# GetProjectsAndVulnerabilities This method can be used for the following: * Get details for all projects (and their vulnerabilities) you have access to, with optional filter; * This API returns maximum of twenty (20) projects per request. Use skip filter for pagination. * Returned projects are sorted by created timestamp in descending order, i.e. latest created projects show first. ## Parameters The following URL, Headers and Parameters are required for requests to this API endpoint. Where a parameter is optional, it will be indicated. Otherwise treat all parameters as *mandatory*. ### Headers ``` GET /api/ss/projects-and-vulnerabilities HTTP/1.1Host: localhost:3000 X-SSAPI-KEY: APIKey Content-Type: application/jsonConnection: close ``` ### Query **skip (*****number*****) (*****optional*****)** This API returns maximum of twenty (20) projects per request. Use this filter to adjust starting index for pagination. Example: ``` GET /api/ss/projects-and-vulnerabilities?skip=20 HTTP/1.1 ``` **created (*****string*****) (*****optional*****)** Project created date to query projects from. Must be UTC string e.g. 2021-06-03T23:15:33.008Z. Example: ``` GET /api/ss/projects-and-vulnerabilities?created=2021-06-03T00:00:00.000Z HTTP/1.1 ``` **altCustomFields (*****boolean*****) (*****optional*****)** Returns custom fields and custom tags in alternative format. Example: ``` "vulnerability_custom_fields": { "fields": { "key": "value" }, "tags": { "key": "value" } } ``` Example: ``` GET /api/ss/projects-and-vulnerabilities?altCustomFields=true HTTP/1.1 ``` **q\_project (*****string*****) (*****optional*****)** Provides options to query a custom selection of projects. Please visit the following link for more details on how to use this filter: **q\_vulnerability (*****string*****) (*****optional*****)** Provides options to query a custom selection of vulnerabilities on the returned projects. Please visit the following link for more details on how to use this filter: **pendingVulnerabilities (*****boolean*****) (*****optional*****)** Return pending vulnerabilities only. Example: ``` GET /api/ss/projects-and-vulnerabilities?pendingVulnerabilities=true HTTP/1.1 ``` **asset\_cf\_key\_allowlist (string) (optional)** List of Asset custom field keys to include in response. Add multiple for more than one key e.g. `?asset_cf_key_allowlist=key1&asset_cf_key_allowlist=key2` or specify no keys to exclude all fields e.g. `?asset_cf_key_allowlist=` Example: ``` GET /api/ss/projects-and-vulnerabilities?asset_cf_key_allowlist=key1&asset_cf_key_allowlist=key2 HTTP/1.1 ``` **asset\_cf\_key\_blocklist (string) (optional)** List of Asset custom field keys to exclude from response. Add multiple for more than one key e.g. `?asset_cf_key_blocklist=key1&asset_cf_key_blocklist=key2` Example: ``` GET /api/ss/projects-and-vulnerabilities?asset_cf_key_blocklist=key1&asset_cf_key_blocklist=key2 HTTP/1.1 ``` **project\_cf\_key\_allowlist (string) (optional)** List of Project custom field keys to include in response. Add multiple for more than one key e.g. `?project_cf_key_allowlist=key1&project_cf_key_allowlist=key2` or specify no keys to exclude all fields e.g. `?project_cf_key_allowlist=` Example: ``` GET /api/ss/projects-and-vulnerabilities?project_cf_key_allowlist=key1&project_cf_key_allowlist=key2 HTTP/1.1 ``` **project\_cf\_key\_blocklist (string) (optional)** List of Project custom field keys to exclude from response. Add multiple for more than one key e.g. `?project_cf_key_blocklist=key1&project_cf_key_blocklist=key2` Example: ``` GET /api/ss/projects-and-vulnerabilities?project_cf_key_blocklist=key1&project_cf_key_blocklist=key2 HTTP/1.1 ``` **project\_reporting\_cf\_key\_allowlist (string) (optional)** List of Project Reporting custom field keys to include in response. Add multiple for more than one key e.g. `?project_reporting_cf_key_allowlist=key1&project_reporting_cf_key_allowlist=key2` or specify no keys to exclude all fields e.g. `?project_reporting_cf_key_allowlist=` Example: ``` GET /api/ss/projects-and-vulnerabilities?project_reporting_cf_key_allowlist=key1&project_reporting_cf_key_allowlist=key2 HTTP/1.1 ``` **project\_reporting\_cf\_key\_blocklist (string) (optional)** List of Project Reporting custom field keys to exclude from response. Add multiple for more than one key e.g. `?project_reporting_cf_key_blocklist=key1&project_reporting_cf_key_blocklist=key2` Example: ``` GET /api/ss/projects-and-vulnerabilities?project_reporting_cf_key_blocklist=key1&project_reporting_cf_key_blocklist=key2 HTTP/1.1 ``` **project\_summary\_cf\_key\_allowlist (string) (optional)** List of Project Summary custom field keys to include in response. Add multiple for more than one key e.g. `?project_summary_cf_key_allowlist=key1&project_summary_cf_key_allowlist=key2` or specify no keys to exclude all fields e.g. `?project_summary_cf_key_allowlist=` Example: ``` GET /api/ss/projects-and-vulnerabilities?project_summary_cf_key_allowlist=key1&project_summary_cf_key_allowlist=key2 HTTP/1.1 ``` **project\_summary\_cf\_key\_blocklist (string) (optional)** List of Project Summary custom field keys to exclude from response. Add multiple for more than one key e.g. `?project_summary_cf_key_blocklist=key1&project_summary_cf_key_blocklist=key2` Example: ``` GET /api/ss/projects-and-vulnerabilities?project_summary_cf_key_blocklist=key1&project_summary_cf_key_blocklist=key2 HTTP/1.1 ``` **vulnerability\_cf\_key\_allowlist (string) (optional)** List of Vulnerability custom field keys to include in response. Add multiple for more than one key e.g. `?vulnerability_cf_key_allowlist=key1&vulnerability_cf_key_allowlist=key2` or specify no keys to exclude all fields e.g. `?vulnerability_cf_key_allowlist=` Example: ``` GET /api/ss/projects-and-vulnerabilities?vulnerability_cf_key_allowlist=key1&vulnerability_cf_key_allowlist=key2 HTTP/1.1 ``` **vulnerability\_cf\_key\_blocklist (string) (optional)** List of Vulnerability custom field keys to exclude from response. Add multiple for more than one key e.g. `?vulnerability_cf_key_blocklist=key1&vulnerability_cf_key_blocklist=key2` Example: ``` GET /api/ss/projects-and-vulnerabilities?vulnerability_cf_key_blocklist=key1&vulnerability_cf_key_blocklist=key2 HTTP/1.1 ``` **writeup\_cf\_key\_allowlist (string) (optional)** List of Writeup custom field keys to include in response. Add multiple for more than one key e.g. `?writeup_cf_key_allowlist=key1&writeup_cf_key_allowlist=key2` or specify no keys to exclude all fields e.g. `?writeup_cf_key_allowlist=` Example: ``` GET /api/ss/projects-and-vulnerabilities?writeup_cf_key_allowlist=key1&writeup_cf_key_allowlist=key2 HTTP/1.1 ``` **writeup\_cf\_key\_blocklist (string) (optional)** List of Writeup custom field keys to exclude from response. Add multiple for more than one key e.g. `?writeup_cf_key_blocklist=key1&writeup_cf_key_blocklist=key2` Example: ``` GET /api/ss/projects-and-vulnerabilities?writeup_cf_key_blocklist=key1&writeup_cf_key_blocklist=key2 HTTP/1.1 ``` ## Example The following example is a cURL request to get all projects and their vulnerabilities created since 1st January 2022. ### Request Include API Token instead of stars in 'X-SSAPI-KEY: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*' parameter. ``` curl -X GET 'https://localhost:3000/api/ss/projects-and-vulnerabilities?created=2021-06-03T00:00:00.000Z' -H 'Host: localhost:3000' -H 'X-SSAPI-KEY: ***************************************' -H 'Content-Type: application/json' -H 'Connection: close' ``` ### Response Response contains an array of projects including an array of vulnerabilities for each project. ``` { "count": 999, "projects": [ { "project_id": "...", "project_name": "...", "project_code": "...", "project_organization_code": "...", "project_vulnerability_code": "..." "project_groups": [ { "id": "...", "name": "..." } ], "project_status": "...", "project_extended_status": "...", "project_testing_progress": "100%", "project_on_hold": "...", "project_start_date": "...", "project_end_date": "...", "project_scope": [ "..." ], "project_scope_details": [ { "id": "...", "name": "...", "asset_id": "..." } ], "project_scoring": "...", "project_team_notifications": [ "..." ], "project_admin_notifications": [ "..." ], "project_start_stop_testing_email": "...", "project_start_stop_testing_email_additional_recipients": [ "..." ], "project_new_vulnerability_email_type": "...", "project_new_vulnerability_email": "...", "project_new_vulnerability_email_additional_recipients": [ "..." ], "project_forced_emails": [ "..." ], "project_executive_summary": "...", "project_attack_chains": [ { "total": 999 } ], "project_team": [ { "id": "...", "user_id": "...", "first_name": "...", "last_name": "...", "access_level": "...", "role": "...", "email_notifications": [ "..." ], "last_modified": "..." } ], "project_hold_history": [ { "status": "...", "reason": "...", "created": "..." } ], "project_retests_requested": 999, "project_retests_completed": 999, "project_retesting_history: [ { "retesting_round_id": "...", "retesting_round": 1, "retesting_round_status": "...", "retesting_round_actioned_by": { "user_id": "...", "user_first_name": "...", "user_last_name": "..." }, "retesting_round_vulnerabilities": [ { "vulnerability_id": "...", "vulnerability_alternate_id": "...", "vulnerability_title": "..." } ], "retesting_window_end": "...", "retesting_window_start": "...", "retesting_round_retested_vulnerabilities": [ { "vulnerability_id": "...", "vulnerability_alternate_id": "...", "vulnerability_title": "..." } ] } ], "project_streams": [ { "id": "...", "name": "...", "stream_portfolios": [ { "id": "...", "name": "...", } ] } ], "project_total_assets": 999, "project_total_testcases": 999, "project_not_tested_testcases": 999, "project_in_progress_testcases": 999, "project_tested_testcases": 999, "project_not_applicable_testcases": 999, "project_total_vulnerabilities": 999, "project_open_vulnerabilities": 999, "project_closed_vulnerabilities": 999, "project_retest_vulnerabilities": 999, "project_critical_vulnerabilities": 999, "project_critical_open_vulnerabilities": 999, "project_critical_ready_for_retest_vulnerabilities": 999, "project_critical_closed_vulnerabilities": 999, "project_high_vulnerabilities": 999, "project_high_open_vulnerabilities": 999, "project_high_ready_for_retest_vulnerabilities": 999, "project_high_closed_vulnerabilities": 999, "project_medium_vulnerabilities": 999, "project_medium_open_vulnerabilities": 999, "project_medium_ready_for_retest_vulnerabilities": 999, "project_medium_closed_vulnerabilities": 999, "project_low_vulnerabilities": 999, "project_low_open_vulnerabilities": 999, "project_low_ready_for_retest_vulnerabilities": 999, "project_low_closed_vulnerabilities": 999, "project_info_vulnerabilities": 999, "project_info_open_vulnerabilities": 999, "project_info_ready_for_retest_vulnerabilities": 999, "project_info_closed_vulnerabilities": 999, "project_zeroday_vulnerabilities": 999, "project_easily_exploitable_vulnerabilities": 999, "project_cwe_top_25_vulnerabilities": 999, "project_owasp_top_10_vulnerabilities": 999, "project_pending_vulnerabilities": 999, "project_testsuites": [ { "id": "...", "name": "..." } ], "project_created": "...", "project_last_modified": "...", "project_custom_fields": [ { "key": "...", "value": "...", "type": "Tag/Field" } ], "project_reporting_custom_fields": [ { "key": "...", "value": "..." } ], "project_summary_custom_fields": [ { "key": "...", "value": "..." } ], "project_features": { "attack_chains": { "access": { "project_access_level": "...", "roles": [ "..." ] }, "enabled": true }, "reporting": { "access": { "project_access_level": "...", "roles": [ "..." ] }, "enabled": true }, "retesting": { "access": { "project_access_level": "...", "roles": [ "..." ] }, "enabled": true }, "testcases": { "access": { "project_access_level": "...", "roles": [ "..." ] } } }, "project_pages": { "summary": { "access": { "edit_project_access_levels": [ "..." ], "edit_roles": [ "..." ], "upload_project_access_levels": [ "..." ], "upload_roles": [ "..." ], "view_project_access_levels": [ "..." ], "view_roles": [ "..." ] }, "enabled": true, "custom_fields": [ { "key": "...", "value": "...", "type": "Tag/Field" } ] } }, "project_vulnerabilities":[ { "vulnerability_id": "...", "vulnerability_alternate_id": "...", "vulnerability_created": "...", "vulnerability_modified": "...", "vulnerability_title": "...", "vulnerability_priority": "...", "vulnerability_cvssv3_vector": "...", "vulnerability_cvssv3_base_score": "...", "vulnerability_cvssv3_temporal_score": "...", "vulnerability_cvssv3_environmental_score": "...", "vulnerability_cvssv4_vector": "...", "vulnerability_cvssv4_score": "...", "vulnerability_status": "...", "vulnerability_status_updated": "...", "vulnerability_resolution_type": "...", "vulnerability_retest": "...", "vulnerability_likelihood_of_exploitation": 10, "vulnerability_steps_to_reproduce": "...", "vulnerability_steps_to_reproduce_HTML": "...", "vulnerability_tags": [ "..." ], "vulnerability_is_zeroday": "...", "vulnerability_notes": [ { "id": "...", "note": "...", "note_html": "...", "type": "PLAINTEXT/RICHTEXT" } ], "vulnerability_description": "...", "vulnerability_attack_scenario": "...", "vulnerability_remediation_recommendation": "...", "vulnerability_remediation_notes": [ { "note": "...", "note_html": "...", "created": "...", "created_by": "..." } ], "vulnerability_affected_asset_name": "...", "vulnerability_affected_asset_id": "...", "vulnerability_affected_asset_library_id": "...", "vulnerability_affected_asset_library_external_id": "...", "vulnerability_affected_assets": [ { "asset": { "id": "...", "name": "...", "library_id": "...", "library_external_id": "...", "custom_fields": [ { "key": "...", "value": "...", "type": "Field" } ], }, "notes": [ "..." ], "tags": [ "..." ], "actioned": true, "components": [ { "name": "...", "notes": [ "..." ], "actioned": true, "tags": [ "..." ] } ] } ], "vulnerability_discovered_by": "...", "vulnerability_evidence": [ { "file_name": "...", "file_name_custom": "...", "storage_name": "...", "file_type": "...", "file_size": 999, "file_size_kb": 99999 } ], "vulnerability_library_files": [ { "file_name": "...", "file_name_custom": "...", "storage_name": "...", "file_type": "...", "file_size": 999, "file_size_kb": 99999 } ], "vulnerability_custom_fields": [ { "key": "...", "value": "...", "type": "Tag/Field" } ], "vulnerability_library_custom_fields": [ { "key": "...", "value": "...", "type": "Tag/Field" } ], "vulnerability_affected_asset_custom_fields": [ { "key": "...", "value": "..." } ], "vulnerability_sla": "...", "vulnerability_release_date": "...", "vulnerability_target_remediation_date": "...", "vulnerability_user": { "user_id": "...", "first_name": "...", "last_name": "..." }, "vulnerability_testcases": ["..."] } ] } ] } ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/getprojectsandvulnerabilities.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.