As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.

Submit Defect - API

/rest/{version}/defects/{appId}/defectSubmission

Descriptor

Value

HTTP Method

POST

Description

Submits a defect for a vulnerability in the app with the given appId.

(works only if you have a single defect tracker attached to the application; if more than one, use the Submit Defect to Specified Tracker - API call and specify which one to use)

Required Permission

Submit Defects

Version Introduced

2.3.0

Changes in 2.8.9

Added defectProfileId and useDefaultDefectProfile

Request Header Parameters

Parameter

Value

Required

Description

Accept

String

Yes

A value of ‘application/json’ must be provided.

Request POST Data Parameters

The available Data Parameters depend on the Defect Tracker being used and can vary based on your configurations for the Defect Tracker.  Use the “Get Defect Tracker Fields” call to see what you will need.  The following parameters should always be available.

Parameter

Value

Required

Description

summary

String

Yes

Title of the Defect Tracker ticket submitted. 

AdditionalScannerInfo

String

No

Denotes if the defect should include extra fields specified in defectDescription.vm.

vulnerabilityIds

Integer

Yes

Ids for the vulnerabilities to file a defect for.  Only one defect is created and all the vulnerabilities are attached to it.

DescriptionTemplate

String

No

Choose the description template, Filename e.g. Classic_Description.vm.

IncludeScannerDetail

String

No

True or False, checkbox for additional scanner detail.

defectProfileId

String

No

Profile Id for a submitted defect. Note: Cannot be used at the same time as useDefaultDefectProfile.

useDefaultDefectProfile

String

No

Creates a defect using the profile selected on the Application Defect Tracker page. Note: Cannot be used at the same time as defectProfileId.

In Jira if no issuetype is furnished, the submitted ticket will default to using issuetype=1 corresponding to Bug issue type Defect ticket. 

 

Defect Profile Use Logic

The following demonstrates the operating logic:

IF
useDefaultDefectProfile=true
THEN
all default profile values for that application are applied when creating the defect. Any specific field values passed into the call will act as overrides
ELSE IF
useDefaultDefectProfile=false AND defectProfileId is set
THEN
all specified profile values for that application are applied when creating a defect, any specific field values passed into the call will act as overrides
ELSE IF
useDefaultDefectProfile=false AND defectProfileId is NOT set
THEN
only the passed in field values will be used in creating the defect

Sample Call:

curl --insecure -H 'Accept: application/json' -H "Authorization: APIKEY {apiKey}" -X POST --data 'issuetype=1&summary=TestSummary&description=TestDescription&project=10000&customfield_10500=Test&assignee=threadfix&vulnerabilityIds=2&vulnerabilityIds=3' http://localhost:8080/threadfix/rest/latest/defects/1/defectSubmission

Sample Output:

{     "message": "",     "success": true,     "responseCode": -1,     "object": "The Defect was submitted to the tracker." }







www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.