As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Current »

/rest/{version}/scans/{scanId}

Descriptor

Value

HTTP Method

GET

Description

Retrieves scan information.

Required Permission

Read Access (Any Role)

Version Introduced

2.3.0

Changes in 2.5.0.2

Added "originalFileNames" field to response.

Changes in 2.5.1

Added the updatedDate field to the response.  This field is present when using older REST versions as well.

Changes in 2.7

Added scan metadata information to the REST call response.

Changes in 2.8

Added Pagination parameters "page" and "pageSize" to all versions of this call.  Findings are now sorted by severity, then scanner vulnerability type name, then path.

Changes in 2.8.3

Added buildId field to the response.

Request Header Parameters

Parameter

Value

Required

Description

Accept

String

Yes

A value of ‘application/json’ must be provided.

Request GET Parameters

Parameter

Value

Required

Description

page

Integer

No

Which page of findings to retrieve of size "pageSize".  Defaults to 1 if not provided.

pageSize

Integer

No

How many findings to retrieve per "page".  Defaults to 10000 if not provided and cannot be greater than 10000.

Sample Call:

curl --insecure -H 'Accept: application/json' -H "Authorization: APIKEY {apiKey}" http://localhost:8080/threadfix/rest/latest/scans/1?page=2&pageSize=20

Sample Output:

Values for importTime and updatedDate are returned as Epoch time in milliseconds.

{
    "message": "",
    "success": true,
    "responseCode": -1,
    "object": {
        "id": 30,
        "importTime": 1309962639000,
		"updatedDate": 1309962639000,
        "numberClosedVulnerabilities": 0,
        "numberNewVulnerabilities": 13,
        "numberOldVulnerabilities": 0,
        "numberResurfacedVulnerabilities": 0,
        "numberTotalVulnerabilities": 13,
        "numberRepeatResults": 0,
        "numberRepeatFindings": 0,
        "numberInfoVulnerabilities": 2,
        "numberLowVulnerabilities": 0,
        "numberMediumVulnerabilities": 6,
        "numberHighVulnerabilities": 5,
        "numberCriticalVulnerabilities": 0,
        "findings": [
            {
                "id": 25007,
                "longDescription": null,
                "attackString": null,
                "attackRequest": "",
                "attackResponse": "",
                "nativeId": "b0f20dd0cf08dbea8da5744fcbdd1ebf",
                "displayId": null,
                "surfaceLocation": {
                    "id": 25007,
                    "parameter": "username",
                    "path": "/demo/SQLI2.php"
                },
                "sourceFileLocation": null,
                "dataFlowElements": [],
				"findingCves": [],
                "calculatedUrlPath": "/demo/SQLI2.php",
                "calculatedFilePath": "",
                "dependency": null,
                "severity": "High",
                "vulnerabilityType": "SQL injection vulnerability"
            },
            {
                "id": 25008,
                "longDescription": null,
                "attackString": null,
                "attackRequest": "",
                "attackResponse": "",
                "nativeId": "766f606f9e293342f98fe53e704d2875",
                "displayId": null,
                "surfaceLocation": {
                    "id": 25008,
                    "parameter": "username",
                    "path": "/demo/XPathInjection2.php"
                },
                "sourceFileLocation": null,
                "dataFlowElements": [],
                "calculatedUrlPath": "/demo/XPathInjection2.php",
                "calculatedFilePath": "",
                "dependency": null,
                "severity": "Medium",
                "vulnerabilityType": "XPATH injection vulnerability"
            },
            ///... Omitted findings for brevity
        ],
        "originalFileNames": [
            "w3af-demo-site.xml",
            "w3af-demo-site-2.xml"
        ],
        "buildID" : null,
		"scanMetadata": [],
        "originalFileNames": [],
        "scannerName": "w3af",
        "numberUnassignedVulnerabilities": 0,
    }
}


  • No labels