Introduction
Prerequisites
Queries
Introduction
The GraphQL API Playground allows the user to perform queries on assessments run in the NowSecure Platform and obtain detailed results. This tool is a great way to test your queries prior to combining them in a script.
Prerequisites
You will first need a token for authentication. See the Creating an API Bearer Token article for more detailed instructions.
Within NowSecure Platform, select your Profile in the upper right > Tokens. Select Generate Token Below examples uses token titled "GraphQL".
Note: This token is presented one time, so copy it and keep it safe. You can revoke it and create another, if needed.
Once your token has been copied, navigate to the NowSecure GraphQL Playground. to the HTTP Headers section. Configure your access by typing the following:
{"Authorization": "Bearer"}
Queries
Now that you have configured your authorization token you can start performing queries to gather the information of your choice. The main query writing section will attempt to auto-complete as much as possible of the query you are currently writing. The SCHEMA tab on the right side of the Playground will explain the parameters associated with each query performed.
For example, when attempting to query for all findings, searching for the word findings under SCHEMA provides useful information about the different parameters that can be queried for each finding:
Following the screenshot above, a query that displays all findings can be created. Each level under FindingsQuery represents a new category with different variables that can be accessed.
For example, to access the findings details (id, title, category, etc.) refer to the FindingQuery panel in the screenshot above. The query must first access findings and then a list (the middle panel on the screenshot above) of attributes that can be created.
The following query shows ALL findings including id, name and description. (Note that the cURL command corresponding to each query can be generated by selecting COPY CURL):
Accessing All Previous Assessment Data
The GraphQL API Playground displays data from any of the assessments previously performed by the Platform user.
Below is a query that shows the application data of ALL previous assessments such as package name, platformType, along with assessments data such as createdAt and ref (a unique identifier).
query allAppScores {
auto {
applications {
platformType
packageKey
group {
ref
name
}
assessments {
score
ref
taskId
createdAt
build {
digest
version
uploadedAt
}
report {
findings {
impactType
check {
issue {
title
description
cvss
cvssVector
}
}
}
}
}
}
}
}
Accessing The Latest Report for a Specific Application
To access the latest report for a specific application, use the following commands (either the cURL command or the query). Add either | jq '.'
or | json_pp
at the end of a cURL command to output the result of the query in easy to read .json format:
First, obtain the ref
for the Platform group you have apps in. Obtain the different groupRefs
in your Platform account and select the one containing your application of choice:
curl 'https://api.nowsecure.com/graphql' -H 'Accept-Encoding: gzip, deflate, br' -H 'Content-Type: application/json' -H 'Accept: application/json' -H 'Connection: keep-alive' -H 'DNT: 1' -H 'Origin: https://api.nowsecure.com' -H 'Authorization: Bearer {Your_Token_Here}' --data-binary '{"query":"# Write your query or mutation her\n query {\n\tmy{\n groups{\n ref\n id\n active\n name\n }\n }\n}"}' --compressed
query {
my{
groups{
ref
id
active
name
}
}
}
Using the groupRef
obtained in the previous step, obtain the applications in your selected group:
curl 'https://api.nowsecure.com/graphql' -H 'Accept-Encoding: gzip, deflate, br' -H 'Content-Type: application/json' -H 'Accept: application/json' -H 'Connection: keep-alive' -H 'DNT: 1' -H 'Origin: https://api.nowsecure.com' -H 'Authorization: Bearer {Your_Token_Here}' --data-binary '{"query":"query {\n\tauto {\n applications(groupRefs: \"GROUPREF\") {\n \tpackageKey\n ref\n }\n }\n}"}' --compressed
query {
auto {
applications(groupRefs: "GROUPREF") {
packageKey
ref
}
}
}
Search the previously generated list for the ref UUID of the application that you want to obtain the latest assessment for. Use that ref UUID to execute the following command and obtain the latest assessment for the chosen application:
GETcurl 'https://api.nowsecure.com/graphql' -H 'Accept-Encoding: gzip, deflate, br' -H 'Content-Type: application/json' -H 'Accept: application/json' -H 'Connection: keep-alive' -H 'DNT: 1' -H 'Origin: https://api.nowsecure.com' -H 'Authorization: Bearer {YOUR TOKEN HERE}' --data-binary '{"query":"query {\n auto {\n applications(refs:\"2603a902-85de-11e8-b865-1f761cc39491\"){\n packageKey\n latestCompleteAssessment{\n ref\n platformType\n createdAt\n title\n packageKey\n\t report{\n findings{\n cvss\n check{\n title\n id\n issue{\n category\n cvssVector\n }\n }\n }\n }\n }\n }\n }\n}"}' --compressed
query {
auto {
applications(refs:"REF"){
packageKey
latestCompleteAssessment{
ref
platformType
createdAt
title
packageKey
report{
findings{
cvss
check{
title
id
issue{
category
cvssVector
}
}
}
}
}
}
}
}
Comments
Article is closed for comments.