Skip to main content

API Updates

REST / SOAP / ODATA API

Category

Updates

Details

Information in the Knowledge Center

Additional Resources

REST API

API Clients using REST

As part of the integration with our new Access Control, Cookie-based authentication is no longer supported and all API Clients must use Token-based authentication.

Token-based Authentication

Cookie-based Authentication

SOAP API

API Clients using SOAP

As part of the integration with our new Access Control system, the following authentication and authorization changes are introduced:

  • The SOAP Login/logout APIs are no longer supported

  • Authentication should be done using REST API (Token-based Authentication)

  • Subsequent SOAP requests should include the access token in the HTTP header

  • The parameter "SessionID" is no longer in use

Token-based Authentication

CxSAST (SOAP) API

Initiating a Session

Mapping SOAP to REST

ODATA API

API Clients using ODATA

CxSAST (OData) API Authentication

CxSAST/CxOSA APIs

General

Category

Updates

Details

Information in the Knowledge Center

Additional Resources

CxSAST API

Overview of the CxSAST (REST) API

The CxSAST (REST) API provides the ability to manage all CxSAST related tasks. For more information, see CxSAST / CxOSA APIs - CxSAST, below.

CxSAST v9.4 (REST) API

CxOSA API

Overview of the CxOSA (REST) API

The CxOSA (REST) API provides the ability to manage all CxOSA related tasks. For more information, see CxSAST / CxOSA APIs - CxOSA, below.

CxOSA (REST) API

CxSAST

Category

Updates

Details

Information in the Knowledge Center

Additional Resources

API Versioning

Versioning was introduced to the CxSAST API in v8.6.0. The latest CxSAST APIs for v9.3.0 are installed with the most up to date API versions

Token-based Authentication (v8.6.0 and up)

New API Functionality

REST API to get the Best Fix Location

CxSAST (REST) API Summary (v9.3.0)

REST API to update the engine scan settings

This allows updating the following fields:

  • Engine Name

  • URI

  • Minimum LOC

  • Maximum LOC

  • Block engine (flag)

  • Maximum concurrent Scans

REST API to update result labels

This allows to update the following fields:

  • Change state

  • Change severity

  • Change user assignment

  • Add comment

Updated API Functionality

None

Updated API Documentation

None

CxREST API - Swagger

Login is required for exploring the CxSAST (REST) API through Swagger. To navigate to the relevant login page, click the login / authorize button.

CxSAST v9.4 (REST) API

Management & Orchestration APIs

Analytics (OData & REST)

Category

Updates

Details

Information in the Knowledge Center

Additional Resources

API Versioning

Versioning was introduced to the Analytics (OData) in v8.8.0. The latest Analytics (REST) APIs in v9.3.0 are installed with the latest API version.

In order to use different versions of the Analytics API you will need to specify the desired API version (Headers Content-Type) for each API call.

Using the Analytics Results (OData) API

Using the Analytics Dashboard (REST) API (v9.0.0 and up)

Updated API Functionality

APIs have been updated in accordance with latest Analytics API library version.

CxAnalytics API - Swagger

Swagger for Analytics Dashboard (REST) API (v9.3.0 - v1)

Remediation Intelligence

Category

Updates

Details

Information in the Knowledge Center

Additional Resources

API Versioning

Versioning was introduced to the Remediation Intelligence API in v9.0.0. The latest Remediation Intelligence APIs in v9.2.0 are installed with the latest API version.

In order to use different versions of the Policy Management API you will need to specify the desired API version (Headers Content-Type) for each API call.

Using the Remediation Intelligence (REST) API (v9.0.0 and up).

New Functionality

A new functionality has been added to the latest Remediation Intelligence API library version for the API set.

Updated Functionality

Various APIs have been updated in accordance with the latest Remediation Intelligence API library version.

Policy Management API - Swagger

Login is required for exploring the Remediation Intelligence (REST) API through Swagger. To navigate to the relevant login page, click the login / authorize button.

Swagger for Remediation Intelligence (REST) API (v9.3.0 - v1)

Policy Management

Category

Update

Details

Information in the Knowledge Center

Additional Resources

API Versioning

Versioning was introduced to the Policy Management API in v8.8.0. The latest Policy Management APIs in v9.2.0 are installed with the latest API version.

In order to use different versions of the Policy Management API you will need to specify the desired API version (Headers Content-Type) for each API call.

Using the Policy Management (REST) API

New Functionality

A new functionality has been added to the latest Policy Management API library version for the API set.

Updated Functionality

Various APIs have been updated in accordance with latest Policy Management API library version.

Policy Management API - Swagger

Swagger for Policy Management (REST) API (v9.3.0 - v1)

Platform Services APIs

General

Category

Updates

Details

Information in the Knowledge Center

Additional Resources

Access Control API

Overview of the Access Control (REST) API

The Access Control (REST) API provides the ability to manage all user/team management and access control setting tasks. For more information, see Platform Services APIs - Access Control, below.

Access Control (REST) API (v1.5 and up)

Access Control

Category

Updates

Details

Information in the Knowledge Center

Additional Resources

API Versioning

Versioning was introduced to the Access Control API in v1.5.0. The latest Access Control APIs in v2.0.0 are installed with the latest API version (i.e., v=1.0).

In order to use different versions of the Access Control API you will need to specify the desired API version (Headers Content-Type) for each API call.

Using the Access Control (REST) API

New API Functionality

Access Control (REST) API Summary (v9.3.0)

Migrate Existing User - POST /Users/migration (v2.0 - v9.3.0)

Updated API Functionality

Various APIs have been updated in accordance with the latest Access Control API library version.

Access Control API - Swagger

To access a live Swagger environment navigate to: http://<ServerName>:<Port>/cxarm/dashboardapi/swagger/index/html (e.g., http://localhost:8080/cxrestapi/auth/swagger/index.html).

Login is required for exploring the Access Control (REST) API through Swagger. To navigate to the relevant login page, click the login / authorize button.

Swagger for Access Control (v2.0.x) REST API (v1)

CxEngine

Category

Feature / Change

Details

Additional Information

Application Security

Engine Configurations

Scans relevant languages only according to the selected preset.

If the preset is relevant for specific languages only, the scan does not parse other languages.

The functionality is turned off by default. The flag is

SCAN_PROJECT_ACCORDING_TO_QUERY_LANGUAGE

Engine Deployment

Engine on Linux

Introducing CxEngine on Docker Linux.

Engine Server

Languages/Frameworks

Kotlin (Server Side)

This version adds and updates support for the latest versions of the Kotlin Server Side frameworks,KtorandVert.X.

Support for the following framework features has been added toKtor:

  • Routing with FreeMarker Template

  • Split Mustache template engine from the Ktor Framework

Support for the following framework feature has been added to Vertx.X:

  • Queries

  • Type Inferences

  • Resolving Rule link Views with ViewCalls

  • Routing with Template

Additional generic support has been added:

  • Support additional Kotlin constructs required for Spring

Languages/Frameworks

Apex

This version adds and updates support for the latest versions of Apex that can be activated with the Engine Flag NEW_APEX.

Support for the following language features has been added:

  • Support property setter methods

  • Support DML Statements

  • Support Switch statements (No DOM representation)

  • Support MemberAccess Object.class

  • Support named parameters in ObjectCreate

  • Support multiple statements in getter

  • Support Unary Expressions (DOM Representation)

  • Support Apex in UAST

  • Support List literal declarations (No DOM representation)

  • Support Annotations in Interfaces and Enums

  • Support Associative Arrays

  • Support triggers

  • Support Default Constructor

  • Support Class "Implements" ( No Dom Representation)

Improved the following queries:

  • Reflected_XSS after UAST adoption

  • Stored_XSS after UAST adoption

  • SOQL_SOSL_Injection after UAST adoption

  • Second_Order_SOQL_SOSL_Injection after UAST adoption

  • CRUD_Delete after UAST adoption

  • FLS_Create after UAST adoption

  • FLS_Create_Partial after UAST adoption

  • FLS_Update after UAST adoption

  • FLS_Update_Partial after UAST adoption

Languages/Frameworks

JavaScript

This version adds and updates support onEcmaScriptfor JavaScript support

  • EcmaScript 2017 (ES8)

  • EcmaScript 2018 (ES9)

  • EcmaScript 2019 (ES10)

Languages/Frameworks

Logs

Added new metrics in logs for the scans. Scan coverage by lines.

Vulnerability Queries (Full List)

Vulnerability Queries

Vulnerability Queries for this version.

Download the lists from Vulnerability Queries.

Vulnerability Queries (New and Updated)

New and updated vulnerability descriptions

New and updated vulnerability descriptions for this version – giving more detailed guidance for code remediation.

Download the list using the above link.

Vulnerability Queries for Presets

Vulnerability Queries according to Presets

Vulnerability Queries according to Presets for this version.

Download the list using the above link.

.