Skip to main content

Scan OpenAPI Specification File for WAAS Observations

POST 

/api/v32.05/waas/openapi-scans

x-prisma-cloud-target-env: {"permission":"monitorWAAS","saas":true,"self-hosted":true}
x-public: true

Scans the OpenAPI specifications file of size not more than 100 KB and generates a report for any errors, or shortcomings such as structural issues, compromised security, best practices, and so on. API definition scan supports scanning OpenAPI 2.X and 3.X definition files in either YAML or JSON formats.

cURL Request

Refer to the following example cURL command that generates a report for any errors or shortcomings in the OpenAPI specification:

$ curl 'https://<CONSOLE>/api/v<VERSION>/waas/openapi-scans' \
-k \
-H 'Content-Type: multipart/form-data' \
-u <USER> \
-X POST \
-v -F‘spec=@<FILE NAME>.json;type=application/json’-F‘data={“source”:“manual”};type=application/json’

Responses

OpenAPIScan represents the OpenAPI file scan

Schema
    _id string

    ID is the scan identifier.

    issueResults object[]

    IssueResults are the scanned issues results.

  • Array [
  • _id integer

    ID is the issue result ID.

    category string

    Category is the issue category.

    descriptionText string

    DescriptionText is the issue description.

    descriptionUrl string

    DescriptionURL is the issue information url.

    id string

    ID is the unique identifier of the issue metadata.

    override object

    Override is the list of possible override fields by OpenAPI version.

    property name* waas.OpenAPIScanIssueMetadata

    OpenAPIScanIssueMetadata represents the static metadata of an API definition issue Fields reflect the KICS metadata, Example: https://github.com/Checkmarx/kics/blob/master/assets/queries/openAPI/general/items_undefined/metadata.json

    category string

    Category is the issue category.

    descriptionText string

    DescriptionText is the issue description.

    descriptionUrl string

    DescriptionURL is the issue information url.

    id string

    ID is the unique identifier of the issue metadata.

    override object

    Override is the list of possible override fields by OpenAPI version.

    0
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    queryName string

    Name is the issue name.

    severity waas.OpenAPIScanIssueSeverity (string)

    Possible values: [INFO,LOW,MEDIUM,HIGH]

    OpenAPIScanIssueSeverity is the OpenAPI spec file issue severity

    queryName string

    Name is the issue name.

    searchKey string

    SearchKey is the issue location in the spec file.

    severity waas.OpenAPIScanIssueSeverity (string)

    Possible values: [INFO,LOW,MEDIUM,HIGH]

    OpenAPIScanIssueSeverity is the OpenAPI spec file issue severity

    status string

    Status is the issue status.

  • ]
  • scanInfo object

    OpenAPIScanInfo is the OpenAPI scan info

    appID string

    AppID is the WAAS app id the file was imported from.

    policyType common.PolicyType (string)

    Possible values: [containerVulnerability,containerCompliance,ciImagesVulnerability,ciImagesCompliance,hostVulnerability,hostCompliance,vmVulnerability,vmCompliance,serverlessCompliance,ciServerlessCompliance,serverlessVulnerability,ciServerlessVulnerability,containerRuntime,appEmbeddedRuntime,containerAppFirewall,hostAppFirewall,outOfBandAppFirewall,agentlessAppFirewall,serverObserverAppFirewall,appEmbeddedAppFirewall,serverlessAppFirewall,networkFirewall,secrets,hostRuntime,serverlessRuntime,kubernetesAudit,trust,admission,codeRepoCompliance,ciCodeRepoCompliance,ciCodeRepoVulnerability,codeRepoVulnerability]

    PolicyType represents the type of the policy

    ruleID string

    RuleID is the WAAS rule id the file was imported from.

    source waas.OpenAPIScanSource (string)

    Possible values: [app,cli,manual]

    OpenAPIScanSource is the scan trigger source

    scanStartTime date-time

    ScanStartTime is the scan started.

    severityDistribution object

    OpenAPIScanIssuesSeverityDistribution counts the number of issues per severity type

    high integer

    High is the high severity issues count.

    info integer

    Info is the info severity issues count.

    low integer

    Low is the low severity issues count.

    medium integer

    Medium is the medium severity issues count.

    specInfo object

    OpenAPISpecInfo is the OpenAPI spec info

    content byte[]

    Content is the OpenAPI spec content.

    contentType string

    ContentType is the OpenAPI spec file content type.

    fileName string

    FileName is the OpenAPI spec file name.

Loading...