GetProjectsAndVulnerabilities

This method can be used for the following:

  • Get details for all projects (and their vulnerabilities) you have access to, with optional filter;

  • This API returns maximum of twenty (20) projects per request. Use skip filter for pagination.

  • Returned projects are sorted by created timestamp in descending order, i.e. latest created projects show first.

Parameters

The following URL, Headers and Parameters are required for requests to this API endpoint. Where a parameter is optional, it will be indicated. Otherwise treat all parameters as mandatory.

Headers

GET /api/ss/projects-and-vulnerabilities
HTTP/1.1Host: localhost:3000
X-SSAPI-KEY: APIKey
Content-Type: application/jsonConnection: close

Query

skip (number) (optional)

This API returns maximum of twenty (20) projects per request. Use this filter to adjust starting index for pagination.

Example:

GET /api/ss/projects-and-vulnerabilities?skip=20 HTTP/1.1

created (string) (optional)

Project created date to query projects from. Must be UTC string e.g. 2021-06-03T23:15:33.008Z.

Example:

GET /api/ss/projects-and-vulnerabilities?created=2021-06-03T00:00:00.000Z HTTP/1.1

altCustomFields (boolean) (optional)

Returns custom fields and custom tags in alternative format.

Example:

"vulnerability_custom_fields": {
  "fields": {
    "key": "value"
  },
  "tags": {
    "key": "value"
  }
}

Example:

GET /api/ss/projects-and-vulnerabilities?altCustomFields=true HTTP/1.1

q_project (string) (optional)

Provides options to query a custom selection of projects.

Please visit the following link for more details on how to use this filter: https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/advanced-query-filter

q_vulnerability (string) (optional)

Provides options to query a custom selection of vulnerabilities on the returned projects.

Please visit the following link for more details on how to use this filter: https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/advanced-query-filter

pendingVulnerabilities (boolean) (optional)

Return pending vulnerabilities only.

Example:

GET /api/ss/projects-and-vulnerabilities?pendingVulnerabilities=true HTTP/1.1

asset_cf_key_allowlist (string) (optional)

List of Asset custom field keys to include in response. Add multiple for more than one key e.g. ?asset_cf_key_allowlist=key1&asset_cf_key_allowlist=key2 or specify no keys to exclude all fields e.g. ?asset_cf_key_allowlist=

Example:

GET /api/ss/projects-and-vulnerabilities?asset_cf_key_allowlist=key1&asset_cf_key_allowlist=key2 HTTP/1.1

asset_cf_key_blocklist (string) (optional)

List of Asset custom field keys to exclude from response. Add multiple for more than one key e.g. ?asset_cf_key_blocklist=key1&asset_cf_key_blocklist=key2

Example:

GET /api/ss/projects-and-vulnerabilities?asset_cf_key_blocklist=key1&asset_cf_key_blocklist=key2 HTTP/1.1

project_cf_key_allowlist (string) (optional)

List of Project custom field keys to include in response. Add multiple for more than one key e.g. ?project_cf_key_allowlist=key1&project_cf_key_allowlist=key2 or specify no keys to exclude all fields e.g. ?project_cf_key_allowlist=

Example:

GET /api/ss/projects-and-vulnerabilities?project_cf_key_allowlist=key1&project_cf_key_allowlist=key2 HTTP/1.1

project_cf_key_blocklist (string) (optional)

List of Project custom field keys to exclude from response. Add multiple for more than one key e.g. ?project_cf_key_blocklist=key1&project_cf_key_blocklist=key2

Example:

GET /api/ss/projects-and-vulnerabilities?project_cf_key_blocklist=key1&project_cf_key_blocklist=key2 HTTP/1.1

project_reporting_cf_key_allowlist (string) (optional)

List of Project Reporting custom field keys to include in response. Add multiple for more than one key e.g. ?project_reporting_cf_key_allowlist=key1&project_reporting_cf_key_allowlist=key2 or specify no keys to exclude all fields e.g. ?project_reporting_cf_key_allowlist=

Example:

GET /api/ss/projects-and-vulnerabilities?project_reporting_cf_key_allowlist=key1&project_reporting_cf_key_allowlist=key2 HTTP/1.1

project_reporting_cf_key_blocklist (string) (optional)

List of Project Reporting custom field keys to exclude from response. Add multiple for more than one key e.g. ?project_reporting_cf_key_blocklist=key1&project_reporting_cf_key_blocklist=key2

Example:

GET /api/ss/projects-and-vulnerabilities?project_reporting_cf_key_blocklist=key1&project_reporting_cf_key_blocklist=key2 HTTP/1.1

project_summary_cf_key_allowlist (string) (optional)

List of Project Summary custom field keys to include in response. Add multiple for more than one key e.g. ?project_summary_cf_key_allowlist=key1&project_summary_cf_key_allowlist=key2 or specify no keys to exclude all fields e.g. ?project_summary_cf_key_allowlist=

Example:

GET /api/ss/projects-and-vulnerabilities?project_summary_cf_key_allowlist=key1&project_summary_cf_key_allowlist=key2 HTTP/1.1

project_summary_cf_key_blocklist (string) (optional)

List of Project Summary custom field keys to exclude from response. Add multiple for more than one key e.g. ?project_summary_cf_key_blocklist=key1&project_summary_cf_key_blocklist=key2

Example:

GET /api/ss/projects-and-vulnerabilities?project_summary_cf_key_blocklist=key1&project_summary_cf_key_blocklist=key2 HTTP/1.1

vulnerability_cf_key_allowlist (string) (optional)

List of Vulnerability custom field keys to include in response. Add multiple for more than one key e.g. ?vulnerability_cf_key_allowlist=key1&vulnerability_cf_key_allowlist=key2 or specify no keys to exclude all fields e.g. ?vulnerability_cf_key_allowlist=

Example:

GET /api/ss/projects-and-vulnerabilities?vulnerability_cf_key_allowlist=key1&vulnerability_cf_key_allowlist=key2 HTTP/1.1

vulnerability_cf_key_blocklist (string) (optional)

List of Vulnerability custom field keys to exclude from response. Add multiple for more than one key e.g. ?vulnerability_cf_key_blocklist=key1&vulnerability_cf_key_blocklist=key2

Example:

GET /api/ss/projects-and-vulnerabilities?vulnerability_cf_key_blocklist=key1&vulnerability_cf_key_blocklist=key2 HTTP/1.1

writeup_cf_key_allowlist (string) (optional)

List of Writeup custom field keys to include in response. Add multiple for more than one key e.g. ?writeup_cf_key_allowlist=key1&writeup_cf_key_allowlist=key2 or specify no keys to exclude all fields e.g. ?writeup_cf_key_allowlist=

Example:

GET /api/ss/projects-and-vulnerabilities?writeup_cf_key_allowlist=key1&writeup_cf_key_allowlist=key2 HTTP/1.1

writeup_cf_key_blocklist (string) (optional)

List of Writeup custom field keys to exclude from response. Add multiple for more than one key e.g. ?writeup_cf_key_blocklist=key1&writeup_cf_key_blocklist=key2

Example:

GET /api/ss/projects-and-vulnerabilities?writeup_cf_key_blocklist=key1&writeup_cf_key_blocklist=key2 HTTP/1.1

Example

The following example is a cURL request to get all projects and their vulnerabilities created since 1st January 2022.

Request

Include API Token instead of stars in 'X-SSAPI-KEY: ***************************************' parameter.

curl -X GET 'https://localhost:3000/api/ss/projects-and-vulnerabilities?created=2021-06-03T00:00:00.000Z' -H 'Host: localhost:3000' -H 'X-SSAPI-KEY: ***************************************' -H 'Content-Type: application/json' -H 'Connection: close'

Response

Response contains an array of projects including an array of vulnerabilities for each project.

{
  "count": 999,
  "projects": [
    {
      "project_id": "...",
      "project_name": "...",
      "project_code": "...",
      "project_organization_code": "...",
      "project_vulnerability_code": "..."
      "project_groups": [
        {
          "id": "...",
          "name": "..." 
        }
      ],
      "project_status": "...",
      "project_extended_status": "...",
      "project_testing_progress": "100%",
      "project_on_hold": "...",
      "project_start_date": "...",
      "project_end_date": "...",
      "project_scope": [
        "..."
      ],
      "project_scope_details": [
        {
          "id": "...",
          "name": "...",
          "asset_id": "..."
        }
      ],
      "project_scoring": "...",
      "project_team_notifications": [
        "..."
      ],
      "project_admin_notifications": [
        "..."
      ],
      "project_start_stop_testing_email": "...",
      "project_start_stop_testing_email_additional_recipients": [
        "..."
      ],
      "project_new_vulnerability_email_type": "...",
      "project_new_vulnerability_email": "...",
      "project_new_vulnerability_email_additional_recipients": [
        "..."
      ],
      "project_forced_emails": [
        "..."
      ],
      "project_executive_summary": "...",
      "project_attack_chains": [
        {
          "total": 999
        }
      ],
      "project_team": [
        {
          "id": "...",
          "user_id": "...", 
          "first_name": "...", 
          "last_name": "...", 
          "access_level": "...", 
          "role": "...", 
          "email_notifications": [
            "..."
          ], 
          "last_modified": "..."
        }
      ],
      "project_hold_history": [
        {
          "status": "...", 
          "reason": "...", 
          "created": "..."
        }
      ],
      "project_retests_requested": 999,
      "project_retests_completed": 999,
      "project_retesting_history: [
        {
          "retesting_round_id": "...",
          "retesting_round": 1,
          "retesting_round_status": "...",
          "retesting_round_actioned_by": {
            "user_id": "...",
            "user_first_name": "...",
            "user_last_name": "..."
          },
          "retesting_round_vulnerabilities": [
            {
              "vulnerability_id": "...",
              "vulnerability_alternate_id": "...",
              "vulnerability_title": "..."
            }
          ],
          "retesting_window_end": "...",
          "retesting_window_start": "...",
          "retesting_round_retested_vulnerabilities": [
            {
              "vulnerability_id": "...",
              "vulnerability_alternate_id": "...",
              "vulnerability_title": "..."
            }
          ]
        }
      ],
      "project_streams": [
        {
          "id": "...",
          "name": "...",
          "stream_portfolios": [
            {
              "id": "...",
              "name": "...",
            }
          ]
        }
      ],
      "project_total_assets": 999,
      "project_total_testcases": 999,
      "project_not_tested_testcases": 999,
      "project_in_progress_testcases": 999,
      "project_tested_testcases": 999,
      "project_not_applicable_testcases": 999,
      "project_total_vulnerabilities": 999,
      "project_open_vulnerabilities": 999,
      "project_closed_vulnerabilities": 999,
      "project_retest_vulnerabilities": 999,
      "project_critical_vulnerabilities": 999,
      "project_critical_open_vulnerabilities": 999,
      "project_critical_ready_for_retest_vulnerabilities": 999,
      "project_critical_closed_vulnerabilities": 999,
      "project_high_vulnerabilities": 999,
      "project_high_open_vulnerabilities": 999,
      "project_high_ready_for_retest_vulnerabilities": 999,
      "project_high_closed_vulnerabilities": 999,
      "project_medium_vulnerabilities": 999,
      "project_medium_open_vulnerabilities": 999,
      "project_medium_ready_for_retest_vulnerabilities": 999,
      "project_medium_closed_vulnerabilities": 999,
      "project_low_vulnerabilities": 999,
      "project_low_open_vulnerabilities": 999,
      "project_low_ready_for_retest_vulnerabilities": 999,
      "project_low_closed_vulnerabilities": 999,
      "project_info_vulnerabilities": 999,
      "project_info_open_vulnerabilities": 999,
      "project_info_ready_for_retest_vulnerabilities": 999,
      "project_info_closed_vulnerabilities": 999,
      "project_zeroday_vulnerabilities": 999,
      "project_easily_exploitable_vulnerabilities": 999,
      "project_cwe_top_25_vulnerabilities": 999,
      "project_owasp_top_10_vulnerabilities": 999,
      "project_pending_vulnerabilities": 999,
      "project_testsuites": [
        {
          "id": "...",
          "name": "..."
        }
      ],
      "project_created": "...",
      "project_last_modified": "...",
      "project_custom_fields": [
        {
          "key": "...", 
          "value": "...", 
          "type": "Tag/Field"
        }
      ],
      "project_reporting_custom_fields": [
        {
          "key": "...", 
          "value": "..."
        }
      ],
      "project_summary_custom_fields": [
        {
          "key": "...", 
          "value": "..."
        }
      ],
      "project_features": {
        "attack_chains": {
          "access": {
            "project_access_level": "...",
            "roles": [
              "..."
            ]
          },
          "enabled": true
        },
        "reporting": {
          "access": {
            "project_access_level": "...",
            "roles": [
              "..."
            ]
          },
          "enabled": true
        },
        "retesting": {
          "access": {
            "project_access_level": "...",
            "roles": [
              "..."
            ]
          },
          "enabled": true
        },
        "testcases": {
          "access": {
            "project_access_level": "...",
            "roles": [
              "..."
            ]
          }
        }
      },
      "project_pages": {
        "summary": {
          "access": {
            "edit_project_access_levels": [
              "..."
            ],
            "edit_roles": [
              "..."
            ],
            "upload_project_access_levels": [
              "..."
            ],
            "upload_roles": [
              "..."
            ],
            "view_project_access_levels": [
              "..."
            ],
            "view_roles": [
              "..."
            ]
          },
          "enabled": true,
          "custom_fields": [
            {
              "key": "...",
              "value": "...",
              "type": "Tag/Field"
            }
          ]
        }
      },
      "project_vulnerabilities":[
        {
          "vulnerability_id": "...",
          "vulnerability_alternate_id": "...",
          "vulnerability_created": "...",
          "vulnerability_modified": "...",
          "vulnerability_title": "...",
          "vulnerability_priority": "...",
          "vulnerability_cvssv3_vector": "...",
          "vulnerability_cvssv3_base_score": "...",
          "vulnerability_cvssv3_temporal_score": "...",
          "vulnerability_cvssv3_environmental_score": "...",
          "vulnerability_status": "...",
          "vulnerability_status_updated": "...",
          "vulnerability_retest": "...",
          "vulnerability_likelihood_of_exploitation": 10,
          "vulnerability_steps_to_reproduce": "...",
          "vulnerability_steps_to_reproduce_HTML": "...",
          "vulnerability_tags": [
            "..."
          ],
          "vulnerability_is_zeroday": "...",
          "vulnerability_notes": [
            {
              "id": "...",
              "note": "...",
              "note_html": "...",
              "type": "PLAINTEXT/RICHTEXT"
            }
          ],
          "vulnerability_description": "...",
          "vulnerability_attack_scenario": "...",
          "vulnerability_remediation_recommendation": "...",
          "vulnerability_remediation_notes": [
            {
              "note": "...",
              "note_html": "...",
              "created": "...",
              "created_by": "..."
            }
          ],
          "vulnerability_affected_asset_name": "...",
          "vulnerability_affected_asset_id": "...",
          "vulnerability_affected_asset_library_id": "...",
          "vulnerability_affected_asset_library_external_id": "...",
          "vulnerability_affected_assets": [
            {
              "asset": {
                "id": "...",
                "name": "...",
                "library_id": "...",
                "library_external_id": "...",
                "custom_fields": [
                  { 
                    "key": "...",
                    "value": "...",
                    "type": "Field"
                  }
                ],
              },
              "notes": [
                "..."
              ],
              "tags": [
                "..."
              ],
              "actioned": true,
              "components": [
                {
                  "name": "...",
                  "notes": [
                    "..."
                  ],
                  "tags": [
                    "..."
                  ]
                }
              ]
            }
          ],
          "vulnerability_discovered_by": "...",
          "vulnerability_evidence": [
            {
              "file_name": "...",
              "file_name_custom": "...", 
              "storage_name": "...",
              "file_type": "...",
              "file_size_kb": "..."
            }
          ],
          "vulnerability_library_files": [
            {
              "file_name": "...",
              "file_name_custom": "...",
              "storage_name": "...",
              "file_type": "...",
              "file_size_kb": "..."
            }
          ],
          "vulnerability_custom_fields": [
            {
              "key": "...", 
              "value": "...", 
              "type": "Tag/Field"
            }
          ],
          "vulnerability_library_custom_fields": [
            {
              "key": "...", 
              "value": "...", 
              "type": "Tag/Field"
            }
          ],
          "vulnerability_affected_asset_custom_fields": [
            {
              "key": "...", 
              "value": "..."
            }
          ],
          "vulnerability_sla": "...",
          "vulnerability_release_date": "...",
          "vulnerability_target_remediation_date": "...",
          "vulnerability_user": {
            "user_id": "...",
            "first_name": "...",
            "last_name": "..."
          },
          "vulnerability_testcases": ["..."]
        }
      ]
    }
  ]
}

Last updated