Overview
The REST API is the primary way that data are retrieved from Kiuwan. This guide is intended for developers who want to write applications that can interact with the Kiuwan API. It contains a full reference of API calls. It also shows you how authentication works and all about service quotas.
Be sure that you have a Kiuwan account and a Kiuwan username and password. Every REST API request must be authenticated. We recommend to use a different account for development purpose, in order to protect yourself and your production quota service.
Calling style and data format
There are several ways for calling Kiuwan REST API from your application. You can do it directly from Javascript —no server side code is required— or you can use a client library, depending on your server side technology.
The data format is JSON (Javascript Object Notation). It is a common, language-independent data format that provides a simple text representation of arbitrary data structures. For more information, see json.org.
The endpoints and their parmeters are case-sensitive. In case you call the API with a URL that does not exist in this document, you will receive a 404 error. If the names of the optional parameters are incorrect, the call will be the same as the call without these parameters. On the other hand, there are endpoints with all optional parameters, in this case, you can find the explanation in the description. |
Swagger / OpenAPI specification
Kiuwan provides a Swagger / OpenAPI specification of its public REST API. There are many generators available that you can use to create a client for the language that suits your needs. You can download the Kiuwan REST API OpenAPI specification here:
Working with API
if you are a Kiuwan on-premise user, you should point your API calls to the configured kiuwan on-premise host, using the scheme your installation is running under (http / https). |
Schema
All API access is over HTTPS, and accessed from the api.kiuwan.com domain.
All data is sent and received as JSON, except the endpoints witch generates reports that returns files or in the case of error this endpoints will return JSON object. All timestamps are returned in ISO 8601 format: |
YYYY-MM-DDTHH:MM:SSZ
Example:
$ curl -i --user [YOUR USERNAME]:[YOUR PASSWORD] https://api.kiuwan.com/apps/kiuwan
HTTP/1.1 200 OK
Date: Tue, 09 Jul 2013 08:40:04 GMT
Server: Restlet-Framework/2.1.2
Accept-Ranges: bytes
X-QuotaLimit: 1000
X-QuotaLimit-Remaining: 993
Content-Type: application/json;charset=UTF-8
Set-Cookie: JSESSIONID=B28iXS4GthtHVOysVg6fjnDK.undefined; Path=/saas; Secure; HttpOnly
Set-Cookie: ROUTEID=.saas1; path=/saas
Via: 1.1 api.kiuwan.com
Transfer-Encoding: chunked
{"name":"kiuwan","description":"kiuwan","label":"","date":"2013-05-27T11:11:15Z","encoding":"UTF-8","languages":[{"name":"java","size":64328},{"name":"sql","size":1}],"quality_model":"CQM","ordered_by":"Jerry Fish","Risk index":{"value":0.03973296594074194},"Quality indicator":{"value":84.67472661535454,"children":[{"name":"Efficiency","value":88.75956383609372},{"name":"Maintainability","value":59.62314522711728},{"name":"Portability","value":98.37209493445182},{"name":"Reliability","value":93.53795131980435},{"name":"Security","value":99.8542334844733}]},"Effort to target":{"value":42.19999999999999,"children":[{"name":"Efficiency","value":0.0},{"name":"Maintainability","value":42.19999999999999},{"name":"Portability","value":0.0},{"name":"Reliability","value":0.0},{"name":"Security","value":0.0}]},"Main metrics":[{"name":"Files","value":996.0},{"name":"Lines of code","value":64329.0},{"name":"Duplicated code","value":0.12281122303922935},{"name":"Complexity","value":1.461493497004238},{"name":"Very high defects","value":101.0},{"name":"Total defects","value":10277.0}]}
The parameters of the different endpoints can be of the following types:
Type | Description |
---|---|
Query |
Query parameters are a defined set of parameters attached to the end of a url. They are extensions of the URL that are used to help define specific content or actions based on the data being passed. |
Path |
Path parameters are components of a URL path that can vary. They are typically used to point to a specific resource within a collection, such as a user identified by ID. A URL can have several path parameters, each denoted with curly braces { }. |
Body |
The POST, PUT and PATCH requests can have the request body (payload), such as JSON or XML data. The request body is called a body parameter. There can be only one body parameter, although the operation may have other parameters (path, query, header). |
Authentication and authorization
Every request your application sends to the Kiuwan REST API must identify your application. You can do that by using HTTP Basic, which also authorizes the request.
Most client software provides a simple mechanism for supplying a user name and password and will build the required authentication headers automatically. For example, you can specify the --user argument with curl as follows:
$ curl --user [YOUR USERNAME]:[YOUR PASSWORD] https://api.kiuwan.com/info
Once you have been identified with a valid user and password, you will have access to your private quality results. Even, you will have access to public accounts and their quality results.
Example with query params:
$ curl --user [YOUR USERNAME]:[YOUR PASSWORD] https://api.kiuwan.com/applications/last_analysis?application=my_app
In case that Single Sign-On is activated in your account, for custom programs using Kiuwan REST-API calls, you have to add a new header (X-KW-CORPORATE-DOMAIN-ID) to indicate the Domain ID to pass the BASIC authentication.
Example of curl execution for accounts with Single Sign-On enabled:
$ curl -H "X-KW-CORPORATE-DOMAIN-ID: {domain.id}" --user [YOUR USERNAME]:[YOUR PASSWORD] https://api.kiuwan.com/info
In order to use REST-API on customers with Single Sign-On, the user must have been authorized by the administrator to continue using Kiuwan credentials. And, in this case, the user must authenticate not only providing their username and password in Kiuwan, but also indicating the domain to which they belong to. |
Working with lists and pages
If the answer of your request is composed by a list of elements —a list of applications, analysis or defects, for example—, it will be paginated. You will find an indication if a function request allows pagination in API reference. You can manage pagination with two parameters:
Parameter name | Description | Default value | Valid range of values |
---|---|---|---|
page |
Page number of the request |
1 |
[1-INF] |
count |
The number of the elements per page |
500 |
[1-5000] |
An example of call in curl is:
curl -i --user [YOUR USERNAME]:[YOUR PASSWORD] https://api.kiuwan.com/apps/analysis/A-7e3-16e5b1aad2a/defects?page=2&count=50
For POST endpoints an example is:
curl -i --user [YOUR USERNAME]:[YOUR PASSWORD] -d "{""applicationName"": ""appName"", ""pagination"": {""page"": 1, ""count"": 50 }}" -H "Content-Type: application/json" -X POST https://api.kiuwan.com/arch/list
Quota service
In order to protect the performance, Kiuwan establish a Quota service for each authenticated user. The request will be limited to 1000 per hour. You can check the returned HTTP headers of any API request to see your current status:
$ curl -i --user jerry@kiuwan.com:j3rryf1sh https://api.kiuwan.com/info
HTTP/1.1 200 OK
Status: 200 OK
X-QuotaLimit: 1000
X-QuotaLimit-Remaining: 966
Examples
In this chapter we will show how to call the API for different languages:
Curl
You can curl an endpoint using directly your credentials:
curl -i --user [YOUR USERNAME]:[YOUR PASSWORD] https://api.kiuwan.com/...
Or specifying a basic authorization hash:
curl -i -H "Authorization: Basic [[BASIC AUTH HASH]]" https://api.kiuwan.com/...
Java
import io.swagger.client.*;
import io.swagger.client.auth.*;
import io.swagger.client.model.*;
import io.swagger.client.api.ActionPlanApi;
public class KiuwanRestApiExample {
public static void main(String[] args) {
ApiClient defaultClient = Configuration.getDefaultApiClient();
// Configure HTTP basic authorization: basicAuth
HttpBasicAuth basicAuth = (HttpBasicAuth) defaultClient.getAuthentication("basicAuth");
basicAuth.setUsername("YOUR USERNAME");
basicAuth.setPassword("YOUR PASSWORD");
// Instance API operation
ApplicationApi applicationApi = new ApplicationApi(defaultClient);
try {
for (ApplicationBean app : applicationApi.getApplications()) {
System.out.println(app);
}
} catch (ApiException e) {
System.err.println("Exception when calling ApplicationApi#getApplications");
e.printStackTrace();
}
}
}
Android
import io.swagger.client.api.ActionPlanApi;
public class ActionPlanApiExample {
public static void main(String[] args) {
// Instance API operation
ActionPlanApi apiInstance = new ActionPlanApi();
String application = application_example; // String | Application name
String name = name_example; // String | Action plan name
String creation = creation_example; // String | Creation date
try {
apiInstance.generateReportCSV(application, name, creation);
} catch (ApiException e) {
System.err.println("Exception when calling ActionPlanApi#generateReportCSV");
e.printStackTrace();
}
}
}
Obj-C
Configuration *apiConfig = [Configuration sharedConfig];
// Configure HTTP basic authorization (authentication scheme: basicAuth)
[apiConfig setUsername:@"YOUR_USERNAME"];
[apiConfig setPassword:@"YOUR_PASSWORD"];
String *application = application_example; // Application name
String *name = name_example; // Action plan name
String *creation = creation_example; // Creation date (optional)
// Instance API operation
ActionPlanApi *apiInstance = [[ActionPlanApi alloc] init];
[apiInstance generateReportCSVWith:application
name:name
creation:creation
completionHandler: ^(NSError* error) {
if (error) {
NSLog(@"Error: %@", error);
}
}];
JavaScript
var KiuwanRestApiClient = require('kiuwan_rest_api_client');
var defaultClient = KiuwanRestApiClient.ApiClient.instance;
// Configure HTTP basic authorization: basicAuth
var basicAuth = defaultClient.authentications['basicAuth'];
basicAuth.username = 'YOUR USERNAME'
basicAuth.password = 'YOUR PASSWORD'
// Instance API operation
var api = new KiuwanRestApiClient.ActionPlanApi()
var application = application_example; // {String} Application name
var name = name_example; // {String} Action plan name
var opts = {
'creation': creation_example // {String} Creation date
};
var callback = function(error, data, response) {
if (error) {
console.error(error);
} else {
console.log('API called successfully.');
}
};
api.generateReportCSV(application, name, opts, callback);
C#
using System;
using System.Diagnostics;
using IO.Swagger.Api;
using IO.Swagger.Client;
using IO.Swagger.Model;
namespace Example
{
public class generateReportCSVExample
{
public void main()
{
// Configure HTTP basic authorization: basicAuth
Configuration.Default.Username = "YOUR_USERNAME";
Configuration.Default.Password = "YOUR_PASSWORD";
// Instance API operation
var apiInstance = new ActionPlanApi();
var application = application_example; // String | Application name
var name = name_example; // String | Action plan name
var creation = creation_example; // String | Creation date (optional)
try
{
apiInstance.generateReportCSV(application, name, creation);
}
catch (Exception e)
{
Debug.Print("Exception when calling ActionPlanApi.generateReportCSV: " + e.Message );
}
}
}
}
PHP
<?php
require_once(__DIR__ . '/vendor/autoload.php');
// Configure HTTP basic authorization: basicAuth
Swagger\Client\Configuration::getDefaultConfiguration()->setUsername('YOUR_USERNAME');
Swagger\Client\Configuration::getDefaultConfiguration()->setPassword('YOUR_PASSWORD');
// Instance API operation
$api_instance = new Swagger\Client\Api\ActionPlanApi();
$application = application_example; // String | Application name
$name = name_example; // String | Action plan name
$creation = creation_example; // String | Creation date
try {
$api_instance->generateReportCSV($application, $name, $creation);
} catch (Exception $e) {
echo 'Exception when calling ActionPlanApi->generateReportCSV: ', $e->getMessage(), PHP_EOL;
}
?>
Perl
use Data::Dumper;
use WWW::SwaggerClient::Configuration;
use WWW::SwaggerClient::ActionPlanApi;
# Configure HTTP basic authorization: basicAuth
$WWW::SwaggerClient::Configuration::username = 'YOUR_USERNAME';
$WWW::SwaggerClient::Configuration::password = 'YOUR_PASSWORD';
# Instance API operation
my $api_instance = WWW::SwaggerClient::ActionPlanApi->new();
my $application = application_example; # String | Application name
my $name = name_example; # String | Action plan name
my $creation = creation_example; # String | Creation date
eval {
$api_instance->generateReportCSV(application => $application, name => $name, creation => $creation);
};
if ($@) {
warn "Exception when calling ActionPlanApi->generateReportCSV: $@\n";
}
Python
import swagger_client
# Instance API operation
api_instance = swagger_client.ActionPlanApi()
# Configure HTTP basic authorization: basicAuth
api_instance.api_client.configuration.username = 'username.demo'
api_instance.api_client.configuration.password = "xxxxxxx"
# Run the desired method
application = "Abap" # String | Application name
print(api_instance.get_action_plans(application))
Error codes
The REST API returns the next error codes when something in the request goes wrong.
Error code | Cause | HTTP status code |
---|---|---|
00 |
Internal server error. |
500 |
01 |
Quota limit reached. |
429 |
02 |
Access denied. |
403 |
03 |
Application not found. |
404 |
04 |
Analysis not found. |
404 |
05 |
Bad JSON format. |
400 |
06 |
Application already exists. |
409 |
07 |
Bad datetime format. |
400 |
08 |
Bad model id. |
400 |
09 |
Limit exceeded. |
403 |
10 |
Bad analysis result id format. |
400 |
11 |
Bad artifact id format. |
400 |
12 |
Bad customer id format. |
400 |
13 |
Model not found. |
404 |
14 |
Portfolio value not found. |
404 |
15 |
Portfolio not found. |
404 |
16 |
Duplicated portfolio name found. |
400 |
17 |
User not found. |
404 |
18 |
Override option not indicated. |
400 |
19 |
Unknown role assignment mode. |
400 |
20 |
Role not found. |
404 |
21 |
Invalid parameter. |
400 |
22 |
Unknown management feature name. |
400 |
23 |
Target out of range. |
400 |
24 |
Unknown business value. |
400 |
25 |
User already exists. |
400 |
26 |
Duplicated application name. |
400 |
27 |
Duplicated portfolio value. |
400 |
28 |
User group not found. |
404 |
29 |
User group with indicated name already exists. |
400 |
30 |
Indicated provider not found. |
404 |
31 |
You do not have permissions to view the portfolio definitions. |
403 |
32 |
(Not used) |
|
33 |
Duplicated business value in the request. |
400 |
34 |
Duplicated provider in the request. |
400 |
35 |
Not in ISO 8601 format. |
400 |
36 |
Action plan not found. |
404 |
37 |
Rule not found. |
404 |
38 |
Delivery not found. |
404 |
39 |
Checkpoint not found. |
404 |
40 |
Input modelId does not match a valid model |
400 |
41 |
Duplicated tag |
400 |
42 |
Defect not found |
404 |
43 |
Audit not found |
404 |
44 |
Analysis is running |
404 |
45 |
Analysis failed |
404 |
46 |
Invalid value |
400 |
47 |
Custom Software Artifact not found |
404 |
48 |
Custom Software Artifact already exists |
400 |
49 |
Private Vulnerability not found |
404 |
50 |
Private Vulnerability already exists |
400 |
51 |
Software Artifact not found |
404 |
52 |
License not found |
404 |
53 |
Relation Software Artifact and license not found |
404 |
The response status will be HTTP status code indicated in the table above. Additionally, the response will contain an array of errors, each error will have a couple of fields:
-
"code": Error code
-
"message": Error message
For example:
{
"errors": [
{
"code": "04",
"message": "Analysis not found."
}
]
}
Endpoints
This section shows all available endpoints in Kiuwan REST API.
ActionPlan
Get progress summary of an action plan
GET /actionPlan
Description
Obtains the current and the past main metrics and indicators of an application for an action plan. If there are more than one action plans with the same name, this endpoint returns the most recent action plan’s information.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
application |
Application name |
string |
Query |
creation |
Action plan creation date |
string (date-time) |
Query |
name |
Action plan name |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of an action plan |
|
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/actionPlan?application=myApp&name=ActionPlan1&creation=2019-08-03T10%3A15%3A30Z
Example HTTP response
Response 200
{
"name": "ActionPlan1",
"description": "Action Plan for security defects",
"creation": "2019-10-31T14:50:05.227Z",
"expiration": "2019-11-31T14:50:05.227Z",
"createdBy": "The Boss",
"assignedTo": "John Smith",
"progress": 32.5,
"estimate": "1h 56m",
"pendingEffort": "30m",
"purged": false,
"riskIndexBefore": 19.22,
"globalIndicatorBefore": 7.21,
"effortToTargetBefore": 31.8,
"qualityIndicatorsBefore": {
"Efficiency": 53.21,
"Portability": 72.9,
"Maintainability": 21.9,
"Reliability ": 13.12,
"Security ": 38.32
},
"riskIndexAfter": 9.3,
"globalIndicatorAfter": 23.5,
"effortToTargetAfter": 8.23,
"qualityIndicatorsAfter": {
"Efficiency": 15.28,
"Portability": 7.23,
"Maintainability": 71.1,
"Reliability": 31.2,
"Security": 23.21
},
"metrics": {
"string": 0.0
}
}
Get all defects of an action plan
GET /actionPlan/defects/all
Description
Obtains all defects included in an action plan. If there are more than one action plans with the same name, this endpoint returns the most recent action plan’s information.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
application |
Application name |
string |
Query |
creation |
Action plan creation date |
string (date-time) |
Query |
name |
Action plan name |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of an action plan defects |
|
400 |
Invalid creation date format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/actionPlan/defects/all?application=myApp&name=ActionPlan1&creation=2019-08-03T10%3A15%3A30Z
Example HTTP response
Response 200
{
"name" : "ActionPlan1",
"description" : "Action Plan for security defects",
"creation" : "2019-10-31T14:50:05.227Z",
"expiration" : "2019-11-31T14:50:05.227Z",
"createdBy" : "The Boss",
"assignedTo" : "John Smith",
"progress" : 32.5,
"estimate" : "1h 56m",
"pendingEffort" : "30m",
"purged" : false,
"allDefects" : [ {
"defectId" : 16558118,
"file" : "FileSystemRepository.java",
"line" : 368,
"code" : "\t\t\tout.println(sql);",
"muted" : false,
"vulnerabilityType" : "Injection",
"explanation" : "Reflected XSS: user_input",
"status" : "None",
"cweId" : 79,
"ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
"rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"language" : "java",
"characteristic" : "Security",
"priority" : "Very High",
"effort" : "30m",
"modelId" : 6252,
"securityDetail" : {
"cweId" : 79,
"category" : "xss",
"resource" : "web",
"container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
"injectionPoint" : "string",
"variableDeclaration" : "String sql",
"sourceFile" : "FileSystemRepository.java",
"sourceLine" : 70,
"sourceCode" : "\t\t\tString val = request.getParameter(item);",
"sourceCategory" : "user_input",
"sourceResource" : "web",
"sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"sourceInjectionPoint" : "string",
"frames" : [ {
"index" : 0,
"file" : "FileSystemRepository.java",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"category" : "user_input",
"resource" : "web",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"injectionPoint" : "string",
"variableDeclaration" : "string"
} ],
"datapaths" : [ {
"index" : 1,
"kind" : "sink",
"varname" : "user",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"indirect" : true,
"file" : "FileSystemRepository.java",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"localId" : 1,
"localParentId" : 1
} ]
}
} ]
}
Get pending defects of an action plan
GET /actionPlan/defects/pending
Description
Obtains the pending defects of an action plan compared with a concrete analysis. If there are more than one action plans with the same name, this endpoint returns the most recent action plan’s information. If there are more than one analysis with the same label, uses the most recent analysis of them.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
analysisLabel |
Analysis label. If empty it compares with last analysis |
string |
Query |
application |
Application name |
string |
Query |
asc |
Sort ascending: true/false |
enum (true, false) |
Query |
characteristics |
Comma-separated list of characteristics to filter by |
enum (Efficiency, Maintainability, Portability, Reliability, Security) |
Query |
creation |
Action plan creation date |
string (date-time) |
Query |
fileContains |
Use this param to filter defects by file name |
string |
Query |
languages |
Comma-separated list of languages to filter by |
string |
Query |
limit |
Max number of defects returned |
integer |
Query |
name |
Action plan name |
string |
Query |
orderBy |
Sorting criteria: priority/effort |
enum (priority, effort) |
Query |
priorities |
Comma-separated list of priorities(Very low, Low, Normal, High, Very high) to filter by |
enum (Very low, Low, Normal, High, Very high) |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of an action plan pending defects |
|
400 |
Invalid creation date format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/actionPlan/defects/pending?application=myApp&name=ActionPlan1&analysisLabel=A-7e3-16dc9e2913&asc=true&characteristics=Security%2C+Efficiency&creation=2019-08-03T10%3A15%3A30Z&fileContains=FileSystemRepository.java&languages=java%2C+php&limit=100&orderBy=priority&priorities=Very+high%2C+High
Example HTTP response
Response 200
{
"name" : "ActionPlan1",
"description" : "Action Plan for security defects",
"creation" : "2019-10-31T14:50:05.227Z",
"expiration" : "2019-11-31T14:50:05.227Z",
"createdBy" : "The Boss",
"assignedTo" : "John Smith",
"progress" : 32.5,
"estimate" : "1h 56m",
"pendingEffort" : "30m",
"purged" : false,
"pendingDefects" : [ {
"defectId" : 16558118,
"file" : "FileSystemRepository.java",
"line" : 368,
"code" : "\t\t\tout.println(sql);",
"muted" : false,
"vulnerabilityType" : "Injection",
"explanation" : "Reflected XSS: user_input",
"status" : "None",
"cweId" : 79,
"ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
"rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"language" : "java",
"characteristic" : "Security",
"priority" : "Very High",
"effort" : "30m",
"modelId" : 6252,
"securityDetail" : {
"cweId" : 79,
"category" : "xss",
"resource" : "web",
"container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
"injectionPoint" : "string",
"variableDeclaration" : "String sql",
"sourceFile" : "FileSystemRepository.java",
"sourceLine" : 70,
"sourceCode" : "\t\t\tString val = request.getParameter(item);",
"sourceCategory" : "user_input",
"sourceResource" : "web",
"sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"sourceInjectionPoint" : "string",
"frames" : [ {
"index" : 0,
"file" : "FileSystemRepository.java",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"category" : "user_input",
"resource" : "web",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"injectionPoint" : "string",
"variableDeclaration" : "string"
} ],
"datapaths" : [ {
"index" : 1,
"kind" : "sink",
"varname" : "user",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"indirect" : true,
"file" : "FileSystemRepository.java",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"localId" : 1,
"localParentId" : 1
} ]
}
} ]
}
Get removed defects of an action plan
GET /actionPlan/defects/removed
Description
Obtains the removed defects of an action plan compared with a concrete analysis. If there are more than one action plans with the same name, this endpoint returns the most recent action plan’s information. If there are more than one analysis with the same label, uses the most recent analysis of them.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
analysisLabel |
Analysis label. If empty it compares with last analysis |
string |
Query |
application |
Application name |
string |
Query |
creation |
Action plan creation date |
string (date-time) |
Query |
name |
Action plan name |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of an action plan removed defects |
|
400 |
Invalid creation date format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/actionPlan/defects/removed?application=myApp&name=ActionPlan1&analysisLabel=A-7e3-16dc9e2913&creation=2019-08-03T10%3A15%3A30Z
Example HTTP response
Response 200
{
"name" : "ActionPlan1",
"description" : "Action Plan for security defects",
"creation" : "2019-10-31T14:50:05.227Z",
"expiration" : "2019-11-31T14:50:05.227Z",
"createdBy" : "The Boss",
"assignedTo" : "John Smith",
"progress" : 32.5,
"estimate" : "1h 56m",
"pendingEffort" : "30m",
"purged" : false,
"removedDefects" : [ {
"defectId" : 16558118,
"file" : "FileSystemRepository.java",
"line" : 368,
"code" : "\t\t\tout.println(sql);",
"muted" : false,
"vulnerabilityType" : "Injection",
"explanation" : "Reflected XSS: user_input",
"status" : "None",
"cweId" : 79,
"ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
"rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"language" : "java",
"characteristic" : "Security",
"priority" : "Very High",
"effort" : "30m",
"modelId" : 6252,
"securityDetail" : {
"cweId" : 79,
"category" : "xss",
"resource" : "web",
"container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
"injectionPoint" : "string",
"variableDeclaration" : "String sql",
"sourceFile" : "FileSystemRepository.java",
"sourceLine" : 70,
"sourceCode" : "\t\t\tString val = request.getParameter(item);",
"sourceCategory" : "user_input",
"sourceResource" : "web",
"sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"sourceInjectionPoint" : "string",
"frames" : [ {
"index" : 0,
"file" : "FileSystemRepository.java",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"category" : "user_input",
"resource" : "web",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"injectionPoint" : "string",
"variableDeclaration" : "string"
} ],
"datapaths" : [ {
"index" : 1,
"kind" : "sink",
"varname" : "user",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"indirect" : true,
"file" : "FileSystemRepository.java",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"localId" : 1,
"localParentId" : 1
} ]
}
} ]
}
Get available action plans
GET /actionPlans
Description
List action plans of an application.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
application |
Application name |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of action plans |
< ActionPlanDetailResponse > array |
403 |
Access denied |
No Content |
404 |
Application does not exist |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/actionPlans?application=myApp
Example HTTP response
Response 200
[
{
"name": "ActionPlan1",
"description": "Action Plan for security defects",
"creation": "2019-10-31T14:50:05.227Z",
"expiration": "2019-11-31T14:50:05.227Z",
"createdBy": "The Boss",
"assignedTo": "John Smith",
"progress": 32.5,
"estimate": "1h 56m",
"pendingEffort": "30m",
"purged": false
}
...
...
...
{
"name": "plan2",
"description": "",
"creation": "2021-10 18T05:57:42Z",
"expiration": "2021-10-18T22:00:00Z",
"createdBy": "Administrator Site",
"progress": 0.0,
"estimate": "3h 00",
"pendingEffort": "180h",
"purged": false
}
]
ActionPlan-Reports
Get progress report of an action plan
GET /actionPlan/progress/export
Description
Get progress report of an action plan or JSON with errors
Parameters
Type | Name | Description | Model | Default |
---|---|---|---|---|
Query |
application |
Application name |
string |
|
Query |
creation |
Action plan creation date |
string (date-time) |
|
Query |
name |
Action plan name |
string |
|
Query |
type |
Type of report |
enum (CSV, PDF) |
|
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of an action plan progress report |
file |
400 |
Invalid parameter |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/pdf
-
text/csv
-
application/json
Example HTTP request
Request path
/actionPlan/progress/export?application=myApp&name=ActionPlan1&creation=2019-08-03T10%3A15%3A30Z&type=PDF
Get security report of an action plan
GET /actionPlan/security/export
Description
Get security report of an action plan or JSON with errors
Parameters
Type | Name | Description | Model | Default |
---|---|---|---|---|
Query |
application |
Application name |
string |
|
Query |
creation |
Action plan creation date |
string (date-time) |
|
Query |
name |
Action plan name |
string |
|
Query |
type |
Type of report |
enum (CSV, PDF) |
|
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of an action plan progress report |
file |
400 |
Invalid parameter |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/pdf
-
text/csv
-
application/json
Example HTTP request
Request path
/actionPlan/security/export?application=myApp&name=ActionPlan1&creation=2019-08-03T10%3A15%3A30Z&type=PDF
Get security progress report of an action plan
GET /actionPlan/security/progress/export
Description
Get security progress report of an action plan or JSON with errors
Parameters
Type | Name | Description | Model | Default |
---|---|---|---|---|
Query |
application |
Application name |
string |
|
Query |
creation |
Action plan creation date |
string (date-time) |
|
Query |
name |
Action plan name |
string |
|
Query |
type |
Type of report |
enum (CSV, PDF) |
|
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of an action plan progress report |
file |
400 |
Invalid parameter |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/pdf
-
text/csv
-
application/json
Example HTTP request
Request path
/actionPlan/security/progress/export?application=myApp&name=ActionPlan1&creation=2019-08-03T10%3A15%3A30Z&type=PDF
Activity
Get list of users activity
GET /activity
Description
List users activity with different parameters to filter data. See parameters section.
Parameters
Type | Name | Description | Model | Default |
---|---|---|---|---|
Query |
action |
Action name to filter results |
string |
|
Query |
affectedApplication |
Filter results by affected items: Application |
string |
|
Query |
affectedAudit |
Filter results by affected items: Audit |
string |
|
Query |
affectedModel |
Filter results by affected items: Model |
string |
|
Query |
affectedUser |
Filter results by affected items: User |
string |
|
Query |
count |
The number of activities to display (defaults to 10) |
integer |
|
Query |
description |
Activity description |
string |
|
Query |
elementType |
Type of activity |
string |
|
Query |
endDate |
Filter by date range - ending with the date |
string |
|
Query |
sortBy |
The field to sort by |
enum (action, user, date, elementType, description) |
|
Query |
sortOrder |
The sort order |
enum (asc, desc) |
|
Query |
startDate |
Filter by date range - starting from the date |
string |
|
Query |
startIndex |
The number of start index to display (defaults to 1) |
integer |
|
Query |
user |
User which did the activity |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of activity data |
|
400 |
Malformed request |
No Content |
403 |
Access denied |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/activity?action=CREATE&affectedApplication=myApp&affectedAudit=myAudit&affectedModel=CQM&affectedUser=otherUser&count=10&description=uploaded+results&elementType=Analysis&endDate=2019-11-01T23%3A59%3A59Z&sortBy=date&sortOrder=asc&startDate=2019-11-01T00%3A00%3A00Z&startIndex=1&user=user
Example HTTP response
Response 200
{
"totalResults" : 1,
"itemsPerPage" : 10,
"startIndex" : 1,
"activity" : [ {
"action" : "CREATE",
"user" : "user",
"date" : "2019-11-23T12:22:34Z",
"elementType" : "Analysis KLA",
"description" : "The user \"username\" logged in",
"affectedItems" : [ {
"type" : "Application",
"value" : "myAppName",
"oldValue" : "myOldAppName"
} ]
} ]
}
Analyses
Delete analysis
DELETE /analysis
Description
Delete the specified analysis. The analysis code parameter can refernce a baseline or a delivery. Runnning or enqueued analyses can be also deleted. Note that when a baseline analysis is specified, all its related deliveries will be deleted as well. This endpoint returns the deleted analyses' codes.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
analysisCode |
Analysis code to delete |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Analysis deleted successfully |
< string > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/analysis?analysisCode=A-7e3-16e5b1aad2a
Example HTTP response
Response 200
[
"string1"
...
...
...
...
"stringN"
]
Get list of analysis
GET /analysis/list
Description
List analysis with different parameters to filter data. See parameters section.
Parameters
Type | Name | Description | Model | Default |
---|---|---|---|---|
Query |
applicationName |
Application name to filter results |
string |
|
Query |
auditStatus |
Audit status to filter analysis (only apply to analysis that has audits) |
enum (OK, FAIL) |
|
Query |
count |
How many analysis in each page (defaults to 500) |
integer |
|
Query |
deliveries |
If the list of analysis must include only deliveries (true) or ignore deliveries (false), if this parameter has not value then all analysis will be returned |
boolean |
|
Query |
endDate |
End date to search |
string |
|
Query |
initDate |
Initial date to start search |
string |
|
Query |
page |
Number of results page (defaults to 1) |
integer |
|
Query |
status |
Status to filter analysis |
enum (SUCCESS, FAIL, INPROGRESS) |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of analysis list |
< AnalysisSearchResponse > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/analysis/list?applicationName=myApp&auditStatus=OK&count=500&deliveries=true&endDate=2019-11-01T23%3A59%3A59Z&initDate=2019-11-01T00%3A00%3A00Z&page=1&status=SUCCESS
Example HTTP response
Response 200
[
{
"applicationName": "myApp",
"code": "A-7e3-16dc9e29131",
"label": "14.10.2019_1",
"creationDate": "2019-10-14T15:15:15Z",
"qualityModel": "CQM",
"modelId": "string",
"encoding": "UTF-8",
"invoker": "github software",
"status": "RUNNING",
"errorCode": "string",
"unparsedFiles": [
{
"file": "FileSystemSQL.java",
"cause": "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
}
],
"analysisScope": "Baseline",
"changeRequest": "CR_14-10-2019_1",
"changeRequestStatus": "Resolved",
"branchName": "master",
"auditResult": "FAIL",
"analysisBusinessValue": "CRITICAL",
"analysisProvider": "Lab",
"analysisPortfolios": {
" country: ": " spain "
},
"metrics": {
" com.optimyth.CQM.defectsByPriority.Priority 1 ": 163,
" com.optimyth.CQM.defectsByPriority.Priority 2 ": 201,
" com.optimyth.CQM.defectsByPriority.Priority 3 ": 159,
" com.optimyth.CQM.defectsByPriority.Priority 4 ": 17,
"com.optimyth.CQM.defectsByPriority.Priority5": 41
}
},
...
...
...
{
"applicationName": "new_app",
"code": "A-7e5-17bc58e385b",
"label": "",
"creationDate": "2021-09-08T13:15:00Z",
"qualityModel": "CQM",
"encoding": "UTF-8",
"invoker": "sysadmin",
"status": "SUCCESS",
"unparsedFiles": [],
"analysisScope": "Baseline",
"analysisBusinessValue": "CRITICAL",
"analysisPortfolios": {},
"metrics": {
" com.optimyth.CQM.defectsByPriority.Priority 1 ": 0.0,
" com.optimyth.CQM.defectsByPriority.Priority 2 ": 14.0,
" com.optimyth.CQM.defectsByPriority.Priority 3 ": 19.0,
" com.optimyth.CQM.defectsByPriority.Priority 4 ": 0.0,
" com.optimyth.CQM.defectsByPriority.Priority 5 ": 1.0,
" com.optimyth.CQM.securityDefectsByPriority.Priority 1 ": 0.0,
" com.optimyth.CQM.securityDefectsByPriority.Priority 3 ": 9.0,
" com.optimyth.CQM.securityDefectsByPriority.Priority 4 ": 0.0,
" com.optimyth.CQM.securityDefectsByPriority.Priority 5 ": 1.0
}
}
]
Get list of all analysis codes for an application
GET /applications/analyses
Description
List all analysis codes for an application.
Parameters
Type | Name | Description | Model | Default |
---|---|---|---|---|
Query |
application |
Application name |
string |
|
Query |
count |
Limit results |
integer |
|
Query |
filterPurgedAnalyses |
Set to true to not retrieve purged analyses |
enum (true, false) |
|
Query |
success |
Set to true or false to retrieve only succeeded or failed, respectively |
enum (true, false) |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of analyses list |
< AnalysisResponse > array |
403 |
Access denied |
No Content |
404 |
Application does not exist |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/applications/analyses?application=myApp&count=100&filterPurgedAnalyses=true&success=true
Example HTTP response
Response 200
[ {
"code": "A-7e3-16dc9e29131",
"label": "14.10.2019_1",
"creationDate": "2019-10-14T15:15:15Z",
"qualityModel": "CQM",
"modelId": "string",
"encoding": "UTF-8",
"invoker": "github software",
"status": "RUNNING",
"errorCode": "string",
"unparsedFiles": [
{
"file": "FileSystemSQL.java",
"cause": "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
}
],
"analysisScope": "Baseline",
"changeRequest": "CR_14-10-2019_1",
"changeRequestStatus": "Resolved",
"branchName": "master",
"auditResult": "FAIL",
"analysisBusinessValue": "CRITICAL",
"analysisProvider": "Lab",
"analysisPortfolios": {
"country": "spain"
},
"metrics": {
"com.optimyth.CQM.defectsByPriority.Priority 1": 163,
"com.optimyth.CQM.defectsByPriority.Priority 2": 201,
"com.optimyth.CQM.defectsByPriority.Priority 3": 159,
"com.optimyth.CQM.defectsByPriority.Priority 4": 17,
"com.optimyth.CQM.defectsByPriority.Priority 5": 41
}
},
...
...
...
{
"code": "A-7e3-16dc9e29131",
"label": "14.10.2019_1",
"creationDate": "2019-10-14T15:15:15Z",
"qualityModel": "CQM",
"modelId": "string",
"encoding": "UTF-8",
"invoker": "github software",
"status": "RUNNING",
"errorCode": "string",
"unparsedFiles": [
{
"file": "FileSystemSQL.java",
"cause": "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
}
],
"analysisScope": "Baseline",
"changeRequest": "CR_14-10-2019_1",
"changeRequestStatus": "Resolved",
"branchName": "master",
"auditResult": "FAIL",
"analysisBusinessValue": "CRITICAL",
"analysisProvider": "Lab",
"analysisPortfolios": {
"country": "spain"
},
"metrics": {
"com.optimyth.CQM.defectsByPriority.Priority 1": 163,
"com.optimyth.CQM.defectsByPriority.Priority 2": 201,
"com.optimyth.CQM.defectsByPriority.Priority 3": 159,
"com.optimyth.CQM.defectsByPriority.Priority 4": 17,
"com.optimyth.CQM.defectsByPriority.Priority 5": 41
}
} ]
Get list of files with metric values and defects of the latest analysis
GET /applications/files
Description
List files with metric values and defects of the latest analysis for the named application.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
application |
Application name |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of analysis files list |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/applications/files?application=myApp
Example HTTP response
Response 200
{
"name" : "android",
"description" : "GitHub Android App",
"auditName" : "Kiuwan default audit",
"applicationBusinessValue" : "CRITICAL",
"applicationProvider" : "Lab",
"applicationPortfolios" : "{ "country": "spain" }",
"creationDate" : "2020-07-22T15:34:53Z",
"label" : "14.10.2019_1",
"date" : "2019-10-14T15:15:15Z",
"modelId" : 6252,
"encoding" : "UTF-8",
"analysisCode" : "A-ZBA-234820349",
"analysisURL" : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349",
"auditResultURL" : "string",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"analysisStatus" : "FINISHED",
"languages" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"architecture" : {
"languages" : [ {
"value" : "java",
"count" : 22
} ],
"types" : [ {
"value" : "java",
"count" : 22
} ],
"relations" : [ {
"value" : "java",
"count" : 22
} ],
"tags" : "tag1",
"groupTags" : "group1"
},
"insightsData" : {
"components" : 29,
"vulnerabilities" : 15,
"licenses" : 8,
"duplicates" : 8,
"risks" : [ {
"name" : "string",
"risk" : {
"string" : 0
}
} ]
},
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"files_count" : 124,
"count" : 100,
"page" : 1,
"files" : [ {
"name" : "FileSystemRepository.java",
"metrics_count" : 17,
"metrics" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"defects_count" : 5,
"defects" : [ {
"defectId" : 16558118,
"file" : "FileSystemRepository.java",
"line" : 368,
"code" : "\t\t\tout.println(sql);",
"muted" : false,
"vulnerabilityType" : "Injection",
"explanation" : "Reflected XSS: user_input",
"status" : "None",
"cweId" : 79,
"ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
"rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"language" : "java",
"characteristic" : "Security",
"priority" : "Very High",
"effort" : "30m",
"modelId" : 6252,
"securityDetail" : {
"cweId" : 79,
"category" : "xss",
"resource" : "web",
"container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
"injectionPoint" : "string",
"variableDeclaration" : "String sql",
"sourceFile" : "FileSystemRepository.java",
"sourceLine" : 70,
"sourceCode" : "\t\t\tString val = request.getParameter(item);",
"sourceCategory" : "user_input",
"sourceResource" : "web",
"sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"sourceInjectionPoint" : "string",
"frames" : [ {
"index" : 0,
"file" : "FileSystemRepository.java",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"category" : "user_input",
"resource" : "web",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"injectionPoint" : "string",
"variableDeclaration" : "string"
} ],
"datapaths" : [ {
"index" : 1,
"kind" : "sink",
"varname" : "user",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"indirect" : true,
"file" : "FileSystemRepository.java",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"localId" : 1,
"localParentId" : 1
} ]
}
} ]
} ],
"lastSuccessfulBaseline" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"lastSuccessfulDelivery" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"quality_model" : "CQM",
"ordered_by" : "github software",
"Risk index" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Quality indicator" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Effort to target" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Main metrics" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"Security" : "{ "Rating": 1, {"3Stars":104.6,"5Stars":255.9,"2Stars":64.89,"4Stars":247.4}"
}
Get last analysis
GET /applications/last_analysis
Description
Retrieves last analysis for the authenticated user and the application indicated.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
application |
Application name |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of applications |
|
403 |
Access denied |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/applications/last_analysis?application=myApp
Example HTTP response
Response 200
{
"name" : "android",
"description" : "GitHub Android App",
"auditName" : "Kiuwan default audit",
"applicationBusinessValue" : "CRITICAL",
"applicationProvider" : "Lab",
"applicationPortfolios" : "{ "country": "spain" }",
"creationDate" : "2020-07-22T15:34:53Z",
"label" : "14.10.2019_1",
"date" : "2019-10-14T15:15:15Z",
"modelId" : 6252,
"encoding" : "UTF-8",
"analysisCode" : "A-ZBA-234820349",
"analysisURL" : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349",
"auditResultURL" : "string",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"analysisStatus" : "FINISHED",
"languages" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"architecture" : {
"languages" : [ {
"value" : "java",
"count" : 22
} ],
"types" : [ {
"value" : "java",
"count" : 22
} ],
"relations" : [ {
"value" : "java",
"count" : 22
} ],
"tags" : "tag1",
"groupTags" : "group1"
},
"insightsData" : {
"components" : 29,
"vulnerabilities" : 15,
"licenses" : 8,
"duplicates" : 8,
"risks" : [ {
"name" : "string",
"risk" : {
"string" : 0
}
} ]
},
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"lastSuccessfulBaseline" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"lastSuccessfulDelivery" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"quality_model" : "CQM",
"ordered_by" : "github software",
"Risk index" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Quality indicator" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Effort to target" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Main metrics" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"Security" : "{ "Rating": 1, {"3Stars":104.6,"5Stars":255.9,"2Stars":64.89,"4Stars":247.4}"
}
Get application analysis
GET /apps/analysis/{code}
Description
Retrieves analysis results for a concrete analysis specified by code parameter.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Path |
code |
Analysis code |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of application analysis |
|
403 |
Access denied |
No Content |
404 |
Application does not exist |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/apps/analysis/A-7e3-16dc9e29131
Example HTTP response
Response 200
{
"name" : "android",
"description" : "GitHub Android App",
"auditName" : "Kiuwan default audit",
"applicationBusinessValue" : "CRITICAL",
"applicationProvider" : "Lab",
"applicationPortfolios" : "{ "country": "spain" }",
"creationDate" : "2020-07-22T15:34:53Z",
"label" : "14.10.2019_1",
"date" : "2019-10-14T15:15:15Z",
"modelId" : 6252,
"encoding" : "UTF-8",
"analysisCode" : "A-ZBA-234820349",
"analysisURL" : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349",
"auditResultURL" : "string",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"analysisStatus" : "FINISHED",
"languages" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"architecture" : {
"languages" : [ {
"value" : "java",
"count" : 22
} ],
"types" : [ {
"value" : "java",
"count" : 22
} ],
"relations" : [ {
"value" : "java",
"count" : 22
} ],
"tags" : "tag1",
"groupTags" : "group1"
},
"insightsData" : {
"components" : 29,
"vulnerabilities" : 15,
"licenses" : 8,
"duplicates" : 8,
"risks" : [ {
"name" : "string",
"risk" : {
"string" : 0
}
} ]
},
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Complete delivery",
"changeRequest" : "CR_13.01.2020",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"baselineAnalysisCode" : "A-7e3-16dc9e29131",
"deliveryFiles" : {
"count" : 132
},
"deliveryDefects" : {
"newDefects" : 3,
"removedDefects" : 0,
"defects" : 582
},
"auditResult" : {
"auditName" : "Kiuwan default audit",
"description" : "Default audit provided by Kiuwan. Checks if there are new defects. The audit will not pass if there are any.",
"approvalThreshold" : 50.0,
"overallResult" : "FAIL",
"score" : 0.0,
"checkpointResults" : [ {
"checkpoint" : "1",
"result" : "FAIL",
"name" : "No new defects",
"description" : "If a new defect is detected, the checkpoint will not pass.",
"weight" : 1,
"mandatory" : true,
"type" : "Threshold for maximum new defects",
"score" : 0.0,
"violatedRules" : [ {
"ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
"modelId" : 6252,
"defectsCount" : 72,
"suppressedDefectsCount" : 0,
"filesCount" : 11,
"effort" : "36h 00",
"characteristic" : "Security",
"vulnerabilityType" : "Injection",
"tags" : "[CERT-J:IDS51-J,CWE:79,CWEScope:Access-Control,CWEScope:Availability,CWEScope:Confidentiality,CWEScope:Integrity,essential,OWASP:2013:A3,OWASP:2017:A7,OWASP-M:2014:M7,PCI-DSS:6.5.7,SANS25:2010:1,SANS25:2011:4,WASC:08]",
"priority" : "Very High",
"language" : "Java",
"files" : {
"href" : "https://api.kiuwan.com/audits/checkpoints/violatedrules/files/defects?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&checkpoint=3452&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java"
}
} ]
} ]
},
"lastSuccessfulBaseline" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"lastSuccessfulDelivery" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"quality_model" : "CQM",
"ordered_by" : "github software",
"Risk index" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Quality indicator" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Effort to target" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Main metrics" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"Security" : "{ "Rating": 1, {"3Stars":104.6,"5Stars":255.9,"2Stars":64.89,"4Stars":247.4}"
}
Get list of analysis defects
GET /apps/analysis/{code}/defects
Description
List analysis defects for a concrete analysis specified by analysisCode parameter.
Parameters
Type | Name | Description | Model | Default |
---|---|---|---|---|
Path |
code |
Analysis code |
string |
|
Query |
asc |
Set to true to sort ascending (default is not set), false for descending |
enum (true, false) |
|
Query |
characteristics |
Comma-separated list of characteristics to filter by |
enum (Efficiency, Maintainability, Portability, Reliability, Security) |
|
Query |
count |
How many defects in each page (defaults to 500) |
integer |
|
Query |
fileContains |
Use this param to filter defects by file name |
string |
|
Query |
languages |
Comma-separated list of languages to filter by |
string |
|
Query |
muted |
Use this param to filter defects by their mute status |
enum (true, false) |
|
Query |
orderBy |
Sorting criteria (one of 'priority' or 'effort') |
enum (priority, effort) |
|
Query |
page |
Number of results page (defaults to 1) |
integer |
|
Query |
priorities |
Comma-separated list of priorities(Very low, Low, Normal, High, Very high) to filter by |
enum (Very low, Low, Normal, High, Very high) |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of analysis defects list |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/apps/analysis/A-7e3-16e5b1aad2a/defects?asc=true&characteristics=Security%2C+Efficiency&count=500&fileContains=FileSystemRepository.java&languages=java%2C+php&muted=true&orderBy=priority&page=1&priorities=Very+high%2C+High
Example HTTP response
Response 200
{
"name" : "android",
"description" : "GitHub Android App",
"auditName" : "Kiuwan default audit",
"applicationBusinessValue" : "CRITICAL",
"applicationProvider" : "Lab",
"applicationPortfolios" : "{ "country": "spain" }",
"creationDate" : "2020-07-22T15:34:53Z",
"label" : "14.10.2019_1",
"date" : "2019-10-14T15:15:15Z",
"modelId" : 6252,
"encoding" : "UTF-8",
"analysisCode" : "A-ZBA-234820349",
"analysisURL" : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349",
"auditResultURL" : "string",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"analysisStatus" : "FINISHED",
"languages" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"architecture" : {
"languages" : [ {
"value" : "java",
"count" : 22
} ],
"types" : [ {
"value" : "java",
"count" : 22
} ],
"relations" : [ {
"value" : "java",
"count" : 22
} ],
"tags" : "tag1",
"groupTags" : "group1"
},
"insightsData" : {
"components" : 29,
"vulnerabilities" : 15,
"licenses" : 8,
"duplicates" : 8,
"risks" : [ {
"name" : "string",
"risk" : {
"string" : 0
}
} ]
},
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"defects_count" : 581,
"activeDefects_count" : 575,
"supressedDefects_count" : 6,
"count" : 500,
"page" : 1,
"defects" : [ {
"defectId" : 16558118,
"file" : "FileSystemRepository.java",
"line" : 368,
"code" : "\t\t\tout.println(sql);",
"muted" : false,
"vulnerabilityType" : "Injection",
"explanation" : "Reflected XSS: user_input",
"status" : "None",
"cweId" : 79,
"ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
"rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"language" : "java",
"characteristic" : "Security",
"priority" : "Very High",
"effort" : "30m",
"modelId" : 6252,
"securityDetail" : {
"cweId" : 79,
"category" : "xss",
"resource" : "web",
"container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
"injectionPoint" : "string",
"variableDeclaration" : "String sql",
"sourceFile" : "FileSystemRepository.java",
"sourceLine" : 70,
"sourceCode" : "\t\t\tString val = request.getParameter(item);",
"sourceCategory" : "user_input",
"sourceResource" : "web",
"sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"sourceInjectionPoint" : "string",
"frames" : [ {
"index" : 0,
"file" : "FileSystemRepository.java",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"category" : "user_input",
"resource" : "web",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"injectionPoint" : "string",
"variableDeclaration" : "string"
} ],
"datapaths" : [ {
"index" : 1,
"kind" : "sink",
"varname" : "user",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"indirect" : true,
"file" : "FileSystemRepository.java",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"localId" : 1,
"localParentId" : 1
} ]
}
} ],
"lastSuccessfulBaseline" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"lastSuccessfulDelivery" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"quality_model" : "CQM",
"ordered_by" : "github software",
"Risk index" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Quality indicator" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Effort to target" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Main metrics" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"Security" : "{ "Rating": 1, {"3Stars":104.6,"5Stars":255.9,"2Stars":64.89,"4Stars":247.4}"
}
Get comparison of the defects found in two different analysis
GET /apps/analysis/{code}/defects/compare/{previouscode}
Description
Get the net number of new and removed defects and violated rules after comparing 2 given analyses.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Path |
code |
Analysis code |
string |
Path |
previouscode |
Previous analysis code |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of analysis compare defects |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/apps/analysis/A-7e3-16e5b1aad2a/defects/compare/A-7e3-16dc9e29131
Example HTTP response
Response 200
{
"Main analysis code" : "A-7e3-16e5b1aad2a",
"Previous analysis code" : "A-7e3-16dc9e29131",
"New violated rules count" : 1,
"Removed violated rules count" : 0,
"New defects count" : 3,
"Removed defects count" : 0
}
Get the list of new/removed defects in a comparison
GET /apps/analysis/{code}/defects/compare/{previouscode}/{defectstype}
Description
Get the list of new/removed defects in an analysis from the previous analysis.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Path |
code |
Analysis code |
string |
Path |
defectstype |
Either 'new' or 'removed' |
enum (new, removed) |
Path |
previouscode |
Previous analysis code |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of new or removed defects for an analysis |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/apps/analysis/A-7e3-16e5b1aad2a/defects/compare/A-7e3-16dc9e29131/new
Example HTTP response
Response 200
{
"count" : 3,
"page" : 1,
"Main analysis code" : "A-7e3-16e5b1aad2a",
"Previous analysis code" : "A-7e3-16dc9e29131",
"New violated rules count" : 1,
"Removed violated rules count" : 0,
"New defects count" : 3,
"Removed defects count" : 0,
"New defects" : [ {
"defectId" : 16558118,
"file" : "FileSystemRepository.java",
"line" : 368,
"code" : "\t\t\tout.println(sql);",
"muted" : false,
"vulnerabilityType" : "Injection",
"explanation" : "Reflected XSS: user_input",
"status" : "None",
"cweId" : 79,
"ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
"rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"language" : "java",
"characteristic" : "Security",
"priority" : "Very High",
"effort" : "30m",
"modelId" : 6252,
"securityDetail" : {
"cweId" : 79,
"category" : "xss",
"resource" : "web",
"container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
"injectionPoint" : "string",
"variableDeclaration" : "String sql",
"sourceFile" : "FileSystemRepository.java",
"sourceLine" : 70,
"sourceCode" : "\t\t\tString val = request.getParameter(item);",
"sourceCategory" : "user_input",
"sourceResource" : "web",
"sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"sourceInjectionPoint" : "string",
"frames" : [ {
"index" : 0,
"file" : "FileSystemRepository.java",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"category" : "user_input",
"resource" : "web",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"injectionPoint" : "string",
"variableDeclaration" : "string"
} ],
"datapaths" : [ {
"index" : 1,
"kind" : "sink",
"varname" : "user",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"indirect" : true,
"file" : "FileSystemRepository.java",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"localId" : 1,
"localParentId" : 1
} ]
}
} ],
"Removed defects" : [ {
"defectId" : 16558118,
"file" : "FileSystemRepository.java",
"line" : 368,
"code" : "\t\t\tout.println(sql);",
"muted" : false,
"vulnerabilityType" : "Injection",
"explanation" : "Reflected XSS: user_input",
"status" : "None",
"cweId" : 79,
"ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
"rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"language" : "java",
"characteristic" : "Security",
"priority" : "Very High",
"effort" : "30m",
"modelId" : 6252,
"securityDetail" : {
"cweId" : 79,
"category" : "xss",
"resource" : "web",
"container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
"injectionPoint" : "string",
"variableDeclaration" : "String sql",
"sourceFile" : "FileSystemRepository.java",
"sourceLine" : 70,
"sourceCode" : "\t\t\tString val = request.getParameter(item);",
"sourceCategory" : "user_input",
"sourceResource" : "web",
"sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"sourceInjectionPoint" : "string",
"frames" : [ {
"index" : 0,
"file" : "FileSystemRepository.java",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"category" : "user_input",
"resource" : "web",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"injectionPoint" : "string",
"variableDeclaration" : "string"
} ],
"datapaths" : [ {
"index" : 1,
"kind" : "sink",
"varname" : "user",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"indirect" : true,
"file" : "FileSystemRepository.java",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"localId" : 1,
"localParentId" : 1
} ]
}
} ]
}
Get list of files with metric values and defects for a specific analysis
GET /apps/analysis/{code}/files
Description
List files with metric values and defects for a specific analysis.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Path |
code |
Analysis code |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of analysis files |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/apps/analysis/A-7e3-16e5b1aad2a/files
Example HTTP response
Response 200
{
"name" : "android",
"description" : "GitHub Android App",
"auditName" : "Kiuwan default audit",
"applicationBusinessValue" : "CRITICAL",
"applicationProvider" : "Lab",
"applicationPortfolios" : "{ "country": "spain" }",
"creationDate" : "2020-07-22T15:34:53Z",
"label" : "14.10.2019_1",
"date" : "2019-10-14T15:15:15Z",
"modelId" : 6252,
"encoding" : "UTF-8",
"analysisCode" : "A-ZBA-234820349",
"analysisURL" : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349",
"auditResultURL" : "string",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"analysisStatus" : "FINISHED",
"languages" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"architecture" : {
"languages" : [ {
"value" : "java",
"count" : 22
} ],
"types" : [ {
"value" : "java",
"count" : 22
} ],
"relations" : [ {
"value" : "java",
"count" : 22
} ],
"tags" : "tag1",
"groupTags" : "group1"
},
"insightsData" : {
"components" : 29,
"vulnerabilities" : 15,
"licenses" : 8,
"duplicates" : 8,
"risks" : [ {
"name" : "string",
"risk" : {
"string" : 0
}
} ]
},
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"files_count" : 124,
"count" : 100,
"page" : 1,
"files" : [ {
"name" : "FileSystemRepository.java",
"metrics_count" : 17,
"metrics" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"defects_count" : 5,
"defects" : [ {
"defectId" : 16558118,
"file" : "FileSystemRepository.java",
"line" : 368,
"code" : "\t\t\tout.println(sql);",
"muted" : false,
"vulnerabilityType" : "Injection",
"explanation" : "Reflected XSS: user_input",
"status" : "None",
"cweId" : 79,
"ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
"rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"language" : "java",
"characteristic" : "Security",
"priority" : "Very High",
"effort" : "30m",
"modelId" : 6252,
"securityDetail" : {
"cweId" : 79,
"category" : "xss",
"resource" : "web",
"container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
"injectionPoint" : "string",
"variableDeclaration" : "String sql",
"sourceFile" : "FileSystemRepository.java",
"sourceLine" : 70,
"sourceCode" : "\t\t\tString val = request.getParameter(item);",
"sourceCategory" : "user_input",
"sourceResource" : "web",
"sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"sourceInjectionPoint" : "string",
"frames" : [ {
"index" : 0,
"file" : "FileSystemRepository.java",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"category" : "user_input",
"resource" : "web",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"injectionPoint" : "string",
"variableDeclaration" : "string"
} ],
"datapaths" : [ {
"index" : 1,
"kind" : "sink",
"varname" : "user",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"indirect" : true,
"file" : "FileSystemRepository.java",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"localId" : 1,
"localParentId" : 1
} ]
}
} ]
} ],
"lastSuccessfulBaseline" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"lastSuccessfulDelivery" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"quality_model" : "CQM",
"ordered_by" : "github software",
"Risk index" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Quality indicator" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Effort to target" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Main metrics" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"Security" : "{ "Rating": 1, {"3Stars":104.6,"5Stars":255.9,"2Stars":64.89,"4Stars":247.4}"
}
Analyses-Reports
Get defects CSV report of an analysis
GET /applications/analysis/defects/export
Description
Obtains a CSV report of the specified analysis code or the last analysis of the application name.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
application |
Application name |
string |
Query |
code |
Analysis code |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successfully retrieval of report |
file |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
text/csv
-
application/json
Example HTTP request
Request path
/applications/analysis/defects/export?application=myApp&code=A-7e3-16e5b1aad2a
Get security PDF report of an analysis
GET /applications/analysis/security/summary/export
Description
Obtains a security report of the specified analysis code or the last analysis of the application name in PDF format.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
application |
Application name |
string |
Query |
code |
Analysis code |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successfully retrieval of report |
file |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/pdf
-
application/json
Example HTTP request
Request path
/applications/analysis/security/summary/export?application=myApp&code=A-7e3-16e5b1aad2a
Get PDF report of an analysis
GET /applications/analysis/summary/export
Description
Obtains a report of the specified analysis code or the last analysis of the application name in PDF format.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
application |
Application name |
string |
Query |
code |
Analysis code |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successfully retrieval of report |
file |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/pdf
-
application/json
Example HTTP request
Request path
/applications/analysis/summary/export?application=myApp&code=A-7e3-16e5b1aad2a
Get security CSV/Threadfix report of an analysis
GET /applications/analysis/vulnerabilities/export
Description
Obtains a security report of the specified analysis code or the last analysis of the application name in CSV or Threadfix format.
Parameters
Type | Name | Description | Model | Default |
---|---|---|---|---|
Query |
application |
Application name |
string |
|
Query |
code |
Analysis code |
string |
|
Query |
type |
type of report |
enum (CSV, THREADFIX) |
|
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successfully retrieval of report |
file |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
text/csv
-
application/json
Example HTTP request
Request path
/applications/analysis/vulnerabilities/export?application=myApp&code=A-7e3-16e5b1aad2a&type=CSV
Application
Get applications
GET /applications
Description
Retrieves applications for the authenticated user.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
activityInfo |
controls wether to included creation, baseline and delivery info |
enum (true, false) |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of applications |
< ApplicationResponse > array |
403 |
Access denied |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/applications?activityInfo=true
Example HTTP response
Response 200
[
{
"name": "android",
"description": "GitHub Android App",
"auditName": "Kiuwan default audit",
"applicationBusinessValue": "CRITICAL",
"applicationProvider": "Lab",
"applicationPortfolios": {
" country ": " spain "
},
"creationDate": "2020-07-22T15:34:53Z",
"lastSuccessfulBaseline": {
"code": "A-7e3-16dc9e29131",
"label": "14.10.2019_1",
"creationDate": "2019-10-14T15:15:15Z",
"qualityModel": "CQM",
"modelId": "string",
"encoding": "UTF-8",
"invoker": "github software",
"status": "RUNNING",
"errorCode": "string",
"unparsedFiles": [
{
"file": "FileSystemSQL.java",
"cause": "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
}
],
"analysisScope": "Baseline",
"changeRequest": "CR_14-10-2019_1",
"changeRequestStatus": "Resolved",
"branchName": "master",
"auditResult": "FAIL",
"analysisBusinessValue": "CRITICAL",
"analysisProvider": "Lab",
"analysisPortfolios": {
" country ": " spain "
},
"metrics": {
" com.optimyth.CQM.defectsByPriority.Priority 1 ": 163,
" com.optimyth.CQM.defectsByPriority.Priority 2 ": 201,
" com.optimyth.CQM.defectsByPriority.Priority 3 ": 159,
" com.optimyth.CQM.defectsByPriority.Priority 4 ": 17,
" com.optimyth.CQM.defectsByPriority.Priority 5 ": 41
}
},
"lastSuccessfulDelivery": {
"code": "A-7e3-16dc9e29131",
"label": "14.10.2019_1",
"creationDate": "2019-10-14T15:15:15Z",
"qualityModel": "CQM",
"modelId": "string",
"encoding": "UTF-8",
"invoker": "github software",
"status": "RUNNING",
"errorCode": "string",
"unparsedFiles": [
{
"file": "FileSystemSQL.java",
"cause": "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
}
],
"analysisScope": "Baseline",
"changeRequest": "CR_14-10-2019_1",
"changeRequestStatus": "Resolved",
"branchName": "master",
"auditResult": "FAIL",
"analysisBusinessValue": "CRITICAL",
"analysisProvider": "Lab",
"analysisPortfolios": {
" country ": " spain "
},
" metrics ": {
" com.optimyth.CQM.defectsByPriority.Priority 1 ": 163,
" com.optimyth.CQM.defectsByPriority.Priority 2 ": 201,
" com.optimyth.CQM.defectsByPriority.Priority 3 ": 159,
" com.optimyth.CQM.defectsByPriority.Priority 4 ": 17,
" com.optimyth.CQM.defectsByPriority.Priority 5 ": 41
}
},
" quality_model ": " CQM "
},
...
...
...
{
"name": "test",
"description": "",
"auditName": "Default audit",
"applicationBusinessValue": "CRITICAL",
"applicationPortfolios": {},
"creationDate": "2021-09-06T11:29:33Z",
"lastSuccessfulBaseline": {
"code": "A-7e5-17bdda7a77d",
"label": "",
"creationDate": "2021-09-13T05:38:33Z"
},
"lastSuccessfulDelivery": {
"code": "A-7e5-17c086231ec",
"label": "",
"creationDate": "2021-09-21T12:42:50Z",
"analysisScope": "Complete delivery",
"changeRequest": "",
"changeRequestStatus": "In progress",
"branchName": ""
},
"quality_model": "CQM"
}
]
Get list of application defects
GET /applications/defects
Description
List application defects for the indicated application.
Parameters
Type | Name | Description | Model | Default |
---|---|---|---|---|
Query |
application |
Application name |
string |
|
Query |
asc |
Set to true to sort ascending (default is not set), false for descending |
enum (true, false) |
|
Query |
characteristics |
Comma-separated list of characteristics to filter by |
enum (Efficiency, Maintainability, Portability, Reliability, Security) |
|
Query |
count |
How many defects in each page (defaults to 500) |
integer |
|
Query |
fileContains |
Use this param to filter defects by file name |
string |
|
Query |
languages |
Comma-separated list of languages to filter by |
string |
|
Query |
orderBy |
Sorting criteria (one of 'priority' or 'effort') |
enum (priority, effort) |
|
Query |
page |
Number of results page (defaults to 1) |
integer |
|
Query |
priorities |
Comma-separated list of priorities(Very low, Low, Normal, High, Very high) to filter by |
enum (Very low, Low, Normal, High, Very high) |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of analysis defects list |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/applications/defects?application=myApp&asc=true&characteristics=Security%2C+Efficiency&count=500&fileContains=FileSystemRepository.java&languages=java%2C+php&orderBy=priority&page=1&priorities=Very+high%2C+High
Example HTTP response
Response 200
{
"name" : "android",
"description" : "GitHub Android App",
"auditName" : "Kiuwan default audit",
"applicationBusinessValue" : "CRITICAL",
"applicationProvider" : "Lab",
"applicationPortfolios" : "{ "country": "spain" }",
"creationDate" : "2020-07-22T15:34:53Z",
"label" : "14.10.2019_1",
"date" : "2019-10-14T15:15:15Z",
"modelId" : 6252,
"encoding" : "UTF-8",
"analysisCode" : "A-ZBA-234820349",
"analysisURL" : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349",
"auditResultURL" : "string",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"analysisStatus" : "FINISHED",
"languages" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"architecture" : {
"languages" : [ {
"value" : "java",
"count" : 22
} ],
"types" : [ {
"value" : "java",
"count" : 22
} ],
"relations" : [ {
"value" : "java",
"count" : 22
} ],
"tags" : "tag1",
"groupTags" : "group1"
},
"insightsData" : {
"components" : 29,
"vulnerabilities" : 15,
"licenses" : 8,
"duplicates" : 8,
"risks" : [ {
"name" : "string",
"risk" : {
"string" : 0
}
} ]
},
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"defects_count" : 581,
"activeDefects_count" : 575,
"supressedDefects_count" : 6,
"count" : 500,
"page" : 1,
"defects" : [ {
"defectId" : 16558118,
"file" : "FileSystemRepository.java",
"line" : 368,
"code" : "\t\t\tout.println(sql);",
"muted" : false,
"vulnerabilityType" : "Injection",
"explanation" : "Reflected XSS: user_input",
"status" : "None",
"cweId" : 79,
"ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
"rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"language" : "java",
"characteristic" : "Security",
"priority" : "Very High",
"effort" : "30m",
"modelId" : 6252,
"securityDetail" : {
"cweId" : 79,
"category" : "xss",
"resource" : "web",
"container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
"injectionPoint" : "string",
"variableDeclaration" : "String sql",
"sourceFile" : "FileSystemRepository.java",
"sourceLine" : 70,
"sourceCode" : "\t\t\tString val = request.getParameter(item);",
"sourceCategory" : "user_input",
"sourceResource" : "web",
"sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"sourceInjectionPoint" : "string",
"frames" : [ {
"index" : 0,
"file" : "FileSystemRepository.java",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"category" : "user_input",
"resource" : "web",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"injectionPoint" : "string",
"variableDeclaration" : "string"
} ],
"datapaths" : [ {
"index" : 1,
"kind" : "sink",
"varname" : "user",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"indirect" : true,
"file" : "FileSystemRepository.java",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"localId" : 1,
"localParentId" : 1
} ]
}
} ],
"lastSuccessfulBaseline" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"lastSuccessfulDelivery" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"quality_model" : "CQM",
"ordered_by" : "github software",
"Risk index" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Quality indicator" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Effort to target" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Main metrics" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"Security" : "{ "Rating": 1, {"3Stars":104.6,"5Stars":255.9,"2Stars":64.89,"4Stars":247.4}"
}
Get Application Defects Still Open since date
GET /applications/defects/stillopen
Description
Get Application defects still open on latest analysis( or atAnalysisCode if provided) sinceDate (or previous sinceAnalysisCode if provided). Can be filtered by onlySecurity or by withRuleTag. Paginated
Parameters
Type | Name | Description | Model | Default |
---|---|---|---|---|
Query |
application |
Application Name |
string |
|
Query |
atAnalysisCode |
Find defects that were already open on this Analysis |
string |
|
Query |
count |
How many defects in each page (defaults to 500) |
integer |
|
Query |
onlyCodeSecurity |
Only Defects on Code Security rules |
enum (true, false) |
|
Query |
page |
Number of results page (defaults to 1) |
integer |
|
Query |
sinceAnalysisCode |
Find defects still open at this analyis |
string |
|
Query |
sinceDate |
Defects open since this date |
string |
|
Query |
withRuleTags |
Only Defects Open from the Rules with the matching tags (split by ',') |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of defects still open |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/applications/defects/stillopen?application=MyApp&atAnalysisCode=A-7e3-16e5b1aad2a&count=500&onlyCodeSecurity=true&page=1&sinceAnalysisCode=A-7e3-16e5b1aad2a&sinceDate=2019-11-01T00%3A00%3A00Z&withRuleTags=hardcoded-path
Example HTTP response
Response 200
{
"sinceAnalysisCode" : "A-7e3-16e5b1aad2a",
"atAnalysisCode" : "A-7e3-16dc9e29131",
"sinceDate" : "2020-03-01T12:00:00Z",
"ruleTags" : "PCI-DSS:6.5.1,cwe99",
"securityOnly" : true,
"totalDefects" : 132,
"count" : 3,
"page" : 1,
"defects" : [ {
"defectId" : 16558118,
"file" : "FileSystemRepository.java",
"line" : 368,
"code" : "\t\t\tout.println(sql);",
"muted" : false,
"vulnerabilityType" : "Injection",
"explanation" : "Reflected XSS: user_input",
"status" : "None",
"cweId" : 79,
"ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
"rule" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"language" : "java",
"characteristic" : "Security",
"priority" : "Very High",
"effort" : "30m",
"modelId" : 6252,
"securityDetail" : {
"cweId" : 79,
"category" : "xss",
"resource" : "web",
"container" : "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
"injectionPoint" : "string",
"variableDeclaration" : "String sql",
"sourceFile" : "FileSystemRepository.java",
"sourceLine" : 70,
"sourceCode" : "\t\t\tString val = request.getParameter(item);",
"sourceCategory" : "user_input",
"sourceResource" : "web",
"sourceContainer" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"sourceInjectionPoint" : "string",
"frames" : [ {
"index" : 0,
"file" : "FileSystemRepository.java",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"category" : "user_input",
"resource" : "web",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"injectionPoint" : "string",
"variableDeclaration" : "string"
} ],
"datapaths" : [ {
"index" : 1,
"kind" : "sink",
"varname" : "user",
"lineNumber" : 32,
"lineText" : "\t\t\tString val = request.getParameter(item);",
"indirect" : true,
"file" : "FileSystemRepository.java",
"container" : "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"localId" : 1,
"localParentId" : 1
} ]
}
} ]
}
Get applications filtered
GET /applications/list
Description
Retrieves applications for the authenticated user filtered.
Parameters
Type | Name | Description | Model | Default |
---|---|---|---|---|
Query |
activityInfo |
controls wether to included creation, baseline and delivery info |
enum (true, false) |
|
Query |
applicationName |
Application name to filter |
string |
|
Query |
asc |
Ascending or descending order |
boolean |
|
Query |
count |
How many applications in each page (defaults to 500) |
integer |
|
Query |
endDateAnalysis |
End date to start search applications that are analyzed before this date |
string |
|
Query |
exactApplicationName |
Indicates if the applicationName must be equals (ignore case). Only apply if applicationName is provided |
boolean |
|
Query |
initDateAnalysis |
Initial date to start search applications that are analyzed after this date |
string |
|
Query |
orderBy |
'Order by' for results |
enum (applicationName, analysisDate) |
|
Query |
page |
Number of results page (defaults to 1) |
integer |
|
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of applications filtered |
< ApplicationResponse > array |
400 |
Bad request |
No Content |
403 |
Access denied |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/applications/list?activityInfo=true&applicationName=myApp&asc=true&count=500&endDateAnalysis=2019-11-01T23%3A59%3A59Z&exactApplicationName=true&initDateAnalysis=2019-11-01T00%3A00%3A00Z&orderBy=applicationName&page=1
Example HTTP response
Response 200
[
{
"name": "android",
"description": "GitHub Android App",
"auditName": "Kiuwan default audit",
"applicationBusinessValue": "CRITICAL",
"applicationProvider": "Lab",
"applicationPortfolios": {
" country ": " spain "
},
"creationDate": "2020-07-22T15:34:53Z",
"lastSuccessfulBaseline": {
"code": "A-7e3-16dc9e29131",
"label": "14.10.2019_1",
"creationDate": "2019-10-14T15:15:15Z",
"qualityModel": "CQM",
"modelId": "string",
"encoding": "UTF-8",
"invoker": "github software",
"status": "RUNNING",
"errorCode": "string",
"unparsedFiles": [
{
"file": "FileSystemSQL.java",
"cause": "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
}
],
"analysisScope": "Baseline",
"changeRequest": "CR_14-10-2019_1",
"changeRequestStatus": "Resolved",
"branchName": "master",
"auditResult": "FAIL",
"analysisBusinessValue": "CRITICAL",
"analysisProvider": "Lab",
"analysisPortfolios": {
" country ": " spain "
},
"metrics": {
" com.optimyth.CQM.defectsByPriority.Priority 1 ": 163,
" com.optimyth.CQM.defectsByPriority.Priority 2 ": 201,
" com.optimyth.CQM.defectsByPriority.Priority 3 ": 159,
" com.optimyth.CQM.defectsByPriority.Priority 4 ": 17,
" com.optimyth.CQM.defectsByPriority.Priority 5 ": 41
}
},
"lastSuccessfulDelivery": {
"code": "A-7e3-16dc9e29131",
"label": "14.10.2019_1",
"creationDate": "2019-10-14T15:15:15Z",
"qualityModel": "CQM",
"modelId": "string",
"encoding": "UTF-8",
"invoker": "github software",
"status": "RUNNING",
"errorCode": "string",
"unparsedFiles": [
{
"file": "FileSystemSQL.java",
"cause": "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
}
],
"analysisScope": "Baseline",
"changeRequest": "CR_14-10-2019_1",
"changeRequestStatus": "Resolved",
"branchName": "master",
"auditResult": "FAIL",
"analysisBusinessValue": "CRITICAL",
"analysisProvider": "Lab",
"analysisPortfolios": {
" country ": " spain "
},
" metrics ": {
" com.optimyth.CQM.defectsByPriority.Priority 1 ": 163,
" com.optimyth.CQM.defectsByPriority.Priority 2 ": 201,
" com.optimyth.CQM.defectsByPriority.Priority 3 ": 159,
" com.optimyth.CQM.defectsByPriority.Priority 4 ": 17,
" com.optimyth.CQM.defectsByPriority.Priority 5 ": 41
}
},
" quality_model ": " CQM "
},
...
...
...
{
"name": "test",
"description": "",
"auditName": "Default audit",
"applicationBusinessValue": "CRITICAL",
"applicationPortfolios": {},
"creationDate": "2021-09-06T11:29:33Z",
"lastSuccessfulBaseline": {
"code": "A-7e5-17bdda7a77d",
"label": "",
"creationDate": "2021-09-13T05:38:33Z"
},
"lastSuccessfulDelivery": {
"code": "A-7e5-17c086231ec",
"label": "",
"creationDate": "2021-09-21T12:42:50Z",
"analysisScope": "Complete delivery",
"changeRequest": "",
"changeRequestStatus": "In progress",
"branchName": ""
},
"quality_model": "CQM"
}
]
Get First date of defect
GET /applications/{application}/defect/{defectId}/firstdate
Description
Retrieves the first date when a defect was detected
Parameters
Type | Name | Description | Model |
---|---|---|---|
Path |
application |
Application Name |
string |
Path |
defectId |
Defect ID |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of date |
string (date-time) |
403 |
Access denied |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/applications/MyApp/defect/17375778/firstdate
Example HTTP response
Response 200
"string"
Get Application mute patterns
GET /applications/{application}/mutepatterns
Description
Get Application mute patterns
Parameters
Type | Name | Description | Model |
---|---|---|---|
Path |
application |
Application Name |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of Mute Patterns |
< MutePatternResponse > array |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/applications/MyApp/mutepatterns
Example HTTP response
Response 200
[ {
"reason": "TOO_MANY_DEFECTS",
"comment": "Created after review meeting",
"customerId": 12334,
"lineText": " throw new NullPointerException();",
"sourceLineText": "string",
"lineNumber": 113,
"lastActionDate": "2021-10-1T15:15:15Z",
"lastActionUserName": "Administrator Site (sysadmin)",
"lastMuteAction": "MUTEACTION_CREATE",
"fileName": "path/to/file.java",
"fileNamePatterns": "extras/*",
"ruleName": "Avoid launching NullPointerExceptions",
"ruleCode": "OPT.JAVA.EXCP.AvoidThrowNullPointerExceptions",
"active": true
},
...
...
...
{
"reason": "NONE",
"comment": "",
"lastActionDate": "2021-09-27T13:24:35Z",
"lastActionUserName": "Administrator Site (sysadmin)",
"lastMuteAction": "MUTEACTION_CREATE",
"fileName": "extras/src/main/java/com/google/gson/graph/GraphAdapterBuilder.java",
"ruleName": "Cyclomatic complexity",
"ruleCode": "OPT.JAVA.CMETRICS.TCC",
"active": true
} ]
Get analysis global metrics
GET /metrics
Description
Obtains the global metrics of indicated analysis.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
code |
Analysis code |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successfully retrieval of global metrics map |
< string, object > map |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/metrics?code=A-7e3-16e5b1aad2a
Example HTTP response
Response 200
"object"
Get suppression rules
GET /qualitymodel/suppressions
Description
Get suppression rules for application given as parameter.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
application |
Application name |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successfully retrieval of suppression rules |
string |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/xml
-
application/json
Example HTTP request
Request path
/qualitymodel/suppressions?application=myApp
Example HTTP response
Response 200
"string"
Architecture
Get list of sources that impact on a component with the specified targetId
POST /arch/impact/searchSources
Description
List of sources that impact on a component with the specified targetId in analysis for a concrete analysis specified by analysisCode parameter or application name specified in applicationName parameter by filters and pagination.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Body |
body |
Analysis impact request for sources |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of sources list |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/arch/impact/searchSources
Request body
{
"applicationName" : "myApp",
"analysisCode" : "A-7e3-16dc9e29131",
"analysisImpactCode" : "0143dde8-3d81-44ac-ab77-fb5132c0f3b0",
"sourceFilter" : {
"contains" : "custom.js",
"notContains" : "testFactory",
"languages" : "java,javascript",
"types" : "program,element,map,class",
"analyzed" : true,
"fileName" : "custom.js",
"tags" : "myTag1,myTag2",
"groupTags" : [ {
"name" : "Servlets",
"value" : "FileServlet"
} ]
},
"sourceIds" : [ 0 ],
"targetId" : 41144504,
"navigationFilter" : {
"relations" : "contains,uses,update",
"direction" : "out",
"depth" : 2
},
"pagination" : {
"page" : 1,
"count" : 500,
"total" : 5654
}
}
Example HTTP response
Response 200
{
"pagination" : {
"page" : 1,
"count" : 500,
"total" : 5654
},
"data" : [ {
"id" : 23,
"dn" : "app=myApp,class=com.myCompany.myApp.file.CSRFServlet",
"name" : "com.myCompany.myApp.CSRFServlet",
"type" : "class",
"language" : "java",
"tags" : "Security,CSRF",
"grouptags" : "{"Servlet": "FileServlet"}",
"artifacts" : "{0}/src/main/java/com/myCompany/myApp/CSRFServlet",
"analyzed" : true,
"loc" : 210.0,
"quality" : 0.0,
"dupCode" : 0.0,
"ccn" : 15.0,
"effort" : 0.0,
"groupedCount" : 1,
"other" : "{ "componentType": "class", "j2eeType": "class", "description": "class java" }"
} ],
"analysisImpactCode" : "0143dde8-3d81-44ac-ab77-fb5132c0f3b0"
}
Get list of impacted components
POST /arch/impact/searchTargets
Description
List impacted components in analysis for a concrete analysis specified by analysisCode parameter or application name specified in applicationName parameter by filters and pagination.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Body |
body |
Analysis impact request |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of impacted components list |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/arch/impact/searchTargets
Request body
{
"applicationName" : "myApp",
"analysisCode" : "A-7e3-16dc9e29131",
"analysisImpactCode" : "0143dde8-3d81-44ac-ab77-fb5132c0f3b0",
"sourceFilter" : {
"contains" : "custom.js",
"notContains" : "testFactory",
"languages" : "java,javascript",
"types" : "program,element,map,class",
"analyzed" : true,
"fileName" : "custom.js",
"tags" : "myTag1,myTag2",
"groupTags" : [ {
"name" : "Servlets",
"value" : "FileServlet"
} ]
},
"targetFilter" : {
"contains" : "custom.js",
"notContains" : "testFactory",
"languages" : "java,javascript",
"types" : "program,element,map,class",
"analyzed" : true,
"fileName" : "custom.js",
"tags" : "myTag1,myTag2",
"groupTags" : [ {
"name" : "Servlets",
"value" : "FileServlet"
} ]
},
"sourceIds" : [ 0 ],
"targetIds" : [ 0 ],
"navigationFilter" : {
"relations" : "contains,uses,update",
"direction" : "out",
"depth" : 2
},
"pagination" : {
"page" : 1,
"count" : 500,
"total" : 5654
}
}
Example HTTP response
Response 200
{
"pagination" : {
"page" : 1,
"count" : 500,
"total" : 5654
},
"data" : [ {
"id" : 23,
"dn" : "app=myApp,class=com.myCompany.myApp.file.CSRFServlet",
"name" : "com.myCompany.myApp.CSRFServlet",
"type" : "class",
"language" : "java",
"tags" : "Security,CSRF",
"grouptags" : "{"Servlet": "FileServlet"}",
"artifacts" : "{0}/src/main/java/com/myCompany/myApp/CSRFServlet",
"analyzed" : true,
"loc" : 210.0,
"quality" : 0.0,
"dupCode" : 0.0,
"ccn" : 15.0,
"effort" : 0.0,
"groupedCount" : 1,
"other" : "{ "componentType": "class", "j2eeType": "class", "description": "class java" }"
} ],
"analysisImpactCode" : "0143dde8-3d81-44ac-ab77-fb5132c0f3b0"
}
Get sub graph of analysis impact
POST /arch/impact/subGraph
Description
Get sub graph of analysis impact in analysis for a concrete analysis specified by analysisCode parameter or application name specified in applicationName parameter by source id and target id.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Body |
body |
Get sub graph of analysis impact |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of analysis inpact sub graph |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/arch/impact/subGraph
Request body
{
"applicationName" : "myApp",
"analysisCode" : "A-7e3-16dc9e29131",
"sourceId" : 5463,
"targetId" : 5467,
"navigationFilter" : {
"relations" : "contains,uses,update",
"direction" : "out",
"depth" : 2
}
}
Example HTTP response
Response 200
{
"components" : [ {
"id" : 23,
"dn" : "app=myApp,class=com.myCompany.myApp.file.CSRFServlet",
"name" : "com.myCompany.myApp.CSRFServlet",
"type" : "class",
"language" : "java",
"tags" : "Security,CSRF",
"grouptags" : "{"Servlet": "FileServlet"}",
"artifacts" : "{0}/src/main/java/com/myCompany/myApp/CSRFServlet",
"analyzed" : true,
"loc" : 210.0,
"quality" : 0.0,
"dupCode" : 0.0,
"ccn" : 15.0,
"effort" : 0.0,
"groupedCount" : 1,
"other" : "{ "componentType": "class", "j2eeType": "class", "description": "class java" }"
} ],
"relations" : [ {
"source" : 5473,
"target" : 5468,
"type" : "uses"
} ]
}
Get list of components by filter and pagination
POST /arch/list
Description
List components in analysis for a concrete analysis specified by analysisCode parameter or application name specified in applicationName parameter by filter and pagination.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Body |
body |
List components request |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of components list |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/arch/list
Request body
{
"applicationName" : "myApp",
"analysisCode" : "A-7e3-16dc9e29131",
"pagination" : {
"page" : 1,
"count" : 500,
"total" : 5654
},
"filter" : {
"contains" : "custom.js",
"notContains" : "testFactory",
"languages" : "java,javascript",
"types" : "program,element,map,class",
"analyzed" : true,
"fileName" : "custom.js",
"tags" : "myTag1,myTag2",
"groupTags" : [ {
"name" : "Servlets",
"value" : "FileServlet"
} ]
}
}
Example HTTP response
Response 200
{
"pagination" : {
"page" : 1,
"count" : 500,
"total" : 5654
},
"data" : [ {
"id" : 23,
"dn" : "app=myApp,class=com.myCompany.myApp.file.CSRFServlet",
"name" : "com.myCompany.myApp.CSRFServlet",
"type" : "class",
"language" : "java",
"tags" : "Security,CSRF",
"grouptags" : "{"Servlet": "FileServlet"}",
"artifacts" : "{0}/src/main/java/com/myCompany/myApp/CSRFServlet",
"analyzed" : true,
"loc" : 210.0,
"quality" : 0.0,
"dupCode" : 0.0,
"ccn" : 15.0,
"effort" : 0.0,
"groupedCount" : 1,
"other" : "{ "componentType": "class", "j2eeType": "class", "description": "class java" }"
} ]
}
Audit
Get audit result
GET /auditResult
Description
Get an audit result with defects count by priority
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
deliveryCode |
Delivery code |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of audit result |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/auditResult?deliveryCode=A-7e3-16e5b1aad2a
Example HTTP response
Response 200
{
"analysisCode" : "A-7e3-16e5b1aad2a",
"passAudit" : false,
"label" : "cr_21.11.2019",
"creationTimestamp" : "2019-11-21T12:51:40Z",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 2": 2,"com.optimyth.CQM.defectsByPriority.Priority 3": 1}"
}
Get the results from insights in delivery analyses
GET /auditResult/components
Description
Obtains a list of Audit result components for an application name specified in application parameter and a concrete delivery analysis specified by deliveryCode parameter.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
application |
Application name |
string |
Query |
deliveryCode |
Delivery |
string |
Query |
licenseRisk |
Comma-separated list of license risks |
enum (Unknown, High, Medium, Low) |
Query |
limit |
Maximum number of components |
string |
Query |
obsolescenceRisk |
Comma-separated list of obsolescence risks |
enum (Unknown, High, Medium, Low) |
Query |
securityRisk |
Comma-separated list of security risks |
enum (Unknown, High, Medium, Low) |
Query |
status |
Component status |
enum (New, Removed, Modified) |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of components |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/auditResult/components?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&licenseRisk=Unknown%2C+Low&limit=10&obsolescenceRisk=Unknown%2C+Low&securityRisk=Unknown%2C+Low&status=New
Example HTTP response
Response 200
{
"data" : [ {
"id" : 178,
"artifact" : "org.springframework:spring-aop",
"version" : "3.2.13.RELEASE",
"filename" : "spring-aop-3.2.13.RELEASE.jar",
"language" : "java",
"obsolescenceRisk" : "medium",
"licenseRisk" : "unknown",
"securityRisk" : "high",
"custom" : true,
"sources" : [ {
"path" : "pom.xml",
"artifact" : "org.springframework:spring-context",
"version" : "3.2.13.RELEASE",
"child" : [ {
"repository" : "MAVEN",
"artifact" : "org.springframework:spring-aop",
"version" : "3.2.13.RELEASE",
"child" : [ {
"repository" : "MAVEN",
"artifact" : "org.springframework:spring-aop",
"version" : "3.2.13.RELEASE",
"child" : [ "..." ]
} ]
} ]
} ],
"vulnerabilities" : [ {
"id" : 108742,
"cve" : "CVE-2018-11039",
"cwe" : "CWE-20",
"description" : "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.",
"severity" : "Low",
"privateVulnerability" : true
} ]
} ]
}
Get audit result defects
GET /auditResult/defects
Description
Get defects of an audit result
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
asc |
Sort ascending: true/false |
enum (true, false) |
Query |
characteristics |
Comma-separated list of characteristics to filter by |
enum (Efficiency, Maintainability, Portability, Reliability, Security) |
Query |
deliveryCode |
Delivery code |
string |
Query |
fileContains |
Use this param to filter defects by file name |
string |
Query |
languages |
Comma-separated list of languages to filter by |
string |
Query |
limit |
Max number of defects returned |
integer (int32) |
Query |
orderBy |
Sorting criteria: priority/effort |
enum (priority, effort) |
Query |
priorities |
Comma-separated list of priorities(Very low, Low, Normal, High, Very high) to filter by |
enum (Very low, Low, Normal, High, Very high) |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of audit result defects |
< DefectDetailResponse > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/auditResult/defects?deliveryCode=A-7e3-16e5b1aad2a&asc=true&characteristics=Security%2C+Efficiency&fileContains=FileSystemRepository.java&languages=java%2C+php&limit=100&orderBy=priority&priorities=Very+high%2C+High
Example HTTP response
Response 200
{
"defectId": 16558118,
"file": "FileSystemRepository.java",
"line": 368,
"code": "\t\t\tout.println(sql);",
"muted": false,
"vulnerabilityType": "Injection",
"explanation": "Reflected XSS: user_input",
"status": "None",
"cweId": 79,
"ruleCode": "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
"rule": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"language": "java",
"characteristic": "Security",
"priority": "Very High",
"effort": "30m",
"modelId": 6252,
"securityDetail": {
"cweId": 79,
"category": "xss",
"resource": "web",
"container": "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
"injectionPoint": "string",
"variableDeclaration": "String sql",
"sourceFile": "FileSystemRepository.java",
"sourceLine": 70,
"sourceCode": "\t\t\tString val = request.getParameter(item);",
"sourceCategory": "user_input",
"sourceResource": "web",
"sourceContainer": "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"sourceInjectionPoint": "string",
"frames": [
{
"index": 0,
"file": "FileSystemRepository.java",
"lineNumber": 32,
"lineText": "\t\t\tString val = request.getParameter(item);",
"category": "user_input",
"resource": "web",
"container": "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"injectionPoint": "string",
"variableDeclaration": "string"
}
],
"datapaths": [
{
"index": 1,
"kind": "sink",
"varname": "user",
"lineNumber": 32,
"lineText": "\t\t\tString val = request.getParameter(item);",
"indirect": true,
"file": "FileSystemRepository.java",
"container": "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"localId": 1,
"localParentId": 1
}
]
}
}
,
...
...
...
{
"defectId": 16558118,
"file": "FileSystemRepository.java",
"line": 368,
"code": "\t\t\tout.println(sql);",
"muted": false,
"vulnerabilityType": "Injection",
"explanation": "Reflected XSS: user_input",
"status": "None",
"cweId": 79,
"ruleCode": "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
"rule": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"language": "java",
"characteristic": "Security",
"priority": "Very High",
"effort": "30m",
"modelId": 6252,
"securityDetail": {
"cweId": 79,
"category": "xss",
"resource": "web",
"container": "executeQuery(java.lang.String,javax.servlet.ServletContext,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
"injectionPoint": "string",
"variableDeclaration": "String sql",
"sourceFile": "FileSystemRepository.java",
"sourceLine": 70,
"sourceCode": "\t\t\tString val = request.getParameter(item);",
"sourceCategory": "user_input",
"sourceResource": "web",
"sourceContainer": "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"sourceInjectionPoint": "string",
"frames": [
{
"index": 0,
"file": "FileSystemRepository.java",
"lineNumber": 32,
"lineText": "\t\t\tString val = request.getParameter(item);",
"category": "user_input",
"resource": "web",
"container": "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"injectionPoint": "string",
"variableDeclaration": "string"
}
],
"datapaths": [
{
"index": 1,
"kind": "sink",
"varname": "user",
"lineNumber": 32,
"lineText": "\t\t\tString val = request.getParameter(item);",
"indirect": true,
"file": "FileSystemRepository.java",
"container": "java.util.Map sanitizeNull(java.util.List,javax.servlet.http.HttpServletRequest)",
"localId": 1,
"localParentId": 1
}
]
}
} ]
Get list of files
GET /audits/checkpoints/violatedrules/files
Description
List files with a violated rule of an audit
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
application |
Application name |
string |
Query |
checkpoint |
Checkpoint id |
string |
Query |
deliveryCode |
Delivery code |
string |
Query |
ruleCode |
Rule code |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of files list |
< FileWithDefectsResponse > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/audits/checkpoints/violatedrules/files?application=myApp&checkpoint=3452&deliveryCode=A-7e3-16e5b1aad2a&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule
Example HTTP response
Response 200
[
{
"file": "src/main/java/com/myCompany/myApp/CSRFServlet.java",
"defectsCount": 1,
"defects": {
"href": "https://api.kiuwan.com/audits/checkpoints/violatedrules/files/defects?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&checkpoint=3452&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java"
}
},
...
...
...
{
"file": "src/main/java/com/myCompany/myApp/CSRFServlet.java",
"defectsCount": 1,
"defects": {
"href": "https://api.kiuwan.com/audits/checkpoints/violatedrules/files/defects?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&checkpoint=3452&ruleCode=OPT.JAVA.EXCP.AvoidThrowNullPointerExceptions&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java"
}
}
]
Get list of defects of file
GET /audits/checkpoints/violatedrules/files/defects
Description
List defects in a file
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
application |
Application name |
string |
Query |
checkpoint |
Checkpoint id |
string |
Query |
deliveryCode |
Delivery code |
string |
Query |
file |
File name |
string |
Query |
ruleCode |
Rule code |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of defects line list |
< DefectLineResponse > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/audits/checkpoints/violatedrules/files/defects?application=myApp&checkpoint=3452&deliveryCode=A-7e3-16e5b1aad2a&file=FileSystemRepository.java&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule
Example HTTP response
Response 200
[
{
"code": " StringReader reader = new StringReader(json);",
"line": 64,
"muted": false
},
...,
{
"code": " JsonReader jr = new JsonReader(reader);",
"line": 65,
"muted": false
}
]
Get PDF report of insight
GET /audits/result/componentsPDF
Description
Obtains an audits result report for an application name specified in application parameter and a concrete analysis specified by deliveryCode parameter.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
application |
Application name |
string |
Query |
deliveryCode |
Delivery code |
string |
Query |
licenseRisk |
Comma-separated list of license risks |
enum (Unknown, High, Medium, Low) |
Query |
limit |
Maximum number of components |
string |
Query |
obsolescenceRisk |
Comma-separated list of obsolescence risks |
enum (Unknown, High, Medium, Low) |
Query |
securityRisk |
Comma-separated list of security risks |
enum (Unknown, High, Medium, Low) |
Query |
status |
Component status |
enum (New, Removed, Modified) |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of of report |
file |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/pdf
-
application/json
Example HTTP request
Request path
/audits/result/componentsPDF?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&licenseRisk=Unknown%2C+Low&limit=10&obsolescenceRisk=Unknown%2C+Low&securityRisk=Unknown%2C+Low&status=New
Get audit result PDF report
GET /audits/result/export
Description
Obtains an audit report of the specified delivery in PDF format. It is necessary an analysis code or an application name and change request
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
application |
Application name |
string |
Query |
changeRequest |
Change request |
string |
Query |
code |
Analysis code |
string |
Query |
deliveryLabel |
Delivery label |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of an audit result report |
file |
400 |
Invalid parameter |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/pdf
-
application/json
Example HTTP request
Request path
/audits/result/export?application=myApp&changeRequest=CR_11.01.2020&code=A-7e3-16e5b1aad2a&deliveryLabel=delivery_11.01.2020
Defect
Create mutes for a rule/file
POST /applications/defects/mute
Description
Create mute patterns for this ruleCode or file
Allowed Combinations of parameters:-
-
Only rule parameter can be used to create mute pattern for a specific rule,
-
Only fileName parameter can be passed to create mute pattern for a specific file, regardless of rule
-
rule parameter can be combined with filePattern parameter to create mute pattern for a certain rule belonging to a set of filePatterns
-
rule parameter can be combined with fileName parameter to create mute pattern for a certain rule belonging to a specific file
Invalid cases of parameters:-
-
Either rule or file pattern parameters must have a valid value otherwise it will throw an error
-
Only one of fileName or filePattern parameter should be passed otherwise it will throw an error
-
Passing only filePattern parameter will throw an error
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
application |
Application Name |
string |
Query |
comment |
Mute comment |
string |
Query |
fileName |
File name to mute |
string |
Query |
filePattern |
Comma-separated file patterns to mute |
string |
Query |
rule |
Rule Code |
string |
Query |
why |
Mute reason |
enum (NONE, FALSE_POSITIVE, TOO_MANY_DEFECTS, GENERATED_CODE, TOO_COMPLEX_CODE, OTHER) |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successfully created a suppression rule |
integer (int32) |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/applications/defects/mute?application=test&comment=Muted+this+rule%2Ffile+because+it+is+generated+code&fileName=Library%2Fsrc%2FLibrary.java&filePattern=%2FViewIssuedBooks.java%2C%2FLibrary.java&rule=OPT.JAVA.FMETODOS.NCE&why=GENERATED_CODE
Example HTTP response
Response 200
0
Create suppresion rule for a defect
POST /defect/{defectId}/mute
Description
Create a suppression rule for this defect.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Path |
defectId |
Defect identifier |
integer (int64) |
Query |
comment |
Mute comment |
string |
Query |
muteBy |
Mute By |
enum (LINE_NUMBER(default), SOURCE_CODE) |
Query |
why |
Mute reason |
enum (NONE, FALSE_POSITIVE, TOO_MANY_DEFECTS, GENERATED_CODE, TOO_COMPLEX_CODE, OTHER) |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successfully created a suppression rule |
integer (int32) |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/defect/17375778/mute?comment=Muted+this+defect+because+it+is+generated+code&muteBy=LINE_NUMBER&why=GENERATED_CODE
Example HTTP response
Response 200
0
Get defect notes
GET /defect/{defectId}/notes
Description
Obtains the list of notes associated to this defect.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Path |
defectId |
Defect identifier |
integer (int64) |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of a defect notes list |
< DefectNoteResponse > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/defect/17375778/notes
Example HTTP response
Response 200
[ { "date" : "2019/05/02 14:26", "user" : "John Smith", "text" : "To review by security experts" },
...
...
...
{ "date" : "2019/05/12 14:26", "user" : "John Smith", "text" : "To review by security experts" } ]
Update the status of a defect
POST /defect/{defectId}/status
Description
Update status of this defect and add a note, possible status are (NONE, TO_REVIEW, REVIEWED)
Parameters
Type | Name | Description | Model |
---|---|---|---|
Path |
defectId |
Defect identifier |
integer (int64) |
Query |
note |
Note detail |
string |
Query |
status |
Defect status |
enum (NONE, TO_REVIEW, REVIEWED) |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successfully updated defect status |
No Content |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/defect/17375778/status?status=TO_REVIEW¬e=To+review+by+security+experts
Get violated rules of an analysis
GET /violatedrules
Description
Obtains the list of violated rules of an analysis for the authenticated user.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
analysisCode |
Analysis code |
string |
Query |
application |
Application name |
string |
Query |
characteristic |
CQM characteristic |
enum (Efficiency, Maintainability, Portability, Reliability, Security) |
Query |
language |
CQM technology |
string |
Query |
onlyCodeSecurity |
Only Code Security rules |
enum (true, false) |
Query |
priority |
Rule priority |
enum (Very low, Low, Normal, High, Very high) |
Query |
tag |
Rule tag |
string |
Query |
vulnerabilityType |
Vulnerability type |
enum ('Permissions, privileges and access controls', 'Injection', 'Error handling and fault isolation', 'Other', 'Encryption and randomness', 'Misconfiguration', 'Design error', 'Initialization and shutdown', 'Control flow management', 'File handling', 'Number handling', 'System element isolation', 'Buffer handling', 'Information leaks', 'Pointer and reference handling') |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of violated rules list |
< ViolatedRuleResponse > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/violatedrules?application=myApp&analysisCode=A-7e3-16e5b1aad2a&characteristic=Security&language=java&onlyCodeSecurity=true&priority=Very+high&tag=hardcoded-path&vulnerabilityType=Injection
Example HTTP response
Response 200
[
{
"ruleCode": "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
"modelId": 6252,
"defectsCount": 72,
"suppressedDefectsCount": 0,
"filesCount": 11,
"effort": "36h 00",
"characteristic": "Security",
"vulnerabilityType": "Injection",
"tags": "[CERT-J:IDS51-J,CWE:79,CWEScope:Access-Control,CWEScope:Availability,CWEScope:Confidentiality,CWEScope:Integrity,essential,OWASP:2013:A3,OWASP:2017:A7,OWASP-M:2014:M7,PCI-DSS:6.5.7,SANS25:2010:1,SANS25:2011:4,WASC:08]",
"priority": "Very High",
"language": "Java",
"files": {
"href": "https://api.kiuwan.com/audits/checkpoints/violatedrules/files/defects?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&checkpoint=3452&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java"
}
},
...
...
...
{
"ruleCode": "OPT.JAVA.DECLARA.IMPT",
"modelId": 1,
"defectsCount": 21,
"suppressedDefectsCount": 0,
"filesCount": 21,
"effort": "1h 03",
"characteristic": "Maintainability",
"tags": [],
"priority": "Normal",
"language": "Java",
"files": {
"href": "https://api.kiuwan.com/audits/checkpoints/violatedrules/files/defects?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&checkpoint=3452&ruleCode=OPT.JAVA.DECLARA.IMPT"
}
}
]
Get files of a violated rule
GET /violatedrules/files
Description
Obtains the list of files where the violated rule affects.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
analysisCode |
Analysis code |
string |
Query |
application |
Application name |
string |
Query |
ruleCode |
Rule code |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of files with defects |
< FileWithDefectsResponse > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/violatedrules/files?analysisCode=A-7e3-16e5b1aad2a&application=myApp&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule
Example HTTP response
Response 200
[
{
"file": "src/main/java/com/myCompany/myApp/CSRFServlet.java",
"defectsCount": 1,
"defects": {
"href": "https://api.kiuwan.com/audits/checkpoints/violatedrules/files/defects?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&checkpoint=3452&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java"
}
},
...
...
...
{
"file": "src/main/java/com/myCompany/myApp/CSRFServlet.java",
"defectsCount": 1,
"defects": {
"href": "https://api.kiuwan.com/audits/checkpoints/violatedrules/files/defects?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&checkpoint=3452&ruleCode=OPT.JAVA.EXCP.AvoidThrowNullPointerExceptions&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java"
}
}
]
Get defects of file
GET /violatedrules/files/defects
Description
Obtains the list of defects in a file for a concrete violated rule.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
analysisCode |
Analysis code |
string |
Query |
application |
Application name |
string |
Query |
file |
File name including path |
string |
Query |
ruleCode |
Rule code |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of defect lines |
< DefectLineResponse > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/violatedrules/files/defects?analysisCode=A-7e3-16e5b1aad2a&application=myApp&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule
Example HTTP response
Response 200
[
{
"code": " StringReader reader = new StringReader(json);",
"line": 64,
"muted": false
},
...,
{
"code": " JsonReader jr = new JsonReader(reader);",
"line": 65,
"muted": false
}
]
Delivery
Get deliveries of an application
GET /applications/deliveries
Description
Obtains the deliveries indicating the name of the application.
Parameters
Type | Name | Description | Model | Default |
---|---|---|---|---|
Query |
application |
Application name |
string |
|
Query |
auditSuccess |
Set to true or false to retrieve only succeeded or failed audit delivery, respectively |
enum (true, false) |
|
Query |
changeRequestFilter |
To filter deliveries by changeRequest |
string |
|
Query |
count |
Limit results |
integer |
|
Query |
filterPurgedAnalyses |
Set to true to not retrieve purged analyses |
enum (true, false) |
|
Query |
maxdays |
Max number of days old of deliveries returned |
integer (int32) |
|
Query |
page |
Number of results page (defaults to 1) |
integer |
|
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of deliveries list |
< AnalysisResponse > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/applications/deliveries?application=myApp&auditSuccess=true&changeRequestFilter=CR_21.11.1019&count=500&filterPurgedAnalyses=true&maxdays=30&page=1
Example HTTP response
Response 200
[ {
"code": "A-7e3-16dc9e29131",
"label": "14.10.2019_1",
"creationDate": "2019-10-14T15:15:15Z",
"qualityModel": "CQM",
"modelId": "string",
"encoding": "UTF-8",
"invoker": "github software",
"status": "RUNNING",
"errorCode": "string",
"unparsedFiles": [
{
"file": "FileSystemSQL.java",
"cause": "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
}
],
"analysisScope": "Baseline",
"changeRequest": "CR_14-10-2019_1",
"changeRequestStatus": "Resolved",
"branchName": "master",
"auditResult": "FAIL",
"analysisBusinessValue": "CRITICAL",
"analysisProvider": "Lab",
"analysisPortfolios": {
"country": "spain"
},
"metrics": {
"com.optimyth.CQM.defectsByPriority.Priority 1": 163,
"com.optimyth.CQM.defectsByPriority.Priority 2": 201,
"com.optimyth.CQM.defectsByPriority.Priority 3": 159,
"com.optimyth.CQM.defectsByPriority.Priority 4": 17,
"com.optimyth.CQM.defectsByPriority.Priority 5": 41
}
},
...
...
...
{
"code": "A-7e3-16dc9e29131",
"label": "14.10.2019_1",
"creationDate": "2019-10-14T15:15:15Z",
"qualityModel": "CQM",
"modelId": "string",
"encoding": "UTF-8",
"invoker": "github software",
"status": "RUNNING",
"errorCode": "string",
"unparsedFiles": [
{
"file": "FileSystemSQL.java",
"cause": "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
}
],
"analysisScope": "Baseline",
"changeRequest": "CR_14-10-2019_1",
"changeRequestStatus": "Resolved",
"branchName": "master",
"auditResult": "FAIL",
"analysisBusinessValue": "CRITICAL",
"analysisProvider": "Lab",
"analysisPortfolios": {
"country": "spain"
},
"metrics": {
"com.optimyth.CQM.defectsByPriority.Priority 1": 163,
"com.optimyth.CQM.defectsByPriority.Priority 2": 201,
"com.optimyth.CQM.defectsByPriority.Priority 3": 159,
"com.optimyth.CQM.defectsByPriority.Priority 4": 17,
"com.optimyth.CQM.defectsByPriority.Priority 5": 41
}
} ]
Get information of the last successful delivery
GET /deliveries/last_analysis
Description
Obtains the information of the last successful delivery.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
application |
Application name |
string |
Query |
branch |
To filter deliveries by branch name |
string |
Query |
changeRequest |
To filter deliveries by changeRequest |
string |
Query |
label |
To filter deliveries by audit label |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of delivery information |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/deliveries/last_analysis?application=myApp&branch=origin%2Fdevelop&changeRequest=CR_21.11.1019&label=audit+pre+merge
Example HTTP response
Response 200
{
"name" : "android",
"description" : "GitHub Android App",
"auditName" : "Kiuwan default audit",
"applicationBusinessValue" : "CRITICAL",
"applicationProvider" : "Lab",
"applicationPortfolios" : "{ "country": "spain" }",
"creationDate" : "2020-07-22T15:34:53Z",
"label" : "14.10.2019_1",
"date" : "2019-10-14T15:15:15Z",
"modelId" : 6252,
"encoding" : "UTF-8",
"analysisCode" : "A-ZBA-234820349",
"analysisURL" : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349",
"auditResultURL" : "string",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"analysisStatus" : "FINISHED",
"languages" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"architecture" : {
"languages" : [ {
"value" : "java",
"count" : 22
} ],
"types" : [ {
"value" : "java",
"count" : 22
} ],
"relations" : [ {
"value" : "java",
"count" : 22
} ],
"tags" : "tag1",
"groupTags" : "group1"
},
"insightsData" : {
"components" : 29,
"vulnerabilities" : 15,
"licenses" : 8,
"duplicates" : 8,
"risks" : [ {
"name" : "string",
"risk" : {
"string" : 0
}
} ]
},
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Complete delivery",
"changeRequest" : "CR_13.01.2020",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"baselineAnalysisCode" : "A-7e3-16dc9e29131",
"deliveryFiles" : {
"count" : 132
},
"deliveryDefects" : {
"newDefects" : 3,
"removedDefects" : 0,
"defects" : 582
},
"auditResult" : {
"auditName" : "Kiuwan default audit",
"description" : "Default audit provided by Kiuwan. Checks if there are new defects. The audit will not pass if there are any.",
"approvalThreshold" : 50.0,
"overallResult" : "FAIL",
"score" : 0.0,
"checkpointResults" : [ {
"checkpoint" : "1",
"result" : "FAIL",
"name" : "No new defects",
"description" : "If a new defect is detected, the checkpoint will not pass.",
"weight" : 1,
"mandatory" : true,
"type" : "Threshold for maximum new defects",
"score" : 0.0,
"violatedRules" : [ {
"ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
"modelId" : 6252,
"defectsCount" : 72,
"suppressedDefectsCount" : 0,
"filesCount" : 11,
"effort" : "36h 00",
"characteristic" : "Security",
"vulnerabilityType" : "Injection",
"tags" : "[CERT-J:IDS51-J,CWE:79,CWEScope:Access-Control,CWEScope:Availability,CWEScope:Confidentiality,CWEScope:Integrity,essential,OWASP:2013:A3,OWASP:2017:A7,OWASP-M:2014:M7,PCI-DSS:6.5.7,SANS25:2010:1,SANS25:2011:4,WASC:08]",
"priority" : "Very High",
"language" : "Java",
"files" : {
"href" : "https://api.kiuwan.com/audits/checkpoints/violatedrules/files/defects?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&checkpoint=3452&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java"
}
} ]
} ]
},
"lastSuccessfulBaseline" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"lastSuccessfulDelivery" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"quality_model" : "CQM",
"ordered_by" : "github software",
"Risk index" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Quality indicator" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Effort to target" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Main metrics" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"Security" : "{ "Rating": 1, {"3Stars":104.6,"5Stars":255.9,"2Stars":64.89,"4Stars":247.4}"
}
Get information of a delivery by code
GET /deliveries/{code}
Description
Obtains the information of delivery indicating the code of the delivery.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Path |
code |
Delivery code |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of delivery information |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/deliveries/A-7e3-16e5b1aad2a
Example HTTP response
Response 200
{
"name" : "android",
"description" : "GitHub Android App",
"auditName" : "Kiuwan default audit",
"applicationBusinessValue" : "CRITICAL",
"applicationProvider" : "Lab",
"applicationPortfolios" : "{ "country": "spain" }",
"creationDate" : "2020-07-22T15:34:53Z",
"label" : "14.10.2019_1",
"date" : "2019-10-14T15:15:15Z",
"modelId" : 6252,
"encoding" : "UTF-8",
"analysisCode" : "A-ZBA-234820349",
"analysisURL" : "https://www.kiuwan.com/saas/web/dashboard/dashboard#$pe=application$sei=2401$mi=dashboard$ac=A-ZBA-234820349",
"auditResultURL" : "string",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"analysisStatus" : "FINISHED",
"languages" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"architecture" : {
"languages" : [ {
"value" : "java",
"count" : 22
} ],
"types" : [ {
"value" : "java",
"count" : 22
} ],
"relations" : [ {
"value" : "java",
"count" : 22
} ],
"tags" : "tag1",
"groupTags" : "group1"
},
"insightsData" : {
"components" : 29,
"vulnerabilities" : 15,
"licenses" : 8,
"duplicates" : 8,
"risks" : [ {
"name" : "string",
"risk" : {
"string" : 0
}
} ]
},
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Complete delivery",
"changeRequest" : "CR_13.01.2020",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"baselineAnalysisCode" : "A-7e3-16dc9e29131",
"deliveryFiles" : {
"count" : 132
},
"deliveryDefects" : {
"newDefects" : 3,
"removedDefects" : 0,
"defects" : 582
},
"auditResult" : {
"auditName" : "Kiuwan default audit",
"description" : "Default audit provided by Kiuwan. Checks if there are new defects. The audit will not pass if there are any.",
"approvalThreshold" : 50.0,
"overallResult" : "FAIL",
"score" : 0.0,
"checkpointResults" : [ {
"checkpoint" : "1",
"result" : "FAIL",
"name" : "No new defects",
"description" : "If a new defect is detected, the checkpoint will not pass.",
"weight" : 1,
"mandatory" : true,
"type" : "Threshold for maximum new defects",
"score" : 0.0,
"violatedRules" : [ {
"ruleCode" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
"modelId" : 6252,
"defectsCount" : 72,
"suppressedDefectsCount" : 0,
"filesCount" : 11,
"effort" : "36h 00",
"characteristic" : "Security",
"vulnerabilityType" : "Injection",
"tags" : "[CERT-J:IDS51-J,CWE:79,CWEScope:Access-Control,CWEScope:Availability,CWEScope:Confidentiality,CWEScope:Integrity,essential,OWASP:2013:A3,OWASP:2017:A7,OWASP-M:2014:M7,PCI-DSS:6.5.7,SANS25:2010:1,SANS25:2011:4,WASC:08]",
"priority" : "Very High",
"language" : "Java",
"files" : {
"href" : "https://api.kiuwan.com/audits/checkpoints/violatedrules/files/defects?application=myApp&deliveryCode=A-7e3-16e5b1aad2a&checkpoint=3452&ruleCode=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule&file=src%2Fmain%2Fjava%2Fcom%2FmyCompany%2FmyApp%2FCSRFServlet.java"
}
} ]
} ]
},
"lastSuccessfulBaseline" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"lastSuccessfulDelivery" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"quality_model" : "CQM",
"ordered_by" : "github software",
"Risk index" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Quality indicator" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Effort to target" : {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
},
"Main metrics" : [ {
"name" : "metric name",
"value" : 50.0,
"size" : 4013,
"minRange" : 1.0,
"maxRange" : 1.0,
"index" : 0,
"color" : "red"
} ],
"Security" : "{ "Rating": 1, {"3Stars":104.6,"5Stars":255.9,"2Stars":64.89,"4Stars":247.4}"
}
Documentation
Get rule’s documentation
GET /doc/rule
Description
Obtains the documentation of a rule.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
application |
Application name |
string |
Query |
code |
Rule code |
string |
Query |
modelId |
Model id |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of rule documentation |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/doc/rule?application=myApp&code=OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule&modelId=4525
Example HTTP response
Response 200
{
"description" : "Software places user-controlled input in page content. An attacker could inject browser script code that is executed\nin the client browser. The end-user is the attacked subject, and the software is the vehicle for the attack.\nThere are two main kinds of XSS:\n\n* Reflected XSS: Attacker causes victim to supply malicious content to a vulnerable web application, which\n renders HTML content embedding a malicious script executed in victim's browser. A variation of this is named\n DOM-based XSS, where the vulnerable software does not generate content depending on user input but include\n script code that use user-controlled input.\n\n* Persisted XSS: Attacker provides malicious content to vulnerable application. When other user access to\n vulnerable pages that embed without proper neutralization the attacker content, script code is executed in the\n victim's browser.\n\nThe script executed in the victim's browser could perform malicious activities.\n\nMany browsers could limit the damage via security restrictions (e.g. 'same origin policy'), but user browsers\ngenerally allow scripting languages (e.g. JavaScript) in their browsers (disabling JavaScript severely limits\na web site).",
"name" : "Do not use variables as parameters for messages",
"code" : "OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule",
"references" : "http://cwe.mitre.org/data/definitions/79.html,https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet,https://www.google.es/about/appsecurity/learning/xss/,https://www.securecoding.cert.org/confluence/display/java/IDS51-J.+Properly+encode+or+escape+output",
"benefits" : "string",
"drawbacks" : "string",
"violationCode" : "import javax.servlet.http.HttpServletRequest;\nimport javax.servlet.http.HttpServletResponse;\nimport java.io.IOException;\nimport java.io.PrintWriter;\n\npublic class CrossSiteScriptingCode {\n public void directXSS(HttpServletRequest req, HttpServletResponse res) throws IOException {\n PrintWriter w = res.getWriter();\n w.println( req.getParameter(\\\"input\\\") ); // VIOLATION\n }\n}",
"fixedCode" : "import javax.servlet.http.HttpServletRequest;\nimport javax.servlet.http.HttpServletResponse;\nimport java.io.IOException;\nimport java.io.PrintWriter;\nimport org.owasp.html.*;\n\npublic class CrossSiteScriptingCode {\n public void directXSS(HttpServletRequest req, HttpServletResponse res) throws IOException {\n PrintWriter w = res.getWriter();\n // OWASP Java HTML Sanitizer (upgrade to r88 or later)\n // Use your own security library if needed\n PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);\n String safeHTML = policy.sanitize( req.getParameter(\\\"input\\\") );\n w.println(safeHTML); // OK\n }\n}",
"tags" : "["CWEScope:Access-Control","CWEScope:Availability","CWEScope:Confidentiality","CWEScope:Integrity","essential"]",
"normatives" : "["CERT-J:IDS51-J","CWE:79","OWASP:2013:A3","OWASP:2017:A7","OWASP-M:2014:M7","PCI-DSS:6.5.7","SANS25:2010:1","SANS25:2011:4","WASC:08"]"
}
GlobalStats
Get the user information
GET /stats
Description
Obtains the user’s global information about locs, files and analysis alongwith the current timestamp in UTC format as JSON if user has access to all customer applications. Access Denied otherwise.
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of global information |
< GlobalCounterResponse > array |
403 |
Access denied |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/stats
Example HTTP response
Response 200
[
{
"name": "locs",
"value": 545444.0
},
{
"name": "files",
"value": 255.0
},
{
"name": "analysis",
"value": 3806.0
},
{
"name": "24hlocs",
"value": 45000.0
},
{
"name": "as of",
"value": "2021-10-18T07:39:01Z"
}
]
Information
Get user info
GET /info
Description
Obtains the user’s information
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of user’s information |
|
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/info
Example HTTP response
Response 200
{
"username" : "John Smith",
"organization" : "MyCompany",
"engineVersion" : "master.p571.q11669.a1875.i539",
"engineFrozen" : true
}
Insights
Get list of applications
GET /insights/analysis/applications
Description
Lists applications that use a particular compoment. it can be filtered by group, artifact, technology and version.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
artifact |
Artifact name |
string |
Query |
group |
Group name |
string |
Query |
language |
Language |
string |
Query |
version |
Version |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of applications list |
< ApplicationsComponentsResponse > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/insights/analysis/applications?artifact=spring-core&group=org.springframework&language=java&version=1.0.0
Example HTTP response
Response 200
[ {
"application" : {
"name" : "android",
"description" : "GitHub Android App",
"auditName" : "Kiuwan default audit",
"applicationBusinessValue" : "CRITICAL",
"applicationProvider" : "Lab",
"applicationPortfolios" : "{ "country": "spain" }",
"creationDate" : "2020-07-22T15:34:53Z",
"lastSuccessfulBaseline" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"lastSuccessfulDelivery" : {
"code" : "A-7e3-16dc9e29131",
"label" : "14.10.2019_1",
"creationDate" : "2019-10-14T15:15:15Z",
"qualityModel" : "CQM",
"modelId" : "string",
"encoding" : "UTF-8",
"invoker" : "github software",
"status" : "RUNNING",
"errorCode" : "string",
"unparsedFiles" : [ {
"file" : "FileSystemSQL.java",
"cause" : "com.als.core.parser.ParseException: Cannot parse FileSystemSQL.java, due to: com.als.parsers.plsql.ParseException: Parse error at line 18, column 1. Encountered: ALTER"
} ],
"analysisScope" : "Baseline",
"changeRequest" : "CR_14-10-2019_1",
"changeRequestStatus" : "Resolved",
"branchName" : "master",
"auditResult" : "FAIL",
"analysisBusinessValue" : "CRITICAL",
"analysisProvider" : "Lab",
"analysisPortfolios" : "{ "country": "spain" }",
"metrics" : "{"com.optimyth.CQM.defectsByPriority.Priority 1": 163,"com.optimyth.CQM.defectsByPriority.Priority 2": 201,"com.optimyth.CQM.defectsByPriority.Priority 3": 159,"com.optimyth.CQM.defectsByPriority.Priority 4": 17,"com.optimyth.CQM.defectsByPriority.Priority 5": 41}"
},
"quality_model" : "CQM"
},
"component" : {
"id" : 357,
"artifact" : "org.springframework:spring-core",
"version" : "3.2.13.RELEASE",
"description" : "Spring Core",
"custom" : true
}
} ]
Get list of components
GET /insights/analysis/components
Description
List components in analysis for an application name specified in application parameter and a concrete analysis specified by analysisCode parameter.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
analysisCode |
Analysis code |
string |
Query |
application |
Application name |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of insight components list |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/insights/analysis/components?analysisCode=A-7e3-16e5b1aad2a&application=myApp
Example HTTP response
Response 200
{
"data" : [ {
"id" : 178,
"artifact" : "org.springframework:spring-aop",
"version" : "3.2.13.RELEASE",
"filename" : "spring-aop-3.2.13.RELEASE.jar",
"language" : "java",
"obsolescenceRisk" : "medium",
"licenseRisk" : "unknown",
"securityRisk" : "high",
"custom" : true,
"sources" : [ {
"path" : "pom.xml",
"artifact" : "org.springframework:spring-context",
"version" : "3.2.13.RELEASE",
"child" : [ {
"repository" : "MAVEN",
"artifact" : "org.springframework:spring-aop",
"version" : "3.2.13.RELEASE",
"child" : [ {
"repository" : "MAVEN",
"artifact" : "org.springframework:spring-aop",
"version" : "3.2.13.RELEASE",
"child" : [ "..." ]
} ]
} ]
} ],
"vulnerabilities" : [ {
"id" : 108742,
"cve" : "CVE-2018-11039",
"cwe" : "CWE-20",
"description" : "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.",
"severity" : "Low",
"privateVulnerability" : true
} ]
} ]
}
Get list of licenses
GET /insights/analysis/licenses
Description
List licenses in analysis for an application name specified in application parameter and a concrete analysis specified by analysisCode parameter.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
analysisCode |
Analysis code |
string |
Query |
application |
Application name |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of insight licenses detail list |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/insights/analysis/licenses?analysisCode=A-7e3-16e5b1aad2a&application=myApp
Example HTTP response
Response 200
{
"data" : [ {
"id" : 23,
"license" : "Apache License 2.0",
"component" : "8",
"spdxCode" : "Apache-2.0",
"type" : "Permissive",
"url" : "https://spdx.org/licenses/Apache-2.0.html",
"risk" : "none",
"permissions" : "[\"COMMERCIAL\",\"MODIFY\",\"DISTRIBUTE\",\"SUBLICENSE\",\"PRIVATE\",\"USE_PATENT_CLAIMS\",\"PLACE_WARRANTY\"]",
"limitations" : "[\"HOLD_LIABLE\",\"USE_TRADEMARK\"]",
"conditions" : "[\"INCL_COPYRIGHT\",\"INCL_LICENSE\",\"STATE_CHANGES\",\"INCLUDE_NOTICE\"]",
"components" : [ {
"id" : 357,
"artifact" : "org.springframework:spring-core",
"version" : "3.2.13.RELEASE",
"description" : "Spring Core",
"custom" : true
} ]
} ]
}
Get list of obsolescences
GET /insights/analysis/obsolescence
Description
List obsolescences in analysis for an application name specified in application parameter and a concrete analysis specified by analysisCode parameter.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
analysisCode |
Analysis code |
string |
Query |
application |
Application name |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of insight obsolescence detail list |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/insights/analysis/obsolescence?analysisCode=A-7e3-16e5b1aad2a&application=myApp
Example HTTP response
Response 200
{
"data" : [ {
"component" : "commons-logging:commons-logging",
"language" : "java",
"usedVersion" : "1.1.3",
"dateUsed" : "2013/05/16",
"lastVersion" : "1.2",
"dateLast" : "2014/07/05",
"release" : "1",
"outOfDate" : "1y 50d",
"timeInactivity" : "5y 194d",
"obsolescenceRisk" : "3.33",
"risk" : "Medium",
"description" : "Commons Logging is a thin adapter allowing configurable bridging to other,\n well known logging systems.",
"custom" : true
} ]
}
Get insight security detail list
GET /insights/analysis/security
Description
List security in analysis for an application name specified in application parameter and a concrete analysis specified by analysisCode parameter.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
analysisCode |
Analysis code |
string |
Query |
application |
Application name |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of insight security detail list |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/insights/analysis/security?analysisCode=A-7e3-16e5b1aad2a&application=myApp
Example HTTP response
Response 200
{
"data" : [ {
"id" : 86896,
"cve" : "CVE-2016-5007",
"cwe" : "CWE-264",
"muted" : true,
"lastModified" : "2017/05/25 19:29",
"exploitabilitySubscore" : "10",
"impactSubscore" : "2.9",
"getcVSSv2BaseScore" : "5",
"getcVSSv3BaseScore" : "5",
"securityRisk" : "MEDIUM",
"description" : "Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.",
"privateVulnerability" : true,
"components" : [ {
"id" : 357,
"artifact" : "org.springframework:spring-core",
"version" : "3.2.13.RELEASE",
"description" : "Spring Core",
"custom" : true
} ]
} ]
}
Get PDF report of insight
GET /insights/analysis/summary/export
Description
Obtains an insight report for an application name specified in application parameter and a concrete analysis specified by analysisCode parameter.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
analysisCode |
Analysis code |
string |
Query |
application |
Application name |
string |
Query |
licenseRisk |
Comma-separated list of license risks |
enum (Unknown, High, Medium, Low) |
Query |
limit |
Maximum number of components |
string |
Query |
obsolescenceRisk |
Comma-separated list of obsolescence risks |
enum (Unknown, High, Medium, Low) |
Query |
securityRisk |
Comma-separated list of security risks |
enum (Unknown, High, Medium, Low) |
Query |
status |
Component status |
enum (New, Removed, Modified) |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of of report |
file |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/pdf
-
application/json
Example HTTP request
Request path
/insights/analysis/summary/export?analysisCode=A-7e3-16e5b1aad2a&application=myApp&licenseRisk=Unknown%2C+Low&limit=10&obsolescenceRisk=Unknown%2C+Low&securityRisk=Unknown%2C+Low&status=New
Insights Custom Components
Create custom component
POST /insights/custom/component/add
Description
Creates a new custom component.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Body |
body |
The component to create |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successfully created custom component |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/insights/custom/component/add
Request body
{
"group" : "org.springframework",
"artifact" : "spring-aop",
"version" : "3.2.13.RELEASE",
"language" : "java",
"description" : "This artifact define the spring-aop",
"date" : "2019-08-03T10:15:30Z",
"custom" : false,
"showPublicVulnerabilities" : false,
"showPublicLicenses" : false
}
Example HTTP response
Response 200
{
"result" : "OK"
}
Delete custom component
DELETE /insights/custom/component/delete
Description
Delete custom component or all components that has the same group name, artifact name and technology if the version field is not provided.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Body |
body |
the component to delete |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successfully deleted custom components. In case that version is not provided then the map contains all versions with custom data and its result. The different values could be 'OK' or 'ASSOCIATED_ANALYSIS' this status is that the component has custom data but is not considered public and it is associated with an analysis. |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/insights/custom/component/delete
Request body
{
"group" : "org.springframework",
"artifact" : "spring-core",
"language" : "java",
"version" : "1.0.0"
}
Example HTTP response
Response 200
{
"result" : "OK"
}
Get list of custom components
GET /insights/custom/component/list
Description
Get list of custom components.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
artifactName |
Artifact name |
string |
Query |
count |
The number of the elements per page |
integer |
Query |
groupName |
Group name |
string |
Query |
language |
Language |
string |
Query |
page |
Page number of the request |
integer |
Query |
version |
Version |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successfully get list of custom components |
< CustomComponentRestData > array |
400 |
Bad request |
No Content |
403 |
Access denied |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/insights/custom/component/list?artifactName=spring-core&count=50&groupName=org.springframework&language=java&page=1&version=1.0.0
Example HTTP response
Response 200
[ {
"group" : "org.springframework",
"artifact" : "spring-aop",
"version" : "3.2.13.RELEASE",
"language" : "java",
"description" : "This artifact define the spring-aop",
"date" : "2019-08-03T10:15:30Z",
"custom" : false,
"showPublicVulnerabilities" : false,
"showPublicLicenses" : false
},
...
...
...
{
"group" : "org.springframework",
"artifact" : "spring-core",
"version" : "1.0.0",
"language" : "java",
"description" : "This artifact define the spring-core",
"date" : "2019-08-13T10:15:30Z",
"custom" : false,
"showPublicVulnerabilities" : false,
"showPublicLicenses" : false
} ]
Update custom component
PUT /insights/custom/component/update
Description
Updates a existing custom component.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Body |
body |
The component to update |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successfully updated custom component |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/insights/custom/component/update
Request body
{
"group" : "org.springframework",
"artifact" : "spring-aop",
"version" : "3.2.13.RELEASE",
"language" : "java",
"description" : "This artifact define the spring-aop",
"date" : "2019-08-03T10:15:30Z",
"custom" : false,
"showPublicVulnerabilities" : false,
"showPublicLicenses" : false
}
Example HTTP response
Response 200
{
"result" : "OK"
}
Create association between licenses and artifact
POST /insights/custom/license/artifact
Description
Create association between licenses and artifact
Parameters
Type | Name | Description | Model |
---|---|---|---|
Body |
body |
data to create relation between licenses and artifact |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successfully created association between licenses and artifact |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/insights/custom/license/artifact
Request body
{
"group" : "org.springframework",
"artifact" : "spring-aop",
"language" : "java",
"version" : "3.2.13.RELEASE",
"spdxids" : "Apache-2.0"
}
Example HTTP response
Response 200
{
"result" : "OK"
}
Delete relationship between a license and artifact
DELETE /insights/custom/license/artifact
Description
Delete relationship between a license and artifact
Parameters
Type | Name | Description | Model |
---|---|---|---|
Body |
body |
data to delete relationship between license and artifact |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successfully deleted relationship between a license and artifact |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/insights/custom/license/artifact
Request body
{
"group" : "org.springframework",
"artifact" : "spring-aop",
"language" : "java",
"version" : "3.2.13.RELEASE",
"spdxid" : "Apache-2.0"
}
Example HTTP response
Response 200
{
"result" : "OK"
}
Delete all relationships between licenses and artifact
DELETE /insights/custom/license/artifact/all
Description
Delete all relationships between licenses and artifact
Parameters
Type | Name | Description | Model |
---|---|---|---|
Body |
body |
data to delete all relationships between licenses and artifact |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successfully deleted all relationships between licenses and artifact |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/insights/custom/license/artifact/all
Request body
{
"group" : "org.springframework",
"artifact" : "spring-aop",
"language" : "java",
"version" : "3.2.13.RELEASE"
}
Example HTTP response
Response 200
{
"result" : "OK"
}
Get list of spdx licenses
GET /insights/custom/spdx/licenses
Description
List spdx licenses.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
licenseName |
License name |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of spdx licenses list |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/insights/custom/spdx/licenses?licenseName=Apache
Example HTTP response
Response 200
{
"data" : [ {
"spdxid" : "Apache-2.0",
"details" : "https://spdx.org/licenses/Apache-2.0.html",
"name" : "Apache License 2.0"
} ]
}
Create private vulnerability
POST /insights/custom/vulnerability/add
Description
Creates a new private vulnerability.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Body |
body |
the vulnerability to create |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successfully created private vulnerability |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/insights/custom/vulnerability/add
Request body
{
"vulnerabilityCode" : "CUSTOM-0001",
"cwe" : "CWE-20",
"description" : "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.",
"severity" : "Low",
"v2vectorString" : "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"v2accessVector" : "Local ",
"v2accessComplexty" : "Low",
"v2authentication" : "None",
"v2confidentialityImpact" : "None",
"v2integrityImpact" : "None",
"v2availabilityImpact" : "None",
"v2baseScore" : 4.6,
"v2exploitabilityScore" : 8.5,
"v2impactScore" : 8.5,
"v3vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"v3attackVector" : "Network",
"v3attackComplexity" : "Low",
"v3privilegesRequired" : "Low",
"v3userInteraction" : "None",
"v3scope" : "Unchanged",
"v3confidentialityImpact" : "None",
"v3integrityImpact" : "None",
"v3availabilityImpact" : "None",
"v3baseScore" : 7.5,
"v3baseSeverity" : "Low",
"v3exploitabilityScore" : 3.9,
"v3impactScore" : 3.6,
"vulnerableArtifactVersions" : [ {
"group" : "org.springframework",
"artifact" : "spring-aop",
"language" : "java",
"affectedVersions" : [ {
"fixedVersion" : "1.0.0",
"initialVersion" : "2.0.0",
"endVersion" : "3.0.0",
"includeInitialVersion" : true,
"includeEndVersion" : true
} ]
} ]
}
Example HTTP response
Response 200
{
"result" : "OK"
}
Delete private vulnerability
DELETE /insights/custom/vulnerability/delete/{vulnerabilityCode}
Description
Delete a private vulnerability.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Path |
vulnerabilityCode |
Vulnerability Code |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successfully deleted private vulnerability |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
-
text/plain
Produces
-
application/json
Example HTTP request
Request path
/insights/custom/vulnerability/delete/CUSTOM-0001
Example HTTP response
Response 200
{
"result" : "OK"
}
Get list of private vulnerabilities
GET /insights/custom/vulnerability/list
Description
Get list of private vulnerabilities.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
affectedArtifactName |
Affected artifact name |
string |
Query |
affectedGroupName |
Affected group name |
string |
Query |
affectedLanguage |
Affected language |
string |
Query |
count |
The number of the elements per page |
integer |
Query |
page |
Page number of the request |
integer |
Query |
vulnerabilityCode |
Vulnerability code |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successfully get list of private vulnerabilities |
< PrivateVulnerabilityRestData > array |
400 |
Bad request |
No Content |
403 |
Access denied |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/insights/custom/vulnerability/list?affectedArtifactName=spring-core&affectedGroupName=org.springframework&affectedLanguage=java&count=50&page=1&vulnerabilityCode=MY-VULN-0001
Example HTTP response
Response 200
[ {
"vulnerabilityCode" : "CUSTOM-0001",
"cwe" : "CWE-20",
"description" : "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.",
"severity" : "Low",
"v2vectorString" : "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"v2accessVector" : "Local ",
"v2accessComplexty" : "Low",
"v2authentication" : "None",
"v2confidentialityImpact" : "None",
"v2integrityImpact" : "None",
"v2availabilityImpact" : "None",
"v2baseScore" : 4.6,
"v2exploitabilityScore" : 8.5,
"v2impactScore" : 8.5,
"v3vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"v3attackVector" : "Network",
"v3attackComplexity" : "Low",
"v3privilegesRequired" : "Low",
"v3userInteraction" : "None",
"v3scope" : "Unchanged",
"v3confidentialityImpact" : "None",
"v3integrityImpact" : "None",
"v3availabilityImpact" : "None",
"v3baseScore" : 7.5,
"v3baseSeverity" : "Low",
"v3exploitabilityScore" : 3.9,
"v3impactScore" : 3.6,
"vulnerableArtifactVersions" : [ {
"group" : "org.springframework",
"artifact" : "spring-aop",
"language" : "java",
"affectedVersions" : [ {
"fixedVersion" : "1.0.0",
"initialVersion" : "2.0.0",
"endVersion" : "3.0.0",
"includeInitialVersion" : true,
"includeEndVersion" : true
} ]
} ]
},
...
...
...
{
"vulnerabilityCode" : "CUSTOM-0001",
"cwe" : "CWE-20",
"description" : "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.",
"severity" : "Low",
"v2vectorString" : "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"v2accessVector" : "Local ",
"v2accessComplexty" : "Low",
"v2authentication" : "None",
"v2confidentialityImpact" : "None",
"v2integrityImpact" : "None",
"v2availabilityImpact" : "None",
"v2baseScore" : 4.6,
"v2exploitabilityScore" : 8.5,
"v2impactScore" : 8.5,
"v3vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"v3attackVector" : "Network",
"v3attackComplexity" : "Low",
"v3privilegesRequired" : "Low",
"v3userInteraction" : "None",
"v3scope" : "Unchanged",
"v3confidentialityImpact" : "None",
"v3integrityImpact" : "None",
"v3availabilityImpact" : "None",
"v3baseScore" : 7.5,
"v3baseSeverity" : "Low",
"v3exploitabilityScore" : 3.9,
"v3impactScore" : 3.6,
"vulnerableArtifactVersions" : [ {
"group" : "org.springframework",
"artifact" : "spring-aop",
"language" : "java",
"affectedVersions" : [ {
"fixedVersion" : "1.0.0",
"initialVersion" : "2.0.0",
"endVersion" : "3.0.0",
"includeInitialVersion" : true,
"includeEndVersion" : true
} ]
} ]
} ]
Update private vulnerability
PUT /insights/custom/vulnerability/update/{vulnerabilityCode}
Description
Updates a private vulnerability.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Path |
vulnerabilityCode |
Vulnerability Code |
string |
Body |
body |
the vulnerability to update |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successfully updated private vulnerability |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/insights/custom/vulnerability/update/CUSTOM-0001
Request body
{
"vulnerabilityCode" : "CUSTOM-0001",
"cwe" : "CWE-20",
"description" : "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.",
"severity" : "Low",
"v2vectorString" : "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"v2accessVector" : "Local ",
"v2accessComplexty" : "Low",
"v2authentication" : "None",
"v2confidentialityImpact" : "None",
"v2integrityImpact" : "None",
"v2availabilityImpact" : "None",
"v2baseScore" : 4.6,
"v2exploitabilityScore" : 8.5,
"v2impactScore" : 8.5,
"v3vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"v3attackVector" : "Network",
"v3attackComplexity" : "Low",
"v3privilegesRequired" : "Low",
"v3userInteraction" : "None",
"v3scope" : "Unchanged",
"v3confidentialityImpact" : "None",
"v3integrityImpact" : "None",
"v3availabilityImpact" : "None",
"v3baseScore" : 7.5,
"v3baseSeverity" : "Low",
"v3exploitabilityScore" : 3.9,
"v3impactScore" : 3.6,
"vulnerableArtifactVersions" : [ {
"group" : "org.springframework",
"artifact" : "spring-aop",
"language" : "java",
"affectedVersions" : [ {
"fixedVersion" : "1.0.0",
"initialVersion" : "2.0.0",
"endVersion" : "3.0.0",
"includeInitialVersion" : true,
"includeEndVersion" : true
} ]
} ]
}
Example HTTP response
Response 200
{
"result" : "OK"
}
Languages
Get languages
GET /languages
Description
Obtains a map of languages specifying the language code and the language name
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successfully retrieval of languages map |
< string, string > map |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/languages
Example HTTP response
Response 200
"object"
Management
Create application
POST /applications
Description
Creates a new application in your account.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Body |
body |
the application to create |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successfully created application |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/applications
Request body
{
"name" : "myApp",
"model" : "CQM",
"description" : "GitHub Android App",
"portfolios" : [ {
"portfolioName" : "country",
"portfolioValue" : "spain"
} ],
"targets" : {
"string" : 0.0
},
"newName" : "myNewApp",
"businessValue" : "CRITICAL",
"provider" : "Lab",
"modelId" : 1243,
"newModelId" : 1345,
"forceModel" : true,
"sourceCodeUpload" : true,
"audit" : "true"
}
Example HTTP response
Response 200
{
"result" : "OK"
}
Update application with query parameter
PUT /applications
Description
Modifies the information of an application in your account.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Body |
body |
the application to modify |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successfully modified application |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/applications
Request body
{
"name" : "myApp",
"model" : "CQM",
"description" : "GitHub Android App",
"portfolios" : [ {
"portfolioName" : "country",
"portfolioValue" : "spain"
} ],
"targets" : {
"string" : 0.0
},
"newName" : "myNewApp",
"businessValue" : "CRITICAL",
"provider" : "Lab",
"modelId" : 1243,
"newModelId" : 1345,
"forceModel" : true,
"sourceCodeUpload" : true,
"audit" : "true"
}
Example HTTP response
Response 200
{
"result" : "OK"
}
Delete application
DELETE /applications
Description
Deletes an application of your account.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
application |
Application name |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successfully deleted application |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/applications?application=myApp
Example HTTP response
Response 200
{
"result" : "OK"
}
Update application
PUT /applications/{application}
Description
Modifies the information of an application in your account.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Path |
application |
Application name |
string |
Body |
body |
the application to modify |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successfully updated application |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/applications/myApp
Request body
{
"name" : "myApp",
"model" : "CQM",
"description" : "GitHub Android App",
"portfolios" : [ {
"portfolioName" : "country",
"portfolioValue" : "spain"
} ],
"targets" : {
"string" : 0.0
},
"newName" : "myNewApp",
"businessValue" : "CRITICAL",
"provider" : "Lab",
"modelId" : 1243,
"newModelId" : 1345,
"forceModel" : true,
"sourceCodeUpload" : true,
"audit" : "true"
}
Example HTTP response
Response 200
{
"result" : "OK"
}
Get users roles for application
GET /applications/{application}/users/roles
Description
Get users roles for application. Use 'username' and 'exactUsername' to filter results.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Path |
application |
Application name |
string |
Query |
exactUsername |
Indicates if the username must be equals (ignore case). Only apply if username is provided |
boolean |
Query |
username |
'username' mask to filter results |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval users application roles |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/applications/myApp/users/roles?exactUsername=true&username=john.smith%40myCompany.com
Example HTTP response
Response 200
{
"username" : "username",
"roleName" : "None",
"override" : true
}
Portfolio
Create or update portfolio definitions
POST /portfolios
Description
Creates or update portfolio definitions for an account.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Body |
body |
Portfolio to be saved |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successfully created or updated portfolio definition |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/portfolios
Request body
{
"name" : "provider",
"description" : "List of company providers",
"isSystemPortfolio" : true,
"values" : "["Lab", "Factory"]"
}
Example HTTP response
Response 200
{
"result" : "OK"
}
Get portfolio definitions
GET /portfolios
Description
Obtains the portfolio definitions of an account.
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of portfolio definitions list |
< PortfolioDefinitionData > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/portfolios
Example HTTP response
Response 200
[
{
"name": "businessValue",
"values": [
"CRITICAL",
"HIGH",
"MEDIUM",
"LOW",
"VERY LOW"
],
"isSystemPortfolio": true
},
...
...
...
{
"name": "provider",
"description": "List of company providers",
"values": [],
"isSystemPortfolio": true
}
]
Get users roles by portfolio
GET /portfolios/{portfolio}/users/roles
Description
List the users roles for the portfolio. Use 'username', 'exactUsername', 'portfolioValue' and 'exactPortfolioValue' to filter results.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Path |
portfolio |
Portfolio name |
string |
Query |
exactPortfolioValue |
Indicates if the portfolioValue must be equals (ignore case). Only apply if portfolioValue is provided |
boolean |
Query |
exactUsername |
Indicates if the username must be equals (ignore case). Only apply if username is provided |
boolean |
Query |
portfolioValue |
'portfolioValue' mask to filter results |
string |
Query |
username |
'username' mask to filter results |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval portfolio users roles |
< UserPortfolioRoleData > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/portfolios/businessValue/users/roles?exactPortfolioValue=true&exactUsername=true&portfolioValue=high&username=username
Example HTTP response
Response 200
[
{
"type": "SYSTEM",
"username": "username",
"portfolioValue": "HIGH",
"roleName": "Write"
},
...
...
...
{
"type": "SYSTEM",
"username": "username",
"portfolioValue": "VERY LOW",
"roleName": "Write"
}
]
Get list of portfolio values by portfolio name
GET /portfolios/{portfolio}/values/list
Description
List all portfolio values asociated to portfolio name. This endpoint return an error code 15 if the portfolio name not exists, in other case, it return the list of portfolio values.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Path |
portfolio |
Portfolio name |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval list of portfolio value for this portfolio name |
< string > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/portfolios/businessValue/values/list
Example HTTP response
Response 200
[
"string1"
...
...
...
...
"stringN"
]
Get if portfolio and portfolio value exists
GET /portfolios/{portfolio}/{value}/exists
Description
Check if portfolio and portfolio value exists. This endpoint return an error code 15 if the portfolio name not exists and return true if exists the pair protfolio name and value and false if exists portfolio name but not exists the portfolio value for this portfolio name.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Path |
portfolio |
Portfolio name |
string |
Path |
value |
Portfolio value |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval if portfolio name and portfolio value exists |
boolean |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/portfolios/businessValue/high/exists
Example HTTP response
Response 200
true
Security
Get permissions for an action
GET /security/permissions/{action}
Description
Returns grant information on the specified action for the authenticated user. Recognized actions: MUTE_DEFECTS, CHANGE_DEFECT_STATUS
Parameters
Type | Name | Description | Model |
---|---|---|---|
Path |
action |
Action name |
enum (MUTE_DEFECTS, CHANGE_DEFECT_STATUS) |
Query |
appId |
Application identifier |
string |
Query |
application |
Application name |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of grant information |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/security/permissions/MUTE_DEFECTS?appId=234&application=myApp
Example HTTP response
Response 200
{
"actionCode" : "MUTE_DEFECTS",
"granted" : true
}
User
Get applications roles by user
GET /user/{username}/applications/roles
Description
List the applications roles for the username. Use 'applicationName' and 'exactApplicationName' to filter results.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Path |
username |
User name |
string |
Query |
applicationName |
'applicationName' mask to filter results |
string |
Query |
exactApplicationName |
Indicates if the applicationName must be equals (ignore case). Only apply if applicationName is provided |
boolean |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval user applications roles |
< ApplicationRoleData > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/user/john.smith%40myCompany.com/applications/roles?applicationName=myApp&exactApplicationName=true
Example HTTP response
Response 200
[ {
"name" : "ApplicationInJapan",
"roleName" : "None",
"override" : true
},
...
...
...
{
"name" : "ApplicationInUS",
"roleName" : "Write",
"override" : true
} ]
Get portfolios roles by user
GET /user/{username}/portfolios/roles
Description
List the portfolios roles for the username. Use 'portfolioName', 'exactPortfolioName', 'portfolioValue' and 'exactPortfolioValue' to filter results.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Path |
username |
User name |
string |
Query |
exactPortfolioName |
Indicates if the portfolioName must be equals (ignore case). Only apply if portfolioName is provided |
boolean |
Query |
exactPortfolioValue |
Indicates if the portfolioValue must be equals (ignore case). Only apply if portfolioValue is provided |
boolean |
Query |
portfolioName |
'portfolioName' mask to filter results |
string |
Query |
portfolioValue |
'portfolioValue' mask to filter results |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval user portfolios roles |
< PortfolioRoleData > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/user/john.smith%40myCompany.com/portfolios/roles?exactPortfolioName=true&exactPortfolioValue=true&portfolioName=businessValue&portfolioValue=high
Example HTTP response
Response 200
[ {
"type" : "CUSTOM",
"portfolioName" : "Region",
"portfolioValue" : "Asia",
"roleName" : "Write"
},
...
...
...
{
"type" : "SYSTEM",
"portfolioName" : "businessValue",
"portfolioValue" : "HIGH",
"roleName" : "Write"
} ]
Create user
POST /users
Description
Creates a new user in your account.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Body |
body |
the user to create |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successfully created user |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/users
Request body
{
"username" : "john.smith@myCompany.com",
"firstName" : "John",
"lastName" : "Smith",
"enabled" : true,
"email" : "john.smith@myCompany.com",
"generatePassword" : true,
"regeneratePassword" : false,
"enableLoginWithPassword" : true,
"accessControlConfiguration" : {
"assignmentMode" : "OVERWRITE",
"overrideUserGroupConfig" : true,
"managementFeatures" : "["MANAGE_APPLICATIONS","MANAGE_MODELS","VIEW_LIFE_CYCLE"]",
"portfolioRoles" : [ {
"type" : "CUSTOM",
"portfolioName" : "Region",
"portfolioValue" : "Asia",
"roleName" : "Write"
} ],
"applicationRoles" : [ {
"name" : "ApplicationInJapan",
"roleName" : "None",
"override" : true
} ],
"businessValueRoles" : [ {
"type" : "SYSTEM",
"portfolioValue" : "CRITICAL",
"roleName" : "Readonly"
} ],
"providerRoles" : [ {
"type" : "SYSTEM",
"portfolioValue" : "Provider1",
"roleName" : "Write"
} ]
}
}
Example HTTP response
Response 200
{
"result" : "OK"
}
Get list of users
GET /users
Description
List the users of your account. Use 'username' and 'emailAddress' (logical AND) to filter results.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
emailAddress |
'emailAddress' mask to filter results |
string |
Query |
exactUsername |
Indicates if the username must be equals (ignore case). Only apply if username is provided |
boolean |
Query |
username |
'username' mask to filter results |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of users list |
< UserDetailResponse > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/users?emailAddress=john.smith%40myCompany.com&exactUsername=true&username=john.smith%40myCompany.com
Example HTTP response
Response 200
[ {
"username" : "john.smith@myCompany.com",
"firstName" : "John",
"lastName" : "Smith",
"enabled" : true,
"email" : "john.smith@myCompany.com",
"isOwner" : false,
"enableLoginWithPassword" : true
},
...
...
...
{
"username" : "kiuwan.admin@myCompany.com",
"firstName" : "kiuwan",
"lastName" : "admin",
"enabled" : true,
"email" : "kiuwan.admin@myCompany.com",
"isOwner" : false,
"enableLoginWithPassword" : true
} ]
Get list of users and application permissions
GET /users/applications/permissions
Description
List the users of your account with their application permissions. Use 'username' and 'emailAddress' and 'applicationName' (logical AND) to filter results.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Query |
applicationName |
'applicationName' mask to filter results |
string |
Query |
emailAddress |
'emailAddress' mask to filter results |
string |
Query |
exactApplicationName |
Indicates if the applicationName must be equals (ignore case). Only apply if applicationName is provided |
boolean |
Query |
exactUsername |
Indicates if the username must be equals (ignore case). Only apply if username is provided |
boolean |
Query |
username |
'username' mask to filter results |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of users list with their application permissions |
< UserAppsPermissionsResponse > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/users/applications/permissions?applicationName=myApp&emailAddress=john.smith%40myCompany.com&exactApplicationName=true&exactUsername=true&username=john.smith%40myCompany.com
Example HTTP response
Response 200
[ {
"username" : "john.smith@myCompany.com",
"email" : "john.smith@myCompany.com",
"firstName" : "John",
"lastName" : "Smith",
"managementFeatures" : ["MANAGE_APPLICATIONS","MANAGE_MODELS"],
"enabled" : true,
"supportEnabled" : true,
"overrideUserGroup" : true,
"manageApplications" : true,
"manageUsers" : true,
"manageModels" : true,
"manageAudits" : true,
"manageReports" : true,
"applicationPermissionsData" : [ {
"applicationName" : "myApp",
"roleName" : "None",
"override" : true,
"deleteActionPlans" : true,
"deleteAnalysis" : true,
"deleteDeliveries" : true,
"executeAnalysis" : true,
"executeDeliveries" : true,
"exportActionPlansJira" : true,
"muteDefects" : true,
"changeDefectStatus" : true,
"saveActionPlans" : true,
"viewApplicationData" : true,
"viewDeliveries" : true
} ]
},
...
...
...
{
"username" : "kiuwan.admin@myCompany.com",
"email" : "kiuwan.admin@myCompany.com",
"firstName" : "kiuwan",
"lastName" : "admin",
"managementFeatures" : ["MANAGE_APPLICATIONS","MANAGE_MODELS"],
"enabled" : true,
"supportEnabled" : true,
"overrideUserGroup" : true,
"manageApplications" : true,
"manageUsers" : true,
"manageModels" : true,
"manageAudits" : true,
"manageReports" : true,
"applicationPermissionsData" : [ {
"applicationName" : "myApp",
"roleName" : "None",
"override" : true,
"deleteActionPlans" : true,
"deleteAnalysis" : true,
"deleteDeliveries" : true,
"executeAnalysis" : true,
"executeDeliveries" : true,
"exportActionPlansJira" : true,
"muteDefects" : true,
"changeDefectStatus" : true,
"saveActionPlans" : true,
"viewApplicationData" : true,
"viewDeliveries" : true
} ]
} ]
Update user
PUT /users/{username}
Description
Modifies the information of an user in your account.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Path |
username |
User name |
string |
Body |
body |
the user to update |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successfully updated user |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/users/john.smith%40myCompany.com
Request body
{
"username" : "john.smith@myCompany.com",
"firstName" : "John",
"lastName" : "Smith",
"enabled" : true,
"email" : "john.smith@myCompany.com",
"generatePassword" : true,
"regeneratePassword" : false,
"enableLoginWithPassword" : true,
"accessControlConfiguration" : {
"assignmentMode" : "OVERWRITE",
"overrideUserGroupConfig" : true,
"managementFeatures" : "["MANAGE_APPLICATIONS","MANAGE_MODELS","VIEW_LIFE_CYCLE"]",
"portfolioRoles" : [ {
"type" : "CUSTOM",
"portfolioName" : "Region",
"portfolioValue" : "Asia",
"roleName" : "Write"
} ],
"applicationRoles" : [ {
"name" : "ApplicationInJapan",
"roleName" : "None",
"override" : true
} ],
"businessValueRoles" : [ {
"type" : "SYSTEM",
"portfolioValue" : "CRITICAL",
"roleName" : "Readonly"
} ],
"providerRoles" : [ {
"type" : "SYSTEM",
"portfolioValue" : "Provider1",
"roleName" : "Write"
} ]
}
}
Example HTTP response
Response 200
{
"result" : "OK"
}
Delete user
DELETE /users/{username}
Description
Delete a user of your account.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Path |
username |
User name |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successfully deleted user |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
-
text/plain
Produces
-
application/json
Example HTTP request
Request path
/users/john.smith%40myCompany.com
Example HTTP response
Response 200
{
"result" : "OK"
}
UserGroup
Create user group
POST /userGroups
Description
Creates a new user group in your account.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Body |
body |
The user group to create |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successfully created an user group |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/userGroups
Request body
{
"name" : "CMSDevelopers",
"newName" : "CMS_Developers",
"users" : "john.smith@myCompany.com, kelly.smith@myCompany.com",
"accessControlConfiguration" : {
"assignmentMode" : "OVERWRITE",
"overrideUserGroupConfig" : true,
"managementFeatures" : "["MANAGE_APPLICATIONS","MANAGE_MODELS","VIEW_LIFE_CYCLE"]",
"portfolioRoles" : [ {
"type" : "CUSTOM",
"portfolioName" : "Region",
"portfolioValue" : "Asia",
"roleName" : "Write"
} ],
"applicationRoles" : [ {
"name" : "ApplicationInJapan",
"roleName" : "None",
"override" : true
} ],
"businessValueRoles" : [ {
"type" : "SYSTEM",
"portfolioValue" : "CRITICAL",
"roleName" : "Readonly"
} ],
"providerRoles" : [ {
"type" : "SYSTEM",
"portfolioValue" : "Provider1",
"roleName" : "Write"
} ]
}
}
Example HTTP response
Response 200
{
"result" : "OK"
}
Get list of user groups
GET /userGroups
Description
List the user groups of your account.
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successful retrieval of user groups list |
< UserGroupResponse > array |
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Produces
-
application/json
Example HTTP request
Request path
/userGroups
Example HTTP response
Response 200
[ {
"name" : "CMSDevelopers",
"users" : "john.smith@myCompany.com, kelly.smith@myCompany.com"
},
...
...
...
{
"name" : "newCMSDevelopers",
"users" : "john.smith@myCompany.com"
} ]
Update user group
PUT /userGroups/{name}
Description
Modifies the information of an user group in your account.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Path |
name |
User group name |
string |
Body |
body |
The user group to modify |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successfully modified an user group |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
Produces
-
application/json
Example HTTP request
Request path
/userGroups/CMSDevelopers
Request body
{
"name" : "CMSDevelopers",
"newName" : "CMS_Developers",
"users" : "john.smith@myCompany.com, kelly.smith@myCompany.com",
"accessControlConfiguration" : {
"assignmentMode" : "OVERWRITE",
"overrideUserGroupConfig" : true,
"managementFeatures" : "["MANAGE_APPLICATIONS","MANAGE_MODELS","VIEW_LIFE_CYCLE"]",
"portfolioRoles" : [ {
"type" : "CUSTOM",
"portfolioName" : "Region",
"portfolioValue" : "Asia",
"roleName" : "Write"
} ],
"applicationRoles" : [ {
"name" : "ApplicationInJapan",
"roleName" : "None",
"override" : true
} ],
"businessValueRoles" : [ {
"type" : "SYSTEM",
"portfolioValue" : "CRITICAL",
"roleName" : "Readonly"
} ],
"providerRoles" : [ {
"type" : "SYSTEM",
"portfolioValue" : "Provider1",
"roleName" : "Write"
} ]
}
}
Example HTTP response
Response 200
{
"result" : "OK"
}
Delete user group
DELETE /userGroups/{name}
Description
Deletes a user group of your account.
Parameters
Type | Name | Description | Model |
---|---|---|---|
Path |
name |
User group name |
string |
Responses
HTTP Code | Description | Model |
---|---|---|
200 |
Successfully deleted an user group |
|
400 |
Bad format |
No Content |
403 |
Access denied |
No Content |
404 |
Resource not found |
No Content |
429 |
Quota limit reached |
No Content |
500 |
Internal server error |
No Content |
Consumes
-
application/json
-
text/plain
Produces
-
application/json
Example HTTP request
Request path
/userGroups/CMSDevelopers
Example HTTP response
Response 200
{
"result" : "OK"
}
Model
AccessControlConfigurationData
Data object to configure user Access Control
Name | Description | Model |
---|---|---|
applicationRoles |
Application roles list |
< ApplicationRoleData > array |
assignmentMode |
Indicates how to update the permissions. Can be ADD, DELETE or OVERWRITE. |
enum (ADD, DELETE, OVERWRITE) |
businessValueRoles |
Business value portofolio roles list |
< BusinessValuePortfolioRoleData > array |
managementFeatures |
Management features to enable/disable. Allowed values are { MANAGE_APPLICATIONS | MANAGE_ALL_USERS | MANAGE_MODELS | MANAGE_AUDITS | MANAGE_REPORTS | VIEW_GOVERNANCE | VIEW_CODE_ANALYSIS | VIEW_CODE_SECURITY | VIEW_INSIGHTS | VIEW_LIFE_CYCLE } |
< string > array |
overrideUserGroupConfig |
Indicates if override user group config or not |
boolean |
portfolioRoles |
Portfolio roles list |
< PortfolioRoleData > array |
providerRoles |
Provider portfolio roles list |
< ProviderPortfolioRoleData > array |
ActionPlanDefectsResponse
Response object for action plan defects
Name | Description | Model |
---|---|---|
allDefects |
List of action plan defects |
< DefectDetailResponse > array |
assignedTo |
User assigned to this action plan |
string |
createdBy |
User action plan creator |
string |
creation |
Creation time |
string |
description |
Action plan Description |
string |
estimate |
Total effort estimated time |
string |
expiration |
Expiration time |
string |
name |
Action plan name |
string |
pendingEffort |
Pending effort estimated time |
string |
progress |
Action plan progress |
number (double) |
purged |
Indicates if the action plan is purged |
boolean |
ActionPlanDetailResponse
Response object for action plan details
Name | Description | Model |
---|---|---|
assignedTo |
User assigned to this action plan |
string |
createdBy |
User action plan creator |
string |
creation |
Creation time |
string |
description |
Action plan Description |
string |
estimate |
Total effort estimated time |
string |
expiration |
Expiration time |
string |
name |
Action plan name |
string |
pendingEffort |
Pending effort estimated time |
string |
progress |
Action plan progress |
number (double) |
purged |
Indicates if the action plan is purged |
boolean |
ActionPlanPendingDefectsResponse
Response object for action plan pending defects
Name | Description | Model |
---|---|---|
assignedTo |
User assigned to this action plan |
string |
createdBy |
User action plan creator |
string |
creation |
Creation time |
string |
description |
Action plan Description |
string |
estimate |
Total effort estimated time |
string |
expiration |
Expiration time |
string |
name |
Action plan name |
string |
pendingDefects |
List of action plan pending defects |
< DefectDetailResponse > array |
pendingEffort |
Pending effort estimated time |
string |
progress |
Action plan progress |
number (double) |
purged |
Indicates if the action plan is purged |
boolean |
ActionPlanProgressResponse
Response object for action plan in progress
Name | Description | Model |
---|---|---|
assignedTo |
User assigned to this action plan |
string |
createdBy |
User action plan creator |
string |
creation |
Creation time |
string |
description |
Action plan Description |
string |
effortToTargetAfter |
Effort to target after action plan |
number (double) |
effortToTargetBefore |
Effort to target before action plan |
number (double) |
estimate |
Total effort estimated time |
string |
expiration |
Expiration time |
string |
globalIndicatorAfter |
Global indicator after action plan |
number (double) |
globalIndicatorBefore |
Global indicator before action plan |
number (double) |
metrics |
Map of action plan metrics |
< string, number (double) > map |
name |
Action plan name |
string |
pendingEffort |
Pending effort estimated time |
string |
progress |
Action plan progress |
number (double) |
purged |
Indicates if the action plan is purged |
boolean |
qualityIndicatorsAfter |
Map of quality indicators after action plan |
< string, number (double) > map |
qualityIndicatorsBefore |
Map of quality indicators before action plan |
< string, number (double) > map |
riskIndexAfter |
Risk index after action plan |
number (double) |
riskIndexBefore |
Risk index before action plan |
number (double) |
ActionPlanRemovedDefectsResponse
Response object for action plan removed defects
Name | Description | Model |
---|---|---|
assignedTo |
User assigned to this action plan |
string |
createdBy |
User action plan creator |
string |
creation |
Creation time |
string |
description |
Action plan Description |
string |
estimate |
Total effort estimated time |
string |
expiration |
Expiration time |
string |
name |
Action plan name |
string |
pendingEffort |
Pending effort estimated time |
string |
progress |
Action plan progress |
number (double) |
purged |
Indicates if the action plan is purged |
boolean |
removedDefects |
List of action plan removed defects |
< DefectDetailResponse > array |
ActivitiesResponse
Name | Description | Model |
---|---|---|
action |
Activity action |
string |
affectedItems |
Affected elements by the activity |
< AffectedItemData > array |
date |
Activity date |
string |
description |
Activity description |
string |
elementType |
Activity type |
string |
user |
User which did the activity |
string |
ActivityResponse
Name | Description | Model |
---|---|---|
activity |
Activities list |
< ActivitiesResponse > array |
itemsPerPage |
Items per page |
integer (int32) |
startIndex |
Start index |
integer (int32) |
totalResults |
Total results |
integer (int32) |
AffectedItemData
Name | Description | Model |
---|---|---|
oldValue |
Affected item old value |
string |
type |
Affected item type |
string |
value |
Affected item value |
string |
AffectedVersionsData
Data object for Affected Versions
Name | Description | Model |
---|---|---|
endVersion |
If affected versions is a range of versions this is the end version. If this field is not provided and the affected versions is a range then all versions geather than inital versions will be considered affected |
string |
fixedVersion |
If affected version is a fixed version. One of these two fields 'fixedVersion' or 'initialVersion' is required |
string |
includeEndVersion |
If end version is included or not |
boolean |
includeInitialVersion |
If initial version is included or not |
boolean |
initialVersion |
If affected versions is a range of versions this is the initial version. One of these two fields 'fixedVersion' or 'initialVersion' is required |
string |
AnalysisDefectsResponse
Response object for Analysis Defects
Name | Description | Model |
---|---|---|
Effort to target |
Effort to target metric |
|
Main metrics |
Main metrics list |
< MetricValueData > array |
Quality indicator |
Quality indicator metric |
|
Risk index |
Risk index metric |
|
Security |
Map of security metrics |
< string, object > map |
activeDefects_count |
Active defects count |
integer (int32) |
analysisBusinessValue |
Analysis business value |
enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL) |
analysisCode |
Analysis code |
string |
analysisPortfolios |
Map of analysis portfolios |
< string, string > map |
analysisProvider |
Analysis provider |
string |
analysisStatus |
Analysis status |
enum (EXECUTING, FINISHED, FINISHED_WITH_ERROR) |
analysisURL |
Kiuwan link to view the analysis detail |
string |
applicationBusinessValue |
Application business value |
enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL) |
applicationPortfolios |
Map of application portfolios |
< string, string > map |
applicationProvider |
Application provider |
string |
architecture |
Architecture detail |
|
auditName |
Application audit name |
string |
auditResultURL |
Kiuwan link to view the audit result of the analisys |
string |
count |
Number of defects in this response |
integer (int32) |
creationDate |
Date of initial analysis |
string |
date |
Analysis creation date |
string |
defects |
Defects detail list |
< DefectDetailResponse > array |
defects_count |
Defects count |
integer (int32) |
description |
Application description |
string |
encoding |
Analysis encoding |
string |
insightsData |
Insights metadata |
|
label |
Analysis label |
string |
languages |
Languages metric list |
< MetricValueData > array |
lastSuccessfulBaseline |
last Baseline Analysis Summary |
|
lastSuccessfulDelivery |
last successful delivery |
|
modelId |
Analysis model identifier |
integer (int64) |
name |
Application name |
string |
ordered_by |
Analysis user invoker |
string |
page |
Page number |
integer (int32) |
quality_model |
Application quality model name |
string |
supressedDefects_count |
Supressed defects count |
integer (int32) |
unparsedFiles |
Unparsed Files |
< UnparsedFileData > array |
AnalysisFilesResponse
Response object for Analysis Files
Name | Description | Model |
---|---|---|
Effort to target |
Effort to target metric |
|
Main metrics |
Main metrics list |
< MetricValueData > array |
Quality indicator |
Quality indicator metric |
|
Risk index |
Risk index metric |
|
Security |
Map of security metrics |
< string, object > map |
analysisBusinessValue |
Analysis business value |
enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL) |
analysisCode |
Analysis code |
string |
analysisPortfolios |
Map of analysis portfolios |
< string, string > map |
analysisProvider |
Analysis provider |
string |
analysisStatus |
Analysis status |
enum (EXECUTING, FINISHED, FINISHED_WITH_ERROR) |
analysisURL |
Kiuwan link to view the analysis detail |
string |
applicationBusinessValue |
Application business value |
enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL) |
applicationPortfolios |
Map of application portfolios |
< string, string > map |
applicationProvider |
Application provider |
string |
architecture |
Architecture detail |
|
auditName |
Application audit name |
string |
auditResultURL |
Kiuwan link to view the audit result of the analisys |
string |
count |
Number of files in this response |
integer (int32) |
creationDate |
Date of initial analysis |
string |
date |
Analysis creation date |
string |
description |
Application description |
string |
encoding |
Analysis encoding |
string |
files |
Files list |
< FileData > array |
files_count |
Number of files |
integer (int32) |
insightsData |
Insights metadata |
|
label |
Analysis label |
string |
languages |
Languages metric list |
< MetricValueData > array |
lastSuccessfulBaseline |
last Baseline Analysis Summary |
|
lastSuccessfulDelivery |
last successful delivery |
|
modelId |
Analysis model identifier |
integer (int64) |
name |
Application name |
string |
ordered_by |
Analysis user invoker |
string |
page |
Page number |
integer (int32) |
quality_model |
Application quality model name |
string |
unparsedFiles |
Unparsed Files |
< UnparsedFileData > array |
AnalysisResponse
Response object for Analysis
Name | Description | Model |
---|---|---|
analysisBusinessValue |
Analysis business value |
enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL) |
analysisPortfolios |
Map of analysis portfolios |
< string, object > map |
analysisProvider |
Analysis provider |
string |
analysisScope |
Analysis scope |
enum (Baseline, Complete delivery, Partial delivery) |
auditResult |
Delivery audit result |
string |
branchName |
Delivery branch name |
string |
changeRequest |
Delivery change request |
string |
changeRequestStatus |
Change request status |
enum (Resolved, In progress) |
code |
Analysis code |
string |
creationDate |
Analysis creation date |
string |
encoding |
Analysis enconding |
string |
errorCode |
Analysis error code |
string |
invoker |
Analysis user invoker |
string |
label |
Analysis label |
string |
metrics |
Map of analysis metrics |
< string, number (double) > map |
modelId |
Model indentifier |
string |
qualityModel |
Quality model |
string |
status |
Analysis status |
enum (INQUEUE, FAIL, SUCCESS, RUNNING) |
unparsedFiles |
Unparsed files list |
< UnparsedFileData > array |
AnalysisResultResponse
Response object for Analysis Result
Name | Description | Model |
---|---|---|
Effort to target |
Effort to target metric |
|
Main metrics |
Main metrics list |
< MetricValueData > array |
Quality indicator |
Quality indicator metric |
|
Risk index |
Risk index metric |
|
Security |
Map of security metrics |
< string, object > map |
analysisBusinessValue |
Analysis business value |
enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL) |
analysisCode |
Analysis code |
string |
analysisPortfolios |
Map of analysis portfolios |
< string, string > map |
analysisProvider |
Analysis provider |
string |
analysisScope |
Analysis scope |
enum (Baseline, Complete delivery, Partial delivery) |
analysisStatus |
Analysis status |
enum (EXECUTING, FINISHED, FINISHED_WITH_ERROR) |
analysisURL |
Kiuwan link to view the analysis detail |
string |
applicationBusinessValue |
Application business value |
enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL) |
applicationPortfolios |
Map of application portfolios |
< string, string > map |
applicationProvider |
Application provider |
string |
architecture |
Architecture detail |
|
auditName |
Application audit name |
string |
auditResult |
Delivery audit result detail |
|
auditResultURL |
Kiuwan link to view the audit result of the analisys |
string |
baselineAnalysisCode |
Baseline analysis code |
string |
branchName |
Delivery branch name |
string |
changeRequest |
Delivery change request |
string |
changeRequestStatus |
Delivery change request status |
enum (Resolved, In progress) |
creationDate |
Date of initial analysis |
string |
date |
Analysis creation date |
string |
deliveryDefects |
Delivery defects |
|
deliveryFiles |
Delivery files detail |
|
description |
Application description |
string |
encoding |
Analysis encoding |
string |
insightsData |
Insights metadata |
|
label |
Analysis label |
string |
languages |
Languages metric list |
< MetricValueData > array |
lastSuccessfulBaseline |
last Baseline Analysis Summary |
|
lastSuccessfulDelivery |
last successful delivery |
|
modelId |
Analysis model identifier |
integer (int64) |
name |
Application name |
string |
ordered_by |
Analysis user invoker |
string |
quality_model |
Application quality model name |
string |
unparsedFiles |
Unparsed files |
< UnparsedFileData > array |
AnalysisSearchResponse
Response object for Analysis Search
Name | Description | Model |
---|---|---|
analysisBusinessValue |
Analysis business value |
string |
analysisPortfolios |
Map of analysis portfolios |
< string, object > map |
analysisProvider |
Analysis provider |
string |
analysisScope |
Analysis scope |
string |
applicationName |
Application name of this analysis |
string |
auditResult |
Delivery audit result |
string |
branchName |
Delivery branch name |
string |
changeRequest |
Delivery change request |
string |
changeRequestStatus |
Change request status |
string |
code |
Analysis code |
string |
creationDate |
Analysis creation date |
string |
encoding |
Analysis enconding |
string |
errorCode |
Analysis error code |
string |
invoker |
Analysis user invoker |
string |
label |
Analysis label |
string |
metrics |
Map of analysis metrics |
< string, object > map |
modelId |
Model indentifier |
string |
qualityModel |
Quality model |
string |
status |
Analysis status |
string |
unparsedFiles |
Unparsed files list |
< UnparsedFileData > array |
ApplicationAnalysisResponse
Response object for Application and Analysis details
Name | Description | Model |
---|---|---|
Effort to target |
Effort to target metric |
|
Main metrics |
Main metrics list |
< MetricValueData > array |
Quality indicator |
Quality indicator metric |
|
Risk index |
Risk index metric |
|
Security |
Map of security metrics |
< string, object > map |
analysisBusinessValue |
Analysis business value |
enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL) |
analysisCode |
Analysis code |
string |
analysisPortfolios |
Map of analysis portfolios |
< string, string > map |
analysisProvider |
Analysis provider |
string |
analysisStatus |
Analysis status |
enum (EXECUTING, FINISHED, FINISHED_WITH_ERROR) |
analysisURL |
Kiuwan link to view the analysis detail |
string |
applicationBusinessValue |
Application business value |
enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL) |
applicationPortfolios |
Map of application portfolios |
< string, string > map |
applicationProvider |
Application provider |
string |
architecture |
Architecture detail |
|
auditName |
Application audit name |
string |
auditResultURL |
Kiuwan link to view the audit result of the analisys |
string |
creationDate |
Date of initial analysis |
string |
date |
Analysis creation date |
string |
description |
Application description |
string |
encoding |
Analysis encoding |
string |
insightsData |
Insights metadata |
|
label |
Analysis label |
string |
languages |
Languages metric list |
< MetricValueData > array |
lastSuccessfulBaseline |
last Baseline Analysis Summary |
|
lastSuccessfulDelivery |
last successful delivery |
|
modelId |
Analysis model identifier |
integer (int64) |
name |
Application name |
string |
ordered_by |
Analysis user invoker |
string |
quality_model |
Application quality model name |
string |
unparsedFiles |
Unparsed Files |
< UnparsedFileData > array |
ApplicationManagementRequest
Request object for Application Management
Name | Description | Model |
---|---|---|
audit |
Audit |
string |
businessValue |
Application business value |
enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL) |
description |
Application description |
string |
forceModel |
Force model |
boolean |
model |
Application model name |
string |
modelId |
Application model identifier |
integer (int64) |
name |
Application name |
string |
newModelId |
New model identifier |
integer (int64) |
newName |
New application name |
string |
portfolios |
Application portfolios list |
< PortfolioData > array |
provider |
Application provider |
string |
sourceCodeUpload |
Source code upload |
boolean |
targets |
Application targets map |
< string, number (double) > map |
ApplicationPermissionsData
Response object for Application Permissions
Name | Description | Model |
---|---|---|
applicationName |
Application name |
string |
changeDefectStatus |
If the user can change the status of a defect in this application |
boolean |
deleteActionPlans |
If the user can delete action plan for this application |
boolean |
deleteAnalysis |
If the user can delete analysis for this application |
boolean |
deleteDeliveries |
If the user can delete deliveries for this application |
boolean |
executeAnalysis |
If the user can execute analysis for this application |
boolean |
executeDeliveries |
If the user can execute deliveries plan for this application |
boolean |
exportActionPlansJira |
If the user can export action plan to JIRA for this application |
boolean |
muteDefects |
If the user can mute defects for this application |
boolean |
override |
Indicates if override the configuration or not |
boolean |
roleName |
Name of the role assigned to user |
string |
saveActionPlans |
If the user can save action plan for this application |
boolean |
viewApplicationData |
If the user can see application data for this application |
boolean |
viewDeliveries |
If the user can see deliveries for this application |
boolean |
ApplicationResponse
Response object for Application
Name | Description | Model |
---|---|---|
applicationBusinessValue |
Application business value |
enum (VERY LOW, LOW, MEDIUM, HIGH, CRITICAL) |
applicationPortfolios |
Map of application portfolios |
< string, string > map |
applicationProvider |
Application provider |
string |
auditName |
Application audit name |
string |
creationDate |
Date of initial analysis |
string |
description |
Application description |
string |
lastSuccessfulBaseline |
last Baseline Analysis Summary |
|
lastSuccessfulDelivery |
last successful delivery |
|
name |
Application name |
string |
quality_model |
Application quality model name |
string |
ApplicationRoleData
Data object for Application Role
Name | Description | Model |
---|---|---|
name |
Application name |
string |
override |
Indicates if override the configuration or not |
boolean |
roleName |
Name of the role to assign |
string |
ApplicationsComponentsResponse
Name | Description | Model |
---|---|---|
application |
Application detail |
|
component |
Component detail |
ArtifactLicensesData
Data object for Artifact Licenses
Name | Description | Model |
---|---|---|
artifact |
Artifact name |
string |
group |
Artifact Group |
string |
language |
Artifact Language |
string |
spdxids |
List of Spdxids of licenses to associate with the artifact |
< string > array |
version |
Artifact version |
string |
AuditAnalysisResultResponse
Response object for Audit Analysis Result
Name | Description | Model |
---|---|---|
approvalThreshold |
Audit approval threshold |
number (double) |
auditName |
Audit name |
string |
checkpointResults |
List of checkpoint results |
< CheckpointResultData > array |
description |
Audit description |
string |
overallResult |
Audit overall result |
enum (OK, FAIL) |
score |
Score |
number (double) |
AuditResultResponse
Response object for Audit Result
Name | Description | Model |
---|---|---|
analysisCode |
Analysis code |
string |
creationTimestamp |
Audit creation time |
string |
label |
Audit label |
string |
metrics |
Audit metrics |
< string, number (double) > map |
passAudit |
Indicates if the audit has been passed |
boolean |
AuthorizationResponse
Response object for Authorization
Name | Description | Model |
---|---|---|
actionCode |
The action code |
string |
granted |
Indicates if the action is granted or not |
boolean |
BusinessValuePortfolioRoleData
Data object for a business value portfolio and role to assign
Name | Description | Model |
---|---|---|
portfolioValue |
Portfolio value |
string |
roleName |
Name of the role to assign |
string |
type |
Portfolio type |
enum (SYSTEM) |
CheckpointResultData
Data object for Checkpoint Result
Name | Description | Model |
---|---|---|
checkpoint |
Checkpoint |
string |
description |
Checkpont decription |
string |
mandatory |
Indicates if the checkpoint is mandatory or not |
boolean |
name |
Checkpoint name |
string |
result |
Checkpoint result |
enum (OK, FAIL) |
score |
Checkpoint score |
number (double) |
type |
Checkpoint type |
string |
violatedRules |
List of violated rules |
< ViolatedRuleResponse > array |
weight |
Weight |
integer (int32) |
ComponentDetailResponse
Response object for Component Details
Name | Description | Model |
---|---|---|
analyzed |
Analyzed |
boolean |
artifacts |
Artifacts list |
< object > array |
ccn |
Cyclomatic complexity number |
number (double) |
dn |
Name identifier description |
string |
dupCode |
Duplicated code |
number (double) |
effort |
Effort value |
number (double) |
groupedCount |
Grouped count |
integer (int32) |
grouptags |
Map of group tags |
< string, string > map |
id |
Identifier |
integer (int64) |
language |
Language |
string |
loc |
Lines of code |
number (double) |
name |
Component name |
string |
other |
Map of additional properties |
< string, object > map |
quality |
Quality indicator value |
number (double) |
tags |
Component Tags |
< object > array |
type |
Component type |
string |
ComponentSimpleRestData
Data object for Component’s basic details
Name | Description | Model |
---|---|---|
artifact |
Artifact name |
string |
custom |
If the component is custom or not |
boolean |
description |
Artifact description |
string |
id |
Component identifier |
integer (int64) |
version |
Artifact version |
string |
CustomComponentRestData
Data object for Custom Component
Name | Description | Model |
---|---|---|
artifact |
Artifact name |
string |
custom |
Confirm that current component is custom (true value) or may be public (false value) |
boolean |
date |
Component date |
string |
description |
Component description |
string |
group |
Artifact Group |
string |
language |
Artifact Language |
string |
showPublicLicenses |
If you want show licenses found by Kiuwan |
boolean |
showPublicVulnerabilities |
When custom is true if you want show public vulnerabilities found by Kiuwan |
boolean |
version |
Artifact version |
string |
CustomComponentSimpleRestData
Data object for Custom Component’s basic details
Name | Description | Model |
---|---|---|
artifact |
Artifact name |
string |
group |
Artifact Group |
string |
language |
Artifact Technology |
string |
version |
Artifact version |
string |
DatapathData
Data object for Datapath
Name | Description | Model |
---|---|---|
container |
Container |
string |
file |
Datapath file |
string |
index |
Datapath index |
integer (int32) |
indirect |
If is a indirect datapath |
boolean |
kind |
Datapath kind |
enum (assign, call, other, sink, source) |
lineNumber |
Line number |
integer (int32) |
lineText |
Line text |
string |
localId |
Local id for this vulnerability |
integer (int32) |
localParentId |
Parent id of this datapath |
integer (int32) |
varname |
Datapath tainted variable name |
string |
DefectDetailResponse
Response object for Defect Details
Name | Description | Model |
---|---|---|
characteristic |
Characteristic |
enum (Efficiency, Maintainability, Portability, Reliability, Security) |
code |
Code |
string |
cweId |
CWE identifier |
integer (int32) |
defectId |
Defect identifier |
integer (int64) |
effort |
Effort |
string |
explanation |
Defect explanation |
string |
file |
Defect file |
string |
language |
Technology (List of supported technologies in https://www.kiuwan.com/docs/display/K5/Kiuwan+Supported+Technologies) |
string |
line |
Defect line |
integer (int32) |
modelId |
Model identifier |
integer (int64) |
muted |
Indicates if the defect is muted |
boolean |
priority |
Priority |
enum (Very Low, Low, Normal, High, Very High) |
rule |
Broken rule |
string |
ruleCode |
Rule code |
string |
securityDetail |
Security detail |
|
status |
Defect status |
enum (None, To review, Reviewed) |
vulnerabilityType |
Vulnerability type (More info in https://www.kiuwan.com/docs/display/K5/Kiuwan+Vulnerability+Types) |
string |
DefectLineResponse
Response object for Defect Line
Name | Description | Model |
---|---|---|
code |
Defect code |
string |
line |
Defect line |
integer (int32) |
muted |
Indicates if the defect is muted |
boolean |
DefectNoteResponse
Response object for Defect Note
Name | Description | Model |
---|---|---|
date |
Note date |
string |
text |
Note description |
string |
user |
User name |
string |
DefectsDeltaDetailResponse
Response object for Defects Delta Detail
Name | Description | Model |
---|---|---|
Main analysis code |
Main analysis code |
string |
New defects |
New defects |
< DefectDetailResponse > array |
New defects count |
New defects count |
integer (int32) |
New violated rules count |
New violated rules count |
integer (int32) |
Previous analysis code |
Previous analysis code |
string |
Removed defects |
Removed defects |
< DefectDetailResponse > array |
Removed defects count |
Removed defects count |
integer (int32) |
Removed violated rules count |
Removed violated rules count |
integer (int32) |
count |
Number of defects in this response |
integer (int32) |
page |
Page number |
integer (int32) |
DefectsDeltaResponse
Response object for Defects Delta
Name | Description | Model |
---|---|---|
Main analysis code |
Main analysis code |
string |
New defects count |
New defects count |
integer (int32) |
New violated rules count |
New violated rules count |
integer (int32) |
Previous analysis code |
Previous analysis code |
string |
Removed defects count |
Removed defects count |
integer (int32) |
Removed violated rules count |
Removed violated rules count |
integer (int32) |
DefectsKeptInCommonDetailResponse
Response object for Defects kept in common
Name | Description | Model |
---|---|---|
atAnalysisCode |
at analysis code |
string |
count |
Number of defects in this response |
integer (int32) |
defects |
defects |
< DefectDetailResponse > array |
page |
Page number |
integer (int32) |
ruleTags |
With rules with tags |
string |
securityOnly |
Security Only rules |
boolean |
sinceAnalysisCode |
Since Analysis Code |
string |
sinceDate |
Since Date |
string |
totalDefects |
Total Defects in Common |
integer (int64) |
DeliveryDefectsData
Data object for Delivery Defects
Name | Description | Model |
---|---|---|
defects |
Total defects |
integer (int32) |
newDefects |
Number of new defects |
integer (int32) |
removedDefects |
Number of removed defects |
integer (int32) |
DeliveryFilesData
Data object for Delivery Files
Name | Description | Model |
---|---|---|
count |
Files count |
integer (int32) |
FileData
Data object for File
Name | Description | Model |
---|---|---|
defects |
Detail of defects in the file |
< DefectDetailResponse > array |
defects_count |
Number of defects in the file |
integer (int32) |
metrics |
File metrics |
< MetricValueData > array |
metrics_count |
Metrics count |
integer (int32) |
name |
File name |
string |
FileWithDefectsResponse
Response object for File with Defects
Name | Description | Model |
---|---|---|
defects |
Link to the defects line |
|
defectsCount |
Number of defects |
integer (int64) |
file |
File name |
string |
FilterData
Data object for Filter
Name | Description | Model |
---|---|---|
analyzed |
Is analyzed filter |
boolean |
contains |
Contains filter |
string |
fileName |
File name filter |
string |
groupTags |
List of group tags filter |
< GroupTagData > array |
languages |
Languages filter, comma-separated list of languages to filter by (List of supported technologies in https://www.kiuwan.com/docs/display/K5/Kiuwan+Supported+Technologies) |
string |
notContains |
Not contains filter |
string |
tags |
Tags filter, Comma-separated list of tags to filter by |
string |
types |
Types filter, comma-separated list of types to filter by |
string |
FrameData
Data object for Frame
Name | Description | Model |
---|---|---|
category |
Frame category |
string |
container |
Container |
string |
file |
Frame file |
string |
index |
Frame index |
integer (int32) |
injectionPoint |
InjectionPoint |
string |
lineNumber |
Line number |
integer (int32) |
lineText |
Line text |
string |
resource |
Resource |
string |
variableDeclaration |
Variable declaration |
string |
GlobalCounterResponse
Response object for Stats
Name | Description | Model |
---|---|---|
name |
Global counter name |
string |
value |
Global counter value |
object |
GroupTagData
Data object for Group Tag
Name | Description | Model |
---|---|---|
name |
Group tag name |
string |
value |
Group tag value |
string |
HrefData
Data object for Href
Name | Description | Model |
---|---|---|
href |
Defect link |
string |
InsightsComponentRestResponse
Response object for Component details
Name | Description | Model |
---|---|---|
artifact |
Artifact name |
string |
custom |
If the component is custom or not |
boolean |
filename |
File name |
string |
id |
Component identifier |
integer (int64) |
language |
Technology |
string |
licenseRisk |
Component license risk (high, medium, low, none, unknown) |
enum (high, medium, low, none, unknown) |
obsolescenceRisk |
Component obsolescence risk (high, medium, low, none, unknown) |
enum (high, medium, low, none, unknown) |
securityRisk |
Component security risk (high, medium, low, none, unknown) |
enum (high, medium, low, none, unknown) |
sources |
Sources list |
< SourceRootSimpleRestData > array |
version |
Artifact version |
string |
vulnerabilities |
Vulnerabilities list |
< VulnerabilityRestData > array |
LicenseRestData
Data object for License
Name | Description | Model |
---|---|---|
component |
Number of components with this license |
string |
components |
List of components with this license |
< ComponentSimpleRestData > array |
conditions |
License conditions |
string |
id |
License identifier |
integer (int64) |
license |
License name |
string |
limitations |
License limitations |
string |
permissions |
License permissions |
string |
risk |