CreateProject

This method can be used for the following functionality: Create a new Project in AttackForge

Parameters

The following URL, Headers and Parameters are required for requests to this API endpoint. Where a parameter is optional, it will be indicated. Otherwise treat all parameters as mandatory.

Headers

POST /api/ss/project HTTP/1.1
Host: demo.attackforge.com
X-SSAPI-KEY: APIKey
Content-Type: application/json
Connection: close

Query

name (string)

Name of the project.

Example:

{
   "name": "..."
}

code (string)

Project code.

Example:

{
   "code": "..."
}

groups (array of strings) (optional)

Groups to link to the project. Must match group IDs.

Example:

{
   "groups": ["64f7909963cc54000ed4ecfc"]
}

startDate (string)

Project start date. Must be UTC string e.g. 2021-06-03T23:15:33.008Z.

Example:

{
   "startDate": "2021-06-03T00:00:00.000Z"
}

endDate (string)

Project end date. Must be UTC string e.g. 2021-06-03T23:15:33.008Z.

Example:

{
   "endDate": "2021-06-03T00:00:00.000Z"
}

scoringSystem (string) (optional)

Scoring system to be used on the project. Must be either Manual or CVSSv3.1.

Example:

{
   "scoringSystem": "CVSSv3.1"
}

scope (array of strings)

Project scope / assets to be tested. Include name of asset or the asset Id if using the assets module.

Example:

{
   "scope": ["...", "...", "..."]
}

asset_library_ids (array of strings) (optional)

Asset libraries to map scope against.

Example:

{
   "asset_library_ids": ["6569608e55bc00bacc67b417", "...", "..."]
}

testsuites (array of strings)

Testsuites to assign to the project. Must match exact testsuite names.

Example:

{
   "testsuites": ["...", "...", "..."]
}

organization_code (string) (optional)

Project organization code.

Example:

{   
    "organization_code": "..."
}

vulnerability_code (string) (optional)

Vulnerability code for user friendly vulnerability ids. Must be unique per project, 3-8 characters in length.

Example:

{   
    "vulnerability_code": "..."
}

team_notifications (array of strings) (optional)

Project team notifications. Must include one or more of the following: critical, high, medium, low, info, retest, reopened, closed

Example:

{   
    "team_notifications": ["..."]
}

admin_notifications (array of strings) (optional)

Admin notifications. Must include one or more of the following: retest, reopened, closed

Example:

{   
    "admin_notifications": ["..."]
}

start_stop_testing_email (string) (optional)

Email body for daily start & stop testing notifications.

Example:

{   
    "start_stop_testing_email": "..."
}

start_stop_testing_email_additional_recipients (array of strings) (optional)

Additional email recipients for daily start & stop testing notifications. Must be a list of email addresses.

Example:

{   
    "start_stop_testing_email_additional_recipients": ["..."]
}

new_vulnerability_email_type (string) (optional)

Individual or Grouped emails to be sent for new vulnerabilities. Must include one of the following: individual, group. If not specified, default option is individual

Example:

{   
    "new_vulnerability_email_type": "group"
}

new_vulnerability_email (string) (optional)

Email body for new vulnerability discovered notifications.

Example:

{   
    "new_vulnerability_email": "..."
}

new_vulnerability_email_additional_recipients (array of strings) (optional)

Additional email recipients for new vulnerability discovered notifications. Must be a list of email addresses.

Example:

{   
    "new_vulnerability_email_additional_recipients": ["..."]
}

forced_emails (array of strings) (optional)

Force emails to project team. Must include one or more of the following: all_emails, daily_start_stop_testing, new_critical_vulnerability, new_high_vulnerability, new_medium_vulnerability, new_low_vulnerability, new_info_vulnerability, vulnerability_ready_for_retesting, vulnerability_reopened, vulnerability_closed, project_role_updated, project_hold, retest_completed

Example:

{   
    "forced_emails": ["..."]
}

sla_activation (string) (optional)

Apply vulnerability SLAs automatically or manually. Must be either "automatic" or "manual". Automatic is default.

Example:

{   
    "sla_activation": "..."
}

custom_fields (array of objects) (optional)

Custom fields. Must include a key and value. Key must be unique and letters, number and underscores only.

For more information visit https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms#using-custom-fields-with-apis

Example:

{   
    "custom_fields": [{"key": "...", "value": "..."}]
}

portfolio_streams (array of objects) (optional)

Enter a list of Portfolio & Stream Ids to link this project to. Stream must be part of the Portfolio.

Example:

{   
   "portfolio_streams": [
      {
        "portfolioId": "...", 
        "streamId": "..."
      }
   ]
}

features (object) (optional)

Configure features on the project. Roles must be either client, consultant or librarymod. Minimum Project Access Level must be either View, Upload or Edit.

Example:

{   
   "features": {
      "attack_chains": {
         "enabled": true,
         "access": {
            "roles": [
               "client",
               "consultant",
               "librarymod"
            ],
            "project_access_level": "View"
         }
      },
      "reporting": {
         "enabled": true,
         "access": {
            "roles": [
               "client",
               "consultant",
               "librarymod"
            ],
            "project_access_level": "View"
         }
      },
      "retesting": {
         "enabled": true,
         "access": {
            "roles": [
               "client",
               "consultant",
               "librarymod"
            ],
            "project_access_level": "View"
         }
      },
      "testcases": {
         "access": {
            "roles": [
               "client",
               "consultant",
               "librarymod"
            ],
            "project_access_level": "View"
         }
      }
   }
}

pages (object) (optional)

Configure pages on the project. Roles must be either client, consultant or librarymod. Project Access Level must be either View, Upload or Edit.

Example:

{   
   "pages": {
      "summary": {
         "enabled": true,
         "access": {
            "view_project_access_levels": [
               "View",
               "Upload",
               "Edit"
            ],
            "view_roles": [
               "client",
               "consultant",
               "librarymod"
            ],
            "upload_project_access_levels": [
               "View",
               "Upload",
               "Edit"
            ],
            "upload_roles": [
               "client",
               "consultant",
               "librarymod"
            ],
            "edit_project_access_levels": [
               "View",
               "Upload",
               "Edit"
            ],
            "edit_roles": [
               "client",
               "consultant",
               "librarymod"
            ]
         }
      }
   }
}

Example

The following example is a cURL request to create a new project.

Request

Include API Token instead of stars in 'X-SSAPI-KEY: ***************************************' parameter.

curl -X POST 'https://localhost:3000/api/ss/project' -H 'Host: localhost:3000' -H 'X-SSAPI-KEY: ***************************************' -H 'Content-Type: application/json' -H 'Connection: close' -d '{
  "name": "ACME Digital Web App Pentest",
  "code": "DEMO9999",
  "groups": ["64f7909963cc54000ed4ecfc"],
  "startDate": "2021-06-03T00:00:00.000Z",
  "endDate": "2021-06-04T00:00:00.000Z",
  "scope": ["test.com", "192.168.0.1"],
  "testsuites": ["ASVS Level 2 Web Application", "OSSTMM v3.0 Infrastructure"],
  "scoringSystem": "CVSSv3.1",
  "organization_code": "GLOBEX123",
  "vulnerability_code": "VULN123",
  "team_notifications": ["critical", "high"],
  "admin_notifications": ["retest", "reopened"],
  "start_stop_testing_email": "Hi {firstName},..",
  "start_stop_testing_email_additional_recipients": ["batman@attackforge.com", "robin@attackforge.com"],
  "new_vulnerability_email_type": "individual",
  "new_vulnerability_email": "Hi {firstName},..",
  "new_vulnerability_email_additional_recipients": ["soc@attackforge.com"],
  "forced_emails": ["new_critical_vulnerability", "new_high_vulnerability"],
  "sla_activation": "automatic",
  "custom_fields": [{"key": "customer_name", "value": "WAYNE TECHNOLOGIES."}]
}'

Response

Response contains a project object.

{
  "project": {
    "id": "...",
    "name": "...",
    "code": "...",
    "organization_code": "...",
    "vulnerability_code": "..."
    "groups": [
      {
        "id": "...",
        "name": "..." 
      }
    ],
    "isOnHold": "...",
    "startDate": "...",
    "endDate": "...",
    "scoring_system": "...",
    "team_notifications": [
      "..."
    ],
    "admin_notifications": [
      "..."
    ],
    "start_stop_testing_email": "...",
    "start_stop_testing_email_additional_recipients": [
      "..."
    ],
    "new_vulnerability_email_type": "...",
    "new_vulnerability_email": "...",
    "new_vulnerability_email_additional_recipients": [
      "..."
    ],
    "forced_emails": [
      "..."
    ],
    "sla_activation": "...",
    "created": "...",
    "last_updated": "...",
    "custom_fields": [
      {
        "key": "...", 
        "value": "...", 
        "type": "Tag/Field"
      }
    ],
    "streams": [
      {
        "id": "...",
        "name": "...",
        "stream_portfolios": [
          {
            "id": "...",
            "name": "...",
          }
        ]
      }
    ],
    "features": {
      "attack_chains": {
        "access": {
          "project_access_level": "...",
          "roles": [
            "..."
          ]
        },
        "enabled": true
      },
      "reporting": {
        "access": {
          "project_access_level": "...",
          "roles": [
            "..."
          ]
        },
        "enabled": true
      },
      "retesting": {
        "access": {
          "project_access_level": "...",
          "roles": [
            "..."
          ]
        },
        "enabled": true
      },
      "testcases": {
        "access": {
          "project_access_level": "...",
          "roles": [
            "..."
          ]
        }
      }
    },
    "pages": {
      "summary": {
        "access": {
          "edit_project_access_levels": [
            "..."
          ],
          "edit_roles": [
            "..."
          ],
          "upload_project_access_levels": [
            "..."
          ],
          "upload_roles": [
            "..."
          ],
          "view_project_access_levels": [
            "..."
          ],
          "view_roles": [
            "..."
          ]
        },
        "enabled": true
      }
    }
  }
}

Last updated

Check YouTube for more tutorials: https://youtube.com/@attackforge