As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.
Change Log
Functions Changed in Version 2.8.9 and 3.4
The following Submit Defect API calls have been added:
Added defectProfileId
useDefaultDefectProfile
Functions Changed in Version 2.8.8.2 and 3.3.1
None
Functions Changed in Version 2.8.8 and 3.3
The following Global FPR Filter Set API REST calls have been reintroduced in 3.3:
Upload Global FPR Filter Set Override 3.X - API
Clear Global FPR Filter Set Override 3.X - API
The Scan Agent tool API endpoints have been reintroduced
Functions Changed in Version 2.8.7 and 3.2
None
Functions Changed in Version 2.8.6 and 3.1.1
We have updated the following REST call:
Get Application from any Team by Unique ID
The Vulnerability Search API’s Finding Status is now returned in a REST call response
The following REST calls have had changes:
Get Application by Name and Get Application in a Team by Unique ID have been merged into Get Application by Name or Unique ID
Functions Added in Version 2.8.5
In 2.8.5 we updated the following REST calls:
Ad Hoc Policy Evaluation
Create Application
Update Application
Functions Added in Version 2.8.4
None
Functions Added in Version 2.8.3
In 2.8.3 we added the following REST calls:
Download .threadfix Scan File
Get Event History for Application
Get Event History for Team
Get Event History for Vulnerability
Get Login History for All Users
Get Event History for All Users
In 2.8.3 we updated the following REST calls:
Get Scan Details
List Scans
Vulnerability Search
Schedule Remote Provider Import
Schedule Defect Status Updates
Create Application Version
Update Application Version
Get All Teams
Functions Added in Version 2.8.2
In 2.8.2 we updated the following REST calls:
Create Application
Update Application
Vulnerability Search
Update Vulnerability Severity
In 2.8.2 we deprecated the following REST call:
Mark vulnerability as exploitable
Functions Added in Version 2.8
In 2.8 we added the following REST calls:
Create CI/CD Pass Criteria Group
List CI/CD Pass Criteria Groups
Get CI/CD Pass Criteria Group Details
Add CI/CD Pass Criterion to Pass Criteria Group
Remove CI/CD Pass Criterion from Pass Criteria Group
Add Application to CI/CD Pass Criteria Group
Remove Application from CI/CD Pass Criteria Group
Update CI/CD Pass Criteria Group
Delete CI/CD Pass Criteria Group
Open/Close Vulnerabilities
Add Comment to Vulnerabilities
Update Vulnerability Comment
Delete Vulnerability Comment
In 2.8 we updated the following REST calls:
Get Scan Details
List Scans
List Applications
Configure Existing Remote Provider
Mark Vulnerability as False Positive
Mark Vulnerability as Exploitable
Mark Vulnerability as Contested
Mark Vulnerability as Verified
Vulnerability Search
Create Defect Tracker
Schedule Defect Status Updates
Get Policy
Get All Policies
In 2.8 we deprecated the following REST calls:
Create CI/CD Pass Criteria
Update CI/CD Pass Criteria
List CI/CD Pass Criteria
Get CI/CD Pass Criteria Details
Delete CI/CD Pass Criteria
Add Application to CI/CD Pass Criteria
Remove Application from CI/CD Pass Criteria
Add Manual Finding (replaced by the Pen Test feature in ThreadFix version 2.8 or higher)
Functions Added in Version 2.7.9.1
In 2.7.9.1 we updated the following REST calls:
List Defect Tracker Projects
Get Defect Tracker Projects
Create Defect Tracker
Add Defect Tracker to Application
Functions Added in Version 2.7.9
In 2.7.9 we added the following REST calls:
Add New Blacklist/Whitelist Entry
Change Blacklist/Whitelist Mode
Delete Blacklist/Whitelist Entry
Update Defect Status
Schedule Defect Status Updates
In 2.7.9 we updated the following REST calls:
Add Defect Tracker to Application
Mark Vulnerability as False Positive
Mark Vulnerability as Exploitable
Mark Vulnerability as Contested
Mark Vulnerability as Verified
Functions Added in Version 2.7.8
In 2.7.8 we added the following REST call:
Import Remote Provider Scans
In 2.7.8 we updated the following REST call:
Select Default Defect Profile for Application Defect Tracker
Functions Added in Version 2.7.7
In 2.7.7 we added the following REST call:
Schedule Remote Provider Import
Delete Scheduled Remote Provider Import
List Scheduled Remote Provider Imports
In 2.7.7 we updated the following REST calls:
List Vulnerabilities for a Tag
Check Pending Scan Status
Functions Added in Version 2.7.6
In 2.7.6 we added the following REST calls:
List Defect Tracker Profiles
Select Default Defect Profile for Application Defect Tracker
Add User to Group
Remove User from Group
Export Users Audit CSV Report
User Audit
View Permissible Users for Application
View Permissible Users for Team
List Users for Group
In 2.7.6 we updated the following REST calls:
Delete Applications
Get Application by Name
Get Application in a Team by Unique ID
Import Specific Remote Provider Scan
Functions Added in Version 2.7.5
In 2.7.5 we added the following REST calls:
Get Metadata Keys
Create Metadata Key
Edit Metadata Key
Create Application Metadata
Edit Application Metadata
Delete Application Metadata
List Applications
In 2.7.5 we updated the following REST calls:
Get Application by ID
Get Application by Name
Get Application in a Team by Unique ID
Get Application from Any Team by Unique ID
In 2.7.5 we deprecated the following REST calls:
Create Scan Metadata Key
List Scan Metadata Keys
Update Scan Metadata Key
Functions Added in Version 2.7.4
In 2.7.4 we added the following REST calls:
List Scheduled Email Reports
Create Scheduled Email Reports
Edit Scheduled Email Report
Delete Scheduled Email Report
Add Email List to Scheduled Email Report
Remove Email List from Scheduled Email Report
List Email Lists
In addition, API Requests without a version specified have been deprecated.
For more information on API versioning, click here.
Functions Added in Version 2.7.3
In 2.7.3 we added the following REST calls:
Defect Search
Defect Details
Delete Application Defect Tracker
Functions Added in Version 2.7.2
In 2.7.2 we added the following REST call:
Add vulnerability to existing defect
Functions Added in Version 2.7.1
In 2.7.1 we added the following REST calls:
List Scan Metadata Keys
Create Metadata Key
Update Scan Metadata Key
Create Scan Metadata
Update Scan Metadata Description
Delete Scan Metadata
In 2.7.1 we modified the following REST calls:
Update Application
Vulnerability Search
Functions Added in Version 2.7
In 2.7 we modified the following REST call:
Vulnerability Search
Functions Added in Version 2.6.2
In 2.6.2, we added 8 new REST calls:
Import LDAP Users
Prune LDAP Users
Create User
Delete User
Create Group
Edit Group
Delete Group
Defect Creation Health Check
In 2.6.2, we modified the following REST calls:
Get Application Policy Status
Edit User
Functions Added in Version 2.6
In 2.6, we added 10 new REST calls:
Add Tag to Vulnerability
Remove Tag from Vulnerability
List Vulnerabilities for a Tag
Mark Vulnerability as False Positive
Edit User
Ad Hoc Policy Evaluation
Retrieve All Policies
Add Policy to Team
Remove Policy from Team
List Defect Tracker Projects
Functions Added in Version 2.5.3
In 2.5.3, we added 5 new REST calls:
Attach File to Application
Attach File to Vulnerability
Delete Applications
Delete Defect Trackers
Delete Defect Tracker Profiles
Functions Updated in Version 2.5.2
In 2.5.2, we made changes to the following REST calls, which you can see from each of their pages:
Vulnerability Search
Configure LDAP Settings
Get LDAP Configuration Details
Get Groups
Functions Added in Version 2.5.1.17
In 2.5.1.17, we added 4 new REST calls:
Get Tags by Vulnerability
Get Document Attached to Vulnerability
Delete Scan
Update defect tracker information
Functions Added in Version 2.5.1.13
In 2.5.1.13, we added 4 new REST calls:
Remove Application Permission from Group
Remove Application Permission from User
Remove Team Permission from Group
Remove Team Permission from User
We also updated the following REST call, which you can see from its page:
Download Scan File
Functions Added in Version 2.5.1.12
In 2.5.1.12, we added 7 new REST calls:
Add Application Permission to Group
Add Application Permission to User
Add Team Permission to Group
Add Team Permission to User
Get Groups
Get Roles
Get Users
We also made changes to the following REST calls, which you can see from each of their pages:
Get Policy
Get All Policies
Get Application Policy Status
Functions Added in Version 2.5.1.7
In 2.5.1.7, we added 1 new REST call:
Close Vulnerabilities
Functions Added in Version 2.5.1.1
In 2.5.1.1, we added 2 new REST calls:
List Severities
Update Vulnerability Severity
Functions Added in Version 2.5.1
In 2.5.1, we added 4 new REST calls:
Create Application Version
Update Application Version
Delete Application Version
Add Application to Policy
We also made changes to the following REST calls, which you can see from each of their pages:
Vulnerability Search
Set Application WAF
Set Application URL
Set Application Parameters
List Scans
Get Scan Details
Get Application in a Team by Unique ID
Get Application by Name
Get Application by ID
Get Application from any Team by Unique ID
Create Defect Tracker
Add Defect Tracker to Application
Functions Added in Version 2.5.0.7
In 2.5.0.7, we added 5 new REST calls:
Sync Remote Provider Applications
Configure LDAP Settings
Get LDAP Configuration Details
Configure Email Settings
Get Email Configuration Details
Functions Updated in Version 2.5.0.2
In 2.5.0.2, we added 2 new REST calls:
Get Scan Agent Scanners
Download Scan File
We also made changes to the following REST calls, which you can see from each of their pages:
Update Application
Get Application by ID
Get Application by Name
Get Application in a Team by Unique ID
Get Application from any Team by Unique ID
Get Scan Details
Function Updated in Version 2.5.0.1
We added the ability to provide the API Key in the Authorization header. This header takes precedence over the API Key in the URL. Both can be specified, but having the Authorization header will override the API Key in the URL.
To take advantage of this feature, add the following to your command, replacing api_key with the user's API Key:
-H 'Authorization: APIKEY api_key'
Functions Updated in Version 2.5
Some existing calls now have a new “Links” field in the response. This field is used to provide endpoints that may be relevant to you after making certain calls. Here are the old calls with this new field:
Upload Scan
Multiple File Scan Upload
Additionally, we’ve added new endpoints for Remote Providers and the new CI/CD features:
Create CI/CD Pass Criteria
Update CI/CD Pass Criteria
List CI/CD Pass Criteria
Get CI/CD Pass Criteria Details
Delete CI/CD Pass Criteria
Evaluate CI/CD Pass Criteria
Create CI/CD Defect Reporter
Update CI/CD Defect Reporter
List CI/CD Defect Reporters
Get CI/CD Defect Reporter Details
Delete CI/CD Defect Reporter
Add Application to CI/CD Defect Reporter
Remove Application from CI/CD Defect Reporter
Get Remote Providers
Get Remote Provider Applications
Get Remote Provider Applications By Name
Add Remote Provider Application Mapping
Remove Remote Provider Application Mapping
Get Remote Provider Application Versions
Import Remote Provider Scans
Check Remote Provider Application Import Status
Import Remote Provider (Import All)
Queue Remote Provider Scan
Check Pending Scan Status
Functions Updated in Version 2.4.5
See the function descriptions for more detail on specific changes.
Upload Scan
Multiple File Scan Upload
Get Defect Tracker Fields
Get Defect Tracker Fields for Specified Tracker
Functions Updated in Version 2.4.1
See the function descriptions for more detail on specific changes.
Get All Policies
Get Policy
Get Application Policy Status
Functions Updated in Version 2.4.0
See the function descriptions for more detail on specific changes.
Get Application by ID
Get Application by Name
Get Application by Unique ID
Get Applications by Unique ID
Update Application
Get All Teams
Vulnerability Search
In 2.5.1, we added 4 new REST calls:
Create Application Version
Update Application Version
Delete Application Version
Add Application to Policy
We also made changes to the following REST calls, which you can see from each of their pages:
Vulnerability Search
Set Application WAF
Set Application URL
Set Application Parameters
List Scans
Get Scan Details
Get Application in a Team by Unique ID
Get Application by Name
Get Application by ID
Get Application from any Team by Unique ID
Create Defect Tracker
Add Defect Tracker to Application
Table of Contents
- 1.1 Functions Changed in Version 2.8.9 and 3.4
- 1.2 Functions Changed in Version 2.8.8.2 and 3.3.1
- 1.3 Functions Changed in Version 2.8.8 and 3.3
- 1.4 Functions Changed in Version 2.8.7 and 3.2
- 1.5 Functions Changed in Version 2.8.6 and 3.1.1
- 1.6 Functions Added in Version 2.8.5
- 1.7 Functions Added in Version 2.8.4
- 1.8 Functions Added in Version 2.8.3
- 1.9 Functions Added in Version 2.8.2
- 1.10 Functions Added in Version 2.8
- 1.11 In 2.8 we added the following REST calls:
- 1.12 Functions Added in Version 2.7.9.1
- 1.13 Functions Added in Version 2.7.9
- 1.14 Functions Added in Version 2.7.8
- 1.15 Functions Added in Version 2.7.7
- 1.16 Functions Added in Version 2.7.6
- 1.17 Functions Added in Version 2.7.5
- 1.18 Functions Added in Version 2.7.4
- 1.19 Functions Added in Version 2.7.3
- 1.20 Functions Added in Version 2.7.2
- 1.21 Functions Added in Version 2.7.1
- 1.22 Functions Added in Version 2.7
- 1.23 Functions Added in Version 2.6.2
- 1.24 Functions Added in Version 2.6
- 1.25 Functions Added in Version 2.5.3
- 1.26 Functions Updated in Version 2.5.2
- 1.27 Functions Added in Version 2.5.1.17
- 1.28 Functions Added in Version 2.5.1.13
- 1.29 Functions Added in Version 2.5.1.12
- 1.30 Functions Added in Version 2.5.1.7
- 1.31 Functions Added in Version 2.5.1.1
- 1.32 Functions Added in Version 2.5.1
- 1.33 Functions Added in Version 2.5.0.7
- 1.34 Functions Updated in Version 2.5.0.2
- 1.35 Function Updated in Version 2.5.0.1
- 1.36 Functions Updated in Version 2.5
- 1.37 Functions Updated in Version 2.4.5
- 1.38 Functions Updated in Version 2.4.1
- 1.39 Functions Updated in Version 2.4.0
- 2 Table of Contents
API Page Tree:
www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.
This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.