As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.

Change Log

Functions Changed in Version 2.8.9 and 3.4

  • The following Submit Defect API calls have been added:

    • Added defectProfileId

    • useDefaultDefectProfile

Functions Changed in Version 2.8.8.2 and 3.3.1

None

Functions Changed in Version 2.8.8 and 3.3

  • The following Global FPR Filter Set API REST calls have been reintroduced in 3.3:

    • Upload Global FPR Filter Set Override 3.X - API

    • Clear Global FPR Filter Set Override 3.X - API

  • The Scan Agent tool API endpoints have been reintroduced

Functions Changed in Version 2.8.7 and 3.2

None

Functions Changed in Version 2.8.6 and 3.1.1

We have updated the following REST call:

  • Get Application from any Team by Unique ID

  • The Vulnerability Search API’s Finding Status is now returned in a REST call response

The following REST calls have had changes:

  • Get Application by Name and Get Application in a Team by Unique ID have been merged into Get Application by Name or Unique ID

Functions Added in Version 2.8.5

In 2.8.5 we updated the following REST calls:

  • Ad Hoc Policy Evaluation

  • Create Application

  • Update Application

Functions Added in Version 2.8.4

None

Functions Added in Version 2.8.3

In 2.8.3 we added the following REST calls:

  • Download .threadfix Scan File

  • Get Event History for Application

  • Get Event History for Team

  • Get Event History for Vulnerability

  • Get Login History for All Users

  • Get Event History for All Users

In 2.8.3 we updated the following REST calls:

  • Get Scan Details

  • List Scans

  • Vulnerability Search

  • Schedule Remote Provider Import

  • Schedule Defect Status Updates

  • Create Application Version

  • Update Application Version

  • Get All Teams

Functions Added in Version 2.8.2

In 2.8.2 we updated the following REST calls:

  • Create Application

  • Update Application

  • Vulnerability Search

  • Update Vulnerability Severity

In 2.8.2 we deprecated the following REST call:

  • Mark vulnerability as exploitable

Functions Added in Version 2.8

In 2.8 we added the following REST calls:

  • Create CI/CD Pass Criteria Group

  • List CI/CD Pass Criteria Groups

  • Get CI/CD Pass Criteria Group Details

  • Add CI/CD Pass Criterion to Pass Criteria Group

  • Remove CI/CD Pass Criterion from Pass Criteria Group

  • Add Application to CI/CD Pass Criteria Group

  • Remove Application from CI/CD Pass Criteria Group

  • Update CI/CD Pass Criteria Group

  • Delete CI/CD Pass Criteria Group

  • Open/Close Vulnerabilities

  • Add Comment to Vulnerabilities

  • Update Vulnerability Comment

  • Delete Vulnerability Comment

In 2.8 we updated the following REST calls:

  • Get Scan Details

  • List Scans

  • List Applications

  • Configure Existing Remote Provider

  • Mark Vulnerability as False Positive

  • Mark Vulnerability as Exploitable

  • Mark Vulnerability as Contested

  • Mark Vulnerability as Verified

  • Vulnerability Search

  • Create Defect Tracker

  • Schedule Defect Status Updates

  • Get Policy

  • Get All Policies

In 2.8 we deprecated the following REST calls:

  • Create CI/CD Pass Criteria

  • Update CI/CD Pass Criteria

  • List CI/CD Pass Criteria

  • Get CI/CD Pass Criteria Details

  • Delete CI/CD Pass Criteria

  • Add Application to CI/CD Pass Criteria

  • Remove Application from CI/CD Pass Criteria

  • Add Manual Finding (replaced by the Pen Test feature in ThreadFix version 2.8 or higher)

Functions Added in Version 2.7.9.1

In 2.7.9.1 we updated the following REST calls:

  • List Defect Tracker Projects

  • Get Defect Tracker Projects

  • Create Defect Tracker

  • Add Defect Tracker to Application

Functions Added in Version 2.7.9

In 2.7.9 we added the following REST calls:

  • Add New Blacklist/Whitelist Entry

  • Change Blacklist/Whitelist Mode

  • Delete Blacklist/Whitelist Entry

  • Update Defect Status 

  • Schedule Defect Status Updates 

In 2.7.9 we updated the following REST calls:

  • Add Defect Tracker to Application

  • Mark Vulnerability as False Positive

  • Mark Vulnerability as Exploitable

  • Mark Vulnerability as Contested

  • Mark Vulnerability as Verified

Functions Added in Version 2.7.8

In 2.7.8 we added the following REST call:

  • Import Remote Provider Scans   

In 2.7.8 we updated the following REST call:

  • Select Default Defect Profile for Application Defect Tracker 

Functions Added in Version 2.7.7

In 2.7.7 we added the following REST call:

  • Schedule Remote Provider Import

  • Delete Scheduled Remote Provider Import

  • List Scheduled Remote Provider Imports

In 2.7.7 we updated the following REST calls:

  • List Vulnerabilities for a Tag

  • Check Pending Scan Status

Functions Added in Version 2.7.6

In 2.7.6 we added the following REST calls:

  • List Defect Tracker Profiles

  • Select Default Defect Profile for Application Defect Tracker

  • Add User to Group

  • Remove User from Group

  • Export Users Audit CSV Report

  • User Audit

  • View Permissible Users for Application

  • View Permissible Users for Team

  • List Users for Group

In 2.7.6 we updated the following REST calls:

  • Delete Applications

  • Get Application by Name

  • Get Application in a Team by Unique ID

  • Import Specific Remote Provider Scan

Functions Added in Version 2.7.5

In 2.7.5 we added the following REST calls:

  • Get Metadata Keys

  • Create Metadata Key

  • Edit Metadata Key

  • Create Application Metadata

  • Edit Application Metadata

  • Delete Application Metadata

  • List Applications

In 2.7.5 we updated the following REST calls:

  • Get Application by ID

  • Get Application by Name

  • Get Application in a Team by Unique ID

  • Get Application from Any Team by Unique ID

In 2.7.5 we deprecated the following REST calls:

  • Create Scan Metadata Key

  • List Scan Metadata Keys

  • Update Scan Metadata Key

Functions Added in Version 2.7.4

In 2.7.4 we added the following REST calls:

  • List Scheduled Email Reports

  • Create Scheduled Email Reports

  • Edit Scheduled Email Report

  • Delete Scheduled Email Report

  • Add Email List to Scheduled Email Report

  • Remove Email List from Scheduled Email Report

  • List Email Lists

In addition, API Requests without a version specified have been deprecated.

For more information on API versioning, click here.

Functions Added in Version 2.7.3

In 2.7.3 we added the following REST calls:

  • Defect Search

  • Defect Details

  • Delete Application Defect Tracker

Functions Added in Version 2.7.2

In 2.7.2 we added the following REST call:

  • Add vulnerability to existing defect

Functions Added in Version 2.7.1

In 2.7.1 we added the following REST calls:

  • List Scan Metadata Keys

  • Create Metadata Key

  • Update Scan Metadata Key

  • Create Scan Metadata

  • Update Scan Metadata Description

  • Delete Scan Metadata

In 2.7.1 we modified the following REST calls:

  • Update Application

  • Vulnerability Search

Functions Added in Version 2.7

In 2.7 we modified the following REST call:

  • Vulnerability Search

Functions Added in Version 2.6.2

In 2.6.2, we added 8 new REST calls:

  • Import LDAP Users

  • Prune LDAP Users

  • Create User

  • Delete User

  • Create Group

  • Edit Group

  • Delete Group

  • Defect Creation Health Check

In 2.6.2, we modified the following REST calls:

  • Get Application Policy Status

  • Edit User

Functions Added in Version 2.6

In 2.6, we added 10 new REST calls:

  • Add Tag to Vulnerability

  • Remove Tag from Vulnerability

  • List Vulnerabilities for a Tag

  • Mark Vulnerability as False Positive

  • Edit User

  • Ad Hoc Policy Evaluation

  • Retrieve All Policies

  • Add Policy to Team

  • Remove Policy from Team

  • List Defect Tracker Projects

Functions Added in Version 2.5.3

In 2.5.3, we added 5 new REST calls:

  • Attach File to Application

  • Attach File to Vulnerability

  • Delete Applications

  • Delete Defect Trackers

  • Delete Defect Tracker Profiles

Functions Updated in Version 2.5.2

In 2.5.2, we made changes to the following REST calls, which you can see from each of their pages:

  • Vulnerability Search

  • Configure LDAP Settings

  • Get LDAP Configuration Details

  • Get Groups

Functions Added in Version 2.5.1.17

In 2.5.1.17, we added 4 new REST calls:

  • Get Tags by Vulnerability

  • Get Document Attached to Vulnerability

  • Delete Scan

  • Update defect tracker information

Functions Added in Version 2.5.1.13

In 2.5.1.13, we added 4 new REST calls:

  • Remove Application Permission from Group

  • Remove Application Permission from User

  • Remove Team Permission from Group

  • Remove Team Permission from User

We also updated the following REST call, which you can see from its page:

  • Download Scan File

Functions Added in Version 2.5.1.12

In 2.5.1.12, we added 7 new REST calls:

  • Add Application Permission to Group

  • Add Application Permission to User

  • Add Team Permission to Group

  • Add Team Permission to User

  • Get Groups

  • Get Roles

  • Get Users

We also made changes to the following REST calls, which you can see from each of their pages:

  • Get Policy

  • Get All Policies

  • Get Application Policy Status

Functions Added in Version 2.5.1.7

In 2.5.1.7, we added 1 new REST call:

  • Close Vulnerabilities

Functions Added in Version 2.5.1.1

In 2.5.1.1, we added 2 new REST calls:

  • List Severities

  • Update Vulnerability Severity

Functions Added in Version 2.5.1

In 2.5.1, we added 4 new REST calls:

  • Create Application Version

  • Update Application Version

  • Delete Application Version

  • Add Application to Policy

We also made changes to the following REST calls, which you can see from each of their pages:

  • Vulnerability Search

  • Set Application WAF

  • Set Application URL

  • Set Application Parameters

  • List Scans

  • Get Scan Details

  • Get Application in a Team by Unique ID

  • Get Application by Name

  • Get Application by ID

  • Get Application from any Team by Unique ID

  • Create Defect Tracker

  • Add Defect Tracker to Application

Functions Added in Version 2.5.0.7

In 2.5.0.7, we added 5 new REST calls:

  • Sync Remote Provider Applications

  • Configure LDAP Settings

  • Get LDAP Configuration Details

  • Configure Email Settings

  • Get Email Configuration Details

Functions Updated in Version 2.5.0.2

In 2.5.0.2, we added 2 new REST calls:

  • Get Scan Agent Scanners

  • Download Scan File

We also made changes to the following REST calls, which you can see from each of their pages:

  • Update Application

  • Get Application by ID

  • Get Application by Name

  • Get Application in a Team by Unique ID

  • Get Application from any Team by Unique ID

  • Get Scan Details

Function Updated in Version 2.5.0.1

We added the ability to provide the API Key in the Authorization header. This header takes precedence over the API Key in the URL. Both can be specified, but having the Authorization header will override the API Key in the URL.

To take advantage of this feature, add the following to your command, replacing api_key with the user's API Key:

-H 'Authorization: APIKEY api_key'

Functions Updated in Version 2.5

Some existing calls now have a new “Links” field in the response.  This field is used to provide endpoints that may be relevant to you after making certain calls.  Here are the old calls with this new field:

  • Upload Scan

  • Multiple File Scan Upload

Additionally, we’ve added new endpoints for Remote Providers and the new CI/CD features:

  • Create CI/CD Pass Criteria

  • Update CI/CD Pass Criteria

  • List CI/CD Pass Criteria

  • Get CI/CD Pass Criteria Details

  • Delete CI/CD Pass Criteria

  • Evaluate CI/CD Pass Criteria

  • Create CI/CD Defect Reporter

  • Update CI/CD Defect Reporter

  • List CI/CD Defect Reporters

  • Get CI/CD Defect Reporter Details

  • Delete CI/CD Defect Reporter

  • Add Application to CI/CD Defect Reporter

  • Remove Application from CI/CD Defect Reporter

  • Get Remote Providers

  • Get Remote Provider Applications

  • Get Remote Provider Applications By Name

  • Add Remote Provider Application Mapping

  • Remove Remote Provider Application Mapping

  • Get Remote Provider Application Versions

  • Import Remote Provider Scans

  • Check Remote Provider Application Import Status

  • Import Remote Provider (Import All)

  • Queue Remote Provider Scan

  • Check Pending Scan Status

Functions Updated in Version 2.4.5

See the function descriptions for more detail on specific changes.

  • Upload Scan

  • Multiple File Scan Upload

  • Get Defect Tracker Fields

  • Get Defect Tracker Fields for Specified Tracker

Functions Updated in Version 2.4.1

See the function descriptions for more detail on specific changes.

  • Get All Policies

  • Get Policy

  • Get Application Policy Status

Functions Updated in Version 2.4.0

See the function descriptions for more detail on specific changes.

  • Get Application by ID

  • Get Application by Name

  • Get Application by Unique ID

  • Get Applications by Unique ID

  • Update Application

  • Get All Teams

  • Vulnerability Search



In 2.5.1, we added 4 new REST calls:

  • Create Application Version

  • Update Application Version

  • Delete Application Version

  • Add Application to Policy

We also made changes to the following REST calls, which you can see from each of their pages:

  • Vulnerability Search

  • Set Application WAF

  • Set Application URL

  • Set Application Parameters

  • List Scans

  • Get Scan Details

  • Get Application in a Team by Unique ID

  • Get Application by Name

  • Get Application by ID

  • Get Application from any Team by Unique ID

  • Create Defect Tracker

  • Add Defect Tracker to Application

Table of Contents



API Page Tree:

www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.