This page is still under construction. Please, bear with us!
The Analyzer supports one HTTP POST request at relative URL api/analyzer:
| Type | Key | Description |
|---|---|---|
| header | API-KEY |
The API_KEY as returned by the webfrontend. |
| header | content-type |
Must be "text/plain" |
| parameter | projectId |
The ID of the project as configured in the webfrontend. |
| parameter | fileType |
Type of the report format (only "json" for the time being) |
| parameter | toolName |
Tool used to generate the report (only "owasp" for the time being) |
The content of the scan report file must be passed as POST payload.
An example URL would be :
https://my.securecheckplus.de/analyzer/api?fileType=json&toolName=owasp&projectId=MyProjectID
Currently, only scan reports generated by tool OWASP in JSON format can be processed. See the following examples.
| Tool | Format | Example |
|---|---|---|
| OWASP | JSON | Simple Python Example |
| OWASP | JSON | Complex Python Example |
| OWASP | JSON | Java Example |
Use the script scripts/run-adapter-image.bash to upload one of the test files to the analyzer API. Note that all required environment variables must be set beforehand (see end of file backend/env.template).
The following codes are returned by the HTTP POST request.
| Status Code | Message | Explanation |
|---|---|---|
| 200 | Analysis successful for project {project_id}. {n} dependencies were found. | The analysis was successful; {n} dependencies were found, and the data should now be accessible in the web interface. |
| 204 | Analysis was successful, but no dependencies were found for project {project_id}. | The analysis was successful, but the parser found no dependencies. It's best to manually check if dependencies were found in the report. |
| 400 | Unsupported report file type: {file type} | The specified report format is not supported for the respective tool. The "Supported Formats" tab lists supported formats. |
| 400 | Unsupported report tool: {tool name} | The specified tool is not supported. The "Supported Formats" tab lists supported tools. |
| 400 | Parser error | Error parsing. Ensure correct file type, tool name, and content type. If content type is configurable, choose "plain/text" as a last resort. |
| 406 | Analysis was successful, but the threshold: {threshold} for the severity in vulnerabilities has been reached. | The project was successfully analyzed, but vulnerabilities were found that exceed the allowed threshold. The default threshold is set to High and can be adjusted in the web interface. |
| 422 | The following required parameter is missing: {parameter name} | Note: The API key must be in the header, while the rest of the parameters are passed as query parameters. |
| 500 | An internal server error occurred. For more information, check the logs or, if you are an admin, check the log section. | An internal server error occurred. Checking the analyzer.log might provide more information. |
The Analyzer uses the following HTTP GET request to obtain meta information of a CVE.
| Request Type | Parameters | Authentication | Example Request URL | Response |
|---|---|---|---|---|
| GET | CVE ID: CVE-2019-1010218 | NVD API KEY in HEADER | https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2019-1010218 | NVD Example |