As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.

Multiple File Scan Upload - API

/rest/{version}/applications/{appId}/upload/multi

Descriptor

Value

HTTP Method

POST

Description

Uploads multiple files to the app with the given appId.  If you choose to upload the files as a single scan, the files must all be from the same scanner (such as all w3af scans).

Required Permission

Upload Scans

Version Introduced

2.3.0

Changes in 2.4.5

Starting with Version 2.4.5, this call adds the scans to the Scan Upload Queue, and returns an entirely different response.  The scans have not finished importing into an application at the time the call returns; if you have automation using this call, make sure to use the legacy version or adjust your automation accordingly.

Changes in 2.5

The new Links section includes a link to the endpoint you can hit to check the status of the scan after it’s been added to the queue.

Changes in 2.8.8

Returned pending scan status is now versioned.

Request Header Parameters

Parameter

Value

Required

Description

Accept

String

Yes

A value of ‘application/json’ must be provided.

Request POST Data Parameters

Parameter

Value

Required

Description

file

File

Yes

A scan you want to upload to the application in ThreadFix.  This parameter can be used multiple times but must be used at least once.

Format: file[]=@path/to/file

  • Must precede the file path with the @ symbol)

  • Windows: use double backslashes in the path, e.g., C:\\path\\to\\file.ext

bulkUpload

Boolean

No

Set to False if not provided.

true = Upload the files as separate scan files.

false = Upload the files as a single scan.

Sample Call:

curl --insecure -H 'Accept: application/json' -H "Authorization: APIKEY {apiKey}" -X POST -F 'bulkUpload=false' -F file[]=@path/to/file/w3af-scan.xml -F file[]=@path/to/scanfile/w3af-scan2.xml http://localhost:8080/threadfix/rest/latest/applications/1/upload/multi

 

Sample Output (v2.8.8 through latest):

{ "message": "", "success": true, "responseCode": -1, "object": "Scan upload process started.", "links": [ { "method": "GET", "rel": "related", "href": "http://10.150.1.155:8080/threadfix/rest/latest/applications/1296/pendingScan/717/status" } ] }

Sample Output (v2.4.5 through latest):

{     "message": "",     "success": true,     "responseCode": -1,     "object": "Scan upload process started.",     "links": [         {             "method": "GET",             "rel": "related",             "href": "http://localhost:8080/threadfix/rest/applications/1/pendingScan/3/status"         }     ] }

Sample Output (legacy through v2.4.2.1:

Values for importTime are returned as Epoch time in milliseconds.



www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.