Scan OpenAPI Specification File for WAAS Observations

POST 
/api/v33.03/waas/openapi-scans

x-prisma-cloud-target-env: {"permission":"monitorWAAS"}

Scans the OpenAPI specifications file of size not more than 100 KB and generates a report for any errors, or shortcomings such as structural issues, compromised security, best practices, and so on. API definition scan supports scanning OpenAPI 2.X and 3.X definition files in either YAML or JSON formats.

cURL Request

Refer to the following example cURL command that generates a report for any errors or shortcomings in the OpenAPI specification:

$ curl 'https://<CONSOLE>/api/v<VERSION>/waas/openapi-scans' \
-k \
-H 'Content-Type: multipart/form-data' \
-u <USER> \
-X POST \
-v -F‘spec=@<FILE NAME>.json;type=application/json’-F‘data={“source”:“manual”};type=application/json’

Responses

200

OpenAPIScan represents the OpenAPI file scan

application/json

Schema

Schema

_idstring

ID is the scan identifier.

issueResults object[]

IssueResults are the scanned issues results.

Array [

_idinteger

ID is the issue result ID.

categorystring

Category is the issue category.

descriptionTextstring

DescriptionText is the issue description.

descriptionUrlstring

DescriptionURL is the issue information url.

idstring

ID is the unique identifier of the issue metadata.

override object

Override is the list of possible override fields by OpenAPI version.

property name* waas.OpenAPIScanIssueMetadata

OpenAPIScanIssueMetadata represents the static metadata of an API definition issue Fields reflect the KICS metadata, Example: https://github.com/Checkmarx/kics/blob/master/assets/queries/openAPI/general/items_undefined/metadata.json

categorystring

Category is the issue category.

descriptionTextstring

DescriptionText is the issue description.

descriptionUrlstring

DescriptionURL is the issue information url.

idstring

ID is the unique identifier of the issue metadata.

override object

Override is the list of possible override fields by OpenAPI version.

queryNamestring

Name is the issue name.

severitywaas.OpenAPIScanIssueSeverity (string)

OpenAPIScanIssueSeverity is the OpenAPI spec file issue severity

Possible values: [INFO,LOW,MEDIUM,HIGH]

queryNamestring

Name is the issue name.

searchKeystring

SearchKey is the issue location in the spec file.

severitywaas.OpenAPIScanIssueSeverity (string)

OpenAPIScanIssueSeverity is the OpenAPI spec file issue severity

Possible values: [INFO,LOW,MEDIUM,HIGH]

statusstring

Status is the issue status.

]

scanInfo object

OpenAPIScanInfo is the OpenAPI scan info

appIDstring

AppID is the WAAS app id the file was imported from.

policyTypecommon.PolicyType (string)

PolicyType represents the type of the policy

Possible values: [containerVulnerability,containerCompliance,ciImagesVulnerability,ciImagesCompliance,hostVulnerability,hostCompliance,vmVulnerability,vmCompliance,serverlessCompliance,ciServerlessCompliance,serverlessVulnerability,ciServerlessVulnerability,containerRuntime,appEmbeddedRuntime,containerAppFirewall,hostAppFirewall,outOfBandAppFirewall,agentlessAppFirewall,serverObserverAppFirewall,appEmbeddedAppFirewall,serverlessAppFirewall,networkFirewall,secrets,hostRuntime,serverlessRuntime,kubernetesAudit,trust,admission,codeRepoCompliance,ciCodeRepoCompliance,ciCodeRepoVulnerability,codeRepoVulnerability]

ruleIDstring

RuleID is the WAAS rule id the file was imported from.

sourcewaas.OpenAPIScanSource (string)

OpenAPIScanSource is the scan trigger source

Possible values: [app,cli,manual]

scanStartTimedate-time

ScanStartTime is the scan started.

severityDistribution object

OpenAPIScanIssuesSeverityDistribution counts the number of issues per severity type

highinteger

High is the high severity issues count.

infointeger

Info is the info severity issues count.

lowinteger

Low is the low severity issues count.

mediuminteger

Medium is the medium severity issues count.

specInfo object

OpenAPISpecInfo is the OpenAPI spec info

contentbyte[]

Content is the OpenAPI spec content.

contentTypestring

ContentType is the OpenAPI spec file content type.

fileNamestring

FileName is the OpenAPI spec file name.

Example (auto)

{
  "_id": "string",
  "issueResults": [
    {
      "_id": 0,
      "category": "string",
      "descriptionText": "string",
      "descriptionUrl": "string",
      "id": "string",
      "override": {},
      "queryName": "string",
      "searchKey": "string",
      "severity": [
        "INFO",
        "LOW",
        "MEDIUM",
        "HIGH"
      ],
      "status": "string"
    }
  ],
  "scanInfo": {
    "appID": "string",
    "policyType": [
      "containerVulnerability",
      "containerCompliance",
      "ciImagesVulnerability",
      "ciImagesCompliance",
      "hostVulnerability",
      "hostCompliance",
      "vmVulnerability",
      "vmCompliance",
      "serverlessCompliance",
      "ciServerlessCompliance",
      "serverlessVulnerability",
      "ciServerlessVulnerability",
      "containerRuntime",
      "appEmbeddedRuntime",
      "containerAppFirewall",
      "hostAppFirewall",
      "outOfBandAppFirewall",
      "agentlessAppFirewall",
      "serverObserverAppFirewall",
      "appEmbeddedAppFirewall",
      "serverlessAppFirewall",
      "networkFirewall",
      "secrets",
      "hostRuntime",
      "serverlessRuntime",
      "kubernetesAudit",
      "trust",
      "admission",
      "codeRepoCompliance",
      "ciCodeRepoCompliance",
      "ciCodeRepoVulnerability",
      "codeRepoVulnerability"
    ],
    "ruleID": "string",
    "source": [
      "app",
      "cli",
      "manual"
    ]
  },
  "scanStartTime": "2024-07-29T15:51:28.071Z",
  "severityDistribution": {
    "high": 0,
    "info": 0,
    "low": 0,
    "medium": 0
  },
  "specInfo": {
    "content": [
      "string"
    ],
    "contentType": "string",
    "fileName": "string"
  }
}

default

• curl
• python
• go
• nodejs
• csharp
• php

• CURL

curl -L -X POST 'https://pan.dev/api/v33.03/waas/openapi-scans' \
-H 'Accept: application/json'