Overview

The REST API is the primary way that data are retrieved from Kiuwan. This guide is intended for developers who want to write applications that can interact with the Kiuwan API. It contains a full reference of API calls. It also shows you how authentication works and all about service quotas.

Be sure that you have a Kiuwan account and a Kiuwan username and password. Every REST API request must be authenticated. We recommend to use a different account for development purpose, in order to protect yourself and your production quota service.

REST-API diagram

Calling style and data format

There are several ways for calling Kiuwan REST API from your application. You can do it directly from Javascript —no server side code is required— or you can use a client library, depending on your server side technology.

The data format is JSON (Javascript Object Notation). It is a common, language-independent data format that provides a simple text representation of arbitrary data structures. For more information, see json.org.

The endpoints and their parmeters are case-sensitive. In case you call the API with a URL that does not exist in this document, you will receive a 404 error. If the names of the optional parameters are incorrect, the call will be the same as the call without these parameters. On the other hand, there are endpoints with all optional parameters, in this case, you can find the explanation in the description.

Swagger / OpenAPI specification

Kiuwan provides a Swagger / OpenAPI specification of its public REST API. There are many generators available that you can use to create a client for the language that suits your needs. You can download the Kiuwan REST API OpenAPI specification here:

Working with API

if you are a Kiuwan on-premise user, you should point your API calls to the configured kiuwan on-premise host, using the scheme your installation is running under (http / https).

Schema

All API access is over HTTPS, and accessed from the api.kiuwan.com domain.

All data is sent and received as JSON, except the endpoints witch generates reports that returns files or in the case of error this endpoints will return JSON object. All timestamps are returned in ISO 8601 format:
YYYY-MM-DDTHH:MM:SSZ

Example:

$ curl -i --user [YOUR USERNAME]:[YOUR PASSWORD] https://api.kiuwan.com/apps/kiuwan
HTTP/1.1 200 OK
Date: Tue, 09 Jul 2013 08:40:04 GMT
Server: Restlet-Framework/2.1.2
Accept-Ranges: bytes
X-QuotaLimit: 1000
X-QuotaLimit-Remaining: 993
Content-Type: application/json;charset=UTF-8
Set-Cookie: JSESSIONID=B28iXS4GthtHVOysVg6fjnDK.undefined; Path=/saas; Secure; HttpOnly
Set-Cookie: ROUTEID=.saas1; path=/saas
Via: 1.1 api.kiuwan.com
Transfer-Encoding: chunked
{"name":"kiuwan","description":"kiuwan","label":"","date":"2013-05-27T11:11:15Z","encoding":"UTF-8","languages":[{"name":"java","size":64328},{"name":"sql","size":1}],"quality_model":"CQM","ordered_by":"Jerry Fish","Risk index":{"value":0.03973296594074194},"Quality indicator":{"value":84.67472661535454,"children":[{"name":"Efficiency","value":88.75956383609372},{"name":"Maintainability","value":59.62314522711728},{"name":"Portability","value":98.37209493445182},{"name":"Reliability","value":93.53795131980435},{"name":"Security","value":99.8542334844733}]},"Effort to target":{"value":42.19999999999999,"children":[{"name":"Efficiency","value":0.0},{"name":"Maintainability","value":42.19999999999999},{"name":"Portability","value":0.0},{"name":"Reliability","value":0.0},{"name":"Security","value":0.0}]},"Main metrics":[{"name":"Files","value":996.0},{"name":"Lines of code","value":64329.0},{"name":"Duplicated code","value":0.12281122303922935},{"name":"Complexity","value":1.461493497004238},{"name":"Very high defects","value":101.0},{"name":"Total defects","value":10277.0}]}

The parameters of the different endpoints can be of the following types:

Type Description

Query

Query parameters are a defined set of parameters attached to the end of a url. They are extensions of the URL that are used to help define specific content or actions based on the data being passed.
To append query params to the end of a URL, a ‘?’ Is added followed immediately by a query parameter.
To add multiple parameters, an ‘&’ is added in between each. These can be created by any variation of object types or lengths such as String, Arrays and Numbers.

Path

Path parameters are components of a URL path that can vary. They are typically used to point to a specific resource within a collection, such as a user identified by ID. A URL can have several path parameters, each denoted with curly braces { }.

Body

The POST, PUT and PATCH requests can have the request body (payload), such as JSON or XML data. The request body is called a body parameter. There can be only one body parameter, although the operation may have other parameters (path, query, header).

Authentication and authorization

Every request your application sends to the Kiuwan REST API must identify your application. You can do that by using HTTP Basic, which also authorizes the request.

Most client software provides a simple mechanism for supplying a user name and password and will build the required authentication headers automatically. For example, you can specify the --user argument with curl as follows:

$ curl --user [YOUR USERNAME]:[YOUR PASSWORD] https://api.kiuwan.com/info

Once you have been identified with a valid user and password, you will have access to your private quality results. Even, you will have access to public accounts and their quality results.

Example with query params:

$ curl --user [YOUR USERNAME]:[YOUR PASSWORD] https://api.kiuwan.com/applications/last_analysis?application=my_app

In case that Single Sign-On is activated in your account, for custom programs using Kiuwan REST-API calls, you have to add a new header (X-KW-CORPORATE-DOMAIN-ID) to indicate the Domain ID to pass the BASIC authentication.

Example of curl execution for accounts with Single Sign-On enabled:

$ curl -H "X-KW-CORPORATE-DOMAIN-ID: {domain.id}" --user [YOUR USERNAME]:[YOUR PASSWORD] https://api.kiuwan.com/info
In order to use REST-API on customers with Single Sign-On, the user must have been authorized by the administrator to continue using Kiuwan credentials. And, in this case, the user must authenticate not only providing their username and password in Kiuwan, but also indicating the domain to which they belong to.

Working with lists and pages

If the answer of your request is composed by a list of elements —a list of applications, analysis or defects, for example—, it will be paginated. You will find an indication if a function request allows pagination in API reference. You can manage pagination with two parameters:

Parameter name Description Default value Valid range of values

page

Page number of the request

1

[1-INF]

count

The number of the elements per page

500

[1-5000]

An example of call in curl is:

curl -i --user [YOUR USERNAME]:[YOUR PASSWORD] https://api.kiuwan.com/apps/analysis/A-7e3-16e5b1aad2a/defects?page=2&count=50

For POST endpoints an example is:

curl -i --user [YOUR USERNAME]:[YOUR PASSWORD] -d "{""applicationName"": ""appName"", ""pagination"": {""page"": 1, ""count"": 50 }}" -H "Content-Type: application/json" -X POST https://api.kiuwan.com/arch/list

Quota service

In order to protect the performance, Kiuwan establish a Quota service for each authenticated user. The request will be limited to 1000 per hour. You can check the returned HTTP headers of any API request to see your current status:

$ curl -i --user jerry@kiuwan.com:j3rryf1sh https://api.kiuwan.com/info
HTTP/1.1 200 OK
Status: 200 OK
X-QuotaLimit: 1000
X-QuotaLimit-Remaining: 966

Examples

In this chapter we will show how to call the API for different languages:

Curl

You can curl an endpoint using directly your credentials:

curl -i --user [YOUR USERNAME]:[YOUR PASSWORD] https://api.kiuwan.com/...

Or specifying a basic authorization hash:

curl -i -H "Authorization: Basic [[BASIC AUTH HASH]]" https://api.kiuwan.com/...

Java

import io.swagger.client.*;
import io.swagger.client.auth.*;
import io.swagger.client.model.*;
import io.swagger.client.api.ActionPlanApi;

public class KiuwanRestApiExample {

    public static void main(String[] args) {
        ApiClient defaultClient = Configuration.getDefaultApiClient();

        // Configure HTTP basic authorization: basicAuth
        HttpBasicAuth basicAuth = (HttpBasicAuth) defaultClient.getAuthentication("basicAuth");
        basicAuth.setUsername("YOUR USERNAME");
        basicAuth.setPassword("YOUR PASSWORD");

		// Instance API operation
		ApplicationApi applicationApi = new ApplicationApi(defaultClient);
        try {
            for (ApplicationBean app : applicationApi.getApplications()) {
				System.out.println(app);
			}
        } catch (ApiException e) {
            System.err.println("Exception when calling ApplicationApi#getApplications");
            e.printStackTrace();
        }
    }

}

Android

import io.swagger.client.api.ActionPlanApi;

public class ActionPlanApiExample {

    public static void main(String[] args) {
		// Instance API operation
        ActionPlanApi apiInstance = new ActionPlanApi();
        String application = application_example; // String | Application name
        String name = name_example; // String | Action plan name
        String creation = creation_example; // String | Creation date
        try {
            apiInstance.generateReportCSV(application, name, creation);
        } catch (ApiException e) {
            System.err.println("Exception when calling ActionPlanApi#generateReportCSV");
            e.printStackTrace();
        }
    }
}

Obj-C

Configuration *apiConfig = [Configuration sharedConfig];

// Configure HTTP basic authorization (authentication scheme: basicAuth)
[apiConfig setUsername:@"YOUR_USERNAME"];
[apiConfig setPassword:@"YOUR_PASSWORD"];

String *application = application_example; // Application name
String *name = name_example; // Action plan name
String *creation = creation_example; // Creation date (optional)

// Instance API operation
ActionPlanApi *apiInstance = [[ActionPlanApi alloc] init];

[apiInstance generateReportCSVWith:application
    name:name
    creation:creation
        completionHandler: ^(NSError* error) {
            if (error) {
                NSLog(@"Error: %@", error);
            }
        }];

JavaScript

var KiuwanRestApiClient = require('kiuwan_rest_api_client');
var defaultClient = KiuwanRestApiClient.ApiClient.instance;

// Configure HTTP basic authorization: basicAuth
var basicAuth = defaultClient.authentications['basicAuth'];
basicAuth.username = 'YOUR USERNAME'
basicAuth.password = 'YOUR PASSWORD'

// Instance API operation
var api = new KiuwanRestApiClient.ActionPlanApi()

var application = application_example; // {String} Application name
var name = name_example; // {String} Action plan name
var opts = {
  'creation': creation_example // {String} Creation date
};

var callback = function(error, data, response) {
  if (error) {
    console.error(error);
  } else {
    console.log('API called successfully.');
  }
};
api.generateReportCSV(application, name, opts, callback);

C#

using System;
using System.Diagnostics;
using IO.Swagger.Api;
using IO.Swagger.Client;
using IO.Swagger.Model;

namespace Example
{
    public class generateReportCSVExample
    {
        public void main()
        {

            // Configure HTTP basic authorization: basicAuth
            Configuration.Default.Username = "YOUR_USERNAME";
            Configuration.Default.Password = "YOUR_PASSWORD";

			// Instance API operation
            var apiInstance = new ActionPlanApi();
            var application = application_example;  // String | Application name
            var name = name_example;  // String | Action plan name
            var creation = creation_example;  // String | Creation date (optional)

            try
            {
                apiInstance.generateReportCSV(application, name, creation);
            }
            catch (Exception e)
            {
                Debug.Print("Exception when calling ActionPlanApi.generateReportCSV: " + e.Message );
            }
        }
    }
}

PHP

<?php
require_once(__DIR__ . '/vendor/autoload.php');

// Configure HTTP basic authorization: basicAuth
Swagger\Client\Configuration::getDefaultConfiguration()->setUsername('YOUR_USERNAME');
Swagger\Client\Configuration::getDefaultConfiguration()->setPassword('YOUR_PASSWORD');

// Instance API operation
$api_instance = new Swagger\Client\Api\ActionPlanApi();
$application = application_example; // String | Application name
$name = name_example; // String | Action plan name
$creation = creation_example; // String | Creation date

try {
    $api_instance->generateReportCSV($application, $name, $creation);
} catch (Exception $e) {
    echo 'Exception when calling ActionPlanApi->generateReportCSV: ', $e->getMessage(), PHP_EOL;
}
?>

Perl

use Data::Dumper;
use WWW::SwaggerClient::Configuration;
use WWW::SwaggerClient::ActionPlanApi;

# Configure HTTP basic authorization: basicAuth
$WWW::SwaggerClient::Configuration::username = 'YOUR_USERNAME';
$WWW::SwaggerClient::Configuration::password = 'YOUR_PASSWORD';

# Instance API operation
my $api_instance = WWW::SwaggerClient::ActionPlanApi->new();
my $application = application_example; # String | Application name
my $name = name_example; # String | Action plan name
my $creation = creation_example; # String | Creation date

eval {
    $api_instance->generateReportCSV(application => $application, name => $name, creation => $creation);
};
if ($@) {
    warn "Exception when calling ActionPlanApi->generateReportCSV: $@\n";
}

Python

import swagger_client

# Instance API operation
api_instance = swagger_client.ActionPlanApi()

# Configure HTTP basic authorization: basicAuth
api_instance.api_client.configuration.username = 'username.demo'
api_instance.api_client.configuration.password = "xxxxxxx"

# Run the desired method
application = "Abap" # String | Application name
print(api_instance.get_action_plans(application))

Error codes

The REST API returns the next error codes when something in the request goes wrong.

Error code Cause HTTP status code

00

Internal server error.

500

01

Quota limit reached.

429

02

Access denied.

403

03

Application not found.

404

04

Analysis not found.

404

05

Bad JSON format.

400

06

Application already exists.

409

07

Bad datetime format.

400

08

Bad model id.

400

09

Limit exceeded.

403

10

Bad analysis result id format.

400

11

Bad artifact id format.

400

12

Bad customer id format.

400

13

Model not found.

404

14

Portfolio value not found.

404

15

Portfolio not found.

404

16

Duplicated portfolio name found.

400

17

User not found.

404

18

Override option not indicated.

400

19

Unknown role assignment mode.

400

20

Role not found.

404

21

Invalid parameter.

400

22

Unknown management feature name.

400

23

Target out of range.

400

24

Unknown business value.

400

25

User already exists.

400

26

Duplicated application name.

400

27

Duplicated portfolio value.

400

28

User group not found.

404

29

User group with indicated name already exists.

400

30

Indicated provider not found.

404

31

You do not have permissions to view the portfolio definitions.

403

32

(Not used)

33

Duplicated business value in the request.

400

34

Duplicated provider in the request.

400

35

Not in ISO 8601 format.

400

36

Action plan not found.

404

37

Rule not found.

404

38

Delivery not found.

404

39

Checkpoint not found.

404

40

Input modelId does not match a valid model

400

41

Duplicated tag

400

42

Defect not found

404

43

Audit not found

404

44

Analysis is running

404

45

Analysis failed

404

46

Invalid value

400

47

Custom Software Artifact not found

404

48

Custom Software Artifact already exists

400

49

Private Vulnerability not found

404

50

Private Vulnerability already exists

400

51

Software Artifact not found

404

52

License not found

404

53

Relation Software Artifact and license not found

404

The response status will be HTTP status code indicated in the table above. Additionally, the response will contain an array of errors, each error will have a couple of fields:

  • "code": Error code

  • "message": Error message

For example:

{
  "errors": [
    {
      "code": "04",
      "message": "Analysis not found."
    }
  ]
}

Endpoints

This section shows all available endpoints in Kiuwan REST API.

ActionPlan

Get progress summary of an action plan

GET /actionPlan
Description

Obtains the current and the past main metrics and indicators of an application for an action plan. If there are more than one action plans with the same name, this endpoint returns the most recent action plan’s information.

Parameters
Type Name Description Model

Query

application
required

Application name

string

Query

creation
optional

Action plan creation date

string (date-time)

Query

name
required

Action plan name

string

Responses
HTTP Code Description Model

200

Successful retrieval of an action plan

403

Access denied

No Content

404

Resource not found

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/actionPlan?application=myApp&name=ActionPlan1&creation=2019-08-03T10%3A15%3A30Z
Example HTTP response
Response 200
{
  "name": "ActionPlan1",
  "description": "Action Plan for security defects",
  "creation": "2019-10-31T14:50:05.227Z",
  "expiration": "2019-11-31T14:50:05.227Z",
  "createdBy": "The Boss",
  "assignedTo": "John Smith",
  "progress": 32.5,
  "estimate": "1h 56m",
  "pendingEffort": "30m",
  "purged": false,
  "riskIndexBefore": 19.22,
  "globalIndicatorBefore": 7.21,
  "effortToTargetBefore": 31.8,
  "qualityIndicatorsBefore": {
    "Efficiency": 53.21,
    "Portability": 72.9,
    "Maintainability": 21.9,
    "Reliability ": 13.12,
    "Security    ": 38.32
  },
  "riskIndexAfter": 9.3,
  "globalIndicatorAfter": 23.5,
  "effortToTargetAfter": 8.23,
  "qualityIndicatorsAfter": {
    "Efficiency": 15.28,
    "Portability": 7.23,
    "Maintainability": 71.1,
    "Reliability": 31.2,
    "Security": 23.21
  },
  "metrics": {
    "string": 0.0
  }
}

Get all defects of an action plan

GET /actionPlan/defects/all
Description

Obtains all defects included in an action plan. If there are more than one action plans with the same name, this endpoint returns the most recent action plan’s information.

Parameters
Type Name Description Model

Query

application
required

Application name

string

Query

creation
optional

Action plan creation date

string (date-time)

Query

name
required

Action plan name

string

Responses
HTTP Code Description Model

200

Successful retrieval of an action plan defects

400

Invalid creation date format

No Content

403

Access denied

No Content

404

Resource not found

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/actionPlan/defects/all?application=myApp&name=ActionPlan1&creation=2019-08-03T10%3A15%3A30Z
Example HTTP response
Response 200
{
  "name" : "ActionPlan1",
  "description" : "Action Plan for security defects",
  "creation" : "2019-10-31T14:50:05.227Z",
  "expiration" : "2019-11-31T14:50:05.227Z",
  "createdBy" : "The Boss",
  "assignedTo" : "John Smith",
  "progress" : 32.5,
  "estimate" : "1h 56m",
  "pendingEffort" : "30m",
  "purged" : false,
  "allDefects" : [ {
    "defectId" : 16558118,
    "file" : "FileSystemRepository.java",
    "line" : 368,
    "code" : "\t\t\tout.println(sql);",
    "muted" : false,
    "vulnerabilityType" : "Injection",
    "explanation" : "Reflected XSS: user_input",
    "status" : "None",
    "cweId" : 79,
    "ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
    "rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
    "language" : "java",
    "characteristic" : "Security",
    "priority" : "Very High",
    "effort" : "30m",
    "modelId" : 6252,
    "securityDetail" : {
      "cweId" : 79,
      "category" : "xss",
      "resource" : "web",
      "container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
      "injectionPoint" : "string",
      "variableDeclaration" : "String sql",
      "sourceFile" : "FileSystemRepository.java",
      "sourceLine" : 70,
      "sourceCode" : "\t\t\tString val = request.getParameter(item);",
      "sourceCategory" : "user_input",
      "sourceResource" : "web",
      "sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
      "sourceInjectionPoint" : "string",
      "frames" : [ {
        "index" : 0,
        "file" : "FileSystemRepository.java",
        "lineNumber" : 32,
        "lineText" : "\t\t\tString val = request.getParameter(item);",
        "category" : "user_input",
        "resource" : "web",
        "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "injectionPoint" : "string",
        "variableDeclaration" : "string"
      } ],
      "datapaths" : [ {
        "index" : 1,
        "kind" : "sink",
        "varname" : "user",
        "lineNumber" : 32,
        "lineText" : "\t\t\tString val = request.getParameter(item);",
        "indirect" : true,
        "file" : "FileSystemRepository.java",
        "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "localId" : 1,
        "localParentId" : 1
      } ]
    }
  } ]
}

Get pending defects of an action plan

GET /actionPlan/defects/pending
Description

Obtains the pending defects of an action plan compared with a concrete analysis. If there are more than one action plans with the same name, this endpoint returns the most recent action plan’s information. If there are more than one analysis with the same label, uses the most recent analysis of them.

Parameters
Type Name Description Model

Query

analysisLabel
optional

Analysis label. If empty it compares with last analysis

string

Query

application
required

Application name

string

Query

asc
optional

Sort ascending: true/false

enum (true, false)

Query

characteristics
optional

Comma-separated list of characteristics to filter by

enum (Efficiency, Maintainability, Portability, Reliability, Security)

Query

creation
optional

Action plan creation date

string (date-time)

Query

fileContains
optional

Use this param to filter defects by file name

string

Query

languages
optional

Comma-separated list of languages to filter by

string

Query

limit
optional

Max number of defects returned

integer

Query

name
required

Action plan name

string

Query

orderBy
optional

Sorting criteria: priority/effort

enum (priority, effort)

Query

priorities
optional

Comma-separated list of priorities(Very low, Low, Normal, High, Very high) to filter by

enum (Very low, Low, Normal, High, Very high)

Responses
HTTP Code Description Model

200

Successful retrieval of an action plan pending defects

400

Invalid creation date format

No Content

403

Access denied

No Content

404

Resource not found

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/actionPlan/defects/pending?application=myApp&name=ActionPlan1&analysisLabel=A-7e3-16dc9e2913&asc=true&characteristics=Security%2C+Efficiency&creation=2019-08-03T10%3A15%3A30Z&fileContains=FileSystemRepository.java&languages=java%2C+php&limit=100&orderBy=priority&priorities=Very+high%2C+High
Example HTTP response
Response 200
{
  "name" : "ActionPlan1",
  "description" : "Action Plan for security defects",
  "creation" : "2019-10-31T14:50:05.227Z",
  "expiration" : "2019-11-31T14:50:05.227Z",
  "createdBy" : "The Boss",
  "assignedTo" : "John Smith",
  "progress" : 32.5,
  "estimate" : "1h 56m",
  "pendingEffort" : "30m",
  "purged" : false,
  "pendingDefects" : [ {
    "defectId" : 16558118,
    "file" : "FileSystemRepository.java",
    "line" : 368,
    "code" : "\t\t\tout.println(sql);",
    "muted" : false,
    "vulnerabilityType" : "Injection",
    "explanation" : "Reflected XSS: user_input",
    "status" : "None",
    "cweId" : 79,
    "ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
    "rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
    "language" : "java",
    "characteristic" : "Security",
    "priority" : "Very High",
    "effort" : "30m",
    "modelId" : 6252,
    "securityDetail" : {
      "cweId" : 79,
      "category" : "xss",
      "resource" : "web",
      "container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
      "injectionPoint" : "string",
      "variableDeclaration" : "String sql",
      "sourceFile" : "FileSystemRepository.java",
      "sourceLine" : 70,
      "sourceCode" : "\t\t\tString val = request.getParameter(item);",
      "sourceCategory" : "user_input",
      "sourceResource" : "web",
      "sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
      "sourceInjectionPoint" : "string",
      "frames" : [ {
        "index" : 0,
        "file" : "FileSystemRepository.java",
        "lineNumber" : 32,
        "lineText" : "\t\t\tString val = request.getParameter(item);",
        "category" : "user_input",
        "resource" : "web",
        "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "injectionPoint" : "string",
        "variableDeclaration" : "string"
      } ],
      "datapaths" : [ {
        "index" : 1,
        "kind" : "sink",
        "varname" : "user",
        "lineNumber" : 32,
        "lineText" : "\t\t\tString val = request.getParameter(item);",
        "indirect" : true,
        "file" : "FileSystemRepository.java",
        "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "localId" : 1,
        "localParentId" : 1
      } ]
    }
  } ]
}

Get removed defects of an action plan

GET /actionPlan/defects/removed
Description

Obtains the removed defects of an action plan compared with a concrete analysis. If there are more than one action plans with the same name, this endpoint returns the most recent action plan’s information. If there are more than one analysis with the same label, uses the most recent analysis of them.

Parameters
Type Name Description Model

Query

analysisLabel
optional

Analysis label. If empty it compares with last analysis

string

Query

application
required

Application name

string

Query

creation
optional

Action plan creation date

string (date-time)

Query

name
required

Action plan name

string

Responses
HTTP Code Description Model

200

Successful retrieval of an action plan removed defects

400

Invalid creation date format

No Content

403

Access denied

No Content

404

Resource not found

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/actionPlan/defects/removed?application=myApp&name=ActionPlan1&analysisLabel=A-7e3-16dc9e2913&creation=2019-08-03T10%3A15%3A30Z
Example HTTP response
Response 200
{
  "name" : "ActionPlan1",
  "description" : "Action Plan for security defects",
  "creation" : "2019-10-31T14:50:05.227Z",
  "expiration" : "2019-11-31T14:50:05.227Z",
  "createdBy" : "The Boss",
  "assignedTo" : "John Smith",
  "progress" : 32.5,
  "estimate" : "1h 56m",
  "pendingEffort" : "30m",
  "purged" : false,
  "removedDefects" : [ {
    "defectId" : 16558118,
    "file" : "FileSystemRepository.java",
    "line" : 368,
    "code" : "\t\t\tout.println(sql);",
    "muted" : false,
    "vulnerabilityType" : "Injection",
    "explanation" : "Reflected XSS: user_input",
    "status" : "None",
    "cweId" : 79,
    "ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
    "rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
    "language" : "java",
    "characteristic" : "Security",
    "priority" : "Very High",
    "effort" : "30m",
    "modelId" : 6252,
    "securityDetail" : {
      "cweId" : 79,
      "category" : "xss",
      "resource" : "web",
      "container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
      "injectionPoint" : "string",
      "variableDeclaration" : "String sql",
      "sourceFile" : "FileSystemRepository.java",
      "sourceLine" : 70,
      "sourceCode" : "\t\t\tString val = request.getParameter(item);",
      "sourceCategory" : "user_input",
      "sourceResource" : "web",
      "sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
      "sourceInjectionPoint" : "string",
      "frames" : [ {
        "index" : 0,
        "file" : "FileSystemRepository.java",
        "lineNumber" : 32,
        "lineText" : "\t\t\tString val = request.getParameter(item);",
        "category" : "user_input",
        "resource" : "web",
        "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "injectionPoint" : "string",
        "variableDeclaration" : "string"
      } ],
      "datapaths" : [ {
        "index" : 1,
        "kind" : "sink",
        "varname" : "user",
        "lineNumber" : 32,
        "lineText" : "\t\t\tString val = request.getParameter(item);",
        "indirect" : true,
        "file" : "FileSystemRepository.java",
        "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "localId" : 1,
        "localParentId" : 1
      } ]
    }
  } ]
}

Get available action plans

GET /actionPlans
Description

List action plans of an application.

Parameters
Type Name Description Model

Query

application
required

Application name

string

Responses
HTTP Code Description Model

200

Successful retrieval of action plans

403

Access denied

No Content

404

Application does not exist

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/actionPlans?application=myApp
Example HTTP response
Response 200
[
  {
    "name": "ActionPlan1",
    "description": "Action Plan for security defects",
    "creation": "2019-10-31T14:50:05.227Z",
    "expiration": "2019-11-31T14:50:05.227Z",
    "createdBy": "The Boss",
    "assignedTo": "John Smith",
    "progress": 32.5,
    "estimate": "1h 56m",
    "pendingEffort": "30m",
    "purged": false
  }
  ...
  ...
  ...
  {
    "name": "plan2",
    "description": "",
    "creation": "2021-10 18T05:57:42Z",
    "expiration": "2021-10-18T22:00:00Z",
    "createdBy": "Administrator Site",
    "progress": 0.0,
    "estimate": "3h 00",
    "pendingEffort": "180h",
    "purged": false
  }
]

ActionPlan-Reports

Get progress report of an action plan

GET /actionPlan/progress/export
Description

Get progress report of an action plan or JSON with errors

Parameters
Type Name Description Model Default

Query

application
required

Application name

string

Query

creation
optional

Action plan creation date

string (date-time)

Query

name
required

Action plan name

string

Query

type
optional

Type of report

enum (CSV, PDF)

"PDF"

Responses
HTTP Code Description Model

200

Successful retrieval of an action plan progress report

file

400

Invalid parameter

No Content

403

Access denied

No Content

404

Resource not found

No Content

500

Internal server error

No Content

Produces
  • application/pdf

  • text/csv

  • application/json

Example HTTP request
Request path
/actionPlan/progress/export?application=myApp&name=ActionPlan1&creation=2019-08-03T10%3A15%3A30Z&type=PDF

Get security report of an action plan

GET /actionPlan/security/export
Description

Get security report of an action plan or JSON with errors

Parameters
Type Name Description Model Default

Query

application
required

Application name

string

Query

creation
optional

Action plan creation date

string (date-time)

Query

name
required

Action plan name

string

Query

type
optional

Type of report

enum (CSV, PDF)

"PDF"

Responses
HTTP Code Description Model

200

Successful retrieval of an action plan progress report

file

400

Invalid parameter

No Content

403

Access denied

No Content

404

Resource not found

No Content

500

Internal server error

No Content

Produces
  • application/pdf

  • text/csv

  • application/json

Example HTTP request
Request path
/actionPlan/security/export?application=myApp&name=ActionPlan1&creation=2019-08-03T10%3A15%3A30Z&type=PDF

Get security progress report of an action plan

GET /actionPlan/security/progress/export
Description

Get security progress report of an action plan or JSON with errors

Parameters
Type Name Description Model Default

Query

application
required

Application name

string

Query

creation
optional

Action plan creation date

string (date-time)

Query

name
required

Action plan name

string

Query

type
optional

Type of report

enum (CSV, PDF)

"PDF"

Responses
HTTP Code Description Model

200

Successful retrieval of an action plan progress report

file

400

Invalid parameter

No Content

403

Access denied

No Content

404

Resource not found

No Content

500

Internal server error

No Content

Produces
  • application/pdf

  • text/csv

  • application/json

Example HTTP request
Request path
/actionPlan/security/progress/export?application=myApp&name=ActionPlan1&creation=2019-08-03T10%3A15%3A30Z&type=PDF

Activity

Get list of users activity

GET /activity
Description

List users activity with different parameters to filter data. See parameters section.

Parameters
Type Name Description Model Default

Query

action
optional

Action name to filter results

string

Query

affectedApplication
optional

Filter results by affected items: Application

string

Query

affectedAudit
optional

Filter results by affected items: Audit

string

Query

affectedModel
optional

Filter results by affected items: Model

string

Query

affectedUser
optional

Filter results by affected items: User

string

Query

count
optional

The number of activities to display (defaults to 10)

integer

10

Query

description
optional

Activity description

string

Query

elementType
optional

Type of activity

string

Query

endDate
optional

Filter by date range - ending with the date

string

Query

sortBy
optional

The field to sort by

enum (action, user, date, elementType, description)

Query

sortOrder
optional

The sort order

enum (asc, desc)

Query

startDate
optional

Filter by date range - starting from the date

string

Query

startIndex
optional

The number of start index to display (defaults to 1)

integer

1

Query

user
optional

User which did the activity

string

Responses
HTTP Code Description Model

200

Successful retrieval of activity data

400

Malformed request

No Content

403

Access denied

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/activity?action=CREATE&affectedApplication=myApp&affectedAudit=myAudit&affectedModel=CQM&affectedUser=otherUser&count=10&description=uploaded+results&elementType=Analysis&endDate=2019-11-01T23%3A59%3A59Z&sortBy=date&sortOrder=asc&startDate=2019-11-01T00%3A00%3A00Z&startIndex=1&user=user
Example HTTP response
Response 200
{
  "totalResults" : 1,
  "itemsPerPage" : 10,
  "startIndex" : 1,
  "activity" : [ {
    "action" : "CREATE",
    "user" : "user",
    "date" : "2019-11-23T12:22:34Z",
    "elementType" : "Analysis KLA",
    "description" : "The user \"username\" logged in",
    "affectedItems" : [ {
      "type" : "Application",
      "value" : "myAppName",
      "oldValue" : "myOldAppName"
    } ]
  } ]
}

Analyses

Delete analysis

DELETE /analysis
Description

Delete the specified analysis. The analysis code parameter can refernce a baseline or a delivery. Runnning or enqueued analyses can be also deleted. Note that when a baseline analysis is specified, all its related deliveries will be deleted as well. This endpoint returns the deleted analyses' codes.

Parameters
Type Name Description Model

Query

analysisCode
required

Analysis code to delete

string

Responses
HTTP Code Description Model

200

Analysis deleted successfully

< string > array

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/analysis?analysisCode=A-7e3-16e5b1aad2a
Example HTTP response
Response 200
[
"string1"
...
...
...
...
"stringN"
]

Get list of analysis

GET /analysis/list
Description

List analysis with different parameters to filter data. See parameters section.

Parameters
Type Name Description Model Default

Query

applicationName
optional

Application name to filter results

string

Query

auditStatus
optional

Audit status to filter analysis (only apply to analysis that has audits)

enum (OK, FAIL)

Query

count
optional

How many analysis in each page (defaults to 500)

integer

500

Query

deliveries
optional

If the list of analysis must include only deliveries (true) or ignore deliveries (false), if this parameter has not value then all analysis will be returned

boolean

Query

endDate
optional

End date to search

string

Query

initDate
optional

Initial date to start search

string

Query

page
optional

Number of results page (defaults to 1)

integer

1

Query

status
optional

Status to filter analysis

enum (SUCCESS, FAIL, INPROGRESS)

Responses
HTTP Code Description Model

200

Successful retrieval of analysis list

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/analysis/list?applicationName=myApp&auditStatus=OK&count=500&deliveries=true&endDate=2019-11-01T23%3A59%3A59Z&initDate=2019-11-01T00%3A00%3A00Z&page=1&status=SUCCESS
Example HTTP response
Response 200
[
  {
    "applicationName": "myApp",
    "code": "A-7e3-16dc9e29131",
    "label": "14.10.2019_1",
    "creationDate": "2019-10-14T15:15:15Z",
    "qualityModel": "CQM",
    "modelId": "string",
    "encoding": "UTF-8",
    "invoker": "github software",
    "status": "RUNNING",
    "errorCode": "string",
    "unparsedFiles": [
      {
        "file": "FileSystemSQL.java",
        "cause": "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
      }
    ],
    "analysisScope": "Baseline",
    "changeRequest": "CR_14-10-2019_1",
    "changeRequestStatus": "Resolved",
    "branchName": "master",
    "auditResult": "FAIL",
    "analysisBusinessValue": "CRITICAL",
    "analysisProvider": "Lab",
    "analysisPortfolios": {
      "    country: ": "    spain    "
    },
    "metrics": {
      "    com.optimyth.CQM.defectsByPriority.Priority    1    ": 163,
      "    com.optimyth.CQM.defectsByPriority.Priority    2    ": 201,
      "    com.optimyth.CQM.defectsByPriority.Priority    3    ": 159,
      "    com.optimyth.CQM.defectsByPriority.Priority    4    ": 17,
      "com.optimyth.CQM.defectsByPriority.Priority5": 41
    }
  },
  ...
  ...
  ...
  {
    "applicationName": "new_app",
    "code": "A-7e5-17bc58e385b",
    "label": "",
    "creationDate": "2021-09-08T13:15:00Z",
    "qualityModel": "CQM",
    "encoding": "UTF-8",
    "invoker": "sysadmin",
    "status": "SUCCESS",
    "unparsedFiles": [],
    "analysisScope": "Baseline",
    "analysisBusinessValue": "CRITICAL",
    "analysisPortfolios": {},
    "metrics": {
      "    com.optimyth.CQM.defectsByPriority.Priority    1    ": 0.0,
      "    com.optimyth.CQM.defectsByPriority.Priority    2    ": 14.0,
      "    com.optimyth.CQM.defectsByPriority.Priority    3    ": 19.0,
      "    com.optimyth.CQM.defectsByPriority.Priority    4    ": 0.0,
      "    com.optimyth.CQM.defectsByPriority.Priority    5    ": 1.0,
      "    com.optimyth.CQM.securityDefectsByPriority.Priority    1    ": 0.0,
      "    com.optimyth.CQM.securityDefectsByPriority.Priority    3    ": 9.0,
      "    com.optimyth.CQM.securityDefectsByPriority.Priority    4    ": 0.0,
      "    com.optimyth.CQM.securityDefectsByPriority.Priority    5    ": 1.0
    }
  }
]

Get list of all analysis codes for an application

GET /applications/analyses
Description

List all analysis codes for an application.

Parameters
Type Name Description Model Default

Query

application
required

Application name

string

Query

count
optional

Limit results

integer

Query

filterPurgedAnalyses
optional

Set to true to not retrieve purged analyses

enum (true, false)

"true"

Query

success
optional

Set to true or false to retrieve only succeeded or failed, respectively

enum (true, false)

Responses
HTTP Code Description Model

200

Successful retrieval of analyses list

< AnalysisResponse > array

403

Access denied

No Content

404

Application does not exist

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/applications/analyses?application=myApp&count=100&filterPurgedAnalyses=true&success=true
Example HTTP response
Response 200
[ {
  "code": "A-7e3-16dc9e29131",
  "label": "14.10.2019_1",
  "creationDate": "2019-10-14T15:15:15Z",
  "qualityModel": "CQM",
  "modelId": "string",
  "encoding": "UTF-8",
  "invoker": "github software",
  "status": "RUNNING",
  "errorCode": "string",
  "unparsedFiles": [
    {
      "file": "FileSystemSQL.java",
      "cause": "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
    }
  ],
  "analysisScope": "Baseline",
  "changeRequest": "CR_14-10-2019_1",
  "changeRequestStatus": "Resolved",
  "branchName": "master",
  "auditResult": "FAIL",
  "analysisBusinessValue": "CRITICAL",
  "analysisProvider": "Lab",
  "analysisPortfolios": {
    "country": "spain"
  },
  "metrics": {
    "com.optimyth.CQM.defectsByPriority.Priority 1": 163,
    "com.optimyth.CQM.defectsByPriority.Priority 2": 201,
    "com.optimyth.CQM.defectsByPriority.Priority 3": 159,
    "com.optimyth.CQM.defectsByPriority.Priority 4": 17,
    "com.optimyth.CQM.defectsByPriority.Priority 5": 41
  }
},
...
...
...
{
  "code": "A-7e3-16dc9e29131",
  "label": "14.10.2019_1",
  "creationDate": "2019-10-14T15:15:15Z",
  "qualityModel": "CQM",
  "modelId": "string",
  "encoding": "UTF-8",
  "invoker": "github software",
  "status": "RUNNING",
  "errorCode": "string",
  "unparsedFiles": [
    {
      "file": "FileSystemSQL.java",
      "cause": "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
    }
  ],
  "analysisScope": "Baseline",
  "changeRequest": "CR_14-10-2019_1",
  "changeRequestStatus": "Resolved",
  "branchName": "master",
  "auditResult": "FAIL",
  "analysisBusinessValue": "CRITICAL",
  "analysisProvider": "Lab",
  "analysisPortfolios": {
    "country": "spain"
  },
  "metrics": {
    "com.optimyth.CQM.defectsByPriority.Priority 1": 163,
    "com.optimyth.CQM.defectsByPriority.Priority 2": 201,
    "com.optimyth.CQM.defectsByPriority.Priority 3": 159,
    "com.optimyth.CQM.defectsByPriority.Priority 4": 17,
    "com.optimyth.CQM.defectsByPriority.Priority 5": 41
  }
} ]

Get list of files with metric values and defects of the latest analysis

GET /applications/files
Description

List files with metric values and defects of the latest analysis for the named application.

Parameters
Type Name Description Model

Query

application
required

Application name

string

Responses
HTTP Code Description Model

200

Successful retrieval of analysis files list

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/applications/files?application=myApp
Example HTTP response
Response 200
{
  "name" : "android",
  "description" : "GitHub Android App",
  "auditName" : "Kiuwan default audit",
  "applicationBusinessValue" : "CRITICAL",
  "applicationProvider" : "Lab",
  "applicationPortfolios" : "{ "country": "spain" }",
  "creationDate" : "2020-07-22T15:34:53Z",
  "label" : "14.10.2019_1",
  "date" : "2019-10-14T15:15:15Z",
  "modelId" : 6252,
  "encoding" : "UTF-8",
  "analysisCode" : "A-ZBA-234820349",
  "analysisURL" : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349",
  "auditResultURL" : "string",
  "analysisBusinessValue" : "CRITICAL",
  "analysisProvider" : "Lab",
  "analysisPortfolios" : "{ "country": "spain" }",
  "analysisStatus" : "FINISHED",
  "languages" : [ {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  } ],
  "architecture" : {
    "languages" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "types" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "relations" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "tags" : "tag1",
    "groupTags" : "group1"
  },
  "insightsData" : {
    "components" : 29,
    "vulnerabilities" : 15,
    "licenses" : 8,
    "duplicates" : 8,
    "risks" : [ {
      "name" : "string",
      "risk" : {
        "string" : 0
      }
    } ]
  },
  "unparsedFiles" : [ {
    "file" : "FileSystemSQL.java",
    "cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1.  Encountered: ALTER"
  } ],
  "files_count" : 124,
  "count" : 100,
  "page" : 1,
  "files" : [ {
    "name" : "FileSystemRepository.java",
    "metrics_count" : 17,
    "metrics" : [ {
      "name" : "metric name",
      "value" : 50.0,
      "size" : 4013,
      "minRange" : 1.0,
      "maxRange" : 1.0,
      "index" : 0,
      "color" : "red"
    } ],
    "defects_count" : 5,
    "defects" : [ {
      "defectId" : 16558118,
      "file" : "FileSystemRepository.java",
      "line" : 368,
      "code" : "\t\t\tout.println(sql);",
      "muted" : false,
      "vulnerabilityType" : "Injection",
      "explanation" : "Reflected XSS: user_input",
      "status" : "None",
      "cweId" : 79,
      "ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
      "rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
      "language" : "java",
      "characteristic" : "Security",
      "priority" : "Very High",
      "effort" : "30m",
      "modelId" : 6252,
      "securityDetail" : {
        "cweId" : 79,
        "category" : "xss",
        "resource" : "web",
        "container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
        "injectionPoint" : "string",
        "variableDeclaration" : "String sql",
        "sourceFile" : "FileSystemRepository.java",
        "sourceLine" : 70,
        "sourceCode" : "\t\t\tString val = request.getParameter(item);",
        "sourceCategory" : "user_input",
        "sourceResource" : "web",
        "sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "sourceInjectionPoint" : "string",
        "frames" : [ {
          "index" : 0,
          "file" : "FileSystemRepository.java",
          "lineNumber" : 32,
          "lineText" : "\t\t\tString val = request.getParameter(item);",
          "category" : "user_input",
          "resource" : "web",
          "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
          "injectionPoint" : "string",
          "variableDeclaration" : "string"
        } ],
        "datapaths" : [ {
          "index" : 1,
          "kind" : "sink",
          "varname" : "user",
          "lineNumber" : 32,
          "lineText" : "\t\t\tString val = request.getParameter(item);",
          "indirect" : true,
          "file" : "FileSystemRepository.java",
          "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
          "localId" : 1,
          "localParentId" : 1
        } ]
      }
    } ]
  } ],
  "lastSuccessfulDelivery" : {
    "code" : "A-7e3-16dc9e29131",
    "label" : "14.10.2019_1",
    "creationDate" : "2019-10-14T15:15:15Z",
    "qualityModel" : "CQM",
    "modelId" : "string",
    "encoding" : "UTF-8",
    "invoker" : "github software",
    "status" : "RUNNING",
    "errorCode" : "string",
    "unparsedFiles" : [ {
      "file" : "FileSystemSQL.java",
      "cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1.  Encountered: ALTER"
    } ],
    "analysisScope" : "Baseline",
    "changeRequest" : "CR_14-10-2019_1",
    "changeRequestStatus" : "Resolved",
    "branchName" : "master",
    "auditResult" : "FAIL",
    "analysisBusinessValue" : "CRITICAL",
    "analysisProvider" : "Lab",
    "analysisPortfolios" : "{ "country": "spain" }",
    "metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
  },
  "lastSuccessfulBaseline" : {
    "code" : "A-7e3-16dc9e29131",
    "label" : "14.10.2019_1",
    "creationDate" : "2019-10-14T15:15:15Z",
    "qualityModel" : "CQM",
    "modelId" : "string",
    "encoding" : "UTF-8",
    "invoker" : "github software",
    "status" : "RUNNING",
    "errorCode" : "string",
    "unparsedFiles" : [ {
      "file" : "FileSystemSQL.java",
      "cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1.  Encountered: ALTER"
    } ],
    "analysisScope" : "Baseline",
    "changeRequest" : "CR_14-10-2019_1",
    "changeRequestStatus" : "Resolved",
    "branchName" : "master",
    "auditResult" : "FAIL",
    "analysisBusinessValue" : "CRITICAL",
    "analysisProvider" : "Lab",
    "analysisPortfolios" : "{ "country": "spain" }",
    "metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
  },
  "quality_model" : "CQM",
  "ordered_by" : "github software",
  "Risk index" : {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  },
  "Quality indicator" : {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  },
  "Effort to target" : {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  },
  "Main metrics" : [ {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  } ],
  "Security" : "{ "Rating": 1, {"3Stars":104.6,"5Stars":255.9,"2Stars":64.89,"4Stars":247.4}"
}

Get last analysis

GET /applications/last_analysis
Description

Retrieves last analysis for the authenticated user and the application indicated.

Parameters
Type Name Description Model

Query

application
required

Application name

string

Responses
HTTP Code Description Model

200

Successful retrieval of applications

403

Access denied

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/applications/last_analysis?application=myApp
Example HTTP response
Response 200
{
  "name" : "android",
  "description" : "GitHub Android App",
  "auditName" : "Kiuwan default audit",
  "applicationBusinessValue" : "CRITICAL",
  "applicationProvider" : "Lab",
  "applicationPortfolios" : "{ "country": "spain" }",
  "creationDate" : "2020-07-22T15:34:53Z",
  "label" : "14.10.2019_1",
  "date" : "2019-10-14T15:15:15Z",
  "modelId" : 6252,
  "encoding" : "UTF-8",
  "analysisCode" : "A-ZBA-234820349",
  "analysisURL" : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349",
  "auditResultURL" : "string",
  "analysisBusinessValue" : "CRITICAL",
  "analysisProvider" : "Lab",
  "analysisPortfolios" : "{ "country": "spain" }",
  "analysisStatus" : "FINISHED",
  "languages" : [ {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  } ],
  "architecture" : {
    "languages" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "types" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "relations" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "tags" : "tag1",
    "groupTags" : "group1"
  },
  "insightsData" : {
    "components" : 29,
    "vulnerabilities" : 15,
    "licenses" : 8,
    "duplicates" : 8,
    "risks" : [ {
      "name" : "string",
      "risk" : {
        "string" : 0
      }
    } ]
  },
  "unparsedFiles" : [ {
    "file" : "FileSystemSQL.java",
    "cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1.  Encountered: ALTER"
  } ],
  "lastSuccessfulDelivery" : {
    "code" : "A-7e3-16dc9e29131",
    "label" : "14.10.2019_1",
    "creationDate" : "2019-10-14T15:15:15Z",
    "qualityModel" : "CQM",
    "modelId" : "string",
    "encoding" : "UTF-8",
    "invoker" : "github software",
    "status" : "RUNNING",
    "errorCode" : "string",
    "unparsedFiles" : [ {
      "file" : "FileSystemSQL.java",
      "cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1.  Encountered: ALTER"
    } ],
    "analysisScope" : "Baseline",
    "changeRequest" : "CR_14-10-2019_1",
    "changeRequestStatus" : "Resolved",
    "branchName" : "master",
    "auditResult" : "FAIL",
    "analysisBusinessValue" : "CRITICAL",
    "analysisProvider" : "Lab",
    "analysisPortfolios" : "{ "country": "spain" }",
    "metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
  },
  "lastSuccessfulBaseline" : {
    "code" : "A-7e3-16dc9e29131",
    "label" : "14.10.2019_1",
    "creationDate" : "2019-10-14T15:15:15Z",
    "qualityModel" : "CQM",
    "modelId" : "string",
    "encoding" : "UTF-8",
    "invoker" : "github software",
    "status" : "RUNNING",
    "errorCode" : "string",
    "unparsedFiles" : [ {
      "file" : "FileSystemSQL.java",
      "cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1.  Encountered: ALTER"
    } ],
    "analysisScope" : "Baseline",
    "changeRequest" : "CR_14-10-2019_1",
    "changeRequestStatus" : "Resolved",
    "branchName" : "master",
    "auditResult" : "FAIL",
    "analysisBusinessValue" : "CRITICAL",
    "analysisProvider" : "Lab",
    "analysisPortfolios" : "{ "country": "spain" }",
    "metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
  },
  "quality_model" : "CQM",
  "ordered_by" : "github software",
  "Risk index" : {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  },
  "Quality indicator" : {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  },
  "Effort to target" : {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  },
  "Main metrics" : [ {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  } ],
  "Security" : "{ "Rating": 1, {"3Stars":104.6,"5Stars":255.9,"2Stars":64.89,"4Stars":247.4}"
}

Get application analysis

GET /apps/analysis/{code}
Description

Retrieves analysis results for a concrete analysis specified by code parameter.

Parameters
Type Name Description Model

Path

code
required

Analysis code

string

Responses
HTTP Code Description Model

200

Successful retrieval of application analysis

403

Access denied

No Content

404

Application does not exist

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/apps/analysis/A-7e3-16dc9e29131
Example HTTP response
Response 200
{
  "name" : "android",
  "description" : "GitHub Android App",
  "auditName" : "Kiuwan default audit",
  "applicationBusinessValue" : "CRITICAL",
  "applicationProvider" : "Lab",
  "applicationPortfolios" : "{ "country": "spain" }",
  "creationDate" : "2020-07-22T15:34:53Z",
  "label" : "14.10.2019_1",
  "date" : "2019-10-14T15:15:15Z",
  "modelId" : 6252,
  "encoding" : "UTF-8",
  "analysisCode" : "A-ZBA-234820349",
  "analysisURL" : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349",
  "auditResultURL" : "string",
  "analysisBusinessValue" : "CRITICAL",
  "analysisProvider" : "Lab",
  "analysisPortfolios" : "{ "country": "spain" }",
  "analysisStatus" : "FINISHED",
  "languages" : [ {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  } ],
  "architecture" : {
    "languages" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "types" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "relations" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "tags" : "tag1",
    "groupTags" : "group1"
  },
  "insightsData" : {
    "components" : 29,
    "vulnerabilities" : 15,
    "licenses" : 8,
    "duplicates" : 8,
    "risks" : [ {
      "name" : "string",
      "risk" : {
        "string" : 0
      }
    } ]
  },
  "unparsedFiles" : [ {
    "file" : "FileSystemSQL.java",
    "cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1.  Encountered: ALTER"
  } ],
  "analysisScope" : "Complete delivery",
  "changeRequest" : "CR_13.01.2020",
  "changeRequestStatus" : "Resolved",
  "branchName" : "master",
  "baselineAnalysisCode" : "A-7e3-16dc9e29131",
  "deliveryFiles" : {
    "count" : 132
  },
  "deliveryDefects" : {
    "newDefects" : 3,
    "removedDefects" : 0,
    "defects" : 582
  },
  "auditResult" : {
    "auditName" : "Kiuwan default audit",
    "description" : "Default audit provided by Kiuwan. Checks if there are new defects. The audit will not pass if there are any.",
    "approvalThreshold" : 50.0,
    "overallResult" : "FAIL",
    "score" : 0.0,
    "checkpointResults" : [ {
      "checkpoint" : "1",
      "result" : "FAIL",
      "name" : "No new defects",
      "description" : "If a new defect is detected, the checkpoint will not pass.",
      "weight" : 1,
      "mandatory" : true,
      "type" : "Threshold for maximum new defects",
      "score" : 0.0,
      "violatedRules" : [ {
        "ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
        "modelId" : 6252,
        "defectsCount" : 72,
        "suppressedDefectsCount" : 0,
        "filesCount" : 11,
        "effort" : "36h 00",
        "characteristic" : "Security",
        "vulnerabilityType" : "Injection",
        "tags" : "[CERT-J:IDS51-J,CWE:79,CWEScope:Access-Control,CWEScope:Availability,CWEScope:Confidentiality,CWEScope:Integrity,essential,OWASP:2013:A3,OWASP:2017:A7,OWASP-M:2014:M7,PCI-DSS:6.5.7,SANS25:2010:1,SANS25:2011:4,WASC:08]",
        "priority" : "Very High",
        "language" : "Java",
        "files" : {
          "href" : "https://api.kiuwan.com/audits/checkpoints/violatedrules/files/defects?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&checkpoint=3452&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java"
        }
      } ]
    } ]
  },
  "lastSuccessfulDelivery" : {
    "code" : "A-7e3-16dc9e29131",
    "label" : "14.10.2019_1",
    "creationDate" : "2019-10-14T15:15:15Z",
    "qualityModel" : "CQM",
    "modelId" : "string",
    "encoding" : "UTF-8",
    "invoker" : "github software",
    "status" : "RUNNING",
    "errorCode" : "string",
    "unparsedFiles" : [ {
      "file" : "FileSystemSQL.java",
      "cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1.  Encountered: ALTER"
    } ],
    "analysisScope" : "Baseline",
    "changeRequest" : "CR_14-10-2019_1",
    "changeRequestStatus" : "Resolved",
    "branchName" : "master",
    "auditResult" : "FAIL",
    "analysisBusinessValue" : "CRITICAL",
    "analysisProvider" : "Lab",
    "analysisPortfolios" : "{ "country": "spain" }",
    "metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
  },
  "lastSuccessfulBaseline" : {
    "code" : "A-7e3-16dc9e29131",
    "label" : "14.10.2019_1",
    "creationDate" : "2019-10-14T15:15:15Z",
    "qualityModel" : "CQM",
    "modelId" : "string",
    "encoding" : "UTF-8",
    "invoker" : "github software",
    "status" : "RUNNING",
    "errorCode" : "string",
    "unparsedFiles" : [ {
      "file" : "FileSystemSQL.java",
      "cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1.  Encountered: ALTER"
    } ],
    "analysisScope" : "Baseline",
    "changeRequest" : "CR_14-10-2019_1",
    "changeRequestStatus" : "Resolved",
    "branchName" : "master",
    "auditResult" : "FAIL",
    "analysisBusinessValue" : "CRITICAL",
    "analysisProvider" : "Lab",
    "analysisPortfolios" : "{ "country": "spain" }",
    "metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
  },
  "quality_model" : "CQM",
  "ordered_by" : "github software",
  "Risk index" : {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  },
  "Quality indicator" : {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  },
  "Effort to target" : {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  },
  "Main metrics" : [ {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  } ],
  "Security" : "{ "Rating": 1, {"3Stars":104.6,"5Stars":255.9,"2Stars":64.89,"4Stars":247.4}"
}

Get list of analysis defects

GET /apps/analysis/{code}/defects
Description

List analysis defects for a concrete analysis specified by analysisCode parameter.

Parameters
Type Name Description Model Default

Path

code
required

Analysis code

string

Query

asc
optional

Set to true to sort ascending (default is not set), false for descending

enum (true, false)

Query

characteristics
optional

Comma-separated list of characteristics to filter by

enum (Efficiency, Maintainability, Portability, Reliability, Security)

Query

count
optional

How many defects in each page (defaults to 500)

integer

500

Query

fileContains
optional

Use this param to filter defects by file name

string

Query

languages
optional

Comma-separated list of languages to filter by

string

Query

muted
optional

Use this param to filter defects by their mute status

enum (true, false)

Query

orderBy
optional

Sorting criteria (one of 'priority' or 'effort')

enum (priority, effort)

Query

page
optional

Number of results page (defaults to 1)

integer

1

Query

priorities
optional

Comma-separated list of priorities(Very low, Low, Normal, High, Very high) to filter by

enum (Very low, Low, Normal, High, Very high)

Responses
HTTP Code Description Model

200

Successful retrieval of analysis defects list

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/apps/analysis/A-7e3-16e5b1aad2a/defects?asc=true&characteristics=Security%2C+Efficiency&count=500&fileContains=FileSystemRepository.java&languages=java%2C+php&muted=true&orderBy=priority&page=1&priorities=Very+high%2C+High
Example HTTP response
Response 200
{
  "name" : "android",
  "description" : "GitHub Android App",
  "auditName" : "Kiuwan default audit",
  "applicationBusinessValue" : "CRITICAL",
  "applicationProvider" : "Lab",
  "applicationPortfolios" : "{ "country": "spain" }",
  "creationDate" : "2020-07-22T15:34:53Z",
  "label" : "14.10.2019_1",
  "date" : "2019-10-14T15:15:15Z",
  "modelId" : 6252,
  "encoding" : "UTF-8",
  "analysisCode" : "A-ZBA-234820349",
  "analysisURL" : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349",
  "auditResultURL" : "string",
  "analysisBusinessValue" : "CRITICAL",
  "analysisProvider" : "Lab",
  "analysisPortfolios" : "{ "country": "spain" }",
  "analysisStatus" : "FINISHED",
  "languages" : [ {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  } ],
  "architecture" : {
    "languages" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "types" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "relations" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "tags" : "tag1",
    "groupTags" : "group1"
  },
  "insightsData" : {
    "components" : 29,
    "vulnerabilities" : 15,
    "licenses" : 8,
    "duplicates" : 8,
    "risks" : [ {
      "name" : "string",
      "risk" : {
        "string" : 0
      }
    } ]
  },
  "unparsedFiles" : [ {
    "file" : "FileSystemSQL.java",
    "cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1.  Encountered: ALTER"
  } ],
  "defects_count" : 581,
  "activeDefects_count" : 575,
  "supressedDefects_count" : 6,
  "count" : 500,
  "page" : 1,
  "defects" : [ {
    "defectId" : 16558118,
    "file" : "FileSystemRepository.java",
    "line" : 368,
    "code" : "\t\t\tout.println(sql);",
    "muted" : false,
    "vulnerabilityType" : "Injection",
    "explanation" : "Reflected XSS: user_input",
    "status" : "None",
    "cweId" : 79,
    "ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
    "rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
    "language" : "java",
    "characteristic" : "Security",
    "priority" : "Very High",
    "effort" : "30m",
    "modelId" : 6252,
    "securityDetail" : {
      "cweId" : 79,
      "category" : "xss",
      "resource" : "web",
      "container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
      "injectionPoint" : "string",
      "variableDeclaration" : "String sql",
      "sourceFile" : "FileSystemRepository.java",
      "sourceLine" : 70,
      "sourceCode" : "\t\t\tString val = request.getParameter(item);",
      "sourceCategory" : "user_input",
      "sourceResource" : "web",
      "sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
      "sourceInjectionPoint" : "string",
      "frames" : [ {
        "index" : 0,
        "file" : "FileSystemRepository.java",
        "lineNumber" : 32,
        "lineText" : "\t\t\tString val = request.getParameter(item);",
        "category" : "user_input",
        "resource" : "web",
        "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "injectionPoint" : "string",
        "variableDeclaration" : "string"
      } ],
      "datapaths" : [ {
        "index" : 1,
        "kind" : "sink",
        "varname" : "user",
        "lineNumber" : 32,
        "lineText" : "\t\t\tString val = request.getParameter(item);",
        "indirect" : true,
        "file" : "FileSystemRepository.java",
        "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "localId" : 1,
        "localParentId" : 1
      } ]
    }
  } ],
  "lastSuccessfulDelivery" : {
    "code" : "A-7e3-16dc9e29131",
    "label" : "14.10.2019_1",
    "creationDate" : "2019-10-14T15:15:15Z",
    "qualityModel" : "CQM",
    "modelId" : "string",
    "encoding" : "UTF-8",
    "invoker" : "github software",
    "status" : "RUNNING",
    "errorCode" : "string",
    "unparsedFiles" : [ {
      "file" : "FileSystemSQL.java",
      "cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1.  Encountered: ALTER"
    } ],
    "analysisScope" : "Baseline",
    "changeRequest" : "CR_14-10-2019_1",
    "changeRequestStatus" : "Resolved",
    "branchName" : "master",
    "auditResult" : "FAIL",
    "analysisBusinessValue" : "CRITICAL",
    "analysisProvider" : "Lab",
    "analysisPortfolios" : "{ "country": "spain" }",
    "metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
  },
  "lastSuccessfulBaseline" : {
    "code" : "A-7e3-16dc9e29131",
    "label" : "14.10.2019_1",
    "creationDate" : "2019-10-14T15:15:15Z",
    "qualityModel" : "CQM",
    "modelId" : "string",
    "encoding" : "UTF-8",
    "invoker" : "github software",
    "status" : "RUNNING",
    "errorCode" : "string",
    "unparsedFiles" : [ {
      "file" : "FileSystemSQL.java",
      "cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1.  Encountered: ALTER"
    } ],
    "analysisScope" : "Baseline",
    "changeRequest" : "CR_14-10-2019_1",
    "changeRequestStatus" : "Resolved",
    "branchName" : "master",
    "auditResult" : "FAIL",
    "analysisBusinessValue" : "CRITICAL",
    "analysisProvider" : "Lab",
    "analysisPortfolios" : "{ "country": "spain" }",
    "metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
  },
  "quality_model" : "CQM",
  "ordered_by" : "github software",
  "Risk index" : {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  },
  "Quality indicator" : {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  },
  "Effort to target" : {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  },
  "Main metrics" : [ {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  } ],
  "Security" : "{ "Rating": 1, {"3Stars":104.6,"5Stars":255.9,"2Stars":64.89,"4Stars":247.4}"
}

Get comparison of the defects found in two different analysis

GET /apps/analysis/{code}/defects/compare/{previouscode}
Description

Get the net number of new and removed defects and violated rules after comparing 2 given analyses.

Parameters
Type Name Description Model

Path

code
required

Analysis code

string

Path

previouscode
required

Previous analysis code

string

Responses
HTTP Code Description Model

200

Successful retrieval of analysis compare defects

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/apps/analysis/A-7e3-16e5b1aad2a/defects/compare/A-7e3-16dc9e29131
Example HTTP response
Response 200
{
  "Main analysis code" : "A-7e3-16e5b1aad2a",
  "Previous analysis code" : "A-7e3-16dc9e29131",
  "New violated rules count" : 1,
  "Removed violated rules count" : 0,
  "New defects count" : 3,
  "Removed defects count" : 0
}

Get the list of new/removed defects in a comparison

GET /apps/analysis/{code}/defects/compare/{previouscode}/{defectstype}
Description

Get the list of new/removed defects in an analysis from the previous analysis.

Parameters
Type Name Description Model

Path

code
required

Analysis code

string

Path

defectstype
required

Either 'new' or 'removed'

enum (new, removed)

Path

previouscode
required

Previous analysis code

string

Responses
HTTP Code Description Model

200

Successful retrieval of new or removed defects for an analysis

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/apps/analysis/A-7e3-16e5b1aad2a/defects/compare/A-7e3-16dc9e29131/new
Example HTTP response
Response 200
{
  "count" : 3,
  "page" : 1,
  "Main analysis code" : "A-7e3-16e5b1aad2a",
  "Previous analysis code" : "A-7e3-16dc9e29131",
  "New violated rules count" : 1,
  "Removed violated rules count" : 0,
  "New defects count" : 3,
  "Removed defects count" : 0,
  "New defects" : [ {
    "defectId" : 16558118,
    "file" : "FileSystemRepository.java",
    "line" : 368,
    "code" : "\t\t\tout.println(sql);",
    "muted" : false,
    "vulnerabilityType" : "Injection",
    "explanation" : "Reflected XSS: user_input",
    "status" : "None",
    "cweId" : 79,
    "ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
    "rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
    "language" : "java",
    "characteristic" : "Security",
    "priority" : "Very High",
    "effort" : "30m",
    "modelId" : 6252,
    "securityDetail" : {
      "cweId" : 79,
      "category" : "xss",
      "resource" : "web",
      "container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
      "injectionPoint" : "string",
      "variableDeclaration" : "String sql",
      "sourceFile" : "FileSystemRepository.java",
      "sourceLine" : 70,
      "sourceCode" : "\t\t\tString val = request.getParameter(item);",
      "sourceCategory" : "user_input",
      "sourceResource" : "web",
      "sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
      "sourceInjectionPoint" : "string",
      "frames" : [ {
        "index" : 0,
        "file" : "FileSystemRepository.java",
        "lineNumber" : 32,
        "lineText" : "\t\t\tString val = request.getParameter(item);",
        "category" : "user_input",
        "resource" : "web",
        "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "injectionPoint" : "string",
        "variableDeclaration" : "string"
      } ],
      "datapaths" : [ {
        "index" : 1,
        "kind" : "sink",
        "varname" : "user",
        "lineNumber" : 32,
        "lineText" : "\t\t\tString val = request.getParameter(item);",
        "indirect" : true,
        "file" : "FileSystemRepository.java",
        "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "localId" : 1,
        "localParentId" : 1
      } ]
    }
  } ],
  "Removed defects" : [ {
    "defectId" : 16558118,
    "file" : "FileSystemRepository.java",
    "line" : 368,
    "code" : "\t\t\tout.println(sql);",
    "muted" : false,
    "vulnerabilityType" : "Injection",
    "explanation" : "Reflected XSS: user_input",
    "status" : "None",
    "cweId" : 79,
    "ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
    "rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
    "language" : "java",
    "characteristic" : "Security",
    "priority" : "Very High",
    "effort" : "30m",
    "modelId" : 6252,
    "securityDetail" : {
      "cweId" : 79,
      "category" : "xss",
      "resource" : "web",
      "container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
      "injectionPoint" : "string",
      "variableDeclaration" : "String sql",
      "sourceFile" : "FileSystemRepository.java",
      "sourceLine" : 70,
      "sourceCode" : "\t\t\tString val = request.getParameter(item);",
      "sourceCategory" : "user_input",
      "sourceResource" : "web",
      "sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
      "sourceInjectionPoint" : "string",
      "frames" : [ {
        "index" : 0,
        "file" : "FileSystemRepository.java",
        "lineNumber" : 32,
        "lineText" : "\t\t\tString val = request.getParameter(item);",
        "category" : "user_input",
        "resource" : "web",
        "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "injectionPoint" : "string",
        "variableDeclaration" : "string"
      } ],
      "datapaths" : [ {
        "index" : 1,
        "kind" : "sink",
        "varname" : "user",
        "lineNumber" : 32,
        "lineText" : "\t\t\tString val = request.getParameter(item);",
        "indirect" : true,
        "file" : "FileSystemRepository.java",
        "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "localId" : 1,
        "localParentId" : 1
      } ]
    }
  } ]
}

Get list of files with metric values and defects for a specific analysis

GET /apps/analysis/{code}/files
Description

List files with metric values and defects for a specific analysis.

Parameters
Type Name Description Model

Path

code
required

Analysis code

string

Responses
HTTP Code Description Model

200

Successful retrieval of analysis files

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/apps/analysis/A-7e3-16e5b1aad2a/files
Example HTTP response
Response 200
{
  "name" : "android",
  "description" : "GitHub Android App",
  "auditName" : "Kiuwan default audit",
  "applicationBusinessValue" : "CRITICAL",
  "applicationProvider" : "Lab",
  "applicationPortfolios" : "{ "country": "spain" }",
  "creationDate" : "2020-07-22T15:34:53Z",
  "label" : "14.10.2019_1",
  "date" : "2019-10-14T15:15:15Z",
  "modelId" : 6252,
  "encoding" : "UTF-8",
  "analysisCode" : "A-ZBA-234820349",
  "analysisURL" : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349",
  "auditResultURL" : "string",
  "analysisBusinessValue" : "CRITICAL",
  "analysisProvider" : "Lab",
  "analysisPortfolios" : "{ "country": "spain" }",
  "analysisStatus" : "FINISHED",
  "languages" : [ {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  } ],
  "architecture" : {
    "languages" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "types" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "relations" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "tags" : "tag1",
    "groupTags" : "group1"
  },
  "insightsData" : {
    "components" : 29,
    "vulnerabilities" : 15,
    "licenses" : 8,
    "duplicates" : 8,
    "risks" : [ {
      "name" : "string",
      "risk" : {
        "string" : 0
      }
    } ]
  },
  "unparsedFiles" : [ {
    "file" : "FileSystemSQL.java",
    "cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1.  Encountered: ALTER"
  } ],
  "files_count" : 124,
  "count" : 100,
  "page" : 1,
  "files" : [ {
    "name" : "FileSystemRepository.java",
    "metrics_count" : 17,
    "metrics" : [ {
      "name" : "metric name",
      "value" : 50.0,
      "size" : 4013,
      "minRange" : 1.0,
      "maxRange" : 1.0,
      "index" : 0,
      "color" : "red"
    } ],
    "defects_count" : 5,
    "defects" : [ {
      "defectId" : 16558118,
      "file" : "FileSystemRepository.java",
      "line" : 368,
      "code" : "\t\t\tout.println(sql);",
      "muted" : false,
      "vulnerabilityType" : "Injection",
      "explanation" : "Reflected XSS: user_input",
      "status" : "None",
      "cweId" : 79,
      "ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
      "rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
      "language" : "java",
      "characteristic" : "Security",
      "priority" : "Very High",
      "effort" : "30m",
      "modelId" : 6252,
      "securityDetail" : {
        "cweId" : 79,
        "category" : "xss",
        "resource" : "web",
        "container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
        "injectionPoint" : "string",
        "variableDeclaration" : "String sql",
        "sourceFile" : "FileSystemRepository.java",
        "sourceLine" : 70,
        "sourceCode" : "\t\t\tString val = request.getParameter(item);",
        "sourceCategory" : "user_input",
        "sourceResource" : "web",
        "sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "sourceInjectionPoint" : "string",
        "frames" : [ {
          "index" : 0,
          "file" : "FileSystemRepository.java",
          "lineNumber" : 32,
          "lineText" : "\t\t\tString val = request.getParameter(item);",
          "category" : "user_input",
          "resource" : "web",
          "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
          "injectionPoint" : "string",
          "variableDeclaration" : "string"
        } ],
        "datapaths" : [ {
          "index" : 1,
          "kind" : "sink",
          "varname" : "user",
          "lineNumber" : 32,
          "lineText" : "\t\t\tString val = request.getParameter(item);",
          "indirect" : true,
          "file" : "FileSystemRepository.java",
          "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
          "localId" : 1,
          "localParentId" : 1
        } ]
      }
    } ]
  } ],
  "lastSuccessfulDelivery" : {
    "code" : "A-7e3-16dc9e29131",
    "label" : "14.10.2019_1",
    "creationDate" : "2019-10-14T15:15:15Z",
    "qualityModel" : "CQM",
    "modelId" : "string",
    "encoding" : "UTF-8",
    "invoker" : "github software",
    "status" : "RUNNING",
    "errorCode" : "string",
    "unparsedFiles" : [ {
      "file" : "FileSystemSQL.java",
      "cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1.  Encountered: ALTER"
    } ],
    "analysisScope" : "Baseline",
    "changeRequest" : "CR_14-10-2019_1",
    "changeRequestStatus" : "Resolved",
    "branchName" : "master",
    "auditResult" : "FAIL",
    "analysisBusinessValue" : "CRITICAL",
    "analysisProvider" : "Lab",
    "analysisPortfolios" : "{ "country": "spain" }",
    "metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
  },
  "lastSuccessfulBaseline" : {
    "code" : "A-7e3-16dc9e29131",
    "label" : "14.10.2019_1",
    "creationDate" : "2019-10-14T15:15:15Z",
    "qualityModel" : "CQM",
    "modelId" : "string",
    "encoding" : "UTF-8",
    "invoker" : "github software",
    "status" : "RUNNING",
    "errorCode" : "string",
    "unparsedFiles" : [ {
      "file" : "FileSystemSQL.java",
      "cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1.  Encountered: ALTER"
    } ],
    "analysisScope" : "Baseline",
    "changeRequest" : "CR_14-10-2019_1",
    "changeRequestStatus" : "Resolved",
    "branchName" : "master",
    "auditResult" : "FAIL",
    "analysisBusinessValue" : "CRITICAL",
    "analysisProvider" : "Lab",
    "analysisPortfolios" : "{ "country": "spain" }",
    "metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
  },
  "quality_model" : "CQM",
  "ordered_by" : "github software",
  "Risk index" : {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  },
  "Quality indicator" : {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  },
  "Effort to target" : {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  },
  "Main metrics" : [ {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  } ],
  "Security" : "{ "Rating": 1, {"3Stars":104.6,"5Stars":255.9,"2Stars":64.89,"4Stars":247.4}"
}

Analyses-Reports

Get defects CSV report of an analysis

GET /applications/analysis/defects/export
Description

Obtains a CSV report of the specified analysis code or the last analysis of the application name.

Parameters
Type Name Description Model

Query

application
optional

Application name

string

Query

code
optional

Analysis code

string

Responses
HTTP Code Description Model

200

Successfully retrieval of report

file

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • text/csv

  • application/json

Example HTTP request
Request path
/applications/analysis/defects/export?application=myApp&code=A-7e3-16e5b1aad2a

Get security PDF report of an analysis

GET /applications/analysis/security/summary/export
Description

Obtains a security report of the specified analysis code or the last analysis of the application name in PDF format.

Parameters
Type Name Description Model

Query

application
optional

Application name

string

Query

code
optional

Analysis code

string

Responses
HTTP Code Description Model

200

Successfully retrieval of report

file

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/pdf

  • application/json

Example HTTP request
Request path
/applications/analysis/security/summary/export?application=myApp&code=A-7e3-16e5b1aad2a

Get PDF report of an analysis

GET /applications/analysis/summary/export
Description

Obtains a report of the specified analysis code or the last analysis of the application name in PDF format.

Parameters
Type Name Description Model

Query

application
optional

Application name

string

Query

code
optional

Analysis code

string

Responses
HTTP Code Description Model

200

Successfully retrieval of report

file

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/pdf

  • application/json

Example HTTP request
Request path
/applications/analysis/summary/export?application=myApp&code=A-7e3-16e5b1aad2a

Get security CSV/Threadfix report of an analysis

GET /applications/analysis/vulnerabilities/export
Description

Obtains a security report of the specified analysis code or the last analysis of the application name in CSV or Threadfix format.

Parameters
Type Name Description Model Default

Query

application
optional

Application name

string

Query

code
optional

Analysis code

string

Query

type
optional

type of report

enum (CSV, THREADFIX)

"CSV"

Responses
HTTP Code Description Model

200

Successfully retrieval of report

file

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • text/csv

  • application/json

Example HTTP request
Request path
/applications/analysis/vulnerabilities/export?application=myApp&code=A-7e3-16e5b1aad2a&type=CSV

Application

Get applications

GET /applications
Description

Retrieves applications for the authenticated user.

Parameters
Type Name Description Model

Query

activityInfo
optional

controls wether to included creation, baseline and delivery info

enum (true, false)

Responses
HTTP Code Description Model

200

Successful retrieval of applications

403

Access denied

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/applications?activityInfo=true
Example HTTP response
Response 200
[ {
  "name" : "android",
  "description" : "GitHub Android App",
  "auditName" : "Kiuwan default audit",
  "applicationBusinessValue" : "CRITICAL",
  "applicationProvider" : "Lab",
  "applicationPortfolios" : "{ "country": "spain" }",
  "creationDate" : "2020-07-22T15:34:53Z",
  "lastSuccessfulDelivery" : {
    "code" : "A-7e3-16dc9e29131",
    "label" : "14.10.2019_1",
    "creationDate" : "2019-10-14T15:15:15Z",
    "qualityModel" : "CQM",
    "modelId" : "string",
    "encoding" : "UTF-8",
    "invoker" : "github software",
    "status" : "RUNNING",
    "errorCode" : "string",
    "unparsedFiles" : [ {
      "file" : "FileSystemSQL.java",
      "cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1.  Encountered: ALTER"
    } ],
    "analysisScope" : "Baseline",
    "changeRequest" : "CR_14-10-2019_1",
    "changeRequestStatus" : "Resolved",
    "branchName" : "master",
    "auditResult" : "FAIL",
    "analysisBusinessValue" : "CRITICAL",
    "analysisProvider" : "Lab",
    "analysisPortfolios" : "{ "country": "spain" }",
    "metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
  },
  "lastSuccessfulBaseline" : {
    "code" : "A-7e3-16dc9e29131",
    "label" : "14.10.2019_1",
    "creationDate" : "2019-10-14T15:15:15Z",
    "qualityModel" : "CQM",
    "modelId" : "string",
    "encoding" : "UTF-8",
    "invoker" : "github software",
    "status" : "RUNNING",
    "errorCode" : "string",
    "unparsedFiles" : [ {
      "file" : "FileSystemSQL.java",
      "cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1.  Encountered: ALTER"
    } ],
    "analysisScope" : "Baseline",
    "changeRequest" : "CR_14-10-2019_1",
    "changeRequestStatus" : "Resolved",
    "branchName" : "master",
    "auditResult" : "FAIL",
    "analysisBusinessValue" : "CRITICAL",
    "analysisProvider" : "Lab",
    "analysisPortfolios" : "{ "country": "spain" }",
    "metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
  },
  "quality_model" : "CQM"
} ]

Get list of application defects

GET /applications/defects
Description

List application defects for the indicated application.

Parameters
Type Name Description Model Default

Query

application
required

Application name

string

Query

asc
optional

Set to true to sort ascending (default is not set), false for descending

enum (true, false)

Query

characteristics
optional

Comma-separated list of characteristics to filter by

enum (Efficiency, Maintainability, Portability, Reliability, Security)

Query

count
optional

How many defects in each page (defaults to 500)

integer

500

Query

fileContains
optional

Use this param to filter defects by file name

string

Query

languages
optional

Comma-separated list of languages to filter by

string

Query

orderBy
optional

Sorting criteria (one of 'priority' or 'effort')

enum (priority, effort)

Query

page
optional

Number of results page (defaults to 1)

integer

1

Query

priorities
optional

Comma-separated list of priorities(Very low, Low, Normal, High, Very high) to filter by

enum (Very low, Low, Normal, High, Very high)

Responses
HTTP Code Description Model

200

Successful retrieval of analysis defects list

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/applications/defects?application=myApp&asc=true&characteristics=Security%2C+Efficiency&count=500&fileContains=FileSystemRepository.java&languages=java%2C+php&orderBy=priority&page=1&priorities=Very+high%2C+High
Example HTTP response
Response 200
{
  "name" : "android",
  "description" : "GitHub Android App",
  "auditName" : "Kiuwan default audit",
  "applicationBusinessValue" : "CRITICAL",
  "applicationProvider" : "Lab",
  "applicationPortfolios" : "{ "country": "spain" }",
  "creationDate" : "2020-07-22T15:34:53Z",
  "label" : "14.10.2019_1",
  "date" : "2019-10-14T15:15:15Z",
  "modelId" : 6252,
  "encoding" : "UTF-8",
  "analysisCode" : "A-ZBA-234820349",
  "analysisURL" : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349",
  "auditResultURL" : "string",
  "analysisBusinessValue" : "CRITICAL",
  "analysisProvider" : "Lab",
  "analysisPortfolios" : "{ "country": "spain" }",
  "analysisStatus" : "FINISHED",
  "languages" : [ {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  } ],
  "architecture" : {
    "languages" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "types" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "relations" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "tags" : "tag1",
    "groupTags" : "group1"
  },
  "insightsData" : {
    "components" : 29,
    "vulnerabilities" : 15,
    "licenses" : 8,
    "duplicates" : 8,
    "risks" : [ {
      "name" : "string",
      "risk" : {
        "string" : 0
      }
    } ]
  },
  "unparsedFiles" : [ {
    "file" : "FileSystemSQL.java",
    "cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1.  Encountered: ALTER"
  } ],
  "defects_count" : 581,
  "activeDefects_count" : 575,
  "supressedDefects_count" : 6,
  "count" : 500,
  "page" : 1,
  "defects" : [ {
    "defectId" : 16558118,
    "file" : "FileSystemRepository.java",
    "line" : 368,
    "code" : "\t\t\tout.println(sql);",
    "muted" : false,
    "vulnerabilityType" : "Injection",
    "explanation" : "Reflected XSS: user_input",
    "status" : "None",
    "cweId" : 79,
    "ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
    "rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
    "language" : "java",
    "characteristic" : "Security",
    "priority" : "Very High",
    "effort" : "30m",
    "modelId" : 6252,
    "securityDetail" : {
      "cweId" : 79,
      "category" : "xss",
      "resource" : "web",
      "container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
      "injectionPoint" : "string",
      "variableDeclaration" : "String sql",
      "sourceFile" : "FileSystemRepository.java",
      "sourceLine" : 70,
      "sourceCode" : "\t\t\tString val = request.getParameter(item);",
      "sourceCategory" : "user_input",
      "sourceResource" : "web",
      "sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
      "sourceInjectionPoint" : "string",
      "frames" : [ {
        "index" : 0,
        "file" : "FileSystemRepository.java",
        "lineNumber" : 32,
        "lineText" : "\t\t\tString val = request.getParameter(item);",
        "category" : "user_input",
        "resource" : "web",
        "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "injectionPoint" : "string",
        "variableDeclaration" : "string"
      } ],
      "datapaths" : [ {
        "index" : 1,
        "kind" : "sink",
        "varname" : "user",
        "lineNumber" : 32,
        "lineText" : "\t\t\tString val = request.getParameter(item);",
        "indirect" : true,
        "file" : "FileSystemRepository.java",
        "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "localId" : 1,
        "localParentId" : 1
      } ]
    }
  } ],
  "lastSuccessfulDelivery" : {
    "code" : "A-7e3-16dc9e29131",
    "label" : "14.10.2019_1",
    "creationDate" : "2019-10-14T15:15:15Z",
    "qualityModel" : "CQM",
    "modelId" : "string",
    "encoding" : "UTF-8",
    "invoker" : "github software",
    "status" : "RUNNING",
    "errorCode" : "string",
    "unparsedFiles" : [ {
      "file" : "FileSystemSQL.java",
      "cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1.  Encountered: ALTER"
    } ],
    "analysisScope" : "Baseline",
    "changeRequest" : "CR_14-10-2019_1",
    "changeRequestStatus" : "Resolved",
    "branchName" : "master",
    "auditResult" : "FAIL",
    "analysisBusinessValue" : "CRITICAL",
    "analysisProvider" : "Lab",
    "analysisPortfolios" : "{ "country": "spain" }",
    "metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
  },
  "lastSuccessfulBaseline" : {
    "code" : "A-7e3-16dc9e29131",
    "label" : "14.10.2019_1",
    "creationDate" : "2019-10-14T15:15:15Z",
    "qualityModel" : "CQM",
    "modelId" : "string",
    "encoding" : "UTF-8",
    "invoker" : "github software",
    "status" : "RUNNING",
    "errorCode" : "string",
    "unparsedFiles" : [ {
      "file" : "FileSystemSQL.java",
      "cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1.  Encountered: ALTER"
    } ],
    "analysisScope" : "Baseline",
    "changeRequest" : "CR_14-10-2019_1",
    "changeRequestStatus" : "Resolved",
    "branchName" : "master",
    "auditResult" : "FAIL",
    "analysisBusinessValue" : "CRITICAL",
    "analysisProvider" : "Lab",
    "analysisPortfolios" : "{ "country": "spain" }",
    "metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
  },
  "quality_model" : "CQM",
  "ordered_by" : "github software",
  "Risk index" : {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  },
  "Quality indicator" : {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  },
  "Effort to target" : {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  },
  "Main metrics" : [ {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  } ],
  "Security" : "{ "Rating": 1, {"3Stars":104.6,"5Stars":255.9,"2Stars":64.89,"4Stars":247.4}"
}

Get Application Defects Still Open since date

GET /applications/defects/stillopen
Description

Get Application defects still open on latest analysis( or atAnalysisCode if provided) sinceDate (or previous sinceAnalysisCode if provided). Can be filtered by onlySecurity or by withRuleTag. Paginated

Parameters
Type Name Description Model Default

Query

application
required

Application Name

string

Query

atAnalysisCode
optional

Find defects that were already open on this Analysis

string

Query

count
optional

How many defects in each page (defaults to 500)

integer

500

Query

onlyCodeSecurity
optional

Only Defects on Code Security rules

enum (true, false)

Query

page
optional

Number of results page (defaults to 1)

integer

1

Query

sinceAnalysisCode
optional

Find defects still open at this analyis

string

Query

sinceDate
optional

Defects open since this date

string

Query

withRuleTags
optional

Only Defects Open from the Rules with the matching tags (split by ',')

string

Responses
HTTP Code Description Model

200

Successful retrieval of defects still open

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/applications/defects/stillopen?application=MyApp&atAnalysisCode=A-7e3-16e5b1aad2a&count=500&onlyCodeSecurity=true&page=1&sinceAnalysisCode=A-7e3-16e5b1aad2a&sinceDate=2019-11-01T00%3A00%3A00Z&withRuleTags=hardcoded-path
Example HTTP response
Response 200
{
  "sinceAnalysisCode" : "A-7e3-16e5b1aad2a",
  "atAnalysisCode" : "A-7e3-16dc9e29131",
  "sinceDate" : "2020-03-01T12:00:00Z",
  "ruleTags" : "PCI-DSS:6.5.1,cwe99",
  "securityOnly" : true,
  "totalDefects" : 132,
  "count" : 3,
  "page" : 1,
  "defects" : [ {
    "defectId" : 16558118,
    "file" : "FileSystemRepository.java",
    "line" : 368,
    "code" : "\t\t\tout.println(sql);",
    "muted" : false,
    "vulnerabilityType" : "Injection",
    "explanation" : "Reflected XSS: user_input",
    "status" : "None",
    "cweId" : 79,
    "ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
    "rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
    "language" : "java",
    "characteristic" : "Security",
    "priority" : "Very High",
    "effort" : "30m",
    "modelId" : 6252,
    "securityDetail" : {
      "cweId" : 79,
      "category" : "xss",
      "resource" : "web",
      "container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
      "injectionPoint" : "string",
      "variableDeclaration" : "String sql",
      "sourceFile" : "FileSystemRepository.java",
      "sourceLine" : 70,
      "sourceCode" : "\t\t\tString val = request.getParameter(item);",
      "sourceCategory" : "user_input",
      "sourceResource" : "web",
      "sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
      "sourceInjectionPoint" : "string",
      "frames" : [ {
        "index" : 0,
        "file" : "FileSystemRepository.java",
        "lineNumber" : 32,
        "lineText" : "\t\t\tString val = request.getParameter(item);",
        "category" : "user_input",
        "resource" : "web",
        "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "injectionPoint" : "string",
        "variableDeclaration" : "string"
      } ],
      "datapaths" : [ {
        "index" : 1,
        "kind" : "sink",
        "varname" : "user",
        "lineNumber" : 32,
        "lineText" : "\t\t\tString val = request.getParameter(item);",
        "indirect" : true,
        "file" : "FileSystemRepository.java",
        "container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "localId" : 1,
        "localParentId" : 1
      } ]
    }
  } ]
}

Get applications filtered

GET /applications/list
Description

Retrieves applications for the authenticated user filtered.

Parameters
Type Name Description Model Default

Query

activityInfo
optional

controls wether to included creation, baseline and delivery info

enum (true, false)

Query

applicationName
optional

Application name to filter

string

Query

asc
optional

Ascending or descending order

boolean

Query

count
optional

How many applications in each page (defaults to 500)

integer

500

Query

endDateAnalysis
optional

End date to start search applications that are analyzed before this date

string

Query

exactApplicationName
optional

Indicates if the applicationName must be equals (ignore case). Only apply if applicationName is provided

boolean

Query

initDateAnalysis
optional

Initial date to start search applications that are analyzed after this date

string

Query

orderBy
optional

'Order by' for results

enum (applicationName, analysisDate)

Query

page
optional

Number of results page (defaults to 1)

integer

1

Responses
HTTP Code Description Model

200

Successful retrieval of applications filtered

400

Bad request

No Content

403

Access denied

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/applications/list?activityInfo=true&applicationName=myApp&asc=true&count=500&endDateAnalysis=2019-11-01T23%3A59%3A59Z&exactApplicationName=true&initDateAnalysis=2019-11-01T00%3A00%3A00Z&orderBy=applicationName&page=1
Example HTTP response
Response 200
[ {
  "name" : "android",
  "description" : "GitHub Android App",
  "auditName" : "Kiuwan default audit",
  "applicationBusinessValue" : "CRITICAL",
  "applicationProvider" : "Lab",
  "applicationPortfolios" : "{ "country": "spain" }",
  "creationDate" : "2020-07-22T15:34:53Z",
  "lastSuccessfulDelivery" : {
    "code" : "A-7e3-16dc9e29131",
    "label" : "14.10.2019_1",
    "creationDate" : "2019-10-14T15:15:15Z",
    "qualityModel" : "CQM",
    "modelId" : "string",
    "encoding" : "UTF-8",
    "invoker" : "github software",
    "status" : "RUNNING",
    "errorCode" : "string",
    "unparsedFiles" : [ {
      "file" : "FileSystemSQL.java",
      "cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1.  Encountered: ALTER"
    } ],
    "analysisScope" : "Baseline",
    "changeRequest" : "CR_14-10-2019_1",
    "changeRequestStatus" : "Resolved",
    "branchName" : "master",
    "auditResult" : "FAIL",
    "analysisBusinessValue" : "CRITICAL",
    "analysisProvider" : "Lab",
    "analysisPortfolios" : "{ "country": "spain" }",
    "metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
  },
  "lastSuccessfulBaseline" : {
    "code" : "A-7e3-16dc9e29131",
    "label" : "14.10.2019_1",
    "creationDate" : "2019-10-14T15:15:15Z",
    "qualityModel" : "CQM",
    "modelId" : "string",
    "encoding" : "UTF-8",
    "invoker" : "github software",
    "status" : "RUNNING",
    "errorCode" : "string",
    "unparsedFiles" : [ {
      "file" : "FileSystemSQL.java",
      "cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1.  Encountered: ALTER"
    } ],
    "analysisScope" : "Baseline",
    "changeRequest" : "CR_14-10-2019_1",
    "changeRequestStatus" : "Resolved",
    "branchName" : "master",
    "auditResult" : "FAIL",
    "analysisBusinessValue" : "CRITICAL",
    "analysisProvider" : "Lab",
    "analysisPortfolios" : "{ "country": "spain" }",
    "metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
  },
  "quality_model" : "CQM"
} ]

Get First date of defect

GET /applications/{application}/defect/{defectId}/firstdate
Description

Retrieves the first date when a defect was detected

Parameters
Type Name Description Model

Path

application
required

Application Name

string

Path

defectId
required

Defect ID

string

Responses
HTTP Code Description Model

200

Successful retrieval of date

string (date-time)

403

Access denied

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/applications/MyApp/defect/17375778/firstdate
Example HTTP response
Response 200
"string"

Get Application mute patterns

GET /applications/{application}/mutepatterns
Description

Get Application mute patterns

Parameters
Type Name Description Model

Path

application
required

Application Name

string

Responses
HTTP Code Description Model

200

Successful retrieval of Mute Patterns

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/applications/MyApp/mutepatterns
Example HTTP response
Response 200
[ {
    "reason": "TOO_MANY_DEFECTS",
    "comment": "Created after review meeting",
    "customerId": 12334,
    "lineText": " throw new NullPointerException();",
    "sourceLineText": "string",
    "lineNumber": 113,
    "lastActionDate": "2021-10-1T15:15:15Z",
    "lastActionUserName": "Administrator Site (sysadmin)",
    "lastMuteAction": "MUTEACTION_CREATE",
    "fileName": "path/to/file.java",
    "fileNamePatterns": "extras/*",
    "ruleName": "Avoid launching NullPointerExceptions",
    "ruleCode": "OPT.JAVA.EXCP.AvoidThrowNullPointerExceptions",
    "active": true
  },
...
...
... 
{
  "reason": "NONE",
  "comment": "",
  "lastActionDate": "2021-09-27T13:24:35Z",
  "lastActionUserName": "Administrator Site (sysadmin)",
  "lastMuteAction": "MUTEACTION_CREATE",
  "fileName": "extras/src/main/java/com/google/gson/graph/GraphAdapterBuilder.java",
  "ruleName": "Cyclomatic complexity",
  "ruleCode": "OPT.JAVA.CMETRICS.TCC",
  "active": true
} ]

Get analysis global metrics

GET /metrics
Description

Obtains the global metrics of indicated analysis.

Parameters
Type Name Description Model

Query

code
required

Analysis code

string

Responses
HTTP Code Description Model

200

Successfully retrieval of global metrics map

< string, object > map

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/metrics?code=A-7e3-16e5b1aad2a
Example HTTP response
Response 200
"object"

Get suppression rules

GET /qualitymodel/suppressions
Description

Get suppression rules for application given as parameter.

Parameters
Type Name Description Model

Query

application
required

Application name

string

Responses
HTTP Code Description Model

200

Successfully retrieval of suppression rules

string

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/xml

  • application/json

Example HTTP request
Request path
/qualitymodel/suppressions?application=myApp
Example HTTP response
Response 200
"string"

Architecture

Get list of sources that impact on a component with the specified targetId

POST /arch/impact/searchSources
Description

List of sources that impact on a component with the specified targetId in analysis for a concrete analysis specified by analysisCode parameter or application name specified in applicationName parameter by filters and pagination.

Parameters
Type Name Description Model

Body

body
required

Analysis impact request for sources

Responses
HTTP Code Description Model

200

Successful retrieval of sources list

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

Produces
  • application/json

Example HTTP request
Request path
/arch/impact/searchSources
Request body
{
  "applicationName" : "myApp",
  "analysisCode" : "A-7e3-16dc9e29131",
  "analysisImpactCode" : "0143dde8-3d81-44ac-ab77-fb5132c0f3b0",
  "sourceFilter" : {
    "contains" : "custom.js",
    "notContains" : "testFactory",
    "languages" : "java,javascript",
    "types" : "program,element,map,class",
    "analyzed" : true,
    "fileName" : "custom.js",
    "tags" : "myTag1,myTag2",
    "groupTags" : [ {
      "name" : "Servlets",
      "value" : "FileServlet"
    } ]
  },
  "sourceIds" : [ 0 ],
  "targetId" : 41144504,
  "navigationFilter" : {
    "relations" : "contains,uses,update",
    "direction" : "out",
    "depth" : 2
  },
  "pagination" : {
    "page" : 1,
    "count" : 500,
    "total" : 5654
  }
}
Example HTTP response
Response 200
{
  "pagination" : {
    "page" : 1,
    "count" : 500,
    "total" : 5654
  },
  "data" : [ {
    "id" : 23,
    "dn" : "app=myApp,class=com.myCompany.myApp.file.CSRFServlet",
    "name" : "com.myCompany.myApp.CSRFServlet",
    "type" : "class",
    "language" : "java",
    "tags" : "Security,CSRF",
    "grouptags" : "{"Servlet": "FileServlet"}",
    "artifacts" : "{0}/src/main/java/com/myCompany/myApp/CSRFServlet",
    "analyzed" : true,
    "loc" : 210.0,
    "quality" : 0.0,
    "dupCode" : 0.0,
    "ccn" : 15.0,
    "effort" : 0.0,
    "groupedCount" : 1,
    "other" : "{ "componentType": "class", "j2eeType": "class", "description": "class java" }"
  } ],
  "analysisImpactCode" : "0143dde8-3d81-44ac-ab77-fb5132c0f3b0"
}

Get list of impacted components

POST /arch/impact/searchTargets
Description

List impacted components in analysis for a concrete analysis specified by analysisCode parameter or application name specified in applicationName parameter by filters and pagination.

Parameters
Type Name Description Model

Body

body
required

Analysis impact request

Responses
HTTP Code Description Model

200

Successful retrieval of impacted components list

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

Produces
  • application/json

Example HTTP request
Request path
/arch/impact/searchTargets
Request body
{
  "applicationName" : "myApp",
  "analysisCode" : "A-7e3-16dc9e29131",
  "analysisImpactCode" : "0143dde8-3d81-44ac-ab77-fb5132c0f3b0",
  "sourceFilter" : {
    "contains" : "custom.js",
    "notContains" : "testFactory",
    "languages" : "java,javascript",
    "types" : "program,element,map,class",
    "analyzed" : true,
    "fileName" : "custom.js",
    "tags" : "myTag1,myTag2",
    "groupTags" : [ {
      "name" : "Servlets",
      "value" : "FileServlet"
    } ]
  },
  "targetFilter" : {
    "contains" : "custom.js",
    "notContains" : "testFactory",
    "languages" : "java,javascript",
    "types" : "program,element,map,class",
    "analyzed" : true,
    "fileName" : "custom.js",
    "tags" : "myTag1,myTag2",
    "groupTags" : [ {
      "name" : "Servlets",
      "value" : "FileServlet"
    } ]
  },
  "sourceIds" : [ 0 ],
  "targetIds" : [ 0 ],
  "navigationFilter" : {
    "relations" : "contains,uses,update",
    "direction" : "out",
    "depth" : 2
  },
  "pagination" : {
    "page" : 1,
    "count" : 500,
    "total" : 5654
  }
}
Example HTTP response
Response 200
{
  "pagination" : {
    "page" : 1,
    "count" : 500,
    "total" : 5654
  },
  "data" : [ {
    "id" : 23,
    "dn" : "app=myApp,class=com.myCompany.myApp.file.CSRFServlet",
    "name" : "com.myCompany.myApp.CSRFServlet",
    "type" : "class",
    "language" : "java",
    "tags" : "Security,CSRF",
    "grouptags" : "{"Servlet": "FileServlet"}",
    "artifacts" : "{0}/src/main/java/com/myCompany/myApp/CSRFServlet",
    "analyzed" : true,
    "loc" : 210.0,
    "quality" : 0.0,
    "dupCode" : 0.0,
    "ccn" : 15.0,
    "effort" : 0.0,
    "groupedCount" : 1,
    "other" : "{ "componentType": "class", "j2eeType": "class", "description": "class java" }"
  } ],
  "analysisImpactCode" : "0143dde8-3d81-44ac-ab77-fb5132c0f3b0"
}

Get sub graph of analysis impact

POST /arch/impact/subGraph
Description

Get sub graph of analysis impact in analysis for a concrete analysis specified by analysisCode parameter or application name specified in applicationName parameter by source id and target id.

Parameters
Type Name Description Model

Body

body
required

Get sub graph of analysis impact

Responses
HTTP Code Description Model

200

Successful retrieval of analysis inpact sub graph

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

Produces
  • application/json

Example HTTP request
Request path
/arch/impact/subGraph
Request body
{
  "applicationName" : "myApp",
  "analysisCode" : "A-7e3-16dc9e29131",
  "sourceId" : 5463,
  "targetId" : 5467,
  "navigationFilter" : {
    "relations" : "contains,uses,update",
    "direction" : "out",
    "depth" : 2
  }
}
Example HTTP response
Response 200
{
  "components" : [ {
    "id" : 23,
    "dn" : "app=myApp,class=com.myCompany.myApp.file.CSRFServlet",
    "name" : "com.myCompany.myApp.CSRFServlet",
    "type" : "class",
    "language" : "java",
    "tags" : "Security,CSRF",
    "grouptags" : "{"Servlet": "FileServlet"}",
    "artifacts" : "{0}/src/main/java/com/myCompany/myApp/CSRFServlet",
    "analyzed" : true,
    "loc" : 210.0,
    "quality" : 0.0,
    "dupCode" : 0.0,
    "ccn" : 15.0,
    "effort" : 0.0,
    "groupedCount" : 1,
    "other" : "{ "componentType": "class", "j2eeType": "class", "description": "class java" }"
  } ],
  "relations" : [ {
    "source" : 5473,
    "target" : 5468,
    "type" : "uses"
  } ]
}

Get list of components by filter and pagination

POST /arch/list
Description

List components in analysis for a concrete analysis specified by analysisCode parameter or application name specified in applicationName parameter by filter and pagination.

Parameters
Type Name Description Model

Body

body
required

List components request

Responses
HTTP Code Description Model

200

Successful retrieval of components list

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

Produces
  • application/json

Example HTTP request
Request path
/arch/list
Request body
{
  "applicationName" : "myApp",
  "analysisCode" : "A-7e3-16dc9e29131",
  "pagination" : {
    "page" : 1,
    "count" : 500,
    "total" : 5654
  },
  "filter" : {
    "contains" : "custom.js",
    "notContains" : "testFactory",
    "languages" : "java,javascript",
    "types" : "program,element,map,class",
    "analyzed" : true,
    "fileName" : "custom.js",
    "tags" : "myTag1,myTag2",
    "groupTags" : [ {
      "name" : "Servlets",
      "value" : "FileServlet"
    } ]
  }
}
Example HTTP response
Response 200
{
  "pagination" : {
    "page" : 1,
    "count" : 500,
    "total" : 5654
  },
  "data" : [ {
    "id" : 23,
    "dn" : "app=myApp,class=com.myCompany.myApp.file.CSRFServlet",
    "name" : "com.myCompany.myApp.CSRFServlet",
    "type" : "class",
    "language" : "java",
    "tags" : "Security,CSRF",
    "grouptags" : "{"Servlet": "FileServlet"}",
    "artifacts" : "{0}/src/main/java/com/myCompany/myApp/CSRFServlet",
    "analyzed" : true,
    "loc" : 210.0,
    "quality" : 0.0,
    "dupCode" : 0.0,
    "ccn" : 15.0,
    "effort" : 0.0,
    "groupedCount" : 1,
    "other" : "{ "componentType": "class", "j2eeType": "class", "description": "class java" }"
  } ]
}

Audit

Get audit result

GET /auditResult
Description

Get an audit result with defects count by priority

Parameters
Type Name Description Model

Query

deliveryCode
required

Delivery code

string

Responses
HTTP Code Description Model

200

Successful retrieval of audit result

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/auditResult?deliveryCode=A-7e3-16e5b1aad2a
Example HTTP response
Response 200
{
  "analysisCode" : "A-7e3-16e5b1aad2a",
  "passAudit" : false,
  "label" : "cr_21.11.2019",
  "creationTimestamp" : "2019-11-21T12:51:40Z",
  "metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 2": 2,"com.optimyth.CQM.defectsByPriority.Priority 3": 1}"
}

Get the results from insights in delivery analyses

GET /auditResult/components
Description

Obtains a list of Audit result components for an application name specified in application parameter and a concrete delivery analysis specified by deliveryCode parameter.

Parameters
Type Name Description Model

Query

application
required

Application name

string

Query

deliveryCode
required

Delivery

string

Query

licenseRisk
optional

Comma-separated list of license risks

enum (Unknown, High, Medium, Low)

Query

limit
optional

Maximum number of components

string

Query

obsolescenceRisk
optional

Comma-separated list of obsolescence risks

enum (Unknown, High, Medium, Low)

Query

securityRisk
optional

Comma-separated list of security risks

enum (Unknown, High, Medium, Low)

Query

status
optional

Component status

enum (New, Removed, Modified)

Responses
HTTP Code Description Model

200

Successful retrieval of components

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/auditResult/components?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&licenseRisk=Unknown%2C+Low&limit=10&obsolescenceRisk=Unknown%2C+Low&securityRisk=Unknown%2C+Low&status=New
Example HTTP response
Response 200
{
  "data" : [ {
    "id" : 178,
    "artifact" : "org.springframework:spring-aop",
    "version" : "3.2.13.RELEASE",
    "filename" : "spring-aop-3.2.13.RELEASE.jar",
    "language" : "java",
    "obsolescenceRisk" : "medium",
    "licenseRisk" : "unknown",
    "securityRisk" : "high",
    "custom" : true,
    "sources" : [ {
      "path" : "pom.xml",
      "artifact" : "org.springframework:spring-context",
      "version" : "3.2.13.RELEASE",
      "child" : [ {
        "repository" : "MAVEN",
        "artifact" : "org.springframework:spring-aop",
        "version" : "3.2.13.RELEASE",
        "child" : [ {
          "repository" : "MAVEN",
          "artifact" : "org.springframework:spring-aop",
          "version" : "3.2.13.RELEASE",
          "child" : [ "..." ]
        } ]
      } ]
    } ],
    "vulnerabilities" : [ {
      "id" : 108742,
      "cve" : "CVE-2018-11039",
      "cwe" : "CWE-20",
      "description" : "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.",
      "severity" : "Low",
      "privateVulnerability" : true
    } ]
  } ]
}

Get audit result defects

GET /auditResult/defects
Description

Get defects of an audit result

Parameters
Type Name Description Model

Query

asc
optional

Sort ascending: true/false

enum (true, false)

Query

characteristics
optional

Comma-separated list of characteristics to filter by

enum (Efficiency, Maintainability, Portability, Reliability, Security)

Query

deliveryCode
required

Delivery code

string

Query

fileContains
optional

Use this param to filter defects by file name

string

Query

languages
optional

Comma-separated list of languages to filter by

string

Query

limit
optional

Max number of defects returned

integer (int32)

Query

orderBy
optional

Sorting criteria: priority/effort

enum (priority, effort)

Query

priorities
optional

Comma-separated list of priorities(Very low, Low, Normal, High, Very high) to filter by

enum (Very low, Low, Normal, High, Very high)

Responses
HTTP Code Description Model

200

Successful retrieval of audit result defects

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/auditResult/defects?deliveryCode=A-7e3-16e5b1aad2a&asc=true&characteristics=Security%2C+Efficiency&fileContains=FileSystemRepository.java&languages=java%2C+php&limit=100&orderBy=priority&priorities=Very+high%2C+High
Example HTTP response
Response 200
{
  "defectId": 16558118,
  "file": "FileSystemRepository.java",
  "line": 368,
  "code": "\t\t\tout.println(sql);",
  "muted": false,
  "vulnerabilityType": "Injection",
  "explanation": "Reflected XSS: user_input",
  "status": "None",
  "cweId": 79,
  "ruleCode": "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
  "rule": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
  "language": "java",
  "characteristic": "Security",
  "priority": "Very High",
  "effort": "30m",
  "modelId": 6252,
  "securityDetail": {
    "cweId": 79,
    "category": "xss",
    "resource": "web",
    "container": "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
    "injectionPoint": "string",
    "variableDeclaration": "String sql",
    "sourceFile": "FileSystemRepository.java",
    "sourceLine": 70,
    "sourceCode": "\t\t\tString val = request.getParameter(item);",
    "sourceCategory": "user_input",
    "sourceResource": "web",
    "sourceContainer": "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
    "sourceInjectionPoint": "string",
    "frames": [
      {
        "index": 0,
        "file": "FileSystemRepository.java",
        "lineNumber": 32,
        "lineText": "\t\t\tString val = request.getParameter(item);",
        "category": "user_input",
        "resource": "web",
        "container": "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "injectionPoint": "string",
        "variableDeclaration": "string"
      }
    ],
    "datapaths": [
      {
        "index": 1,
        "kind": "sink",
        "varname": "user",
        "lineNumber": 32,
        "lineText": "\t\t\tString val = request.getParameter(item);",
        "indirect": true,
        "file": "FileSystemRepository.java",
        "container": "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "localId": 1,
        "localParentId": 1
      }
    ]
  }
}
,
...
...
...
{
  "defectId": 16558118,
  "file": "FileSystemRepository.java",
  "line": 368,
  "code": "\t\t\tout.println(sql);",
  "muted": false,
  "vulnerabilityType": "Injection",
  "explanation": "Reflected XSS: user_input",
  "status": "None",
  "cweId": 79,
  "ruleCode": "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
  "rule": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
  "language": "java",
  "characteristic": "Security",
  "priority": "Very High",
  "effort": "30m",
  "modelId": 6252,
  "securityDetail": {
    "cweId": 79,
    "category": "xss",
    "resource": "web",
    "container": "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
    "injectionPoint": "string",
    "variableDeclaration": "String sql",
    "sourceFile": "FileSystemRepository.java",
    "sourceLine": 70,
    "sourceCode": "\t\t\tString val = request.getParameter(item);",
    "sourceCategory": "user_input",
    "sourceResource": "web",
    "sourceContainer": "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
    "sourceInjectionPoint": "string",
    "frames": [
      {
        "index": 0,
        "file": "FileSystemRepository.java",
        "lineNumber": 32,
        "lineText": "\t\t\tString val = request.getParameter(item);",
        "category": "user_input",
        "resource": "web",
        "container": "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "injectionPoint": "string",
        "variableDeclaration": "string"
      }
    ],
    "datapaths": [
      {
        "index": 1,
        "kind": "sink",
        "varname": "user",
        "lineNumber": 32,
        "lineText": "\t\t\tString val = request.getParameter(item);",
        "indirect": true,
        "file": "FileSystemRepository.java",
        "container": "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
        "localId": 1,
        "localParentId": 1
      }
    ]
  }
} ]

Get list of files

GET /audits/checkpoints/violatedrules/files
Description

List files with a violated rule of an audit

Parameters
Type Name Description Model

Query

application
required

Application name

string

Query

checkpoint
required

Checkpoint id

string

Query

deliveryCode
required

Delivery code

string

Query

ruleCode
required

Rule code

string

Responses
HTTP Code Description Model

200

Successful retrieval of files list

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/audits/checkpoints/violatedrules/files?application=myApp&checkpoint=3452&deliveryCode=A-7e3-16e5b1aad2a&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule
Example HTTP response
Response 200
[
  {
    "file": "src/main/java/com/myCompany/myApp/CSRFServlet.java",
    "defectsCount": 1,
    "defects": {
      "href": "https://api.kiuwan.com/audits/checkpoints/violatedrules/files/defects?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&checkpoint=3452&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java"
    }
  },
  ...
  ...
  ...
  {
    "file": "src/main/java/com/myCompany/myApp/CSRFServlet.java",
    "defectsCount": 1,
    "defects": {
      "href": "https://api.kiuwan.com/audits/checkpoints/violatedrules/files/defects?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&checkpoint=3452&ruleCode=OPT.JAVA.EXCP.AvoidThrowNullPointerExceptions&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java"
    }
  }
]

Get list of defects of file

GET /audits/checkpoints/violatedrules/files/defects
Description

List defects in a file

Parameters
Type Name Description Model

Query

application
required

Application name

string

Query

checkpoint
required

Checkpoint id

string

Query

deliveryCode
required

Delivery code

string

Query

file
required

File name

string

Query

ruleCode
required

Rule code

string

Responses
HTTP Code Description Model

200

Successful retrieval of defects line list

< DefectLineResponse > array

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/audits/checkpoints/violatedrules/files/defects?application=myApp&checkpoint=3452&deliveryCode=A-7e3-16e5b1aad2a&file=FileSystemRepository.java&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule
Example HTTP response
Response 200
[
  {
    "code": "      StringReader reader = new StringReader(json);",
    "line": 64,
    "muted": false
  },
  ...,
  {
    "code": "      JsonReader jr = new JsonReader(reader);",
    "line": 65,
    "muted": false
  }
]

Get PDF report of insight

GET /audits/result/componentsPDF
Description

Obtains an audits result report for an application name specified in application parameter and a concrete analysis specified by deliveryCode parameter.

Parameters
Type Name Description Model

Query

application
required

Application name

string

Query

deliveryCode
required

Delivery code

string

Query

licenseRisk
optional

Comma-separated list of license risks

enum (Unknown, High, Medium, Low)

Query

limit
optional

Maximum number of components

string

Query

obsolescenceRisk
optional

Comma-separated list of obsolescence risks

enum (Unknown, High, Medium, Low)

Query

securityRisk
optional

Comma-separated list of security risks

enum (Unknown, High, Medium, Low)

Query

status
optional

Component status

enum (New, Removed, Modified)

Responses
HTTP Code Description Model

200

Successful retrieval of of report

file

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/pdf

  • application/json

Example HTTP request
Request path
/audits/result/componentsPDF?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&licenseRisk=Unknown%2C+Low&limit=10&obsolescenceRisk=Unknown%2C+Low&securityRisk=Unknown%2C+Low&status=New

Get audit result PDF report

GET /audits/result/export
Description

Obtains an audit report of the specified delivery in PDF format. It is necessary an analysis code or an application name and change request

Parameters
Type Name Description Model

Query

application
optional

Application name

string

Query

changeRequest
optional

Change request

string

Query

code
optional

Analysis code

string

Query

deliveryLabel
optional

Delivery label

string

Responses
HTTP Code Description Model

200

Successful retrieval of an audit result report

file

400

Invalid parameter

No Content

403

Access denied

No Content

404

Resource not found

No Content

500

Internal server error

No Content

Produces
  • application/pdf

  • application/json

Example HTTP request
Request path
/audits/result/export?application=myApp&changeRequest=CR_11.01.2020&code=A-7e3-16e5b1aad2a&deliveryLabel=delivery_11.01.2020

Defect

Create mutes for a rule/file

POST /applications/defects/mute
Description

Create mute patterns for this ruleCode or file

Allowed Combinations of parameters:-

  • Only rule parameter can be used to create mute pattern for a specific rule,

  • Only fileName parameter can be passed to create mute pattern for a specific file, regardless of rule

  • rule parameter can be combined with filePattern parameter to create mute pattern for a certain rule belonging to a set of filePatterns

  • rule parameter can be combined with fileName parameter to create mute pattern for a certain rule belonging to a specific file

Invalid cases of parameters:-

  • Either rule or file pattern parameters must have a valid value otherwise it will throw an error

  • Only one of fileName or filePattern parameter should be passed otherwise it will throw an error

  • Passing only filePattern parameter will throw an error

Parameters
Type Name Description Model

Query

application
required

Application Name

string

Query

comment
optional

Mute comment

string

Query

fileName
optional

File name to mute

string

Query

filePattern
optional

Comma-separated file patterns to mute

string

Query

rule
optional

Rule Code

string

Query

why
optional

Mute reason

enum (NONE, FALSE_POSITIVE, TOO_MANY_DEFECTS, GENERATED_CODE, TOO_COMPLEX_CODE, OTHER)

Responses
HTTP Code Description Model

200

Successfully created a suppression rule

integer (int32)

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/applications/defects/mute?application=test&comment=Muted+this+rule%2Ffile+because+it+is+generated+code&fileName=Library%2Fsrc%2FLibrary.java&filePattern=%2FViewIssuedBooks.java%2C%2FLibrary.java&rule=OPT.JAVA.FMETODOS.NCE&why=GENERATED_CODE
Example HTTP response
Response 200
0

Create suppresion rule for a defect

POST /defect/{defectId}/mute
Description

Create a suppression rule for this defect.

Parameters
Type Name Description Model

Path

defectId
required

Defect identifier

integer (int64)

Query

comment
optional

Mute comment

string

Query

muteBy
optional

Mute By

enum (LINE_NUMBER(default), SOURCE_CODE)

Query

why
optional

Mute reason

enum (NONE, FALSE_POSITIVE, TOO_MANY_DEFECTS, GENERATED_CODE, TOO_COMPLEX_CODE, OTHER)

Responses
HTTP Code Description Model

200

Successfully created a suppression rule

integer (int32)

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/defect/17375778/mute?comment=Muted+this+defect+because+it+is+generated+code&muteBy=LINE_NUMBER&why=GENERATED_CODE
Example HTTP response
Response 200
0

Get defect notes

GET /defect/{defectId}/notes
Description

Obtains the list of notes associated to this defect.

Parameters
Type Name Description Model

Path

defectId
required

Defect identifier

integer (int64)

Responses
HTTP Code Description Model

200

Successful retrieval of a defect notes list

< DefectNoteResponse > array

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/defect/17375778/notes
Example HTTP response
Response 200
[ { "date" : "2019/05/02 14:26", "user" : "John Smith", "text" : "To review by security experts" },
...
...
...
{ "date" : "2019/05/12 14:26", "user" : "John Smith", "text" : "To review by security experts" } ]

Update the status of a defect

POST /defect/{defectId}/status
Description

Update status of this defect and add a note, possible status are (NONE, TO_REVIEW, REVIEWED)

Parameters
Type Name Description Model

Path

defectId
required

Defect identifier

integer (int64)

Query

note
optional

Note detail

string

Query

status
required

Defect status

enum (NONE, TO_REVIEW, REVIEWED)

Responses
HTTP Code Description Model

200

Successfully updated defect status

No Content

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/defect/17375778/status?status=TO_REVIEW&note=To+review+by+security+experts

Get violated rules of an analysis

GET /violatedrules
Description

Obtains the list of violated rules of an analysis for the authenticated user.

Parameters
Type Name Description Model

Query

analysisCode
optional

Analysis code

string

Query

application
required

Application name

string

Query

characteristic
optional

CQM characteristic

enum (Efficiency, Maintainability, Portability, Reliability, Security)

Query

language
optional

CQM technology

string

Query

onlyCodeSecurity
optional

Only Code Security rules

enum (true, false)

Query

priority
optional

Rule priority

enum (Very low, Low, Normal, High, Very high)

Query

tag
optional

Rule tag

string

Query

vulnerabilityType
optional

Vulnerability type

enum ('Permissions, privileges and access controls', 'Injection', 'Error handling and fault isolation', 'Other', 'Encryption and randomness', 'Misconfiguration', 'Design error', 'Initialization and shutdown', 'Control flow management', 'File handling', 'Number handling', 'System element isolation', 'Buffer handling', 'Information leaks', 'Pointer and reference handling')

Responses
HTTP Code Description Model

200

Successful retrieval of violated rules list

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/violatedrules?application=myApp&analysisCode=A-7e3-16e5b1aad2a&characteristic=Security&language=java&onlyCodeSecurity=true&priority=Very+high&tag=hardcoded-path&vulnerabilityType=Injection
Example HTTP response
Response 200
[
  {
    "ruleCode": "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
    "modelId": 6252,
    "defectsCount": 72,
    "suppressedDefectsCount": 0,
    "filesCount": 11,
    "effort": "36h 00",
    "characteristic": "Security",
    "vulnerabilityType": "Injection",
    "tags": "[CERT-J:IDS51-J,CWE:79,CWEScope:Access-Control,CWEScope:Availability,CWEScope:Confidentiality,CWEScope:Integrity,essential,OWASP:2013:A3,OWASP:2017:A7,OWASP-M:2014:M7,PCI-DSS:6.5.7,SANS25:2010:1,SANS25:2011:4,WASC:08]",
    "priority": "Very High",
    "language": "Java",
    "files": {
      "href": "https://api.kiuwan.com/audits/checkpoints/violatedrules/files/defects?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&checkpoint=3452&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java"
    }
  },
  ...
  ...
  ...
  {
    "ruleCode": "OPT.JAVA.DECLARA.IMPT",
    "modelId": 1,
    "defectsCount": 21,
    "suppressedDefectsCount": 0,
    "filesCount": 21,
    "effort": "1h 03",
    "characteristic": "Maintainability",
    "tags": [],
    "priority": "Normal",
    "language": "Java",
    "files": {
      "href": "https://api.kiuwan.com/audits/checkpoints/violatedrules/files/defects?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&checkpoint=3452&ruleCode=OPT.JAVA.DECLARA.IMPT"
    }
  }
]

Get files of a violated rule

GET /violatedrules/files
Description

Obtains the list of files where the violated rule affects.

Parameters
Type Name Description Model

Query

analysisCode
required

Analysis code

string

Query

application
required

Application name

string

Query

ruleCode
required

Rule code

string

Responses
HTTP Code Description Model

200

Successful retrieval of files with defects

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/violatedrules/files?analysisCode=A-7e3-16e5b1aad2a&application=myApp&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule
Example HTTP response
Response 200
[
  {
    "file": "src/main/java/com/myCompany/myApp/CSRFServlet.java",
    "defectsCount": 1,
    "defects": {
      "href": "https://api.kiuwan.com/audits/checkpoints/violatedrules/files/defects?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&checkpoint=3452&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java"
    }
  },
  ...
  ...
  ...
  {
    "file": "src/main/java/com/myCompany/myApp/CSRFServlet.java",
    "defectsCount": 1,
    "defects": {
      "href": "https://api.kiuwan.com/audits/checkpoints/violatedrules/files/defects?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&checkpoint=3452&ruleCode=OPT.JAVA.EXCP.AvoidThrowNullPointerExceptions&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java"
    }
  }
]

Get defects of file

GET /violatedrules/files/defects
Description

Obtains the list of defects in a file for a concrete violated rule.

Parameters
Type Name Description Model

Query

analysisCode
required

Analysis code

string

Query

application
required

Application name

string

Query

file
required

File name including path

string

Query

ruleCode
required

Rule code

string

Responses
HTTP Code Description Model

200

Successful retrieval of defect lines

< DefectLineResponse > array

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/violatedrules/files/defects?analysisCode=A-7e3-16e5b1aad2a&application=myApp&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule
Example HTTP response
Response 200
[
  {
    "code": "      StringReader reader = new StringReader(json);",
    "line": 64,
    "muted": false
  },
  ...,
  {
    "code": "      JsonReader jr = new JsonReader(reader);",
    "line": 65,
    "muted": false
  }
]

Delivery

Get deliveries of an application

GET /applications/deliveries
Description

Obtains the deliveries indicating the name of the application.

Parameters
Type Name Description Model Default

Query

application
required

Application name

string

Query

auditSuccess
optional

Set to true or false to retrieve only succeeded or failed audit delivery, respectively

enum (true, false)

Query

changeRequestFilter
optional

To filter deliveries by changeRequest

string

Query

count
optional

Limit results

integer

Query

filterPurgedAnalyses
optional

Set to true to not retrieve purged analyses

enum (true, false)

"true"

Query

maxdays
optional

Max number of days old of deliveries returned

integer (int32)

Query

page
optional

Number of results page (defaults to 1)

integer

1

Responses
HTTP Code Description Model

200

Successful retrieval of deliveries list

< AnalysisResponse > array

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/applications/deliveries?application=myApp&auditSuccess=true&changeRequestFilter=CR_21.11.1019&count=500&filterPurgedAnalyses=true&maxdays=30&page=1
Example HTTP response
Response 200
[ {
  "code": "A-7e3-16dc9e29131",
  "label": "14.10.2019_1",
  "creationDate": "2019-10-14T15:15:15Z",
  "qualityModel": "CQM",
  "modelId": "string",
  "encoding": "UTF-8",
  "invoker": "github software",
  "status": "RUNNING",
  "errorCode": "string",
  "unparsedFiles": [
    {
      "file": "FileSystemSQL.java",
      "cause": "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
    }
  ],
  "analysisScope": "Baseline",
  "changeRequest": "CR_14-10-2019_1",
  "changeRequestStatus": "Resolved",
  "branchName": "master",
  "auditResult": "FAIL",
  "analysisBusinessValue": "CRITICAL",
  "analysisProvider": "Lab",
  "analysisPortfolios": {
    "country": "spain"
  },
  "metrics": {
    "com.optimyth.CQM.defectsByPriority.Priority 1": 163,
    "com.optimyth.CQM.defectsByPriority.Priority 2": 201,
    "com.optimyth.CQM.defectsByPriority.Priority 3": 159,
    "com.optimyth.CQM.defectsByPriority.Priority 4": 17,
    "com.optimyth.CQM.defectsByPriority.Priority 5": 41
  }
},
...
...
...
{
  "code": "A-7e3-16dc9e29131",
  "label": "14.10.2019_1",
  "creationDate": "2019-10-14T15:15:15Z",
  "qualityModel": "CQM",
  "modelId": "string",
  "encoding": "UTF-8",
  "invoker": "github software",
  "status": "RUNNING",
  "errorCode": "string",
  "unparsedFiles": [
    {
      "file": "FileSystemSQL.java",
      "cause": "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
    }
  ],
  "analysisScope": "Baseline",
  "changeRequest": "CR_14-10-2019_1",
  "changeRequestStatus": "Resolved",
  "branchName": "master",
  "auditResult": "FAIL",
  "analysisBusinessValue": "CRITICAL",
  "analysisProvider": "Lab",
  "analysisPortfolios": {
    "country": "spain"
  },
  "metrics": {
    "com.optimyth.CQM.defectsByPriority.Priority 1": 163,
    "com.optimyth.CQM.defectsByPriority.Priority 2": 201,
    "com.optimyth.CQM.defectsByPriority.Priority 3": 159,
    "com.optimyth.CQM.defectsByPriority.Priority 4": 17,
    "com.optimyth.CQM.defectsByPriority.Priority 5": 41
  }
} ]

Get information of the last successful delivery

GET /deliveries/last_analysis
Description

Obtains the information of the last successful delivery.

Parameters
Type Name Description Model

Query

application
required

Application name

string

Query

branch
optional

To filter deliveries by branch name

string

Query

changeRequest
optional

To filter deliveries by changeRequest

string

Query

label
optional

To filter deliveries by audit label

string

Responses
HTTP Code Description Model

200

Successful retrieval of delivery information

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/deliveries/last_analysis?application=myApp&branch=origin%2Fdevelop&changeRequest=CR_21.11.1019&label=audit+pre+merge
Example HTTP response
Response 200
{
  "name" : "android",
  "description" : "GitHub Android App",
  "auditName" : "Kiuwan default audit",
  "applicationBusinessValue" : "CRITICAL",
  "applicationProvider" : "Lab",
  "applicationPortfolios" : "{ "country": "spain" }",
  "creationDate" : "2020-07-22T15:34:53Z",
  "label" : "14.10.2019_1",
  "date" : "2019-10-14T15:15:15Z",
  "modelId" : 6252,
  "encoding" : "UTF-8",
  "analysisCode" : "A-ZBA-234820349",
  "analysisURL" : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349",
  "auditResultURL" : "string",
  "analysisBusinessValue" : "CRITICAL",
  "analysisProvider" : "Lab",
  "analysisPortfolios" : "{ "country": "spain" }",
  "analysisStatus" : "FINISHED",
  "languages" : [ {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  } ],
  "architecture" : {
    "languages" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "types" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "relations" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "tags" : "tag1",
    "groupTags" : "group1"
  },
  "insightsData" : {
    "components" : 29,
    "vulnerabilities" : 15,
    "licenses" : 8,
    "duplicates" : 8,
    "risks" : [ {
      "name" : "string",
      "risk" : {
        "string" : 0
      }
    } ]
  },
  "unparsedFiles" : [ {
    "file" : "FileSystemSQL.java",
    "cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1.  Encountered: ALTER"
  } ],
  "analysisScope" : "Complete delivery",
  "changeRequest" : "CR_13.01.2020",
  "changeRequestStatus" : "Resolved",
  "branchName" : "master",
  "baselineAnalysisCode" : "A-7e3-16dc9e29131",
  "deliveryFiles" : {
    "count" : 132
  },
  "deliveryDefects" : {
    "newDefects" : 3,
    "removedDefects" : 0,
    "defects" : 582
  },
  "auditResult" : {
    "auditName" : "Kiuwan default audit",
    "description" : "Default audit provided by Kiuwan. Checks if there are new defects. The audit will not pass if there are any.",
    "approvalThreshold" : 50.0,
    "overallResult" : "FAIL",
    "score" : 0.0,
    "checkpointResults" : [ {
      "checkpoint" : "1",
      "result" : "FAIL",
      "name" : "No new defects",
      "description" : "If a new defect is detected, the checkpoint will not pass.",
      "weight" : 1,
      "mandatory" : true,
      "type" : "Threshold for maximum new defects",
      "score" : 0.0,
      "violatedRules" : [ {
        "ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
        "modelId" : 6252,
        "defectsCount" : 72,
        "suppressedDefectsCount" : 0,
        "filesCount" : 11,
        "effort" : "36h 00",
        "characteristic" : "Security",
        "vulnerabilityType" : "Injection",
        "tags" : "[CERT-J:IDS51-J,CWE:79,CWEScope:Access-Control,CWEScope:Availability,CWEScope:Confidentiality,CWEScope:Integrity,essential,OWASP:2013:A3,OWASP:2017:A7,OWASP-M:2014:M7,PCI-DSS:6.5.7,SANS25:2010:1,SANS25:2011:4,WASC:08]",
        "priority" : "Very High",
        "language" : "Java",
        "files" : {
          "href" : "https://api.kiuwan.com/audits/checkpoints/violatedrules/files/defects?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&checkpoint=3452&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java"
        }
      } ]
    } ]
  },
  "lastSuccessfulDelivery" : {
    "code" : "A-7e3-16dc9e29131",
    "label" : "14.10.2019_1",
    "creationDate" : "2019-10-14T15:15:15Z",
    "qualityModel" : "CQM",
    "modelId" : "string",
    "encoding" : "UTF-8",
    "invoker" : "github software",
    "status" : "RUNNING",
    "errorCode" : "string",
    "unparsedFiles" : [ {
      "file" : "FileSystemSQL.java",
      "cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1.  Encountered: ALTER"
    } ],
    "analysisScope" : "Baseline",
    "changeRequest" : "CR_14-10-2019_1",
    "changeRequestStatus" : "Resolved",
    "branchName" : "master",
    "auditResult" : "FAIL",
    "analysisBusinessValue" : "CRITICAL",
    "analysisProvider" : "Lab",
    "analysisPortfolios" : "{ "country": "spain" }",
    "metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
  },
  "lastSuccessfulBaseline" : {
    "code" : "A-7e3-16dc9e29131",
    "label" : "14.10.2019_1",
    "creationDate" : "2019-10-14T15:15:15Z",
    "qualityModel" : "CQM",
    "modelId" : "string",
    "encoding" : "UTF-8",
    "invoker" : "github software",
    "status" : "RUNNING",
    "errorCode" : "string",
    "unparsedFiles" : [ {
      "file" : "FileSystemSQL.java",
      "cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1.  Encountered: ALTER"
    } ],
    "analysisScope" : "Baseline",
    "changeRequest" : "CR_14-10-2019_1",
    "changeRequestStatus" : "Resolved",
    "branchName" : "master",
    "auditResult" : "FAIL",
    "analysisBusinessValue" : "CRITICAL",
    "analysisProvider" : "Lab",
    "analysisPortfolios" : "{ "country": "spain" }",
    "metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
  },
  "quality_model" : "CQM",
  "ordered_by" : "github software",
  "Risk index" : {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  },
  "Quality indicator" : {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  },
  "Effort to target" : {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  },
  "Main metrics" : [ {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  } ],
  "Security" : "{ "Rating": 1, {"3Stars":104.6,"5Stars":255.9,"2Stars":64.89,"4Stars":247.4}"
}

Get information of a delivery by code

GET /deliveries/{code}
Description

Obtains the information of delivery indicating the code of the delivery.

Parameters
Type Name Description Model

Path

code
required

Delivery code

string

Responses
HTTP Code Description Model

200

Successful retrieval of delivery information

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/deliveries/A-7e3-16e5b1aad2a
Example HTTP response
Response 200
{
  "name" : "android",
  "description" : "GitHub Android App",
  "auditName" : "Kiuwan default audit",
  "applicationBusinessValue" : "CRITICAL",
  "applicationProvider" : "Lab",
  "applicationPortfolios" : "{ "country": "spain" }",
  "creationDate" : "2020-07-22T15:34:53Z",
  "label" : "14.10.2019_1",
  "date" : "2019-10-14T15:15:15Z",
  "modelId" : 6252,
  "encoding" : "UTF-8",
  "analysisCode" : "A-ZBA-234820349",
  "analysisURL" : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349",
  "auditResultURL" : "string",
  "analysisBusinessValue" : "CRITICAL",
  "analysisProvider" : "Lab",
  "analysisPortfolios" : "{ "country": "spain" }",
  "analysisStatus" : "FINISHED",
  "languages" : [ {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  } ],
  "architecture" : {
    "languages" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "types" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "relations" : [ {
      "value" : "java",
      "count" : 22
    } ],
    "tags" : "tag1",
    "groupTags" : "group1"
  },
  "insightsData" : {
    "components" : 29,
    "vulnerabilities" : 15,
    "licenses" : 8,
    "duplicates" : 8,
    "risks" : [ {
      "name" : "string",
      "risk" : {
        "string" : 0
      }
    } ]
  },
  "unparsedFiles" : [ {
    "file" : "FileSystemSQL.java",
    "cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1.  Encountered: ALTER"
  } ],
  "analysisScope" : "Complete delivery",
  "changeRequest" : "CR_13.01.2020",
  "changeRequestStatus" : "Resolved",
  "branchName" : "master",
  "baselineAnalysisCode" : "A-7e3-16dc9e29131",
  "deliveryFiles" : {
    "count" : 132
  },
  "deliveryDefects" : {
    "newDefects" : 3,
    "removedDefects" : 0,
    "defects" : 582
  },
  "auditResult" : {
    "auditName" : "Kiuwan default audit",
    "description" : "Default audit provided by Kiuwan. Checks if there are new defects. The audit will not pass if there are any.",
    "approvalThreshold" : 50.0,
    "overallResult" : "FAIL",
    "score" : 0.0,
    "checkpointResults" : [ {
      "checkpoint" : "1",
      "result" : "FAIL",
      "name" : "No new defects",
      "description" : "If a new defect is detected, the checkpoint will not pass.",
      "weight" : 1,
      "mandatory" : true,
      "type" : "Threshold for maximum new defects",
      "score" : 0.0,
      "violatedRules" : [ {
        "ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
        "modelId" : 6252,
        "defectsCount" : 72,
        "suppressedDefectsCount" : 0,
        "filesCount" : 11,
        "effort" : "36h 00",
        "characteristic" : "Security",
        "vulnerabilityType" : "Injection",
        "tags" : "[CERT-J:IDS51-J,CWE:79,CWEScope:Access-Control,CWEScope:Availability,CWEScope:Confidentiality,CWEScope:Integrity,essential,OWASP:2013:A3,OWASP:2017:A7,OWASP-M:2014:M7,PCI-DSS:6.5.7,SANS25:2010:1,SANS25:2011:4,WASC:08]",
        "priority" : "Very High",
        "language" : "Java",
        "files" : {
          "href" : "https://api.kiuwan.com/audits/checkpoints/violatedrules/files/defects?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&checkpoint=3452&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java"
        }
      } ]
    } ]
  },
  "lastSuccessfulDelivery" : {
    "code" : "A-7e3-16dc9e29131",
    "label" : "14.10.2019_1",
    "creationDate" : "2019-10-14T15:15:15Z",
    "qualityModel" : "CQM",
    "modelId" : "string",
    "encoding" : "UTF-8",
    "invoker" : "github software",
    "status" : "RUNNING",
    "errorCode" : "string",
    "unparsedFiles" : [ {
      "file" : "FileSystemSQL.java",
      "cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1.  Encountered: ALTER"
    } ],
    "analysisScope" : "Baseline",
    "changeRequest" : "CR_14-10-2019_1",
    "changeRequestStatus" : "Resolved",
    "branchName" : "master",
    "auditResult" : "FAIL",
    "analysisBusinessValue" : "CRITICAL",
    "analysisProvider" : "Lab",
    "analysisPortfolios" : "{ "country": "spain" }",
    "metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
  },
  "lastSuccessfulBaseline" : {
    "code" : "A-7e3-16dc9e29131",
    "label" : "14.10.2019_1",
    "creationDate" : "2019-10-14T15:15:15Z",
    "qualityModel" : "CQM",
    "modelId" : "string",
    "encoding" : "UTF-8",
    "invoker" : "github software",
    "status" : "RUNNING",
    "errorCode" : "string",
    "unparsedFiles" : [ {
      "file" : "FileSystemSQL.java",
      "cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1.  Encountered: ALTER"
    } ],
    "analysisScope" : "Baseline",
    "changeRequest" : "CR_14-10-2019_1",
    "changeRequestStatus" : "Resolved",
    "branchName" : "master",
    "auditResult" : "FAIL",
    "analysisBusinessValue" : "CRITICAL",
    "analysisProvider" : "Lab",
    "analysisPortfolios" : "{ "country": "spain" }",
    "metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
  },
  "quality_model" : "CQM",
  "ordered_by" : "github software",
  "Risk index" : {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  },
  "Quality indicator" : {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  },
  "Effort to target" : {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  },
  "Main metrics" : [ {
    "name" : "metric name",
    "value" : 50.0,
    "size" : 4013,
    "minRange" : 1.0,
    "maxRange" : 1.0,
    "index" : 0,
    "color" : "red"
  } ],
  "Security" : "{ "Rating": 1, {"3Stars":104.6,"5Stars":255.9,"2Stars":64.89,"4Stars":247.4}"
}

Documentation

Get rule’s documentation

GET /doc/rule
Description

Obtains the documentation of a rule.

Parameters
Type Name Description Model

Query

application
required

Application name

string

Query

code
required

Rule code

string

Query

modelId
required

Model id

string

Responses
HTTP Code Description Model

200

Successful retrieval of rule documentation

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/doc/rule?application=myApp&code=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule&modelId=4525
Example HTTP response
Response 200
{
  "description" : "Software places user-controlled input in page content. An attacker could inject browser script code that is executed\nin the client browser. The end-user is the attacked subject, and the software is the vehicle for the attack.\nThere are two main kinds of XSS:\n\n* Reflected XSS: Attacker causes victim to supply malicious content to a vulnerable web application, which\n  renders HTML content embedding a malicious script executed in victim's browser. A variation of this is named\n  DOM-based XSS, where the vulnerable software does not generate content depending on user input but include\n  script code that use user-controlled input.\n\n* Persisted XSS: Attacker provides malicious content to vulnerable application. When other user access to\n  vulnerable pages that embed without proper neutralization the attacker content, script code is executed in the\n  victim's browser.\n\nThe script executed in the victim's browser could perform malicious activities.\n\nMany browsers could limit the damage via security restrictions (e.g. 'same origin policy'), but user browsers\ngenerally allow scripting languages (e.g. JavaScript) in their browsers (disabling JavaScript severely limits\na web site).",
  "name" : "Do not use variables as parameters for messages",
  "code" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
  "references" : "http://cwe.mitre.org/data/definitions/79.html,https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet,https://www.google.es/about/appsecurity/learning/xss/,https://www.securecoding.cert.org/confluence/display/java/IDS51-J.+Properly+encode+or+escape+output",
  "benefits" : "string",
  "drawbacks" : "string",
  "violationCode" : "import javax.servlet.http.HttpServletRequest;\nimport javax.servlet.http.HttpServletResponse;\nimport java.io.IOException;\nimport java.io.PrintWriter;\n\npublic class CrossSiteScriptingCode {\n  public void directXSS(HttpServletRequest req, HttpServletResponse res) throws IOException {\n    PrintWriter w = res.getWriter();\n    w.println( req.getParameter(\\\"input\\\") ); // VIOLATION\n  }\n}",
  "fixedCode" : "import javax.servlet.http.HttpServletRequest;\nimport javax.servlet.http.HttpServletResponse;\nimport java.io.IOException;\nimport java.io.PrintWriter;\nimport org.owasp.html.*;\n\npublic class CrossSiteScriptingCode {\n  public void directXSS(HttpServletRequest req, HttpServletResponse res) throws IOException {\n    PrintWriter w = res.getWriter();\n    // OWASP Java HTML Sanitizer (upgrade to r88 or later)\n    // Use your own security library if needed\n    PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);\n    String safeHTML = policy.sanitize( req.getParameter(\\\"input\\\") );\n    w.println(safeHTML); // OK\n  }\n}",
  "tags" : "["CWEScope:Access-Control","CWEScope:Availability","CWEScope:Confidentiality","CWEScope:Integrity","essential"]",
  "normatives" : "["CERT-J:IDS51-J","CWE:79","OWASP:2013:A3","OWASP:2017:A7","OWASP-M:2014:M7","PCI-DSS:6.5.7","SANS25:2010:1","SANS25:2011:4","WASC:08"]"
}

GlobalStats

Get the user information

GET /stats
Description

Obtains the user’s global information about locs, files and analysis alongwith the current timestamp in UTC format as JSON if user has access to all customer applications. Access Denied otherwise.

Responses
HTTP Code Description Model

200

Successful retrieval of global information

403

Access denied

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/stats
Example HTTP response
Response 200
[
  {
    "name": "locs",
    "value": 545444.0
  },
  {
    "name": "files",
    "value": 255.0
  },
  {
    "name": "analysis",
    "value": 3806.0
  },
  {
    "name": "24hlocs",
    "value": 45000.0
  },
  {
    "name": "as of",
    "value": "2021-10-18T07:39:01Z"
  }
]

Information

Get user info

GET /info
Description

Obtains the user’s information

Responses
HTTP Code Description Model

200

Successful retrieval of user’s information

403

Access denied

No Content

404

Resource not found

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/info
Example HTTP response
Response 200
{
  "username" : "John Smith",
  "organization" : "MyCompany",
  "engineVersion" : "master.p571.q11669.a1875.i539",
  "engineFrozen" : true
}

Insights

Get list of applications

GET /insights/analysis/applications
Description

Lists applications that use a particular compoment. it can be filtered by group, artifact, technology and version.

Parameters
Type Name Description Model

Query

artifact
required

Artifact name

string

Query

group
optional

Group name

string

Query

language
optional

Language

string

Query

version
optional

Version

string

Responses
HTTP Code Description Model

200

Successful retrieval of applications list

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/insights/analysis/applications?artifact=spring-core&group=org.springframework&language=java&version=1.0.0
Example HTTP response
Response 200
[ {
  "application" : {
    "name" : "android",
    "description" : "GitHub Android App",
    "auditName" : "Kiuwan default audit",
    "applicationBusinessValue" : "CRITICAL",
    "applicationProvider" : "Lab",
    "applicationPortfolios" : "{ "country": "spain" }",
    "creationDate" : "2020-07-22T15:34:53Z",
    "lastSuccessfulDelivery" : {
      "code" : "A-7e3-16dc9e29131",
      "label" : "14.10.2019_1",
      "creationDate" : "2019-10-14T15:15:15Z",
      "qualityModel" : "CQM",
      "modelId" : "string",
      "encoding" : "UTF-8",
      "invoker" : "github software",
      "status" : "RUNNING",
      "errorCode" : "string",
      "unparsedFiles" : [ {
        "file" : "FileSystemSQL.java",
        "cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1.  Encountered: ALTER"
      } ],
      "analysisScope" : "Baseline",
      "changeRequest" : "CR_14-10-2019_1",
      "changeRequestStatus" : "Resolved",
      "branchName" : "master",
      "auditResult" : "FAIL",
      "analysisBusinessValue" : "CRITICAL",
      "analysisProvider" : "Lab",
      "analysisPortfolios" : "{ "country": "spain" }",
      "metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
    },
    "lastSuccessfulBaseline" : {
      "code" : "A-7e3-16dc9e29131",
      "label" : "14.10.2019_1",
      "creationDate" : "2019-10-14T15:15:15Z",
      "qualityModel" : "CQM",
      "modelId" : "string",
      "encoding" : "UTF-8",
      "invoker" : "github software",
      "status" : "RUNNING",
      "errorCode" : "string",
      "unparsedFiles" : [ {
        "file" : "FileSystemSQL.java",
        "cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1.  Encountered: ALTER"
      } ],
      "analysisScope" : "Baseline",
      "changeRequest" : "CR_14-10-2019_1",
      "changeRequestStatus" : "Resolved",
      "branchName" : "master",
      "auditResult" : "FAIL",
      "analysisBusinessValue" : "CRITICAL",
      "analysisProvider" : "Lab",
      "analysisPortfolios" : "{ "country": "spain" }",
      "metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
    },
    "quality_model" : "CQM"
  },
  "component" : {
    "id" : 357,
    "artifact" : "org.springframework:spring-core",
    "version" : "3.2.13.RELEASE",
    "description" : "Spring Core",
    "custom" : true
  }
} ]

Get list of components

GET /insights/analysis/components
Description

List components in analysis for an application name specified in application parameter and a concrete analysis specified by analysisCode parameter.

Parameters
Type Name Description Model

Query

analysisCode
required

Analysis code

string

Query

application
required

Application name

string

Responses
HTTP Code Description Model

200

Successful retrieval of insight components list

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/insights/analysis/components?analysisCode=A-7e3-16e5b1aad2a&application=myApp
Example HTTP response
Response 200
{
  "data" : [ {
    "id" : 178,
    "artifact" : "org.springframework:spring-aop",
    "version" : "3.2.13.RELEASE",
    "filename" : "spring-aop-3.2.13.RELEASE.jar",
    "language" : "java",
    "obsolescenceRisk" : "medium",
    "licenseRisk" : "unknown",
    "securityRisk" : "high",
    "custom" : true,
    "sources" : [ {
      "path" : "pom.xml",
      "artifact" : "org.springframework:spring-context",
      "version" : "3.2.13.RELEASE",
      "child" : [ {
        "repository" : "MAVEN",
        "artifact" : "org.springframework:spring-aop",
        "version" : "3.2.13.RELEASE",
        "child" : [ {
          "repository" : "MAVEN",
          "artifact" : "org.springframework:spring-aop",
          "version" : "3.2.13.RELEASE",
          "child" : [ "..." ]
        } ]
      } ]
    } ],
    "vulnerabilities" : [ {
      "id" : 108742,
      "cve" : "CVE-2018-11039",
      "cwe" : "CWE-20",
      "description" : "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.",
      "severity" : "Low",
      "privateVulnerability" : true
    } ]
  } ]
}

Get list of licenses

GET /insights/analysis/licenses
Description

List licenses in analysis for an application name specified in application parameter and a concrete analysis specified by analysisCode parameter.

Parameters
Type Name Description Model

Query

analysisCode
required

Analysis code

string

Query

application
required

Application name

string

Responses
HTTP Code Description Model

200

Successful retrieval of insight licenses detail list

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/insights/analysis/licenses?analysisCode=A-7e3-16e5b1aad2a&application=myApp
Example HTTP response
Response 200
{
  "data" : [ {
    "id" : 23,
    "license" : "Apache License 2.0",
    "component" : "8",
    "spdxCode" : "Apache-2.0",
    "type" : "Permissive",
    "url" : "https://spdx.org/licenses/Apache-2.0.html",
    "risk" : "none",
    "permissions" : "[\"COMMERCIAL\",\"MODIFY\",\"DISTRIBUTE\",\"SUBLICENSE\",\"PRIVATE\",\"USE_PATENT_CLAIMS\",\"PLACE_WARRANTY\"]",
    "limitations" : "[\"HOLD_LIABLE\",\"USE_TRADEMARK\"]",
    "conditions" : "[\"INCL_COPYRIGHT\",\"INCL_LICENSE\",\"STATE_CHANGES\",\"INCLUDE_NOTICE\"]",
    "components" : [ {
      "id" : 357,
      "artifact" : "org.springframework:spring-core",
      "version" : "3.2.13.RELEASE",
      "description" : "Spring Core",
      "custom" : true
    } ]
  } ]
}

Get list of obsolescences

GET /insights/analysis/obsolescence
Description

List obsolescences in analysis for an application name specified in application parameter and a concrete analysis specified by analysisCode parameter.

Parameters
Type Name Description Model

Query

analysisCode
required

Analysis code

string

Query

application
required

Application name

string

Responses
HTTP Code Description Model

200

Successful retrieval of insight obsolescence detail list

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/insights/analysis/obsolescence?analysisCode=A-7e3-16e5b1aad2a&application=myApp
Example HTTP response
Response 200
{
  "data" : [ {
    "component" : "commons-logging:commons-logging",
    "language" : "java",
    "usedVersion" : "1.1.3",
    "dateUsed" : "2013/05/16",
    "lastVersion" : "1.2",
    "dateLast" : "2014/07/05",
    "release" : "1",
    "outOfDate" : "1y 50d",
    "timeInactivity" : "5y 194d",
    "obsolescenceRisk" : "3.33",
    "risk" : "Medium",
    "description" : "Commons Logging is a thin adapter allowing configurable bridging to other,\n    well known logging systems.",
    "custom" : true
  } ]
}

Get insight security detail list

GET /insights/analysis/security
Description

List security in analysis for an application name specified in application parameter and a concrete analysis specified by analysisCode parameter.

Parameters
Type Name Description Model

Query

analysisCode
required

Analysis code

string

Query

application
required

Application name

string

Responses
HTTP Code Description Model

200

Successful retrieval of insight security detail list

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/insights/analysis/security?analysisCode=A-7e3-16e5b1aad2a&application=myApp
Example HTTP response
Response 200
{
  "data" : [ {
    "id" : 86896,
    "cve" : "CVE-2016-5007",
    "cwe" : "CWE-264",
    "muted" : true,
    "lastModified" : "2017/05/25 19:29",
    "exploitabilitySubscore" : "10",
    "impactSubscore" : "2.9",
    "getcVSSv2BaseScore" : "5",
    "getcVSSv3BaseScore" : "5",
    "securityRisk" : "MEDIUM",
    "description" : "Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.",
    "privateVulnerability" : true,
    "components" : [ {
      "id" : 357,
      "artifact" : "org.springframework:spring-core",
      "version" : "3.2.13.RELEASE",
      "description" : "Spring Core",
      "custom" : true
    } ]
  } ]
}

Get PDF report of insight

GET /insights/analysis/summary/export
Description

Obtains an insight report for an application name specified in application parameter and a concrete analysis specified by analysisCode parameter.

Parameters
Type Name Description Model

Query

analysisCode
required

Analysis code

string

Query

application
required

Application name

string

Query

licenseRisk
optional

Comma-separated list of license risks

enum (Unknown, High, Medium, Low)

Query

limit
optional

Maximum number of components

string

Query

obsolescenceRisk
optional

Comma-separated list of obsolescence risks

enum (Unknown, High, Medium, Low)

Query

securityRisk
optional

Comma-separated list of security risks

enum (Unknown, High, Medium, Low)

Query

status
optional

Component status

enum (New, Removed, Modified)

Responses
HTTP Code Description Model

200

Successful retrieval of of report

file

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/pdf

  • application/json

Example HTTP request
Request path
/insights/analysis/summary/export?analysisCode=A-7e3-16e5b1aad2a&application=myApp&licenseRisk=Unknown%2C+Low&limit=10&obsolescenceRisk=Unknown%2C+Low&securityRisk=Unknown%2C+Low&status=New

Insights Custom Components

Create custom component

POST /insights/custom/component/add
Description

Creates a new custom component.

Parameters
Type Name Description Model

Body

body
required

The component to create

Responses
HTTP Code Description Model

200

Successfully created custom component

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

Produces
  • application/json

Example HTTP request
Request path
/insights/custom/component/add
Request body
{
  "group" : "org.springframework",
  "artifact" : "spring-aop",
  "version" : "3.2.13.RELEASE",
  "language" : "java",
  "description" : "This artifact define the spring-aop",
  "date" : "2019-08-03T10:15:30Z",
  "custom" : false,
  "showPublicVulnerabilities" : false,
  "showPublicLicenses" : false
}
Example HTTP response
Response 200
{
  "result" : "OK"
}

Delete custom component

DELETE /insights/custom/component/delete
Description

Delete custom component or all components that has the same group name, artifact name and technology if the version field is not provided.

Parameters
Type Name Description Model

Body

body
required

the component to delete

Responses
HTTP Code Description Model

200

Successfully deleted custom components. In case that version is not provided then the map contains all versions with custom data and its result. The different values could be 'OK' or 'ASSOCIATED_ANALYSIS' this status is that the component has custom data but is not considered public and it is associated with an analysis.

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

Produces
  • application/json

Example HTTP request
Request path
/insights/custom/component/delete
Request body
{
  "group" : "org.springframework",
  "artifact" : "spring-core",
  "language" : "java",
  "version" : "1.0.0"
}
Example HTTP response
Response 200
{
  "result" : "OK"
}

Get list of custom components

GET /insights/custom/component/list
Description

Get list of custom components.

Parameters
Type Name Description Model

Query

artifactName
optional

Artifact name

string

Query

count
optional

The number of the elements per page

integer

Query

groupName
optional

Group name

string

Query

language
optional

Language

string

Query

page
optional

Page number of the request

integer

Query

version
optional

Version

string

Responses
HTTP Code Description Model

200

Successfully get list of custom components

400

Bad request

No Content

403

Access denied

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

Produces
  • application/json

Example HTTP request
Request path
/insights/custom/component/list?artifactName=spring-core&count=50&groupName=org.springframework&language=java&page=1&version=1.0.0
Example HTTP response
Response 200
[ {
  "group" : "org.springframework",
  "artifact" : "spring-aop",
  "version" : "3.2.13.RELEASE",
  "language" : "java",
  "description" : "This artifact define the spring-aop",
  "date" : "2019-08-03T10:15:30Z",
  "custom" : false,
  "showPublicVulnerabilities" : false,
  "showPublicLicenses" : false
},
...
...
...
{
  "group" : "org.springframework",
  "artifact" : "spring-core",
  "version" : "1.0.0",
  "language" : "java",
  "description" : "This artifact define the spring-core",
  "date" : "2019-08-13T10:15:30Z",
  "custom" : false,
  "showPublicVulnerabilities" : false,
  "showPublicLicenses" : false
} ]

Update custom component

PUT /insights/custom/component/update
Description

Updates a existing custom component.

Parameters
Type Name Description Model

Body

body
required

The component to update

Responses
HTTP Code Description Model

200

Successfully updated custom component

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

Produces
  • application/json

Example HTTP request
Request path
/insights/custom/component/update
Request body
{
  "group" : "org.springframework",
  "artifact" : "spring-aop",
  "version" : "3.2.13.RELEASE",
  "language" : "java",
  "description" : "This artifact define the spring-aop",
  "date" : "2019-08-03T10:15:30Z",
  "custom" : false,
  "showPublicVulnerabilities" : false,
  "showPublicLicenses" : false
}
Example HTTP response
Response 200
{
  "result" : "OK"
}

Create association between licenses and artifact

POST /insights/custom/license/artifact
Description

Create association between licenses and artifact

Parameters
Type Name Description Model

Body

body
required

data to create relation between licenses and artifact

Responses
HTTP Code Description Model

200

Successfully created association between licenses and artifact

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

Produces
  • application/json

Example HTTP request
Request path
/insights/custom/license/artifact
Request body
{
  "group" : "org.springframework",
  "artifact" : "spring-aop",
  "language" : "java",
  "version" : "3.2.13.RELEASE",
  "spdxids" : "Apache-2.0"
}
Example HTTP response
Response 200
{
  "result" : "OK"
}

Delete relationship between a license and artifact

DELETE /insights/custom/license/artifact
Description

Delete relationship between a license and artifact

Parameters
Type Name Description Model

Body

body
required

data to delete relationship between license and artifact

Responses
HTTP Code Description Model

200

Successfully deleted relationship between a license and artifact

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

Produces
  • application/json

Example HTTP request
Request path
/insights/custom/license/artifact
Request body
{
  "group" : "org.springframework",
  "artifact" : "spring-aop",
  "language" : "java",
  "version" : "3.2.13.RELEASE",
  "spdxid" : "Apache-2.0"
}
Example HTTP response
Response 200
{
  "result" : "OK"
}

Delete all relationships between licenses and artifact

DELETE /insights/custom/license/artifact/all
Description

Delete all relationships between licenses and artifact

Parameters
Type Name Description Model

Body

body
required

data to delete all relationships between licenses and artifact

Responses
HTTP Code Description Model

200

Successfully deleted all relationships between licenses and artifact

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

Produces
  • application/json

Example HTTP request
Request path
/insights/custom/license/artifact/all
Request body
{
  "group" : "org.springframework",
  "artifact" : "spring-aop",
  "language" : "java",
  "version" : "3.2.13.RELEASE"
}
Example HTTP response
Response 200
{
  "result" : "OK"
}

Get list of spdx licenses

GET /insights/custom/spdx/licenses
Description

List spdx licenses.

Parameters
Type Name Description Model

Query

licenseName
optional

License name

string

Responses
HTTP Code Description Model

200

Successful retrieval of spdx licenses list

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/insights/custom/spdx/licenses?licenseName=Apache
Example HTTP response
Response 200
{
  "data" : [ {
    "spdxid" : "Apache-2.0",
    "details" : "https://spdx.org/licenses/Apache-2.0.html",
    "name" : "Apache License 2.0"
  } ]
}

Create private vulnerability

POST /insights/custom/vulnerability/add
Description

Creates a new private vulnerability.

Parameters
Type Name Description Model

Body

body
required

the vulnerability to create

Responses
HTTP Code Description Model

200

Successfully created private vulnerability

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

Produces
  • application/json

Example HTTP request
Request path
/insights/custom/vulnerability/add
Request body
{
  "vulnerabilityCode" : "CUSTOM-0001",
  "cwe" : "CWE-20",
  "description" : "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.",
  "severity" : "Low",
  "v2vectorString" : "AV:N/AC:M/Au:S/C:N/I:N/A:P",
  "v2accessVector" : "Local ",
  "v2accessComplexty" : "Low",
  "v2authentication" : "None",
  "v2confidentialityImpact" : "None",
  "v2integrityImpact" : "None",
  "v2availabilityImpact" : "None",
  "v2baseScore" : 4.6,
  "v2exploitabilityScore" : 8.5,
  "v2impactScore" : 8.5,
  "v3vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
  "v3attackVector" : "Network",
  "v3attackComplexity" : "Low",
  "v3privilegesRequired" : "Low",
  "v3userInteraction" : "None",
  "v3scope" : "Unchanged",
  "v3confidentialityImpact" : "None",
  "v3integrityImpact" : "None",
  "v3availabilityImpact" : "None",
  "v3baseScore" : 7.5,
  "v3baseSeverity" : "Low",
  "v3exploitabilityScore" : 3.9,
  "v3impactScore" : 3.6,
  "vulnerableArtifactVersions" : [ {
    "group" : "org.springframework",
    "artifact" : "spring-aop",
    "language" : "java",
    "affectedVersions" : [ {
      "fixedVersion" : "1.0.0",
      "initialVersion" : "2.0.0",
      "endVersion" : "3.0.0",
      "includeInitialVersion" : true,
      "includeEndVersion" : true
    } ]
  } ]
}
Example HTTP response
Response 200
{
  "result" : "OK"
}

Delete private vulnerability

DELETE /insights/custom/vulnerability/delete/{vulnerabilityCode}
Description

Delete a private vulnerability.

Parameters
Type Name Description Model

Path

vulnerabilityCode
required

Vulnerability Code

string

Responses
HTTP Code Description Model

200

Successfully deleted private vulnerability

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

  • text/plain

Produces
  • application/json

Example HTTP request
Request path
/insights/custom/vulnerability/delete/CUSTOM-0001
Example HTTP response
Response 200
{
  "result" : "OK"
}

Get list of private vulnerabilities

GET /insights/custom/vulnerability/list
Description

Get list of private vulnerabilities.

Parameters
Type Name Description Model

Query

affectedArtifactName
optional

Affected artifact name

string

Query

affectedGroupName
optional

Affected group name

string

Query

affectedLanguage
optional

Affected language

string

Query

count
optional

The number of the elements per page

integer

Query

page
optional

Page number of the request

integer

Query

vulnerabilityCode
optional

Vulnerability code

string

Responses
HTTP Code Description Model

200

Successfully get list of private vulnerabilities

400

Bad request

No Content

403

Access denied

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

Produces
  • application/json

Example HTTP request
Request path
/insights/custom/vulnerability/list?affectedArtifactName=spring-core&affectedGroupName=org.springframework&affectedLanguage=java&count=50&page=1&vulnerabilityCode=MY-VULN-0001
Example HTTP response
Response 200
[ {
  "vulnerabilityCode" : "CUSTOM-0001",
  "cwe" : "CWE-20",
  "description" : "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.",
  "severity" : "Low",
  "v2vectorString" : "AV:N/AC:M/Au:S/C:N/I:N/A:P",
  "v2accessVector" : "Local ",
  "v2accessComplexty" : "Low",
  "v2authentication" : "None",
  "v2confidentialityImpact" : "None",
  "v2integrityImpact" : "None",
  "v2availabilityImpact" : "None",
  "v2baseScore" : 4.6,
  "v2exploitabilityScore" : 8.5,
  "v2impactScore" : 8.5,
  "v3vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
  "v3attackVector" : "Network",
  "v3attackComplexity" : "Low",
  "v3privilegesRequired" : "Low",
  "v3userInteraction" : "None",
  "v3scope" : "Unchanged",
  "v3confidentialityImpact" : "None",
  "v3integrityImpact" : "None",
  "v3availabilityImpact" : "None",
  "v3baseScore" : 7.5,
  "v3baseSeverity" : "Low",
  "v3exploitabilityScore" : 3.9,
  "v3impactScore" : 3.6,
  "vulnerableArtifactVersions" : [ {
    "group" : "org.springframework",
    "artifact" : "spring-aop",
    "language" : "java",
    "affectedVersions" : [ {
      "fixedVersion" : "1.0.0",
      "initialVersion" : "2.0.0",
      "endVersion" : "3.0.0",
      "includeInitialVersion" : true,
      "includeEndVersion" : true
    } ]
  } ]
},
...
...
...
{
  "vulnerabilityCode" : "CUSTOM-0001",
  "cwe" : "CWE-20",
  "description" : "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.",
  "severity" : "Low",
  "v2vectorString" : "AV:N/AC:M/Au:S/C:N/I:N/A:P",
  "v2accessVector" : "Local ",
  "v2accessComplexty" : "Low",
  "v2authentication" : "None",
  "v2confidentialityImpact" : "None",
  "v2integrityImpact" : "None",
  "v2availabilityImpact" : "None",
  "v2baseScore" : 4.6,
  "v2exploitabilityScore" : 8.5,
  "v2impactScore" : 8.5,
  "v3vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
  "v3attackVector" : "Network",
  "v3attackComplexity" : "Low",
  "v3privilegesRequired" : "Low",
  "v3userInteraction" : "None",
  "v3scope" : "Unchanged",
  "v3confidentialityImpact" : "None",
  "v3integrityImpact" : "None",
  "v3availabilityImpact" : "None",
  "v3baseScore" : 7.5,
  "v3baseSeverity" : "Low",
  "v3exploitabilityScore" : 3.9,
  "v3impactScore" : 3.6,
  "vulnerableArtifactVersions" : [ {
    "group" : "org.springframework",
    "artifact" : "spring-aop",
    "language" : "java",
    "affectedVersions" : [ {
      "fixedVersion" : "1.0.0",
      "initialVersion" : "2.0.0",
      "endVersion" : "3.0.0",
      "includeInitialVersion" : true,
      "includeEndVersion" : true
    } ]
  } ]
} ]

Update private vulnerability

PUT /insights/custom/vulnerability/update/{vulnerabilityCode}
Description

Updates a private vulnerability.

Parameters
Type Name Description Model

Path

vulnerabilityCode
required

Vulnerability Code

string

Body

body
required

the vulnerability to update

Responses
HTTP Code Description Model

200

Successfully updated private vulnerability

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

Produces
  • application/json

Example HTTP request
Request path
/insights/custom/vulnerability/update/CUSTOM-0001
Request body
{
  "vulnerabilityCode" : "CUSTOM-0001",
  "cwe" : "CWE-20",
  "description" : "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.",
  "severity" : "Low",
  "v2vectorString" : "AV:N/AC:M/Au:S/C:N/I:N/A:P",
  "v2accessVector" : "Local ",
  "v2accessComplexty" : "Low",
  "v2authentication" : "None",
  "v2confidentialityImpact" : "None",
  "v2integrityImpact" : "None",
  "v2availabilityImpact" : "None",
  "v2baseScore" : 4.6,
  "v2exploitabilityScore" : 8.5,
  "v2impactScore" : 8.5,
  "v3vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
  "v3attackVector" : "Network",
  "v3attackComplexity" : "Low",
  "v3privilegesRequired" : "Low",
  "v3userInteraction" : "None",
  "v3scope" : "Unchanged",
  "v3confidentialityImpact" : "None",
  "v3integrityImpact" : "None",
  "v3availabilityImpact" : "None",
  "v3baseScore" : 7.5,
  "v3baseSeverity" : "Low",
  "v3exploitabilityScore" : 3.9,
  "v3impactScore" : 3.6,
  "vulnerableArtifactVersions" : [ {
    "group" : "org.springframework",
    "artifact" : "spring-aop",
    "language" : "java",
    "affectedVersions" : [ {
      "fixedVersion" : "1.0.0",
      "initialVersion" : "2.0.0",
      "endVersion" : "3.0.0",
      "includeInitialVersion" : true,
      "includeEndVersion" : true
    } ]
  } ]
}
Example HTTP response
Response 200
{
  "result" : "OK"
}

Languages

Get languages

GET /languages
Description

Obtains a map of languages specifying the language code and the language name

Responses
HTTP Code Description Model

200

Successfully retrieval of languages map

< string, string > map

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/languages
Example HTTP response
Response 200
"object"

Management

Create application

POST /applications
Description

Creates a new application in your account.

Parameters
Type Name Description Model

Body

body
required

the application to create

Responses
HTTP Code Description Model

200

Successfully created application

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

Produces
  • application/json

Example HTTP request
Request path
/applications
Request body
{
  "name" : "myApp",
  "model" : "CQM",
  "description" : "GitHub Android App",
  "portfolios" : [ {
    "portfolioName" : "country",
    "portfolioValue" : "spain"
  } ],
  "targets" : {
    "string" : 0.0
  },
  "newName" : "myNewApp",
  "businessValue" : "CRITICAL",
  "provider" : "Lab",
  "modelId" : 1243,
  "newModelId" : 1345,
  "forceModel" : true,
  "sourceCodeUpload" : true,
  "audit" : "true"
}
Example HTTP response
Response 200
{
  "result" : "OK"
}

Update application with query parameter

PUT /applications
Description

Modifies the information of an application in your account.

Parameters
Type Name Description Model

Body

body
required

the application to modify

Responses
HTTP Code Description Model

200

Successfully modified application

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

Produces
  • application/json

Example HTTP request
Request path
/applications
Request body
{
  "name" : "myApp",
  "model" : "CQM",
  "description" : "GitHub Android App",
  "portfolios" : [ {
    "portfolioName" : "country",
    "portfolioValue" : "spain"
  } ],
  "targets" : {
    "string" : 0.0
  },
  "newName" : "myNewApp",
  "businessValue" : "CRITICAL",
  "provider" : "Lab",
  "modelId" : 1243,
  "newModelId" : 1345,
  "forceModel" : true,
  "sourceCodeUpload" : true,
  "audit" : "true"
}
Example HTTP response
Response 200
{
  "result" : "OK"
}

Delete application

DELETE /applications
Description

Deletes an application of your account.

Parameters
Type Name Description Model

Query

application
required

Application name

string

Responses
HTTP Code Description Model

200

Successfully deleted application

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/applications?application=myApp
Example HTTP response
Response 200
{
  "result" : "OK"
}

Update application

PUT /applications/{application}
Description

Modifies the information of an application in your account.

Parameters
Type Name Description Model

Path

application
required

Application name

string

Body

body
required

the application to modify

Responses
HTTP Code Description Model

200

Successfully updated application

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

Produces
  • application/json

Example HTTP request
Request path
/applications/myApp
Request body
{
  "name" : "myApp",
  "model" : "CQM",
  "description" : "GitHub Android App",
  "portfolios" : [ {
    "portfolioName" : "country",
    "portfolioValue" : "spain"
  } ],
  "targets" : {
    "string" : 0.0
  },
  "newName" : "myNewApp",
  "businessValue" : "CRITICAL",
  "provider" : "Lab",
  "modelId" : 1243,
  "newModelId" : 1345,
  "forceModel" : true,
  "sourceCodeUpload" : true,
  "audit" : "true"
}
Example HTTP response
Response 200
{
  "result" : "OK"
}

Get users roles for application

GET /applications/{application}/users/roles
Description

Get users roles for application. Use 'username' and 'exactUsername' to filter results.

Parameters
Type Name Description Model

Path

application
required

Application name

string

Query

exactUsername
optional

Indicates if the username must be equals (ignore case). Only apply if username is provided

boolean

Query

username
optional

'username' mask to filter results

string

Responses
HTTP Code Description Model

200

Successful retrieval users application roles

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/applications/myApp/users/roles?exactUsername=true&username=john.smith%40myCompany.com
Example HTTP response
Response 200
{
  "username" : "username",
  "roleName" : "None",
  "override" : true
}

Portfolio

Create or update portfolio definitions

POST /portfolios
Description

Creates or update portfolio definitions for an account.

Parameters
Type Name Description Model

Body

body
required

Portfolio to be saved

Responses
HTTP Code Description Model

200

Successfully created or updated portfolio definition

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

Produces
  • application/json

Example HTTP request
Request path
/portfolios
Request body
{
  "name" : "provider",
  "description" : "List of company providers",
  "isSystemPortfolio" : true,
  "values" : "["Lab", "Factory"]"
}
Example HTTP response
Response 200
{
  "result" : "OK"
}

Get portfolio definitions

GET /portfolios
Description

Obtains the portfolio definitions of an account.

Responses
HTTP Code Description Model

200

Successful retrieval of portfolio definitions list

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/portfolios
Example HTTP response
Response 200
[
    {
        "name": "businessValue",
        "values": [
            "CRITICAL",
            "HIGH",
            "MEDIUM",
            "LOW",
            "VERY LOW"
        ],
        "isSystemPortfolio": true
    },
    ...
    ...
    ...
    {
        "name": "provider",
        "description": "List of company providers",
        "values": [],
        "isSystemPortfolio": true
    }
]

Get users roles by portfolio

GET /portfolios/{portfolio}/users/roles
Description

List the users roles for the portfolio. Use 'username', 'exactUsername', 'portfolioValue' and 'exactPortfolioValue' to filter results.

Parameters
Type Name Description Model

Path

portfolio
required

Portfolio name

string

Query

exactPortfolioValue
optional

Indicates if the portfolioValue must be equals (ignore case). Only apply if portfolioValue is provided

boolean

Query

exactUsername
optional

Indicates if the username must be equals (ignore case). Only apply if username is provided

boolean

Query

portfolioValue
optional

'portfolioValue' mask to filter results

string

Query

username
optional

'username' mask to filter results

string

Responses
HTTP Code Description Model

200

Successful retrieval portfolio users roles

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/portfolios/businessValue/users/roles?exactPortfolioValue=true&exactUsername=true&portfolioValue=high&username=username
Example HTTP response
Response 200
[
    {
        "type": "SYSTEM",
        "username": "username",
        "portfolioValue": "HIGH",
        "roleName": "Write"
    },
    ...
    ...
    ...
    {
        "type": "SYSTEM",
        "username": "username",
        "portfolioValue": "VERY LOW",
        "roleName": "Write"
    }
]

Get list of portfolio values by portfolio name

GET /portfolios/{portfolio}/values/list
Description

List all portfolio values asociated to portfolio name. This endpoint return an error code 15 if the portfolio name not exists, in other case, it return the list of portfolio values.

Parameters
Type Name Description Model

Path

portfolio
required

Portfolio name

string

Responses
HTTP Code Description Model

200

Successful retrieval list of portfolio value for this portfolio name

< string > array

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/portfolios/businessValue/values/list
Example HTTP response
Response 200
[
"string1"
...
...
...
...
"stringN"
]

Get if portfolio and portfolio value exists

GET /portfolios/{portfolio}/{value}/exists
Description

Check if portfolio and portfolio value exists. This endpoint return an error code 15 if the portfolio name not exists and return true if exists the pair protfolio name and value and false if exists portfolio name but not exists the portfolio value for this portfolio name.

Parameters
Type Name Description Model

Path

portfolio
required

Portfolio name

string

Path

value
required

Portfolio value

string

Responses
HTTP Code Description Model

200

Successful retrieval if portfolio name and portfolio value exists

boolean

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/portfolios/businessValue/high/exists
Example HTTP response
Response 200
true

Security

Get permissions for an action

GET /security/permissions/{action}
Description

Returns grant information on the specified action for the authenticated user. Recognized actions: MUTE_DEFECTS, CHANGE_DEFECT_STATUS

Parameters
Type Name Description Model

Path

action
required

Action name

enum (MUTE_DEFECTS, CHANGE_DEFECT_STATUS)

Query

appId
optional

Application identifier

string

Query

application
optional

Application name

string

Responses
HTTP Code Description Model

200

Successful retrieval of grant information

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/security/permissions/MUTE_DEFECTS?appId=234&application=myApp
Example HTTP response
Response 200
{
  "actionCode" : "MUTE_DEFECTS",
  "granted" : true
}

User

Get applications roles by user

GET /user/{username}/applications/roles
Description

List the applications roles for the username. Use 'applicationName' and 'exactApplicationName' to filter results.

Parameters
Type Name Description Model

Path

username
required

User name

string

Query

applicationName
optional

'applicationName' mask to filter results

string

Query

exactApplicationName
optional

Indicates if the applicationName must be equals (ignore case). Only apply if applicationName is provided

boolean

Responses
HTTP Code Description Model

200

Successful retrieval user applications roles

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/user/john.smith%40myCompany.com/applications/roles?applicationName=myApp&exactApplicationName=true
Example HTTP response
Response 200
[ {
  "name" : "ApplicationInJapan",
  "roleName" : "None",
  "override" : true
},
...
...
...
{
  "name" : "ApplicationInUS",
  "roleName" : "Write",
  "override" : true
} ]

Get portfolios roles by user

GET /user/{username}/portfolios/roles
Description

List the portfolios roles for the username. Use 'portfolioName', 'exactPortfolioName', 'portfolioValue' and 'exactPortfolioValue' to filter results.

Parameters
Type Name Description Model

Path

username
required

User name

string

Query

exactPortfolioName
optional

Indicates if the portfolioName must be equals (ignore case). Only apply if portfolioName is provided

boolean

Query

exactPortfolioValue
optional

Indicates if the portfolioValue must be equals (ignore case). Only apply if portfolioValue is provided

boolean

Query

portfolioName
optional

'portfolioName' mask to filter results

string

Query

portfolioValue
optional

'portfolioValue' mask to filter results

string

Responses
HTTP Code Description Model

200

Successful retrieval user portfolios roles

< PortfolioRoleData > array

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/user/john.smith%40myCompany.com/portfolios/roles?exactPortfolioName=true&exactPortfolioValue=true&portfolioName=businessValue&portfolioValue=high
Example HTTP response
Response 200
[ {
  "type" : "CUSTOM",
  "portfolioName" : "Region",
  "portfolioValue" : "Asia",
  "roleName" : "Write"
},
...
...
...
{
  "type" : "SYSTEM",
  "portfolioName" : "businessValue",
  "portfolioValue" : "HIGH",
  "roleName" : "Write"
} ]

Create user

POST /users
Description

Creates a new user in your account.

Parameters
Type Name Description Model

Body

body
required

the user to create

Responses
HTTP Code Description Model

200

Successfully created user

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

Produces
  • application/json

Example HTTP request
Request path
/users
Request body
{
  "username" : "john.smith@myCompany.com",
  "firstName" : "John",
  "lastName" : "Smith",
  "enabled" : true,
  "email" : "john.smith@myCompany.com",
  "generatePassword" : true,
  "regeneratePassword" : false,
  "enableLoginWithPassword" : true,
  "accessControlConfiguration" : {
    "assignmentMode" : "OVERWRITE",
    "overrideUserGroupConfig" : true,
    "managementFeatures" : "["MANAGE_APPLICATIONS","MANAGE_MODELS","VIEW_LIFE_CYCLE"]",
    "portfolioRoles" : [ {
      "type" : "CUSTOM",
      "portfolioName" : "Region",
      "portfolioValue" : "Asia",
      "roleName" : "Write"
    } ],
    "applicationRoles" : [ {
      "name" : "ApplicationInJapan",
      "roleName" : "None",
      "override" : true
    } ],
    "businessValueRoles" : [ {
      "type" : "SYSTEM",
      "portfolioValue" : "CRITICAL",
      "roleName" : "Readonly"
    } ],
    "providerRoles" : [ {
      "type" : "SYSTEM",
      "portfolioValue" : "Provider1",
      "roleName" : "Write"
    } ]
  }
}
Example HTTP response
Response 200
{
  "result" : "OK"
}

Get list of users

GET /users
Description

List the users of your account. Use 'username' and 'emailAddress' (logical AND) to filter results.

Parameters
Type Name Description Model

Query

emailAddress
optional

'emailAddress' mask to filter results

string

Query

exactUsername
optional

Indicates if the username must be equals (ignore case). Only apply if username is provided

boolean

Query

username
optional

'username' mask to filter results

string

Responses
HTTP Code Description Model

200

Successful retrieval of users list

< UserDetailResponse > array

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/users?emailAddress=john.smith%40myCompany.com&exactUsername=true&username=john.smith%40myCompany.com
Example HTTP response
Response 200
[ {
  "username" : "john.smith@myCompany.com",
  "firstName" : "John",
  "lastName" : "Smith",
  "enabled" : true,
  "email" : "john.smith@myCompany.com",
  "isOwner" : false,
  "enableLoginWithPassword" : true
},
...
...
...
{
  "username" : "kiuwan.admin@myCompany.com",
  "firstName" : "kiuwan",
  "lastName" : "admin",
  "enabled" : true,
  "email" : "kiuwan.admin@myCompany.com",
  "isOwner" : false,
  "enableLoginWithPassword" : true
} ]

Get list of users and application permissions

GET /users/applications/permissions
Description

List the users of your account with their application permissions. Use 'username' and 'emailAddress' and 'applicationName' (logical AND) to filter results.

Parameters
Type Name Description Model

Query

applicationName
optional

'applicationName' mask to filter results

string

Query

emailAddress
optional

'emailAddress' mask to filter results

string

Query

exactApplicationName
optional

Indicates if the applicationName must be equals (ignore case). Only apply if applicationName is provided

boolean

Query

exactUsername
optional

Indicates if the username must be equals (ignore case). Only apply if username is provided

boolean

Query

username
optional

'username' mask to filter results

string

Responses
HTTP Code Description Model

200

Successful retrieval of users list with their application permissions

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/users/applications/permissions?applicationName=myApp&emailAddress=john.smith%40myCompany.com&exactApplicationName=true&exactUsername=true&username=john.smith%40myCompany.com
Example HTTP response
Response 200
[ {
  "username" : "john.smith@myCompany.com",
  "email" : "john.smith@myCompany.com",
  "firstName" : "John",
  "lastName" : "Smith",
  "managementFeatures" : ["MANAGE_APPLICATIONS","MANAGE_MODELS"],
  "enabled" : true,
  "supportEnabled" : true,
  "overrideUserGroup" : true,
  "manageApplications" : true,
  "manageUsers" : true,
  "manageModels" : true,
  "manageAudits" : true,
  "manageReports" : true,
  "applicationPermissionsData" : [ {
    "applicationName" : "myApp",
    "roleName" : "None",
    "override" : true,
    "deleteActionPlans" : true,
    "deleteAnalysis" : true,
    "deleteDeliveries" : true,
    "executeAnalysis" : true,
    "executeDeliveries" : true,
    "exportActionPlansJira" : true,
    "muteDefects" : true,
    "changeDefectStatus" : true,
    "saveActionPlans" : true,
    "viewApplicationData" : true,
    "viewDeliveries" : true
  } ]
},
...
...
...
{
  "username" : "kiuwan.admin@myCompany.com",
  "email" : "kiuwan.admin@myCompany.com",
  "firstName" : "kiuwan",
  "lastName" : "admin",
  "managementFeatures" : ["MANAGE_APPLICATIONS","MANAGE_MODELS"],
  "enabled" : true,
  "supportEnabled" : true,
  "overrideUserGroup" : true,
  "manageApplications" : true,
  "manageUsers" : true,
  "manageModels" : true,
  "manageAudits" : true,
  "manageReports" : true,
  "applicationPermissionsData" : [ {
    "applicationName" : "myApp",
    "roleName" : "None",
    "override" : true,
    "deleteActionPlans" : true,
    "deleteAnalysis" : true,
    "deleteDeliveries" : true,
    "executeAnalysis" : true,
    "executeDeliveries" : true,
    "exportActionPlansJira" : true,
    "muteDefects" : true,
    "changeDefectStatus" : true,
    "saveActionPlans" : true,
    "viewApplicationData" : true,
    "viewDeliveries" : true
  } ]
} ]

Update user

PUT /users/{username}
Description

Modifies the information of an user in your account.

Parameters
Type Name Description Model

Path

username
required

User name

string

Body

body
required

the user to update

Responses
HTTP Code Description Model

200

Successfully updated user

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

Produces
  • application/json

Example HTTP request
Request path
/users/john.smith%40myCompany.com
Request body
{
  "username" : "john.smith@myCompany.com",
  "firstName" : "John",
  "lastName" : "Smith",
  "enabled" : true,
  "email" : "john.smith@myCompany.com",
  "generatePassword" : true,
  "regeneratePassword" : false,
  "enableLoginWithPassword" : true,
  "accessControlConfiguration" : {
    "assignmentMode" : "OVERWRITE",
    "overrideUserGroupConfig" : true,
    "managementFeatures" : "["MANAGE_APPLICATIONS","MANAGE_MODELS","VIEW_LIFE_CYCLE"]",
    "portfolioRoles" : [ {
      "type" : "CUSTOM",
      "portfolioName" : "Region",
      "portfolioValue" : "Asia",
      "roleName" : "Write"
    } ],
    "applicationRoles" : [ {
      "name" : "ApplicationInJapan",
      "roleName" : "None",
      "override" : true
    } ],
    "businessValueRoles" : [ {
      "type" : "SYSTEM",
      "portfolioValue" : "CRITICAL",
      "roleName" : "Readonly"
    } ],
    "providerRoles" : [ {
      "type" : "SYSTEM",
      "portfolioValue" : "Provider1",
      "roleName" : "Write"
    } ]
  }
}
Example HTTP response
Response 200
{
  "result" : "OK"
}

Delete user

DELETE /users/{username}
Description

Delete a user of your account.

Parameters
Type Name Description Model

Path

username
required

User name

string

Responses
HTTP Code Description Model

200

Successfully deleted user

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

  • text/plain

Produces
  • application/json

Example HTTP request
Request path
/users/john.smith%40myCompany.com
Example HTTP response
Response 200
{
  "result" : "OK"
}

UserGroup

Create user group

POST /userGroups
Description

Creates a new user group in your account.

Parameters
Type Name Description Model

Body

body
required

The user group to create

Responses
HTTP Code Description Model

200

Successfully created an user group

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

Produces
  • application/json

Example HTTP request
Request path
/userGroups
Request body
{
  "name" : "CMSDevelopers",
  "newName" : "CMS_Developers",
  "users" : "john.smith@myCompany.com, kelly.smith@myCompany.com",
  "accessControlConfiguration" : {
    "assignmentMode" : "OVERWRITE",
    "overrideUserGroupConfig" : true,
    "managementFeatures" : "["MANAGE_APPLICATIONS","MANAGE_MODELS","VIEW_LIFE_CYCLE"]",
    "portfolioRoles" : [ {
      "type" : "CUSTOM",
      "portfolioName" : "Region",
      "portfolioValue" : "Asia",
      "roleName" : "Write"
    } ],
    "applicationRoles" : [ {
      "name" : "ApplicationInJapan",
      "roleName" : "None",
      "override" : true
    } ],
    "businessValueRoles" : [ {
      "type" : "SYSTEM",
      "portfolioValue" : "CRITICAL",
      "roleName" : "Readonly"
    } ],
    "providerRoles" : [ {
      "type" : "SYSTEM",
      "portfolioValue" : "Provider1",
      "roleName" : "Write"
    } ]
  }
}
Example HTTP response
Response 200
{
  "result" : "OK"
}

Get list of user groups

GET /userGroups
Description

List the user groups of your account.

Responses
HTTP Code Description Model

200

Successful retrieval of user groups list

< UserGroupResponse > array

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Produces
  • application/json

Example HTTP request
Request path
/userGroups
Example HTTP response
Response 200
[ {
  "name" : "CMSDevelopers",
  "users" : "john.smith@myCompany.com, kelly.smith@myCompany.com"
},
...
...
...
{
  "name" : "newCMSDevelopers",
  "users" : "john.smith@myCompany.com"
} ]

Update user group

PUT /userGroups/{name}
Description

Modifies the information of an user group in your account.

Parameters
Type Name Description Model

Path

name
required

User group name

string

Body

body
required

The user group to modify

Responses
HTTP Code Description Model

200

Successfully modified an user group

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

Produces
  • application/json

Example HTTP request
Request path
/userGroups/CMSDevelopers
Request body
{
  "name" : "CMSDevelopers",
  "newName" : "CMS_Developers",
  "users" : "john.smith@myCompany.com, kelly.smith@myCompany.com",
  "accessControlConfiguration" : {
    "assignmentMode" : "OVERWRITE",
    "overrideUserGroupConfig" : true,
    "managementFeatures" : "["MANAGE_APPLICATIONS","MANAGE_MODELS","VIEW_LIFE_CYCLE"]",
    "portfolioRoles" : [ {
      "type" : "CUSTOM",
      "portfolioName" : "Region",
      "portfolioValue" : "Asia",
      "roleName" : "Write"
    } ],
    "applicationRoles" : [ {
      "name" : "ApplicationInJapan",
      "roleName" : "None",
      "override" : true
    } ],
    "businessValueRoles" : [ {
      "type" : "SYSTEM",
      "portfolioValue" : "CRITICAL",
      "roleName" : "Readonly"
    } ],
    "providerRoles" : [ {
      "type" : "SYSTEM",
      "portfolioValue" : "Provider1",
      "roleName" : "Write"
    } ]
  }
}
Example HTTP response
Response 200
{
  "result" : "OK"
}

Delete user group

DELETE /userGroups/{name}
Description

Deletes a user group of your account.

Parameters
Type Name Description Model

Path

name
required

User group name

string

Responses
HTTP Code Description Model

200

Successfully deleted an user group

400

Bad format

No Content

403

Access denied

No Content

404

Resource not found

No Content

429

Quota limit reached

No Content

500

Internal server error

No Content

Consumes
  • application/json

  • text/plain

Produces
  • application/json

Example HTTP request
Request path
/userGroups/CMSDevelopers
Example HTTP response
Response 200
{
  "result" : "OK"
}

Model

AccessControlConfigurationData

Data object to configure user Access Control

Name Description Model

applicationRoles
optional

Application roles list
Example : [ "ApplicationRoleData" ]

assignmentMode
optional

Indicates how to update the permissions. Can be ADD, DELETE or OVERWRITE.
Example : "OVERWRITE"

enum (ADD, DELETE, OVERWRITE)

businessValueRoles
optional

Business value portofolio roles list
Example : [ "BusinessValuePortfolioRoleData" ]

managementFeatures
optional

Management features to enable/disable. Allowed values are { MANAGE_APPLICATIONS | MANAGE_ALL_USERS | MANAGE_MODELS | MANAGE_AUDITS | MANAGE_REPORTS | VIEW_GOVERNANCE | VIEW_CODE_ANALYSIS | VIEW_CODE_SECURITY | VIEW_INSIGHTS | VIEW_LIFE_CYCLE }
Example : "["MANAGE_APPLICATIONS","MANAGE_MODELS","VIEW_LIFE_CYCLE"]"

< string > array

overrideUserGroupConfig
optional

Indicates if override user group config or not
Example : true

boolean

portfolioRoles
optional

Portfolio roles list
Example : [ "PortfolioRoleData" ]

< PortfolioRoleData > array

providerRoles
optional

Provider portfolio roles list
Example : [ "ProviderPortfolioRoleData" ]

ActionPlanDefectsResponse

Response object for action plan defects

Name Description Model

allDefects
optional

List of action plan defects
Example : [ "DefectDetailResponse" ]

assignedTo
optional

User assigned to this action plan
Example : "John Smith"

string

createdBy
optional

User action plan creator
Example : "The Boss"

string

creation
optional

Creation time
Example : "2019-10-31T14:50:05.227Z"

string

description
optional

Action plan Description
Example : "Action Plan for security defects"

string

estimate
optional

Total effort estimated time
Example : "1h 56m"

string

expiration
optional

Expiration time
Example : "2019-11-31T14:50:05.227Z"

string

name
optional

Action plan name
Example : "ActionPlan1"

string

pendingEffort
optional

Pending effort estimated time
Example : "30m"

string

progress
optional

Action plan progress
Example : 32.5

number (double)

purged
optional

Indicates if the action plan is purged
Example : false

boolean

ActionPlanDetailResponse

Response object for action plan details

Name Description Model

assignedTo
optional

User assigned to this action plan
Example : "John Smith"

string

createdBy
optional

User action plan creator
Example : "The Boss"

string

creation
optional

Creation time
Example : "2019-10-31T14:50:05.227Z"

string

description
optional

Action plan Description
Example : "Action Plan for security defects"

string

estimate
optional

Total effort estimated time
Example : "1h 56m"

string

expiration
optional

Expiration time
Example : "2019-11-31T14:50:05.227Z"

string

name
optional

Action plan name
Example : "ActionPlan1"

string

pendingEffort
optional

Pending effort estimated time
Example : "30m"

string

progress
optional

Action plan progress
Example : 32.5

number (double)

purged
optional

Indicates if the action plan is purged
Example : false

boolean

ActionPlanPendingDefectsResponse

Response object for action plan pending defects

Name Description Model

assignedTo
optional

User assigned to this action plan
Example : "John Smith"

string

createdBy
optional

User action plan creator
Example : "The Boss"

string

creation
optional

Creation time
Example : "2019-10-31T14:50:05.227Z"

string

description
optional

Action plan Description
Example : "Action Plan for security defects"

string

estimate
optional

Total effort estimated time
Example : "1h 56m"

string

expiration
optional

Expiration time
Example : "2019-11-31T14:50:05.227Z"

string

name
optional

Action plan name
Example : "ActionPlan1"

string

pendingDefects
optional

List of action plan pending defects
Example : [ "DefectDetailResponse" ]

pendingEffort
optional

Pending effort estimated time
Example : "30m"

string

progress
optional

Action plan progress
Example : 32.5

number (double)

purged
optional

Indicates if the action plan is purged
Example : false

boolean

ActionPlanProgressResponse

Response object for action plan in progress

Name Description Model

assignedTo
optional

User assigned to this action plan
Example : "John Smith"

string

createdBy
optional

User action plan creator
Example : "The Boss"

string

creation
optional

Creation time
Example : "2019-10-31T14:50:05.227Z"

string

description
optional

Action plan Description
Example : "Action Plan for security defects"

string

effortToTargetAfter
optional

Effort to target after action plan
Example : 8.23

number (double)

effortToTargetBefore
optional

Effort to target before action plan
Example : 31.8

number (double)

estimate
optional

Total effort estimated time
Example : "1h 56m"

string

expiration
optional

Expiration time
Example : "2019-11-31T14:50:05.227Z"

string

globalIndicatorAfter
optional

Global indicator after action plan
Example : 23.5

number (double)

globalIndicatorBefore
optional

Global indicator before action plan
Example : 7.21

number (double)

metrics
optional

Map of action plan metrics
Example : { "string" : 0.0 }

< string, number (double) > map

name
optional

Action plan name
Example : "ActionPlan1"

string

pendingEffort
optional

Pending effort estimated time
Example : "30m"

string

progress
optional

Action plan progress
Example : 32.5

number (double)

purged
optional

Indicates if the action plan is purged
Example : false

boolean

qualityIndicatorsAfter
optional

Map of quality indicators after action plan
Example : "{"Efficiency":15.28, "Portability":7.23, "Maintainability":71.1, "Reliability":31.2, "Security":23.21 }"

< string, number (double) > map

qualityIndicatorsBefore
optional

Map of quality indicators before action plan
Example : "{"Efficiency":53.21, "Portability":72.9, "Maintainability":21.9, "Reliability":13.12, "Security":38.32 }"

< string, number (double) > map

riskIndexAfter
optional

Risk index after action plan
Example : 9.3

number (double)

riskIndexBefore
optional

Risk index before action plan
Example : 19.22

number (double)

ActionPlanRemovedDefectsResponse

Response object for action plan removed defects

Name Description Model

assignedTo
optional

User assigned to this action plan
Example : "John Smith"

string

createdBy
optional

User action plan creator
Example : "The Boss"

string

creation
optional

Creation time
Example : "2019-10-31T14:50:05.227Z"

string

description
optional

Action plan Description
Example : "Action Plan for security defects"

string

estimate
optional

Total effort estimated time
Example : "1h 56m"

string

expiration
optional

Expiration time
Example : "2019-11-31T14:50:05.227Z"

string

name
optional

Action plan name
Example : "ActionPlan1"

string

pendingEffort
optional

Pending effort estimated time
Example : "30m"

string

progress
optional

Action plan progress
Example : 32.5

number (double)

purged
optional

Indicates if the action plan is purged
Example : false

boolean

removedDefects
optional

List of action plan removed defects
Example : [ "DefectDetailResponse" ]

ActivitiesResponse

Name Description Model

action
optional

Activity action
Example : "CREATE"

string

affectedItems
optional

Affected elements by the activity
Example : [ "AffectedItemData" ]

< AffectedItemData > array

date
optional

Activity date
Example : "2019-11-23T12:22:34Z"

string

description
optional

Activity description
Example : "The user \"username\" logged in"

string

elementType
optional

Activity type
Example : "Analysis KLA"

string

user
optional

User which did the activity
Example : "user"

string

ActivityResponse

Name Description Model

activity
optional

Activities list
Example : [ "ActivitiesResponse" ]

< ActivitiesResponse > array

itemsPerPage
optional

Items per page
Example : 10

integer (int32)

startIndex
optional

Start index
Example : 1

integer (int32)

totalResults
optional

Total results
Example : 1

integer (int32)

AffectedItemData

Name Description Model

oldValue
optional

Affected item old value
Example : "myOldAppName"

string

type
optional

Affected item type
Example : "Application"

string

value
optional

Affected item value
Example : "myAppName"

string

AffectedVersionsData

Data object for Affected Versions

Name Description Model

endVersion
optional

If affected versions is a range of versions this is the end version. If this field is not provided and the affected versions is a range then all versions geather than inital versions will be considered affected
Example : "3.0.0"

string

fixedVersion
optional

If affected version is a fixed version. One of these two fields 'fixedVersion' or 'initialVersion' is required
Example : "1.0.0"

string

includeEndVersion
optional

If end version is included or not
Example : true

boolean

includeInitialVersion
optional

If initial version is included or not
Example : true

boolean

initialVersion
optional

If affected versions is a range of versions this is the initial version. One of these two fields 'fixedVersion' or 'initialVersion' is required
Example : "2.0.0"

string

AnalysisDefectsResponse

Response object for Analysis Defects

Name Description Model

Effort to target
optional

Effort to target metric
Example : MetricValueData

Main metrics
optional

Main metrics list
Example : [ "MetricValueData" ]

< MetricValueData > array

Quality indicator
optional

Quality indicator metric
Example : MetricValueData

Risk index
optional

Risk index metric
Example : MetricValueData

Security
optional
read-only

Map of security metrics
Example : "{ "Rating": 1, {"3Stars":104.6,"5Stars":255.9,"2Stars":64.89,"4Stars":247.4}"

< string, object > map

activeDefects_count
optional

Active defects count
Example : 575

integer (int32)

analysisBusinessValue
optional

Analysis business value
Example : "CRITICAL"

enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL)

analysisCode
optional

Analysis code
Example : "A-ZBA-234820349"

string

analysisPortfolios
optional

Map of analysis portfolios
Example : "{ "country": "spain" }"

< string, string > map

analysisProvider
optional

Analysis provider
Example : "Lab"

string

analysisStatus
optional

Analysis status
Example : "FINISHED"

enum (EXECUTING, FINISHED, FINISHED_WITH_ERROR)

analysisURL
optional

Kiuwan link to view the analysis detail
Example : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349"

string

applicationBusinessValue
optional

Application business value
Example : "CRITICAL"

enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL)

applicationPortfolios
optional

Map of application portfolios
Example : "{ "country": "spain" }"

< string, string > map

applicationProvider
optional

Application provider
Example : "Lab"

string

architecture
optional

Architecture detail
Example : MetadataArchitectureData

auditName
optional

Application audit name
Example : "Kiuwan default audit"

string

auditResultURL
optional

Kiuwan link to view the audit result of the analisys
Example : "string"

string

count
optional

Number of defects in this response
Example : 500

integer (int32)

creationDate
optional

Date of initial analysis
Example : "2020-07-22T15:34:53Z"

string

date
optional

Analysis creation date
Example : "2019-10-14T15:15:15Z"

string

defects
optional

Defects detail list
Example : [ "DefectDetailResponse" ]

defects_count
optional

Defects count
Example : 581

integer (int32)

description
optional

Application description
Example : "GitHub Android App"

string

encoding
optional

Analysis encoding
Example : "UTF-8"

string

insightsData
optional

Insights metadata
Example : MetadataInsightsData

label
optional

Analysis label
Example : "14.10.2019_1"

string

languages
optional

Languages metric list
Example : [ "MetricValueData" ]

< MetricValueData > array

lastSuccessfulBaseline
optional

last Baseline Analysis Summary
Example : AnalysisResponse

lastSuccessfulDelivery
optional

last successful delivery
Example : AnalysisResponse

modelId
optional

Analysis model identifier
Example : 6252

integer (int64)

name
optional

Application name
Example : "android"

string

ordered_by
optional

Analysis user invoker
Example : "github software"

string

page
optional

Page number
Example : 1

integer (int32)

quality_model
optional

Application quality model name
Example : "CQM"

string

supressedDefects_count
optional

Supressed defects count
Example : 6

integer (int32)

unparsedFiles
optional

Unparsed Files
Example : [ "UnparsedFileData" ]

< UnparsedFileData > array

AnalysisFilesResponse

Response object for Analysis Files

Name Description Model

Effort to target
optional

Effort to target metric
Example : MetricValueData

Main metrics
optional

Main metrics list
Example : [ "MetricValueData" ]

< MetricValueData > array

Quality indicator
optional

Quality indicator metric
Example : MetricValueData

Risk index
optional

Risk index metric
Example : MetricValueData

Security
optional
read-only

Map of security metrics
Example : "{ "Rating": 1, {"3Stars":104.6,"5Stars":255.9,"2Stars":64.89,"4Stars":247.4}"

< string, object > map

analysisBusinessValue
optional

Analysis business value
Example : "CRITICAL"

enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL)

analysisCode
optional

Analysis code
Example : "A-ZBA-234820349"

string

analysisPortfolios
optional

Map of analysis portfolios
Example : "{ "country": "spain" }"

< string, string > map

analysisProvider
optional

Analysis provider
Example : "Lab"

string

analysisStatus
optional

Analysis status
Example : "FINISHED"

enum (EXECUTING, FINISHED, FINISHED_WITH_ERROR)

analysisURL
optional

Kiuwan link to view the analysis detail
Example : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349"

string

applicationBusinessValue
optional

Application business value
Example : "CRITICAL"

enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL)

applicationPortfolios
optional

Map of application portfolios
Example : "{ "country": "spain" }"

< string, string > map

applicationProvider
optional

Application provider
Example : "Lab"

string

architecture
optional

Architecture detail
Example : MetadataArchitectureData

auditName
optional

Application audit name
Example : "Kiuwan default audit"

string

auditResultURL
optional

Kiuwan link to view the audit result of the analisys
Example : "string"

string

count
optional

Number of files in this response
Example : 100

integer (int32)

creationDate
optional

Date of initial analysis
Example : "2020-07-22T15:34:53Z"

string

date
optional

Analysis creation date
Example : "2019-10-14T15:15:15Z"

string

description
optional

Application description
Example : "GitHub Android App"

string

encoding
optional

Analysis encoding
Example : "UTF-8"

string

files
optional

Files list
Example : [ "FileData" ]

< FileData > array

files_count
optional

Number of files
Example : 124

integer (int32)

insightsData
optional

Insights metadata
Example : MetadataInsightsData

label
optional

Analysis label
Example : "14.10.2019_1"

string

languages
optional

Languages metric list
Example : [ "MetricValueData" ]

< MetricValueData > array

lastSuccessfulBaseline
optional

last Baseline Analysis Summary
Example : AnalysisResponse

lastSuccessfulDelivery
optional

last successful delivery
Example : AnalysisResponse

modelId
optional

Analysis model identifier
Example : 6252

integer (int64)

name
optional

Application name
Example : "android"

string

ordered_by
optional

Analysis user invoker
Example : "github software"

string

page
optional

Page number
Example : 1

integer (int32)

quality_model
optional

Application quality model name
Example : "CQM"

string

unparsedFiles
optional

Unparsed Files
Example : [ "UnparsedFileData" ]

< UnparsedFileData > array

AnalysisResponse

Response object for Analysis

Name Description Model

analysisBusinessValue
optional

Analysis business value
Example : "CRITICAL"

enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL)

analysisPortfolios
optional

Map of analysis portfolios
Example : "{ "country": "spain" }"

< string, object > map

analysisProvider
optional

Analysis provider
Example : "Lab"

string

analysisScope
optional

Analysis scope
Example : "Baseline"

enum (Baseline, Complete delivery, Partial delivery)

auditResult
optional

Delivery audit result
Example : "FAIL"

string

branchName
optional

Delivery branch name
Example : "master"

string

changeRequest
optional

Delivery change request
Example : "CR_14-10-2019_1"

string

changeRequestStatus
optional

Change request status
Example : "Resolved"

enum (Resolved, In progress)

code
optional

Analysis code
Example : "A-7e3-16dc9e29131"

string

creationDate
optional

Analysis creation date
Example : "2019-10-14T15:15:15Z"

string

encoding
optional

Analysis enconding
Example : "UTF-8"

string

errorCode
optional

Analysis error code
Example : "string"

string

invoker
optional

Analysis user invoker
Example : "github software"

string

label
optional

Analysis label
Example : "14.10.2019_1"

string

metrics
optional

Map of analysis metrics
Example : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"

< string, number (double) > map

modelId
optional

Model indentifier
Example : "string"

string

qualityModel
optional

Quality model
Example : "CQM"

string

status
optional

Analysis status
Example : "RUNNING"

enum (INQUEUE, FAIL, SUCCESS, RUNNING)

unparsedFiles
optional

Unparsed files list
Example : [ "UnparsedFileData" ]

< UnparsedFileData > array

AnalysisResultResponse

Response object for Analysis Result

Name Description Model

Effort to target
optional

Effort to target metric
Example : MetricValueData

Main metrics
optional

Main metrics list
Example : [ "MetricValueData" ]

< MetricValueData > array

Quality indicator
optional

Quality indicator metric
Example : MetricValueData

Risk index
optional

Risk index metric
Example : MetricValueData

Security
optional
read-only

Map of security metrics
Example : "{ "Rating": 1, {"3Stars":104.6,"5Stars":255.9,"2Stars":64.89,"4Stars":247.4}"

< string, object > map

analysisBusinessValue
optional

Analysis business value
Example : "CRITICAL"

enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL)

analysisCode
optional

Analysis code
Example : "A-ZBA-234820349"

string

analysisPortfolios
optional

Map of analysis portfolios
Example : "{ "country": "spain" }"

< string, string > map

analysisProvider
optional

Analysis provider
Example : "Lab"

string

analysisScope
optional

Analysis scope
Example : "Complete delivery"

enum (Baseline, Complete delivery, Partial delivery)

analysisStatus
optional

Analysis status
Example : "FINISHED"

enum (EXECUTING, FINISHED, FINISHED_WITH_ERROR)

analysisURL
optional

Kiuwan link to view the analysis detail
Example : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349"

string

applicationBusinessValue
optional

Application business value
Example : "CRITICAL"

enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL)

applicationPortfolios
optional

Map of application portfolios
Example : "{ "country": "spain" }"

< string, string > map

applicationProvider
optional

Application provider
Example : "Lab"

string

architecture
optional

Architecture detail
Example : MetadataArchitectureData

auditName
optional

Application audit name
Example : "Kiuwan default audit"

string

auditResult
optional

Delivery audit result detail
Example : AuditAnalysisResultResponse

auditResultURL
optional

Kiuwan link to view the audit result of the analisys
Example : "string"

string

baselineAnalysisCode
optional

Baseline analysis code
Example : "A-7e3-16dc9e29131"

string

branchName
optional

Delivery branch name
Example : "master"

string

changeRequest
optional

Delivery change request
Example : "CR_13.01.2020"

string

changeRequestStatus
optional

Delivery change request status
Example : "Resolved"

enum (Resolved, In progress)

creationDate
optional

Date of initial analysis
Example : "2020-07-22T15:34:53Z"

string

date
optional

Analysis creation date
Example : "2019-10-14T15:15:15Z"

string

deliveryDefects
optional

Delivery defects
Example : DeliveryDefectsData

deliveryFiles
optional

Delivery files detail
Example : DeliveryFilesData

description
optional

Application description
Example : "GitHub Android App"

string

encoding
optional

Analysis encoding
Example : "UTF-8"

string

insightsData
optional

Insights metadata
Example : MetadataInsightsData

label
optional

Analysis label
Example : "14.10.2019_1"

string

languages
optional

Languages metric list
Example : [ "MetricValueData" ]

< MetricValueData > array

lastSuccessfulBaseline
optional

last Baseline Analysis Summary
Example : AnalysisResponse

lastSuccessfulDelivery
optional

last successful delivery
Example : AnalysisResponse

modelId
optional

Analysis model identifier
Example : 6252

integer (int64)

name
optional

Application name
Example : "android"

string

ordered_by
optional

Analysis user invoker
Example : "github software"

string

quality_model
optional

Application quality model name
Example : "CQM"

string

unparsedFiles
optional

Unparsed files
Example : [ "UnparsedFileData" ]

< UnparsedFileData > array

AnalysisSearchResponse

Response object for Analysis Search

Name Description Model

analysisBusinessValue
optional

Analysis business value
Example : "CRITICAL"

string

analysisPortfolios
optional

Map of analysis portfolios
Example : "{ "country": "spain" }"

< string, object > map

analysisProvider
optional

Analysis provider
Example : "Lab"

string

analysisScope
optional

Analysis scope
Example : "Baseline"

string

applicationName
optional

Application name of this analysis
Example : "myApp"

string

auditResult
optional

Delivery audit result
Example : "FAIL"

string

branchName
optional

Delivery branch name
Example : "master"

string

changeRequest
optional

Delivery change request
Example : "CR_14-10-2019_1"

string

changeRequestStatus
optional

Change request status
Example : "Resolved"

string

code
optional

Analysis code
Example : "A-7e3-16dc9e29131"

string

creationDate
optional

Analysis creation date
Example : "2019-10-14T15:15:15Z"

string

encoding
optional

Analysis enconding
Example : "UTF-8"

string

errorCode
optional

Analysis error code
Example : "string"

string

invoker
optional

Analysis user invoker
Example : "github software"

string

label
optional

Analysis label
Example : "14.10.2019_1"

string

metrics
optional

Map of analysis metrics
Example : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"

< string, object > map

modelId
optional

Model indentifier
Example : "string"

string

qualityModel
optional

Quality model
Example : "CQM"

string

status
optional

Analysis status
Example : "RUNNING"

string

unparsedFiles
optional

Unparsed files list
Example : [ "UnparsedFileData" ]

< UnparsedFileData > array

ApplicationAnalysisResponse

Response object for Application and Analysis details

Name Description Model

Effort to target
optional

Effort to target metric
Example : MetricValueData

Main metrics
optional

Main metrics list
Example : [ "MetricValueData" ]

< MetricValueData > array

Quality indicator
optional

Quality indicator metric
Example : MetricValueData

Risk index
optional

Risk index metric
Example : MetricValueData

Security
optional
read-only

Map of security metrics
Example : "{ "Rating": 1, {"3Stars":104.6,"5Stars":255.9,"2Stars":64.89,"4Stars":247.4}"

< string, object > map

analysisBusinessValue
optional

Analysis business value
Example : "CRITICAL"

enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL)

analysisCode
optional

Analysis code
Example : "A-ZBA-234820349"

string

analysisPortfolios
optional

Map of analysis portfolios
Example : "{ "country": "spain" }"

< string, string > map

analysisProvider
optional

Analysis provider
Example : "Lab"

string

analysisStatus
optional

Analysis status
Example : "FINISHED"

enum (EXECUTING, FINISHED, FINISHED_WITH_ERROR)

analysisURL
optional

Kiuwan link to view the analysis detail
Example : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349"

string

applicationBusinessValue
optional

Application business value
Example : "CRITICAL"

enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL)

applicationPortfolios
optional

Map of application portfolios
Example : "{ "country": "spain" }"

< string, string > map

applicationProvider
optional

Application provider
Example : "Lab"

string

architecture
optional

Architecture detail
Example : MetadataArchitectureData

auditName
optional

Application audit name
Example : "Kiuwan default audit"

string

auditResultURL
optional

Kiuwan link to view the audit result of the analisys
Example : "string"

string

creationDate
optional

Date of initial analysis
Example : "2020-07-22T15:34:53Z"

string

date
optional

Analysis creation date
Example : "2019-10-14T15:15:15Z"

string

description
optional

Application description
Example : "GitHub Android App"

string

encoding
optional

Analysis encoding
Example : "UTF-8"

string

insightsData
optional

Insights metadata
Example : MetadataInsightsData

label
optional

Analysis label
Example : "14.10.2019_1"

string

languages
optional

Languages metric list
Example : [ "MetricValueData" ]

< MetricValueData > array

lastSuccessfulBaseline
optional

last Baseline Analysis Summary
Example : AnalysisResponse

lastSuccessfulDelivery
optional

last successful delivery
Example : AnalysisResponse

modelId
optional

Analysis model identifier
Example : 6252

integer (int64)

name
optional

Application name
Example : "android"

string

ordered_by
optional

Analysis user invoker
Example : "github software"

string

quality_model
optional

Application quality model name
Example : "CQM"

string

unparsedFiles
optional

Unparsed Files
Example : [ "UnparsedFileData" ]

< UnparsedFileData > array

ApplicationManagementRequest

Request object for Application Management

Name Description Model

audit
optional

Audit
Example : "true"

string

businessValue
optional

Application business value
Example : "CRITICAL"

enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL)

description
optional

Application description
Example : "GitHub Android App"

string

forceModel
optional

Force model
Example : true

boolean

model
optional

Application model name
Example : "CQM"

string

modelId
optional

Application model identifier
Example : 1243

integer (int64)

name
required

Application name
Example : "myApp"

string

newModelId
optional

New model identifier
Example : 1345

integer (int64)

newName
optional

New application name
Example : "myNewApp"

string

portfolios
optional

Application portfolios list
Example : [ "PortfolioData" ]

< PortfolioData > array

provider
optional

Application provider
Example : "Lab"

string

sourceCodeUpload
optional

Source code upload
Example : true

boolean

targets
optional

Application targets map
Example : { "string" : 0.0 }

< string, number (double) > map

ApplicationPermissionsData

Response object for Application Permissions

Name Description Model

applicationName
optional

Application name
Example : "myApp"

string

changeDefectStatus
optional

If the user can change the status of a defect in this application
Example : true

boolean

deleteActionPlans
optional

If the user can delete action plan for this application
Example : true

boolean

deleteAnalysis
optional

If the user can delete analysis for this application
Example : true

boolean

deleteDeliveries
optional

If the user can delete deliveries for this application
Example : true

boolean

executeAnalysis
optional

If the user can execute analysis for this application
Example : true

boolean

executeDeliveries
optional

If the user can execute deliveries plan for this application
Example : true

boolean

exportActionPlansJira
optional

If the user can export action plan to JIRA for this application
Example : true

boolean

muteDefects
optional

If the user can mute defects for this application
Example : true

boolean

override
optional

Indicates if override the configuration or not
Example : true

boolean

roleName
optional

Name of the role assigned to user
Example : "None"

string

saveActionPlans
optional

If the user can save action plan for this application
Example : true

boolean

viewApplicationData
optional

If the user can see application data for this application
Example : true

boolean

viewDeliveries
optional

If the user can see deliveries for this application
Example : true

boolean

ApplicationResponse

Response object for Application

Name Description Model

applicationBusinessValue
optional

Application business value
Example : "CRITICAL"

enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL)

applicationPortfolios
optional

Map of application portfolios
Example : "{ "country": "spain" }"

< string, string > map

applicationProvider
optional

Application provider
Example : "Lab"

string

auditName
optional

Application audit name
Example : "Kiuwan default audit"

string

creationDate
optional

Date of initial analysis
Example : "2020-07-22T15:34:53Z"

string

description
optional

Application description
Example : "GitHub Android App"

string

lastSuccessfulBaseline
optional

last Baseline Analysis Summary
Example : AnalysisResponse

lastSuccessfulDelivery
optional

last successful delivery
Example : AnalysisResponse

name
optional

Application name
Example : "android"

string

quality_model
optional

Application quality model name
Example : "CQM"

string

ApplicationRoleData

Data object for Application Role

Name Description Model

name
optional

Application name
Example : "ApplicationInJapan"

string

override
optional

Indicates if override the configuration or not
Example : true

boolean

roleName
optional

Name of the role to assign
Example : "None"

string

ApplicationsComponentsResponse

Name Description Model

application
optional

Application detail
Example : ApplicationResponse

component
optional

Component detail
Example : ComponentSimpleRestData

ArtifactLicensesData

Data object for Artifact Licenses

Name Description Model

artifact
required

Artifact name
Example : "spring-aop"

string

group
optional

Artifact Group
Example : "org.springframework"

string

language
required

Artifact Language
Example : "java"

string

spdxids
required

List of Spdxids of licenses to associate with the artifact
Example : "Apache-2.0"

< string > array

version
required

Artifact version
Example : "3.2.13.RELEASE"

string

AuditAnalysisResultResponse

Response object for Audit Analysis Result

Name Description Model

approvalThreshold
optional

Audit approval threshold
Example : 50.0

number (double)

auditName
optional

Audit name
Example : "Kiuwan default audit"

string

checkpointResults
optional

List of checkpoint results
Example : [ "CheckpointResultData" ]

description
optional

Audit description
Example : "Default audit provided by Kiuwan. Checks if there are new defects. The audit will not pass if there are any."

string

overallResult
optional

Audit overall result
Example : "FAIL"

enum (OK, FAIL)

score
optional

Score
Example : 0.0

number (double)

AuditResultResponse

Response object for Audit Result

Name Description Model

analysisCode
optional

Analysis code
Example : "A-7e3-16e5b1aad2a"

string

creationTimestamp
optional

Audit creation time
Example : "2019-11-21T12:51:40Z"

string

label
optional

Audit label
Example : "cr_21.11.2019"

string

metrics
optional

Audit metrics
Example : "{"com.optimyth.CQM.defectsByPriority.Priority 2": 2,"com.optimyth.CQM.defectsByPriority.Priority 3": 1}"

< string, number (double) > map

passAudit
optional

Indicates if the audit has been passed
Example : false

boolean

AuthorizationResponse

Response object for Authorization

Name Description Model

actionCode
optional

The action code
Example : "MUTE_DEFECTS"

string

granted
optional

Indicates if the action is granted or not
Example : true

boolean

BusinessValuePortfolioRoleData

Data object for a business value portfolio and role to assign

Name Description Model

portfolioValue
optional

Portfolio value
Example : "CRITICAL"

string

roleName
optional

Name of the role to assign
Example : "Readonly"

string

type
optional

Portfolio type
Example : "SYSTEM"

enum (SYSTEM)

CheckpointResultData

Data object for Checkpoint Result

Name Description Model

checkpoint
optional

Checkpoint
Example : "1"

string

description
optional

Checkpont decription
Example : "If a new defect is detected, the checkpoint will not pass."

string

mandatory
optional

Indicates if the checkpoint is mandatory or not
Example : true

boolean

name
optional

Checkpoint name
Example : "No new defects"

string

result
optional

Checkpoint result
Example : "FAIL"

enum (OK, FAIL)

score
optional

Checkpoint score
Example : 0.0

number (double)

type
optional

Checkpoint type
Example : "Threshold for maximum new defects"

string

violatedRules
optional

List of violated rules
Example : [ "ViolatedRuleResponse" ]

weight
optional

Weight
Example : 1

integer (int32)

ComponentDetailResponse

Response object for Component Details

Name Description Model

analyzed
optional

Analyzed
Example : true

boolean

artifacts
optional

Artifacts list
Example : "{0}/src/main/java/com/myCompany/myApp/CSRFServlet"

< object > array

ccn
optional

Cyclomatic complexity number
Example : 15.0

number (double)

dn
optional

Name identifier description
Example : "app=myApp,class=com.myCompany.myApp.file.CSRFServlet"

string

dupCode
optional

Duplicated code
Example : 0.0

number (double)

effort
optional

Effort value
Example : 0.0

number (double)

groupedCount
optional

Grouped count
Example : 1

integer (int32)

grouptags
optional

Map of group tags
Example : "{"Servlet": "FileServlet"}"

< string, string > map

id
optional

Identifier
Example : 23

integer (int64)

language
optional

Language
Example : "java"

string

loc
optional

Lines of code
Example : 210.0

number (double)

name
optional

Component name
Example : "com.myCompany.myApp.CSRFServlet"

string

other
optional

Map of additional properties
Example : "{ "componentType": "class", "j2eeType": "class", "description": "class java" }"

< string, object > map

quality
optional

Quality indicator value
Example : 0.0

number (double)

tags
optional

Component Tags
Example : "Security,CSRF"

< object > array

type
optional

Component type
Example : "class"

string

ComponentSimpleRestData

Data object for Component’s basic details

Name Description Model

artifact
optional

Artifact name
Example : "org.springframework:spring-core"

string

custom
optional

If the component is custom or not
Example : true

boolean

description
optional

Artifact description
Example : "Spring Core"

string

id
optional

Component identifier
Example : 357

integer (int64)

version
optional

Artifact version
Example : "3.2.13.RELEASE"

string

CustomComponentRestData

Data object for Custom Component

Name Description Model

artifact
required

Artifact name
Example : "spring-aop"

string

custom
required

Confirm that current component is custom (true value) or may be public (false value)
Example : false

boolean

date
optional

Component date
Example : "2019-08-03T10:15:30Z"

string

description
optional

Component description
Example : "This artifact define the spring-aop"

string

group
optional

Artifact Group
Example : "org.springframework"

string

language
required

Artifact Language
Example : "java"

string

showPublicLicenses
required

If you want show licenses found by Kiuwan
Example : false

boolean

showPublicVulnerabilities
required

When custom is true if you want show public vulnerabilities found by Kiuwan
Example : false

boolean

version
required

Artifact version
Example : "3.2.13.RELEASE"

string

CustomComponentSimpleRestData

Data object for Custom Component’s basic details

Name Description Model

artifact
required

Artifact name
Example : "spring-core"

string

group
required

Artifact Group
Example : "org.springframework"

string

language
required

Artifact Technology
Example : "java"

string

version
optional

Artifact version
Example : "1.0.0"

string

DatapathData

Data object for Datapath

Name Description Model

container
optional

Container
Example : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)"

string

file
optional

Datapath file
Example : "FileSystemRepository.java"

string

index
optional

Datapath index
Example : 1

integer (int32)

indirect
optional

If is a indirect datapath
Example : true

boolean

kind
optional

Datapath kind
Example : "sink"

enum (assign, call, other, sink, source)

lineNumber
optional

Line number
Example : 32

integer (int32)

lineText
optional

Line text
Example : "\t\t\tString val = request.getParameter(item);"

string

localId
optional

Local id for this vulnerability
Example : 1

integer (int32)

localParentId
optional

Parent id of this datapath
Example : 1

integer (int32)

varname
optional

Datapath tainted variable name
Example : "user"

string

DefectDetailResponse

Response object for Defect Details

Name Description Model

characteristic
optional

Characteristic
Example : "Security"

enum (Efficiency, Maintainability, Portability, Reliability, Security)

code
optional

Code
Example : "\t\t\tout.println(sql);"

string

cweId
optional

CWE identifier
Example : 79

integer (int32)

defectId
optional

Defect identifier
Example : 16558118

integer (int64)

effort
optional

Effort
Example : "30m"

string

explanation
optional

Defect explanation
Example : "Reflected XSS: user_input"

string

file
optional

Defect file
Example : "FileSystemRepository.java"

string

language
optional

Technology (List of supported technologies in https://www.kiuwan.com/docs/display/K5/Kiuwan+Supported+Technologies)
Example : "java"

string

line
optional

Defect line
Example : 368

integer (int32)

modelId
optional

Model identifier
Example : 6252

integer (int64)

muted
optional

Indicates if the defect is muted
Example : false

boolean

priority
optional

Priority
Example : "Very High"

enum (Very Low, Low, Normal, High, Very High)

rule
optional

Broken rule
Example : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"

string

ruleCode
optional

Rule code
Example : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule"

string

securityDetail
optional

Security detail
Example : VulnerabilityData

status
optional

Defect status
Example : "None"

enum (None, To review, Reviewed)

vulnerabilityType
optional

Vulnerability type (More info in https://www.kiuwan.com/docs/display/K5/Kiuwan+Vulnerability+Types)
Example : "Injection"

string

DefectLineResponse

Response object for Defect Line

Name Description Model

code
optional

Defect code
Example : "\\t\\t\\te.printStackTrace();"

string

line
optional

Defect line
Example : 101

integer (int32)

muted
optional

Indicates if the defect is muted
Example : true

boolean

DefectNoteResponse

Response object for Defect Note

Name Description Model

date
optional

Note date
Example : "2019/05/02 14:26"

string

text
optional

Note description
Example : "To review by security experts"

string

user
optional

User name
Example : "John Smith"

string

DefectsDeltaDetailResponse

Response object for Defects Delta Detail

Name Description Model

Main analysis code
optional

Main analysis code
Example : "A-7e3-16e5b1aad2a"

string

New defects
optional

New defects
Example : [ "DefectDetailResponse" ]

New defects count
optional

New defects count
Example : 3

integer (int32)

New violated rules count
optional

New violated rules count
Example : 1

integer (int32)

Previous analysis code
optional

Previous analysis code
Example : "A-7e3-16dc9e29131"

string

Removed defects
optional

Removed defects
Example : [ "DefectDetailResponse" ]

Removed defects count
optional

Removed defects count
Example : 0

integer (int32)

Removed violated rules count
optional

Removed violated rules count
Example : 0

integer (int32)

count
optional

Number of defects in this response
Example : 3

integer (int32)

page
optional

Page number
Example : 1

integer (int32)

DefectsDeltaResponse

Response object for Defects Delta

Name Description Model

Main analysis code
optional

Main analysis code
Example : "A-7e3-16e5b1aad2a"

string

New defects count
optional

New defects count
Example : 3

integer (int32)

New violated rules count
optional

New violated rules count
Example : 1

integer (int32)

Previous analysis code
optional

Previous analysis code
Example : "A-7e3-16dc9e29131"

string

Removed defects count
optional

Removed defects count
Example : 0

integer (int32)

Removed violated rules count
optional

Removed violated rules count
Example : 0

integer (int32)

DefectsKeptInCommonDetailResponse

Response object for Defects kept in common

Name Description Model

atAnalysisCode
optional

at analysis code
Example : "A-7e3-16dc9e29131"

string

count
optional

Number of defects in this response
Example : 3

integer (int32)

defects
optional

defects
Example : [ "DefectDetailResponse" ]

page
optional

Page number
Example : 1

integer (int32)

ruleTags
optional

With rules with tags
Example : "PCI-DSS:6.5.1,cwe99"

string

securityOnly
optional

Security Only rules
Example : true

boolean

sinceAnalysisCode
optional

Since Analysis Code
Example : "A-7e3-16e5b1aad2a"

string

sinceDate
optional

Since Date
Example : "2020-03-01T12:00:00Z"

string

totalDefects
optional

Total Defects in Common
Example : 132

integer (int64)

DeliveryDefectsData

Data object for Delivery Defects

Name Description Model

defects
optional

Total defects
Example : 582

integer (int32)

newDefects
optional

Number of new defects
Example : 3

integer (int32)

removedDefects
optional

Number of removed defects
Example : 0

integer (int32)

DeliveryFilesData

Data object for Delivery Files

Name Description Model

count
optional

Files count
Example : 132

integer (int32)

FileData

Data object for File

Name Description Model

defects
optional

Detail of defects in the file
Example : [ "DefectDetailResponse" ]

defects_count
optional

Number of defects in the file
Example : 5

integer (int32)

metrics
optional

File metrics
Example : [ "MetricValueData" ]

< MetricValueData > array

metrics_count
optional

Metrics count
Example : 17

integer (int32)

name
optional

File name
Example : "FileSystemRepository.java"

string

FileWithDefectsResponse

Response object for File with Defects

Name Description Model

defects
optional

Link to the defects line
Example : HrefData

defectsCount
optional

Number of defects
Example : 1

integer (int64)

file
optional

File name
Example : "src/main/java/com/myCompany/myApp/CSRFServlet.java"

string

FilterData

Data object for Filter

Name Description Model

analyzed
optional

Is analyzed filter
Example : true

boolean

contains
optional

Contains filter
Example : "custom.js"

string

fileName
optional

File name filter
Example : "custom.js"

string

groupTags
optional

List of group tags filter
Example : [ "GroupTagData" ]

< GroupTagData > array

languages
optional

Languages filter, comma-separated list of languages to filter by (List of supported technologies in https://www.kiuwan.com/docs/display/K5/Kiuwan+Supported+Technologies)
Example : "java,javascript"

string

notContains
optional

Not contains filter
Example : "testFactory"

string

tags
optional

Tags filter, Comma-separated list of tags to filter by
Example : "myTag1,myTag2"

string

types
optional

Types filter, comma-separated list of types to filter by
Example : "program,element,map,class"

string

FrameData

Data object for Frame

Name Description Model

category
optional

Frame category
Example : "user_input"

string

container
optional

Container
Example : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)"

string

file
optional

Frame file
Example : "FileSystemRepository.java"

string

index
optional

Frame index
Example : 0

integer (int32)

injectionPoint
optional

InjectionPoint
Example : "string"

string

lineNumber
optional

Line number
Example : 32

integer (int32)

lineText
optional

Line text
Example : "\t\t\tString val = request.getParameter(item);"

string

resource
optional

Resource
Example : "web"

string

variableDeclaration
optional

Variable declaration
Example : "string"

string

GlobalCounterResponse

Response object for Stats

Name Description Model

name
optional

Global counter name
Example : "analysis"

string

value
optional

Global counter value
Example : "3806.0"

object

GroupTagData

Data object for Group Tag

Name Description Model

name
optional

Group tag name
Example : "Servlets"

string

value
optional

Group tag value
Example : "FileServlet"

string

HrefData

Data object for Href

Name Description Model

href
optional

Defect link
Example : "https://api.kiuwan.com/audits/checkpoints/violatedrules/files/defects?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&checkpoint=3452&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java"

string

InsightsComponentRestResponse

Response object for Component details

Name Description Model

artifact
optional

Artifact name
Example : "org.springframework:spring-aop"

string

custom
optional

If the component is custom or not
Example : true

boolean

filename
optional

File name
Example : "spring-aop-3.2.13.RELEASE.jar"

string

id
optional

Component identifier
Example : 178

integer (int64)

language
optional

Technology
Example : "java"

string

licenseRisk
optional

Component license risk (high, medium, low, none, unknown)
Example : "unknown"

enum (high, medium, low, none, unknown)

obsolescenceRisk
optional

Component obsolescence risk (high, medium, low, none, unknown)
Example : "medium"

enum (high, medium, low, none, unknown)

securityRisk
optional

Component security risk (high, medium, low, none, unknown)
Example : "high"

enum (high, medium, low, none, unknown)

sources
optional

Sources list
Example : [ "SourceRootSimpleRestData" ]

version
optional

Artifact version
Example : "3.2.13.RELEASE"

string

vulnerabilities
optional

Vulnerabilities list
Example : [ "VulnerabilityRestData" ]

LicenseRestData

Data object for License

Name Description Model

component
optional

Number of components with this license
Example : "8"

string

components
optional

List of components with this license
Example : [ "ComponentSimpleRestData" ]

conditions
optional

License conditions
Example : "[\"INCL_COPYRIGHT\",\"INCL_LICENSE\",\"STATE_CHANGES\",\"INCLUDE_NOTICE\"]"

string

id
optional

License identifier
Example : 23

integer (int64)

license
optional

License name
Example : "Apache License 2.0"

string

limitations
optional

License limitations
Example : "[\"HOLD_LIABLE\",\"USE_TRADEMARK\"]"

string

permissions
optional

License permissions
Example : "[\"COMMERCIAL\",\"MODIFY\",\"DISTRIBUTE\",\"SUBLICENSE\",\"PRIVATE\",\"USE_PATENT_CLAIMS\",\"PLACE_WARRANTY\"]"

string

risk
optional

License risk
Example : "none"

enum (High, Medium, Low, None, Unknown)

spdxCode
optional

SPDX code (Software Package Data Exchange)
Example : "Apache-2.0"

string

type
optional

License type
Example : "Permissive"

enum (Copyleft, Copyrighted, NonOpenSource, Permissive, Propietary, PublicDomain, Unknown, WeakCopyleft)

url
optional

Link to license description
Example : "https://spdx.org/licenses/Apache-2.0.html"

string

ListComponentsRequest

It is necessary to indicate the name of the application or the analysis code

Name Description Model

analysisCode
optional

Analysis Code
Example : "A-7e3-16dc9e29131"

string

applicationName
optional

Application name
Example : "myApp"

string

filter
optional

Filter
Example : FilterData

pagination
optional

Pagination
Example : PaginationData

ListComponentsResponse

Response object for Components List

Name Description Model

data
optional

List of components
Example : [ "ComponentDetailResponse" ]

pagination
optional

Pagination
Example : PaginationData

ListInsightsComponentsResponse

Response object for Insights Components List

Name Description Model

data
optional

Insights components detail list
Example : [ "InsightsComponentRestResponse" ]

ListLicensesResponse

Response object for Licenses List

Name Description Model

data
optional

Insights components license detail list
Example : [ "LicenseRestData" ]

< LicenseRestData > array

ListObsolescencesResponse

Response object for Obsolescence List

Name Description Model

data
optional

Insights components obsolescence detail list
Example : [ "ObsolescenceRestData" ]

ListSecuritiesResponse

Response object for Security List

Name Description Model

data
optional

Insights vulnerabilities detail list
Example : [ "SecurityRestData" ]

< SecurityRestData > array

ListSpdxLicensesResponse

Response object for Spdx Licenses List

Name Description Model

data
optional

Insights spdx licenses list
Example : [ "SpdxLicenseData" ]

< SpdxLicenseData > array

MetadataArchitectureData

Data object for Architecture Metadata

Name Description Model

groupTags
optional

List of groups
Example : "group1"

< string, < string > array > map

languages
optional

Number of different languages
Example : [ "ValueCountData" ]

< ValueCountData > array

relations
optional

Number of relations
Example : [ "ValueCountData" ]

< ValueCountData > array

tags
optional

List of tags
Example : "tag1"

< string > array

types
optional

Number of different types
Example : [ "ValueCountData" ]

< ValueCountData > array

MetadataInsightsData

Data object for Insights Metadata

Name Description Model

components
optional

Number of components in current analysis
Example : 29

integer (int32)

duplicates
optional

Number of duplicated components in current analysis
Example : 8

integer (int32)

licenses
optional

Number of different licenses in current analysis
Example : 8

integer (int32)

risks
optional

Risk metadata for current analysis. Risk components by vulnerabilities, by licenses and obsolescence
Example : [ "MetadataInsightsRiskData" ]

vulnerabilities
optional

Number of vulnerabilities in current analysis
Example : 15

integer (int32)

MetadataInsightsRiskData

Data object for Insights Risk Metadata

Name Description Model

name
optional

Risk name. by vulnerabilities, by licenses and obsolescence
Example : "string"

string

risk
optional

Map with number of components by severity
Example : { "string" : 0 }

< string, integer (int32) > map

MetricValueData

Data object for Metric Value

Name Description Model

color
optional

Metric color
Example : "red"

string

index
optional

Index
Example : 0

integer (int32)

maxRange
optional

Metric maximum range
Example : 1.0

number (double)

minRange
optional

Metric minimun range
Example : 1.0

number (double)

name
optional

Metric name
Example : "metric name"

string

size
optional

Metric size
Example : 4013

integer (int32)

value
optional

Metric value
Example : 50.0

number (double)

MutePatternResponse

Response object for MutePattern

Name Description Model

active
optional

Active
Example : true

boolean

comment
optional

Comment
Example : "Created after review meeting"

string

customerId
optional

Customer Id
Example : 12334

integer (int64)

fileName
optional

File name
Example : "path/to/file.java"

string

fileNamePatterns
optional

File patterns
Example : "extras/*"

string

lastActionDate
optional

Last Action Date
Example : "2021-10-1T15:15:15Z"

string

lastActionUserName
optional

Last Action User Name
Example : "Administrator Site (sysadmin)"

string

lastMuteAction
optional

Last Mute Action
Example : "MUTEACTION_CREATE"

enum (MUTEACTION_CREATE, MUTEACTION_UPDATE, MUTEACTION_DELETE, MUTEACTION_DEACTIVATE)

lineNumber
optional

Line Number
Example : 113

integer (int32)

lineText
optional

Line Text
Example : " throw new NullPointerException();"

string

reason
optional

Reason
Example : "TOO_MANY_DEFECTS"

string

ruleCode
optional

Rule code
Example : "OPT.JAVA.EXCP.AvoidThrowNullPointerExceptions"

string

ruleName
optional

Rule name
Example : "Avoid launching NullPointerExceptions"

string

sourceLineText
optional

Source Line Text
Example : "string"

string

NavigationFilterData

Data object for Navigation Filter

Name Description Model

depth
optional

Depth
Example : 2

integer (int32)

direction
optional

Direction (in, out, any; default: out)
Example : "out"

enum (in, out, any)

relations
optional

Comma separated list of component relations (calls, configuration, delete, includes, inherits…)
Example : "contains,uses,update"

string

ObsolescenceRestData

Data object for Obsolescence

Name Description Model

component
optional

Component name
Example : "commons-logging:commons-logging"

string

custom
optional

If the component is custom or not
Example : true

boolean

dateLast
optional

Component last version date
Example : "2014/07/05"

string

dateUsed
optional

Component used version date
Example : "2013/05/16"

string

description
optional

Component description
Example : "Commons Logging is a thin adapter allowing configurable bridging to other,\n well known logging systems."

string

language
optional

Technology (List of supported technologies in https://www.kiuwan.com/docs/display/K5/Kiuwan+Supported+Technologies)
Example : "java"

string

lastVersion
optional

Component last version
Example : "1.2"

string

obsolescenceRisk
optional

Component obsolescence risk number, between 0-10
Example : "3.33"

string

outOfDate
optional

Number of days between used and last version
Example : "1y 50d"

string

release
optional

Number of releases between used and last version
Example : "1"

string

risk
optional

Component obsolescence risk (High, Medium, Low)
Example : "Medium"

enum (High, Medium, Low)

timeInactivity
optional

Number of days from last version date
Example : "5y 194d"

string

usedVersion
optional

Component used version
Example : "1.1.3"

string

PaginationData

Data object for Pagination

Name Description Model

count
optional

Number of components per page
Example : 500

integer (int32)

page
optional

Page number
Example : 1

integer (int32)

total
optional

Total Components
Example : 5654

integer (int64)

PortfolioData

Data object for Portfolio

Name Description Model

portfolioName
optional

Portfolio name
Example : "country"

string

portfolioValue
optional

Portfolio value
Example : "spain"

string

PortfolioDefinitionData

Data object for Portfolio Definition

Name Description Model

description
optional

Portfolio description
Example : "List of company providers"

string

isSystemPortfolio
optional

Indicates if it is a system portfolio
Example : true

boolean

name
required

Portfolio name
Example : "provider"

string

values
optional

Portfolio values
Example : "["Lab", "Factory"]"

< string > array

PortfolioRoleData

Data object for Portfolio Role

Name Description Model

portfolioName
optional

Portfolio name
Example : "Region"

string

portfolioValue
optional

Portfolio value
Example : "Asia"

string

roleName
optional

Name of the role to assign
Example : "Write"

string

type
optional

Portfolio type (CUSTOM, SYSTEM)
Example : "CUSTOM"

enum (CUSTOM, SYSTEM)

PrivateVulnerabilityRestData

Data object for Private Vulnerability

Name Description Model

cwe
optional

CWE reference (Common Weakness Enumeration Specification)
Example : "CWE-20"

string

description
optional

Vulnerability description
Example : "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack."

string

severity
optional

Vulnerability severity (High, Medium, Low)
Example : "Low"

enum (High, Medium, Low)

v2accessComplexty
optional

V2 Access Complexty (High, Medium, Low)
Example : "Low"

enum (High, Medium, Low)

v2accessVector
optional

V2 Access Vector (Local , Adjacent Network, Network )
Example : "Local "

enum (Local, Adjacent Network, Network)

v2authentication
optional

V2 Authentication (Multiple, Single, None)
Example : "None"

enum (Multiple, Single, None)

v2availabilityImpact
optional

V2 Availability Impact(None, Partial, Complete)
Example : "None"

enum (None, Partial, Complete)

v2baseScore
optional

V2 Base Score
Example : 4.6

number (double)

v2confidentialityImpact
optional

V2 Confidentiality Impact (None, Partial, Complete)
Example : "None"

enum (None, Partial, Complete)

v2exploitabilityScore
optional

V2 Exploitability Score
Example : 8.5

number (double)

v2impactScore
optional

V2 Impact Score
Example : 8.5

number (double)

v2integrityImpact
optional

V2 Integrity Impact(None, Partial, Complete)
Example : "None"

enum (None, Partial, Complete)

v2vectorString
optional

CVSS V2 Vector
Example : "AV:N/AC:M/Au:S/C:N/I:N/A:P"

string

v3attackComplexity
optional

V3 Attack Complexity (Low, High)
Example : "Low"

enum (Low, High)

v3attackVector
optional

V3 Attack Vector (Network, Adjacent, Local, Physical)
Example : "Network"

enum (Network, Adjacent, Local, Physical)

v3availabilityImpact
optional

V3 Availability Impact (High, Low, None)
Example : "None"

enum (High, Low, None)

v3baseScore
optional

V3 Base Score
Example : 7.5

number (double)

v3baseSeverity
optional

V3 Base Severity (None, Low, Medium, High, Critical)
Example : "Low"

enum (None, Low, Medium, High, Critical)

v3confidentialityImpact
optional

V3 Confidentiality Impact (High, Low, None)
Example : "None"

enum (High, Low, None)

v3exploitabilityScore
optional

V3 Exploitability Score
Example : 3.9

number (double)

v3impactScore
optional

V3 Impact Score
Example : 3.6

number (double)

v3integrityImpact
optional

V3 Integrity Impact (High, Low, None)
Example : "None"

enum (High, Low, None)

v3privilegesRequired
optional

V3 Privileges Required (None, Low, High)
Example : "Low"

enum (None, Low, High)

v3scope
optional

V3 Scope (Unchanged , Changed)
Example : "Unchanged"

enum (Unchanged, Changed)

v3userInteraction
optional

V3 User Interaction (None, Required , High)
Example : "None"

enum (None, Required, High)

v3vectorString
optional

V3 Vector
Example : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"

string

vulnerabilityCode
required

vulnerability Code
Example : "CUSTOM-0001"

string

vulnerableArtifactVersions
optional

Vulnerable artifacts and versions
Example : [ "VulnerableArtifactVersionsData" ]

ProviderPortfolioRoleData

Data object for Provider Portfolio and Role to assign

Name Description Model

portfolioValue
optional

Portfolio value
Example : "Provider1"

string

roleName
optional

Name of the role to assign
Example : "Write"

string

type
optional

Portfolio type
Example : "SYSTEM"

enum (SYSTEM)

RelationRestData

Data object for Relation

Name Description Model

source
optional

Source
Example : 5473

integer (int64)

target
optional

Target
Example : 5468

integer (int64)

type
optional

Relation type
Example : "uses"

string

ResultData

Data object for Result

Name Description Model

result
optional

Operation result
Example : "OK"

string

RuleDocumentationResponse

Response object for RuleDocumentation

Name Description Model

benefits
optional

Rule benefits
Example : "string"

string

code
optional

Rule code
Example : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule"

string

description
optional

Rule description
Example : "Software places user-controlled input in page content. An attacker could inject browser script code that is executed\nin the client browser. The end-user is the attacked subject, and the software is the vehicle for the attack.\nThere are two main kinds of XSS:\n\n* Reflected XSS: Attacker causes victim to supply malicious content to a vulnerable web application, which\n renders HTML content embedding a malicious script executed in victim’s browser. A variation of this is named\n DOM-based XSS, where the vulnerable software does not generate content depending on user input but include\n script code that use user-controlled input.\n\n* Persisted XSS: Attacker provides malicious content to vulnerable application. When other user access to\n vulnerable pages that embed without proper neutralization the attacker content, script code is executed in the\n victim’s browser.\n\nThe script executed in the victim’s browser could perform malicious activities.\n\nMany browsers could limit the damage via security restrictions (e.g. 'same origin policy'), but user browsers\ngenerally allow scripting languages (e.g. JavaScript) in their browsers (disabling JavaScript severely limits\na web site)."

string

drawbacks
optional

Rule drawbacks
Example : "string"

string

fixedCode
optional

Fixed code example
Example : "import javax.servlet.http.HttpServletRequest;\nimport javax.servlet.http.HttpServletResponse;\nimport java.io.IOException;\nimport java.io.PrintWriter;\nimport org.owasp.html.*;\n\npublic class CrossSiteScriptingCode {\n public void directXSS(HttpServletRequest req, HttpServletResponse res) throws IOException {\n PrintWriter w = res.getWriter();\n // OWASP Java HTML Sanitizer (upgrade to r88 or later)\n // Use your own security library if needed\n PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);\n String safeHTML = policy.sanitize( req.getParameter(\\\"input\\\") );\n w.println(safeHTML); // OK\n }\n}"

string

name
optional

Rule name
Example : "Do not use variables as parameters for messages"

string

normatives
optional

Rule normatives list
Example : "["CERT-J:IDS51-J","CWE:79","OWASP:2013:A3","OWASP:2017:A7","OWASP-M:2014:M7","PCI-DSS:6.5.7","SANS25:2010:1","SANS25:2011:4","WASC:08"]"

< string > array

references
optional

Comma separated list of rule references
Example : "http://cwe.mitre.org/data/definitions/79.html,https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet,https://www.google.es/about/appsecurity/learning/xss/,https://www.securecoding.cert.org/confluence/display/java/IDS51-J.+Properly+encode+or+escape+output"

string

tags
optional

Rule tags list
Example : "["CWEScope:Access-Control","CWEScope:Availability","CWEScope:Confidentiality","CWEScope:Integrity","essential"]"

< string > array

violationCode
optional

Violation code example
Example : "import javax.servlet.http.HttpServletRequest;\nimport javax.servlet.http.HttpServletResponse;\nimport java.io.IOException;\nimport java.io.PrintWriter;\n\npublic class CrossSiteScriptingCode {\n public void directXSS(HttpServletRequest req, HttpServletResponse res) throws IOException {\n PrintWriter w = res.getWriter();\n w.println( req.getParameter(\\\"input\\\") ); // VIOLATION\n }\n}"

string

SearchImpactResponse

Response object for Search Impact

Name Description Model

analysisImpactCode
optional

Analysis impact code
Example : "0143dde8-3d81-44ac-ab77-fb5132c0f3b0"

string

data
optional

List of components
Example : [ "ComponentDetailResponse" ]

pagination
optional

Pagination
Example : PaginationData

SearchSourcesImpactRequest

It is mandatory at least one of the following parameters, application name, analysis code or analysis impact code. If you have already indicated the analysis impact code, the navigation filter is not necessary, in other cases it is. Indicating the pagination filter is necessary in any case.

Name Description Model

analysisCode
optional

Analysis code
Example : "A-7e3-16dc9e29131"

string

analysisImpactCode
optional

Analysis impact code
Example : "0143dde8-3d81-44ac-ab77-fb5132c0f3b0"

string

applicationName
optional

Application name
Example : "myApp"

string

navigationFilter
optional

Navigation filter
Example : NavigationFilterData

pagination
required

Pagination
Example : PaginationData

sourceFilter
optional

Source Filter
Example : FilterData

sourceIds
optional

Source identifiers
Example : [ 0 ]

< integer (int64) > array

targetId
optional

Target identificator
Example : 41144504

integer (int64)

SearchTargetsImpactRequest

It is mandatory at least one of the following parameters, application name, analysis code or analysis impact code. If you have already indicated the analysis impact code, the navigation filter is not necessary, in other cases it is. Indicating the pagination filter is necessary in any case.

Name Description Model

analysisCode
optional

Analysis code
Example : "A-7e3-16dc9e29131"

string

analysisImpactCode
optional

Analysis impact code
Example : "0143dde8-3d81-44ac-ab77-fb5132c0f3b0"

string

applicationName
optional

Application name
Example : "myApp"

string

navigationFilter
optional

Navigation filter
Example : NavigationFilterData

pagination
required

Pagination
Example : PaginationData

sourceFilter
optional

Source filter
Example : FilterData

sourceIds
optional

Source identificators
Example : [ 0 ]

< integer (int64) > array

targetFilter
optional

Target filter
Example : FilterData

targetIds
optional

Target identificators
Example : [ 0 ]

< integer (int64) > array

SecurityRestData

Data object for Security

Name Description Model

components
optional

Components list affected by this vulnerability
Example : [ "ComponentSimpleRestData" ]

cve
optional

CVE reference (Common Vulnerabilities and Exposures)
Example : "CVE-2016-5007"

string

cwe
optional

CWE reference (Common Weakness Enumeration Specification)
Example : "CWE-264"

string

description
optional

Vulnerability description
Example : "Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences."

string

exploitabilitySubscore
optional

Vulnerability exploitable sub-score
Example : "10"

string

getcVSSv2BaseScore
optional

Vulnerability CVSS v2 base score
Example : "5"

string

getcVSSv3BaseScore
optional

Vulnerability CVSS v3 base score
Example : "5"

string

id
optional

Vulnerability identifier
Example : 86896

integer (int64)

impactSubscore
optional

Vulnerability impact sub-score
Example : "2.9"

string

lastModified
optional

Last modified date
Example : "2017/05/25 19:29"

string

muted
optional

If is muted or not
Example : true

boolean

privateVulnerability
optional

If is private vulnerability or not
Example : true

boolean

securityRisk
optional

Component security risk (high, medium, low, none, unknown)
Example : "MEDIUM"

string

SoftwareArtifactData

Data object for Software Artifact

Name Description Model

artifact
required

Artifact name
Example : "spring-aop"

string

group
optional

Artifact Group
Example : "org.springframework"

string

language
required

Artifact Language
Example : "java"

string

version
required

Artifact version
Example : "3.2.13.RELEASE"

string

SoftwareArtifactLicenseData

Data object for Software Artifact License

Name Description Model

artifact
required

Artifact name
Example : "spring-aop"

string

group
optional

Artifact Group
Example : "org.springframework"

string

language
required

Artifact Language
Example : "java"

string

spdxid
required

Spdx id
Example : "Apache-2.0"

string

version
required

Artifact version
Example : "3.2.13.RELEASE"

string

SourceChildSimpleRestData

Data object for Source Child

Name Description Model

artifact
optional

Source artifact name
Example : "org.springframework:spring-aop"

string

child
optional

Source childs list
Example : [ "SourceChildSimpleRestData" ]

repository
optional

Repository name
Example : "MAVEN"

string

version
optional

Source version
Example : "3.2.13.RELEASE"

string

SourceRootSimpleRestData

Data object for Source Root

Name Description Model

artifact
optional

Source artifact name
Example : "org.springframework:spring-context"

string

child
optional

Source childs list
Example : [ "SourceChildSimpleRestData" ]

path
optional

Source path
Example : "pom.xml"

string

version
optional

Source version
Example : "3.2.13.RELEASE"

string

SpdxLicenseData

Data object for Spdx License

Name Description Model

details
optional

License details or link to license description
Example : "https://spdx.org/licenses/Apache-2.0.html"

string

name
optional

License name
Example : "Apache License 2.0"

string

spdxid
optional

SPDX code (Software Package Data Exchange)
Example : "Apache-2.0"

string

SubGraphImpactRequest

It is necessary to indicate the name of the application or the analysis code, as well as the source and the target identifier

Name Description Model

analysisCode
optional

Analysis code
Example : "A-7e3-16dc9e29131"

string

applicationName
optional

Application name
Example : "myApp"

string

navigationFilter
required

Navigation filter
Example : NavigationFilterData

sourceId
required

Source identifier
Example : 5463

integer (int64)

targetId
required

Target identifier
Example : 5467

integer (int64)

SubGraphImpactResponse

Response object for Sub Graph Impact

Name Description Model

components
optional

List of components
Example : [ "ComponentDetailResponse" ]

relations
optional

List of relations
Example : [ "RelationRestData" ]

< RelationRestData > array

UnparsedFileData

Data object for Unparsed File

Name Description Model

cause
optional

Cause
Example : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"

string

file
optional

Unparsed file name
Example : "FileSystemSQL.java"

string

UpdateCustomComponentRestData

Data object for Custom Component to Update

Name Description Model

artifact
required

Artifact name
Example : "spring-aop"

string

custom
optional

Confirm that current component is custom (true value) or may be public (false value)
Example : false

boolean

date
optional

Component date
Example : "2019-08-03T10:15:30Z"

string

description
optional

Component description
Example : "This artifact define the spring-aop"

string

group
optional

Artifact Group
Example : "org.springframework"

string

language
required

Artifact Technology
Example : "java"

string

showPublicLicenses
optional

If you want show licenses found by Kiuwan
Example : false

boolean

showPublicVulnerabilities
optional

When custom is true if you want show public vulnerabilities found by Kiuwan
Example : false

boolean

version
required

Artifact version
Example : "3.2.13.RELEASE"

string

UserApplicationRoleResponse

Response object for Application and assigned User Role

Name Description Model

override
optional

Indicates if override the configuration or not
Example : true

boolean

roleName
optional

Role name
Example : "None"

string

username
optional

User name
Example : "username"

string

UserAppsPermissionsResponse

Response object for Application and assigned User Permissions

Name Description Model

applicationPermissionsData
optional

List of applicaction names and their permissions for this user
Example : [ "ApplicationPermissionsData" ]

email
optional

User email
Example : "john.smith@myCompany.com"

string

enabled
optional

Indicates if the user is enabled or not
Example : true

boolean

firstName
optional

User first name
Example : "John"

string

lastName
optional

User last name
Example : "Smith"

string

manageApplications
optional

Indicates if the user has permissions to manage applications
Example : true

boolean

manageAudits
optional

Indicates if the user has permissions to manage audits
Example : true

boolean

manageModels
optional

Indicates if the user has permissions to manage models
Example : true

boolean

manageReports
optional

Indicates if the user has permissions to manage reports
Example : true

boolean

manageUsers
optional

Indicates if the user has permissions to manage users
Example : true

boolean

managementFeatures
optional

Management features. Allowed values are { MANAGE_APPLICATIONS | MANAGE_ALL_USERS | MANAGE_MODELS }
Example : "["MANAGE_APPLICATIONS","MANAGE_MODELS"]"

< string > array

overrideUserGroup
optional

Indicates if the user override group permissions
Example : true

boolean

supportEnabled
optional

Indicates if the user has the support enabled
Example : true

boolean

username
optional

User name
Example : "john.smith@myCompany.com"

string

UserDetailResponse

Response object for User Details

Name Description Model

email
optional

User email
Example : "john.smith@myCompany.com"

string

enableLoginWithPassword
optional

Indicates if the user has enable login with password
Example : true

boolean

enabled
optional

Indicates if the user is enabled or not
Example : true

boolean

firstName
optional

User first name
Example : "John"

string

isOwner
optional

Indicates if the user is the account owner
Example : false

boolean

lastName
optional

User last name
Example : "Smith"

string

username
optional

User name
Example : "john.smith@myCompany.com"

string

UserGroupRequest

Request object for User Group

Name Description Model

accessControlConfiguration
optional

User access control configuration details
Example : AccessControlConfigurationData

name
required

User group name
Example : "CMSDevelopers"

string

newName
optional

User group new name
Example : "CMS_Developers"

string

users
optional

Group users list
Example : "john.smith@myCompany.com, kelly.smith@myCompany.com"

< string > array

UserGroupResponse

Response object for User Group

Name Description Model

name
optional

User group name
Example : "CMSDevelopers"

string

users
optional

Group users list
Example : "john.smith@myCompany.com, kelly.smith@myCompany.com"

< string > array

UserInformationResponse

Response object for User Information

Name Description Model

engineFrozen
optional

Whether the engine version is frozen or not
Example : true

boolean

engineVersion
optional

Current (or frozen) engine version
Example : "master.p571.q11669.a1875.i539"

string

organization
optional

Organization name
Example : "MyCompany"

string

username
optional

User name
Example : "John Smith"

string

UserManagementRequest

Request object for User Management

Name Description Model

accessControlConfiguration
optional

User access control configuration details
Example : AccessControlConfigurationData

email
required

User email
Example : "john.smith@myCompany.com"

string

enableLoginWithPassword
optional

Indicates if the user has enable login with password
Example : true

boolean

enabled
required

Indicates if the user is enabled
Example : true

boolean

firstName
required

User first name
Example : "John"

string

generatePassword
optional

True to generate a random password
Example : true

boolean

lastName
required

User last name
Example : "Smith"

string

regeneratePassword
optional

True to regenerate the user password
Example : false

boolean

username
required

User name
Example : "john.smith@myCompany.com"

string

UserPortfolioRoleData

Data object for Portfolio and User Role assigned

Name Description Model

portfolioValue
optional

Portfolio value
Example : "Asia"

string

roleName
optional

Name of the role
Example : "Write"

string

type
optional

Portfolio type (CUSTOM, SYSTEM)
Example : "CUSTOM"

enum (CUSTOM, SYSTEM)

username
optional

User name
Example : "username"

string

ValueCountData

Data object for Value Count

Name Description Model

count
optional

Number of elements with same property
Example : 22

integer (int64)

value
optional

Name of property (language, type, relation)
Example : "java"

string

ViolatedRuleResponse

Response object for Violated Rule

Name Description Model

characteristic
optional

CQM characteristic
Example : "Security"

enum (Efficiency, Maintainability, Portability, Reliability, Security)

defectsCount
optional

Number of defects
Example : 72

integer (int64)

effort
optional

Rule effort
Example : "36h 00"

string

files
optional

Link to files
Example : HrefData

filesCount
optional

Number of files
Example : 11

integer (int64)

language
optional

CQM technology (List of supported technologies in https://www.kiuwan.com/docs/display/K5/Kiuwan+Supported+Technologies)
Example : "Java"

string

modelId
optional

Model identifier
Example : 6252

integer (int64)

priority
optional

CQM priority
Example : "Very High"

enum (Very Low, Low, Normal, High, Very High)

ruleCode
optional

Rule code
Example : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule"

string

suppressedDefectsCount
optional

Number of suppressed defects
Example : 0

integer (int64)

tags
optional

Tags list
Example : "[CERT-J:IDS51-J,CWE:79,CWEScope:Access-Control,CWEScope:Availability,CWEScope:Confidentiality,CWEScope:Integrity,essential,OWASP:2013:A3,OWASP:2017:A7,OWASP-M:2014:M7,PCI-DSS:6.5.7,SANS25:2010:1,SANS25:2011:4,WASC:08]"

< string > array

vulnerabilityType
optional

Vulnerability type (More info in https://www.kiuwan.com/docs/display/K5/Kiuwan+Vulnerability+Types)
Example : "Injection"

string

VulnerabilityData

Data object for Vulnerability

Name Description Model

category
optional

Sink category
Example : "xss"

string

container
optional

Container
Example : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)"

string

cweId
optional

CWE identifier
Example : 79

integer (int32)

datapaths
optional

Vulnerability datapaths
Example : [ "DatapathData" ]

< DatapathData > array

frames
optional

Vulnerability frames
Example : [ "FrameData" ]

< FrameData > array

injectionPoint
optional

InjectionPoint
Example : "string"

string

resource
optional

Resource
Example : "web"

string

sourceCategory
optional

Source category
Example : "user_input"

string

sourceCode
optional

Source code
Example : "\t\t\tString val = request.getParameter(item);"

string

sourceContainer
optional

Source container
Example : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)"

string

sourceFile
optional

Source file
Example : "FileSystemRepository.java"

string

sourceInjectionPoint
optional

Source injection point
Example : "string"

string

sourceLine
optional

Source line
Example : 70

integer (int32)

sourceResource
optional

Source resource
Example : "web"

string

variableDeclaration
optional

Variable declaration
Example : "String sql"

string

VulnerabilityRestData

Data object for Insight Vulnerability

Name Description Model

cve
optional

CVE reference (Common Vulnerabilities and Exposures)
Example : "CVE-2018-11039"

string

cwe
optional

CWE reference (Common Weakness Enumeration Specification)
Example : "CWE-20"

string

description
optional

Vulnerability description
Example : "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack."

string

id
optional

Vulnerability identifier
Example : 108742

integer (int64)

privateVulnerability
optional

If is private vulnerability or not
Example : true

boolean

severity
optional

Vulnerability severity (High, Medium, Low)
Example : "Low"

enum (High, Medium, Low)

VulnerableArtifactVersionsData

Data object for Vulnerable Artifact Versions

Name Description Model

affectedVersions
required

Affected versions
Example : [ "AffectedVersionsData" ]

artifact
required

Artifact name
Example : "spring-aop"

string

group
optional

Artifact Group
Example : "org.springframework"

string

language
required

Artifact Language
Example : "java"

string