How to Generate SSC reports using CURL or REST API

How do I generate SSC report with Application summary and everything through rest API? I can't find any documentations anhwhere. I'm trying to inspect dev tools to find if I could somehow make curl requests to generate the report. I have  requirement to trigger the report during every jenkins build and download the report to upload it to JIRA.

Does anyone know how to generate the report using rest api or any link to the documentation?

Tags:

  • Take a look at the Swagger page of your SSC instance for further information:

    http[s]://<server_name>/ssc/html/docs/api-reference/index.jsp#/saved-report-controller/createSavedReport

  • Hi, I  went through the documentation but was unsucessful in creating the report. This is what I came up with. Right now I get access denied. I wonder if /ssc/api/v1/reports doesn't accept POST request or maybe doesn't allow to create report through API?  I can't find anyone else attempting this so I can refer. Could you please help with getting this working?

    Do you think the below statement looks correct and should create reports?

    sh 'curl --request POST ' +
    """ --header 'authorization: FortifyToken ${TOKEN}' \
    --url '$SSC_URL/ssc/api/v1/reports' \
    --header 'accept: application/json' \
    --header 'content-type: application/json' \
    --data '{"name":"demo-spring-boot-2","type":"PROJECT","typeDefaultText":"Application Reports","format":"PDF","note":"","projects":[{"id":6,"name":"demo-spring-boot","versions":[{"id":10005,"name":"1.0","developmentPhase":""}],"projectVersionsCount":1}]}'
    ""

  • Verified Answer

    The endpoint does accept POST. Your payload looks incorrect. For Application Reports, here is what my payload (data) looks like:

    {"name":"Report Name","note":"","format":"PDF","inputReportParameters":[{"name":"Application Version","identifier":"projectversionid","paramValue":10004,"type":"SINGLE_PROJECT"},{"name":"Include OWASP Top Ten 2017","identifier":"includeOWASP2017","paramValue":true,"type":"BOOLEAN"},{"name":"Include PCI DSS 3.2.1","identifier":"includePCI321","paramValue":true,"type":"BOOLEAN"},{"name":"Include PCI SSF 1.0","identifier":"includePCISSF10","paramValue":true,"type":"BOOLEAN"},{"name":"Include CWE","identifier":"includeCWE","paramValue":true,"type":"BOOLEAN"},{"name":"Include WASC 2.00","identifier":"includeWASC2","paramValue":true,"type":"BOOLEAN"},{"name":"Include DISA STIG 4.10","identifier":"includeSTIG410","paramValue":true,"type":"BOOLEAN"},{"name":"Include Appendix A","identifier":"includeAppendixA","paramValue":true,"type":"BOOLEAN"},{"name":"Include Appendix B","identifier":"includeAppendixB","paramValue":true,"type":"BOOLEAN"},{"name":"Include Appendix C","identifier":"includeAppendixC","paramValue":true,"type":"BOOLEAN"},{"name":"Include Appendix D","identifier":"includeAppendixD","paramValue":true,"type":"BOOLEAN"},{"name":"Include Appendix E","identifier":"includeAppendixE","paramValue":true,"type":"BOOLEAN"},{"name":"Include Appendix F","identifier":"includeAppendixF","paramValue":true,"type":"BOOLEAN"}],"reportDefinitionId":1,"type":"PROJECT","project":{"id":10004,"name":"1","version":{"id":4,"name":"Zero"}}}

    The easiest way to capture the payload would be to create the report via the UI and take a look at what's created therein by turning on Developer Tools and looking at the Network tab:

  • What should I request then if POST isn't accepted?

  • What type of request should I send if it isn't POST?

  • I'm confused as POST is accepted.