Introduction
Query
-All Findings Queries
Introduction
NowSecure utilizes the Apollo Sandbox that provides an environment to perform GraphQL API queries and mutations on completed assessments, organization details, apps, and much more in NowSecure Platform to obtain detailed results.
For all API calls, replace the $API_TOKEN
with your own token. Create a token by selecting the Profile icon on the top right corner of Platform > select Tokens. See Creating an API Bearer Token in NowSecure Platform for further information.
Query
Now that you have configured your authorization token, you can start performing queries to gather the information of your choice. The main query writing section will attempt to auto-complete as much as possible of the query you are currently writing.
Select the Schema graph at the top left to introspect the schema or head to the top left navigation bar with the search icon to look for any fields to query.
You can also use the CMD+K or CTRL+K shortcuts to search for a query field on a new tab in the Explorer view.
All Findings Queries
To query for all Findings, search for Findings in the Schema view or the search field. The video below utilizes the search feature to select fields recursively, and Schema features to query Findings schemas.
Selecting the plus sign to the left of any Fields tab will automatically fill in that portion of the query into the operation space.
The drop down from the top plus button located to the right of Fields will allow you to select all fields recursively. You can also hold CMD or CTRL and click the plus to perform the same action.
For example, to access the Findings details (id, title, category, etc.) refer to the FindingQuery panel in the screenshot below.
The following query shows ALL Findings including id
, name
and description
.
Note: Select the three dot menu at the top right of the operation section to copy the cURL or use any of the other operations.
The resulting Findings response:
Accessing All Previous Assessment Data
The GraphQL Apollo Sandbox displays data from any of the assessments previously performed by the Platform user.
Below is a query that shows the application data of ALL previous assessments such as package name
, platformType
, along with assessments data such as createdAt
and ref
(a unique identifier).
query allAppScores {
auto {
applications {
platformType
packageKey
group {
ref
name
}
assessments {
score
ref
taskId
createdAt
build {
digest
version
uploadedAt
}
report {
findings {
impactType
check {
issue {
title
description
cvss
cvssVector
}
}
}
}
}
}
}
}
Accessing the Latest Report for a Specific App
To access the latest report for a specific app, use the following commands- the cURL command or the GraphQL query. Add either | jq '.'
or | json_pp
at the end of a cURL command to output the result of the query in easy to read .json format:
First, obtain the ref
for the Platform group you have apps in. Obtain the different groupRefs
in your Platform account and select the one containing your app of choice:
query {
my{
groups{
ref
id
active
name
}
}
}
curl 'https://api.nowsecure.com/graphql' -H 'Accept-Encoding: gzip, deflate, br' -H 'Content-Type: application/json' -H 'Accept: application/json' -H 'Connection: keep-alive' -H 'DNT: 1' -H 'Origin: https://api.nowsecure.com' -H 'Authorization: Bearer {Your_Token_Here}' --data-binary '{"query":"# Write your query or mutation her\n query {\n\tmy{\n groups{\n ref\n id\n active\n name\n }\n }\n}"}' --compressed
Using the groupRef
obtained in the previous step, obtain the apps in your selected group:
query {
auto {
applications(groupRefs: "GROUPREF") {
packageKey
ref
}
}
}
curl 'https://api.nowsecure.com/graphql' -H 'Accept-Encoding: gzip, deflate, br' -H 'Content-Type: application/json' -H 'Accept: application/json' -H 'Connection: keep-alive' -H 'DNT: 1' -H 'Origin: https://api.nowsecure.com' -H 'Authorization: Bearer {Your_Token_Here}' --data-binary '{"query":"query {\n\tauto {\n applications(groupRefs: \"GROUPREF\") {\n \tpackageKey\n ref\n }\n }\n}"}' --compressed
Search the previously generated list for the ref UUID of the selected app's completed assessment. Use that ref UUID to execute the following command and obtain the latest assessment for the chosen app:
GETquery {
auto {
applications(refs:"REF"){
packageKey
latestCompleteAssessment{
ref
platformType
createdAt
title
packageKey
report{
findings{
cvss
check{
title
id
issue{
category
cvssVector
}
}
}
}
}
}
}
}
curl 'https://api.nowsecure.com/graphql' -H 'Accept-Encoding: gzip, deflate, br' -H 'Content-Type: application/json' -H 'Accept: application/json' -H 'Connection: keep-alive' -H 'DNT: 1' -H 'Origin: https://api.nowsecure.com' -H 'Authorization: Bearer {YOUR TOKEN HERE}' --data-binary '{"query":"query {\n auto {\n applications(refs:\"2603a902-85de-11e8-b865-1f761cc39491\"){\n packageKey\n latestCompleteAssessment{\n ref\n platformType\n createdAt\n title\n packageKey\n\t report{\n findings{\n cvss\n check{\n title\n id\n issue{\n category\n cvssVector\n }\n }\n }\n }\n }\n }\n }\n}"}' --compressed
Comments
Article is closed for comments.