CODEWITHSUNDEEP
pythonrestfortify
jt1981
jt1981

Reputation: 61

Create project using Fortify Software Security Center REST API

Can I create projects using the HP Fortify SSC's REST API? This works beautifully to grab a list of projects:

import requests
import getpass
import json

url = "https://www.example.com/ssc/api/v1/"
endpoint = "auth/obtain_token"
headers = {"Content-Type": "application/json",
           "Accept": "application/json"}
username = getpass.getuser()
password = getpass.getpass()
auth = (username, password)

r = requests.post("{url}{endpoint}".format(url=url, endpoint=endpoint), headers=headers, auth=auth)

data = r.json().get("data")
token = data.get("token")
endpoint = "projects"
headers["Authentication"] = "FortifyToken {token}".format(token=token)

r = requests.get("{url}{endpoint}".format(url=url, endpoint=endpoint), headers=headers)

print json.dumps(r.json(), sort_keys=True, indent=4, separators=(',', ': '))

... But I don't see any examples in the API documentation for actually creating a project. I am specifically interested in doing so using the Python requests library. I do NOT want to have to do anything in Java (which is what all of the samples that come with the Fortify SSC WAR package are).

If anyone has any experience with the SSC REST API (or can point me to some better documentation), I'd appreciate any help you can give.

Upvotes: 3

Views: 7150

Answers (3)

eel ghEEz
eel ghEEz

Reputation: 1235

Thanks the authors of SonarQube Fortify plugin (not Fortify SSC documentation and not its autogenerated ssc/html/docs/api-reference), I figured I needed to base64-encode the token.

if len(auth) == 1:
    headers.update((("Authorization", "FortifyToken " + base64.b64encode(auth[0])),))
elif len(auth) == 2:
    headers.update((("Authorization", "Basic " + base64.b64encode("{}:{}".format(*auth))),))

The auth/token call helps avoid resending the user name/password pair. The fortifyclient script from Fortify SCA bin directory can execute the call beforehand.

Upvotes: 0

jt1981
jt1981

Reputation: 61

I finally got some good information out of HPE technical support, and was able to put together a script for creating projects using the SSC REST API in Python. The newest version of the SSC (17.10) makes this much easier with the Swaggerized REST API.

Upvotes: 3

Rakesh
Rakesh

Reputation: 4127

I have written an open source python library which can be used by useful here. This is easy to use and it also provide a command line tool to upload the source code for static code scan.

Upvotes: 2

Related Questions