Data from integration saved in HackEDU

We make a request to /api/v3/applications and get the list of the applications you have registered in Fortify. We save the applicationId from this response for the applications you choose in the last integration step.

"items": [
"applicationId": 106413,
"applicationName": [REDACTED],
"applicationDescription": [REDACTED],
"applicationCreatedDate": [REDACTED],
"businessCriticalityType": [REDACTED],
"emailList": [REDACTED],
"applicationTypeId": [REDACTED],
"hasMicroservices": [REDACTED],
"attributes": [REDACTED]

Each time the sync process is run we make an api call to two endpoints. The first one is /api/v3/releases. We don't save any data from this response, but we use the releaseId(from the apps you choose in the integration process) for the second request.

The second endpoint we call is /api/v3/releases/:releaseId/vulnerabilities. We save the full response with the exception to the following fields which may contain sensible information we do not need:

  • primaryLocationFull

  • primaryLocation

  • lineNumber

  • source

  • sink

"id": 18009375,
"releaseId": 109132,
"fisma": "(Not Set)",
"severityString": "Low",
"severity": 1,
"category": "Insecure Storage: Shared Keychain",
"kingdom": "Encapsulation",
"owasp2004": "(Not Set)",
"owasp2007": "(Not Set)",
"owasp2010": "(Not Set)",
"owasp2013": "(Not Set)",
"owasp2017": "(Not Set)",
"cwe": "(Not Set)",
"package": "Application Utilizes Shared Keychain",
"primaryLocation": "[REDACTED]",
"vulnId": "c96cb8db-61ad-4bfa-a3f1-8452f74e6037",
"analysisType": "(Not Set)",
"lineNumber": "[REDACTED]",
"hasComments": false,
"assignedUser": "(Not Set)",
"scantype": "Dynamic",
"subtype": "",
"primaryLocationFull": "[REDACTED]",
"hasAttachments": false,
"pci1_1": null,
"pci1_2": null,
"pci2": "(Not Set)",
"sans2009": "(Not Set)",
"sans2010": "(Not Set)",
"sans2011": "(Not Set)",
"wasc24_2": "(Not Set)",
"isSuppressed": false,
"scanId": 151272,
"pci3": "(Not Set)",
"instanceId": "f7b8e9df-e537-42a9-96fb-3b30836783ec",
"auditPendingAuditorStatus": "(No Change)",
"auditorStatus": "Pending Review",
"checkId": "M240",
"closedDate": null,
"closedStatus": false,
"developerStatus": "Open",
"falsePositiveChallenge": "(Not Set)",
"introducedDate": "2020-08-05",
"scanStartedDate": "2020-08-05T00:00:00",
"scanCompletedDate": "2020-08-05T00:00:00",
"status": "New",
"bugSubmitted": false,
"bugLink": "",
"auditPendingSuppression": null,
"source": "[REDACTED]",
"sink": "[REDACTED]",
"timeToFixDays": null
Did this answer your question?