Retrieve application vulnerabilities

get

https://sentinel.whitehatsec.com/api/application/{app_id}/vuln

This operation returns an object containing information about all vulnerabilities associated with the specified application.

Path Params

app_id

int32

required

Application id.

Query Params

query_opened

string

Retrieves vulns that were opened at this exact date and time. Date format: Valid ISO8601 (that means UTC (aka GMT)) (Ex. 'YYYY-MM-DDThh:mm:ssZ' -> '2008-12-12T21:35:59Z')

query_opened_after

string

Retrieves vulns that were opened at or after this date and time. Date format: Valid ISO8601 (that means UTC (aka GMT)) (Ex. 'YYYY-MM-DDThh:mm:ssZ' -> '2008-12-12T21:35:59Z')

query_opened_before

string

Retrieves vulns that were opened at or before this date and time. Date format: Valid ISO8601 (that means UTC (aka GMT)) (Ex. 'YYYY-MM-DDThh:mm:ssZ' -> '2008-12-12T21:35:59Z')

query_closed

string

Retrieves vulns that were closed at this exact date and time. Date format: Valid ISO8601 (that means UTC (aka GMT)) (Ex. 'YYYY-MM-DDThh:mm:ssZ' -> '2008-12-12T21:35:59Z')

query_closed_after

string

Retrieves vulns that were closed at or after this date and time. Date format: Valid ISO8601 (that means UTC (aka GMT)) (Ex. 'YYYY-MM-DDThh:mm:ssZ' -> '2008-12-12T21:35:59Z')

query_closed_before

string

Retrieves vulns that were closed at or before this date and time. Date format: Valid ISO8601 (that means UTC (aka GMT)) (Ex. 'YYYY-MM-DDThh:mm:ssZ' -> '2008-12-12T21:35:59Z')

query_found

string

Retrieves vulns that were found at or before this date and time. Date format: Valid ISO8601 (that means UTC (aka GMT)) (Ex. 'YYYY-MM-DDThh:mm:ssZ' -> '2008-12-12T21:35:59Z')

query_found_after

string

Retrieves vulns that were found at or after this date and time. Date format: Valid ISO8601 (that means UTC (aka GMT)) (Ex. 'YYYY-MM-DDThh:mm:ssZ' -> '2008-12-12T21:35:59Z')

query_found_before

string

Retrieves vulns that were found at or before this date and time. Date format: Valid ISO8601 (that means UTC (aka GMT)) (Ex. 'YYYY-MM-DDThh:mm:ssZ' -> '2008-12-12T21:35:59Z')

query_id

string

Retrieves vulnerabilities specified by one or more comma-separated IDs.

query_dast_class

int32

Retrieves vulns associated with one or more DAST classes, as specified by a comma-separated list of class IDs.

query_location

string

Retrieves vulns with locations (file URLs) that contain the given string.

query_location_like

string

Retrieves vulns with locations (file URLs) that contain the given string.

query_status

string

Retrieves vulns with the given query status. Can give multiple comma-separated statuses. Combinable options: 'open', 'closed', 'false', 'discovered'.

query_trace_status

string

Retrieves vulns with the given query trace status. Can give multiple comma-separated trace statuses. Combinable options: 'open', 'closed', 'false'.

query_impact

int32

Retrieves vulns with the given impact(s). Takes one or more comma-separated values. Impact ranges from 0 to 9.

query_class

string

Retrieve vulns of a specific class. EXAMPLE: Access.Administration.Interface

query_risk

string

Retrieves vulns with the given risk(s). Can be a combination of: 'note', 'low', 'medium', 'high', 'critical'.

query_manual

string

enum

Defaults to 0

If set to 1, retrieves only manual vulnerabilities (created by a human, not scanner).

Allowed:

display_stats

string

enum

Defaults to 1

Display aggregated statistics on vulns retrieved.

Allowed:

display_traces

string

enum

Defaults to 1

Display traces data collection for each vuln.

Allowed:

display_steps

string

enum

Defaults to 0

Display step data associated with each trace for this vuln (data-intensive - can take significant time to fetch).

Allowed:

display_description

string

enum

Defaults to 0

Display general information about vulnerability. The 'custom' option will display custom descriptions.

Allowed:

display_solution

string

enum

Defaults to 0

Display vulnerability solution information. The 'custom' option will display custom solutions.

Allowed:

page:limit

int32

Limit results to n number of pages.

page:offset

int32

Begin showing results from page number n.

page:order_by

string

enum

Defaults to id

Order the results.

format

string

enum

Defaults to xml

Format of returned results.

Allowed:

Headers

string

enum

Defaults to application/json

Generated from available response content types

Allowed:

Responses

400

BadRequestResponse indicates a request with invalid parameters.

401

UnauthorizedResponse signals an unauthorized API access.

403

ForbiddenResponse signals a request for a resource that does not exist or is not authorized.

404

NotFound the requested resource could not be found.

500

GenericError generic error.

Language

Response

Choose an example:

application/json

application/xml

text/csv, text/comma-separated-values

200Provides the application vulnerability details.