WAS: Scan Report Format Update
The scan report format for the Web Application Scanning v2 API endpoint GET /was/v2/scans/{scan_id}/report has been updated from version 1.0 to version 1.1. Previously, in scan report report format version 1.0, all cross-references were returned within the xrefs
object. In scan report format version 1.1, all cross-references are returned as structured references to make parsing easier for the user.
Scan report format version 1.0 is now deprecated in favor of version 1.1.
⚠️Warning
Scan report format version 1.0 is deprecated. Scan report format version 1.1 will continue to include both cross-reference formats; however, the old cross-reference format will be removed on June 11, 2021. Please update any existing integrations that your organization has before this date.
Scan Report Format Version 1.1 (New)
Scan report format version 1.1 returns cross-references as structured references to make parsing easier for the user.
Example
{
"findings": {
"wasc": [
"Application Misconfiguration"
],
"cwe": [
693
],
"owasp": [
{
"year": "2019",
"category": "API7"
},
{
"year": "2013",
"category": "A5"
},
{
"year": "2010",
"category": "A6"
},
{
"year": "2017",
"category": "A6"
}
]
}
}
Scan Report Format Version 1.0 (Deprecated)
Scan report format version 1.0 format returned cross-reference names in .findings.xrefs.xref_name[] and cross-reference values in .findings.xrefs_value[].
Example
{
"findings": {
"xrefs": [
{
"xref_name": "WASC",
"xref_value": "Application Misconfiguration"
},
{
"xref_name": "CWE",
"xref_value": "693"
},
{
"xref_name": "OWASP_API",
"xref_value": "2019-API7"
},
{
"xref_name": "OWASP",
"xref_value": "2013-A5"
},
{
"xref_name": "OWASP",
"xref_value": "2010-A6"
},
{
"xref_name": "OWASP",
"xref_value": "2017-A6"
}
]
}
}