Scan OpenAPI Specification File for WAAS Observations
POST/api/v32.07/waas/openapi-scans
x-prisma-cloud-target-env: {"permission":"monitorWAAS"}
Scans the OpenAPI specifications file of size not more than 100 KB and generates a report for any errors, or shortcomings such as structural issues, compromised security, best practices, and so on. API definition scan supports scanning OpenAPI 2.X and 3.X definition files in either YAML or JSON formats.
cURL Request
Refer to the following example cURL command that generates a report for any errors or shortcomings in the OpenAPI specification:
$ curl 'https://<CONSOLE>/api/v<VERSION>/waas/openapi-scans' \
-k \
-H 'Content-Type: multipart/form-data' \
-u <USER> \
-X POST \
-v -F‘spec=@<FILE NAME>.json;type=application/json’-F‘data={“source”:“manual”};type=application/json’
Responses
- 200
- default
OpenAPIScan represents the OpenAPI file scan
- application/json
- Schema
- Example (from schema)
Schema
- Array [
- ]
ID is the scan identifier.
issueResults object[]
IssueResults are the scanned issues results.
ID is the issue result ID.
Category is the issue category.
DescriptionText is the issue description.
DescriptionURL is the issue information url.
ID is the unique identifier of the issue metadata.
override object
Override is the list of possible override fields by OpenAPI version.
property name* waas.OpenAPIScanIssueMetadata
OpenAPIScanIssueMetadata represents the static metadata of an API definition issue Fields reflect the KICS metadata, Example: https://github.com/Checkmarx/kics/blob/master/assets/queries/openAPI/general/items_undefined/metadata.json
Category is the issue category.
DescriptionText is the issue description.
DescriptionURL is the issue information url.
ID is the unique identifier of the issue metadata.
override object
Override is the list of possible override fields by OpenAPI version.
Name is the issue name.
Possible values: [INFO,LOW,MEDIUM,HIGH
]
OpenAPIScanIssueSeverity is the OpenAPI spec file issue severity
Name is the issue name.
SearchKey is the issue location in the spec file.
Possible values: [INFO,LOW,MEDIUM,HIGH
]
OpenAPIScanIssueSeverity is the OpenAPI spec file issue severity
Status is the issue status.
scanInfo object
OpenAPIScanInfo is the OpenAPI scan info
AppID is the WAAS app id the file was imported from.
Possible values: [containerVulnerability,containerCompliance,ciImagesVulnerability,ciImagesCompliance,hostVulnerability,hostCompliance,vmVulnerability,vmCompliance,serverlessCompliance,ciServerlessCompliance,serverlessVulnerability,ciServerlessVulnerability,containerRuntime,appEmbeddedRuntime,containerAppFirewall,hostAppFirewall,outOfBandAppFirewall,agentlessAppFirewall,serverObserverAppFirewall,appEmbeddedAppFirewall,serverlessAppFirewall,networkFirewall,secrets,hostRuntime,serverlessRuntime,kubernetesAudit,trust,admission,codeRepoCompliance,ciCodeRepoCompliance,ciCodeRepoVulnerability,codeRepoVulnerability
]
PolicyType represents the type of the policy
RuleID is the WAAS rule id the file was imported from.
Possible values: [app,cli,manual
]
OpenAPIScanSource is the scan trigger source
ScanStartTime is the scan started.
severityDistribution object
OpenAPIScanIssuesSeverityDistribution counts the number of issues per severity type
High is the high severity issues count.
Info is the info severity issues count.
Low is the low severity issues count.
Medium is the medium severity issues count.
specInfo object
OpenAPISpecInfo is the OpenAPI spec info
Content is the OpenAPI spec content.
ContentType is the OpenAPI spec file content type.
FileName is the OpenAPI spec file name.
{
"_id": "string",
"issueResults": [
{
"_id": 0,
"category": "string",
"descriptionText": "string",
"descriptionUrl": "string",
"id": "string",
"override": {},
"queryName": "string",
"searchKey": "string",
"severity": [
"INFO",
"LOW",
"MEDIUM",
"HIGH"
],
"status": "string"
}
],
"scanInfo": {
"appID": "string",
"policyType": [
"containerVulnerability",
"containerCompliance",
"ciImagesVulnerability",
"ciImagesCompliance",
"hostVulnerability",
"hostCompliance",
"vmVulnerability",
"vmCompliance",
"serverlessCompliance",
"ciServerlessCompliance",
"serverlessVulnerability",
"ciServerlessVulnerability",
"containerRuntime",
"appEmbeddedRuntime",
"containerAppFirewall",
"hostAppFirewall",
"outOfBandAppFirewall",
"agentlessAppFirewall",
"serverObserverAppFirewall",
"appEmbeddedAppFirewall",
"serverlessAppFirewall",
"networkFirewall",
"secrets",
"hostRuntime",
"serverlessRuntime",
"kubernetesAudit",
"trust",
"admission",
"codeRepoCompliance",
"ciCodeRepoCompliance",
"ciCodeRepoVulnerability",
"codeRepoVulnerability"
],
"ruleID": "string",
"source": [
"app",
"cli",
"manual"
]
},
"scanStartTime": "2024-07-29T15:51:28.071Z",
"severityDistribution": {
"high": 0,
"info": 0,
"low": 0,
"medium": 0
},
"specInfo": {
"content": [
"string"
],
"contentType": "string",
"fileName": "string"
}
}