As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.
Ad Hoc Policy Evaluation - API
/rest/{version}/applications/{appId}/policy/eval?policyId={policyId}
Descriptor | Value |
---|---|
HTTP Method | POST |
Description | Updates the evaluation’s results if the status is out of date. If there are no status changes requiring an update, the current status will be returned. |
Required Permission | Read Access (Any Role) |
Version Introduced | 2.6 |
Changes in 2.8 | Added additional request parameter "type". |
Changes in 2.8.5 | GET method changed to POST. |
Request Header Parameters
Parameter | Value | Required | Description |
---|---|---|---|
Accept | String | Yes | A value of ‘application/json’ must be provided. |
Request GET Parameters
Parameter | Value | Required | Description |
---|---|---|---|
policyId | String | No* | Evaluate the status of the policy with this id. |
policyName | String | No* | Evaluate the status of the policy with this name. Parameter "type" is needed when using policyName. |
type | String | No* | The type of the policy being evaluated. Accepted values are "filter" or "remediation". *Required when using parameter policyName. |
*Either 'policyId' or 'policyName' parameter must be provided.
Â
As of 2.8.5:
Sample Call (using policyId):
curl --insecure -H 'content-type: application/x-www-form-urlencoded' -H 'accept: application/json' -H 'Authorization: APIKEY {apikey}' -X POST --data 'policyId=1' http://localhost:8080/threadfix/rest/latest/applications/1/policy/eval
Sample Call (using policyName):
curl --insecure -H 'content-type: application/x-www-form-urlencoded' -H 'accept: application/json' -H 'Authorization: APIKEY {apikey}' -X POST --data 'policyName=MyPolicy&type=remediation' http://localhost:8080/threadfix/rest/latest/applications/1/policy/eval
Â
Pre-2.8.5:
Sample Call (using policyId):
curl -X GET 'http://localhost:8080/threadfix/rest/Latest/applications/1/policy/eval?policyId=1' -H 'Authorization: APIKEY {apiKey}'
Sample Call (using policyName):
Sample Output:
Sample return for application having a scan.
Values for lastEvaluated are returned as Epoch time in milliseconds.
Sample return for an application with no scan.
Values for lastEvaluated are returned as Epoch time in milliseconds.
www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.
This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.