List Application Vulnerabilities
List Application Vulnerabilities
List the complete history of identified vulnerability records for a given application. One way to think of these identified vulnerability records is as distinct issues that might be opened in a vulnerability management system. Rather than treating every distinct vulnerability, in every assessment, as its own issue, we instead treat a given vulnerability which is persistent across contiguous assessments as a single entity, only closing when we test a new version of the app where it has been tested for but not found to affect this version. Once closed, however, a given identified vulnerability will remain closed, and a new identified vulnerability will be opened.
GEThttps://lab-api.nowsecure.com/resource/app/:app_ref/vulnerability/
curl -H "Authorization: Bearer ${API_TOKEN}" \
"https://lab-api.nowsecure.com/resource/app/6bdc59a8-c105-11e8-8a0b-3fe09a4b294e/vulnerability/"
Header
Field | Type | Description |
Authorization |
String | Send header with value Bearer: ${API_TOKEN} to authenticate |
Route
Field | Type | Description |
app_ref |
String | UUID application reference which uniquely identifies an application within a specific org analysis group |
Success 200
Field | Type | Description |
vulnerabilities |
Object[ ] | Identified vulnerability record |
unique_vulnerability_id |
Number | Monotonically increasing 64-bit integer key representing the identified vulnerability record |
finding_id |
String | Finding key enum representing the specific finding associated with vulnerability |
opened_at |
Date | Timestamp representing when this specific identified vulnerability record was created |
last_seen_at |
Date | Timestamp representing the last time we recorded when this specific vulnerability recurred |
last_seen_cvss |
Number | CVSS value associated with the finding |
closed_at |
Date | Timestamp representing when the associated finding was found to no longer be a vulnerability (i.e. either it was tested for and found to not be affected, or the finding was edited to push the CVSS score down to 0, making it no longer a vulnerability) |
opened_in_assessment_id |
String | UUID assessment "ref" associated with last assessment where vulnerability was first discovered (e.g. assessment with a non-zero CVSS score for associated finding, and no preexisting identified vuln associated with this app and finding was already open) |
last_seen_in_assessment_id |
String | UUID assessment "ref" associated with most recent assessment where finding was found to still be vulnerable |
opened_in_app_version |
String | Textual app version associated with assessment |
last_seen_in_app_version |
String | Textual app version associated with last seen assessment |
closed_in_assessment_id (optional) |
String | If vulnerability record is closed, the uuid assessment "ref" associated with assessment which closed the vuln |
closed_in_app_version (optional) |
String | If vulnerability record is closed, the textual app version associated with assessment which closed the vuln |
Comments
Article is closed for comments.