The fortify-api module contains a class that wraps the Fortify RESTful calls in a response object. The class FortifyApi contains a set of prepared GET and POST calls.

Constructor

Response Object

Methods

• add project version attribute: add_project_version_attribute
• create project version: create_project_version
• create new project and version: create_new_project_version
• download artifact: download_artifact
• download artifact scan: download_artifact_scan
• get artifact scans: get_artifact_scans
• get attribute definition: get_attribute_definition
• get attribute definitions: get_attribute_definitions
• get file token: get_file_token
• get issue template: get_issue_template
• get project version artifacts: get_project_version_artifacts
• get project version attributes: get_project_version_attributes
• get project versions: get_project_versions
• get projects: get_projects
• get token: get_token
• post attribute definition: post_attribute_definition
• upload artifact scan: upload_artifact_scan

The constructor requires only one value - the host address of the Fortify API. All others are optional.

host - The address of the Fortify API

username - If the API is configured for basic auth, both username and password must be provided.
password - If the API is configured for basic auth, both username and password must be provided.
token - If an auth token is available (typically having previously called the get_token() method) the token can be used instead of username / password verify_ssl - Defaults to false. To enable verification of an HTTPS connection to the API, set to True.
user_agent - User agent for requests.
timeout - Time in seconds to wait for a response from the Fortify API.

All calls in this module return an object having the following properties and methods.

success - a boolean indicating if the call was successful or not. True indicates a successful call, while False indicates an unsuccessful call.
response_code - the actual HTTP response code from the call to the Fortify server.
message - if the call was successful, message is 'OK'. If the call was not successful, message is descriptive text of the failure. e.g. An SSL error occurred, etc.
data - the data (if any) returned from the Fortify API.

data_json() - Returns object data as JSON. An optional boolean parameter (pretty), if set to True, will return pretty-formatted JSON.

Below is an example of constructing a FortifyAPI class, calling a method, and exploring the response.

>>> from fortifyapi import fortify

>>> api = FortifyApi('https://fortify.example.com', verify_ssl=True, token=token)

>>> response = api.get_projects()

>>> response.success
True

>>> response.response_code
200

>>> response.message
'OK'

>>> print response.data_json(pretty=True)
[
TODO: PUT EXAMPLE HERE
    ...

Add the specified attribute to the specified project, using the specified value/values

project_version_id
param attribute_definition_id
guid
value
values

Convenience function to set the 'committed' project version attribute to True

project_version_id:

Create a new application (formerly project) version under the specified project

application_name
param application_template
param version_name
param application_id (optional)
param issue_template_id (optional)

Create a new project and new version under that project

project_name
param project_template
param version_name

Download the specified artifact. The returned data is a binary blob of artifact content and file name of the artifact.

artifact_id

            api = FortifyApi("https://my-fortify-server:my-port", token=get_token())
            response, file_name = api.download_artifact_scan("my-id")
            if response.success:
                file_content = response.data
                with open('/path/to/some/folder/' + file_name, 'wb') as f:
                    f.write(file_content)
            else:
                print response.message

Download the specified scan. The returned data is a binary blob of scan content and file name of the scan.

artifact_id

            api = FortifyApi("https://my-fortify-server:my-port", token=get_token())
            response, file_name = api.download_artifact_scan("my-id")
            if response.success:
                file_content = response.data
                with open('/path/to/some/folder/' + file_name, 'wb') as f:
                    f.write(file_content)
            else:
                print response.message

Download a list of scans for the specified artifact.

parent_id

Get attribute definitions matching the specified search

search_expression A Fortify-formatted search expression, e.g. name:"Development Phase"

Get all attribute definitions.

none

Get a token for use in upload or download of a file. Typically for internal use only, but here if needed.

purpose specify if the token is for file 'UPLOAD' or 'DOWNLOAD'

Retrieve the specified project/issue template

project_template_id The project/issue template to retrieve.

Get all artifacts for the specified project version.

parent_id the id of the project version

Get all attributes for the specified project version.

project_version_id the id of the project version

Get all project versions

none

Get all projects

none

Get auth token for use in subsequent API calls

token_type(optional)
ttl

Post the provided attribute definition

attribute_definition

Upload the provided scan to the project version

file_path Full path to the file to upload project_version_id Project version id for the project version to which the scan should be uploaded