As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.
Get Scan Details - API
/rest/{version}/scans/{scanId}
Descriptor | Value |
---|---|
HTTP Method | GET |
Description | Retrieves scan information. |
Required Permission | Read Access (Any Role) |
Version Introduced | 2.3.0 |
Changes in 2.5.0.2 | Added "originalFileNames" field to response. |
Changes in 2.5.1 | Added the updatedDate field to the response. Â This field is present when using older REST versions as well. |
Changes in 2.7 | Added scan metadata information to the REST call response. |
Changes in 2.8 | Added Pagination parameters "page" and "pageSize" to all versions of this call. Findings are now sorted by severity, then scanner vulnerability type name, then path. |
Changes in 2.8.3 | Added buildId field to the response. |
Request Header Parameters
Parameter | Value | Required | Description |
---|---|---|---|
Accept | String | Yes | A value of ‘application/json’ must be provided. |
Request GET Parameters
Parameter | Value | Required | Description |
---|---|---|---|
page | Integer | No | Which page of findings to retrieve of size "pageSize". Defaults to 1 if not provided. |
pageSize | Integer | No | How many findings to retrieve per "page". Defaults to 10000 if not provided and cannot be greater than 10000. |
Sample Call:
curl --insecure -H 'Accept: application/json' -H "Authorization: APIKEY {apiKey}" http://localhost:8080/threadfix/rest/latest/scans/1?page=2&pageSize=20
Sample Output:
Values for importTime and updatedDate are returned as Epoch time in milliseconds.
{
"message": "",
"success": true,
"responseCode": -1,
"object": {
"id": 30,
"importTime": 1309962639000,
"updatedDate": 1309962639000,
"numberClosedVulnerabilities": 0,
"numberNewVulnerabilities": 13,
"numberOldVulnerabilities": 0,
"numberResurfacedVulnerabilities": 0,
"numberTotalVulnerabilities": 13,
"numberRepeatResults": 0,
"numberRepeatFindings": 0,
"numberInfoVulnerabilities": 2,
"numberLowVulnerabilities": 0,
"numberMediumVulnerabilities": 6,
"numberHighVulnerabilities": 5,
"numberCriticalVulnerabilities": 0,
"findings": [
{
"id": 25007,
"longDescription": null,
"attackString": null,
"attackRequest": "",
"attackResponse": "",
"nativeId": "b0f20dd0cf08dbea8da5744fcbdd1ebf",
"displayId": null,
"surfaceLocation": {
"id": 25007,
"parameter": "username",
"path": "/demo/SQLI2.php"
},
"sourceFileLocation": null,
"dataFlowElements": [],
"findingCves": [],
"calculatedUrlPath": "/demo/SQLI2.php",
"calculatedFilePath": "",
"dependency": null,
"severity": "High",
"vulnerabilityType": "SQL injection vulnerability"
},
{
"id": 25008,
"longDescription": null,
"attackString": null,
"attackRequest": "",
"attackResponse": "",
"nativeId": "766f606f9e293342f98fe53e704d2875",
"displayId": null,
"surfaceLocation": {
"id": 25008,
"parameter": "username",
"path": "/demo/XPathInjection2.php"
},
"sourceFileLocation": null,
"dataFlowElements": [],
"calculatedUrlPath": "/demo/XPathInjection2.php",
"calculatedFilePath": "",
"dependency": null,
"severity": "Medium",
"vulnerabilityType": "XPATH injection vulnerability"
},
///... Omitted findings for brevity
],
"originalFileNames": [
"w3af-demo-site.xml",
"w3af-demo-site-2.xml"
],
"buildID" : null,
"scanMetadata": [],
"originalFileNames": [],
"scannerName": "w3af",
"numberUnassignedVulnerabilities": 0,
}
}
www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.
This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.