GetProjectVulnerabilitiesById

This method can be used for the following functionality: Get all vulnerabilities for a project you have access to, by project identifier (Id).

Parameters

The following URL, Headers and Parameters are required for requests to this API endpoint. Where a parameter is optional, it will be indicated. Otherwise treat all parameters as mandatory.

Headers

GET /api/ss/project/:id/vulnerabilities HTTP/1.1
Host: demo.attackforge.com
X-SSAPI-KEY: APIKey
Content-Type: application/json
Connection: close

Query

id (string)

Identifier for the project.

Example:

GET /api/ss/project/5e48c12ec0376309d73aad71/vulnerabilities HTTP/1.1

startDate (string) (optional)

Start date to query vulnerabilities from, based on creation date. Must be UTC string e.g. 2021-06-03T23:15:33.008Z.

Example:

GET /api/ss/project/:id/vulnerabilities?startDate=2021-06-03T00:00:00.000Z HTTP/1.1

endDate (string) (optional)

End date to query vulnerabilities to, based on creation date. Must be UTC string e.g. 2021-06-03T23:15:33.008Z.

Example:

GET /api/ss/project/:id/vulnerabilities?endDate=2021-06-03T00:00:00.000Z HTTP/1.1

priority (string) (optional)

Priority for vulnerabilities returned. Must be one of the following: Critical, High, Medium, Low, Info

Example:

GET /api/ss/project/:id/vulnerabilities?priority=Critical HTTP/1.1

skip (integer) (optional)

Number of records to skip. Default is 0 (do not skip any records).

Example:

GET /api/ss/project/:id/vulnerabilities?skip=10 HTTP/1.1

limit (integer) (optional)

Number of records to limit to. Default limit is 500. Max limit is 500.

Example:

GET /api/ss/project/:id/vulnerabilities?limit=100 HTTP/1.1

altCustomFields (boolean) (optional)

Returns custom fields and custom tags in alternative format.

Example:

"vulnerability_custom_fields": {
  "fields": {
    "key": "value"
  },
  "tags": {
    "key": "value"
  }
}

Example:

GET /api/ss/project/:id/vulnerabilities?altCustomFields=true HTTP/1.1

q (string) (optional)

Provides options to query a custom selection of vulnerabilities.

Please visit the following link for more details on how to use this filter: https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/advanced-query-filter

Example 1 - Critical or High vulnerabilities only:

curl -G -X GET 'https://localhost:3000/api/ss/project/6361f5e823ad99df8a223c7d/vulnerabilities' --data-urlencode 'q={priority: { $in: ["Critical", "High"]} }' -H 'Host: localhost:3000' -H 'X-SSAPI-KEY: ***************************************' -H 'Content-Type: application/json' -H 'Connection: close'

Example 2 - Open Critical or Open High vulnerabilities only:

curl -G -X GET 'https://localhost:3000/api/ss/project/6361f5e823ad99df8a223c7d/vulnerabilities' --data-urlencode 'q={ $and: [ { priority: { $in: [ "Critical", "High" ] } }, { status: { $eq: "Open" } } ] }' -H 'Host: localhost:3000' -H 'X-SSAPI-KEY: ***************************************' -H 'Content-Type: application/json' -H 'Connection: close'

Example 3 - Critical or High Ready for Retest vulnerabilities only:

curl -G -X GET 'https://localhost:3000/api/ss/project/6361f5e823ad99df8a223c7d/vulnerabilities' --data-urlencode 'q={ $and: [ { priority: { $in: [ "Critical", "High" ] } }, { is_retest: { $eq: "Yes" } } ] }' -H 'Host: localhost:3000' -H 'X-SSAPI-KEY: ***************************************' -H 'Content-Type: application/json' -H 'Connection: close'

Example 4 - Critical or High vulnerabilities discovered in last 24 hours:

curl -G -X GET 'https://localhost:3000/api/ss/project/6361f5e823ad99df8a223c7d/vulnerabilities' --data-urlencode 'q={ $and: [ { priority: { $in: [ "Critical" ] } }, { status: { $eq: "Open" } }, { created: { $gte: datetime("now", "-1 days") } } ] }' -H 'Host: localhost:3000' -H 'X-SSAPI-KEY: ***************************************' -H 'Content-Type: application/json' -H 'Connection: close'

pendingVulnerabilities (boolean) (optional)

Return pending vulnerabilities only.

Example:

GET /api/ss/project/:id/vulnerabilities?pendingVulnerabilities=true HTTP/1.1

asset_cf_key_allowlist (string) (optional)

List of Asset custom field keys to include in response. Add multiple for more than one key e.g. ?asset_cf_key_allowlist=key1&asset_cf_key_allowlist=key2 or specify no keys to exclude all fields e.g. ?asset_cf_key_allowlist=

Example:

GET /api/ss/project/:id/vulnerabilities?asset_cf_key_allowlist=key1&asset_cf_key_allowlist=key2 HTTP/1.1

asset_cf_key_blocklist (string) (optional)

List of Asset custom field keys to exclude from response. Add multiple for more than one key e.g. ?asset_cf_key_blocklist=key1&asset_cf_key_blocklist=key2

Example:

GET /api/ss/project/:id/vulnerabilities?asset_cf_key_blocklist=key1&asset_cf_key_blocklist=key2 HTTP/1.1

project_cf_key_allowlist (string) (optional)

List of Project custom field keys to include in response. Add multiple for more than one key e.g. ?project_cf_key_allowlist=key1&project_cf_key_allowlist=key2 or specify no keys to exclude all fields e.g. ?project_cf_key_allowlist=

Example:

GET /api/ss/project/:id/vulnerabilities?project_cf_key_allowlist=key1&project_cf_key_allowlist=key2 HTTP/1.1

project_cf_key_blocklist (string) (optional)

List of Project custom field keys to exclude from response. Add multiple for more than one key e.g. ?project_cf_key_blocklist=key1&project_cf_key_blocklist=key2

Example:

GET /api/ss/project/:id/vulnerabilities?project_cf_key_blocklist=key1&project_cf_key_blocklist=key2 HTTP/1.1

vulnerability_cf_key_allowlist (string) (optional)

List of Vulnerability custom field keys to include in response. Add multiple for more than one key e.g. ?vulnerability_cf_key_allowlist=key1&vulnerability_cf_key_allowlist=key2 or specify no keys to exclude all fields e.g. ?vulnerability_cf_key_allowlist=

Example:

GET /api/ss/project/:id/vulnerabilities?vulnerability_cf_key_allowlist=key1&vulnerability_cf_key_allowlist=key2 HTTP/1.1

vulnerability_cf_key_blocklist (string) (optional)

List of Vulnerability custom field keys to exclude from response. Add multiple for more than one key e.g. ?vulnerability_cf_key_blocklist=key1&vulnerability_cf_key_blocklist=key2

Example:

GET /api/ss/project/:id/vulnerabilities?vulnerability_cf_key_blocklist=key1&vulnerability_cf_key_blocklist=key2 HTTP/1.1

writeup_cf_key_allowlist (string) (optional)

List of Writeup custom field keys to include in response. Add multiple for more than one key e.g. ?writeup_cf_key_allowlist=key1&writeup_cf_key_allowlist=key2 or specify no keys to exclude all fields e.g. ?writeup_cf_key_allowlist=

Example:

GET /api/ss/project/:id/vulnerabilities?writeup_cf_key_allowlist=key1&writeup_cf_key_allowlist=key2 HTTP/1.1

writeup_cf_key_blocklist (string) (optional)

List of Writeup custom field keys to exclude from response. Add multiple for more than one key e.g. ?writeup_cf_key_blocklist=key1&writeup_cf_key_blocklist=key2

Example:

GET /api/ss/project/:id/vulnerabilities?writeup_cf_key_blocklist=key1&writeup_cf_key_blocklist=key2 HTTP/1.1

Example

The following example is a cURL request to get all Critical vulnerabilities on a project created between 1st January 2020 and 31st December 2020.

Request

Include API Token instead of stars in 'X-SSAPI-KEY: ***************************************' parameter.

curl -X GET 'https://demo.attackforge.com/api/ss/project/5e48c12ec0376309d73aad71/vulnerabilities?startDate=2021-06-03T00:00:00.000Z&endDate=2021-06-04T00:00:00.000Z&priority=Critical' -H 'Host: demo.attackforge.com' -H 'X-SSAPI-KEY: ***************************************' -H 'Content-Type: application/json' -H 'Connection: close'

Response

Response contains an array of vulnerability objects.

{
   "count": 999,
   "vulnerabilities":[
      {
        "vulnerability_id": "...",
        "vulnerability_library_id": "...",
        "vulnerability_alternate_id": "...",
        "vulnerability_created": "...",
        "vulnerability_modified": "...",
        "vulnerability_title": "...",
        "vulnerability_priority": "...",
        "vulnerability_cvssv3_vector": "...",
        "vulnerability_cvssv3_base_score": "...",
        "vulnerability_cvssv3_temporal_score": "...",
        "vulnerability_cvssv3_environmental_score": "...",
        "vulnerability_status": "...",
        "vulnerability_status_updated": "...",
        "vulnerability_retest": "...",
        "vulnerability_likelihood_of_exploitation": 10,
        "vulnerability_steps_to_reproduce": "...",
        "vulnerability_steps_to_reproduce_HTML": "...",
        "vulnerability_tags": [
          "..."
        ],
        "vulnerability_is_zeroday": "...",
        "vulnerability_notes": [
          {
            "note": "...",
            "note_html": "...",
            "type": "PLAINTEXT/RICHTEXT"
          }
        ],
        "vulnerability_description": "...",
        "vulnerability_attack_scenario": "...",
        "vulnerability_remediation_recommendation": "...",
        "vulnerability_remediation_notes": [
          {
            "id": "...",
            "note": "...",
            "note_html": "...",
            "created": "...",
            "created_by": "..."
          }
        ],
        "vulnerability_affected_asset_name": "...",
        "vulnerability_affected_asset_id": "...",
        "vulnerability_affected_asset_library_id": "...",
        "vulnerability_affected_asset_library_external_id": "...",
        "vulnerability_affected_assets": [
          {
            "asset": {
              "id": "...",
              "name": "...",
              "library_id": "...",
              "library_external_id": "...",
              "custom_fields": [
                { 
                  "key": "...",
                  "value": "...",
                  "type": "Field"
                }
              ],
            },
            "notes": [
              "..."
            ],
            "tags": [
              "..."
            ],
            "actioned": true,
            "components": [
              {
                "name": "...",
                "notes": [
                  "..."
                ],
                "tags": [
                  "..."
                ]
              }
            ]
          }
        ],
        "vulnerability_projects" : [
          {
            "code" : "...",
            "custom_fields" : [
              {
                 "key" : "...",
                 "type" : "Field/Tag",
                 "value" : "..."
              }
            ],
            "groups": [
              {
                "id": "...", 
                "name": "..."
              }
            ],
            "id" : "...",
            "name" : "..."
          }
        ],
        "vulnerability_discovered_by": "...",
        "vulnerability_evidence": [
          {
            "file_name": "...",
            "file_name_custom": "...", 
            "storage_name": "...",
            "file_type": "...",
            "file_size_kb": "..."
          }
        ],
        "vulnerability_library_files": [
          {
            "file_name": "...",
            "file_name_custom": "...",
            "storage_name": "...",
            "file_type": "...",
            "file_size_kb": "..."
          }
        ],
        "vulnerability_custom_fields": [
          {
            "key": "...", 
            "value": "...", 
            "type": "Tag/Field"
          }
        ],
        "vulnerability_library_custom_fields": [
          {
            "key": "...", 
            "value": "...", 
            "type": "Tag/Field"
          }
        ],
        "vulnerability_affected_asset_custom_fields": [
          {
            "key": "...", 
            "value": "..."
          }
        ],
        "vulnerability_sla": "...",
        "vulnerability_release_date": "...",
        "vulnerability_target_remediation_date": "...",
        "vulnerability_user": {
          "user_id": "...",
          "first_name": "...",
          "last_name": "..."
        },
        "vulnerability_testcases": ["..."]
      }
   ]
}

PreviousGetProjectTestcasesById NextGetProjectWorkspace

Last updated 3 months ago