As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.

Ad Hoc Policy Evaluation - API

Owned by Robert Shofner (Unlicensed)
Last updated: Feb 24, 2023 by HruizVersion comment
2 min read

/rest/{version}/applications/{appId}/policy/eval?policyId={policyId}

Descriptor

Value

Descriptor

Value

HTTP Method

POST

Description

Updates the evaluation’s results if the status is out of date. If there are no status changes requiring an update, the current status will be returned.

Required Permission

Read Access (Any Role)

Version Introduced

2.6

Changes in 2.8

Added additional request parameter "type".

Changes in 2.8.5

GET method changed to POST.

Request Header Parameters

Parameter

Value

Required

Description

Parameter

Value

Required

Description

Accept

String

Yes

A value of ‘application/json’ must be provided.

Request GET Parameters

Parameter

Value

Required

Description

Parameter

Value

Required

Description

policyId

String

No*

Evaluate the status of the policy with this id.

policyName

String

No*

Evaluate the status of the policy with this name. Parameter "type" is needed when using policyName.

type

String

No*

The type of the policy being evaluated. Accepted values are "filter" or "remediation".

*Required when using parameter policyName.

*Either 'policyId' or 'policyName' parameter must be provided.

 

As of 2.8.5:

Sample Call (using policyId):

curl --insecure -H 'content-type: application/x-www-form-urlencoded' -H 'accept: application/json' -H 'Authorization: APIKEY {apikey}' -X POST --data 'policyId=1' http://localhost:8080/threadfix/rest/latest/applications/1/policy/eval

Sample Call (using policyName):

curl --insecure -H 'content-type: application/x-www-form-urlencoded' -H 'accept: application/json' -H 'Authorization: APIKEY {apikey}' -X POST --data 'policyName=MyPolicy&type=remediation' http://localhost:8080/threadfix/rest/latest/applications/1/policy/eval

 

Pre-2.8.5:

Sample Call (using policyId):

curl -X GET 'http://localhost:8080/threadfix/rest/Latest/applications/1/policy/eval?policyId=1' -H 'Authorization: APIKEY {apiKey}'

Sample Call (using policyName):

Sample Output:

Sample return for application having a scan.

Values for lastEvaluated are returned as Epoch time in milliseconds.

Sample return for an application with no scan.

Values for lastEvaluated are returned as Epoch time in milliseconds.





www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.