I'm looking at some of the REST API endpoints in 2.1M1 and I have a few questions:
- Is "channelNames" a list because a single vulnerability may be identified by multiple tools?
- Can I expect "genericVulnerability" to always be filled-in with the "id" field as the relevant CWE identifier?
- Is there a plan to expose all supported "genericVulnerability" values through the REST API?
- Is there a plan to expose/update channel mappings?
Great stuff here
All the best,
Geoff
We are working on integrating our internal weakness tracking system with threadfix. Knowing threadfix weaknesses and being able to list mappings for a channel allows us to find out if we're out of sync. Having the ability to update through the API is of lesser priority.
Best wishes,
Geoff