Parameters
The following URL, Headers and Parameters are required for requests to this API endpoint. Where a parameter is optional, it will be indicated. Otherwise treat all parameters as mandatory.
Copy POST /api/ss/vulnerability-with-library HTTP/1.1
Host: demo.attackforge.com
X-SSAPI-KEY: APIKey
Content-Type: application/json
Connection: close Query
projectId (string)
Identifier for the project.
Example:
Copy {
"projectId": "656158c0965172000f9119e8"
} vulnerabilityLibraryId (string)
Identifier for the writeup.
Example:
Copy {
"vulnerabilityLibraryId": "656158c0965172000f9119a8"
} library ( string ) ( optional )
Search this library when matching vulnerabilityLibraryId. Must be either "Imported Vulnerabilities", "Main Vulnerabilities", "Project Vulnerabilities" or key for a custom library (if custom libraries are used). Default is Main Vulnerabilities Library.
Example:
Copy {
"library": "Imported Vulnerabilities"
} created (string) (optional)
Overwrite the created timestamp for the vulnerability. Must be UTC string e.g. 2021-06-03T23:15:33.008Z.
Example:
Copy {
"created": "2021-06-03T23:15:33.008Z"
} asset_library_ids ( array of strings ) ( optional )
Asset libraries to map affected asset(s) against.
Example:
Copy {
"asset_library_ids": ["6569608e55bc00bacc67b417", "...", "..."]
} affected_asset_id (string) ( optional )
Id of the affected asset.
Example:
Copy {
"affected_asset_id": "..."
} affected_asset_name (string) ( optional )
Name of the affected asset.
Example:
Copy {
"affected_asset_name": "..."
} affected_assets (array of objects) (optional)
Assign multiple assets to vulnerability.
Example:
Copy [
{
"assetId": "...",
"assetName": "...",
"notes": [
"..."
],
"tags": [
"..."
],
"actioned": false,
"components": [
{
"name": "...",
"notes": [
"..."
],
"tags": [
"..."
]
}
]
}
] priority (string)
Priority for the vulnerability. Must be one of the following: Critical, High, Medium, Low, Info
Example:
Copy {
"priority": "Critical"
} likelihood_of_exploitation (number)
Likelihood of Exploitation for the vulnerability. Must be a number between 1 to 10.
Example:
Copy {
"likelihood_of_exploitation": 10
} steps_to_reproduce (string)
Steps to Reproduce the vulnerability (POC).
Example:
Copy {
"steps_to_reproduce": "..."
} tags (array of strings) (optional)
Tags for the vulnerability.
Example:
Copy {
"tags": ["...", "...", "..."]
} notes (array of objects) (optional)
Notes for the vulnerability. Type is optional. Type must be either PLAINTEXT or RICHTEXT.
Example:
Copy {
"notes": [
{
"note": "Lorem ipsum..",
"type": "PLAINTEXT"
}
]
} is_zeroday (boolean) (optional)
Whether vulnerability is a zeroday (0-day) or not.
Example:
Copy {
"is_zeroday": true
} is_visible (boolean) (optional)
Whether vulnerability is visible to the project team (true) or only team members with Edit access (false).
Example:
Copy {
"is_visible": true
} linked_testcases (array of strings) (optional)
Test case Ids to link to the vulnerability.
Example:
Copy {
"linked_testcases": ["..."]
} custom_fields ( array of objects ) ( optional )
Custom fields. Must include a key and value. Key must be unique and letters, numbers and underscores only.
Example:
Copy { "custom_fields": [{"key": "...", "value": "..."}]} custom_tags ( array of objects ) ( optional )
Custom tags. Must include a name and value. Name must be unique and letters, number and underscores only.
Example:
Copy {
"custom_tags": [{"name": "...", "value": "..."}]
} Example
The following example is a cURL request to create a vulnerability on a project by the project identifier (Id) and an issue from the Vulnerability Library by its identifier (Id).
Request
Include API Token instead of stars in 'X-SSAPI-KEY: ***************************************' parameter.
Copy curl -X POST 'https://demo.attackforge.com/api/ss/vulnerability-with-library' -H 'Host: demo.attackforge.com' -H 'X-SSAPI-KEY: ***************************************' -H 'Content-Type: application/json' -H 'Connection: close' -d '{
"projectId": "5f9741cc06ef2708b4a0c4c5",
"vulnerabilityLibraryId": "203858903055049",
"library": "Imported Vulnerabilities",
"affected_asset_name": "AttackForge.com",
"priority": "Critical",
"likelihood_of_exploitation": 10,
"steps_to_reproduce": "Lorem Ipsum...",
"tags": ["CWE-89", "Injection"],
"notes": [
{
"note": "Lorem ipsum..",
"type": "PLAINTEXT"
}
],
"is_zeroday": false,
"is_visible": true,
"custom_fields": [{"key": "vuln_external_id", "value": "VULN123"}],
"linked_testcases": ["66845d85d427ba0010d0681b"],
"custom_tags": [{"name": "ext_vuln_score", "value": "HIGH"}]
}' Response
Response contains a vulnerability object.
Copy {
"vulnerability": {
"vulnerability_id": "...",
"vulnerability_created": "...",
"vulnerability_modified": "...",
"vulnerability_title": "...",
"vulnerability_priority": "...",
"vulnerability_status": "...",
"vulnerability_retest": "...",
"vulnerability_likelihood_of_exploitation": 10,
"vulnerability_steps_to_reproduce": "...",
"vulnerability_tags": [
"..."
],
"vulnerability_is_zeroday": "...",
"vulnerability_notes": [
{
"note": "...",
"note_html": "...",
"type": "PLAINTEXT/RICHTEXT"
}
],
"vulnerability_description": "...",
"vulnerability_attack_scenario": "...",
"vulnerability_remediation_recommendation": "...",
"vulnerability_affected_asset_name": "...",
"vulnerability_affected_asset_id": "...",
"vulnerability_affected_assets": [
{
"asset": {
"id": "...",
"name": "...",
"library_id": "...",
"library_external_id": "...",
"custom_fields": [
{
"key": "...",
"value": "...",
"type": "Field"
}
],
},
"notes": [
"..."
],
"tags": [
"..."
],
"actioned": true,
"components": [
{
"name": "...",
"notes": [
"..."
],
"tags": [
"..."
]
}
]
}
],
"vulnerability_project_name": "...",
"vulnerability_project_id": "...",
"vulnerability_custom_fields": [
{
"key": "...",
"value": "...",
"type": "Tag/Field"
}
],
"vulnerability_sla": "...",
"vulnerability_release_date": "..."
}
} 