APIs

General Info

Hdiv web console exposes a REST API to help integrate vulnerability detection and attack protection into the organization’s standard stack and dashboards.

The REST API requires an authenticated user. This is done by sending a header that includes the console connection token. Find the proper token value in your console environment configuration page.

Accessing REST API

API Info

The following URLs are exposed in the API.

Mappings

GET
/applications

Response Format

[ {
  "name" : "",
  "status" : "",
  "hdivVersion" : ""
} ]

Response Details

Name Description
String
name

Application name
String
status

RUNNING, MONITORING, STOPPED
String
hdivVersion

Version of Hdiv being used
GET
/applications/{name}

Path Variables

Type Description
String
name

Application name

Response Format

{
  "name" : "",
  "status" : "",
  "hdivVersion" : "",
  "appVersionName" : "",
  "platform" : ""
}

Response Details

Name Description
String
name

Application name
String
status

RUNNING, DEBUGGING, STOPPED
String
hdivVersion

Version of Hdiv being used
String
appVersionName

Application version name
String
platform

Agent platform
GET
/ipreputation/{status}

Path Variables

Type Description
String
status

ALLOWED/BANNED

Response Status Codes

Code Description
200
OK

List of ips in that status
400
BAD REQUEST

If the path variable is not correct

Response Format

[ "x.x.x.x", "y.y.y.y" ]

Response Details

Name Description
Arrays
ips

List of IP Addresses
POST
/ipreputation/{status}

Path Variables

Type Description
String
status

ALLOWED/BANNED

Response Status Codes

Code Description
200
OK

List of ips in that status
400
BAD REQUEST

If the path variable is not correct

Request Format

[ "x.x.x.x", "y.y.y.y" ]

Requests Details

Name Description
Array
ip

List of IP Addresses

Response Format

2

Response Details

Name Description
int
count

Count of updated ips
DELETE
/ipreputation/{ip}

Path Variables

Type Description
String
ip

IP to delete

Response Status Codes

Code Description
200
OK

IP was properly deleted
400
BAD REQUEST

IP could not be deleted
GET
/servers

Response Format

[ {
  "name" : "",
  "status" : "",
  "lastActivity" : "",
  "hdivVersion" : ""
} ]

Response Details

Name Description
String
name

Server name
String
status

RUNNING, STOPPED
String
lastActivity

Server last activity date yyyy/MM/dd
String
hdivVersion

Version of Hdiv being used
GET
/servers/{name}

Path Variables

Type Description
String
name

Server name

Response Format

{
  "name" : "",
  "status" : "",
  "lastActivity" : "",
  "hdivVersion" : "",
  "serverInfo" : {
      "serverName" : "",
      "startTime" : "",
      "jvmName" : "",
      "spec" : "",
      "impl" : "",
      "inputArguments" : "",
      "systemProperties" : "",
      "osName" : "",
      "osVersion" : "",
      "osArch" : "",
      "availableProcessors" : "",
      "initHeap" : "",
      "maxHeap" : "",
      "address" : "",
      "macAddress" : ""
  }
}

Response Details

Name Description
String
name

Server name
String
status

RUNNING, STOPPED
String
lastActivity

Server last activity date yyyy/MM/dd
String
hdivVersion

Version of Hdiv being used
ServerInfo
serverInfo

Additional server information

SeverInfo object details:

  • serverName: Name of the server provider (example: Tomcat 8+, Weblogic 11g ..)
  • startTime: Server last start time.
  • jvmName: ???
  • spec: JVM specification details.
  • impl: JVM implementation details.
  • inputArguments: JVM process argument list.
  • systemProperties: JVM system properties.
  • osName: Server operating system.
  • osVersion: Server operating system version.
  • osArch: Server operating system architecture.
  • availableProcessors: Number of processors available for the server.
  • initHeap: JVM initial Heap.
  • maxHeap: Maximum Heap memory configured for the server JVM.
  • address: Net address.
  • macAddress: Mac address.
GET
/vulnerabilities

Parameters

Type Description
String
application

Application name
String
applicationVersion

Name of one version of the Application. The application field must have a value
String
startDate

Start date for the filter using yyyy/MM/dd, yyyy/MM/dd HH:mm:ss or number of milliseconds format. You can also use yyyy/MM/dd HH:mm:ssZ format for UTC dates.
String
endDate

End date for the filter using yyyy/MM/dd, yyyy/MM/dd HH:mm:ss or number of milliseconds format. You can also use yyyy/MM/dd HH:mm:ssZ format for UTC dates.
String
rule

Comma separated rules
String
state

UNRESOLVED, RESOLVED, IGNORED

Response Status Codes

Code Description
200
OK

Vulnerabilities have been found and processed, full information will be sent
202
ACCEPTED

Vulnerabilities have been found but the information is still being processed
400
BAD REQUEST

Application name or application version not found

Response Format

[ {
  "hash" : 0,
  "id" : 0,
  "type" : "",
  "level" : "",
  "score" : 0.0,
  "url" : "",
  "parameterName" : "",
  "parameterType" : "",
  "taintedValue" : :"",
  "className" : :"",
  "lineNumber" : 0,
  "application": "",
  "firstAppVersion": "",
  "lastAppVersion": "",
  "firstOccurrence": 0,
  "lastOccurrence": 0,
  "state": "",
  "servers": "",
  "environments": ""
  "origin": ""
} ]

Response Details

Name Description
long
hash

Vulnerability hash id
long
id

Vulnerability id
String
type

Vulnerability type
String
level

MINOR, LOW, MEDIUM, HIGH
double
score

Vulnerability score
String
url

Vulnerability url
String
parameterName

Input name
String
parameterType

Type: DATABASE, PARAMETER, MULTIPART_PARAMETER, HEADER, PATH_VARIABLE, REQUEST_BODY
String
taintedValue

Final input value
String
className

Class name where the vulnerability is present
int
lineNumber

Line number where the vulnerability is present
String
application

Application name
String
firstAppVersion

First application version where the vulnerability is present
String
lastAppVersion

Last application version where the vulnerability is present
int
firstOccurrence

First vulnerability detection timestamp
int
lastOccurrence

Last vulnerability detection timestamp
String
state

Vulnerability state
String
servers

Server list where the vulnerability is detected
String
environments

Environments list where the vulnerability is detected
String
origin

Type: DATABASE, REQUEST, STORED, REFLECTED, CONFIGURATION
GET
/vulnerabilities/{id}

Path variables

Type Description
long
id

Vulnerability id

Response Format

{
  "hash" : 0,
  "id" : 0,
  "type" : "",
  "level" : "",
  "score" : 0.0,
  "url" : "",
  "parameterName" : "",
  "parameterType" : "",
  "taintedValue" : :"",
  "className" : :"",
  "lineNumber" : 0,
  "application": "",
  "firstAppVersion": "",
  "lastAppVersion": "",
  "firstOccurrence": 0,
  "lastOccurrence": 0,
  "state": "",
  "servers": "",
  "environments": ""
}

Response Details

Name Description
long
hash

Vulnerability hash id
long
id

Vulnerability id
String
type

Vulnerability type
String
level

MINOR, LOW, MEDIUM, HIGH
double
score

Vulnerability score
String
url

Vulnerability url
String
parameterName

Input name
String
parameterType

Input type: DATABASE, PARAMETER, MULTIPART_PARAMETER, HEADER, PATH_VARIABLE, REQUEST_BODY
String
taintedValue

Final input value
String
className

Class name where the vulnerability is present
int
lineNumber

Line number where the vulnerability is present
String
application

Application name
String
firstAppVersion

First application version where the vulnerability is present
String
lastAppVersion

Last application version where the vulnerability is present
int
firstOccurrence

First vulnerability detection timestamp
int
lastOccurrence

Last vulnerability detection timestamp
String
state

Vulnerability state
String
servers

Server list where the vulnerability is detected
String
environments

Environments list where the vulnerability is detected
GET
/vulnerableLibraries

Parameters

Type Description
String
artifact

Artifact identifier in group:artifact:version format. Mandatory.
String
application

Application name. Optional.
String
applicationVersion

Name of one version of the Application. The application field must have a value
String
startDate

Start date for the filter using yyyy/MM/dd, yyyy/MM/dd HH:mm:ss or number of milliseconds format. You can also use yyyy/MM/dd HH:mm:ssZ format for UTC dates.
String
endDate

End date for the filter using yyyy/MM/dd, yyyy/MM/dd HH:mm:ss or number of milliseconds format. You can also use yyyy/MM/dd HH:mm:ssZ format for UTC dates.
String
state

UNRESOLVED, RESOLVED, IGNORED

Response Status Codes

Code Description
200
OK

Vulnerable dependency is present and is processed, full information will be sent
202
ACCEPTED

Vulnerable dependency is present but it is still being processed
404
NOT FOUND

Vulnerable dependency was not sent by any application
400
BAD REQUEST

Application name or application version not found

Response Format

[ {
  "hash" : 0,
  "id" : 0,
  "type" : "",
  "score" : 0.0,
  "cveNumber" : "",
  "dependency" : "group:artifact:version",
  "description" : "",
} ]

Response Details

Name Description
long
hash

Vulnerability hash id
long
id

Vulnerability id
String
type

Vulnerability type
double
score

Vulnerability score
String
cveNumber

CVE Number
String
dependency

Vulnerable library identifier in group:artifact:version format
String
description

Vulnerability description
GET
/libraries

Parameters

Type Description
String
application

Application name. Optional.
String
applicationVersion

Name of one version of the Application. The application field must have a value

Response Status Codes

Code Description
200
OK

Vulnerable dependency is present and is processed, full information will be sent
202
ACCEPTED

Vulnerable dependency is present but it is still being processed
404
NOT FOUND

Vulnerable dependency was not sent by any application
400
BAD REQUEST

Application name or application version not found

Response Format

[ {
  "library" : "",
  "version" : "",
  "idString" : "",
  "applicationString" : "",
  "cveString" : "",
  "ids" : "",
  "applications" : "",
  "cves" : "",
  "numberOfApplications" : "",
  "numberOfCVEs" : ""
} ]

Response Details

Name Description
String
library

Library name
String
version

Library version name
String
applicationString

Main application uses this library
String
cveString

CVE reference as text
long[]
ids

Identifiers associated with this library
String[]
applications

Applications that use this library
String[]
cves

CVEs associated with this library
int
numberOfApplications

Number of applications that use this library
int
numberOfCVEs

Number of CVEs associated with this library
GET
/issues

Parameters

Type Description
String
startDate

Start date for the filter using yyyy/MM/dd, yyyy/MM/dd HH:mm:ss or number of milliseconds format
String
endDate

End date for the filter using yyyy/MM/dd, yyyy/MM/dd HH:mm:ss or number of milliseconds format
String
status

Status of the issue
String
application

Name of the application associated with the issues
String
issueManagerType

Name of the issue manager that has processed the issues: ASANA, EASYVISTA, GITLAB, JIRA, MANTIS or WEBHOOK

String
rule

Name of the vulnerability associated with the issue
Long
pageNum

Number of the page of results to be obtained
Long
pageSize

Number of elements per page

Response Format

[
  {
    "externalRef": "",
    "managerType": "",
    "rule": "",
    "application": "",
    "servers": "",
    "environments": "",
    "status": "",
    "creationDate": 0,
    "id": 0
  }]

Response Details

Name Description
String
externalRef

External reference of the issue in the issue manager
String
managerType

Name of the issue manager that has processed the issue: ASANA, EASYVISTA, GITLAB, JIRA, MANTIS or WEBHOOK

String
rule

Name of the vulnerability associated with the issue
String
application

Name of application associated with the issue
String
servers

Server list where the vulnerability is detected
String
environments

Environments list where the vulnerability is detected
String
status

Current status of the issue
Long
creationDate

Cretion date of the issue in milliseconds
Long
id

Internal identifier of the issue
DELETE
/issues/{id}

Path Variables

Type Description
String
id

Identifier of the issue to delete

Response Status Codes

Code Description
200
OK

IP was properly deleted
400
BAD REQUEST

Issue could not be deleted