REST API questions
geoff.wh...@gmail.com
I'm looking at some of the REST API endpoints in 2.1M1 and I have a few questions:
- Is "channelNames" a list because a single vulnerability may be identified by multiple tools?
- Can I expect "genericVulnerability" to always be filled-in with the "id" field as the relevant CWE identifier?
- Is there a plan to expose all supported "genericVulnerability" values through the REST API?
- Is there a plan to expose/update channel mappings?
Great stuff here
All the best,
Geoff
Mac Collins
- Is "channelNames" a list because a single vulnerability may be
identified by multiple tools?
- Can I expect "genericVulnerability" to always be filled-in with the "id"
field as the relevant CWE identifier?
reliable field is now "displayId". Now that I'm looking at it we should
rename that to "cweId" before 2.1 is released and that API is officially
frozen. I will reply to this thread when I make this change.
- Is there a plan to expose all supported "genericVulnerability" values
through the REST API?
endpoint for it. If you file an enhancement issue we'll look at
implementing for 2.1 final.
- Is there a plan to expose/update channel mappings?
development through the UI. We haven't considered listing or updating
mappings through the REST interface, although you have piqued my interest.
Thanks,
Mac
On 7/7/14, 1:24 PM, "geoff.wh...@gmail.com"
>You received this message because you are subscribed to the Google Groups
>"ThreadFix" group.
>To unsubscribe from this group and stop receiving emails from it, send an
>email to threadfix+...@googlegroups.com.
>For more options, visit https://groups.google.com/d/optout.
geoff.wh...@gmail.com
We are working on integrating our internal weakness tracking system with threadfix. Knowing threadfix weaknesses and being able to list mappings for a channel allows us to find out if we're out of sync. Having the ability to update through the API is of lesser priority.
Best wishes,
Geoff