As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.

Create Application - API

Create Application

/rest/{version}/teams/{teamId}/applications/new


Descriptor

Value

HTTP Method

POST

Description

Creates an application under the given team with id of teamId.

Required Permission

Manage Applications

Version Introduced2.3.0
Changes in 2.7.5Added "testEnvironment", "releaseFrequency", and "isInternal" to the REST call response.
Changes in 2.7.9Added "unassignedVulnCount" for unmapped severities.
Changes in 2.8.2Added ability to add description to application.
Changes in 2.8.5Added the following parameters: testEnvironment, uniqueId, applicationCriticality, frameworkType, releaseFrequency, skipApplicationMerge, isInternal, associatedUser, repositoryUrl, repositoryType, repositoryBranch, repositoryUserName, repositoryPassword, repositoryFolder

Request Header Parameters

Parameter

Value

Required

Description

Accept

String

Yes

A value of ‘application/json’ must be provided.

AuthorizationAPIKEY {apiKey}YesAPI being used to execute API call.


Request POST Data Parameters

Parameter

Value

Required

Description

Available Values

name

String

Yes

The name of the new application that is being created.


url

String

No

The URL of where the application being assessed lives.


descriptionStringNoThe text to be included in the description field for the application.

testEnvironment

StringNoThe name of the test environment associated with the new application being created.N/A

uniqueId

StringNoA unique ID value to assign to the application.N/A

applicationCriticality

IntegerNoThe severity level for the application, from 1 for Low to 4 for Critical.

“1”, “2”, “3”, “4”

frameworkType

String

No


The web framework the app was built on.

“DETECT”, “JSP”, “RAILS”, “SPRING_MVC”, “STRUTS”, “DOT_NET_MVC”, “DOT_NET_WEB_FORMS”

releaseFrequency

String

No


Selectable option for how frequently the application updates."UNKNOWN", "DAILY", "WEEKLY", "BIWEEKLY", "MONTHLY"

skipApplicationMerge

BooleanNoSetting to enable or disable vulnerability merging for an application.TRUE, FALSE

isInternal

BooleanNoSetting to enable or disable internal status for the application.N/A

associatedUser

StringNoUser name(s) associated with the new application being created.N/A

repositoryUrl

StringNoThe repository where the source code for the app can be found.  Requires repositoryType to be specified.N/A

repositoryType

StringPossiblyThe type of repository your repositoryUrl refers to.  Required if you specify a repositoryUrl.“GIT”, “SVN”

repositoryBranch

StringNoThe git branch for the source code.N/A

repositoryUserName

StringNoThe user name to use for git credentials.N/A

repositoryPassword

StringNoThe password to use for git credentials.N/A
repositoryFolderStringNoThe root directory for the source code.N/A


Sample Call:

curl --insecure -H 'Accept: application/json' -H "Authorization: APIKEY {apiKey}" -X POST --data 'name=Test App&url=http://example.com' http://localhost:8080/threadfix/rest/latest/teams/1/applications/new


Sample Output:


{
    "message": "",
    "success": true,
    "responseCode": -1,
    "object": {
        "id": 38,
        "name": "API team",
        "url": "http://example.com",
        "uniqueId": null,
        "applicationCriticality": {
            "id": 1,
            "name": "Low"
        },
        "policyStatuses": [],
        "description": null,
        "releaseFrequency": "UNKNOWN",
        "testEnvironment": null,
        "grcApplication": null,
        "scans": [],
        "infoVulnCount": 0,
        "lowVulnCount": 0,
        "mediumVulnCount": 0,
        "highVulnCount": 0,
        "criticalVulnCount": 0,
        "totalVulnCount": 0,
        "isInternal": false,
        "unassignedVulnCount": 0,
        "waf": null,
        "organization": {
            "name": "Test Team",
            "id": 1
        }
    }
}

www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.