APIs

General Info

Hdiv web console exposes a REST API to help integrate vulnerability detection and attack protection into the organization’s standard stack and dashboards.

The REST API requires an authenticated user. This is done by sending a header that includes the console connection token. Find the proper token value in your console environment configuration page.

Accessing REST API

API Info

The following URLs are exposed in the API.

Mappings

GET
/applications

Response Format

[ {
  "name" : "",
  "status" : "",
  "hdivVersion" : ""
} ]

Response Details

Name Description
String
name

Application name

String
status

RUNNING, MONITORING, STOPPED

String
hdivVersion

Version of Hdiv being used

GET
/applications/{name}

Path Variables

Type Description
String
name

Application name

Response Format

{
  "name" : "",
  "status" : "",
  "hdivVersion" : ""
}

Response Details

Name Description
String
name

Application name

String
status

RUNNING, DEBUGGING, STOPPED

String
hdivVersion

Version of Hdiv being used

GET
/ipreputation/{status}

Path Variables

Type Description
String
status

ALLOWED/BANNED

Response Status Codes

Code Description
200
OK

List of ips in that status

400
BAD REQUEST

If the path variable is not correct

Response Format

[ "x.x.x.x", "y.y.y.y" ]

Response Details

Name Description
Arrays
ips

List of IP Addresses

POST
/ipreputation/{status}

Path Variables

Type Description
String
status

ALLOWED/BANNED

Response Status Codes

Code Description
200
OK

List of ips in that status

400
BAD REQUEST

If the path variable is not correct

Request Format

[ "x.x.x.x", "y.y.y.y" ]

Requests Details

Name Description
Array
ip

List of IP Addresses

Response Format

2

Response Details

Name Description
int
count

Count of updated ips

DELETE
/ipreputation/{ip}

Path Variables

Type Description
String
ip

IP to delete

Response Status Codes

Code Description
200
OK

IP was properly deleted

400
BAD REQUEST

IP could not be deleted

GET
/servers

Response Format

[ {
  "name" : "",
  "status" : "",
  "lastActivity" : "",
  "hdivVersion" : ""
} ]

Response Details

Name Description
String
name

Server name

String
status

RUNNING, STOPPED

String
lastActivity

Server last activity date yyyy/MM/dd

String
hdivVersion

Version of Hdiv being used

GET
/servers/{name}

Path Variables

Type Description
String
name

Server name

Response Format

{
  "name" : "",
  "status" : "",
  "lastActivity" : "",
  "hdivVersion" : ""
}

Response Details

Name Description
String
name

Server name

String
status

RUNNING, STOPPED

String
lastActivity

Server last activity date yyyy/MM/dd

String
hdivVersion

Version of Hdiv being used

GET
/vulnerabilities

Parameters

Type Description
String
application

Application name

String
applicationVersion

Name of one version of the Application. The application field must have a value

String
startDate

Start date for the filter using yyyy/MM/dd, yyyy/MM/dd HH:mm:ss or number of milliseconds format. You can also use yyyy/MM/dd HH:mm:ssZ format for UTC dates.

String
endDate

End date for the filter using yyyy/MM/dd, yyyy/MM/dd HH:mm:ss or number of milliseconds format. You can also use yyyy/MM/dd HH:mm:ssZ format for UTC dates.

String
rule

Comma separated rules

String
state

UNRESOLVED, RESOLVED, IGNORED

Response Status Codes

Code Description
200
OK

Vulnerabilities have been found and processed, full information will be sent

202
ACCEPTED

Vulnerabilities have been found but the information is still being processed

400
BAD REQUEST

Application name or application version not found

Response Format

[ {
  "hash" : 0,
  "id" : 0,
  "type" : "",
  "level" : "",
  "score" : 0.0,
  "url" : "",
  "parameterName" : "",
  "parameterType" : "",
  "taintedValue" : :"",
  "className" : :"",
  "lineNumber" : 0,
  "application": "",
  "firstAppVersion": "",
  "lastAppVersion": "",
  "firstOccurrence": 0,
  "lastOccurrence": 0,
  "state": "",
  "servers": "",
  "environments": ""
  "origin": ""
} ]

Response Details

Name Description
long
hash

Vulnerability hash id

long
id

Vulnerability id

String
type

Vulnerability type

String
level

MINOR, LOW, MEDIUM, HIGH

double
score

Vulnerability score

String
url

Vulnerability url

String
parameterName

Input name

String
parameterType

Type: DATABASE, PARAMETER, MULTIPART_PARAMETER, HEADER, PATH_VARIABLE, REQUEST_BODY

String
taintedValue

Final input value

String
className

Class name where the vulnerability is present

int
lineNumber

Line number where the vulnerability is present

String
application

Application name

String
firstAppVersion

First application version where the vulnerability is present

String
lastAppVersion

Last application version where the vulnerability is present

int
firstOccurrence

First vulnerability detection timestamp

int
lastOccurrence

Last vulnerability detection timestamp

String
state

Vulnerability state

String
servers

Server list where the vulnerability is detected

String
environments

Environments list where the vulnerability is detected

String
origin

Type: DATABASE, REQUEST, STORED, REFLECTED, CONFIGURATION

GET
/vulnerabilities/{id}

Path variables

Type Description
long
id

Vulnerability id

Response Format

{
  "hash" : 0,
  "id" : 0,
  "type" : "",
  "level" : "",
  "score" : 0.0,
  "url" : "",
  "parameterName" : "",
  "parameterType" : "",
  "taintedValue" : :"",
  "className" : :"",
  "lineNumber" : 0,
  "application": "",
  "firstAppVersion": "",
  "lastAppVersion": "",
  "firstOccurrence": 0,
  "lastOccurrence": 0,
  "state": "",
  "servers": "",
  "environments": ""
}

Response Details

Name Description
long
hash

Vulnerability hash id

long
id

Vulnerability id

String
type

Vulnerability type

String
level

MINOR, LOW, MEDIUM, HIGH

double
score

Vulnerability score

String
url

Vulnerability url

String
parameterName

Input name

String
parameterType

Input type: DATABASE, PARAMETER, MULTIPART_PARAMETER, HEADER, PATH_VARIABLE, REQUEST_BODY

String
taintedValue

Final input value

String
className

Class name where the vulnerability is present

int
lineNumber

Line number where the vulnerability is present

String
application

Application name

String
firstAppVersion

First application version where the vulnerability is present

String
lastAppVersion

Last application version where the vulnerability is present

int
firstOccurrence

First vulnerability detection timestamp

int
lastOccurrence

Last vulnerability detection timestamp

String
state

Vulnerability state

String
servers

Server list where the vulnerability is detected

String
environments

Environments list where the vulnerability is detected

GET
/vulnerableLibraries

Parameters

Type Description
String
artifact

Artifact identifier in group:artifact:version format. Mandatory.

String
application

Application name. Optional.

String
applicationVersion

Name of one version of the Application. The application field must have a value

String
startDate

Start date for the filter using yyyy/MM/dd, yyyy/MM/dd HH:mm:ss or number of milliseconds format. You can also use yyyy/MM/dd HH:mm:ssZ format for UTC dates.

String
endDate

End date for the filter using yyyy/MM/dd, yyyy/MM/dd HH:mm:ss or number of milliseconds format. You can also use yyyy/MM/dd HH:mm:ssZ format for UTC dates.

String
state

UNRESOLVED, RESOLVED, IGNORED

Response Status Codes

Code Description
200
OK

Vulnerable dependency is present and is processed, full information will be sent

202
ACCEPTED

Vulnerable dependency is present but it is still being processed

404
NOT FOUND

Vulnerable dependency was not sent by any application

400
BAD REQUEST

Application name or application version not found

Response Format

[ {
  "hash" : 0,
  "id" : 0,
  "type" : "",
  "score" : 0.0,
  "cveNumber" : "",
  "dependency" : "group:artifact:version",
  "description" : "",
} ]

Response Details

Name Description
long
hash

Vulnerability hash id

long
id

Vulnerability id

String
type

Vulnerability type

double
score

Vulnerability score

String
cveNumber

CVE Number

String
dependency

Vulnerable library identifier in group:artifact:version format

String
description

Vulnerability description

GET
/libraries

Parameters

Type Description
String
application

Application name. Optional.

String
applicationVersion

Name of one version of the Application. The application field must have a value

Response Status Codes

Code Description
200
OK

Vulnerable dependency is present and is processed, full information will be sent

202
ACCEPTED

Vulnerable dependency is present but it is still being processed

404
NOT FOUND

Vulnerable dependency was not sent by any application

400
BAD REQUEST

Application name or application version not found

Response Format

[ {
  "library" : "",
  "version" : "",
  "idString" : "",
  "applicationString" : "",
  "cveString" : "",
  "ids" : "",
  "applications" : "",
  "cves" : "",
  "numberOfApplications" : "",
  "numberOfCVEs" : ""
} ]

Response Details

Name Description
String
library

Library name

String
version

Library version name

String
applicationString

Main application uses this library

String
cveString

CVE reference as text

long[]
ids

Identifiers associated with this library

String[]
applications

Applications that use this library

String[]
cves

CVEs associated with this library

int
numberOfApplications

Number of applications that use this library

int
numberOfCVEs

Number of CVEs associated with this library

GET
/issues

Parameters

Type Description
String
startDate

Start date for the filter using yyyy/MM/dd, yyyy/MM/dd HH:mm:ss or number of milliseconds format

String
endDate

End date for the filter using yyyy/MM/dd, yyyy/MM/dd HH:mm:ss or number of milliseconds format

String
status

Status of the issue

String
application

Name of the application associated with the issues

String
issueManagerType

Name of the issue manager that has processed the issues: ASANA, EASYVISTA, GITLAB, JIRA, MANTIS or WEBHOOK

String
rule

Name of the vulnerability associated with the issue

Long
pageNum

Number of the page of results to be obtained

Long
pageSize

Number of elements per page

Response Format

[
  {
    "externalRef": "",
    "managerType": "",
    "rule": "",
    "application": "",
    "servers": "",
    "environments": "",
    "status": "",
    "creationDate": 0,
    "id": 0
  }]

Response Details

Name Description
String
externalRef

External reference of the issue in the issue manager

String
managerType

Name of the issue manager that has processed the issue: ASANA, EASYVISTA, GITLAB, JIRA, MANTIS or WEBHOOK

String
rule

Name of the vulnerability associated with the issue

String
application

Name of application associated with the issue

String
servers

Server list where the vulnerability is detected

String
environments

Environments list where the vulnerability is detected

String
status

Current status of the issue

Long
creationDate

Cretion date of the issue in milliseconds

Long
id

Internal identifier of the issue

DELETE
/issues/{id}

Path Variables

Type Description
String
id

Identifier of the issue to delete

Response Status Codes

Code Description
200
OK

IP was properly deleted

400
BAD REQUEST

Issue could not be deleted