As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.
Submit Defect - API
- Kyle Pippin (Unlicensed)
- Daniel Colon
- David Harrison (Unlicensed)
/rest/{version}/defects/{appId}/defectSubmission
Descriptor | Value |
|---|---|
HTTP Method | POST |
Description | Submits a defect for a vulnerability in the app with the given appId. (works only if you have a single defect tracker attached to the application; if more than one, use the Submit Defect to Specified Tracker - API call and specify which one to use) |
Required Permission | Submit Defects |
Version Introduced | 2.3.0 |
Changes in 2.8.9 | Added defectProfileId and useDefaultDefectProfile |
Request Header Parameters
Parameter | Value | Required | Description |
|---|---|---|---|
Accept | String | Yes | A value of ‘application/json’ must be provided. |
Request POST Data Parameters
The available Data Parameters depend on the Defect Tracker being used and can vary based on your configurations for the Defect Tracker. Use the “Get Defect Tracker Fields” call to see what you will need. The following parameters should always be available.
Parameter | Value | Required | Description |
|---|---|---|---|
summary | String | Yes | Title of the Defect Tracker ticket submitted. |
AdditionalScannerInfo | String | No | Denotes if the defect should include extra fields specified in defectDescription.vm. |
vulnerabilityIds | Integer | Yes | Ids for the vulnerabilities to file a defect for. Only one defect is created and all the vulnerabilities are attached to it. |
DescriptionTemplate | String | No | Choose the description template, Filename e.g. Classic_Description.vm. |
IncludeScannerDetail | String | No | True or False, checkbox for additional scanner detail. |
defectProfileId | String | No | Profile Id for a submitted defect. Note: Cannot be used at the same time as useDefaultDefectProfile. |
useDefaultDefectProfile | String | No | Creates a defect using the profile selected on the Application Defect Tracker page. Note: Cannot be used at the same time as defectProfileId. |
In Jira if no issuetype is furnished, the submitted ticket will default to using issuetype=1 corresponding to Bug issue type Defect ticket.
Defect Profile Use Logic
The following demonstrates the operating logic:
IF
useDefaultDefectProfile=true
THEN
all default profile values for that application are applied when creating the defect. Any specific field values passed into the call will act as overrides
ELSE IF
useDefaultDefectProfile=false AND defectProfileId is set
THEN
all specified profile values for that application are applied when creating a defect, any specific field values passed into the call will act as overrides
ELSE IF
useDefaultDefectProfile=false AND defectProfileId is NOT set
THEN
only the passed in field values will be used in creating the defect
Sample Call:
curl --insecure -H 'Accept: application/json' -H "Authorization: APIKEY {apiKey}" -X POST --data 'issuetype=1&summary=TestSummary&description=TestDescription&project=10000&customfield_10500=Test&assignee=threadfix&vulnerabilityIds=2&vulnerabilityIds=3' http://localhost:8080/threadfix/rest/latest/defects/1/defectSubmissionSample Output:
{
"message": "",
"success": true,
"responseCode": -1,
"object": "The Defect was submitted to the tracker."
} www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.
This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.