# CloneProject ## Parameters The following URL, Headers and Parameters are required for requests to this API endpoint. Where a parameter is optional, it will be indicated. Otherwise treat all parameters as *mandatory*. ### Headers ``` POST /api/ss/project/:id/clone HTTP/1.1 Host: localhost:3000 X-SSAPI-KEY: APIKey Content-Type: application/json Connection: close ``` ### Query **id (*****string*****)** Id of the project you are cloning from. You must have access to this project. Example: ``` POST /api/ss/project/5e5cbecee365f1003f3b20b8/clone HTTP/1.1 ``` **name (*****string*****) (*****optional*****)** Name of the project. Will default to the cloned project name if not supplied. Example: ``` { "name": "..." } ``` **code (*****string*****) (*****optional*****)** Project code. Will default to the cloned project code if not supplied. Example: ``` { "code": "..." } ``` **groups (*****array of strings*****) (*****optional*****)** Groups to link to the project. Must match exact group names or ids. Will default to the cloned project groups if not supplied. Supply an empty list - \[] - to link to no groups. Example: ``` { "groups": ["...", "...", "..."] } ``` **startDate (*****string*****)** Project start date. Must be UTC string e.g. 2021-06-03T23:15:33.008Z. Example: ``` { "startDate": "2021-06-03T00:00:00.000Z" } ``` **endDate (*****string*****)** Project end date. Must be UTC string e.g. 2021-06-03T23:15:33.008Z. Example: ``` { "endDate": "2021-06-03T00:00:00.000Z" } ``` **scoringSystem (*****string*****) (*****optional*****)** Scoring system to be used on the project. Must be either *Manual* or *CVSSv3.1*. Will default to the cloned project scoring system if not supplied. Example: ``` { "scoringSystem": "CVSSv3.1" } ``` **scope (*****array of strings*****) (*****optional*****)** Project scope / assets to be tested. Include name of asset or the asset Id if using the assets module. Will default to the cloned project scope if not supplied. Example: ``` { "scope": ["...", "...", "..."] } ``` **asset\_library\_ids (*****array of strings*****) (*****optional*****)** Asset libraries to map scope against. Only applicable if creating new assets. Example: ``` { "asset_library_ids": ["6569608e55bc00bacc67b417", "...", "..."] } ``` **testsuites (*****array of strings*****) (*****optional*****)** Test suites to assign to the project. Must match exact testsuite names or ids. Will default to the cloned project test suites if not supplied. Example: ``` { "testsuites": ["...", "...", "..."] } ``` **organization\_code (*****string*****) (*****optional*****)** Project organization code. Will default to the cloned project organization code if not supplied. Supply an empty string - "" - to assign no organization code. Example: ``` { "organization_code": "..." } ``` **vulnerability\_code (*****string*****) (*****optional*****)** Vulnerability code for user friendly vulnerability ids. Must be unique per project, 3-8 characters in length. Example: ``` { "vulnerability_code": "..." } ``` **team\_notifications (*****array of strings*****) (*****optional*****)** Project team notifications. Must include one or more of the following: *critical*, *high*, *medium*, *low*, *info*, *retest*, *reopened*, *closed*. Will default to the cloned project team notifications if not supplied. Supply an empty list - \[] - to set no project team notifications. Example: ``` { "team_notifications": ["..."] } ``` **admin\_notifications (*****array of strings*****) (*****optional*****)** Admin notifications. Must include one or more of the following: *retest*, *reopened*, *closed*. Will default to the cloned project admin notifications if not supplied. Supply an empty list - \[] - to set no admin notifications. Example: ``` { "admin_notifications": ["..."] } ``` **start\_stop\_testing\_email (*****string*****) (*****optional*****)** Email body for daily start & stop testing notifications. Will default to the cloned project email body for daily start & stop testing notifications if not supplied. Example: ``` { "start_stop_testing_email": "..." } ``` **start\_stop\_testing\_email\_additional\_recipients (*****array of strings*****) (*****optional*****)** Additional email recipients for daily start & stop testing notifications. Must be a list of email addresses. Will default to the cloned project additional email recipients for daily start & stop testing notifications if not supplied. Supply an empty list - \[] - to set no additional email recipients for daily start & stop testing notifications. Example: ``` { "start_stop_testing_email_additional_recipients": ["..."] } ``` **new\_vulnerability\_email\_type (*****string*****) (*****optional*****)** Individual or Grouped emails to be sent for new vulnerabilities. Must include one of the following: *individual*, *group*. Will default to the cloned project new vulnerability email type if not supplied. Example: ``` { "new_vulnerability_email_type": "group" } ``` **new\_vulnerability\_email (*****string*****) (*****optional*****)** Email body for new vulnerability discovered notifications. Will default to the cloned project email body for new vulnerability discovered notifications if not supplied. Example: ``` { "new_vulnerability_email": "..." } ``` **new\_vulnerability\_email\_additional\_recipients (*****array of strings*****) (*****optional*****)** Additional email recipients for new vulnerability discovered notifications. Must be a list of email addresses. Will default to the cloned project additional email recipients for new vulnerability discovered notifications if not supplied. Supply an empty list - \[] - to set no additional email recipients for new vulnerability discovered notifications. Example: ``` { "new_vulnerability_email_additional_recipients": ["..."] } ``` **forced\_emails (*****array of strings*****) (*****optional*****)** Force emails to project team. Must include one or more of the following: *all\_emails*, *daily\_start\_stop\_testing*, *new\_critical\_vulnerability*, *new\_high\_vulnerability*, *new\_medium\_vulnerability*, *new\_low\_vulnerability*, *new\_info\_vulnerability*, *vulnerability\_ready\_for\_retesting*, *vulnerability\_reopened*, *vulnerability\_closed*, *project\_role\_updated*, *project\_hold*, *retest\_completed*. Will default to the cloned project forced emails if not supplied. Supply an empty list - \[] - to set no forced emails. Example: ``` { "forced_emails": ["..."] } ``` **sla\_activation (*****string*****) (*****optional*****)** Apply vulnerability SLAs automatically or manually. Must be either "automatic" or "manual". Will default to the cloned project SLA activation option if not supplied. Example: ``` { "sla_activation": "..." } ``` **custom\_fields (*****array of objects*****) (*****optional*****)** Custom fields. Must include a key and value. Key must be unique and letters, numbers and underscores only. Will default to the cloned project custom fields if not supplied. Supply an empty list - \[] - to set no custom fields. For more information visit Example: ``` { "custom_fields": [ { "key": "...", "value": "..." } ] } ``` **portfolio\_streams (*****array of objects*****) (*****optional*****)** Enter a list of Portfolio & Stream Ids to link this project to. Stream must be part of the Portfolio. Will default to the cloned project linked portfolio streams if not supplied. Supply an empty list - \[] - to set no linked portfolio streams. Example: ``` { "portfolio_streams": [ { "portfolioId": "...", "streamId": "..." } ] } ``` **features (*****object*****) (*****optional*****)** Configure features on the project. Roles must be either client, consultant or librarymod. Minimum Project Access Level must be either View, Upload or Edit. Example: ``` { "features": { "attack_chains": { "enabled": true, "access": { "roles": [ "client", "consultant", "librarymod" ], "project_access_level": "View" } }, "reporting": { "enabled": true, "access": { "roles": [ "client", "consultant", "librarymod" ], "project_access_level": "View" } }, "retesting": { "enabled": true, "access": { "roles": [ "client", "consultant", "librarymod" ], "project_access_level": "View" } }, "testcases": { "access": { "roles": [ "client", "consultant", "librarymod" ], "project_access_level": "View" } } } } ``` **pages (*****object*****) (*****optional*****)** Configure pages on the project. Roles must be either client, consultant or librarymod. Project Access Level must be either View, Upload or Edit. Example: ``` { "pages": { "summary": { "enabled": true, "access": { "view_project_access_levels": [ "View", "Upload", "Edit" ], "view_roles": [ "client", "consultant", "librarymod" ], "upload_project_access_levels": [ "View", "Upload", "Edit" ], "upload_roles": [ "client", "consultant", "librarymod" ], "edit_project_access_levels": [ "View", "Upload", "Edit" ], "edit_roles": [ "client", "consultant", "librarymod" ] } } } } ``` **link\_vulnerabilities (*****object*****) (*****optional*****)** Link vulnerabilities from the cloned project to the new project. You can select vulnerabilities by their remediation status, priority or by providing their ids. Each option will stack i.e. open:true is all open vulnerabilities, open:true + critical:true is all open critical vulnerabilities. Example: ``` { "link_vulnerabilities": { "all": false, "open": true, "ready_for_retest": true, "closed": false, "critical": false, "high": false, "medium": false, "low": false, "info": false, "vulnerability_ids": [ "..." ] } } ``` **options (*****object*****) (*****optional*****)** Cloning options. Example: ``` { "options": { "clone_executive_summary": false, "clone_project_notes": true, "clone_project_workspace": true } } ``` ## Example The following example is a cURL request to clone a new project. ### Request Include API Token instead of stars in 'X-SSAPI-KEY: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*' parameter. ``` curl -X POST 'https://localhost:3000/api/ss/project/635f8f6640b0ab0c371284ba/clone' -H 'Host: localhost:3000' -H 'X-SSAPI-KEY: ***************************************' -H 'Content-Type: application/json' -H 'Connection: close' -d '{ "name": "ACME Digital Web App Pentest", "code": "DEMO9999", "groups": ["ACME Corp Digital Team"], "startDate": "2021-06-03T00:00:00.000Z", "endDate": "2021-06-04T00:00:00.000Z", "scope": ["test.com", "192.168.0.1"], "testsuites": ["ASVS Level 2 Web Application", "OSSTMM v3.0 Infrastructure"], "scoringSystem": "CVSSv3.1", "organization_code": "GLOBEX123", "vulnerability_code": "VULN123", "team_notifications": ["critical", "high"], "admin_notifications": ["retest", "reopened"], "start_stop_testing_email": "Hi {firstName},..", "start_stop_testing_email_additional_recipients": ["batman@attackforge.com", "robin@attackforge.com"], "new_vulnerability_email_type": "individual", "new_vulnerability_email": "Hi {firstName},..", "new_vulnerability_email_additional_recipients": ["soc@attackforge.com"], "forced_emails": ["new_critical_vulnerability", "new_high_vulnerability"], "sla_activation": "automatic", "custom_fields": [{"key": "customer_name", "value": "WAYNE TECHNOLOGIES."}], "link_vulnerabilities": { "open": true, "ready_for_retest": true, "critical": true, "high": true }, "options": { "clone_executive_summary": false, "clone_project_notes": true, "clone_project_workspace": true } }' ``` ### Response Response contains a project object. ``` { "project": { "id": "...", "name": "...", "code": "...", "organization_code": "...", "vulnerability_code": "..." "groups": [ { "id": "...", "name": "..." } ], "isOnHold": "...", "startDate": "...", "endDate": "...", "scoring_system": "...", "team_notifications": [ "..." ], "admin_notifications": [ "..." ], "start_stop_testing_email": "...", "start_stop_testing_email_additional_recipients": [ "..." ], "new_vulnerability_email_type": "...", "new_vulnerability_email": "...", "new_vulnerability_email_additional_recipients": [ "..." ], "forced_emails": [ "..." ], "sla_activation": "...", "created": "...", "last_updated": "...", "custom_fields": [ { "key": "...", "value": "...", "type": "Tag/Field" } ], "streams": [ { "id": "...", "name": "...", "stream_portfolios": [ { "id": "...", "name": "...", } ] } ], "features": { "attack_chains": { "access": { "project_access_level": "...", "roles": [ "..." ] }, "enabled": true }, "reporting": { "access": { "project_access_level": "...", "roles": [ "..." ] }, "enabled": true }, "retesting": { "access": { "project_access_level": "...", "roles": [ "..." ] }, "enabled": true }, "testcases": { "access": { "project_access_level": "...", "roles": [ "..." ] } } }, "pages": { "summary": { "access": { "edit_project_access_levels": [ "..." ], "edit_roles": [ "..." ], "upload_project_access_levels": [ "..." ], "upload_roles": [ "..." ], "view_project_access_levels": [ "..." ], "view_roles": [ "..." ] }, "enabled": true } } } } ```