API (4.0.0)
Download OpenAPI specification:Download
The Qwiet API allows you to programmatically interact with Qwiet. You can manage users and their roles and get scan-related information, such as which applications were scanned and what vulnerabilities were identified by Qwiet as being present. You can also compare scans to see changes to your applications over time.
Use of the Qwiet API requires an access token, which is available via the Qwiet UI.
Set up a webhook
Set up a webhook for the given organization
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Request Body schema: application/json
| url | string The URL to which the webhook will be sent |
object (AuthenticatedWebHookTokenConfiguration) Configuration for a webhook that requires a token |
Responses
Request samples
- Payload
{- "url": "string",
- "token": {
- "token": "string",
- "renewalMetadata": {
- "url": "string",
- "method": "string",
- "bodyFields": { },
- "asJson": true,
- "forceFormUrlEncoding": true
}, - "responseHandling": {
- "tokenField": "string",
- "ttlField": "string",
- "typeField": "string"
}
}
}Response samples
- default
{- "ok": true,
- "code": "INTERNAL_SERVER_ERROR",
- "message": "Internal Server Error",
- "validation_errors": [
- "string"
]
}Delete a webhook
Delete the webhook for the given organization
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Responses
Response samples
- default
{- "ok": true,
- "code": "INTERNAL_SERVER_ERROR",
- "message": "Internal Server Error",
- "validation_errors": [
- "string"
]
}Read app group
Return information about an app group.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appGroupName required | string The group name |
Responses
Response samples
- 200
- default
{- "ok": "true,",
- "response": {
- "app_ids": [
- "a_project_n_0",
- "a_project_n_4",
- "a_project_n_5"
], - "name": "newName"
}
}Create or update app group
Create or update an application group.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appGroupName required | string The group name |
Request Body schema: application/json
| rename | string A new name for the group (optional) |
| add_app_ids | Array of strings The application IDs to add to the group |
| remove_app_ids | Array of strings The application IDs to remove from the group |
Responses
Request samples
- Payload
{- "rename": "newGroupName",
- "add_app_ids": [
- "one_application_id",
- "another_application_id"
], - "remove_app_ids": [
- "a_different_application_id",
- "yet_another_application_id"
]
}Response samples
- 200
- default
{- "ok": "true,",
- "response": {
- "app_ids": [
- "a_project_n_0",
- "a_project_n_4",
- "a_project_n_5"
], - "name": "newName"
}
}Update application labels
Update the application's labels.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
Request Body schema: application/json
| add | Array of strings |
| remove | Array of strings |
| clear | boolean A boolean flag that is true when all labels should be removed from the application |
Responses
Request samples
- Payload
{- "add": [
- "string"
], - "remove": [
- "string"
], - "clear": true
}Response samples
- 200
- default
{- "ok": true,
- "response": [
- "string"
]
}Create Apps
Create one or more apps owned by an organization and potentially assigned to a team.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Request Body schema: application/json
| id required | string[a-zA-Z0-9]([\w:.-]*[a-zA-Z0-9])? the id of the app |
| name | string the user friendly name of the app |
| team_id | string the id of the team the app belongs to |
| base_branch | string the name of the principal branch of the app. |
Responses
Request samples
- Payload
[- {
- "id": "string",
- "name": "string",
- "team_id": "string",
- "base_branch": "master"
}
]Response samples
- 200
- default
{- "ok": true,
- "response": {
- "id": "BillingAPI",
- "name": "BillingAPI",
- "tags": [
- {
- "key": "group",
- "value": "billing"
}
]
}
}List apps
Return a list of the apps owned by the org.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": [
- {
- "id": "BillingAPI",
- "name": "BillingAPI",
- "tags": [
- {
- "key": "group",
- "value": "billing"
}
]
}
]
}Read app
Return an app owned by an organization.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "id": "BillingAPI",
- "name": "BillingAPI",
- "tags": [
- {
- "key": "group",
- "value": "billing"
}
]
}
}List app branches
Return a list of the branches of a specific app scanned for an org.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
query Parameters
| app | string App name |
| from | integer The earliest scan time for a branch to be included. Value should be a Unix timestamp (in seconds). Defaults to 1 week ago |
| until | integer The latest scan time for a branch to be included. Value should be a Unix timestamp (in seconds). Defaults to now |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": [
- {
- "id": "hsl",
- "name": "hsl",
- "default_branch": "master",
- "branches": [
- "master",
- "develop"
]
}
]
}Read app config
Return the configuration of an application.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "default_branch": "string",
- "analysis_configuration": {
- "secrets": {
- "entropy": 0,
- "disable": true
}, - "cpg2sp": {
- "max-steps": 0
}
}
}
}Update app config
Update the app's configuration.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
Request Body schema: application/json
| default_branch | string The repository's default branch |
object (AppAnalysisConfiguration) App level analysis configuration |
Responses
Request samples
- Payload
{- "default_branch": "string",
- "analysis_configuration": {
- "secrets": {
- "entropy": 0,
- "disable": true
}, - "cpg2sp": {
- "max-steps": 0
}
}
}Response samples
- 200
- default
{- "ok": true,
- "response": {
- "default_branch": "string"
}
}Read merged app config
Return the effective configuration of an application by combining the organization configuration and the configuration of a potentially assigned team as defaults first, before merging in the actual app configuration on top, overriding those defaults.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "default_branch": "string",
- "analysis_configuration": {
- "secrets": {
- "entropy": 0,
- "disable": true
}, - "cpg2sp": {
- "max-steps": 0
}
}
}
}The AutoFix suggestions for findings in applications. Qwiet AI AutoFix uses large language models (LLMs) to generate potential code fix suggestions for findings produced by preZero analyses.
Read finding's fix if it exists
Retrieve the fix for a specific finding if it exists. This feature is in beta and disabled by default. Contact Qwiet AI Customer Success if you need assistance.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
| findingID required | string The finding ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "organization_id": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "project_id": "myAwesomeProject",
- "scan_id": 1234,
- "sp_id": "sl/5b588.../",
- "status": "fixed",
- "fingerprint_hash": "",
- "finding_id": 4321,
- "fix": "this is a really big long thing text that normally should be in markdown format"
}
}List application scans branches
Return the list of branches of an application that have been scanned, not to be confused with the soon to be deprecated /branches endpoint.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "branch_name": "string",
- "scan_count": 0,
- "first_scan": 0,
- "last_scan": 0
}
}Create app finding comment
Create a comment on a finding.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
| findingID required | string The finding ID |
Request Body schema: application/json
| comment | string The text of the comment |
Responses
Request samples
- Payload
{- "comment": "string"
}Response samples
- 200
- default
{- "ok": true,
- "response": {
- "id": "30",
- "created_at": "2019-08-24T14:15:22Z",
- "app_id": "hsl",
- "org_id": "261f1203-748d-4010-a57d-4cf3107f8647",
- "finding_id": "3",
- "owner": {
- "email": "string",
- "name": "string"
}, - "comment": "string"
}
}List app finding comments
Return a list of the finding's comments thread.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
| findingID required | string The finding ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": [
- {
- "id": "30",
- "created_at": "2019-08-24T14:15:22Z",
- "app_id": "hsl",
- "org_id": "261f1203-748d-4010-a57d-4cf3107f8647",
- "finding_id": "3",
- "owner": {
- "email": "string",
- "name": "string"
}, - "comment": "string"
}
]
}Read specific comment for a finding
Read a comment for a specific finding for an app.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
| findingID required | string The finding ID |
| commentID required | string The comment ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "id": "30",
- "created_at": "2019-08-24T14:15:22Z",
- "app_id": "hsl",
- "org_id": "261f1203-748d-4010-a57d-4cf3107f8647",
- "finding_id": "3",
- "owner": {
- "email": "string",
- "name": "string"
}, - "comment": "string"
}
}Multi-Language Apps are groups of applications that are scanned together as a single application. This is useful for applications that are a compound of various programming languages and configurations of frameworks.
Read shallow compound
Returns a shallow compound object, which includes the compound's ID, name, and description.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| compoundID required | string <uuid> A compound's ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": "{\n \"ok\": true,\n \"response\": {\n \"id\": \"fab0089f-cc8c-44a8-a927-26e83f6eb6d4\",\n \"name\": \"shiftleft-python-demo\",\n \"apps\": [\n \"shiftleft-python-demo\",\n \"shiftleft-python-demo_element_PYTHONSRC\",\n \"shiftleft-python-demo_element_TERRAFORM_HCL\"\n ]\n }\n}\n"
}Delete compound
Deletes a compound and all of its associated apps.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| compoundID required | string <uuid> A compound's ID |
query Parameters
| recursive | boolean Whether to perform an action recursively. |
Responses
Response samples
- 200
- default
{- "ok": true
}Read full compound
Returns a full compound object, which includes the compound's ID, name, description, and the IDs of the apps that are part of the compound.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| compoundID required | string <uuid> A compound's ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": "{\n \"ok\": true,\n \"response\": {\n \"id\": \"fab0089f-cc8c-44a8-a927-26e83f6eb6d4\",\n \"name\": \"shiftleft-python-demo\",\n \"apps\": {\n \"11\": {\n \"id\": \"shiftleft-python-demo_element_TERRAFORM_HCL\",\n \"name\": \"shiftleft-python\",\n \"can_delete\": true,\n \"is_subscription_active\": true,\n \"configuration\": {\n \"analysis_configuration\": {\n \"secrets\": {},\n \"cpg2sp\": {}\n }\n },\n \"compound\": \"fab0089f-cc8c-44a8-a927-26e83f6eb6d4\"\n },\n \"17\": {\n \"id\": \"shiftleft-python-demo_element_PYTHONSRC\",\n \"name\": \"shiftleft-python\",\n \"can_delete\": true,\n \"is_subscription_active\": true,\n \"configuration\": {\n \"analysis_configuration\": {\n \"secrets\": {},\n \"cpg2sp\": {}\n }\n },\n \"compound\": \"fab0089f-cc8c-44a8-a927-26e83f6eb6d4\"\n },\n \"18\": {\n \"id\": \"shiftleft-python-demo\",\n \"name\": \"shiftleft-python-demo\",\n \"can_delete\": true,\n \"is_subscription_active\": true,\n \"configuration\": {\n \"analysis_configuration\": {\n \"secrets\": {},\n \"cpg2sp\": {}\n }\n },\n \"avg_scan_duration_ms\": 43674,\n \"compound\": \"fab0089f-cc8c-44a8-a927-26e83f6eb6d4\"\n }\n }\n }\n}\n"
}List app findings
List findings for the specified app. Results are filtered to a single scan (by default, this is the latest scan).
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
query Parameters
| type | string The type of findings. Accepted values are |
| severity | string (Severity) Enum: "low" "medium" "high" "critical" The severity filter |
| tags | Array of strings The scan tags to filter by (e.g., |
| finding_tags | Array of strings Example: finding_tags=category=XSS The findings' filtering tag |
| assignee | string The email addresses of users assigned to this finding |
| assignment | string (Assignment) Enum: "unassigned" "assigned" The assignment status filter. By default, all findings, both |
| category | string The category filter |
| details_tags | Array of strings The filter for the finding's details tags |
| status | string (Status) Enum: "unset" "fixed" "ignored" "3rdparty" "any" The status filter. By default, only |
| sort | string How to sort results; defaults to ID |
| order | string Enum: "desc" "asc" Direction of the sort; defaults to descending |
| only_counts | boolean Whether to include only finding counts; excludes the list of findings |
| page | integer The page of results to fetch. Results are not guaranteed to be deterministic using this approach; we recommended using the |
| per_page | integer Number of results per page; defaults to 50 |
| version | string Version to filter findings for; defaults to the latest scan |
| scan | string ID of the scan to filter to; defaults to the latest scan |
| source | string^scan\.\d+|tag\.\w=\w$ Example: source=scan.128|tag.branch=samplebranch The source scan for a comparision |
| diff | string (Diff) Enum: "new" "regression" "common" "fixed" Return a diff of findings (as compared to the source) |
| fields | Array of strings Items Enum: "-description" "-details" "-related_findings" Specifies the fields included or excluded in the response. |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "has_more": true,
- "scan": {
- "id": 1234,
- "app": "hello-qwiet",
- "version": "f348b507198fee7b6b57a460ef8a6c94783c59258f823dfcde41a2b5cb69765f",
- "successful": true,
- "is_default_branch": true,
- "started_at": "2019-08-24T14:15:22Z",
- "completed_at": "2019-08-24T14:15:22Z",
- "language": "javascript",
- "number_of_expressions": 10,
- "tags": { },
- "oss_info": {
- "enabled": true,
- "successful": true,
- "failure_reason": "string"
}, - "counts": [
- {
- "key": "category",
- "value": "XSS",
- "finding_type": "vuln",
- "count": 42
}
], - "findings_summaries": [
- {
- "finding_type": "vuln",
- "total": 10,
- "total_reachable": 0,
- "total_ignored": 1,
- "total_fixed": 3,
- "by_severity": {
- "info": {
- "total": 6
}, - "critical": {
- "total": 3,
- "total_fixed": 3
}, - "moderate": {
- "total": 1,
- "total_ignored": 1
}
}, - "by_category": {
- "Sensitive Data Leak": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}, - "by_assignee": {
- "test@qwiet.ai": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}
}
], - "total": 101,
- "total_fixed": 42,
- "total_ignored": 17
}, - "findings": [
- {
- "id": "1",
- "app": "hello-qwiet",
- "type": "vuln",
- "title": "Sensitive Data Leak: Sensitive data contained in HTTP request/response",
- "description": "Sensitive data included in HTTP request/response. This could result in sensitive data exposure",
- "severity": "low",
- "owasp_category": "a3-sensitive-data-exposure",
- "category": "Sensitive Data Leak",
- "status": "unset",
- "assignee": "string",
- "version_first_seen": "string",
- "details": { },
- "internal_id": "sensitive-to-http/f5ecc6f0cae821f47a06c939d1b9c7ee",
- "tags": [
- {
- "key": "severity",
- "value": "info"
}, - {
- "key": "cvss_score",
- "value": 2
}
]
}
], - "counts": [
- {
- "key": "category",
- "value": "XSS",
- "finding_type": "vuln",
- "count": 42
}
]
}
}Read app finding detail
Read the details for a single finding
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
| findingID required | string The finding ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "id": "1",
- "app": "hello-qwiet",
- "type": "vuln",
- "title": "Sensitive Data Leak: Sensitive data contained in HTTP request/response",
- "description": "Sensitive data included in HTTP request/response. This could result in sensitive data exposure",
- "severity": "low",
- "owasp_category": "a3-sensitive-data-exposure",
- "category": "Sensitive Data Leak",
- "status": "unset",
- "assignee": "string",
- "version_first_seen": "string",
- "details": { },
- "internal_id": "sensitive-to-http/f5ecc6f0cae821f47a06c939d1b9c7ee",
- "tags": [
- {
- "key": "severity",
- "value": "info"
}, - {
- "key": "cvss_score",
- "value": 2
}
]
}
}Set finding status
Set the current status for a finding
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
| findingID required | string The finding ID |
Request Body schema: application/json
| status | string Enum: "fixed" "ignore" "codeviolationfixed" "codeviolationignore" "codeviolationremovestatus" The status to be set; leaving it blank will remove status |
| optional_comment | string Optional text to be used as the comment that is created along with every status. |
Responses
Request samples
- Payload
{- "status": "fixed",
- "optional_comment": "string"
}Response samples
- 200
- default
{- "ok": true
}Set finding assignee
Set the current assignee for a finding
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
| findingID required | string The finding ID |
Request Body schema: application/json
| assignee | string The email of the person to be assigned to the finding |
Responses
Request samples
- Payload
{- "assignee": "string"
}Response samples
- 200
- default
{- "ok": true
}Set multiple findings status
Set the current status for multiple findings
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
Request Body schema: application/json
| findings | Array of integers |
| status | string Enum: "fixed" "ignore" "codeviolationfixed" "codeviolationignore" "codeviolationremovestatus" The status to be set; leaving it blank will remove status |
Responses
Request samples
- Payload
{- "findings": [
- 0
], - "status": "fixed"
}Response samples
- 200
- default
{- "ok": true
}Set multiple findings assignee
Set the current assignee for a finding
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
Request Body schema: application/json
| findings | Array of integers |
| assignee | string The email of the person to be assigned to the findings |
Responses
Request samples
- Payload
{- "findings": [
- 0
], - "assignee": "string"
}Response samples
- 200
- default
{- "ok": true
}List org findings
Return all findings for the org.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
query Parameters
| tags | Array of strings The scan tags to filter by (e.g., |
| finding_tags | Array of strings Example: finding_tags=category=XSS The findings' filtering tag |
| type | string The type of findings. Accepted values are |
| severity | string (Severity) Enum: "low" "medium" "high" "critical" The severity filter |
| assignee | string The email addresses of users assigned to this finding |
| assignment | string (Assignment) Enum: "unassigned" "assigned" The assignment status filter. By default, all findings, both |
| category | string The category filter |
| details_tags | Array of strings The filter for the finding's details tags |
| status | string (Status) Enum: "unset" "fixed" "ignored" "3rdparty" "any" The status filter. By default, only |
| sort | string How to sort results; defaults to ID |
| order | string Enum: "desc" "asc" Direction of the sort; defaults to descending |
| only_counts | boolean Whether to include only finding counts; excludes the list of findings |
| page | integer The page of results to fetch. Results are not guaranteed to be deterministic using this approach; we recommended using the |
| per_page | integer Number of results per page; defaults to 50 |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "has_more": true,
- "findings": [
- {
- "id": "1",
- "app": "hello-qwiet",
- "type": "vuln",
- "title": "Sensitive Data Leak: Sensitive data contained in HTTP request/response",
- "description": "Sensitive data included in HTTP request/response. This could result in sensitive data exposure",
- "severity": "low",
- "owasp_category": "a3-sensitive-data-exposure",
- "category": "Sensitive Data Leak",
- "status": "unset",
- "assignee": "string",
- "version_first_seen": "string",
- "details": { },
- "internal_id": "sensitive-to-http/f5ecc6f0cae821f47a06c939d1b9c7ee",
- "tags": [
- {
- "key": "severity",
- "value": "info"
}, - {
- "key": "cvss_score",
- "value": 2
}
]
}
], - "counts": [
- {
- "key": "category",
- "value": "XSS",
- "finding_type": "vuln",
- "count": 42
}
]
}
}Read org findings summary
Return a summary of findings for the org.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
query Parameters
| tags | Array of strings The scan tags to filter by (e.g., |
| type | string The type of findings. Accepted values are |
| default_branch | boolean Return findings from scans of the app's configured default branch |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "findings_summaries": [
- {
- "finding_type": "vuln",
- "total": 10,
- "total_reachable": 0,
- "total_ignored": 1,
- "total_fixed": 3,
- "by_severity": {
- "info": {
- "total": 6
}, - "critical": {
- "total": 3,
- "total_fixed": 3
}, - "moderate": {
- "total": 1,
- "total_ignored": 1
}
}, - "by_category": {
- "Sensitive Data Leak": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}, - "by_assignee": {
- "test@qwiet.ai": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}
}
], - "apps": [
- {
- "app": "string",
- "findings_summaries": [
- {
- "finding_type": "vuln",
- "total": 10,
- "total_reachable": 0,
- "total_ignored": 1,
- "total_fixed": 3,
- "by_severity": {
- "info": {
- "total": 6
}, - "critical": {
- "total": 3,
- "total_fixed": 3
}, - "moderate": {
- "total": 1,
- "total_ignored": 1
}
}, - "by_category": {
- "Sensitive Data Leak": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}, - "by_assignee": {
- "test@qwiet.ai": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}
}
], - "scan": {
- "id": 1234,
- "app": "hello-qwiet",
- "version": "f348b507198fee7b6b57a460ef8a6c94783c59258f823dfcde41a2b5cb69765f",
- "successful": true,
- "is_default_branch": true,
- "started_at": "2019-08-24T14:15:22Z",
- "completed_at": "2019-08-24T14:15:22Z",
- "language": "javascript",
- "number_of_expressions": 10,
- "tags": { },
- "oss_info": {
- "enabled": true,
- "successful": true,
- "failure_reason": "string"
}, - "counts": [
- {
- "key": "category",
- "value": "XSS",
- "finding_type": "vuln",
- "count": 42
}
], - "findings_summaries": [
- {
- "finding_type": "vuln",
- "total": 10,
- "total_reachable": 0,
- "total_ignored": 1,
- "total_fixed": 3,
- "by_severity": {
- "info": {
- "total": 6
}, - "critical": {
- "total": 3,
- "total_fixed": 3
}, - "moderate": {
- "total": 1,
- "total_ignored": 1
}
}, - "by_category": {
- "Sensitive Data Leak": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}, - "by_assignee": {
- "test@qwiet.ai": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}
}
], - "total": 101,
- "total_fixed": 42,
- "total_ignored": 17
}
}
]
}
}The logical grouping (e.g., tenant/account) within Qwiet that defines a set of users, teams, and applications.
Download audit log CSV
Download the CSV formatted audit log for an organization for a specific month. This feature is disabled by default. Contact Qwiet AI Customer Success to enable it.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| auditYear required | number The year for a requested report |
| auditMonth required | number The month for a requested report |
Responses
Upsert check-analysis Configuration
Upload configuration file for the check-analysis server-side configuration and
returns the hash of the uploaded file when successful.
The reference here takes no tag, just a name.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| reference required | string the reference |
query Parameters
| tag | string the tags |
| useDefaults | boolean whether to apply the default versioning mechanism |
Request Body schema: application/yaml
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "contentHash": "cf070ba492a9ec9d411e615e7399c0c94d11be0888862c5385b7184a5da53ec7",
- "tags": [
- "v1",
- "v2",
- "latest"
]
}
}Resolve check-analysis Configuration
Resolve the given reference (name plus a tag, which is usually a version number) and return the raw file back to the caller.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| reference required | string the reference |
Responses
Response samples
- default
{- "ok": true,
- "code": "INTERNAL_SERVER_ERROR",
- "message": "Internal Server Error",
- "validation_errors": [
- "string"
]
}List check-analysis Configurations
List all check-analysis configurations for the given
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
query Parameters
| name | string Any names to filter for, only those policies tagged with these names will be returned |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": [
- {
- "contentHash": "18269b4a713bfc9aa8e8c74d9b9c6a5ced89b4d46364644e2ede7ffa39f54aa9",
- "tags": [
- {
- "name": "blah",
- "tags": [
- "latest",
- "v1",
- "v2"
]
}
]
}
]
}Update org configuration
Update configuration options for the organization. Note that this endpoint will overwrite all configuration existing configuration options. We recommend using the GET endpoint to obtain the current configuration for your records before proceeding. Alternatively, if you intend to change only analysis configuration, then you can use UpdateOrgAnalysisConfig endpoint
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Request Body schema: application/json
| sso_name | string The unique name assigned to the organization that can be used to log in via SSO |
| default_saml_config | string The name of the SAML config to use as the default for this organization |
| allowed_non_admin_auth_providers | Array of strings Items Enum: "google" "github" "username-password" "sl-saml2" A list of auth providers that non-admins are allowed to use to access the org. |
| security_training_provider | string Enum: "kontra" "secure-code-warrior" |
object (OrgAnalysisConfiguration) Organization level analysis configuration | |
object (AutoFixConfig) An object describing the AutoFix configuration options of an organization |
Responses
Request samples
- Payload
{- "sso_name": "string",
- "default_saml_config": "string",
- "allowed_non_admin_auth_providers": [
- "google"
], - "security_training_provider": "kontra",
- "analysis_configuration": {
- "secrets": {
- "entropy": 0,
- "disable": true
}
}, - "autofix_configuration": {
- "enable": true,
- "disable": true,
- "auto_run": true,
- "auto_run_disable": true,
- "manual": true,
- "manual_disable": true,
- "max_fixes_per_run": 0,
- "fix_only_severities": [
- "low"
]
}
}Response samples
- 200
- default
{- "ok": true
}Read org configuration
Return the configuration options for the organization
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "sso_name": "string",
- "default_saml_config": "string",
- "allowed_non_admin_auth_providers": [
- "google"
], - "security_training_provider": "kontra",
- "analysis_configuration": {
- "secrets": {
- "entropy": 0,
- "disable": true
}
}, - "autofix_configuration": {
- "enable": true,
- "disable": true,
- "auto_run": true,
- "auto_run_disable": true,
- "manual": true,
- "manual_disable": true,
- "max_fixes_per_run": 0,
- "fix_only_severities": [
- "low"
]
}
}
}Read AutoFix configuration for the organization
Return the AutoFix configuration options for the organization
path Parameters
| orgID required | string <uuid> The org ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "autofix_configuration": {
- "enable": true,
- "disable": true,
- "auto_run": true,
- "auto_run_disable": true,
- "manual": true,
- "manual_disable": true,
- "max_fixes_per_run": 0,
- "fix_only_severities": [
- "low"
]
}
}
}Update org analysis configuration
Create analysis analysis configuration options for the organization. Doesn't touch other parts of configuration (like e.g. default_saml_config)
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Request Body schema: application/json
object (SecretsConfiguration) Secrets detection configuration | |||||
| |||||
Responses
Request samples
- Payload
{- "secrets": {
- "entropy": 0,
- "disable": true
}
}Response samples
- 200
- default
{- "ok": true
}Update org analysis configuration
Update analysis analysis configuration options for the organization. Doesn't touch other parts of configuration (like e.g. default_saml_config)
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Request Body schema: application/json
object (SecretsConfiguration) Secrets detection configuration | |||||
| |||||
Responses
Request samples
- Payload
{- "secrets": {
- "entropy": 0,
- "disable": true
}
}Response samples
- 200
- default
{- "ok": true
}Roles-based access control (RBAC) allows you to control the permissions users in an organization are granted.
The permissions granted to a user are additive. The base level of a user's permission is determined by their role in the organization.
A team represents a group of users and the applications that group of users can access. Users are granted additional permissions based on their team role.
Users can belong to multiple teams, but an application can only belong to one team.
You can use the TEAM_DEFINED organization role to limit user access to only the apps assigned to their team.
List roles
Return a list of roles an org has available to use (includes only the roles that are managed by Qwiet). Note that the ID and role ID for a CI token are also used for access tokens. The ID and role ID for an integration token are also used for a Jira integration token.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": [
- {
- "description": "",
- "id": "e7ca42af-8dd5-4928-8eb9-28d5e41b5564",
- "id_aliases": [
- "MEMBER",
- "TEAM_MEMBER"
], - "name": "Member",
- "scopes": [
- "apps:list",
- "cold_start_subscription:read",
- "cold_start_subscription:update",
- "findings:list",
- "kontra:login",
- "kontra:read",
- "org:read",
- "org_inspect_configuration:validate",
- "org_user_notification:create",
- "org_user_notification:delete",
- "org_user_notification:read",
- "org_user_notification:update",
- "roles:list",
- "subscriptions:read"
]
}, - {
- "description": "",
- "id": "c46b7cba-6726-11eb-8232-e3aecb012972",
- "id_aliases": [
- "LEGACY_COLLABORATOR"
], - "name": "Collaborator",
- "scopes": [
- "apps:list",
- "findings:list",
- "findings:read",
- "kontra:login",
- "kontra:read",
- "metrics:write",
- "org:read",
- "org_inspect_configuration:validate",
- "org_invitations:list",
- "org_runs:create",
- "org_runs:read",
- "org_user_notification:create",
- "org_user_notification:delete",
- "org_user_notification:read",
- "org_user_notification:update",
- "scan_status:update",
- "seats:claim",
- "seats:list",
- "subscriptions:read",
- "teams:list",
- "tokens:create",
- "uploads:write"
]
}, - {
- "description": "",
- "id": "6fc50b34-6705-11eb-b610-435a3f7b9ad3",
- "id_aliases": [
- "SUPER_ADMIN"
], - "name": "Super Admin",
- "scopes": [
- "apps:list",
- "auth_provider:*",
- "blocked_seats:list",
- "blocked_seats:update",
- "cold_start_subscription:read",
- "cold_start_subscription:update",
- "findings:list",
- "findings:read",
- "github:install",
- "github_fork_demo:create",
- "github_repos:list",
- "github_user_repo:create",
- "kontra:login",
- "kontra:read",
- "org:delete",
- "org:read",
- "org:update",
- "org_alert_notification:read",
- "org_alert_notification:update",
- "org_configuration:read",
- "org_configuration:write",
- "org_inspect_configuration:create",
- "org_inspect_configuration:validate",
- "org_invitations:create",
- "org_invitations:delete",
- "org_invitations:list",
- "org_metrics:read",
- "org_user:list",
- "org_user_notification:create",
- "org_user_notification:delete",
- "org_user_notification:read",
- "org_user_notification:update",
- "project:create",
- "roles:create",
- "roles:list",
- "saml_config:create",
- "saml_config:delete",
- "saml_config:list",
- "saml_config:update",
- "seats:claim",
- "seats:delete",
- "seats:delete",
- "seats:list",
- "seats:write",
- "subscriptions:read",
- "subscriptions_trial:update",
- "teams:create",
- "teams:delete",
- "teams:list",
- "tokens:create",
- "tokens:delete",
- "tokens:list"
]
}, - {
- "description": "",
- "id": "6d5fbe08-0512-46e0-b5d2-45902ee6c0ba",
- "id_aliases": [
- "GUEST",
- "TEAM_GUEST"
], - "name": "Guest",
- "scopes": [
- "apps:list",
- "cold_start_subscription:read",
- "cold_start_subscription:update",
- "findings:list",
- "kontra:login",
- "kontra:read",
- "org:read",
- "org_user_notification:create",
- "org_user_notification:delete",
- "org_user_notification:read",
- "org_user_notification:update",
- "reports:read",
- "roles:list",
- "subscriptions:read"
]
}, - {
- "description": "",
- "id": "09e9fc1f-8190-4b09-b2bf-a1beabd62c2a",
- "id_aliases": [
- "POWER_USER",
- "TEAM_ADMIN"
], - "name": "Power User",
- "scopes": [
- "apps:list",
- "cold_start_subscription:read",
- "cold_start_subscription:update",
- "findings:list",
- "kontra:login",
- "kontra:read",
- "org:read",
- "org_inspect_configuration:validate",
- "org_user:list",
- "org_user_notification:create",
- "org_user_notification:delete",
- "org_user_notification:read",
- "org_user_notification:update",
- "project:create",
- "project:delete",
- "project:update",
- "roles:list",
- "subscriptions:read",
- "teams:list"
]
}, - {
- "description": "",
- "id": "033d8bd8-849f-4665-9dd8-72787c0b2494",
- "id_aliases": [
- "TEAM_DEFINED"
], - "name": "Team Defined",
- "scopes": [
- "apps:list",
- "findings:list",
- "org:read",
- "reports:read",
- "roles:list",
- "subscriptions:read"
]
}
]
}List users
Returns a list users in the organization, along with their team membership and roles, it allows filter by email.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
query Parameters
| email required | string <email> The user's email |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": [
- {
- "name": "Peter Gibbons",
- "email": "peter@example.com",
- "id_v2": "61f9da5b-d316-419d-a206-1a006ae9e3a5",
- "team_membership": [
- {
- "team_name": "",
- "team_id": "",
- "role": "033d8bd8-849f-4665-9dd8-72787c0b2494",
- "role_name": "Team Defined",
- "role_aliases": [
- "TEAM_DEFINED"
]
}, - {
- "team_name": "ATeam",
- "team_id": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "role": "6d5fbe08-0512-46e0-b5d2-45902ee6c0ba",
- "role_name": "Guest",
- "role_aliases": [
- "GUEST"
]
}
]
}
]
}Update user
Update a user
Authorizations:
path Parameters
| userIDv2 required | string <uuid> The user's ID |
| orgID required | string <uuid> The org ID |
Request Body schema: application/json
| org_role required | string Enum: "SUPER_ADMIN" "POWER_USER" "MEMBER" "GUEST" "TEAM_DEFINED" The role that should be assigned to the user. |
Responses
Request samples
- Payload
{- "org_role": "TEAM_DEFINED"
}Response samples
- 200
- default
{- "ok": true
}List human groups
Return a list of human groups in the organization.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
query Parameters
| name | string The human group name, case sensitive |
| iname | string The human group name, case insensitive |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "groups": [
- {
- "group_id": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "group_name": "Group1",
- "members": [
- {
- "user_id_v2": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "email": "example@qwiet.ai"
}, - {
- "user_id_v2": "5b588f3a-7fe0-444d-afbb-213141321233",
- "email": "example2@qwiet.ai"
}
], - "teams": [
- {
- "team_id": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "team_name": "Team1",
- "role": "TEAM_MANAGER"
}, - {
- "team_id": "5b588f3a-7fe0-444d-afbb-213141321233",
- "team_name": "Team2",
- "role": "TEAM_MEMBER"
}
]
}, - {
- "group_id": "5b588f3a-7fe0-444d-afbb-213141321233",
- "group_name": "Group2"
}
]
}
}Create team
Create a new team for an organization.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Request Body schema: application/json
| name required | string The name of the team to be created |
| applications | Array of strings The applications that should be added to the team |
Array of objects The members that should be added to the team |
Responses
Request samples
- Payload
{- "name": "ATeam",
- "applications": [
- "app01"
], - "team_membership": [
- {
- "user_id_v2": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "team_role": "a003f608-67d1-11eb-b8a6-fbc4104446af"
}
]
}Response samples
- 200
- default
{- "ok": true,
- "response": {
- "team_id": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b"
}
}List teams
Return a list of all teams within an organization.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
query Parameters
| teamName | string The team name |
| no_members | boolean Value: true Indicates whether or not to include the team members in the response |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": [
- {
- "team_id": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "team_name": "Team1"
}, - {
- "team_id": "5b588f3a-7fe0-444d-afbb-213141321233",
- "team_name": "Team2"
}
]
}Update the members of a team
Update the members of a team.
Authorizations:
path Parameters
| rbacTeamID required | string <uuid> The team ID |
| orgID required | string <uuid> The org ID |
Request Body schema: application/json
| team_id required | string The team's ID |
| version required | integer The team configuration version |
Array of objects A list of the members to be added to the team | |
Array of objects A list of the members to be removed from the team |
Responses
Request samples
- Payload
{- "version": 1,
- "add_team_membership": [
- {
- "user_id_v2": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "team_role": "a003f608-67d1-11eb-b8a6-fbc4104446af"
}
], - "remove_team_membership": [
- {
- "user_id_v2": "77788f3a-7fe0-444d-afbb-c0d5ee04139b",
- "team_role": "a003f608-67d1-11eb-b8a6-fbc4104446af"
}
]
}Response samples
- 200
- default
{- "ok": true,
- "response": {
- "version": 1,
- "team_id": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "team_name": "ATeam",
- "applications": [
- "one_application_id"
], - "users": [
- {
- "user_id_v2": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "team_role": "a003f608-67d1-11eb-b8a6-fbc4104446af"
}
]
}
}Update a team's applications
Update the apps assigned to a team.
Authorizations:
path Parameters
| rbacTeamID required | string <uuid> The team ID |
| orgID required | string <uuid> The org ID |
Request Body schema: application/json
| team_id required | string The team's ID |
| version required | integer The team configuration version |
| add_applications | Array of strings A list of the applications to add to the team |
| force_app_inclusion | boolean Whether the app should be added if it belongs to another team. The app will be removed from the conflicting team if added |
| remove_applications | Array of strings A list of the application IDs to remove from the team |
Responses
Request samples
- Payload
{- "version": 1,
- "add_applications": [
- "app01"
], - "remove_applications": [
- "app02"
]
}Response samples
- 200
- default
{- "ok": true,
- "response": {
- "version": 1,
- "team_id": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "team_name": "ATeam",
- "applications": [
- "one_application_id"
], - "users": [
- {
- "user_id_v2": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "team_role": "a003f608-67d1-11eb-b8a6-fbc4104446af"
}
]
}
}Update the metadata of a team
Update the metadata of a team.
Authorizations:
path Parameters
| rbacTeamID required | string <uuid> The team ID |
| orgID required | string <uuid> The org ID |
Request Body schema: application/json
| team_id required | string The team's ID |
| version required | integer The team configuration version |
| change_name | string The team's new name |
Responses
Request samples
- Payload
{- "version": 1,
- "change_name": "a new name"
}Response samples
- 200
- default
{- "ok": true,
- "response": {
- "version": 1,
- "team_id": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "team_name": "a new name",
- "applications": [
- "one_application_id"
], - "users": [
- {
- "user_id_v2": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "team_role": "a003f608-67d1-11eb-b8a6-fbc4104446af"
}
]
}
}Read team
Return information about a team.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| rbacTeamID required | string <uuid> The team ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "version": 1,
- "team_id": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "team_name": "ATeam",
- "applications": [
- "one_application_id"
], - "users": [
- {
- "user_id_v2": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "team_role": "a003f608-67d1-11eb-b8a6-fbc4104446af"
}
]
}
}Update a team
Update a team within an organization.
Authorizations:
path Parameters
| rbacTeamID required | string <uuid> The team ID |
| orgID required | string <uuid> The org ID |
Request Body schema: application/json
| team_id required | string The team's ID |
| version | integer The team configuration version |
| add_applications | Array of strings A list of the application to add to this team |
| force_app_inclusion | boolean Whether the app should be added if it belongs to another team (the app will be removed from the conflicting team if added) |
| remove_applications | Array of strings A list of the applications to remove from the team |
Array of objects A list of members to be added to the team | |
Array of objects A list of members to be removed from the team |
Responses
Request samples
- Payload
{- "version": 1,
- "add_applications": [
- "app01"
], - "remove_applications": [
- "app02"
], - "add_team_membership": [
- {
- "user_id_v2": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "team_role": "a003f608-67d1-11eb-b8a6-fbc4104446af"
}
], - "remove_team_membership": [
- {
- "user_id_v2": "77788f3a-7fe0-444d-afbb-c0d5ee04139b",
- "team_role": "a003f608-67d1-11eb-b8a6-fbc4104446af"
}
]
}Response samples
- 200
- default
{- "ok": true,
- "response": {
- "version": 1,
- "team_id": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "team_name": "ATeam",
- "applications": [
- "one_application_id"
], - "users": [
- {
- "user_id_v2": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "team_role": "a003f608-67d1-11eb-b8a6-fbc4104446af"
}
]
}
}Delete team
Delete a team within an organization.
Authorizations:
path Parameters
| rbacTeamID required | string <uuid> The team ID |
| orgID required | string <uuid> The org ID |
Request Body schema: application/json
| team_id required | string The team's ID |
| version required | integer The team's configuration version |
Responses
Request samples
- Payload
{- "version": 1
}Response samples
- 200
- default
{- "ok": true
}List groups
Return a list of all groups within a team.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| rbacTeamID required | string <uuid> The team ID |
Responses
Response samples
- 200
{- "ok": true,
- "response": [
- {
- "group_id": "string",
- "group_name": "string",
- "members": [
- {
- "user_id": "string",
- "email": "string"
}
], - "teams": [
- {
- "team_id": "string",
- "team_name": "string",
- "role": "string"
}
]
}
]
}Create or update group
Create or update a group within a team.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| rbacTeamID required | string <uuid> The team ID |
Request Body schema: application/json
required | Array of objects (GroupAndRole) | ||||
Array
| |||||
Responses
Request samples
- Payload
{- "group_ids": [
- {
- "group_id": "string",
- "team_role": "string"
}
]
}Response samples
- 200
- default
{- "ok": true
}Read group
Return information about a group.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| groupID required | string <uuid> A human group's ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "group_id": "string",
- "group_name": "string",
- "members": [
- {
- "user_id": "string",
- "email": "string"
}
], - "teams": [
- {
- "team_id": "string",
- "team_name": "string",
- "role": "string"
}
]
}
}Update group
Update a group's role within a team.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| rbacTeamID required | string <uuid> The team ID |
| groupID required | string <uuid> A human group's ID |
Request Body schema: application/json
required | Array of objects (GroupAndRole) | ||||
Array
| |||||
Responses
Request samples
- Payload
{- "group_ids": [
- {
- "group_id": "string",
- "team_role": "string"
}
]
}Response samples
- 200
- default
{- "ok": true
}Remove group from team
Remove a group's membership to a team.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| rbacTeamID required | string <uuid> The team ID |
| groupID required | string <uuid> A human group's ID |
Responses
Response samples
- 200
- default
{- "ok": true
}Read Team group
Return information about a group.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| rbacTeamID required | string <uuid> The team ID |
| groupID required | string <uuid> A human group's ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "group_id": "string",
- "group_name": "string",
- "members": [
- {
- "user_id": "string",
- "email": "string"
}
], - "teams": [
- {
- "team_id": "string",
- "team_name": "string",
- "role": "string"
}
]
}
}Read HTML PCI DSS report for a scan
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
| scanID required | string ID of the scan |
query Parameters
| ignore_info_findings | boolean Whether findings marked as informational should be included in the report or not |
Responses
Response samples
- 200
- default
<!DOCTYPE html> <html> <head> <meta charset="utf-8" /> <!-- report data --> </head> <body></body> </html>
Read Detailed OWASP report for a scan
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
| scanID required | string ID of the scan |
| ext required | string Enum: "html" "pdf" Example: pdf the extension wanted |
| year required | string Enum: "2017" "2021" Example: 2021 the year wanted |
query Parameters
| comments | boolean Whether to include comments |
| status | string (Status) Enum: "unset" "fixed" "ignored" "3rdparty" "any" The status filter. By default, only |
| tz | string Example: tz=America/New_York The timezone for any times shown in the report. By default, times are shown in UTC. |
Responses
Response samples
- 200
- default
<!DOCTYPE html> <html> <head> <meta charset="utf-8" /> <!-- report data --> </head> <body></body> </html>
Read CWE report for a scan
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
| scanID required | string ID of the scan |
| ext required | string Enum: "html" "pdf" Example: pdf the extension wanted |
query Parameters
| comments | boolean Whether to include comments |
| status | string (Status) Enum: "unset" "fixed" "ignored" "3rdparty" "any" The status filter. By default, only |
| tz | string Example: tz=America/New_York The timezone for any times shown in the report. By default, times are shown in UTC. |
Responses
Response samples
- 200
- default
<!DOCTYPE html> <html> <head> <meta charset="utf-8" /> <!-- report data --> </head> <body></body> </html>
The integration endpoints allowing orgs to configure Qwiet to act as a SAML service provider (SP) that uses the customer's identity provider (IdP) to log users in.
Create a SAML configuration for an org
Create a SAML configuration that can be used to authenticate users for an organization
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Request Body schema: application/json
| idp_metadata_url | string <uri> The URL of the SAML Identity Provider's (IdP) metadata endpoint |
| idp_metadata | string The raw XML metadata that can be provided instead of idp_metadata_url |
| allow_implicit_invites | boolean Sets whether any successful SAML-identified user should be allowed to join your org (true) or not (false) |
| default_org_role | string The default role that new users in the org are given when joining via SAML. If not specified, this defaults to "TEAM_DEFINED" |
| sign_auth_requests | boolean Whether to sign SAML requests sent from Qwiet to the SAML IdP |
| allow_idp_initiated_logins | boolean Whether SAML-initiated logins should be allowed or not. By default they are disabled, as service provider (SP) initiated logins are generally considered safer. When enabled, the saml_config endpoint will have another field, "idp_default_relay_state", which contains an opaque blob that needs to be set as the default relay state in the IdP configuration. This state will be sent on every request where no relay state was provided and contains some additional information to help the SP (Qwiet) properly route the request |
| name required | string (SAMLConfigName) ^[a-zA-Z0-9-_]{1,255}$ The name and ID of the specified SAML configuration |
Responses
Request samples
- Payload
{- "idp_metadata": "string",
- "allow_implicit_invites": true,
- "default_org_role": "string",
- "sign_auth_requests": true,
- "allow_idp_initiated_logins": true,
- "name": "string"
}Response samples
- 200
- default
{- "ok": true,
- "response": {
- "idp_metadata": "string",
- "allow_implicit_invites": true,
- "default_org_role": "string",
- "sign_auth_requests": true,
- "allow_idp_initiated_logins": true,
- "name": "string",
- "idp_default_relay_state": "string",
}
}List SAML configurations for an org
List the SAML Configurations that can be used to authenticate users in an organization
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": [
- {
- "idp_metadata": "string",
- "allow_implicit_invites": true,
- "default_org_role": "string",
- "sign_auth_requests": true,
- "allow_idp_initiated_logins": true,
- "name": "string",
- "idp_default_relay_state": "string",
}
]
}Update SAML configuration for an org
Update a SAML Configuration used to authenticate users for an organization
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| SAMLConfigName required | string (SAMLConfigName) ^[a-zA-Z0-9-_]{1,255}$ The name and ID of the specified SAML configuration |
Request Body schema: application/json
| idp_metadata_url | string <uri> The URL of the SAML Identity Provider's (IdP) metadata endpoint |
| idp_metadata | string The raw XML metadata that can be provided instead of idp_metadata_url |
| allow_implicit_invites | boolean Sets whether any successful SAML-identified user should be allowed to join your org (true) or not (false) |
| default_org_role | string The default role that new users in the org are given when joining via SAML. If not specified, this defaults to "TEAM_DEFINED" |
| sign_auth_requests | boolean Whether to sign SAML requests sent from Qwiet to the SAML IdP |
| allow_idp_initiated_logins | boolean Whether SAML-initiated logins should be allowed or not. By default they are disabled, as service provider (SP) initiated logins are generally considered safer. When enabled, the saml_config endpoint will have another field, "idp_default_relay_state", which contains an opaque blob that needs to be set as the default relay state in the IdP configuration. This state will be sent on every request where no relay state was provided and contains some additional information to help the SP (Qwiet) properly route the request |
Responses
Request samples
- Payload
{- "idp_metadata": "string",
- "allow_implicit_invites": true,
- "default_org_role": "string",
- "sign_auth_requests": true,
- "allow_idp_initiated_logins": true
}Response samples
- 200
{- "ok": true,
- "response": {
- "idp_metadata": "string",
- "allow_implicit_invites": true,
- "default_org_role": "string",
- "sign_auth_requests": true,
- "allow_idp_initiated_logins": true,
- "name": "string",
- "idp_default_relay_state": "string",
}
}Delete an org's SAML configuration
Delete a SAML Configuration that is used to authenticate users in an organization
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| SAMLConfigName required | string (SAMLConfigName) ^[a-zA-Z0-9-_]{1,255}$ The name and ID of the specified SAML configuration |
Responses
Response samples
- 200
- default
{- "ok": true
}Provision or update SAML users for an organization.
Create or update SAML users and their org or team roles. Users cannot be deleted.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Request Body schema: application/json
| name | string the name of the user |
| email required | string the email of the user |
| organization_role required | string Enum: "SUPER_ADMIN" "POWER_USER" "MEMBER" "GUEST" "TEAM_DEFINED" |
Array of objects (SAMLUserMembership) |
Responses
Request samples
- Payload
[- {
- "name": "string",
- "email": "string",
- "organization_role": "SUPER_ADMIN",
- "team_membership": [
- {
- "team_id": "string",
- "role": "TEAM_ADMIN"
}
]
}
]Response samples
- 200
- default
{- "ok": true,
- "response": {
- "users": [
- {
- "idv2": "c0da4f6a-7041-4fb3-850f-b89fcfaddf43",
- "idv1": "string",
- "name": "string",
- "email": "user@example.com",
- "emailVerified": true,
- "membership": [
- {
- "organization": "452c1a86-a0af-475b-b03f-724878b0f387",
- "organizationName": "string"
}
], - "invites": [
- {
- "organization": "452c1a86-a0af-475b-b03f-724878b0f387",
- "organizationName": "string",
- "inviteId": "14ca54c2-5d85-4c93-81b5-495a2e7e0ca4"
}
], - "lastLoginUTCTimestampHistory": [
- 0
]
}
], - "rejected_emails": [
- "string"
], - "rejected_org_roles": [
- "string"
], - "rejected_team_roles": [
- "string"
]
}
}The saved searches endpoints allow users to save specific search queries for organization and app findings
Create a new saved search for a user
path Parameters
| orgID required | string |
Request Body schema: application/jsonrequired
| search_name | string |
| path_name | string |
| search_query | string |
Responses
Request samples
- Payload
{- "search_name": "string",
- "path_name": "string",
- "search_query": "string"
}Update a saved search for a user
path Parameters
| orgID required | string |
| searchID required | string |
Request Body schema: application/jsonrequired
| search_name | string |
| path_name | string |
| search_query | string |
Responses
Request samples
- Payload
{- "search_name": "string",
- "path_name": "string",
- "search_query": "string"
}List dependencies that match the search
Return all dependencies for the org apps if they match the search criteria.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
query Parameters
| search | string Search filter that looks for matches in finding titles and tags |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": [
- {
- "id": "1",
- "app": "hello-qwiet",
- "type": "vuln",
- "title": "Sensitive Data Leak: Sensitive data contained in HTTP request/response",
- "tags": [
- {
- "key": "severity",
- "value": "info"
}, - {
- "key": "cvss_score",
- "value": 2
}
]
}
]
}List scans
Return the most recent scans for the indicated app.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
query Parameters
| tags | Array of strings The scan tags to filter by (e.g., |
| limit | integer The number of scans to return (must be between 1 and 50, inclusive). The default is 10 scans |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "scans": [
- {
- "id": 1234,
- "app": "hello-qwiet",
- "version": "f348b507198fee7b6b57a460ef8a6c94783c59258f823dfcde41a2b5cb69765f",
- "successful": true,
- "is_default_branch": true,
- "started_at": "2019-08-24T14:15:22Z",
- "completed_at": "2019-08-24T14:15:22Z",
- "language": "javascript",
- "number_of_expressions": 10,
- "tags": { },
- "oss_info": {
- "enabled": true,
- "successful": true,
- "failure_reason": "string"
}, - "counts": [
- {
- "key": "category",
- "value": "XSS",
- "finding_type": "vuln",
- "count": 42
}
], - "findings_summaries": [
- {
- "finding_type": "vuln",
- "total": 10,
- "total_reachable": 0,
- "total_ignored": 1,
- "total_fixed": 3,
- "by_severity": {
- "info": {
- "total": 6
}, - "critical": {
- "total": 3,
- "total_fixed": 3
}, - "moderate": {
- "total": 1,
- "total_ignored": 1
}
}, - "by_category": {
- "Sensitive Data Leak": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}, - "by_assignee": {
- "test@qwiet.ai": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}
}
], - "total": 101,
- "total_fixed": 42,
- "total_ignored": 17
}
]
}
}Compare scans
Compare two scans and return a list of the findings in each, along with regression information.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
query Parameters
| source required | string^scan\.\d+|tag\.\w=\w$ Example: source=scan.128|tag.branch=samplebranch The source scan for a comparison |
| target required | string^scan\.\d+|tag\.\w=\w$ Example: target=scan.128|tag.branch=samplebranch The target scan for a comparison |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "source": {
- "id": 1234,
- "app": "hello-qwiet",
- "version": "f348b507198fee7b6b57a460ef8a6c94783c59258f823dfcde41a2b5cb69765f",
- "successful": true,
- "started_at": "2019-08-24T14:15:22Z",
- "completed_at": "2019-08-24T14:15:22Z",
- "language": "javascript",
- "number_of_expressions": 10,
- "tags": { }
}, - "target": {
- "id": 1234,
- "app": "hello-qwiet",
- "version": "f348b507198fee7b6b57a460ef8a6c94783c59258f823dfcde41a2b5cb69765f",
- "successful": true,
- "started_at": "2019-08-24T14:15:22Z",
- "completed_at": "2019-08-24T14:15:22Z",
- "language": "javascript",
- "number_of_expressions": 10,
- "tags": { }
}, - "new": [
- {
- "id": "1",
- "app": "hello-qwiet",
- "type": "vuln",
- "title": "Sensitive Data Leak: Sensitive data contained in HTTP request/response",
- "description": "Sensitive data included in HTTP request/response. This could result in sensitive data exposure",
- "severity": "low",
- "owasp_category": "a3-sensitive-data-exposure",
- "category": "Sensitive Data Leak",
- "version_first_seen": "string",
- "details": { },
- "internal_id": "sensitive-to-http/f5ecc6f0cae821f47a06c939d1b9c7ee",
- "regression": true
}
], - "fixed": [
- {
- "id": "1",
- "app": "hello-qwiet",
- "type": "vuln",
- "title": "Sensitive Data Leak: Sensitive data contained in HTTP request/response",
- "description": "Sensitive data included in HTTP request/response. This could result in sensitive data exposure",
- "severity": "low",
- "owasp_category": "a3-sensitive-data-exposure",
- "category": "Sensitive Data Leak",
- "version_first_seen": "string",
- "details": { },
- "internal_id": "sensitive-to-http/f5ecc6f0cae821f47a06c939d1b9c7ee",
- "regression": true
}
], - "common": [
- {
- "id": "1",
- "app": "hello-qwiet",
- "type": "vuln",
- "title": "Sensitive Data Leak: Sensitive data contained in HTTP request/response",
- "description": "Sensitive data included in HTTP request/response. This could result in sensitive data exposure",
- "severity": "low",
- "owasp_category": "a3-sensitive-data-exposure",
- "category": "Sensitive Data Leak",
- "version_first_seen": "string",
- "details": { },
- "internal_id": "sensitive-to-http/f5ecc6f0cae821f47a06c939d1b9c7ee",
- "regression": true
}
]
}
}Check a scan against a set of rules
Check a scan against a set of rules, using another scan as a reference.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
Request Body schema: application/json
| version required | integer Value: 2 |
required | object |
object or object The scan that is the starting point of a 'diff' check. Defaults to the previous scan of the current branch. | |
object or object The focus of the check. Defaults to the last scan of the default branch. | |
required | Array of objects The rules to apply. Note that ID must be unique. |
Responses
Request samples
- Payload
{- "version": 2,
- "meta": {
- "num_findings": 5,
- "kind": "single",
- "send-to-jira": true
}, - "source": {
- "branch": "main"
}, - "target": {
- "branch": "feature-branch"
}, - "rules": [
- {
- "id": "no-crits",
- "tags": {
- "severity": [
- "critical"
]
}, - "threshold": 0,
- "num_findings": 100
}
]
}Response samples
- 200
- default
{- "ok": true,
- "response": {
- "source": {
- "id": 1
}, - "target": {
- "id": 1
}, - "rules": {
- "property1": {
- "by_tag": {
- "property1": {
- "property1": 0,
- "property2": 0
}, - "property2": {
- "property1": 0,
- "property2": 0
}
}, - "reachable": 0,
- "matched": 0,
- "over_threshold": 0,
- "findings": [
- {
- "id": 0,
- "title": "string",
- "tags": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}
}
]
}, - "property2": {
- "by_tag": {
- "property1": {
- "property1": 0,
- "property2": 0
}, - "property2": {
- "property1": 0,
- "property2": 0
}
}, - "reachable": 0,
- "matched": 0,
- "over_threshold": 0,
- "findings": [
- {
- "id": 0,
- "title": "string",
- "tags": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}
}
]
}
}, - "totals": {
- "by_tag": {
- "property1": {
- "property1": 0,
- "property2": 0
}, - "property2": {
- "property1": 0,
- "property2": 0
}
}, - "reachable": 0,
- "matched": 0,
- "over_threshold": 0,
- "findings": [
- {
- "id": 0,
- "title": "string",
- "tags": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}
}
]
}
}
}Read scan details
Return details for the specified scan.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
| scanID required | string ID of the scan |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": [
- {
- "id": 1234,
- "app": "hello-qwiet",
- "version": "f348b507198fee7b6b57a460ef8a6c94783c59258f823dfcde41a2b5cb69765f",
- "successful": true,
- "is_default_branch": true,
- "started_at": "2019-08-24T14:15:22Z",
- "completed_at": "2019-08-24T14:15:22Z",
- "language": "javascript",
- "number_of_expressions": 10,
- "tags": { },
- "oss_info": {
- "enabled": true,
- "successful": true,
- "failure_reason": "string"
}, - "counts": [
- {
- "key": "category",
- "value": "XSS",
- "finding_type": "vuln",
- "count": 42
}
], - "findings_summaries": [
- {
- "finding_type": "vuln",
- "total": 10,
- "total_reachable": 0,
- "total_ignored": 1,
- "total_fixed": 3,
- "by_severity": {
- "info": {
- "total": 6
}, - "critical": {
- "total": 3,
- "total_fixed": 3
}, - "moderate": {
- "total": 1,
- "total_ignored": 1
}
}, - "by_category": {
- "Sensitive Data Leak": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}, - "by_assignee": {
- "test@qwiet.ai": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}
}
], - "total": 101,
- "total_fixed": 42,
- "total_ignored": 17
}
]
}Read check scans report
Read Check Scans Report.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
| scanID required | string ID of the scan |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": [
- {
- "source": {
- "id": 1
}, - "target": {
- "id": 1
}, - "rules": {
- "property1": {
- "by_tag": {
- "property1": {
- "property1": 0,
- "property2": 0
}, - "property2": {
- "property1": 0,
- "property2": 0
}
}, - "reachable": 0,
- "matched": 0,
- "over_threshold": 0,
- "findings": [
- {
- "id": 0,
- "title": "string",
- "tags": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}
}
]
}, - "property2": {
- "by_tag": {
- "property1": {
- "property1": 0,
- "property2": 0
}, - "property2": {
- "property1": 0,
- "property2": 0
}
}, - "reachable": 0,
- "matched": 0,
- "over_threshold": 0,
- "findings": [
- {
- "id": 0,
- "title": "string",
- "tags": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}
}
]
}
}, - "totals": {
- "by_tag": {
- "property1": {
- "property1": 0,
- "property2": 0
}, - "property2": {
- "property1": 0,
- "property2": 0
}
}, - "reachable": 0,
- "matched": 0,
- "over_threshold": 0,
- "findings": [
- {
- "id": 0,
- "title": "string",
- "tags": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}
}
]
}
}
]
}Read scan's finding counts (grouped by OWASP category)
Returns a detailed list of OWASP categories and sub-categories and their counts (where available).
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
| scanID required | string ID of the scan |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "2017": {
- "uncategorized": {
- "Authentication Bypass": 0,
- "Cross-Site Request Forgery": 0,
- "Deprecated Function Use": 0,
- "Fingerprinting": 0,
- "Insecure Direct Object Reference": 0,
- "Invalid Certificate Validation": 0,
- "Open Redirect": 0,
- "Phishing": 0,
- "Potential Cross-Site Scripting": 0,
- "Potential NoSQL Injection": 0,
- "Potential Regex Injection": 0,
- "Potential Remote Code Execution": 0,
- "Potential Server-Side Request Forgery": 0,
- "Potential XML External Entities": 0,
- "Remote Code Execution": 0,
- "Security Misconfiguration": 0,
- "Server-Side Request Forgery": 0,
- "Weak Cipher": 0,
- "Weak Hash": 0,
- "Weak Random": 0,
- "Weak Secret Storage": 0
}, - "a1-injection": {
- "Command Injection": 0,
- "Cross-Site Scripting": 0,
- "Deprecated Function Use": 0,
- "Deserialization": 0,
- "HTTP to Database": 0,
- "Header Injection": 0,
- "JSON Injection": 0,
- "LDAP Injection": 0,
- "Log Forging": 0,
- "Mail Injection": 0,
- "NoSQL Injection": 0,
- "Open Redirect": 0,
- "Potential SQL Injection": 0,
- "Prototype Pollution": 0,
- "Regex Injection": 0,
- "Remote Code Execution": 0,
- "SQL Injection": 0,
- "Security Best Practices": 0,
- "Sensitive Data Leak": 0,
- "Server-Side Request Forgery": 0,
- "Unsafe Lambda Call": 0,
- "Unsafe Reflection": 0,
- "XML External Entities": 0,
- "XPath Injection": 0
}, - "a2-broken-authentication": {
- "Insecure Authentication": 0,
- "Security Misconfiguration": 0,
- "Session Injection": 0,
- "Timing Attack": 0
}, - "a3-sensitive-data-exposure": {
- "Crypto": 0,
- "Denial of Service": 0,
- "Deprecated Function Use": 0,
- "Error Handling": 0,
- "Hardcoded Credentials": 0,
- "Security Best Practices": 0,
- "Security Misconfiguration": 0,
- "Sensitive Data Exposure": 0,
- "Sensitive Data Leak": 0,
- "Sensitive Data Usage": 0,
- "Weak Cipher": 0,
- "Weak Hash": 0
}, - "a4-xml-external-entities": {
- "XML External Entities": 0
}, - "a5-broken-access-control": {
- "Authentication Bypass": 0,
- "CRLF Injection": 0,
- "Directory Traversal": 0,
- "HTTP to Model": 0,
- "Insecure Content Provider": 0,
- "Insecure Data Storage": 0,
- "Insecure File Provider Paths": 0,
- "Loose File Permissions": 0,
- "Race Condition": 0,
- "Session Injection": 0
}, - "a6-security-misconfiguration": {
- "Cross-Site Request Forgery": 0,
- "Cross-Site Scripting": 0,
- "Denial of Service": 0,
- "Directory Listing": 0,
- "Hardcoded Credentials": 0,
- "Improper Input Validation": 0,
- "Intent Redirection": 0,
- "Security Best Practices": 0,
- "Security Misconfiguration": 0,
- "Sensitive Data Leak": 0,
- "Weak Secret Storage": 0
}, - "a7-cross-site-scripting": {
- "Cross-Site Scripting": 0,
- "Potential Cross-Site Scripting": 0,
- "Security Misconfiguration": 0,
- "Template Injection": 0
}, - "a8-insecure-deserialization": {
- "Deserialization": 0
}, - "a9-using components with known vulnerabilities": {
- "Denial of Service": 0,
- "Deprecated Function Use": 0,
- "Security Best Practices": 0,
- "Weak Random": 0
}
}, - "2021": {
- "uncategorized": {
- "Authentication Bypass": 0,
- "Cross-Site Request Forgery": 0,
- "Deprecated Function Use": 0,
- "Fingerprinting": 0,
- "Insecure Direct Object Reference": 0,
- "Invalid Certificate Validation": 0,
- "Open Redirect": 0,
- "Phishing": 0,
- "Potential Cross-Site Scripting": 0,
- "Potential NoSQL Injection": 0,
- "Potential Regex Injection": 0,
- "Potential Remote Code Execution": 0,
- "Potential Server-Side Request Forgery": 0,
- "Potential XML External Entities": 0,
- "Remote Code Execution": 0,
- "Security Misconfiguration": 0,
- "Server-Side Request Forgery": 0,
- "Weak Cipher": 0,
- "Weak Hash": 0,
- "Weak Random": 0,
- "Weak Secret Storage": 0
}, - "a01-broken-access-control": {
- "Authentication Bypass": 0,
- "CRLF Injection": 0,
- "Directory Listing": 0,
- "Directory Traversal": 0,
- "HTTP to Model": 0,
- "Insecure Content Provider": 0,
- "Insecure Data Storage": 0,
- "Insecure File Provider Paths": 0,
- "Loose File Permissions": 0,
- "Race Condition": 0,
- "Security Misconfiguration": 0,
- "Session Injection": 0
}, - "a02-cryptographic-failures": {
- "Denial of Service": 0,
- "Deprecated Function Use": 0,
- "Security Misconfiguration": 0,
- "Weak Random": 0
}, - "a03-injection": {
- "Command Injection": 0,
- "Cross-Site Scripting": 0,
- "Deprecated Function Use": 0,
- "Deserialization": 0,
- "HTTP to Database": 0,
- "Header Injection": 0,
- "Improper Input Validation": 0,
- "JSON Injection": 0,
- "LDAP Injection": 0,
- "Log Forging": 0,
- "Mail Injection": 0,
- "NoSQL Injection": 0,
- "Open Redirect": 0,
- "Potential Cross-Site Scripting": 0,
- "Potential SQL Injection": 0,
- "Prototype Pollution": 0,
- "Regex Injection": 0,
- "Remote Code Execution": 0,
- "SQL Injection": 0,
- "Security Best Practices": 0,
- "Security Misconfiguration": 0,
- "Sensitive Data Leak": 0,
- "Server-Side Request Forgery": 0,
- "Template Injection": 0,
- "Unsafe Lambda Call": 0,
- "Unsafe Reflection": 0,
- "XML External Entities": 0,
- "XPath Injection": 0
}, - "a04-insecure-design": {
- "Denial of Service": 0,
- "Security Best Practices": 0
}, - "a05-security-misconfiguration": {
- "Cross-Site Request Forgery": 0,
- "Cross-Site Scripting": 0,
- "Crypto": 0,
- "Denial of Service": 0,
- "Error Handling": 0,
- "Hardcoded Credentials": 0,
- "Intent Redirection": 0,
- "Security Best Practices": 0,
- "Security Misconfiguration": 0,
- "Sensitive Data Exposure": 0,
- "Sensitive Data Leak": 0,
- "Sensitive Data Usage": 0,
- "Weak Cipher": 0,
- "Weak Hash": 0,
- "Weak Secret Storage": 0,
- "XML External Entities": 0
}, - "a06-vulnerable-and-outdated-components": { },
- "a07-identification-and-authentication-failures": {
- "Hardcoded Credentials": 0,
- "Insecure Authentication": 0,
- "Security Misconfiguration": 0,
- "Session Injection": 0,
- "Timing Attack": 0
}, - "a08-software-and-data-integrity-failures": {
- "Deserialization": 0
}, - "a09-security-logging-and-monitoring-failures": { },
- "a10-server-side-request-forgery-(ssrf)": { }
}
}
}Scopes define the type of resource and the operation that you can perform with the access token you bear. For example, scans:create means that the bearer of the token with this scope can create scans via the API.
For each endpoint, we indicate the scope required to perform an operation under Authorizations.
We also offer helper endpoints that allow you to determine what the allowed scopes for your access token are in the context of a specific API resource.
List user's org scopes
Return a list of the scopes the user's bearer token is allowed to perform in the context of an org.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": [
- "teams:read",
- "apps:list",
- "github:install"
]
}List user's app scopes
Return a list of scopes the user is allowed to perform in the context of an app.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": [
- "scans:read",
- "findings:list",
- "findings:read"
]
}List user's team scopes
Return a list of scopes the user is allowed to perform in the context of their team.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| rbacTeamID required | string <uuid> The team ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": [
- "roles:read",
- "team:read",
- "team:update"
]
}Used to authenticate with the API.
Can be issued by org admins. Each access token is owned by the org that issued it.
List access token roles
Return a list of roles an that are assigned to an access token and are available for use (includes only the roles that are managed by Qwiet).
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "id": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "label": "Jira plugin",
- "description": "This role grants the token permissions required for the Qwiet Jira Plugin.",
- "role_type": "managed"
}
}List tokens
Return a list of tokens issued by the org.
The token data returned includes metadata that identifies a token, included permissions, and an ID you can use to delete/revoke the token. The token data does NOT return the token value, which is exposed only when Qwiet issues the token.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
query Parameters
| show_expired | boolean Whether expired tokens should be returned or not |
| token_type | string (TokenType) Enum: "access" "integration" Filter the response by the type of token |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "id": "b7f521ca-d3f8-4a22-b7d9-8d12b1a7c1b7",
- "label": "Jira integration token",
- "description": "This token was generated to integrate the Qwiet Jira Plugin",
- "role_id": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "token_type": "integration"
}
}Create token
Create a new token for use with the API. The token can be assigned a role using the role_id parameter in the request body.
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
Request Body schema: application/json
| label required | string A user-defined label to identify the token |
| description | string A user-defined description that describes why this token was created and how it should be used |
| role_id required | string The ID of the role attached to this token. Use the List access token roles endpoint to get a list of accepted ID values. |
| token_type | string (TokenType) Enum: "access" "integration" |
| valid_for_seconds | integer The duration (in seconds) for which the token is valid (optional) |
Responses
Request samples
- Payload
{- "label": "On-prem Jira",
- "description": "Used by the on-prem Jira integration to communicate with Qwiet",
- "role_id": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b",
- "token_type": "integration",
- "valid_for_seconds": 600
}Response samples
- 200
- default
{- "ok": true,
- "response": {
- "value": "this_is_the_token_value_that_will_only_be_exposed_once",
- "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
- "label": "On-prem Jira",
- "token_type": "integration",
- "description": "Used by the on-prem Jira integration to communicate with Qwiet",
- "role_id": "5b588f3a-7fe0-444d-afbb-c0d5ee04139b"
}
}Read user and their organization information.
Read the user and their organization membership and invites information.
Authorizations:
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "idv2": "c0da4f6a-7041-4fb3-850f-b89fcfaddf43",
- "idv1": "string",
- "name": "string",
- "email": "user@example.com",
- "emailVerified": true,
- "membership": [
- {
- "organization": "452c1a86-a0af-475b-b03f-724878b0f387",
- "organizationName": "string"
}
], - "invites": [
- {
- "organization": "452c1a86-a0af-475b-b03f-724878b0f387",
- "organizationName": "string",
- "inviteId": "14ca54c2-5d85-4c93-81b5-495a2e7e0ca4"
}
], - "lastLoginUTCTimestampHistory": [
- 0
]
}
}List app versions
Return a list of the versions of the app that Qwiet has scanned
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
query Parameters
| tags | Array of strings The scan tags to filter by (e.g., |
| type | string The type of findings. Accepted values are |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": [
- {
- "version": "0a907104bfe6175e3a3ea375e2cb7728",
- "scan": {
- "id": 1234,
- "app": "hello-qwiet",
- "version": "f348b507198fee7b6b57a460ef8a6c94783c59258f823dfcde41a2b5cb69765f",
- "successful": true,
- "is_default_branch": true,
- "started_at": "2019-08-24T14:15:22Z",
- "completed_at": "2019-08-24T14:15:22Z",
- "language": "javascript",
- "number_of_expressions": 10,
- "tags": { },
- "oss_info": {
- "enabled": true,
- "successful": true,
- "failure_reason": "string"
}, - "counts": [
- {
- "key": "category",
- "value": "XSS",
- "finding_type": "vuln",
- "count": 42
}
], - "findings_summaries": [
- {
- "finding_type": "vuln",
- "total": 10,
- "total_reachable": 0,
- "total_ignored": 1,
- "total_fixed": 3,
- "by_severity": {
- "info": {
- "total": 6
}, - "critical": {
- "total": 3,
- "total_fixed": 3
}, - "moderate": {
- "total": 1,
- "total_ignored": 1
}
}, - "by_category": {
- "Sensitive Data Leak": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}, - "by_assignee": {
- "test@qwiet.ai": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}
}
], - "total": 101,
- "total_fixed": 42,
- "total_ignored": 17
}, - "findings_summaries": [
- {
- "finding_type": "vuln",
- "total": 10,
- "total_reachable": 0,
- "total_ignored": 1,
- "total_fixed": 3,
- "by_severity": {
- "info": {
- "total": 6
}, - "critical": {
- "total": 3,
- "total_fixed": 3
}, - "moderate": {
- "total": 1,
- "total_ignored": 1
}
}, - "by_category": {
- "Sensitive Data Leak": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}, - "by_assignee": {
- "test@qwiet.ai": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}
}
], - "total": 1489,
- "total_fixed": 131,
- "total_ignored": 197
}
]
}Read summary of findings for an app version
Return a summary of findings for a single version
Authorizations:
path Parameters
| orgID required | string <uuid> The org ID |
| appID required | string The app ID (e.g., |
| versionID required | string The version ID (e.g., |
query Parameters
| type | string The type of findings. Accepted values are |
| scan | string The ID of the scan to filter to. Defaults to the latest scan |
Responses
Response samples
- 200
- default
{- "ok": true,
- "response": {
- "version": "0a907104bfe6175e3a3ea375e2cb7728",
- "scan": {
- "id": 1234,
- "app": "hello-qwiet",
- "version": "f348b507198fee7b6b57a460ef8a6c94783c59258f823dfcde41a2b5cb69765f",
- "successful": true,
- "is_default_branch": true,
- "started_at": "2019-08-24T14:15:22Z",
- "completed_at": "2019-08-24T14:15:22Z",
- "language": "javascript",
- "number_of_expressions": 10,
- "tags": { },
- "oss_info": {
- "enabled": true,
- "successful": true,
- "failure_reason": "string"
}, - "counts": [
- {
- "key": "category",
- "value": "XSS",
- "finding_type": "vuln",
- "count": 42
}
], - "findings_summaries": [
- {
- "finding_type": "vuln",
- "total": 10,
- "total_reachable": 0,
- "total_ignored": 1,
- "total_fixed": 3,
- "by_severity": {
- "info": {
- "total": 6
}, - "critical": {
- "total": 3,
- "total_fixed": 3
}, - "moderate": {
- "total": 1,
- "total_ignored": 1
}
}, - "by_category": {
- "Sensitive Data Leak": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}, - "by_assignee": {
- "test@qwiet.ai": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}
}
], - "total": 101,
- "total_fixed": 42,
- "total_ignored": 17
}, - "findings_summaries": [
- {
- "finding_type": "vuln",
- "total": 10,
- "total_reachable": 0,
- "total_ignored": 1,
- "total_fixed": 3,
- "by_severity": {
- "info": {
- "total": 6
}, - "critical": {
- "total": 3,
- "total_fixed": 3
}, - "moderate": {
- "total": 1,
- "total_ignored": 1
}
}, - "by_category": {
- "Sensitive Data Leak": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}, - "by_assignee": {
- "test@qwiet.ai": {
- "total": 10,
- "total_fixed": 3,
- "total_ignored": 1
}
}
}
], - "total": 1489,
- "total_fixed": 131,
- "total_ignored": 197
}
}