SCAIFE Prioritization Module API Definition

This API definition facilitates auditing static analysis alerts using classifiers, optional adaptive heuristics, and alert prioritization. The API enables jump-starting labeled datasets using test suites. It is intended to enable a wide range of users (with widely varying datasets, static analysis tools, machine learning expertise, and amount of labeled data) to benefit from using classifiers and sophisticated prioritization to automatically triage static analysis alerts.
More information: https://www.sei.cmu.edu/research-capabilities/all-work/display.cfm?customel_datapageid_4050=6453
Contact Info: lflynn@cert.org
Version: 1.0.0
BasePath:
SCAIFE API Copyright 2007-2020 Carnegie Mellon University. All Rights Reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Products derived from this software may not include 'Carnegie Mellon University,' 'SEI' and/or 'Software Engineering Institute' in the name of such derived product, nor shall 'Carnegie Mellon University,' 'SEI' and/or 'Software Engineering Institute' be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact permission@sei.cmu.edu. ACKNOWLEDGMENTS AND DISCLAIMERS: This material is based upon work funded and supported by the Department of Defense under Contract No. FA8702-15-D-0002 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. The view, opinions, and/or findings contained in this material are those of the author(s) and should not be construed as an official Government position, policy, or decision, unless designated by other documentation. NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN 'AS-IS' BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. [DISTRIBUTION STATEMENT A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution. This material includes field names used in the Software Assurance Marketplace (SWAMP), a service that provides continuous software assurance capabilities to developers and researchers at https://www.mir-swamp.org/#. Copyright © 2012-2020 The Morgridge Institute for Research, Inc. All rights reserved. This material includes field names used in the Software Assurance Tool (SwAT), a tool that is used by analysts to analyze static analysis alerts from multiple static analysis tools. https://www.cerdec.army.mil/ Combat Capabilities Development Command (CCDC) C5ISR Center. All rights reserved. DM19-0572
http://apache.org/licenses/LICENSE-2.0.html

Access

Methods

[ Jump to Models ]

Table of Contents

PrioritizationServer

UIToPrioritization

PrioritizationServer

Up 
get /status
Provides Server Status (getStatus)

Request headers

Return type

request_token

Example data

Content-Type: application/json
{
  "request_id" : "request_id",
  "message" : "message"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

Server Is Running request_token

400

Database Connection Lost

default

Unexpected Error error

UIToPrioritization

Up 
post /priorities
Create a new prioritization scheme (createPrioritization)

Consumes

This API call consumes the following media types via the Content-Type request header:

Request body

create_prioritization_data create_prioritization_data (required)
Body Parameter — Prioritization scheme to create

Request headers

Return type

create_prioritization_response

Example data

Content-Type: application/json
{
  "priority_scheme_id" : "priority_scheme_id",
  "priority_scheme_name" : "priority_scheme_name",
  "request_id" : "request_id"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK, Created create_prioritization_response

400

Invalid Request

401

Global and Remote Flags Cannot Both be True

403

Missing Required Tokens

405

Cannot Create Prioritization Scheme

default

Unexpected Error error
Up 
delete /priorities/{priority_scheme_id}/projects/{project_id}
Delete a specific prioritization scheme (deletePrioritization)

Path parameters

priority_scheme_id (required)
Path Parameter — The id of the prioritization scheme
project_id (required)
Path Parameter — The id of the project associated with this project

Consumes

This API call consumes the following media types via the Content-Type request header:

Request headers

Return type

request_token

Example data

Content-Type: application/json
{
  "request_id" : "request_id",
  "message" : "message"
}

Responses

200

OK request_token

400

Invalid Request

401

Invalid Token Request

403

Missing Required Tokens

405

Cannot Delete Prioritization Scheme

default

Unexpected Error error
Up 
get /priorities/{priority_scheme_id}/projects/{project_id}
Retrieve a specific prioritization scheme (getPrioritization)

Path parameters

priority_scheme_id (required)
Path Parameter — The id of the prioritization scheme
project_id (required)
Path Parameter — The id of the project associated with this project

Request headers

Return type

priority_scheme_data

Example data

Content-Type: application/json
{
  "priority_scheme_name" : "priority_scheme_name",
  "is_remote" : true,
  "formula" : "formula",
  "is_global" : true,
  "request_id" : "request_id",
  "weighted_columns" : "{}"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK priority_scheme_data

400

Invalid Request

401

Invalid Token Request

403

Missing Required Tokens

404

Prioritization Scheme Unavailable

default

Unexpected Error error
Up 
get /priorities
List all prioritization schemes (listPrioritizations)

Consumes

This API call consumes the following media types via the Content-Type request header:

Request headers

Return type

prioritization_list

Example data

Content-Type: application/json
{
  "priority_list" : [ {
    "priority_scheme_id" : "priority_scheme_id",
    "priority_scheme_name" : "priority_scheme_name"
  }, {
    "priority_scheme_id" : "priority_scheme_id",
    "priority_scheme_name" : "priority_scheme_name"
  } ],
  "request_id" : "request_id"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK prioritization_list

400

Invalid Request

401

Invalid Token Request

403

Missing Required Tokens

404

Prioritization Schemes Not Found

default

Unexpected Error error
Up 
put /priorities/{priority_scheme_id}
Update an existing prioritization scheme (updatePrioritization)

Path parameters

priority_scheme_id (required)
Path Parameter — The id of the prioritization scheme

Consumes

This API call consumes the following media types via the Content-Type request header:

Request body

update_priority_data update_priority_data (required)
Body Parameter — Prioritization Scheme to update

Request headers

Return type

request_token

Example data

Content-Type: application/json
{
  "request_id" : "request_id",
  "message" : "message"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK request_token

400

Invalid Request

401

Invalid Token Request

403

Missing Required Tokens

404

Prioritization Scheme Unavailable

405

Cannot Update Prioritization Scheme

default

Unexpected Error error

Models

[ Jump to Methods ]

Table of Contents

  1. create_prioritization_data -
  2. create_prioritization_response -
  3. error -
  4. prioritization_list -
  5. prioritization_list_priority_list -
  6. priority_scheme_data -
  7. request_token -
  8. update_priority_data -

create_prioritization_data - Up

priority_scheme_name
String
project_ids (optional)
array[String]
formula
String
weighted_columns (optional)
Object
is_global
Boolean
is_remote
Boolean

create_prioritization_response - Up

priority_scheme_id (optional)
String
priority_scheme_name (optional)
String
request_id (optional)
String

error - Up

code
Integer
message
String

prioritization_list - Up

request_id (optional)
String
priority_list (optional)
array[prioritization_list_priority_list]

prioritization_list_priority_list - Up

priority_scheme_id (optional)
String
priority_scheme_name (optional)
String

priority_scheme_data - Up

priority_scheme_name
String
formula
String
weighted_columns (optional)
Object
is_global (optional)
Boolean
is_remote (optional)
Boolean
request_id (optional)
String

request_token - Up

request_id (optional)
String
message (optional)
String

update_priority_data - Up

project_ids (optional)
array[String]
priority_scheme_name
String
formula (optional)
String
weighted_columns (optional)
Object