Using the GraphQL API¶
BoostSecurity supports GraphQL APIs for programmatically accessing the various data from your account.
Note that the specific data can be accessed through specialized services in the BoostSecurity backend. Each service exposes a GraphQL API for querying and mutating the specific data for that service. For example, account-wide summary data over a period of time can be accessed through the Analytics service. Eventually, these service-specific GraphQL APIs will be replaced with a single GraphQL API that will unify all these services GraphQL APIs into one.
An API key can be used to access the GraphQL API once it is created.
Getting an API Key¶
The first step in using the GraphQL API is to create an API Key.
Listing Boost GraphQL APIs¶
Download the file located at https://app.boostsecurity.io/config.js and retrieve URL ending with graphql.
Accessing the GraphQL API¶
Once you created an API Key, you can access the GraphQL API using either a GraphQL client or an HTTP client. The following gives examples on how to access the GraphQL API using the curl utility.
The API Key is provided with the Authorization header in order to authenticate the request to the server. The keyword ApiKey must be used with the Authorization header, when providing the API Key.
As such:
curl -H "Authorization: ApiKey <api key>" -H "Content-Type: application/json" -d "{}" https://api.boostsecurity.io/<SERVICE>/graphql
The schema can be obtained from the GraphQL API using the GraphQL instrospection. Save the following query in a file named introspection.json:
{
"query":"{
__schema {
queryType {
fields {
name
}
}
mutationType {
fields {
name
}
}
}
}",
"variables":{}
}
Then query the instrospection for the analytics service as follows:
BOOST_API_BASE="https://api.boostsecurity.io"
BOOST_SERVICE="analytics"
BOOST_GRAPHQL_API_URL="${BOOST_API_BASE}/${BOOST_SERVICE}/graphql"
curl -d "$(cat introspection.json | tr -d '\n')" \
-H "Authorization: ApiKey <api key>" \
-H "Content-Type: application/json" \
$BOOST_GRAPHQL_API_URL
Which returns:
{
"data": {
"__schema": {
"queryType": {
"fields": [
{
"name": "projectsPosture"
},
{
"name": "topRepositories"
},
{
"name": "insights"
},
{
"name": "coverage"
},
{
"name": "scanMetrics"
},
{
"name": "scanSummaryMetrics"
}
]
},
"mutationType": null
}
}
}
Example using analytics API¶
For example, in order to get daily activities from the analytics service, between 2022-12-01 and 2022-12-03 save the following as daily_activities.json
{
"query" : "
query(
$from_day: Date
$to_day: Date
$scannerIdsFilter: [String!]
$assetIdsFilter: [String!]
$max_rules: Int
){
insights(
fromDay: $from_day,
toDay: $to_day,
maxRules: $max_rules,
filters: {
scannerIds:$scannerIdsFilter
assetIds:$assetIdsFilter
}
) {
dailyMetric {
timeStamp,
violations,
findings
}
dailyActivity {
timeStamp,
fixedViolations,
mergedViolations
}
summary {
findings {
previous
current
}
violations {
previous
current
}
fixes
mergedViolations
}
}
}
",
"variables" : {
"from_day":"2022-12-01",
"to_day":"2022-12-03",
"scannerIdsFilter":[],
"assetIdsFilter":[]
}
}
Then perform the query for the analytics service as follows:
BOOST_API_BASE="https://api.boostsecurity.io"
BOOST_SERVICE="analytics"
BOOST_GRAPHQL_API_URL="${BOOST_API_BASE}/${BOOST_SERVICE}/graphql"
curl -d "$(cat daily_activities.json | tr -d '\n')" \
-H "Authorization: ApiKey <api key>" \
-H "Content-Type: application/json" \
$BOOST_GRAPHQL_API_URL
Which would return:
{
"data": {
"insights": {
"dailyMetric": [
{
"timeStamp": "2022-12-01T00:00:00",
"violations": 397,
"findings": 104
},
{
"timeStamp": "2022-12-02T00:00:00",
"violations": 397,
"findings": 104
},
{
"timeStamp": "2022-12-03T00:00:00",
"violations": 397,
"findings": 104
}
],
"dailyActivity": [
{
"timeStamp": "2022-12-01T00:00:00",
"fixedViolations": 0,
"mergedViolations": 0
},
{
"timeStamp": "2022-12-02T00:00:00",
"fixedViolations": 0,
"mergedViolations": 0
},
{
"timeStamp": "2022-12-03T00:00:00",
"fixedViolations": 0,
"mergedViolations": 0
}
],
"summary": {
"findings": {
"previous": 104,
"current": 104
},
"violations": {
"previous": 397,
"current": 397
},
"fixes": 0,
"mergedViolations": 0
},
"filters": {
"scannerId": [
{
"value": "boostsecurityio/codeql",
"displayValue": "Boost CodeQL"
},
...
],
"assetId": [
{
"value": "...<some uuid value>...",
"displayValue": "acme-storesrus"
},
{
"value": "...<some other uuid value>...",
"displayValue": "acme-storesrus / account-management"
},
{
"value": "...<some other uuid value>...",
"displayValue": "acme-storesrus / cart-service"
},
{
"value": "...<some other uuid value>...",
"displayValue": "acme-storesrus / fidelity-service"
},
{
"value": "...<some other uuid value>...",
"displayValue": "acme-storesrus / inventory-service"
},
{
"value": "...<some other uuid value>...",
"displayValue": "acme-storesrus / payment-service"
},
{
"value": "...<some other uuid value>...",
"displayValue": "acme-storesrus / services-analytics"
}
]
}
}
}
}