Traceable provides the FPR API to download Fortify Project Results (FPR) files generated from your AST scans. You can extract these files to access detailed information on the detected issues, enabling you to analyze further and integrate with your security workflows.
Note
To enable this API for your account, you must contact Traceable Support.
The following sections highlight the API details and the parameters you can use to download the scan results.
API Details
URI —
https://api.traceable.ai/rest/v1/download/fortify/fprMethod —
GET
Parameters
suiteId (required) — The Scan ID (previously Suite ID) of the scan that contains the scan run number.
Note
To download the scan results, you must have access to the associated environment.
runNumber (optional) — The specific run number for which you wish to download the FPR.
Note
If you do not provide this field, Traceable downloads the FPR for the latest scan run, by default.
Authorization Header
Header Key —
AuthorizationHeader Value —
<traceable-api-key>. For more information on generating the API key, see Public APIs.
Output
The API downloads the results in a file having the following format: <scanName>_<runNumber>.fpr. Unzipping this file extracts the webinspect.xml file containing the issue details.
Sample Requests
The following are sample requests you can use to download the scan results:
# Replace the placeholders in the commands below with your values
# Downloading FPR for a specific scan run number
curl -OJ 'https://api.traceable.ai/rest/v1/download/fortify/fpr?suiteId=<scanId>&runNumber=<runNumber>' \
-H 'Authorization: <traceable-api-key>'
# Downloading FPR for the latest scan run
curl -OJ 'https://api-dev-sandbox.traceable.ai/rest/v1/download/fortify/fpr?suiteId=<scanId>' \
-H 'Authorization: <traceable-api-key>'