# GetProjectsAndVulnerabilities This method can be used for the following: * Get details for all projects (and their vulnerabilities) you have access to, with optional filter; * This API returns maximum of twenty (20) projects per request. Use skip filter for pagination. * Returned projects are sorted by created timestamp in descending order, i.e. latest created projects show first. ## Parameters The following URL, Headers and Parameters are required for requests to this API endpoint. Where a parameter is optional, it will be indicated. Otherwise treat all parameters as *mandatory*. ### Headers ``` GET /api/ss/projects-and-vulnerabilities HTTP/1.1Host: localhost:3000 X-SSAPI-KEY: APIKey Content-Type: application/jsonConnection: close ``` ### Query **skip (*****number*****) (*****optional*****)** This API returns maximum of twenty (20) projects per request. Use this filter to adjust starting index for pagination. Example: ``` GET /api/ss/projects-and-vulnerabilities?skip=20 HTTP/1.1 ``` **created (*****string*****) (*****optional*****)** Project created date to query projects from. Must be UTC string e.g. 2021-06-03T23:15:33.008Z. Example: ``` GET /api/ss/projects-and-vulnerabilities?created=2021-06-03T00:00:00.000Z HTTP/1.1 ``` **altCustomFields (*****boolean*****) (*****optional*****)** Returns custom fields and custom tags in alternative format. Example: ``` "vulnerability_custom_fields": { "fields": { "key": "value" }, "tags": { "key": "value" } } ``` Example: ``` GET /api/ss/projects-and-vulnerabilities?altCustomFields=true HTTP/1.1 ``` **q\_project (*****string*****) (*****optional*****)** Provides options to query a custom selection of projects. Please visit the following link for more details on how to use this filter: **q\_vulnerability (*****string*****) (*****optional*****)** Provides options to query a custom selection of vulnerabilities on the returned projects. Please visit the following link for more details on how to use this filter: **pendingVulnerabilities (*****boolean*****) (*****optional*****)** Return pending vulnerabilities only. Example: ``` GET /api/ss/projects-and-vulnerabilities?pendingVulnerabilities=true HTTP/1.1 ``` **asset\_cf\_key\_allowlist (string) (optional)** List of Asset custom field keys to include in response. Add multiple for more than one key e.g. `?asset_cf_key_allowlist=key1&asset_cf_key_allowlist=key2` or specify no keys to exclude all fields e.g. `?asset_cf_key_allowlist=` Example: ``` GET /api/ss/projects-and-vulnerabilities?asset_cf_key_allowlist=key1&asset_cf_key_allowlist=key2 HTTP/1.1 ``` **asset\_cf\_key\_blocklist (string) (optional)** List of Asset custom field keys to exclude from response. Add multiple for more than one key e.g. `?asset_cf_key_blocklist=key1&asset_cf_key_blocklist=key2` Example: ``` GET /api/ss/projects-and-vulnerabilities?asset_cf_key_blocklist=key1&asset_cf_key_blocklist=key2 HTTP/1.1 ``` **project\_cf\_key\_allowlist (string) (optional)** List of Project custom field keys to include in response. Add multiple for more than one key e.g. `?project_cf_key_allowlist=key1&project_cf_key_allowlist=key2` or specify no keys to exclude all fields e.g. `?project_cf_key_allowlist=` Example: ``` GET /api/ss/projects-and-vulnerabilities?project_cf_key_allowlist=key1&project_cf_key_allowlist=key2 HTTP/1.1 ``` **project\_cf\_key\_blocklist (string) (optional)** List of Project custom field keys to exclude from response. Add multiple for more than one key e.g. `?project_cf_key_blocklist=key1&project_cf_key_blocklist=key2` Example: ``` GET /api/ss/projects-and-vulnerabilities?project_cf_key_blocklist=key1&project_cf_key_blocklist=key2 HTTP/1.1 ``` **project\_reporting\_cf\_key\_allowlist (string) (optional)** List of Project Reporting custom field keys to include in response. Add multiple for more than one key e.g. `?project_reporting_cf_key_allowlist=key1&project_reporting_cf_key_allowlist=key2` or specify no keys to exclude all fields e.g. `?project_reporting_cf_key_allowlist=` Example: ``` GET /api/ss/projects-and-vulnerabilities?project_reporting_cf_key_allowlist=key1&project_reporting_cf_key_allowlist=key2 HTTP/1.1 ``` **project\_reporting\_cf\_key\_blocklist (string) (optional)** List of Project Reporting custom field keys to exclude from response. Add multiple for more than one key e.g. `?project_reporting_cf_key_blocklist=key1&project_reporting_cf_key_blocklist=key2` Example: ``` GET /api/ss/projects-and-vulnerabilities?project_reporting_cf_key_blocklist=key1&project_reporting_cf_key_blocklist=key2 HTTP/1.1 ``` **project\_summary\_cf\_key\_allowlist (string) (optional)** List of Project Summary custom field keys to include in response. Add multiple for more than one key e.g. `?project_summary_cf_key_allowlist=key1&project_summary_cf_key_allowlist=key2` or specify no keys to exclude all fields e.g. `?project_summary_cf_key_allowlist=` Example: ``` GET /api/ss/projects-and-vulnerabilities?project_summary_cf_key_allowlist=key1&project_summary_cf_key_allowlist=key2 HTTP/1.1 ``` **project\_summary\_cf\_key\_blocklist (string) (optional)** List of Project Summary custom field keys to exclude from response. Add multiple for more than one key e.g. `?project_summary_cf_key_blocklist=key1&project_summary_cf_key_blocklist=key2` Example: ``` GET /api/ss/projects-and-vulnerabilities?project_summary_cf_key_blocklist=key1&project_summary_cf_key_blocklist=key2 HTTP/1.1 ``` **vulnerability\_cf\_key\_allowlist (string) (optional)** List of Vulnerability custom field keys to include in response. Add multiple for more than one key e.g. `?vulnerability_cf_key_allowlist=key1&vulnerability_cf_key_allowlist=key2` or specify no keys to exclude all fields e.g. `?vulnerability_cf_key_allowlist=` Example: ``` GET /api/ss/projects-and-vulnerabilities?vulnerability_cf_key_allowlist=key1&vulnerability_cf_key_allowlist=key2 HTTP/1.1 ``` **vulnerability\_cf\_key\_blocklist (string) (optional)** List of Vulnerability custom field keys to exclude from response. Add multiple for more than one key e.g. `?vulnerability_cf_key_blocklist=key1&vulnerability_cf_key_blocklist=key2` Example: ``` GET /api/ss/projects-and-vulnerabilities?vulnerability_cf_key_blocklist=key1&vulnerability_cf_key_blocklist=key2 HTTP/1.1 ``` **writeup\_cf\_key\_allowlist (string) (optional)** List of Writeup custom field keys to include in response. Add multiple for more than one key e.g. `?writeup_cf_key_allowlist=key1&writeup_cf_key_allowlist=key2` or specify no keys to exclude all fields e.g. `?writeup_cf_key_allowlist=` Example: ``` GET /api/ss/projects-and-vulnerabilities?writeup_cf_key_allowlist=key1&writeup_cf_key_allowlist=key2 HTTP/1.1 ``` **writeup\_cf\_key\_blocklist (string) (optional)** List of Writeup custom field keys to exclude from response. Add multiple for more than one key e.g. `?writeup_cf_key_blocklist=key1&writeup_cf_key_blocklist=key2` Example: ``` GET /api/ss/projects-and-vulnerabilities?writeup_cf_key_blocklist=key1&writeup_cf_key_blocklist=key2 HTTP/1.1 ``` ## Example The following example is a cURL request to get all projects and their vulnerabilities created since 1st January 2022. ### Request Include API Token instead of stars in 'X-SSAPI-KEY: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*' parameter. ``` curl -X GET 'https://localhost:3000/api/ss/projects-and-vulnerabilities?created=2021-06-03T00:00:00.000Z' -H 'Host: localhost:3000' -H 'X-SSAPI-KEY: ***************************************' -H 'Content-Type: application/json' -H 'Connection: close' ``` ### Response Response contains an array of projects including an array of vulnerabilities for each project. ``` { "count": 999, "projects": [ { "project_id": "...", "project_name": "...", "project_code": "...", "project_organization_code": "...", "project_vulnerability_code": "..." "project_groups": [ { "id": "...", "name": "..." } ], "project_status": "...", "project_extended_status": "...", "project_testing_progress": "100%", "project_on_hold": "...", "project_start_date": "...", "project_end_date": "...", "project_scope": [ "..." ], "project_scope_details": [ { "id": "...", "name": "...", "asset_id": "..." } ], "project_scoring": "...", "project_team_notifications": [ "..." ], "project_admin_notifications": [ "..." ], "project_start_stop_testing_email": "...", "project_start_stop_testing_email_additional_recipients": [ "..." ], "project_new_vulnerability_email_type": "...", "project_new_vulnerability_email": "...", "project_new_vulnerability_email_additional_recipients": [ "..." ], "project_forced_emails": [ "..." ], "project_executive_summary": "...", "project_attack_chains": [ { "total": 999 } ], "project_team": [ { "id": "...", "user_id": "...", "first_name": "...", "last_name": "...", "access_level": "...", "role": "...", "email_notifications": [ "..." ], "last_modified": "..." } ], "project_hold_history": [ { "status": "...", "reason": "...", "created": "..." } ], "project_retests_requested": 999, "project_retests_completed": 999, "project_retesting_history: [ { "retesting_round_id": "...", "retesting_round": 1, "retesting_round_status": "...", "retesting_round_actioned_by": { "user_id": "...", "user_first_name": "...", "user_last_name": "..." }, "retesting_round_vulnerabilities": [ { "vulnerability_id": "...", "vulnerability_alternate_id": "...", "vulnerability_title": "..." } ], "retesting_window_end": "...", "retesting_window_start": "...", "retesting_round_retested_vulnerabilities": [ { "vulnerability_id": "...", "vulnerability_alternate_id": "...", "vulnerability_title": "..." } ] } ], "project_streams": [ { "id": "...", "name": "...", "stream_portfolios": [ { "id": "...", "name": "...", } ] } ], "project_total_assets": 999, "project_total_testcases": 999, "project_not_tested_testcases": 999, "project_in_progress_testcases": 999, "project_tested_testcases": 999, "project_not_applicable_testcases": 999, "project_total_vulnerabilities": 999, "project_open_vulnerabilities": 999, "project_closed_vulnerabilities": 999, "project_retest_vulnerabilities": 999, "project_critical_vulnerabilities": 999, "project_critical_open_vulnerabilities": 999, "project_critical_ready_for_retest_vulnerabilities": 999, "project_critical_closed_vulnerabilities": 999, "project_high_vulnerabilities": 999, "project_high_open_vulnerabilities": 999, "project_high_ready_for_retest_vulnerabilities": 999, "project_high_closed_vulnerabilities": 999, "project_medium_vulnerabilities": 999, "project_medium_open_vulnerabilities": 999, "project_medium_ready_for_retest_vulnerabilities": 999, "project_medium_closed_vulnerabilities": 999, "project_low_vulnerabilities": 999, "project_low_open_vulnerabilities": 999, "project_low_ready_for_retest_vulnerabilities": 999, "project_low_closed_vulnerabilities": 999, "project_info_vulnerabilities": 999, "project_info_open_vulnerabilities": 999, "project_info_ready_for_retest_vulnerabilities": 999, "project_info_closed_vulnerabilities": 999, "project_zeroday_vulnerabilities": 999, "project_easily_exploitable_vulnerabilities": 999, "project_cwe_top_25_vulnerabilities": 999, "project_owasp_top_10_vulnerabilities": 999, "project_pending_vulnerabilities": 999, "project_testsuites": [ { "id": "...", "name": "..." } ], "project_created": "...", "project_last_modified": "...", "project_custom_fields": [ { "key": "...", "value": "...", "type": "Tag/Field" } ], "project_reporting_custom_fields": [ { "key": "...", "value": "..." } ], "project_summary_custom_fields": [ { "key": "...", "value": "..." } ], "project_features": { "attack_chains": { "access": { "project_access_level": "...", "roles": [ "..." ] }, "enabled": true }, "reporting": { "access": { "project_access_level": "...", "roles": [ "..." ] }, "enabled": true }, "retesting": { "access": { "project_access_level": "...", "roles": [ "..." ] }, "enabled": true }, "testcases": { "access": { "project_access_level": "...", "roles": [ "..." ] } } }, "project_pages": { "summary": { "access": { "edit_project_access_levels": [ "..." ], "edit_roles": [ "..." ], "upload_project_access_levels": [ "..." ], "upload_roles": [ "..." ], "view_project_access_levels": [ "..." ], "view_roles": [ "..." ] }, "enabled": true, "custom_fields": [ { "key": "...", "value": "...", "type": "Tag/Field" } ] } }, "project_vulnerabilities":[ { "vulnerability_id": "...", "vulnerability_alternate_id": "...", "vulnerability_created": "...", "vulnerability_modified": "...", "vulnerability_title": "...", "vulnerability_priority": "...", "vulnerability_cvssv3_vector": "...", "vulnerability_cvssv3_base_score": "...", "vulnerability_cvssv3_temporal_score": "...", "vulnerability_cvssv3_environmental_score": "...", "vulnerability_cvssv4_vector": "...", "vulnerability_cvssv4_score": "...", "vulnerability_status": "...", "vulnerability_status_updated": "...", "vulnerability_resolution_type": "...", "vulnerability_retest": "...", "vulnerability_likelihood_of_exploitation": 10, "vulnerability_steps_to_reproduce": "...", "vulnerability_steps_to_reproduce_HTML": "...", "vulnerability_tags": [ "..." ], "vulnerability_is_zeroday": "...", "vulnerability_notes": [ { "id": "...", "note": "...", "note_html": "...", "type": "PLAINTEXT/RICHTEXT" } ], "vulnerability_description": "...", "vulnerability_attack_scenario": "...", "vulnerability_remediation_recommendation": "...", "vulnerability_remediation_notes": [ { "note": "...", "note_html": "...", "created": "...", "created_by": "..." } ], "vulnerability_affected_asset_name": "...", "vulnerability_affected_asset_id": "...", "vulnerability_affected_asset_library_id": "...", "vulnerability_affected_asset_library_external_id": "...", "vulnerability_affected_assets": [ { "asset": { "id": "...", "name": "...", "library_id": "...", "library_external_id": "...", "custom_fields": [ { "key": "...", "value": "...", "type": "Field" } ], }, "notes": [ "..." ], "tags": [ "..." ], "actioned": true, "components": [ { "name": "...", "notes": [ "..." ], "actioned": true, "tags": [ "..." ] } ] } ], "vulnerability_discovered_by": "...", "vulnerability_evidence": [ { "file_name": "...", "file_name_custom": "...", "storage_name": "...", "file_type": "...", "file_size": 999, "file_size_kb": 99999 } ], "vulnerability_library_files": [ { "file_name": "...", "file_name_custom": "...", "storage_name": "...", "file_type": "...", "file_size": 999, "file_size_kb": 99999 } ], "vulnerability_custom_fields": [ { "key": "...", "value": "...", "type": "Tag/Field" } ], "vulnerability_library_custom_fields": [ { "key": "...", "value": "...", "type": "Tag/Field" } ], "vulnerability_affected_asset_custom_fields": [ { "key": "...", "value": "..." } ], "vulnerability_sla": "...", "vulnerability_release_date": "...", "vulnerability_target_remediation_date": "...", "vulnerability_user": { "user_id": "...", "first_name": "...", "last_name": "..." }, "vulnerability_testcases": ["..."] } ] } ] } ```