CloneProject

This method can be used for the following: Create a new project from an existing project you have Edit access to.

Parameters

The following URL, Headers and Parameters are required for requests to this API endpoint. Where a parameter is optional, it will be indicated. Otherwise treat all parameters as mandatory.

Headers

POST /api/ss/project/:id/clone HTTP/1.1
Host: localhost:3000
X-SSAPI-KEY: APIKey
Content-Type: application/json
Connection: close

Query

id (string)

Id of the project you are cloning from. You must have access to this project.

Example:

POST /api/ss/project/5e5cbecee365f1003f3b20b8/clone HTTP/1.1

name (string) (optional)

Name of the project. Will default to the cloned project name if not supplied.

Example:

{   
    "name": "..."
}

code (string) (optional)

Project code. Will default to the cloned project code if not supplied.

Example:

{   
    "code": "..."
}

groups (array of strings) (optional)

Groups to link to the project. Must match exact group names or ids. Will default to the cloned project groups if not supplied. Supply an empty list - [] - to link to no groups.

Example:

{   
    "groups": ["...", "...", "..."]
}

startDate (string)

Project start date. Must be UTC string e.g. 2021-06-03T23:15:33.008Z.

Example:

{   
    "startDate": "2021-06-03T00:00:00.000Z"
}

endDate (string)

Project end date. Must be UTC string e.g. 2021-06-03T23:15:33.008Z.

Example:

{   
    "endDate": "2021-06-03T00:00:00.000Z"
}

scoringSystem (string) (optional)

Scoring system to be used on the project. Must be either Manual or CVSSv3.1. Will default to the cloned project scoring system if not supplied.

Example:

{   
    "scoringSystem": "CVSSv3.1"
}

scope (array of strings) (optional)

Project scope / assets to be tested. Include name of asset or the asset Id if using the assets module. Will default to the cloned project scope if not supplied.

Example:

{   
    "scope": ["...", "...", "..."]
}

asset_library_ids (array of strings) (optional)

Asset libraries to map scope against. Only applicable if creating new assets.

Example:

{
   "asset_library_ids": ["6569608e55bc00bacc67b417", "...", "..."]
}

testsuites (array of strings) (optional)

Test suites to assign to the project. Must match exact testsuite names or ids. Will default to the cloned project test suites if not supplied.

Example:

{   
    "testsuites": ["...", "...", "..."]
}

organization_code (string) (optional)

Project organization code. Will default to the cloned project organization code if not supplied. Supply an empty string - "" - to assign no organization code.

Example:

{   
    "organization_code": "..."
}

vulnerability_code (string) (optional)

Vulnerability code for user friendly vulnerability ids. Must be unique per project, 3-8 characters in length.

Example:

{   
    "vulnerability_code": "..."
}

team_notifications (array of strings) (optional)

Project team notifications. Must include one or more of the following: critical, high, medium, low, info, retest, reopened, closed. Will default to the cloned project team notifications if not supplied. Supply an empty list - [] - to set no project team notifications.

Example:

{   
    "team_notifications": ["..."]
}

admin_notifications (array of strings) (optional)

Admin notifications. Must include one or more of the following: retest, reopened, closed. Will default to the cloned project admin notifications if not supplied. Supply an empty list - [] - to set no admin notifications.

Example:

{   
    "admin_notifications": ["..."]
}

start_stop_testing_email (string) (optional)

Email body for daily start & stop testing notifications. Will default to the cloned project email body for daily start & stop testing notifications if not supplied.

Example:

{   
    "start_stop_testing_email": "..."
}

start_stop_testing_email_additional_recipients (array of strings) (optional)

Additional email recipients for daily start & stop testing notifications. Must be a list of email addresses. Will default to the cloned project additional email recipients for daily start & stop testing notifications if not supplied. Supply an empty list - [] - to set no additional email recipients for daily start & stop testing notifications.

Example:

{   
    "start_stop_testing_email_additional_recipients": ["..."]
}

new_vulnerability_email_type (string) (optional)

Individual or Grouped emails to be sent for new vulnerabilities. Must include one of the following: individual, group. Will default to the cloned project new vulnerability email type if not supplied.

Example:

{   
    "new_vulnerability_email_type": "group"
}

new_vulnerability_email (string) (optional)

Email body for new vulnerability discovered notifications. Will default to the cloned project email body for new vulnerability discovered notifications if not supplied.

Example:

{   
    "new_vulnerability_email": "..."
}

new_vulnerability_email_additional_recipients (array of strings) (optional)

Additional email recipients for new vulnerability discovered notifications. Must be a list of email addresses. Will default to the cloned project additional email recipients for new vulnerability discovered notifications if not supplied. Supply an empty list - [] - to set no additional email recipients for new vulnerability discovered notifications.

Example:

{   
    "new_vulnerability_email_additional_recipients": ["..."]
}

forced_emails (array of strings) (optional)

Force emails to project team. Must include one or more of the following: all_emails, daily_start_stop_testing, new_critical_vulnerability, new_high_vulnerability, new_medium_vulnerability, new_low_vulnerability, new_info_vulnerability, vulnerability_ready_for_retesting, vulnerability_reopened, vulnerability_closed, project_role_updated, project_hold, retest_completed. Will default to the cloned project forced emails if not supplied. Supply an empty list - [] - to set no forced emails.

Example:

{   
    "forced_emails": ["..."]
}

sla_activation (string) (optional)

Apply vulnerability SLAs automatically or manually. Must be either "automatic" or "manual". Will default to the cloned project SLA activation option if not supplied.

Example:

{   
    "sla_activation": "..."
}

custom_fields (array of objects) (optional)

Custom fields. Must include a key and value. Key must be unique and letters, numbers and underscores only. Will default to the cloned project custom fields if not supplied. Supply an empty list - [] - to set no custom fields.

For more information visit https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms#using-custom-fields-with-apis

Example:

{   
    "custom_fields": [
        {
            "key": "...", 
            "value": "..."
        }
    ]
}

portfolio_streams (array of objects) (optional)

Enter a list of Portfolio & Stream Ids to link this project to. Stream must be part of the Portfolio. Will default to the cloned project linked portfolio streams if not supplied. Supply an empty list - [] - to set no linked portfolio streams.

Example:

{   
  "portfolio_streams": [
      {
        "portfolioId": "...", 
        "streamId": "..."
      }
   ]
}

features (object) (optional)

Configure features on the project. Roles must be either client, consultant or librarymod. Minimum Project Access Level must be either View, Upload or Edit.

Example:

{   
   "features": {
      "attack_chains": {
         "enabled": true,
         "access": {
            "roles": [
               "client",
               "consultant",
               "librarymod"
            ],
            "project_access_level": "View"
         }
      },
      "reporting": {
         "enabled": true,
         "access": {
            "roles": [
               "client",
               "consultant",
               "librarymod"
            ],
            "project_access_level": "View"
         }
      },
      "retesting": {
         "enabled": true,
         "access": {
            "roles": [
               "client",
               "consultant",
               "librarymod"
            ],
            "project_access_level": "View"
         }
      },
      "testcases": {
         "access": {
            "roles": [
               "client",
               "consultant",
               "librarymod"
            ],
            "project_access_level": "View"
         }
      }
   }
}

pages (object) (optional)

Configure pages on the project. Roles must be either client, consultant or librarymod. Project Access Level must be either View, Upload or Edit.

Example:

{   
   "pages": {
      "summary": {
         "enabled": true,
         "access": {
            "view_project_access_levels": [
               "View",
               "Upload",
               "Edit"
            ],
            "view_roles": [
               "client",
               "consultant",
               "librarymod"
            ],
            "upload_project_access_levels": [
               "View",
               "Upload",
               "Edit"
            ],
            "upload_roles": [
               "client",
               "consultant",
               "librarymod"
            ],
            "edit_project_access_levels": [
               "View",
               "Upload",
               "Edit"
            ],
            "edit_roles": [
               "client",
               "consultant",
               "librarymod"
            ]
         }
      }
   }
}

link_vulnerabilities (object) (optional)

Link vulnerabilities from the cloned project to the new project. You can select vulnerabilities by their remediation status, priority or by providing their ids. Each option will stack i.e. open:true is all open vulnerabilities, open:true + critical:true is all open critical vulnerabilities.

Example:

{
  "link_vulnerabilities": {
    "all": false,
    "open": true,
    "ready_for_retest": true,
    "closed": false,
    "critical": false,
    "high": false,
    "medium": false,
    "low": false,
    "info": false,
    "vulnerability_ids": [
      "..."
    ]
  }
}

options (object) (optional)

Cloning options.

Example:

{
  "options": {
    "clone_executive_summary": false,
    "clone_project_notes": true,
    "clone_project_workspace": true
  }
}

Example

The following example is a cURL request to clone a new project.

Request

Include API Token instead of stars in 'X-SSAPI-KEY: ***************************************' parameter.

curl -X POST 'https://localhost:3000/api/ss/project/635f8f6640b0ab0c371284ba/clone' -H 'Host: localhost:3000' -H 'X-SSAPI-KEY: ***************************************' -H 'Content-Type: application/json' -H 'Connection: close' -d '{
  "name": "ACME Digital Web App Pentest",
  "code": "DEMO9999",
  "groups": ["ACME Corp Digital Team"],
  "startDate": "2021-06-03T00:00:00.000Z",
  "endDate": "2021-06-04T00:00:00.000Z",
  "scope": ["test.com", "192.168.0.1"],
  "testsuites": ["ASVS Level 2 Web Application", "OSSTMM v3.0 Infrastructure"],
  "scoringSystem": "CVSSv3.1",
  "organization_code": "GLOBEX123",
  "vulnerability_code": "VULN123",
  "team_notifications": ["critical", "high"],
  "admin_notifications": ["retest", "reopened"],
  "start_stop_testing_email": "Hi {firstName},..",
  "start_stop_testing_email_additional_recipients": ["batman@attackforge.com", "robin@attackforge.com"],
  "new_vulnerability_email_type": "individual",
  "new_vulnerability_email": "Hi {firstName},..",
  "new_vulnerability_email_additional_recipients": ["soc@attackforge.com"],
  "forced_emails": ["new_critical_vulnerability", "new_high_vulnerability"],
  "sla_activation": "automatic",
  "custom_fields": [{"key": "customer_name", "value": "WAYNE TECHNOLOGIES."}],
  "link_vulnerabilities": {
    "open": true,
    "ready_for_retest": true,
    "critical": true,
    "high": true
  },
  "options": {
    "clone_executive_summary": false,
    "clone_project_notes": true,
    "clone_project_workspace": true
  }
}'

Response

Response contains a project object.

{
  "project": {
    "id": "...",
    "name": "...",
    "code": "...",
    "organization_code": "...",
    "vulnerability_code": "..."
    "groups": [
      {
        "id": "...",
        "name": "..." 
      }
    ],
    "isOnHold": "...",
    "startDate": "...",
    "endDate": "...",
    "scoring_system": "...",
    "team_notifications": [
      "..."
    ],
    "admin_notifications": [
      "..."
    ],
    "start_stop_testing_email": "...",
    "start_stop_testing_email_additional_recipients": [
      "..."
    ],
    "new_vulnerability_email_type": "...",
    "new_vulnerability_email": "...",
    "new_vulnerability_email_additional_recipients": [
      "..."
    ],
    "forced_emails": [
      "..."
    ],
    "sla_activation": "...",
    "created": "...",
    "last_updated": "...",
    "custom_fields": [
      {
        "key": "...", 
        "value": "...", 
        "type": "Tag/Field"
      }
    ],
    "streams": [
      {
        "id": "...",
        "name": "...",
        "stream_portfolios": [
          {
            "id": "...",
            "name": "...",
          }
        ]
      }
    ],
    "features": {
      "attack_chains": {
        "access": {
          "project_access_level": "...",
          "roles": [
            "..."
          ]
        },
        "enabled": true
      },
      "reporting": {
        "access": {
          "project_access_level": "...",
          "roles": [
            "..."
          ]
        },
        "enabled": true
      },
      "retesting": {
        "access": {
          "project_access_level": "...",
          "roles": [
            "..."
          ]
        },
        "enabled": true
      },
      "testcases": {
        "access": {
          "project_access_level": "...",
          "roles": [
            "..."
          ]
        }
      }
    },
    "pages": {
      "summary": {
        "access": {
          "edit_project_access_levels": [
            "..."
          ],
          "edit_roles": [
            "..."
          ],
          "upload_project_access_levels": [
            "..."
          ],
          "upload_roles": [
            "..."
          ],
          "view_project_access_levels": [
            "..."
          ],
          "view_roles": [
            "..."
          ]
        },
        "enabled": true
      }
    }
  }
}

Last updated

Check YouTube for more tutorials: https://youtube.com/@attackforge