom.js",
"tags" : "myTag1,myTag2",
"groupTags" : [ {
"name" : "Servlets",
"value" : "FileServlet"
} ]
}
}Example HTTP response
Response 200
{
"pagination" : {
"page" : 1,
"count" : 500,
"total" : 5654
},
"data" : [ {
"id" : 23,
"dn" : "app=myApp,class=com.myCompany.myApp.file.CSRFServlet",
"name" : "com.myCompany.myApp.CSRFServlet",
"type" : "class",
"language" : "java",
"tags" : "Security,CSRF",
"grouptags" : "{"Servlet": "FileServlet"}",
"artifacts" : "{0}/src/main/java/com/myCompany/myApp/CSRFServlet",
"analyzed" : true,
"loc" : 210.0,
"quality" : 0.0,
"dupCode" : 0.0,
"ccn" : 15.0,
"effort" : 0.0,
"groupedCount" : 1,
"other" : "{ "componentType": "class", "j2eeType": "class", "description": "class java" }"
} ]
}Audit
Get audit result
GET /auditResult
Description
Get an audit result with defects count by priority
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
deliveryCode |
Delivery code |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of audit result |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/auditResult?deliveryCode=A-7e3-16e5b1aad2aExample HTTP response
Response 200
{
"analysisCode" : "A-7e3-16e5b1aad2a",
"passAudit" : false,
"label" : "cr_21.11.2019",
"creationTimestamp" : "2019-11-21T12:51:40Z",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 2": 2,"com.optimyth.CQM.defectsByPriority.Priority 3": 1}"
}Get the results from insights in delivery analyses
GET /auditResult/components
Description
Obtains a list of Audit result components for an application name specified in application parameter and a concrete delivery analysis specified by deliveryCode parameter.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
application |
Application name |
string |
Query |
deliveryCode |
Delivery |
string |
Query |
licenseRisk |
Comma-separated list of license risks |
enum (Unknown, High, Medium, Low) |
Query |
limit |
Maximum number of components |
string |
Query |
obsolescenceRisk |
Comma-separated list of obsolescence risks |
enum (Unknown, High, Medium, Low) |
Query |
securityRisk |
Comma-separated list of security risks |
enum (Unknown, High, Medium, Low) |
Query |
status |
Component status |
enum (New, Removed, Modified) |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of components |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/auditResult/components?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&licenseRisk=Unknown%2C+Low&limit=10&obsolescenceRisk=Unknown%2C+Low&securityRisk=Unknown%2C+Low&status=NewExample HTTP response
Response 200
{
"data" : [ {
"id" : 178,
"artifact" : "org.springframework:spring-aop",
"version" : "3.2.13.RELEASE",
"filename" : "spring-aop-3.2.13.RELEASE.jar",
"language" : "java",
"obsolescenceRisk" : "medium",
"licenseRisk" : "unknown",
"securityRisk" : "high",
"custom" : true,
"sources" : [ {
"path" : "pom.xml",
"artifact" : "org.springframework:spring-context",
"version" : "3.2.13.RELEASE",
"child" : [ {
"repository" : "MAVEN",
"artifact" : "org.springframework:spring-aop",
"version" : "3.2.13.RELEASE",
"child" : [ {
"repository" : "MAVEN",
"artifact" : "org.springframework:spring-aop",
"version" : "3.2.13.RELEASE",
"child" : [ "..." ]
} ]
} ]
} ],
"vulnerabilities" : [ {
"id" : 108742,
"cve" : "CVE-2018-11039",
"cwe" : "CWE-20",
"description" : "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.",
"severity" : "Low",
"privateVulnerability" : true
} ]
} ]
}Get audit result defects
GET /auditResult/defects
Description
Get defects of an audit result
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
asc |
Sort ascending: true/false |
enum (true, false) |
Query |
characteristics |
Comma-separated list of characteristics to filter by |
enum (Efficiency, Maintainability, Portability, Reliability, Security) |
Query |
deliveryCode |
Delivery code |
string |
Query |
fileContains |
Use this param to filter defects by file name |
string |
Query |
languages |
Comma-separated list of languages to filter by |
string |
Query |
limit |
Max number of defects returned |
integer (int32) |
Query |
orderBy |
Sorting criteria: priority/effort |
enum (priority, effort) |
Query |
priorities |
Comma-separated list of priorities(Very low, Low, Normal, High, Very high) to filter by |
enum (Very low, Low, Normal, High, Very high) |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of audit result defects |
< DefectDetailResponse > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/auditResult/defects?deliveryCode=A-7e3-16e5b1aad2a&asc=true&characteristics=Security%2C+Efficiency&fileContains=FileSystemRepository.java&languages=java%2C+php&limit=100&orderBy=priority&priorities=Very+high%2C+HighExample HTTP response
Response 200
{
"defectId": 16558118,
"file": "FileSystemRepository.java",
"line": 368,
"code": "\t\t\tout.println(sql);",
"muted": false,
"vulnerabilityType": "Injection",
"explanation": "Reflected XSS: user_input",
"status": "None",
"cweId": 79,
"ruleCode": "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
"rule": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"language": "java",
"characteristic": "Security",
"priority": "Very High",
"effort": "30m",
"modelId": 6252,
"securityDetail": {
"cweId": 79,
"category": "xss",
"resource": "web",
"container": "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
"injectionPoint": "string",
"variableDeclaration": "String sql",
"sourceFile": "FileSystemRepository.java",
"sourceLine": 70,
"sourceCode": "\t\t\tString val = request.getParameter(item);",
"sourceCategory": "user_input",
"sourceResource": "web",
"sourceContainer": "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"sourceInjectionPoint": "string",
"frames": [
{
"index": 0,
"file": "FileSystemRepository.java",
"lineNumber": 32,
"lineText": "\t\t\tString val = request.getParameter(item);",
"category": "user_input",
"resource": "web",
"container": "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"injectionPoint": "string",
"variableDeclaration": "string"
}
],
"datapaths": [
{
"index": 1,
"kind": "sink",
"varname": "user",
"lineNumber": 32,
"lineText": "\t\t\tString val = request.getParameter(item);",
"indirect": true,
"file": "FileSystemRepository.java",
"container": "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"localId": 1,
"localParentId": 1
}
]
}
}
,
...
...
...
{
"defectId": 16558118,
"file": "FileSystemRepository.java",
"line": 368,
"code": "\t\t\tout.println(sql);",
"muted": false,
"vulnerabilityType": "Injection",
"explanation": "Reflected XSS: user_input",
"status": "None",
"cweId": 79,
"ruleCode": "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
"rule": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"language": "java",
"characteristic": "Security",
"priority": "Very High",
"effort": "30m",
"modelId": 6252,
"securityDetail": {
"cweId": 79,
"category": "xss",
"resource": "web",
"container": "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
"injectionPoint": "string",
"variableDeclaration": "String sql",
"sourceFile": "FileSystemRepository.java",
"sourceLine": 70,
"sourceCode": "\t\t\tString val = request.getParameter(item);",
"sourceCategory": "user_input",
"sourceResource": "web",
"sourceContainer": "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"sourceInjectionPoint": "string",
"frames": [
{
"index": 0,
"file": "FileSystemRepository.java",
"lineNumber": 32,
"lineText": "\t\t\tString val = request.getParameter(item);",
"category": "user_input",
"resource": "web",
"container": "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"injectionPoint": "string",
"variableDeclaration": "string"
}
],
"datapaths": [
{
"index": 1,
"kind": "sink",
"varname": "user",
"lineNumber": 32,
"lineText": "\t\t\tString val = request.getParameter(item);",
"indirect": true,
"file": "FileSystemRepository.java",
"container": "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"localId": 1,
"localParentId": 1
}
]
}
} ]Get list of files
GET /audits/checkpoints/violatedrules/files
Description
List files with a violated rule of an audit
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
application |
Application name |
string |
Query |
checkpoint |
Checkpoint id |
string |
Query |
deliveryCode |
Delivery code |
string |
Query |
ruleCode |
Rule code |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of files list |
< FileWithDefectsResponse > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/audits/checkpoints/violatedrules/files?application=myApp&checkpoint=3452&deliveryCode=A-7e3-16e5b1aad2a&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRuleExample HTTP response
Response 200
[
{
"file": "src/main/java/com/myCompany/myApp/CSRFServlet.java",
"defectsCount": 1,
"defects": {
"href": "https://api.kiuwan.com/audits/checkpoints/violatedrules/files/defects?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&checkpoint=3452&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java"
}
},
...
...
...
{
"file": "src/main/java/com/myCompany/myApp/CSRFServlet.java",
"defectsCount": 1,
"defects": {
"href": "https://api.kiuwan.com/audits/checkpoints/violatedrules/files/defects?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&checkpoint=3452&ruleCode=OPT.JAVA.EXCP.AvoidThrowNullPointerExceptions&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java"
}
}
]Get list of defects of file
GET /audits/checkpoints/violatedrules/files/defects
Description
List defects in a file
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
application |
Application name |
string |
Query |
checkpoint |
Checkpoint id |
string |
Query |
deliveryCode |
Delivery code |
string |
Query |
file |
File name |
string |
Query |
ruleCode |
Rule code |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of defects line list |
< DefectLineResponse > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/audits/checkpoints/violatedrules/files/defects?application=myApp&checkpoint=3452&deliveryCode=A-7e3-16e5b1aad2a&file=FileSystemRepository.java&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRuleExample HTTP response
Response 200
[
{
"code": " StringReader reader = new StringReader(json);",
"line": 64,
"muted": false
},
...,
{
"code": " JsonReader jr = new JsonReader(reader);",
"line": 65,
"muted": false
}
]Get PDF report of insight
GET /audits/result/componentsPDF
Description
Obtains an audits result report for an application name specified in application parameter and a concrete analysis specified by deliveryCode parameter.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
application |
Application name |
string |
Query |
deliveryCode |
Delivery code |
string |
Query |
licenseRisk |
Comma-separated list of license risks |
enum (Unknown, High, Medium, Low) |
Query |
limit |
Maximum number of components |
string |
Query |
obsolescenceRisk |
Comma-separated list of obsolescence risks |
enum (Unknown, High, Medium, Low) |
Query |
securityRisk |
Comma-separated list of security risks |
enum (Unknown, High, Medium, Low) |
Query |
status |
Component status |
enum (New, Removed, Modified) |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of of report |
file |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/pdf -
application/json
Example HTTP request
Request path
/audits/result/componentsPDF?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&licenseRisk=Unknown%2C+Low&limit=10&obsolescenceRisk=Unknown%2C+Low&securityRisk=Unknown%2C+Low&status=NewGet audit result PDF report
GET /audits/result/export
Description
Obtains an audit report of the specified delivery in PDF format. It is necessary an analysis code or an application name and change request
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
application |
Application name |
string |
Query |
changeRequest |
Change request |
string |
Query |
code |
Analysis code |
string |
Query |
deliveryLabel |
Delivery label |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of an audit result report |
file |
400 |
Invalid parameter |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/pdf -
application/json
Example HTTP request
Request path
/audits/result/export?application=myApp&changeRequest=CR_11.01.2020&code=A-7e3-16e5b1aad2a&deliveryLabel=delivery_11.01.2020Defect
Create mutes for a rule/file
POST /applications/defects/mute
Description
Create mute patterns for this ruleCode or file
Allowed Combinations of parameters:-
-
Only rule parameter can be used to create mute pattern for a specific rule,
-
Only fileName parameter can be passed to create mute pattern for a specific file, regardless of rule
-
rule parameter can be combined with filePattern parameter to create mute pattern for a certain rule belonging to a set of filePatterns
-
rule parameter can be combined with fileName parameter to create mute pattern for a certain rule belonging to a specific file
Invalid cases of parameters:-
-
Either rule or file pattern parameters must have a valid value otherwise it will throw an error
-
Only one of fileName or filePattern parameter should be passed otherwise it will throw an error
-
Passing only filePattern parameter will throw an error
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
application |
Application Name |
string |
Query |
comment |
Mute comment |
string |
Query |
fileName |
File name to mute |
string |
Query |
filePattern |
Comma-separated file patterns to mute |
string |
Query |
rule |
Rule Code |
string |
Query |
why |
Mute reason |
enum (NONE, FALSE_POSITIVE, TOO_MANY_DEFECTS, GENERATED_CODE, TOO_COMPLEX_CODE, OTHER) |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successfully created a suppression rule |
integer (int32) |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/applications/defects/mute?application=test&comment=Muted+this+rule%2Ffile+because+it+is+generated+code&fileName=Library%2Fsrc%2FLibrary.java&filePattern=%2FViewIssuedBooks.java%2C%2FLibrary.java&rule=OPT.JAVA.FMETODOS.NCE&why=GENERATED_CODEExample HTTP response
Response 200
0Create suppresion rule for a defect
POST /defect/{defectId}/mute
Description
Create a suppression rule for this defect.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Path |
defectId |
Defect identifier |
integer (int64) |
Query |
comment |
Mute comment |
string |
Query |
muteBy |
Mute By |
enum (LINE_NUMBER(default), SOURCE_CODE) |
Query |
why |
Mute reason |
enum (NONE, FALSE_POSITIVE, TOO_MANY_DEFECTS, GENERATED_CODE, TOO_COMPLEX_CODE, OTHER) |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successfully created a suppression rule |
integer (int32) |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/defect/17375778/mute?comment=Muted+this+defect+because+it+is+generated+code&muteBy=LINE_NUMBER&why=GENERATED_CODEExample HTTP response
Response 200
0Get defect notes
GET /defect/{defectId}/notes
Description
Obtains the list of notes associated to this defect.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Path |
defectId |
Defect identifier |
integer (int64) |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of a defect notes list |
< DefectNoteResponse > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/defect/17375778/notesExample HTTP response
Response 200
[ { "date" : "2019/05/02 14:26", "user" : "John Smith", "text" : "To review by security experts" },
...
...
...
{ "date" : "2019/05/12 14:26", "user" : "John Smith", "text" : "To review by security experts" } ]Update the status of a defect
POST /defect/{defectId}/status
Description
Update status of this defect and add a note, possible status are (NONE, TO_REVIEW, REVIEWED)
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Path |
defectId |
Defect identifier |
integer (int64) |
Query |
note |
Note detail |
string |
Query |
status |
Defect status |
enum (NONE, TO_REVIEW, REVIEWED) |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successfully updated defect status |
No Content |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/defect/17375778/status?status=TO_REVIEW¬e=To+review+by+security+expertsGet violated rules of an analysis
GET /violatedrules
Description
Obtains the list of violated rules of an analysis for the authenticated user.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
analysisCode |
Analysis code |
string |
Query |
application |
Application name |
string |
Query |
characteristic |
CQM characteristic |
enum (Efficiency, Maintainability, Portability, Reliability, Security) |
Query |
language |
CQM technology |
string |
Query |
onlyCodeSecurity |
Only Code Security rules |
enum (true, false) |
Query |
priority |
Rule priority |
enum (Very low, Low, Normal, High, Very high) |
Query |
tag |
Rule tag |
string |
Query |
vulnerabilityType |
Vulnerability type |
enum ('Permissions, privileges and access controls', 'Injection', 'Error handling and fault isolation', 'Other', 'Encryption and randomness', 'Misconfiguration', 'Design error', 'Initialization and shutdown', 'Control flow management', 'File handling', 'Number handling', 'System element isolation', 'Buffer handling', 'Information leaks', 'Pointer and reference handling') |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of violated rules list |
< ViolatedRuleResponse > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/violatedrules?application=myApp&analysisCode=A-7e3-16e5b1aad2a&characteristic=Security&language=java&onlyCodeSecurity=true&priority=Very+high&tag=hardcoded-path&vulnerabilityType=InjectionExample HTTP response
Response 200
[
{
"ruleCode": "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
"modelId": 6252,
"defectsCount": 72,
"suppressedDefectsCount": 0,
"filesCount": 11,
"effort": "36h 00",
"characteristic": "Security",
"vulnerabilityType": "Injection",
"tags": "[CERT-J:IDS51-J,CWE:79,CWEScope:Access-Control,CWEScope:Availability,CWEScope:Confidentiality,CWEScope:Integrity,essential,OWASP:2013:A3,OWASP:2017:A7,OWASP-M:2014:M7,PCI-DSS:6.5.7,SANS25:2010:1,SANS25:2011:4,WASC:08]",
"priority": "Very High",
"language": "Java",
"files": {
"href": "https://api.kiuwan.com/audits/checkpoints/violatedrules/files/defects?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&checkpoint=3452&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java"
}
},
...
...
...
{
"ruleCode": "OPT.JAVA.DECLARA.IMPT",
"modelId": 1,
"defectsCount": 21,
"suppressedDefectsCount": 0,
"filesCount": 21,
"effort": "1h 03",
"characteristic": "Maintainability",
"tags": [],
"priority": "Normal",
"language": "Java",
"files": {
"href": "https://api.kiuwan.com/audits/checkpoints/violatedrules/files/defects?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&checkpoint=3452&ruleCode=OPT.JAVA.DECLARA.IMPT"
}
}
]Get files of a violated rule
GET /violatedrules/files
Description
Obtains the list of files where the violated rule affects.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
analysisCode |
Analysis code |
string |
Query |
application |
Application name |
string |
Query |
ruleCode |
Rule code |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of files with defects |
< FileWithDefectsResponse > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/violatedrules/files?analysisCode=A-7e3-16e5b1aad2a&application=myApp&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRuleExample HTTP response
Response 200
[
{
"file": "src/main/java/com/myCompany/myApp/CSRFServlet.java",
"defectsCount": 1,
"defects": {
"href": "https://api.kiuwan.com/audits/checkpoints/violatedrules/files/defects?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&checkpoint=3452&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java"
}
},
...
...
...
{
"file": "src/main/java/com/myCompany/myApp/CSRFServlet.java",
"defectsCount": 1,
"defects": {
"href": "https://api.kiuwan.com/audits/checkpoints/violatedrules/files/defects?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&checkpoint=3452&ruleCode=OPT.JAVA.EXCP.AvoidThrowNullPointerExceptions&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java"
}
}
]Get defects of file
GET /violatedrules/files/defects
Description
Obtains the list of defects in a file for a concrete violated rule.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
analysisCode |
Analysis code |
string |
Query |
application |
Application name |
string |
Query |
file |
File name including path |
string |
Query |
ruleCode |
Rule code |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of defect lines |
< DefectLineResponse > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/violatedrules/files/defects?analysisCode=A-7e3-16e5b1aad2a&application=myApp&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRuleExample HTTP response
Response 200
[
{
"code": " StringReader reader = new StringReader(json);",
"line": 64,
"muted": false
},
...,
{
"code": " JsonReader jr = new JsonReader(reader);",
"line": 65,
"muted": false
}
]Delivery
Get deliveries of an application
GET /applications/deliveries
Description
Obtains the deliveries indicating the name of the application.
Parameters
| Type | Name | Description | Model | Default |
|---|---|---|---|---|
Query |
application |
Application name |
string |
|
Query |
auditSuccess |
Set to true or false to retrieve only succeeded or failed audit delivery, respectively |
enum (true, false) |
|
Query |
changeRequestFilter |
To filter deliveries by changeRequest |
string |
|
Query |
count |
Limit results |
integer |
|
Query |
filterPurgedAnalyses |
Set to true to not retrieve purged analyses |
enum (true, false) |
|
Query |
maxdays |
Max number of days old of deliveries returned |
integer (int32) |
|
Query |
page |
Number of results page (defaults to 1) |
integer |
|
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of deliveries list |
< AnalysisResponse > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/applications/deliveries?application=myApp&auditSuccess=true&changeRequestFilter=CR_21.11.1019&count=500&filterPurgedAnalyses=true&maxdays=30&page=1Example HTTP response
Response 200
[ {
"code": "A-7e3-16dc9e29131",
"label": "14.10.2019_1",
"creationDate": "2019-10-14T15:15:15Z",
"qualityModel": "CQM",
"modelId": "string",
"encoding": "UTF-8",
"invoker": "github software",
"status": "RUNNING",
"errorCode": "string",
"unparsedFiles": [
{
"file": "FileSystemSQL.java",
"cause": "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
}
],
"analysisScope": "Baseline",
"changeRequest": "CR_14-10-2019_1",
"changeRequestStatus": "Resolved",
"branchName": "master",
"auditResult": "FAIL",
"analysisBusinessValue": "CRITICAL",
"analysisProvider": "Lab",
"analysisPortfolios": {
"country": "spain"
},
"metrics": {
"com.optimyth.CQM.defectsByPriority.Priority 1": 163,
"com.optimyth.CQM.defectsByPriority.Priority 2": 201,
"com.optimyth.CQM.defectsByPriority.Priority 3": 159,
"com.optimyth.CQM.defectsByPriority.Priority 4": 17,
"com.optimyth.CQM.defectsByPriority.Priority 5": 41
}
},
...
...
...
{
"code": "A-7e3-16dc9e29131",
"label": "14.10.2019_1",
"creationDate": "2019-10-14T15:15:15Z",
"qualityModel": "CQM",
"modelId": "string",
"encoding": "UTF-8",
"invoker": "github software",
"status": "RUNNING",
"errorCode": "string",
"unparsedFiles": [
{
"file": "FileSystemSQL.java",
"cause": "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
}
],
"analysisScope": "Baseline",
"changeRequest": "CR_14-10-2019_1",
"changeRequestStatus": "Resolved",
"branchName": "master",
"auditResult": "FAIL",
"analysisBusinessValue": "CRITICAL",
"analysisProvider": "Lab",
"analysisPortfolios": {
"country": "spain"
},
"metrics": {
"com.optimyth.CQM.defectsByPriority.Priority 1": 163,
"com.optimyth.CQM.defectsByPriority.Priority 2": 201,
"com.optimyth.CQM.defectsByPriority.Priority 3": 159,
"com.optimyth.CQM.defectsByPriority.Priority 4": 17,
"com.optimyth.CQM.defectsByPriority.Priority 5": 41
}
} ]Get information of the last successful delivery
GET /deliveries/last_analysis
Description
Obtains the information of the last successful delivery.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
application |
Application name |
string |
Query |
branch |
To filter deliveries by branch name |
string |
Query |
changeRequest |
To filter deliveries by changeRequest |
string |
Query |
label |
To filter deliveries by audit label |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of delivery information |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/deliveries/last_analysis?application=myApp&branch=origin%2Fdevelop&changeRequest=CR_21.11.1019&label=audit+pre+mergeExample HTTP response
Response 200
{
"name" : "android",
"description" : "GitHub Android App",
"auditName" : "Kiuwan default audit",
"applicationBusinessValue" : "CRITICAL",
"applicationProvider" : "Lab",
"applicationPortfolios" : "{ "country": "spain" }",
"creationDate" : "2020-07-22T15:34:53Z",
"label" : "14.10.2019_1",
"date" : "2019-10-14T15:15:15Z",
"modelId" : 6252,
"encoding" : "UTF-8",
"analysisCode" : "A-ZBA-234820349",
"analysisURL" : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349",
"auditResultURL" : "string",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"analysisStatus" : "FINISHED",
"languages" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"architecture" : {
"languages" : [ {
"value" : "java",
"count" : 22
} ],
"types" : [ {
"value" : "java",
"count" : 22
} ],
"relations" : [ {
"value" : "java",
"count" : 22
} ],
"tags" : "tag1",
"groupTags" : "group1"
},
"insightsData" : {
"components" : 29,
"vulnerabilities" : 15,
"licenses" : 8,
"duplicates" : 8,
"risks" : [ {
"name" : "string",
"risk" : {
"string" : 0
}
} ]
},
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Complete delivery",
"changeRequest" : "CR_13.01.2020",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"baselineAnalysisCode" : "A-7e3-16dc9e29131",
"deliveryFiles" : {
"count" : 132
},
"deliveryDefects" : {
"newDefects" : 3,
"removedDefects" : 0,
"defects" : 582
},
"auditResult" : {
"auditName" : "Kiuwan default audit",
"description" : "Default audit provided by Kiuwan. Checks if there are new defects. The audit will not pass if there are any.",
"approvalThreshold" : 50.0,
"overallResult" : "FAIL",
"score" : 0.0,
"checkpointResults" : [ {
"checkpoint" : "1",
"result" : "FAIL",
"name" : "No new defects",
"description" : "If a new defect is detected, the checkpoint will not pass.",
"weight" : 1,
"mandatory" : true,
"type" : "Threshold for maximum new defects",
"score" : 0.0,
"violatedRules" : [ {
"ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
"modelId" : 6252,
"defectsCount" : 72,
"suppressedDefectsCount" : 0,
"filesCount" : 11,
"effort" : "36h 00",
"characteristic" : "Security",
"vulnerabilityType" : "Injection",
"tags" : "[CERT-J:IDS51-J,CWE:79,CWEScope:Access-Control,CWEScope:Availability,CWEScope:Confidentiality,CWEScope:Integrity,essential,OWASP:2013:A3,OWASP:2017:A7,OWASP-M:2014:M7,PCI-DSS:6.5.7,SANS25:2010:1,SANS25:2011:4,WASC:08]",
"priority" : "Very High",
"language" : "Java",
"files" : {
"href" : "https://api.kiuwan.com/audits/checkpoints/violatedrules/files/defects?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&checkpoint=3452&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java"
}
} ]
} ]
},
"lastSuccessfulBaseline" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"lastSuccessfulDelivery" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"quality_model" : "CQM",
"ordered_by" : "github software",
"Risk index" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Quality indicator" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Effort to target" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Main metrics" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"Security" : "{ "Rating": 1, {"3Stars":104.6,"5Stars":255.9,"2Stars":64.89,"4Stars":247.4}"
}Get information of a delivery by code
GET /deliveries/{code}
Description
Obtains the information of delivery indicating the code of the delivery.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Path |
code |
Delivery code |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of delivery information |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/deliveries/A-7e3-16e5b1aad2aExample HTTP response
Response 200
{
"name" : "android",
"description" : "GitHub Android App",
"auditName" : "Kiuwan default audit",
"applicationBusinessValue" : "CRITICAL",
"applicationProvider" : "Lab",
"applicationPortfolios" : "{ "country": "spain" }",
"creationDate" : "2020-07-22T15:34:53Z",
"label" : "14.10.2019_1",
"date" : "2019-10-14T15:15:15Z",
"modelId" : 6252,
"encoding" : "UTF-8",
"analysisCode" : "A-ZBA-234820349",
"analysisURL" : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349",
"auditResultURL" : "string",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"analysisStatus" : "FINISHED",
"languages" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"architecture" : {
"languages" : [ {
"value" : "java",
"count" : 22
} ],
"types" : [ {
"value" : "java",
"count" : 22
} ],
"relations" : [ {
"value" : "java",
"count" : 22
} ],
"tags" : "tag1",
"groupTags" : "group1"
},
"insightsData" : {
"components" : 29,
"vulnerabilities" : 15,
"licenses" : 8,
"duplicates" : 8,
"risks" : [ {
"name" : "string",
"risk" : {
"string" : 0
}
} ]
},
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Complete delivery",
"changeRequest" : "CR_13.01.2020",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"baselineAnalysisCode" : "A-7e3-16dc9e29131",
"deliveryFiles" : {
"count" : 132
},
"deliveryDefects" : {
"newDefects" : 3,
"removedDefects" : 0,
"defects" : 582
},
"auditResult" : {
"auditName" : "Kiuwan default audit",
"description" : "Default audit provided by Kiuwan. Checks if there are new defects. The audit will not pass if there are any.",
"approvalThreshold" : 50.0,
"overallResult" : "FAIL",
"score" : 0.0,
"checkpointResults" : [ {
"checkpoint" : "1",
"result" : "FAIL",
"name" : "No new defects",
"description" : "If a new defect is detected, the checkpoint will not pass.",
"weight" : 1,
"mandatory" : true,
"type" : "Threshold for maximum new defects",
"score" : 0.0,
"violatedRules" : [ {
"ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
"modelId" : 6252,
"defectsCount" : 72,
"suppressedDefectsCount" : 0,
"filesCount" : 11,
"effort" : "36h 00",
"characteristic" : "Security",
"vulnerabilityType" : "Injection",
"tags" : "[CERT-J:IDS51-J,CWE:79,CWEScope:Access-Control,CWEScope:Availability,CWEScope:Confidentiality,CWEScope:Integrity,essential,OWASP:2013:A3,OWASP:2017:A7,OWASP-M:2014:M7,PCI-DSS:6.5.7,SANS25:2010:1,SANS25:2011:4,WASC:08]",
"priority" : "Very High",
"language" : "Java",
"files" : {
"href" : "https://api.kiuwan.com/audits/checkpoints/violatedrules/files/defects?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&checkpoint=3452&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java"
}
} ]
} ]
},
"lastSuccessfulBaseline" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"lastSuccessfulDelivery" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"quality_model" : "CQM",
"ordered_by" : "github software",
"Risk index" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Quality indicator" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Effort to target" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Main metrics" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"Security" : "{ "Rating": 1, {"3Stars":104.6,"5Stars":255.9,"2Stars":64.89,"4Stars":247.4}"
}Documentation
Get rule’s documentation
GET /doc/rule
Description
Obtains the documentation of a rule.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
application |
Application name |
string |
Query |
code |
Rule code |
string |
Query |
modelId |
Model id |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of rule documentation |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/doc/rule?application=myApp&code=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule&modelId=4525Example HTTP response
Response 200
{
"description" : "Software places user-controlled input in page content. An attacker could inject browser script code that is executed\nin the client browser. The end-user is the attacked subject, and the software is the vehicle for the attack.\nThere are two main kinds of XSS:\n\n* Reflected XSS: Attacker causes victim to supply malicious content to a vulnerable web application, which\n renders HTML content embedding a malicious script executed in victim's browser. A variation of this is named\n DOM-based XSS, where the vulnerable software does not generate content depending on user input but include\n script code that use user-controlled input.\n\n* Persisted XSS: Attacker provides malicious content to vulnerable application. When other user access to\n vulnerable pages that embed without proper neutralization the attacker content, script code is executed in the\n victim's browser.\n\nThe script executed in the victim's browser could perform malicious activities.\n\nMany browsers could limit the damage via security restrictions (e.g. 'same origin policy'), but user browsers\ngenerally allow scripting languages (e.g. JavaScript) in their browsers (disabling JavaScript severely limits\na web site).",
"name" : "Do not use variables as parameters for messages",
"code" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
"references" : "http://cwe.mitre.org/data/definitions/79.html,https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet,https://www.google.es/about/appsecurity/learning/xss/,https://www.securecoding.cert.org/confluence/display/java/IDS51-J.+Properly+encode+or+escape+output",
"benefits" : "string",
"drawbacks" : "string",
"violationCode" : "import javax.servlet.http.HttpServletRequest;\nimport javax.servlet.http.HttpServletResponse;\nimport java.io.IOException;\nimport java.io.PrintWriter;\n\npublic class CrossSiteScriptingCode {\n public void directXSS(HttpServletRequest req, HttpServletResponse res) throws IOException {\n PrintWriter w = res.getWriter();\n w.println( req.getParameter(\\\"input\\\") ); // VIOLATION\n }\n}",
"fixedCode" : "import javax.servlet.http.HttpServletRequest;\nimport javax.servlet.http.HttpServletResponse;\nimport java.io.IOException;\nimport java.io.PrintWriter;\nimport org.owasp.html.*;\n\npublic class CrossSiteScriptingCode {\n public void directXSS(HttpServletRequest req, HttpServletResponse res) throws IOException {\n PrintWriter w = res.getWriter();\n // OWASP Java HTML Sanitizer (upgrade to r88 or later)\n // Use your own security library if needed\n PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);\n String safeHTML = policy.sanitize( req.getParameter(\\\"input\\\") );\n w.println(safeHTML); // OK\n }\n}",
"tags" : "["CWEScope:Access-Control","CWEScope:Availability","CWEScope:Confidentiality","CWEScope:Integrity","essential"]",
"normatives" : "["CERT-J:IDS51-J","CWE:79","OWASP:2013:A3","OWASP:2017:A7","OWASP-M:2014:M7","PCI-DSS:6.5.7","SANS25:2010:1","SANS25:2011:4","WASC:08"]"
}GlobalStats
Get the user information
GET /stats
Description
Obtains the user’s global information about locs, files and analysis alongwith the current timestamp in UTC format as JSON if user has access to all customer applications. Access Denied otherwise.
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of global information |
< GlobalCounterResponse > array |
403 |
Access denied |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/statsExample HTTP response
Response 200
[
{
"name": "locs",
"value": 545444.0
},
{
"name": "files",
"value": 255.0
},
{
"name": "analysis",
"value": 3806.0
},
{
"name": "24hlocs",
"value": 45000.0
},
{
"name": "as of",
"value": "2021-10-18T07:39:01Z"
}
]Information
Get user info
GET /info
Description
Obtains the user’s information
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of user’s information |
|
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/infoExample HTTP response
Response 200
{
"username" : "John Smith",
"organization" : "MyCompany",
"engineVersion" : "master.p571.q11669.a1875.i539",
"engineFrozen" : true
}Insights
Get list of applications
GET /insights/analysis/applications
Description
Lists applications that use a particular compoment. it can be filtered by group, artifact, technology and version.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
artifact |
Artifact name |
string |
Query |
group |
Group name |
string |
Query |
language |
Language |
string |
Query |
version |
Version |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of applications list |
< ApplicationsComponentsResponse > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/insights/analysis/applications?artifact=spring-core&group=org.springframework&language=java&version=1.0.0Example HTTP response
Response 200
[ {
"application" : {
"name" : "android",
"description" : "GitHub Android App",
"auditName" : "Kiuwan default audit",
"applicationBusinessValue" : "CRITICAL",
"applicationProvider" : "Lab",
"applicationPortfolios" : "{ "country": "spain" }",
"creationDate" : "2020-07-22T15:34:53Z",
"lastSuccessfulBaseline" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"lastSuccessfulDelivery" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"quality_model" : "CQM"
},
"component" : {
"id" : 357,
"artifact" : "org.springframework:spring-core",
"version" : "3.2.13.RELEASE",
"description" : "Spring Core",
"custom" : true
}
} ]Get list of components
GET /insights/analysis/components
Description
List components in analysis for an application name specified in application parameter and a concrete analysis specified by analysisCode parameter.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
analysisCode |
Analysis code |
string |
Query |
application |
Application name |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of insight components list |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/insights/analysis/components?analysisCode=A-7e3-16e5b1aad2a&application=myAppExample HTTP response
Response 200
{
"data" : [ {
"id" : 178,
"artifact" : "org.springframework:spring-aop",
"version" : "3.2.13.RELEASE",
"filename" : "spring-aop-3.2.13.RELEASE.jar",
"language" : "java",
"obsolescenceRisk" : "medium",
"licenseRisk" : "unknown",
"securityRisk" : "high",
"custom" : true,
"sources" : [ {
"path" : "pom.xml",
"artifact" : "org.springframework:spring-context",
"version" : "3.2.13.RELEASE",
"child" : [ {
"repository" : "MAVEN",
"artifact" : "org.springframework:spring-aop",
"version" : "3.2.13.RELEASE",
"child" : [ {
"repository" : "MAVEN",
"artifact" : "org.springframework:spring-aop",
"version" : "3.2.13.RELEASE",
"child" : [ "..." ]
} ]
} ]
} ],
"vulnerabilities" : [ {
"id" : 108742,
"cve" : "CVE-2018-11039",
"cwe" : "CWE-20",
"description" : "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.",
"severity" : "Low",
"privateVulnerability" : true
} ]
} ]
}Get list of licenses
GET /insights/analysis/licenses
Description
List licenses in analysis for an application name specified in application parameter and a concrete analysis specified by analysisCode parameter.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
analysisCode |
Analysis code |
string |
Query |
application |
Application name |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of insight licenses detail list |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/insights/analysis/licenses?analysisCode=A-7e3-16e5b1aad2a&application=myAppExample HTTP response
Response 200
{
"data" : [ {
"id" : 23,
"license" : "Apache License 2.0",
"component" : "8",
"spdxCode" : "Apache-2.0",
"type" : "Permissive",
"url" : "https://spdx.org/licenses/Apache-2.0.html",
"risk" : "none",
"permissions" : "[\"COMMERCIAL\",\"MODIFY\",\"DISTRIBUTE\",\"SUBLICENSE\",\"PRIVATE\",\"USE_PATENT_CLAIMS\",\"PLACE_WARRANTY\"]",
"limitations" : "[\"HOLD_LIABLE\",\"USE_TRADEMARK\"]",
"conditions" : "[\"INCL_COPYRIGHT\",\"INCL_LICENSE\",\"STATE_CHANGES\",\"INCLUDE_NOTICE\"]",
"components" : [ {
"id" : 357,
"artifact" : "org.springframework:spring-core",
"version" : "3.2.13.RELEASE",
"description" : "Spring Core",
"custom" : true
} ]
} ]
}Get list of obsolescences
GET /insights/analysis/obsolescence
Description
List obsolescences in analysis for an application name specified in application parameter and a concrete analysis specified by analysisCode parameter.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
analysisCode |
Analysis code |
string |
Query |
application |
Application name |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of insight obsolescence detail list |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/insights/analysis/obsolescence?analysisCode=A-7e3-16e5b1aad2a&application=myAppExample HTTP response
Response 200
{
"data" : [ {
"component" : "commons-logging:commons-logging",
"language" : "java",
"usedVersion" : "1.1.3",
"dateUsed" : "2013/05/16",
"lastVersion" : "1.2",
"dateLast" : "2014/07/05",
"release" : "1",
"outOfDate" : "1y 50d",
"timeInactivity" : "5y 194d",
"obsolescenceRisk" : "3.33",
"risk" : "Medium",
"description" : "Commons Logging is a thin adapter allowing configurable bridging to other,\n well known logging systems.",
"custom" : true
} ]
}Get insight security detail list
GET /insights/analysis/security
Description
List security in analysis for an application name specified in application parameter and a concrete analysis specified by analysisCode parameter.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
analysisCode |
Analysis code |
string |
Query |
application |
Application name |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of insight security detail list |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/insights/analysis/security?analysisCode=A-7e3-16e5b1aad2a&application=myAppExample HTTP response
Response 200
{
"data" : [ {
"id" : 86896,
"cve" : "CVE-2016-5007",
"cwe" : "CWE-264",
"muted" : true,
"lastModified" : "2017/05/25 19:29",
"exploitabilitySubscore" : "10",
"impactSubscore" : "2.9",
"getcVSSv2BaseScore" : "5",
"getcVSSv3BaseScore" : "5",
"securityRisk" : "MEDIUM",
"description" : "Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.",
"privateVulnerability" : true,
"components" : [ {
"id" : 357,
"artifact" : "org.springframework:spring-core",
"version" : "3.2.13.RELEASE",
"description" : "Spring Core",
"custom" : true
} ]
} ]
}Get PDF report of insight
GET /insights/analysis/summary/export
Description
Obtains an insight report for an application name specified in application parameter and a concrete analysis specified by analysisCode parameter.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
analysisCode |
Analysis code |
string |
Query |
application |
Application name |
string |
Query |
licenseRisk |
Comma-separated list of license risks |
enum (Unknown, High, Medium, Low) |
Query |
limit |
Maximum number of components |
string |
Query |
obsolescenceRisk |
Comma-separated list of obsolescence risks |
enum (Unknown, High, Medium, Low) |
Query |
securityRisk |
Comma-separated list of security risks |
enum (Unknown, High, Medium, Low) |
Query |
status |
Component status |
enum (New, Removed, Modified) |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of of report |
file |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/pdf -
application/json
Example HTTP request
Request path
/insights/analysis/summary/export?analysisCode=A-7e3-16e5b1aad2a&application=myApp&licenseRisk=Unknown%2C+Low&limit=10&obsolescenceRisk=Unknown%2C+Low&securityRisk=Unknown%2C+Low&status=NewInsights Custom Components
Create custom component
POST /insights/custom/component/add
Description
Creates a new custom component.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Body |
body |
The component to create |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successfully created custom component |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/insights/custom/component/addRequest body
{
"group" : "org.springframework",
"artifact" : "spring-aop",
"version" : "3.2.13.RELEASE",
"language" : "java",
"description" : "This artifact define the spring-aop",
"date" : "2019-08-03T10:15:30Z",
"custom" : false,
"showPublicVulnerabilities" : false,
"showPublicLicenses" : false
}Example HTTP response
Response 200
{
"result" : "OK"
}Delete custom component
DELETE /insights/custom/component/delete
Description
Delete custom component or all components that has the same group name, artifact name and technology if the version field is not provided.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Body |
body |
the component to delete |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successfully deleted custom components. In case that version is not provided then the map contains all versions with custom data and its result. The different values could be 'OK' or 'ASSOCIATED_ANALYSIS' this status is that the component has custom data but is not considered public and it is associated with an analysis. |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/insights/custom/component/deleteRequest body
{
"group" : "org.springframework",
"artifact" : "spring-core",
"language" : "java",
"version" : "1.0.0"
}Example HTTP response
Response 200
{
"result" : "OK"
}Get list of custom components
GET /insights/custom/component/list
Description
Get list of custom components.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
artifactName |
Artifact name |
string |
Query |
count |
The number of the elements per page |
integer |
Query |
groupName |
Group name |
string |
Query |
language |
Language |
string |
Query |
page |
Page number of the request |
integer |
Query |
version |
Version |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successfully get list of custom components |
< CustomComponentRestData > array |
400 |
Bad request |
No Content |
403 |
Access denied |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/insights/custom/component/list?artifactName=spring-core&count=50&groupName=org.springframework&language=java&page=1&version=1.0.0Example HTTP response
Response 200
[ {
"group" : "org.springframework",
"artifact" : "spring-aop",
"version" : "3.2.13.RELEASE",
"language" : "java",
"description" : "This artifact define the spring-aop",
"date" : "2019-08-03T10:15:30Z",
"custom" : false,
"showPublicVulnerabilities" : false,
"showPublicLicenses" : false
},
...
...
...
{
"group" : "org.springframework",
"artifact" : "spring-core",
"version" : "1.0.0",
"language" : "java",
"description" : "This artifact define the spring-core",
"date" : "2019-08-13T10:15:30Z",
"custom" : false,
"showPublicVulnerabilities" : false,
"showPublicLicenses" : false
} ]Update custom component
PUT /insights/custom/component/update
Description
Updates a existing custom component.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Body |
body |
The component to update |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successfully updated custom component |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/insights/custom/component/updateRequest body
{
"group" : "org.springframework",
"artifact" : "spring-aop",
"version" : "3.2.13.RELEASE",
"language" : "java",
"description" : "This artifact define the spring-aop",
"date" : "2019-08-03T10:15:30Z",
"custom" : false,
"showPublicVulnerabilities" : false,
"showPublicLicenses" : false
}Example HTTP response
Response 200
{
"result" : "OK"
}Create association between licenses and artifact
POST /insights/custom/license/artifact
Description
Create association between licenses and artifact
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Body |
body |
data to create relation between licenses and artifact |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successfully created association between licenses and artifact |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/insights/custom/license/artifactRequest body
{
"group" : "org.springframework",
"artifact" : "spring-aop",
"language" : "java",
"version" : "3.2.13.RELEASE",
"spdxids" : "Apache-2.0"
}Example HTTP response
Response 200
{
"result" : "OK"
}Delete relationship between a license and artifact
DELETE /insights/custom/license/artifact
Description
Delete relationship between a license and artifact
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Body |
body |
data to delete relationship between license and artifact |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successfully deleted relationship between a license and artifact |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/insights/custom/license/artifactRequest body
{
"group" : "org.springframework",
"artifact" : "spring-aop",
"language" : "java",
"version" : "3.2.13.RELEASE",
"spdxid" : "Apache-2.0"
}Example HTTP response
Response 200
{
"result" : "OK"
}Delete all relationships between licenses and artifact
DELETE /insights/custom/license/artifact/all
Description
Delete all relationships between licenses and artifact
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Body |
body |
data to delete all relationships between licenses and artifact |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successfully deleted all relationships between licenses and artifact |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/insights/custom/license/artifact/allRequest body
{
"group" : "org.springframework",
"artifact" : "spring-aop",
"language" : "java",
"version" : "3.2.13.RELEASE"
}Example HTTP response
Response 200
{
"result" : "OK"
}Get list of spdx licenses
GET /insights/custom/spdx/licenses
Description
List spdx licenses.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
licenseName |
License name |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of spdx licenses list |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/insights/custom/spdx/licenses?licenseName=ApacheExample HTTP response
Response 200
{
"data" : [ {
"spdxid" : "Apache-2.0",
"details" : "https://spdx.org/licenses/Apache-2.0.html",
"name" : "Apache License 2.0"
} ]
}Create private vulnerability
POST /insights/custom/vulnerability/add
Description
Creates a new private vulnerability.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Body |
body |
the vulnerability to create |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successfully created private vulnerability |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/insights/custom/vulnerability/addRequest body
{
"vulnerabilityCode" : "CUSTOM-0001",
"cwe" : "CWE-20",
"description" : "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.",
"severity" : "Low",
"v2vectorString" : "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"v2accessVector" : "Local ",
"v2accessComplexty" : "Low",
"v2authentication" : "None",
"v2confidentialityImpact" : "None",
"v2integrityImpact" : "None",
"v2availabilityImpact" : "None",
"v2baseScore" : 4.6,
"v2exploitabilityScore" : 8.5,
"v2impactScore" : 8.5,
"v3vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"v3attackVector" : "Network",
"v3attackComplexity" : "Low",
"v3privilegesRequired" : "Low",
"v3userInteraction" : "None",
"v3scope" : "Unchanged",
"v3confidentialityImpact" : "None",
"v3integrityImpact" : "None",
"v3availabilityImpact" : "None",
"v3baseScore" : 7.5,
"v3baseSeverity" : "Low",
"v3exploitabilityScore" : 3.9,
"v3impactScore" : 3.6,
"vulnerableArtifactVersions" : [ {
"group" : "org.springframework",
"artifact" : "spring-aop",
"language" : "java",
"affectedVersions" : [ {
"fixedVersion" : "1.0.0",
"initialVersion" : "2.0.0",
"endVersion" : "3.0.0",
"includeInitialVersion" : true,
"includeEndVersion" : true
} ]
} ]
}Example HTTP response
Response 200
{
"result" : "OK"
}Delete private vulnerability
DELETE /insights/custom/vulnerability/delete/{vulnerabilityCode}
Description
Delete a private vulnerability.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Path |
vulnerabilityCode |
Vulnerability Code |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successfully deleted private vulnerability |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json -
text/plain
Produces
-
application/json
Example HTTP request
Request path
/insights/custom/vulnerability/delete/CUSTOM-0001Example HTTP response
Response 200
{
"result" : "OK"
}Get list of private vulnerabilities
GET /insights/custom/vulnerability/list
Description
Get list of private vulnerabilities.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
affectedArtifactName |
Affected artifact name |
string |
Query |
affectedGroupName |
Affected group name |
string |
Query |
affectedLanguage |
Affected language |
string |
Query |
count |
The number of the elements per page |
integer |
Query |
page |
Page number of the request |
integer |
Query |
vulnerabilityCode |
Vulnerability code |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successfully get list of private vulnerabilities |
< PrivateVulnerabilityRestData > array |
400 |
Bad request |
No Content |
403 |
Access denied |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/insights/custom/vulnerability/list?affectedArtifactName=spring-core&affectedGroupName=org.springframework&affectedLanguage=java&count=50&page=1&vulnerabilityCode=MY-VULN-0001Example HTTP response
Response 200
[ {
"vulnerabilityCode" : "CUSTOM-0001",
"cwe" : "CWE-20",
"description" : "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.",
"severity" : "Low",
"v2vectorString" : "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"v2accessVector" : "Local ",
"v2accessComplexty" : "Low",
"v2authentication" : "None",
"v2confidentialityImpact" : "None",
"v2integrityImpact" : "None",
"v2availabilityImpact" : "None",
"v2baseScore" : 4.6,
"v2exploitabilityScore" : 8.5,
"v2impactScore" : 8.5,
"v3vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"v3attackVector" : "Network",
"v3attackComplexity" : "Low",
"v3privilegesRequired" : "Low",
"v3userInteraction" : "None",
"v3scope" : "Unchanged",
"v3confidentialityImpact" : "None",
"v3integrityImpact" : "None",
"v3availabilityImpact" : "None",
"v3baseScore" : 7.5,
"v3baseSeverity" : "Low",
"v3exploitabilityScore" : 3.9,
"v3impactScore" : 3.6,
"vulnerableArtifactVersions" : [ {
"group" : "org.springframework",
"artifact" : "spring-aop",
"language" : "java",
"affectedVersions" : [ {
"fixedVersion" : "1.0.0",
"initialVersion" : "2.0.0",
"endVersion" : "3.0.0",
"includeInitialVersion" : true,
"includeEndVersion" : true
} ]
} ]
},
...
...
...
{
"vulnerabilityCode" : "CUSTOM-0001",
"cwe" : "CWE-20",
"description" : "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.",
"severity" : "Low",
"v2vectorString" : "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"v2accessVector" : "Local ",
"v2accessComplexty" : "Low",
"v2authentication" : "None",
"v2confidentialityImpact" : "None",
"v2integrityImpact" : "None",
"v2availabilityImpact" : "None",
"v2baseScore" : 4.6,
"v2exploitabilityScore" : 8.5,
"v2impactScore" : 8.5,
"v3vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"v3attackVector" : "Network",
"v3attackComplexity" : "Low",
"v3privilegesRequired" : "Low",
"v3userInteraction" : "None",
"v3scope" : "Unchanged",
"v3confidentialityImpact" : "None",
"v3integrityImpact" : "None",
"v3availabilityImpact" : "None",
"v3baseScore" : 7.5,
"v3baseSeverity" : "Low",
"v3exploitabilityScore" : 3.9,
"v3impactScore" : 3.6,
"vulnerableArtifactVersions" : [ {
"group" : "org.springframework",
"artifact" : "spring-aop",
"language" : "java",
"affectedVersions" : [ {
"fixedVersion" : "1.0.0",
"initialVersion" : "2.0.0",
"endVersion" : "3.0.0",
"includeInitialVersion" : true,
"includeEndVersion" : true
} ]
} ]
} ]Update private vulnerability
PUT /insights/custom/vulnerability/update/{vulnerabilityCode}
Description
Updates a private vulnerability.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Path |
vulnerabilityCode |
Vulnerability Code |
string |
Body |
body |
the vulnerability to update |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successfully updated private vulnerability |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/insights/custom/vulnerability/update/CUSTOM-0001Request body
{
"vulnerabilityCode" : "CUSTOM-0001",
"cwe" : "CWE-20",
"description" : "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.",
"severity" : "Low",
"v2vectorString" : "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"v2accessVector" : "Local ",
"v2accessComplexty" : "Low",
"v2authentication" : "None",
"v2confidentialityImpact" : "None",
"v2integrityImpact" : "None",
"v2availabilityImpact" : "None",
"v2baseScore" : 4.6,
"v2exploitabilityScore" : 8.5,
"v2impactScore" : 8.5,
"v3vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"v3attackVector" : "Network",
"v3attackComplexity" : "Low",
"v3privilegesRequired" : "Low",
"v3userInteraction" : "None",
"v3scope" : "Unchanged",
"v3confidentialityImpact" : "None",
"v3integrityImpact" : "None",
"v3availabilityImpact" : "None",
"v3baseScore" : 7.5,
"v3baseSeverity" : "Low",
"v3exploitabilityScore" : 3.9,
"v3impactScore" : 3.6,
"vulnerableArtifactVersions" : [ {
"group" : "org.springframework",
"artifact" : "spring-aop",
"language" : "java",
"affectedVersions" : [ {
"fixedVersion" : "1.0.0",
"initialVersion" : "2.0.0",
"endVersion" : "3.0.0",
"includeInitialVersion" : true,
"includeEndVersion" : true
} ]
} ]
}Example HTTP response
Response 200
{
"result" : "OK"
}Languages
Get languages
GET /languages
Description
Obtains a map of languages specifying the language code and the language name
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successfully retrieval of languages map |
< string, string > map |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/languagesExample HTTP response
Response 200
"object"Management
Create application
POST /applications
Description
Creates a new application in your account.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Body |
body |
the application to create |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successfully created application |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/applicationsRequest body
{
"name" : "myApp",
"model" : "CQM",
"description" : "GitHub Android App",
"portfolios" : [ {
"portfolioName" : "country",
"portfolioValue" : "spain"
} ],
"targets" : {
"string" : 0.0
},
"newName" : "myNewApp",
"businessValue" : "CRITICAL",
"provider" : "Lab",
"modelId" : 1243,
"newModelId" : 1345,
"forceModel" : true,
"sourceCodeUpload" : true,
"audit" : "true"
}Example HTTP response
Response 200
{
"result" : "OK"
}Update application with query parameter
PUT /applications
Description
Modifies the information of an application in your account.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Body |
body |
the application to modify |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successfully modified application |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/applicationsRequest body
{
"name" : "myApp",
"model" : "CQM",
"description" : "GitHub Android App",
"portfolios" : [ {
"portfolioName" : "country",
"portfolioValue" : "spain"
} ],
"targets" : {
"string" : 0.0
},
"newName" : "myNewApp",
"businessValue" : "CRITICAL",
"provider" : "Lab",
"modelId" : 1243,
"newModelId" : 1345,
"forceModel" : true,
"sourceCodeUpload" : true,
"audit" : "true"
}Example HTTP response
Response 200
{
"result" : "OK"
}Delete application
DELETE /applications
Description
Deletes an application of your account.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
application |
Application name |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successfully deleted application |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/applications?application=myAppExample HTTP response
Response 200
{
"result" : "OK"
}Update application
PUT /applications/{application}
Description
Modifies the information of an application in your account.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Path |
application |
Application name |
string |
Body |
body |
the application to modify |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successfully updated application |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/applications/myAppRequest body
{
"name" : "myApp",
"model" : "CQM",
"description" : "GitHub Android App",
"portfolios" : [ {
"portfolioName" : "country",
"portfolioValue" : "spain"
} ],
"targets" : {
"string" : 0.0
},
"newName" : "myNewApp",
"businessValue" : "CRITICAL",
"provider" : "Lab",
"modelId" : 1243,
"newModelId" : 1345,
"forceModel" : true,
"sourceCodeUpload" : true,
"audit" : "true"
}Example HTTP response
Response 200
{
"result" : "OK"
}Get users roles for application
GET /applications/{application}/users/roles
Description
Get users roles for application. Use 'username' and 'exactUsername' to filter results.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Path |
application |
Application name |
string |
Query |
exactUsername |
Indicates if the username must be equals (ignore case). Only apply if username is provided |
boolean |
Query |
username |
'username' mask to filter results |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval users application roles |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/applications/myApp/users/roles?exactUsername=true&username=john.smith%40myCompany.comExample HTTP response
Response 200
{
"username" : "username",
"roleName" : "None",
"override" : true
}Portfolio
Create or update portfolio definitions
POST /portfolios
Description
Creates or update portfolio definitions for an account.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Body |
body |
Portfolio to be saved |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successfully created or updated portfolio definition |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/portfoliosRequest body
{
"name" : "provider",
"description" : "List of company providers",
"isSystemPortfolio" : true,
"values" : "["Lab", "Factory"]"
}Example HTTP response
Response 200
{
"result" : "OK"
}Get portfolio definitions
GET /portfolios
Description
Obtains the portfolio definitions of an account.
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of portfolio definitions list |
< PortfolioDefinitionData > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/portfoliosExample HTTP response
Response 200
[
{
"name": "businessValue",
"values": [
"CRITICAL",
"HIGH",
"MEDIUM",
"LOW",
"VERY LOW"
],
"isSystemPortfolio": true
},
...
...
...
{
"name": "provider",
"description": "List of company providers",
"values": [],
"isSystemPortfolio": true
}
]Get users roles by portfolio
GET /portfolios/{portfolio}/users/roles
Description
List the users roles for the portfolio. Use 'username', 'exactUsername', 'portfolioValue' and 'exactPortfolioValue' to filter results.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Path |
portfolio |
Portfolio name |
string |
Query |
exactPortfolioValue |
Indicates if the portfolioValue must be equals (ignore case). Only apply if portfolioValue is provided |
boolean |
Query |
exactUsername |
Indicates if the username must be equals (ignore case). Only apply if username is provided |
boolean |
Query |
portfolioValue |
'portfolioValue' mask to filter results |
string |
Query |
username |
'username' mask to filter results |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval portfolio users roles |
< UserPortfolioRoleData > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/portfolios/businessValue/users/roles?exactPortfolioValue=true&exactUsername=true&portfolioValue=high&username=usernameExample HTTP response
Response 200
[
{
"type": "SYSTEM",
"username": "username",
"portfolioValue": "HIGH",
"roleName": "Write"
},
...
...
...
{
"type": "SYSTEM",
"username": "username",
"portfolioValue": "VERY LOW",
"roleName": "Write"
}
]Get list of portfolio values by portfolio name
GET /portfolios/{portfolio}/values/list
Description
List all portfolio values asociated to portfolio name. This endpoint return an error code 15 if the portfolio name not exists, in other case, it return the list of portfolio values.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Path |
portfolio |
Portfolio name |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval list of portfolio value for this portfolio name |
< string > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/portfolios/businessValue/values/listExample HTTP response
Response 200
[
"string1"
...
...
...
...
"stringN"
]Get if portfolio and portfolio value exists
GET /portfolios/{portfolio}/{value}/exists
Description
Check if portfolio and portfolio value exists. This endpoint return an error code 15 if the portfolio name not exists and return true if exists the pair protfolio name and value and false if exists portfolio name but not exists the portfolio value for this portfolio name.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Path |
portfolio |
Portfolio name |
string |
Path |
value |
Portfolio value |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval if portfolio name and portfolio value exists |
boolean |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/portfolios/businessValue/high/existsExample HTTP response
Response 200
trueSecurity
Get permissions for an action
GET /security/permissions/{action}
Description
Returns grant information on the specified action for the authenticated user. Recognized actions: MUTE_DEFECTS, CHANGE_DEFECT_STATUS
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Path |
action |
Action name |
enum (MUTE_DEFECTS, CHANGE_DEFECT_STATUS) |
Query |
appId |
Application identifier |
string |
Query |
application |
Application name |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of grant information |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/security/permissions/MUTE_DEFECTS?appId=234&application=myAppExample HTTP response
Response 200
{
"actionCode" : "MUTE_DEFECTS",
"granted" : true
}User
Get applications roles by user
GET /user/{username}/applications/roles
Description
List the applications roles for the username. Use 'applicationName' and 'exactApplicationName' to filter results.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Path |
username |
User name |
string |
Query |
applicationName |
'applicationName' mask to filter results |
string |
Query |
exactApplicationName |
Indicates if the applicationName must be equals (ignore case). Only apply if applicationName is provided |
boolean |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval user applications roles |
< ApplicationRoleData > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/user/john.smith%40myCompany.com/applications/roles?applicationName=myApp&exactApplicationName=trueExample HTTP response
Response 200
[ {
"name" : "ApplicationInJapan",
"roleName" : "None",
"override" : true
},
...
...
...
{
"name" : "ApplicationInUS",
"roleName" : "Write",
"override" : true
} ]Get portfolios roles by user
GET /user/{username}/portfolios/roles
Description
List the portfolios roles for the username. Use 'portfolioName', 'exactPortfolioName', 'portfolioValue' and 'exactPortfolioValue' to filter results.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Path |
username |
User name |
string |
Query |
exactPortfolioName |
Indicates if the portfolioName must be equals (ignore case). Only apply if portfolioName is provided |
boolean |
Query |
exactPortfolioValue |
Indicates if the portfolioValue must be equals (ignore case). Only apply if portfolioValue is provided |
boolean |
Query |
portfolioName |
'portfolioName' mask to filter results |
string |
Query |
portfolioValue |
'portfolioValue' mask to filter results |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval user portfolios roles |
< PortfolioRoleData > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/user/john.smith%40myCompany.com/portfolios/roles?exactPortfolioName=true&exactPortfolioValue=true&portfolioName=businessValue&portfolioValue=highExample HTTP response
Response 200
[ {
"type" : "CUSTOM",
"portfolioName" : "Region",
"portfolioValue" : "Asia",
"roleName" : "Write"
},
...
...
...
{
"type" : "SYSTEM",
"portfolioName" : "businessValue",
"portfolioValue" : "HIGH",
"roleName" : "Write"
} ]Create user
POST /users
Description
Creates a new user in your account.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Body |
body |
the user to create |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successfully created user |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/usersRequest body
{
"username" : "john.smith@myCompany.com",
"firstName" : "John",
"lastName" : "Smith",
"enabled" : true,
"email" : "john.smith@myCompany.com",
"generatePassword" : true,
"regeneratePassword" : false,
"enableLoginWithPassword" : true,
"accessControlConfiguration" : {
"assignmentMode" : "OVERWRITE",
"overrideUserGroupConfig" : true,
"managementFeatures" : "["MANAGE_APPLICATIONS","MANAGE_MODELS","VIEW_LIFE_CYCLE"]",
"portfolioRoles" : [ {
"type" : "CUSTOM",
"portfolioName" : "Region",
"portfolioValue" : "Asia",
"roleName" : "Write"
} ],
"applicationRoles" : [ {
"name" : "ApplicationInJapan",
"roleName" : "None",
"override" : true
} ],
"businessValueRoles" : [ {
"type" : "SYSTEM",
"portfolioValue" : "CRITICAL",
"roleName" : "Readonly"
} ],
"providerRoles" : [ {
"type" : "SYSTEM",
"portfolioValue" : "Provider1",
"roleName" : "Write"
} ]
}
}Example HTTP response
Response 200
{
"result" : "OK"
}Get list of users
GET /users
Description
List the users of your account. Use 'username' and 'emailAddress' (logical AND) to filter results.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
emailAddress |
'emailAddress' mask to filter results |
string |
Query |
exactUsername |
Indicates if the username must be equals (ignore case). Only apply if username is provided |
boolean |
Query |
username |
'username' mask to filter results |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of users list |
< UserDetailResponse > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/users?emailAddress=john.smith%40myCompany.com&exactUsername=true&username=john.smith%40myCompany.comExample HTTP response
Response 200
[ {
"username" : "john.smith@myCompany.com",
"firstName" : "John",
"lastName" : "Smith",
"enabled" : true,
"email" : "john.smith@myCompany.com",
"isOwner" : false,
"enableLoginWithPassword" : true
},
...
...
...
{
"username" : "kiuwan.admin@myCompany.com",
"firstName" : "kiuwan",
"lastName" : "admin",
"enabled" : true,
"email" : "kiuwan.admin@myCompany.com",
"isOwner" : false,
"enableLoginWithPassword" : true
} ]Get list of users and application permissions
GET /users/applications/permissions
Description
List the users of your account with their application permissions. Use 'username' and 'emailAddress' and 'applicationName' (logical AND) to filter results.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Query |
applicationName |
'applicationName' mask to filter results |
string |
Query |
emailAddress |
'emailAddress' mask to filter results |
string |
Query |
exactApplicationName |
Indicates if the applicationName must be equals (ignore case). Only apply if applicationName is provided |
boolean |
Query |
exactUsername |
Indicates if the username must be equals (ignore case). Only apply if username is provided |
boolean |
Query |
username |
'username' mask to filter results |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of users list with their application permissions |
< UserAppsPermissionsResponse > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/users/applications/permissions?applicationName=myApp&emailAddress=john.smith%40myCompany.com&exactApplicationName=true&exactUsername=true&username=john.smith%40myCompany.comExample HTTP response
Response 200
[ {
"username" : "john.smith@myCompany.com",
"email" : "john.smith@myCompany.com",
"firstName" : "John",
"lastName" : "Smith",
"managementFeatures" : ["MANAGE_APPLICATIONS","MANAGE_MODELS"],
"enabled" : true,
"supportEnabled" : true,
"overrideUserGroup" : true,
"manageApplications" : true,
"manageUsers" : true,
"manageModels" : true,
"manageAudits" : true,
"manageReports" : true,
"applicationPermissionsData" : [ {
"applicationName" : "myApp",
"roleName" : "None",
"override" : true,
"deleteActionPlans" : true,
"deleteAnalysis" : true,
"deleteDeliveries" : true,
"executeAnalysis" : true,
"executeDeliveries" : true,
"exportActionPlansJira" : true,
"muteDefects" : true,
"changeDefectStatus" : true,
"saveActionPlans" : true,
"viewApplicationData" : true,
"viewDeliveries" : true
} ]
},
...
...
...
{
"username" : "kiuwan.admin@myCompany.com",
"email" : "kiuwan.admin@myCompany.com",
"firstName" : "kiuwan",
"lastName" : "admin",
"managementFeatures" : ["MANAGE_APPLICATIONS","MANAGE_MODELS"],
"enabled" : true,
"supportEnabled" : true,
"overrideUserGroup" : true,
"manageApplications" : true,
"manageUsers" : true,
"manageModels" : true,
"manageAudits" : true,
"manageReports" : true,
"applicationPermissionsData" : [ {
"applicationName" : "myApp",
"roleName" : "None",
"override" : true,
"deleteActionPlans" : true,
"deleteAnalysis" : true,
"deleteDeliveries" : true,
"executeAnalysis" : true,
"executeDeliveries" : true,
"exportActionPlansJira" : true,
"muteDefects" : true,
"changeDefectStatus" : true,
"saveActionPlans" : true,
"viewApplicationData" : true,
"viewDeliveries" : true
} ]
} ]Update user
PUT /users/{username}
Description
Modifies the information of an user in your account.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Path |
username |
User name |
string |
Body |
body |
the user to update |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successfully updated user |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/users/john.smith%40myCompany.comRequest body
{
"username" : "john.smith@myCompany.com",
"firstName" : "John",
"lastName" : "Smith",
"enabled" : true,
"email" : "john.smith@myCompany.com",
"generatePassword" : true,
"regeneratePassword" : false,
"enableLoginWithPassword" : true,
"accessControlConfiguration" : {
"assignmentMode" : "OVERWRITE",
"overrideUserGroupConfig" : true,
"managementFeatures" : "["MANAGE_APPLICATIONS","MANAGE_MODELS","VIEW_LIFE_CYCLE"]",
"portfolioRoles" : [ {
"type" : "CUSTOM",
"portfolioName" : "Region",
"portfolioValue" : "Asia",
"roleName" : "Write"
} ],
"applicationRoles" : [ {
"name" : "ApplicationInJapan",
"roleName" : "None",
"override" : true
} ],
"businessValueRoles" : [ {
"type" : "SYSTEM",
"portfolioValue" : "CRITICAL",
"roleName" : "Readonly"
} ],
"providerRoles" : [ {
"type" : "SYSTEM",
"portfolioValue" : "Provider1",
"roleName" : "Write"
} ]
}
}Example HTTP response
Response 200
{
"result" : "OK"
}Delete user
DELETE /users/{username}
Description
Delete a user of your account.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Path |
username |
User name |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successfully deleted user |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json -
text/plain
Produces
-
application/json
Example HTTP request
Request path
/users/john.smith%40myCompany.comExample HTTP response
Response 200
{
"result" : "OK"
}UserGroup
Create user group
POST /userGroups
Description
Creates a new user group in your account.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Body |
body |
The user group to create |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successfully created an user group |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/userGroupsRequest body
{
"name" : "CMSDevelopers",
"newName" : "CMS_Developers",
"users" : "john.smith@myCompany.com, kelly.smith@myCompany.com",
"accessControlConfiguration" : {
"assignmentMode" : "OVERWRITE",
"overrideUserGroupConfig" : true,
"managementFeatures" : "["MANAGE_APPLICATIONS","MANAGE_MODELS","VIEW_LIFE_CYCLE"]",
"portfolioRoles" : [ {
"type" : "CUSTOM",
"portfolioName" : "Region",
"portfolioValue" : "Asia",
"roleName" : "Write"
} ],
"applicationRoles" : [ {
"name" : "ApplicationInJapan",
"roleName" : "None",
"override" : true
} ],
"businessValueRoles" : [ {
"type" : "SYSTEM",
"portfolioValue" : "CRITICAL",
"roleName" : "Readonly"
} ],
"providerRoles" : [ {
"type" : "SYSTEM",
"portfolioValue" : "Provider1",
"roleName" : "Write"
} ]
}
}Example HTTP response
Response 200
{
"result" : "OK"
}Get list of user groups
GET /userGroups
Description
List the user groups of your account.
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successful retrieval of user groups list |
< UserGroupResponse > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/userGroupsExample HTTP response
Response 200
[ {
"name" : "CMSDevelopers",
"users" : "john.smith@myCompany.com, kelly.smith@myCompany.com"
},
...
...
...
{
"name" : "newCMSDevelopers",
"users" : "john.smith@myCompany.com"
} ]Update user group
PUT /userGroups/{name}
Description
Modifies the information of an user group in your account.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Path |
name |
User group name |
string |
Body |
body |
The user group to modify |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successfully modified an user group |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/userGroups/CMSDevelopersRequest body
{
"name" : "CMSDevelopers",
"newName" : "CMS_Developers",
"users" : "john.smith@myCompany.com, kelly.smith@myCompany.com",
"accessControlConfiguration" : {
"assignmentMode" : "OVERWRITE",
"overrideUserGroupConfig" : true,
"managementFeatures" : "["MANAGE_APPLICATIONS","MANAGE_MODELS","VIEW_LIFE_CYCLE"]",
"portfolioRoles" : [ {
"type" : "CUSTOM",
"portfolioName" : "Region",
"portfolioValue" : "Asia",
"roleName" : "Write"
} ],
"applicationRoles" : [ {
"name" : "ApplicationInJapan",
"roleName" : "None",
"override" : true
} ],
"businessValueRoles" : [ {
"type" : "SYSTEM",
"portfolioValue" : "CRITICAL",
"roleName" : "Readonly"
} ],
"providerRoles" : [ {
"type" : "SYSTEM",
"portfolioValue" : "Provider1",
"roleName" : "Write"
} ]
}
}Example HTTP response
Response 200
{
"result" : "OK"
}Delete user group
DELETE /userGroups/{name}
Description
Deletes a user group of your account.
Parameters
| Type | Name | Description | Model |
|---|---|---|---|
Path |
name |
User group name |
string |
Responses
| HTTP Code | Description | Model |
|---|---|---|
200 |
Successfully deleted an user group |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json -
text/plain
Produces
-
application/json
Example HTTP request
Request path
/userGroups/CMSDevelopersExample HTTP response
Response 200
{
"result" : "OK"
}Model
AccessControlConfigurationData
Data object to configure user Access Control
| Name | Description | Model |
|---|---|---|
applicationRoles |
Application roles list |
< ApplicationRoleData > array |
assignmentMode |
Indicates how to update the permissions. Can be ADD, DELETE or OVERWRITE. |
enum (ADD, DELETE, OVERWRITE) |
businessValueRoles |
Business value portofolio roles list |
< BusinessValuePortfolioRoleData > array |
managementFeatures |
Management features to enable/disable. Allowed values are { MANAGE_APPLICATIONS | MANAGE_ALL_USERS | MANAGE_MODELS | MANAGE_AUDITS | MANAGE_REPORTS | VIEW_GOVERNANCE | VIEW_CODE_ANALYSIS | VIEW_CODE_SECURITY | VIEW_INSIGHTS | VIEW_LIFE_CYCLE } |
< string > array |
overrideUserGroupConfig |
Indicates if override user group config or not |
boolean |
portfolioRoles |
Portfolio roles list |
< PortfolioRoleData > array |
providerRoles |
Provider portfolio roles list |
< ProviderPortfolioRoleData > array |
ActionPlanDefectsResponse
Response object for action plan defects
| Name | Description | Model |
|---|---|---|
allDefects |
List of action plan defects |
< DefectDetailResponse > array |
assignedTo |
User assigned to this action plan |
string |
createdBy |
User action plan creator |
string |
creation |
Creation time |
string |
description |
Action plan Description |
string |
estimate |
Total effort estimated time |
string |
expiration |
Expiration time |
string |
name |
Action plan name |
string |
pendingEffort |
Pending effort estimated time |
string |
progress |
Action plan progress |
number (double) |
purged |
Indicates if the action plan is purged |
boolean |
ActionPlanDetailResponse
Response object for action plan details
| Name | Description | Model |
|---|---|---|
assignedTo |
User assigned to this action plan |
string |
createdBy |
User action plan creator |
string |
creation |
Creation time |
string |
description |
Action plan Description |
string |
estimate |
Total effort estimated time |
string |
expiration |
Expiration time |
string |
name |
Action plan name |
string |
pendingEffort |
Pending effort estimated time |
string |
progress |
Action plan progress |
number (double) |
purged |
Indicates if the action plan is purged |
boolean |
ActionPlanPendingDefectsResponse
Response object for action plan pending defects
| Name | Description | Model |
|---|---|---|
assignedTo |
User assigned to this action plan |
string |
createdBy |
User action plan creator |
string |
creation |
Creation time |
string |
description |
Action plan Description |
string |
estimate |
Total effort estimated time |
string |
expiration |
Expiration time |
string |
name |
Action plan name |
string |
pendingDefects |
List of action plan pending defects |
< DefectDetailResponse > array |
pendingEffort |
Pending effort estimated time |
string |
progress |
Action plan progress |
number (double) |
purged |
Indicates if the action plan is purged |
boolean |
ActionPlanProgressResponse
Response object for action plan in progress
| Name | Description | Model |
|---|---|---|
assignedTo |
User assigned to this action plan |
string |
createdBy |
User action plan creator |
string |
creation |
Creation time |
string |
description |
Action plan Description |
string |
effortToTargetAfter |
Effort to target after action plan |
number (double) |
effortToTargetBefore |
Effort to target before action plan |
number (double) |
estimate |
Total effort estimated time |
string |
expiration |
Expiration time |
string |
globalIndicatorAfter |
Global indicator after action plan |
number (double) |
globalIndicatorBefore |
Global indicator before action plan |
number (double) |
metrics |
Map of action plan metrics |
< string, number (double) > map |
name |
Action plan name |
string |
pendingEffort |
Pending effort estimated time |
string |
progress |
Action plan progress |
number (double) |
purged |
Indicates if the action plan is purged |
boolean |
qualityIndicatorsAfter |
Map of quality indicators after action plan |
< string, number (double) > map |
qualityIndicatorsBefore |
Map of quality indicators before action plan |
< string, number (double) > map |
riskIndexAfter |
Risk index after action plan |
number (double) |
riskIndexBefore |
Risk index before action plan |
number (double) |
ActionPlanRemovedDefectsResponse
Response object for action plan removed defects
| Name | Description | Model |
|---|---|---|
assignedTo |
User assigned to this action plan |
string |
createdBy |
User action plan creator |
string |
creation |
Creation time |
string |
description |
Action plan Description |
string |
estimate |
Total effort estimated time |
string |
expiration |
Expiration time |
string |
name |
Action plan name |
string |
pendingEffort |
Pending effort estimated time |
string |
progress |
Action plan progress |
number (double) |
purged |
Indicates if the action plan is purged |
boolean |
removedDefects |
List of action plan removed defects |
< DefectDetailResponse > array |
ActivitiesResponse
| Name | Description | Model |
|---|---|---|
action |
Activity action |
string |
affectedItems |
Affected elements by the activity |
< AffectedItemData > array |
date |
Activity date |
string |
description |
Activity description |
string |
elementType |
Activity type |
string |
user |
User which did the activity |
string |
ActivityResponse
| Name | Description | Model |
|---|---|---|
activity |
Activities list |
< ActivitiesResponse > array |
itemsPerPage |
Items per page |
integer (int32) |
startIndex |
Start index |
integer (int32) |
totalResults |
Total results |
integer (int32) |
AffectedItemData
| Name | Description | Model |
|---|---|---|
oldValue |
Affected item old value |
string |
type |
Affected item type |
string |
value |
Affected item value |
string |
AffectedVersionsData
Data object for Affected Versions
| Name | Description | Model |
|---|---|---|
endVersion |
If affected versions is a range of versions this is the end version. If this field is not provided and the affected versions is a range then all versions geather than inital versions will be considered affected |
string |
fixedVersion |
If affected version is a fixed version. One of these two fields 'fixedVersion' or 'initialVersion' is required |
string |
includeEndVersion |
If end version is included or not |
boolean |
includeInitialVersion |
If initial version is included or not |
boolean |
initialVersion |
If affected versions is a range of versions this is the initial version. One of these two fields 'fixedVersion' or 'initialVersion' is required |
string |
AnalysisDefectsResponse
Response object for Analysis Defects
| Name | Description | Model |
|---|---|---|
Effort to target |
Effort to target metric |
|
Main metrics |
Main metrics list |
< MetricValueData > array |
Quality indicator |
Quality indicator metric |
|
Risk index |
Risk index metric |
|
Security |
Map of security metrics |
< string, object > map |
activeDefects_count |
Active defects count |
integer (int32) |
analysisBusinessValue |
Analysis business value |
enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL) |
analysisCode |
Analysis code |
string |
analysisPortfolios |
Map of analysis portfolios |
< string, string > map |
analysisProvider |
Analysis provider |
string |
analysisStatus |
Analysis status |
enum (EXECUTING, FINISHED, FINISHED_WITH_ERROR) |
analysisURL |
Kiuwan link to view the analysis detail |
string |
applicationBusinessValue |
Application business value |
enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL) |
applicationPortfolios |
Map of application portfolios |
< string, string > map |
applicationProvider |
Application provider |
string |
architecture |
Architecture detail |
|
auditName |
Application audit name |
string |
auditResultURL |
Kiuwan link to view the audit result of the analisys |
string |
count |
Number of defects in this response |
integer (int32) |
creationDate |
Date of initial analysis |
string |
date |
Analysis creation date |
string |
defects |
Defects detail list |
< DefectDetailResponse > array |
defects_count |
Defects count |
integer (int32) |
description |
Application description |
string |
encoding |
Analysis encoding |
string |
insightsData |
Insights metadata |
|
label |
Analysis label |
string |
languages |
Languages metric list |
< MetricValueData > array |
lastSuccessfulBaseline |
last Baseline Analysis Summary |
|
lastSuccessfulDelivery |
last successful delivery |
|
modelId |
Analysis model identifier |
integer (int64) |
name |
Application name |
string |
ordered_by |
Analysis user invoker |
string |
page |
Page number |
integer (int32) |
quality_model |
Application quality model name |
string |
supressedDefects_count |
Supressed defects count |
integer (int32) |
unparsedFiles |
Unparsed Files |
< UnparsedFileData > array |
AnalysisFilesResponse
Response object for Analysis Files
| Name | Description | Model |
|---|---|---|
Effort to target |
Effort to target metric |
|
Main metrics |
Main metrics list |
< MetricValueData > array |
Quality indicator |
Quality indicator metric |
|
Risk index |
Risk index metric |
|
Security |
Map of security metrics |
< string, object > map |
analysisBusinessValue |
Analysis business value |
enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL) |
analysisCode |
Analysis code |
string |
analysisPortfolios |
Map of analysis portfolios |
< string, string > map |
analysisProvider |
Analysis provider |
string |
analysisStatus |
Analysis status |
enum (EXECUTING, FINISHED, FINISHED_WITH_ERROR) |
analysisURL |
Kiuwan link to view the analysis detail |
string |
applicationBusinessValue |
Application business value |
enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL) |
applicationPortfolios |
Map of application portfolios |
< string, string > map |
applicationProvider |
Application provider |
string |
architecture |
Architecture detail |
|
auditName |
Application audit name |
string |
auditResultURL |
Kiuwan link to view the audit result of the analisys |
string |
count |
Number of files in this response |
integer (int32) |
creationDate |
Date of initial analysis |
string |
date |
Analysis creation date |
string |
description |
Application description |
string |
encoding |
Analysis encoding |
string |
files |
Files list |
< FileData > array |
files_count |
Number of files |
integer (int32) |
insightsData |
Insights metadata |
|
label |
Analysis label |
string |
languages |
Languages metric list |
< MetricValueData > array |
lastSuccessfulBaseline |
last Baseline Analysis Summary |
|
lastSuccessfulDelivery |
last successful delivery |
|
modelId |
Analysis model identifier |
integer (int64) |
name |
Application name |
string |
ordered_by |
Analysis user invoker |
string |
page |
Page number |
integer (int32) |
quality_model |
Application quality model name |
string |
unparsedFiles |
Unparsed Files |
< UnparsedFileData > array |
AnalysisResponse
Response object for Analysis
| Name | Description | Model |
|---|---|---|
analysisBusinessValue |
Analysis business value |
enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL) |
analysisPortfolios |
Map of analysis portfolios |
< string, object > map |
analysisProvider |
Analysis provider |
string |
analysisScope |
Analysis scope |
enum (Baseline, Complete delivery, Partial delivery) |
auditResult |
Delivery audit result |
string |
branchName |
Delivery branch name |
string |
changeRequest |
Delivery change request |
string |
changeRequestStatus |
Change request status |
enum (Resolved, In progress) |
code |
Analysis code |
string |
creationDate |
Analysis creation date |
string |
encoding |
Analysis enconding |
string |
errorCode |
Analysis error code |
string |
invoker |
Analysis user invoker |
string |
label |
Analysis label |
string |
metrics |
Map of analysis metrics |
< string, number (double) > map |
modelId |
Model indentifier |
string |
qualityModel |
Quality model |
string |
status |
Analysis status |
enum (INQUEUE, FAIL, SUCCESS, RUNNING) |
unparsedFiles |
Unparsed files list |
< UnparsedFileData > array |
AnalysisResultResponse
Response object for Analysis Result
| Name | Description | Model |
|---|---|---|
Effort to target |
Effort to target metric |
|
Main metrics |
Main metrics list |
< MetricValueData > array |
Quality indicator |
Quality indicator metric |
|
Risk index |
Risk index metric |
|
Security |
Map of security metrics |
< string, object > map |
analysisBusinessValue |
Analysis business value |
enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL) |
analysisCode |
Analysis code |
string |
analysisPortfolios |
Map of analysis portfolios |
< string, string > map |
analysisProvider |
Analysis provider |
string |
analysisScope |
Analysis scope |
enum (Baseline, Complete delivery, Partial delivery) |
analysisStatus |
Analysis status |
enum (EXECUTING, FINISHED, FINISHED_WITH_ERROR) |
analysisURL |
Kiuwan link to view the analysis detail |
string |
applicationBusinessValue |
Application business value |
enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL) |
applicationPortfolios |
Map of application portfolios |
< string, string > map |
applicationProvider |
Application provider |
string |
architecture |
Architecture detail |
|
auditName |
Application audit name |
string |
auditResult |
Delivery audit result detail |
|
auditResultURL |
Kiuwan link to view the audit result of the analisys |
string |
baselineAnalysisCode |
Baseline analysis code |
string |
branchName |
Delivery branch name |
string |
changeRequest |
Delivery change request |
string |
changeRequestStatus |
Delivery change request status |
enum (Resolved, In progress) |
creationDate |
Date of initial analysis |
string |
date |
Analysis creation date |
string |
deliveryDefects |
Delivery defects |
|
deliveryFiles |
Delivery files detail |
|
description |
Application description |
string |
encoding |
Analysis encoding |
string |
insightsData |
Insights metadata |
|
label |
Analysis label |
string |
languages |
Languages metric list |
< MetricValueData > array |
lastSuccessfulBaseline |
last Baseline Analysis Summary |
|
lastSuccessfulDelivery |
last successful delivery |
|
modelId |
Analysis model identifier |
integer (int64) |
name |
Application name |
string |
ordered_by |
Analysis user invoker |
string |
quality_model |
Application quality model name |
string |
unparsedFiles |
Unparsed files |
< UnparsedFileData > array |
AnalysisSearchResponse
Response object for Analysis Search
| Name | Description | Model |
|---|---|---|
analysisBusinessValue |
Analysis business value |
string |
analysisPortfolios |
Map of analysis portfolios |
< string, object > map |
analysisProvider |
Analysis provider |
string |
analysisScope |
Analysis scope |
string |
applicationName |
Application name of this analysis |
string |
auditResult |
Delivery audit result |
string |
branchName |
Delivery branch name |
string |
changeRequest |
Delivery change request |
string |
changeRequestStatus |
Change request status |
string |
code |
Analysis code |
string |
creationDate |
Analysis creation date |
string |
encoding |
Analysis enconding |
string |
errorCode |
Analysis error code |
string |
invoker |
Analysis user invoker |
string |
label |
Analysis label |
string |
metrics |
Map of analysis metrics |
< string, object > map |
modelId |
Model indentifier |
string |
qualityModel |
Quality model |
string |
status |
Analysis status |
string |
unparsedFiles |
Unparsed files list |
< UnparsedFileData > array |
ApplicationAnalysisResponse
Response object for Application and Analysis details
| Name | Description | Model |
|---|---|---|
Effort to target |
Effort to target metric |
|
Main metrics |
Main metrics list |
< MetricValueData > array |
Quality indicator |
Quality indicator metric |
|
Risk index |
Risk index metric |
|
Security |
Map of security metrics |
< string, object > map |
analysisBusinessValue |
Analysis business value |
enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL) |
analysisCode |
Analysis code |
string |
analysisPortfolios |
Map of analysis portfolios |
< string, string > map |
analysisProvider |
Analysis provider |
string |
analysisStatus |
Analysis status |
enum (EXECUTING, FINISHED, FINISHED_WITH_ERROR) |
analysisURL |
Kiuwan link to view the analysis detail |
string |
applicationBusinessValue |
Application business value |
enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL) |
applicationPortfolios |
Map of application portfolios |
< string, string > map |
applicationProvider |
Application provider |
string |
architecture |
Architecture detail |
|
auditName |
Application audit name |
string |
auditResultURL |
Kiuwan link to view the audit result of the analisys |
string |
creationDate |
Date of initial analysis |
string |
date |
Analysis creation date |
string |
description |
Application description |
string |
encoding |
Analysis encoding |
string |
insightsData |
Insights metadata |
|
label |
Analysis label |
string |
languages |
Languages metric list |
< MetricValueData > array |
lastSuccessfulBaseline |
last Baseline Analysis Summary |
|
lastSuccessfulDelivery |
last successful delivery |
|
modelId |
Analysis model identifier |
integer (int64) |
name |
Application name |
string |
ordered_by |
Analysis user invoker |
string |
quality_model |
Application quality model name |
string |
unparsedFiles |
Unparsed Files |
< UnparsedFileData > array |
ApplicationManagementRequest
Request object for Application Management
| Name | Description | Model |
|---|---|---|
audit |
Audit |
string |
businessValue |
Application business value |
enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL) |
description |
Application description |
string |
forceModel |
Force model |
boolean |
model |
Application model name |
string |
modelId |
Application model identifier |
integer (int64) |
name |
Application name |
string |
newModelId |
New model identifier |
integer (int64) |
newName |
New application name |
string |
portfolios |
Application portfolios list |
< PortfolioData > array |
provider |
Application provider |
string |
sourceCodeUpload |
Source code upload |
boolean |
targets |
Application targets map |
< string, number (double) > map |
ApplicationPermissionsData
Response object for Application Permissions
| Name | Description | Model |
|---|---|---|
applicationName |
Application name |
string |
changeDefectStatus |
If the user can change the status of a defect in this application |
boolean |
deleteActionPlans |
If the user can delete action plan for this application |
boolean |
deleteAnalysis |
If the user can delete analysis for this application |
boolean |
deleteDeliveries |
If the user can delete deliveries for this application |
boolean |
executeAnalysis |
If the user can execute analysis for this application |
boolean |
executeDeliveries |
If the user can execute deliveries plan for this application |
boolean |
exportActionPlansJira |
If the user can export action plan to JIRA for this application |
boolean |
muteDefects |
If the user can mute defects for this application |
boolean |
override |
Indicates if override the configuration or not |
boolean |
roleName |
Name of the role assigned to user |
string |
saveActionPlans |
If the user can save action plan for this application |
boolean |
viewApplicationData |
If the user can see application data for this application |
boolean |
viewDeliveries |
If the user can see deliveries for this application |
boolean |
ApplicationResponse
Response object for Application
| Name | Description | Model |
|---|---|---|
applicationBusinessValue |
Application business value |
enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL) |
applicationPortfolios |
Map of application portfolios |
< string, string > map |
applicationProvider |
Application provider |
string |
auditName |
Application audit name |
string |
creationDate |
Date of initial analysis |
string |
description |
Application description |
string |
lastSuccessfulBaseline |
last Baseline Analysis Summary |
|
lastSuccessfulDelivery |
last successful delivery |
|
name |
Application name |
string |
quality_model |
Application quality model name |
string |
ApplicationRoleData
Data object for Application Role
| Name | Description | Model |
|---|---|---|
name |
Application name |
string |
override |
Indicates if override the configuration or not |
boolean |
roleName |
Name of the role to assign |
string |
ApplicationsComponentsResponse
| Name | Description | Model |
|---|---|---|
application |
Application detail |
|
component |
Component detail |
ArtifactLicensesData
Data object for Artifact Licenses
| Name | Description | Model |
|---|---|---|
artifact |
Artifact name |
string |
group |
Artifact Group |
string |
language |
Artifact Language |
string |
spdxids |
List of Spdxids of licenses to associate with the artifact |
< string > array |
version |
Artifact version |
string |
AuditAnalysisResultResponse
Response object for Audit Analysis Result
| Name | Description | Model |
|---|---|---|
approvalThreshold |
Audit approval threshold |
number (double) |
auditName |
Audit name |
string |
checkpointResults |
List of checkpoint results |
< CheckpointResultData > array |
description |
Audit description |
string |
overallResult |
Audit overall result |
enum (OK, FAIL) |
score |
Score |
number (double) |
AuditResultResponse
Response object for Audit Result
| Name | Description | Model |
|---|---|---|
analysisCode |
Analysis code |
string |
creationTimestamp |
Audit creation time |
string |
label |
Audit label |
string |
metrics |
Audit metrics |
< string, number (double) > map |
passAudit |
Indicates if the audit has been passed |
boolean |
AuthorizationResponse
Response object for Authorization
| Name | Description | Model |
|---|---|---|
actionCode |
The action code |
string |
granted |
Indicates if the action is granted or not |
boolean |
BusinessValuePortfolioRoleData
Data object for a business value portfolio and role to assign
| Name | Description | Model |
|---|---|---|
portfolioValue |
Portfolio value |
string |
roleName |
Name of the role to assign |
string |
type |
Portfolio type |
enum (SYSTEM) |
CheckpointResultData
Data object for Checkpoint Result
| Name | Description | Model |
|---|---|---|
checkpoint |
Checkpoint |
string |
description |
Checkpont decription |
string |
mandatory |
Indicates if the checkpoint is mandatory or not |
boolean |
name |
Checkpoint name |
string |
result |
Checkpoint result |
enum (OK, FAIL) |
score |
Checkpoint score |
number (double) |
type |
Checkpoint type |
string |
violatedRules |
List of violated rules |
< ViolatedRuleResponse > array |
weight |
Weight |
integer (int32) |
ComponentDetailResponse
Response object for Component Details
| Name | Description | Model |
|---|---|---|
analyzed |
Analyzed |
boolean |
artifacts |
Artifacts list |
< object > array |
ccn |
Cyclomatic complexity number |
number (double) |
dn |
Name identifier description |
string |
dupCode |
Duplicated code |
number (double) |
effort |
Effort value |
number (double) |
groupedCount |
Grouped count |
integer (int32) |
grouptags |
Map of group tags |
< string, string > map |
id |
Identifier |
integer (int64) |
language |
Language |
string |
loc |
Lines of code |
number (double) |
name |
Component name |
string |
other |
Map of additional properties |
< string, object > map |
quality |
Quality indicator value |
number (double) |
tags |
Component Tags |
< object > array |
type |
Component type |
string |
ComponentSimpleRestData
Data object for Component’s basic details
| Name | Description | Model |
|---|---|---|
artifact |
Artifact name |
string |
custom |
If the component is custom or not |
boolean |
description |
Artifact description |
string |
id |
Component identifier |
integer (int64) |
version |
Artifact version |
string |
CustomComponentRestData
Data object for Custom Component
| Name | Description | Model |
|---|---|---|
artifact |
Artifact name |
string |
custom |
Confirm that current component is custom (true value) or may be public (false value) |
boolean |
date |
Component date |
string |
description |
Component description |
string |
group |
Artifact Group |
string |
language |
Artifact Language |
string |
showPublicLicenses |
If you want show licenses found by Kiuwan |
boolean |
showPublicVulnerabilities |
When custom is true if you want show public vulnerabilities found by Kiuwan |
boolean |
version |
Artifact version |
string |
CustomComponentSimpleRestData
Data object for Custom Component’s basic details
| Name | Description | Model |
|---|---|---|
artifact |
Artifact name |
string |
group |
Artifact Group |
string |
language |
Artifact Technology |
string |
version |
Artifact version |
string |
DatapathData
Data object for Datapath
| Name | Description | Model |
|---|---|---|
container |
Container |
string |
file |
Datapath file |
string |
index |
Datapath index |
integer (int32) |
indirect |
If is a indirect datapath |
boolean |
kind |
Datapath kind |
enum (assign, call, other, sink, source) |
lineNumber |
Line number |
integer (int32) |
lineText |
Line text |
string |
localId |
Local id for this vulnerability |
integer (int32) |
localParentId |
Parent id of this datapath |
integer (int32) |
varname |
Datapath tainted variable name |
string |
DefectDetailResponse
Response object for Defect Details
| Name | Description | Model |
|---|---|---|
characteristic |
Characteristic |
enum (Efficiency, Maintainability, Portability, Reliability, Security) |
code |
Code |
string |
cweId |
CWE identifier |
integer (int32) |
defectId |
Defect identifier |
integer (int64) |
effort |
Effort |
string |
explanation |
Defect explanation |
string |
file |
Defect file |
string |
language |
Technology (List of supported technologies in https://www.kiuwan.com/docs/display/K5/Kiuwan+Supported+Technologies) |
string |
line |
Defect line |
integer (int32) |
modelId |
Model identifier |
integer (int64) |
muted |
Indicates if the defect is muted |
boolean |
priority |
Priority |
enum (Very Low, Low, Normal, High, Very High) |
rule |
Broken rule |
string |
ruleCode |
Rule code |
string |
securityDetail |
Security detail |
|
status |
Defect status |
enum (None, To review, Reviewed) |
vulnerabilityType |
Vulnerability type (More info in https://www.kiuwan.com/docs/display/K5/Kiuwan+Vulnerability+Types) |
string |
DefectLineResponse
Response object for Defect Line
| Name | Description | Model |
|---|---|---|
code |
Defect code |
string |
line |
Defect line |
integer (int32) |
muted |
Indicates if the defect is muted |
boolean |
DefectNoteResponse
Response object for Defect Note
| Name | Description | Model |
|---|---|---|
date |
Note date |
string |
text |
Note description |
string |
user |
User name |
string |
DefectsDeltaDetailResponse
Response object for Defects Delta Detail
| Name | Description | Model |
|---|---|---|
Main analysis code |
Main analysis code |
string |
New defects |
New defects |
< DefectDetailResponse > array |
New defects count |
New defects count |
integer (int32) |
New violated rules count |
New violated rules count |
integer (int32) |
Previous analysis code |
Previous analysis code |
string |
Removed defects |
Removed defects |
< DefectDetailResponse > array |
Removed defects count |
Removed defects count |
integer (int32) |
Removed violated rules count |
Removed violated rules count |
integer (int32) |
count |
Number of defects in this response |
integer (int32) |
page |
Page number |
integer (int32) |
DefectsDeltaResponse
Response object for Defects Delta
| Name | Description | Model |
|---|---|---|
Main analysis code |
Main analysis code |
string |
New defects count |
New defects count |
integer (int32) |
New violated rules count |
New violated rules count |
integer (int32) |
Previous analysis code |
Previous analysis code |
string |
Removed defects count |
Removed defects count |
integer (int32) |
Removed violated rules count |
Removed violated rules count |
integer (int32) |
DefectsKeptInCommonDetailResponse
Response object for Defects kept in common
| Name | Description | Model |
|---|---|---|
atAnalysisCode |
at analysis code |
string |
count |
Number of defects in this response |
integer (int32) |
defects |
defects |
< DefectDetailResponse > array |
page |
Page number |
integer (int32) |
ruleTags |
With rules with tags |
string |
securityOnly |
Security Only rules |
boolean |
sinceAnalysisCode |
Since Analysis Code |
string |
sinceDate |
Since Date |
string |
totalDefects |
Total Defects in Common |
integer (int64) |
DeliveryDefectsData
Data object for Delivery Defects
| Name | Description | Model |
|---|---|---|
defects |
Total defects |
integer (int32) |
newDefects |
Number of new defects |
integer (int32) |
removedDefects |
Number of removed defects |
integer (int32) |
DeliveryFilesData
Data object for Delivery Files
| Name | Description | Model |
|---|---|---|
count |
Files count |
integer (int32) |
FileData
Data object for File
| Name | Description | Model |
|---|---|---|
defects |
Detail of defects in the file |
< DefectDetailResponse > array |
defects_count |
Number of defects in the file |
integer (int32) |
metrics |
File metrics |
< MetricValueData > array |
metrics_count |
Metrics count |
integer (int32) |
name |
File name |
string |
FileWithDefectsResponse
Response object for File with Defects
| Name | Description | Model |
|---|---|---|
defects |
Link to the defects line |
|
defectsCount |
Number of defects |
integer (int64) |
file |
File name |
string |
FilterData
Data object for Filter
| Name | Description | Model |
|---|---|---|
analyzed |
Is analyzed filter |
boolean |
contains |
Contains filter |
string |
fileName |
File name filter |
string |
groupTags |
List of group tags filter |
< GroupTagData > array |
languages |
Languages filter, comma-separated list of languages to filter by (List of supported technologies in https://www.kiuwan.com/docs/display/K5/Kiuwan+Supported+Technologies) |
string |
notContains |
Not contains filter |
string |
tags |
Tags filter, Comma-separated list of tags to filter by |
string |
types |
Types filter, comma-separated list of types to filter by |
string |
FrameData
Data object for Frame
| Name | Description | Model |
|---|---|---|
category |
Frame category |
string |
container |
Container |
string |
file |
Frame file |
string |
index |
Frame index |
integer (int32) |
injectionPoint |
InjectionPoint |
string |
lineNumber |
Line number |
integer (int32) |
lineText |
Line text |
string |
resource |
Resource |
string |
variableDeclaration |
Variable declaration |
string |
GlobalCounterResponse
Response object for Stats
| Name | Description | Model |
|---|---|---|
name |
Global counter name |
string |
value |
Global counter value |
object |
GroupTagData
Data object for Group Tag
| Name | Description | Model |
|---|---|---|
name |
Group tag name |
string |
value |
Group tag value |
string |
HrefData
Data object for Href
| Name | Description | Model |
|---|---|---|
href |
Defect link |
string |
InsightsComponentRestResponse
Response object for Component details
| Name | Description | Model |
|---|---|---|
artifact |
Artifact name |
string |
custom |
If the component is custom or not |
boolean |
filename |
File name |
string |
id |
Component identifier |
integer (int64) |
language |
Technology |
string |
licenseRisk |
Component license risk (high, medium, low, none, unknown) |
enum (high, medium, low, none, unknown) |
obsolescenceRisk |
Component obsolescence risk (high, medium, low, none, unknown) |
enum (high, medium, low, none, unknown) |
securityRisk |
Component security risk (high, medium, low, none, unknown) |
enum (high, medium, low, none, unknown) |
sources |
Sources list |
< SourceRootSimpleRestData > array |
version |
Artifact version |
string |
vulnerabilities |
Vulnerabilities list |
< VulnerabilityRestData > array |
LicenseRestData
Data object for License
| Name | Description | Model |
|---|---|---|
component |
Number of components with this license |
string |
components |
List of components with this license |
< ComponentSimpleRestData > array |
conditions |
License conditions |
string |
id |
License identifier |
integer (int64) |
license |
License name |
string |
limitations |
License limitations |
string |
permissions |
License permissions |
string |
risk |
License risk |
enum (High, Medium, Low, None, Unknown) |
spdxCode |
SPDX code (Software Package Data Exchange) |
string |
type |
License type |
enum (Copyleft, Copyrighted, NonOpenSource, Permissive, Propietary, PublicDomain, Unknown, WeakCopyleft) |
url |
Link to license description |
string |
ListComponentsRequest
It is necessary to indicate the name of the application or the analysis code
| Name | Description | Model |
|---|---|---|
analysisCode |
Analysis Code |
string |
applicationName |
Application name |
string |
filter |
Filter |
|
pagination |
Pagination |
ListComponentsResponse
Response object for Components List
| Name | Description | Model |
|---|---|---|
data |
List of components |
< ComponentDetailResponse > array |
pagination |
Pagination |
ListInsightsComponentsResponse
Response object for Insights Components List
| Name | Description | Model |
|---|---|---|
data |
Insights components detail list |
< InsightsComponentRestResponse > array |
ListLicensesResponse
Response object for Licenses List
| Name | Description | Model |
|---|---|---|
data |
Insights components license detail list |
< LicenseRestData > array |
ListObsolescencesResponse
Response object for Obsolescence List
| Name | Description | Model |
|---|---|---|
data |
Insights components obsolescence detail list |
< ObsolescenceRestData > array |
ListSecuritiesResponse
Response object for Security List
| Name | Description | Model |
|---|---|---|
data |
Insights vulnerabilities detail list |
< SecurityRestData > array |
ListSpdxLicensesResponse
Response object for Spdx Licenses List
| Name | Description | Model |
|---|---|---|
data |
Insights spdx licenses list |
< SpdxLicenseData > array |
MetadataArchitectureData
Data object for Architecture Metadata
| Name | Description | Model |
|---|---|---|
groupTags |
List of groups |
< string, < string > array > map |
languages |
Number of different languages |
< ValueCountData > array |
relations |
Number of relations |
< ValueCountData > array |
tags |
List of tags |
< string > array |
types |
Number of different types |
< ValueCountData > array |
MetadataInsightsData
Data object for Insights Metadata
| Name | Description | Model |
|---|---|---|
components |
Number of components in current analysis |
integer (int32) |
duplicates |
Number of duplicated components in current analysis |
integer (int32) |
licenses |
Number of different licenses in current analysis |
integer (int32) |
risks |
Risk metadata for current analysis. Risk components by vulnerabilities, by licenses and obsolescence |
< MetadataInsightsRiskData > array |
vulnerabilities |
Number of vulnerabilities in current analysis |
integer (int32) |
MetadataInsightsRiskData
Data object for Insights Risk Metadata
| Name | Description | Model |
|---|---|---|
name |
Risk name. by vulnerabilities, by licenses and obsolescence |
string |
risk |
Map with number of components by severity |
< string, integer (int32) > map |
MetricValueData
Data object for Metric Value
| Name | Description | Model |
|---|---|---|
color |
Metric color |
string |
index |
Index |
integer (int32) |
maxRange |
Metric maximum range |
number (double) |
minRange |
Metric minimun range |
number (double) |
name |
Metric name |
string |
size |
Metric size |
integer (int32) |
value |
Metric value |
number (double) |
MutePatternResponse
Response object for MutePattern
| Name | Description | Model |
|---|---|---|
active |
Active |
boolean |
comment |
Comment |
string |
customerId |
Customer Id |
integer (int64) |
fileName |
File name |
string |
fileNamePatterns |
File patterns |
string |
lastActionDate |
Last Action Date |
string |
lastActionUserName |
Last Action User Name |
string |
lastMuteAction |
Last Mute Action |
enum (MUTEACTION_CREATE, MUTEACTION_UPDATE, MUTEACTION_DELETE, MUTEACTION_DEACTIVATE) |
lineNumber |
Line Number |
integer (int32) |
lineText |
Line Text |
string |
reason |
Reason |
string |
ruleCode |
Rule code |
string |
ruleName |
Rule name |
string |
sourceLineText |
Source Line Text |
string |
NavigationFilterData
Data object for Navigation Filter
| Name | Description | Model |
|---|---|---|
depth |
Depth |
integer (int32) |
direction |
Direction (in, out, any; default: out) |
enum (in, out, any) |
relations |
Comma separated list of component relations (calls, configuration, delete, includes, inherits…) |
string |
ObsolescenceRestData
Data object for Obsolescence
| Name | Description | Model |
|---|---|---|
component |
Component name |
string |
custom |
If the component is custom or not |
boolean |
dateLast |
Component last version date |
string |
dateUsed |
Component used version date |
string |
description |
Component description |
string |
language |
Technology (List of supported technologies in https://www.kiuwan.com/docs/display/K5/Kiuwan+Supported+Technologies) |
string |
lastVersion |
Component last version |
string |
obsolescenceRisk |
Component obsolescence risk number, between 0-10 |
string |
outOfDate |
Number of days between used and last version |
string |
release |
Number of releases between used and last version |
string |
risk |
Component obsolescence risk (High, Medium, Low) |
enum (High, Medium, Low) |
timeInactivity |
Number of days from last version date |
string |
usedVersion |
Component used version |
string |
PaginationData
Data object for Pagination
| Name | Description | Model |
|---|---|---|
count |
Number of components per page |
integer (int32) |
page |
Page number |
integer (int32) |
total |
Total Components |
integer (int64) |
PortfolioData
Data object for Portfolio
| Name | Description | Model |
|---|---|---|
portfolioName |
Portfolio name |
string |
portfolioValue |
Portfolio value |
string |
PortfolioDefinitionData
Data object for Portfolio Definition
| Name | Description | Model |
|---|---|---|
description |
Portfolio description |
string |
isSystemPortfolio |
Indicates if it is a system portfolio |
boolean |
name |
Portfolio name |
string |
values |
Portfolio values |
< string > array |
PortfolioRoleData
Data object for Portfolio Role
| Name | Description | Model |
|---|---|---|
portfolioName |
Portfolio name |
string |
portfolioValue |
Portfolio value |
string |
roleName |
Name of the role to assign |
string |
type |
Portfolio type (CUSTOM, SYSTEM) |
enum (CUSTOM, SYSTEM) |
PrivateVulnerabilityRestData
Data object for Private Vulnerability
| Name | Description | Model |
|---|---|---|
cwe |
CWE reference (Common Weakness Enumeration Specification) |
string |
description |
Vulnerability description |
string |
severity |
Vulnerability severity (High, Medium, Low) |
enum (High, Medium, Low) |
v2accessComplexty |
V2 Access Complexty (High, Medium, Low) |
enum (High, Medium, Low) |
v2accessVector |
V2 Access Vector (Local , Adjacent Network, Network ) |
enum (Local, Adjacent Network, Network) |
v2authentication |
V2 Authentication (Multiple, Single, None) |
enum (Multiple, Single, None) |
v2availabilityImpact |
V2 Availability Impact(None, Partial, Complete) |
enum (None, Partial, Complete) |
v2baseScore |
V2 Base Score |
number (double) |
v2confidentialityImpact |
V2 Confidentiality Impact (None, Partial, Complete) |
enum (None, Partial, Complete) |
v2exploitabilityScore |
V2 Exploitability Score |
number (double) |
v2impactScore |
V2 Impact Score |
number (double) |
v2integrityImpact |
V2 Integrity Impact(None, Partial, Complete) |
enum (None, Partial, Complete) |
v2vectorString |
CVSS V2 Vector |
string |
v3attackComplexity |
V3 Attack Complexity (Low, High) |
enum (Low, High) |
v3attackVector |
V3 Attack Vector (Network, Adjacent, Local, Physical) |
enum (Network, Adjacent, Local, Physical) |
v3availabilityImpact |
V3 Availability Impact (High, Low, None) |
enum (High, Low, None) |
v3baseScore |
V3 Base Score |
number (double) |
v3baseSeverity |
V3 Base Severity (None, Low, Medium, High, Critical) |
enum (None, Low, Medium, High, Critical) |
v3confidentialityImpact |
V3 Confidentiality Impact (High, Low, None) |
enum (High, Low, None) |
v3exploitabilityScore |
V3 Exploitability Score |
number (double) |
v3impactScore |
V3 Impact Score |
number (double) |
v3integrityImpact |
V3 Integrity Impact (High, Low, None) |
enum (High, Low, None) |
v3privilegesRequired |
V3 Privileges Required (None, Low, High) |
enum (None, Low, High) |
v3scope |
V3 Scope (Unchanged , Changed) |
enum (Unchanged, Changed) |
v3userInteraction |
V3 User Interaction (None, Required , High) |
enum (None, Required, High) |
v3vectorString |
V3 Vector |
string |
vulnerabilityCode |
vulnerability Code |
string |
vulnerableArtifactVersions |
Vulnerable artifacts and versions |
< VulnerableArtifactVersionsData > array |
ProviderPortfolioRoleData
Data object for Provider Portfolio and Role to assign
| Name | Description | Model |
|---|---|---|
portfolioValue |
Portfolio value |
string |
roleName |
Name of the role to assign |
string |
type |
Portfolio type |
enum (SYSTEM) |
RelationRestData
Data object for Relation
| Name | Description | Model |
|---|---|---|
source |
Source |
integer (int64) |
target |
Target |
integer (int64) |
type |
Relation type |
string |
ResultData
Data object for Result
| Name | Description | Model |
|---|---|---|
result |
Operation result |
string |
RuleDocumentationResponse
Response object for RuleDocumentation
| Name | Description | Model |
|---|---|---|
benefits |
Rule benefits |
string |
code |
Rule code |
string |
description |
Rule description |
string |
drawbacks |
Rule drawbacks |
string |
fixedCode |
Fixed code example |
string |
name |
Rule name |
string |
normatives |
Rule normatives list |
< string > array |
references |
Comma separated list of rule references |
string |
tags |
Rule tags list |
< string > array |
violationCode |
Violation code example |
string |
SearchImpactResponse
Response object for Search Impact
| Name | Description | Model |
|---|---|---|
analysisImpactCode |
Analysis impact code |
string |
data |
List of components |
< ComponentDetailResponse > array |
pagination |
Pagination |
SearchSourcesImpactRequest
It is mandatory at least one of the following parameters, application name, analysis code or analysis impact code. If you have already indicated the analysis impact code, the navigation filter is not necessary, in other cases it is. Indicating the pagination filter is necessary in any case.
| Name | Description | Model |
|---|---|---|
analysisCode |
Analysis code |
string |
analysisImpactCode |
Analysis impact code |
string |
applicationName |
Application name |
string |
navigationFilter |
Navigation filter |
|
pagination |
Pagination |
|
sourceFilter |
Source Filter |
|
sourceIds |
Source identifiers |
< integer (int64) > array |
targetId |
Target identificator |
integer (int64) |
SearchTargetsImpactRequest
It is mandatory at least one of the following parameters, application name, analysis code or analysis impact code. If you have already indicated the analysis impact code, the navigation filter is not necessary, in other cases it is. Indicating the pagination filter is necessary in any case.
| Name | Description | Model |
|---|---|---|
analysisCode |
Analysis code |
string |
analysisImpactCode |
Analysis impact code |
string |
applicationName |
Application name |
string |
navigationFilter |
Navigation filter |
|
pagination |
Pagination |
|
sourceFilter |
Source filter |
|
sourceIds |
Source identificators |
< integer (int64) > array |
targetFilter |
Target filter |
|
targetIds |
Target identificators |
< integer (int64) > array |
SecurityRestData
Data object for Security
| Name | Description | Model |
|---|---|---|
components |
Components list affected by this vulnerability |
< ComponentSimpleRestData > array |
cve |
CVE reference (Common Vulnerabilities and Exposures) |
string |
cwe |
CWE reference (Common Weakness Enumeration Specification) |
string |
description |
Vulnerability description |
string |
exploitabilitySubscore |
Vulnerability exploitable sub-score |
string |
getcVSSv2BaseScore |
Vulnerability CVSS v2 base score |
string |
getcVSSv3BaseScore |
Vulnerability CVSS v3 base score |
string |
id |
Vulnerability identifier |
integer (int64) |
impactSubscore |
Vulnerability impact sub-score |
string |
lastModified |
Last modified date |
string |
muted |
If is muted or not |
boolean |
privateVulnerability |
If is private vulnerability or not |
boolean |
securityRisk |
Component security risk (high, medium, low, none, unknown) |
string |
SoftwareArtifactData
Data object for Software Artifact
| Name | Description | Model |
|---|---|---|
artifact |
Artifact name |
string |
group |
Artifact Group |
string |
language |
Artifact Language |
string |
version |
Artifact version |
string |
SoftwareArtifactLicenseData
Data object for Software Artifact License
| Name | Description | Model |
|---|---|---|
artifact |
Artifact name |
string |
group |
Artifact Group |
string |
language |
Artifact Language |
string |
spdxid |
Spdx id |
string |
version |
Artifact version |
string |
SourceChildSimpleRestData
Data object for Source Child
| Name | Description | Model |
|---|---|---|
artifact |
Source artifact name |
string |
child |
Source childs list |
< SourceChildSimpleRestData > array |
repository |
Repository name |
string |
version |
Source version |
string |
SourceRootSimpleRestData
Data object for Source Root
| Name | Description | Model |
|---|---|---|
artifact |
Source artifact name |
string |
child |
Source childs list |
< SourceChildSimpleRestData > array |
path |
Source path |
string |
version |
Source version |
string |
SpdxLicenseData
Data object for Spdx License
| Name | Description | Model |
|---|---|---|
details |
License details or link to license description |
string |
name |
License name |
string |
spdxid |
SPDX code (Software Package Data Exchange) |
string |
SubGraphImpactRequest
It is necessary to indicate the name of the application or the analysis code, as well as the source and the target identifier
| Name | Description | Model |
|---|---|---|
analysisCode |
Analysis code |
string |
applicationName |
Application name |
string |
navigationFilter |
Navigation filter |
|
sourceId |
Source identifier |
integer (int64) |
targetId |
Target identifier |
integer (int64) |
SubGraphImpactResponse
Response object for Sub Graph Impact
| Name | Description | Model |
|---|---|---|
components |
List of components |
< ComponentDetailResponse > array |
relations |
List of relations |
< RelationRestData > array |
UnparsedFileData
Data object for Unparsed File
| Name | Description | Model |
|---|---|---|
cause |
Cause |
string |
file |
Unparsed file name |
string |
UpdateCustomComponentRestData
Data object for Custom Component to Update
| Name | Description | Model |
|---|---|---|
artifact |
Artifact name |
string |
custom |
Confirm that current component is custom (true value) or may be public (false value) |
boolean |
date |
Component date |
string |
description |
Component description |
string |
group |
Artifact Group |
string |
language |
Artifact Technology |
string |
showPublicLicenses |
If you want show licenses found by Kiuwan |
boolean |
showPublicVulnerabilities |
When custom is true if you want show public vulnerabilities found by Kiuwan |
boolean |
version |
Artifact version |
string |
UserApplicationRoleResponse
Response object for Application and assigned User Role
| Name | Description | Model |
|---|---|---|
override |
Indicates if override the configuration or not |
boolean |
roleName |
Role name |
string |
username |
User name |
string |
UserAppsPermissionsResponse
Response object for Application and assigned User Permissions
| Name | Description | Model |
|---|---|---|
applicationPermissionsData |
List of applicaction names and their permissions for this user |
< ApplicationPermissionsData > array |
email |
User email |
string |
enabled |
Indicates if the user is enabled or not |
boolean |
firstName |
User first name |
string |
lastName |
User last name |
string |
manageApplications |
Indicates if the user has permissions to manage applications |
boolean |
manageAudits |
Indicates if the user has permissions to manage audits |
boolean |
manageModels |
Indicates if the user has permissions to manage models |
boolean |
manageReports |
Indicates if the user has permissions to manage reports |
boolean |
manageUsers |
Indicates if the user has permissions to manage users |
boolean |
managementFeatures |
Management features. Allowed values are { MANAGE_APPLICATIONS | MANAGE_ALL_USERS | MANAGE_MODELS } |
< string > array |
overrideUserGroup |
Indicates if the user override group permissions |
boolean |
supportEnabled |
Indicates if the user has the support enabled |
boolean |
username |
User name |
string |
UserDetailResponse
Response object for User Details
| Name | Description | Model |
|---|---|---|
email |
User email |
string |
enableLoginWithPassword |
Indicates if the user has enable login with password |
boolean |
enabled |
Indicates if the user is enabled or not |
boolean |
firstName |
User first name |
string |
isOwner |
Indicates if the user is the account owner |
boolean |
lastName |
User last name |
string |
username |
User name |
string |
UserGroupRequest
Request object for User Group
| Name | Description | Model |
|---|---|---|
accessControlConfiguration |
User access control configuration details |
|
name |
User group name |
string |
newName |
User group new name |
string |
users |
Group users list |
< string > array |
UserGroupResponse
Response object for User Group
| Name | Description | Model |
|---|---|---|
name |
User group name |
string |
users |
Group users list |
< string > array |
UserInformationResponse
Response object for User Information
| Name | Description | Model |
|---|---|---|
engineFrozen |
Whether the engine version is frozen or not |
boolean |
engineVersion |
Current (or frozen) engine version |
string |
organization |
Organization name |
string |
username |
User name |
string |
UserManagementRequest
Request object for User Management
| Name | Description | Model |
|---|---|---|
accessControlConfiguration |
User access control configuration details |
|
email |
User email |
string |
enableLoginWithPassword |
Indicates if the user has enable login with password |
boolean |
enabled |
Indicates if the user is enabled |
boolean |
firstName |
User first name |
string |
generatePassword |
True to generate a random password |
boolean |
lastName |
User last name |
string |
regeneratePassword |
True to regenerate the user password |
boolean |
username |
User name |
string |
UserPortfolioRoleData
Data object for Portfolio and User Role assigned
| Name | Description | Model |
|---|---|---|
portfolioValue |
Portfolio value |
string |
roleName |
Name of the role |
string |
type |
Portfolio type (CUSTOM, SYSTEM) |
enum (CUSTOM, SYSTEM) |
username |
User name |
string |
ValueCountData
Data object for Value Count
| Name | Description | Model |
|---|---|---|
count |
Number of elements with same property |
integer (int64) |
value |
Name of property (language, type, relation) |
string |
ViolatedRuleResponse
Response object for Violated Rule
| Name | Description | Model |
|---|---|---|
characteristic |
CQM characteristic |
enum (Efficiency, Maintainability, Portability, Reliability, Security) |
defectsCount |
Number of defects |
integer (int64) |
effort |
Rule effort |
string |
files |
Link to files |
|
filesCount |
Number of files |
integer (int64) |
language |
CQM technology (List of supported technologies in https://www.kiuwan.com/docs/display/K5/Kiuwan+Supported+Technologies) |
string |
modelId |
Model identifier |
integer (int64) |
priority |
CQM priority |
enum (Very Low, Low, Normal, High, Very High) |
ruleCode |
Rule code |
string |
suppressedDefectsCount |
Number of suppressed defects |
integer (int64) |
tags |
Tags list |
< string > array |
vulnerabilityType |
Vulnerability type (More info in https://www.kiuwan.com/docs/display/K5/Kiuwan+Vulnerability+Types) |
string |
VulnerabilityData
Data object for Vulnerability
| Name | Description | Model |
|---|---|---|
category |
Sink category |
string |
container |
Container |
string |
cweId |
CWE identifier |
integer (int32) |
datapaths |
Vulnerability datapaths |
< DatapathData > array |
frames |
Vulnerability frames |
< FrameData > array |
injectionPoint |
InjectionPoint |
string |
resource |
Resource |
string |
sourceCategory |
Source category |
string |
sourceCode |
Source code |
string |
sourceContainer |
Source container |
string |
sourceFile |
Source file |
string |
sourceInjectionPoint |
Source injection point |
string |
sourceLine |
Source line |
integer (int32) |
sourceResource |
Source resource |
string |
variableDeclaration |
Variable declaration |
string |
VulnerabilityRestData
Data object for Insight Vulnerability
| Name | Description | Model |
|---|---|---|
cve |
CVE reference (Common Vulnerabilities and Exposures) |
string |
cwe |
CWE reference (Common Weakness Enumeration Specification) |
string |
description |
Vulnerability description |
string |
id |
Vulnerability identifier |
integer (int64) |
privateVulnerability |
If is private vulnerability or not |
boolean |
severity |
Vulnerability severity (High, Medium, Low) |
enum (High, Medium, Low) |
VulnerableArtifactVersionsData
Data object for Vulnerable Artifact Versions
| Name | Description | Model |
|---|---|---|
affectedVersions |
Affected versions |
< AffectedVersionsData > array |
artifact |
Artifact name |
string |
group |
Artifact Group |
string |
language |
Artifact Language |
string |