Data from integration saved in HackEDU

We make a request to /api/v3/applications and get the list of the applications you have registered in Fortify. We save the applicationId from this response for the applications you choose in the last integration step.

{ 
"items": [
{
"applicationId": 106413,
"applicationName": [REDACTED],
"applicationDescription": [REDACTED],
"applicationCreatedDate": [REDACTED],
"businessCriticalityTypeId":[REDACTED],
"businessCriticalityType": [REDACTED],
"emailList": [REDACTED],
"applicationTypeId": [REDACTED],
"applicationType":[REDACTED],
"hasMicroservices": [REDACTED],
"attributes": [REDACTED]
},
....
],
...
}


Each time the sync process is run we make an api call to two endpoints. The first one is /api/v3/releases. We don't save any data from this response, but we use the releaseId(from the apps you choose in the integration process) for the second request.

The second endpoint we call is /api/v3/releases/:releaseId/vulnerabilities. We save the full response with the exception to the following fields which may contain sensible information we do not need:

  • primaryLocationFull

  • primaryLocation

  • lineNumber

  • source

  • sink

{ 
"id": 18009375,
"releaseId": 109132,
"fisma": "(Not Set)",
"severityString": "Low",
"severity": 1,
"category": "Insecure Storage: Shared Keychain",
"kingdom": "Encapsulation",
"owasp2004": "(Not Set)",
"owasp2007": "(Not Set)",
"owasp2010": "(Not Set)",
"owasp2013": "(Not Set)",
"owasp2017": "(Not Set)",
"cwe": "(Not Set)",
"package": "Application Utilizes Shared Keychain",
"primaryLocation": "[REDACTED]",
"vulnId": "c96cb8db-61ad-4bfa-a3f1-8452f74e6037",
"analysisType": "(Not Set)",
"lineNumber": "[REDACTED]",
"hasComments": false,
"assignedUser": "(Not Set)",
"scantype": "Dynamic",
"subtype": "",
"primaryLocationFull": "[REDACTED]",
"hasAttachments": false,
"pci1_1": null,
"pci1_2": null,
"pci2": "(Not Set)",
"sans2009": "(Not Set)",
"sans2010": "(Not Set)",
"sans2011": "(Not Set)",
"wasc24_2": "(Not Set)",
"isSuppressed": false,
"scanId": 151272,
"pci3": "(Not Set)",
"instanceId": "f7b8e9df-e537-42a9-96fb-3b30836783ec",
"auditPendingAuditorStatus": "(No Change)",
"auditorStatus": "Pending Review",
"checkId": "M240",
"closedDate": null,
"closedStatus": false,
"developerStatus": "Open",
"falsePositiveChallenge": "(Not Set)",
"introducedDate": "2020-08-05",
"scanStartedDate": "2020-08-05T00:00:00",
"scanCompletedDate": "2020-08-05T00:00:00",
"status": "New",
"bugSubmitted": false,
"bugLink": "",
"auditPendingSuppression": null,
"source": "[REDACTED]",
"sink": "[REDACTED]",
"timeToFixDays": null
}
Did this answer your question?