Platform Findings GraphQL API

Introduction
Query
    -All Findings Queries

Introduction

NowSecure utilizes the Apollo Sandbox that provides an environment to perform GraphQL API queries and mutations on completed assessments, organization details, apps, and much more in NowSecure Platform to obtain detailed results.

For all API calls, replace the $API_TOKEN with your own token. Create a token by selecting the Profile icon on the top right corner of Platform > select Tokens. See Creating an API Bearer Token in NowSecure Platform for further information.

Query

Now that you have configured your authorization token, you can start performing queries to gather the information of your choice. The main query writing section will attempt to auto-complete as much as possible of the query you are currently writing. 

Select the Schema graph at the top left to introspect the schema or head to the top left navigation bar with the search icon to look for any fields to query.

image10.png

You can also use the CMD+K or CTRL+K shortcuts to search for a query field on a new tab in the Explorer view.

All Findings Queries

To query for all Findings, search for Findings in the Schema view or the search field. The video below utilizes the search feature to select fields recursively, and Schema features to query Findings schemas.

Selecting the plus sign to the left of any Fields tab will automatically fill in that portion of the query into the operation space. 

The drop down from the top plus button located to the right of Fields will allow you to select all fields recursively. You can also hold CMD or CTRL and click the plus to perform the same action.

Findings_gif1.gif

For example, to access the Findings details (id, title, category, etc.) refer to the FindingQuery panel in the screenshot below. 

image11.png

The following query shows ALL Findings including id, name and description.

Note: Select the three dot menu at the top right of the operation section to copy the cURL or use any of the other operations.

image5.png

The resulting Findings response:

image2.png

Accessing All Previous Assessment Data

The GraphQL Apollo Sandbox displays data from any of the assessments previously performed by the Platform user.

Below is a query that shows the application data of ALL previous assessments such as package name, platformType, along with assessments data such as createdAt and ref (a unique identifier).

query allAppScores {
  auto {
    applications {
      platformType
      packageKey
      group {
        ref
        name
      }
      assessments {
        score
        ref
        taskId
        createdAt
        build {
          digest
          version
          uploadedAt
        }
        report {
          findings {
            impactType
            check {
              issue {
                title
                description
                cvss
                cvssVector
              }
            }
          }
        }
      }
    }
  }
}

Accessing the Latest Report for a Specific App

To access the latest report for a specific app, use the following commands- the cURL command or the GraphQL query. Add either | jq '.' or | json_pp at the end of a cURL command to output the result of the query in easy to read .json format:

First, obtain the ref for the Platform group you have apps in. Obtain the different groupRefs in your Platform account and select the one containing your app of choice:

GET
query {
  my{
    groups{
      ref
      id
      active
      name
    }
  }
}

Using the groupRef obtained in the previous step, obtain the apps in your selected group:

GET
query {
  auto {
          applications(groupRefs: "GROUPREF") {
                  packageKey
             ref
    }
  }
}

Search the previously generated list for the ref UUID of the selected app's completed assessment. Use that ref UUID to execute the following command and obtain the latest assessment for the chosen app:

GET
query {
    auto {
      applications(refs:"REF"){
        packageKey
        latestCompleteAssessment{
          ref
          platformType
          createdAt
          title
          packageKey
      report{
            findings{
              cvss
              check{
                title
                id
                issue{
                  category
                  cvssVector
              }
            }
          }
        }
      }
    }
  }
}

Comments

0 comments

Article is closed for comments.