Scan OpenAPI Specification File for WAAS Observations

POST 
/api/v32.04/waas/openapi-scans

x-prisma-cloud-target-env: {"permission":"monitorWAAS","saas":true,"self-hosted":true}
x-public: true

Scans the OpenAPI specifications file of size not more than 100 KB and generates a report for any errors, or shortcomings such as structural issues, compromised security, best practices, and so on. API definition scan supports scanning OpenAPI 2.X and 3.X definition files in either YAML or JSON formats.

cURL Request

Refer to the following example cURL command that generates a report for any errors or shortcomings in the OpenAPI specification:

$ curl 'https://<CONSOLE>/api/v<VERSION>/waas/openapi-scans' \
-k \
-H 'Content-Type: multipart/form-data' \
-u <USER> \
-X POST \
-v -F‘spec=@<FILE NAME>.json;type=application/json’-F‘data={“source”:“manual”};type=application/json’

Responses

200

OpenAPIScan represents the OpenAPI file scan

application/json

Schema

Schema

_id string

ID is the scan identifier.

issueResults object[]
IssueResults are the scanned issues results.
Array [
_id integer
ID is the issue result ID.
category string
Category is the issue category.
descriptionText string
DescriptionText is the issue description.
descriptionUrl string
DescriptionURL is the issue information url.
id string
ID is the unique identifier of the issue metadata.
override object
Override is the list of possible override fields by OpenAPI version.
property name* waas.OpenAPIScanIssueMetadata
OpenAPIScanIssueMetadata represents the static metadata of an API definition issue Fields reflect the KICS metadata, Example: https://github.com/Checkmarx/kics/blob/master/assets/queries/openAPI/general/items_undefined/metadata.json
category string
Category is the issue category.
descriptionText string
DescriptionText is the issue description.
descriptionUrl string
DescriptionURL is the issue information url.
id string
ID is the unique identifier of the issue metadata.
override object
Override is the list of possible override fields by OpenAPI version.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
queryName string
Name is the issue name.
severity waas.OpenAPIScanIssueSeverity (string)
Possible values: [INFO,LOW,MEDIUM,HIGH]
OpenAPIScanIssueSeverity is the OpenAPI spec file issue severity
queryName string
Name is the issue name.
searchKey string
SearchKey is the issue location in the spec file.
severity waas.OpenAPIScanIssueSeverity (string)
Possible values: [INFO,LOW,MEDIUM,HIGH]
OpenAPIScanIssueSeverity is the OpenAPI spec file issue severity
status string
Status is the issue status.
]
scanInfo object

OpenAPIScanInfo is the OpenAPI scan info

appID string

AppID is the WAAS app id the file was imported from.

policyType common.PolicyType (string)

Possible values: [containerVulnerability,containerCompliance,ciImagesVulnerability,ciImagesCompliance,hostVulnerability,hostCompliance,vmVulnerability,vmCompliance,serverlessCompliance,ciServerlessCompliance,serverlessVulnerability,ciServerlessVulnerability,containerRuntime,appEmbeddedRuntime,containerAppFirewall,hostAppFirewall,outOfBandAppFirewall,agentlessAppFirewall,appEmbeddedAppFirewall,serverlessAppFirewall,networkFirewall,secrets,hostRuntime,serverlessRuntime,kubernetesAudit,trust,admission,codeRepoCompliance,ciCodeRepoCompliance,ciCodeRepoVulnerability,codeRepoVulnerability]

PolicyType represents the type of the policy

ruleID string

RuleID is the WAAS rule id the file was imported from.

source waas.OpenAPIScanSource (string)

Possible values: [app,cli,manual]

OpenAPIScanSource is the scan trigger source

scanStartTime date-time

ScanStartTime is the scan started.

severityDistribution object

OpenAPIScanIssuesSeverityDistribution counts the number of issues per severity type

high integer

High is the high severity issues count.

info integer

Info is the info severity issues count.

low integer

Low is the low severity issues count.

medium integer

Medium is the medium severity issues count.

specInfo object

OpenAPISpecInfo is the OpenAPI spec info

content byte[]

Content is the OpenAPI spec content.

contentType string

ContentType is the OpenAPI spec file content type.

fileName string

FileName is the OpenAPI spec file name.

Example (from schema)

{
  "_id": "string",
  "issueResults": [
    {
      "_id": 0,
      "category": "string",
      "descriptionText": "string",
      "descriptionUrl": "string",
      "id": "string",
      "override": {},
      "queryName": "string",
      "searchKey": "string",
      "severity": [
        "INFO",
        "LOW",
        "MEDIUM",
        "HIGH"
      ],
      "status": "string"
    }
  ],
  "scanInfo": {
    "appID": "string",
    "policyType": [
      "containerVulnerability",
      "containerCompliance",
      "ciImagesVulnerability",
      "ciImagesCompliance",
      "hostVulnerability",
      "hostCompliance",
      "vmVulnerability",
      "vmCompliance",
      "serverlessCompliance",
      "ciServerlessCompliance",
      "serverlessVulnerability",
      "ciServerlessVulnerability",
      "containerRuntime",
      "appEmbeddedRuntime",
      "containerAppFirewall",
      "hostAppFirewall",
      "outOfBandAppFirewall",
      "agentlessAppFirewall",
      "appEmbeddedAppFirewall",
      "serverlessAppFirewall",
      "networkFirewall",
      "secrets",
      "hostRuntime",
      "serverlessRuntime",
      "kubernetesAudit",
      "trust",
      "admission",
      "codeRepoCompliance",
      "ciCodeRepoCompliance",
      "ciCodeRepoVulnerability",
      "codeRepoVulnerability"
    ],
    "ruleID": "string",
    "source": [
      "app",
      "cli",
      "manual"
    ]
  },
  "scanStartTime": "2024-04-23T19:45:39.574Z",
  "severityDistribution": {
    "high": 0,
    "info": 0,
    "low": 0,
    "medium": 0
  },
  "specInfo": {
    "content": [
      "string"
    ],
    "contentType": "string",
    "fileName": "string"
  }
}

default

Loading...