@lap v0.3
# Machine-readable API spec. Each @endpoint block is one API call.
@api InsightAppSec API
@base https://[region].api.insight.rapid7.com/ias/v1
@version v1
@auth ApiKey (inferred from docs)
@endpoints 102
@hint download_for_search
@toc apps(17), attack-templates(10), blackouts(5), engine-groups(6), engines(9), modules(4), reports(4), scan-configs(9), scans(9), schedules(5), search(1), tags(5), targets(5), vulnerabilities(13)

@group apps
@endpoint GET /apps
@desc Get Apps
@optional {index: int(int32), size: int(int32), sort: str, page-token: str}
@returns(200) {data: [any], metadata: any, links: [any]} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint POST /apps
@desc Create App
@required {name: str # The name of the App}
@optional {id: str(uuid) # The ID of the App, description: str # The description of the App}
@returns(201) Created
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endpoint GET /apps/{app-id}
@desc Get App
@required {app-id: str(uuid)}
@returns(200) {id: str(uuid), name: str, description: str, links: [any]} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint PUT /apps/{app-id}
@desc Update App
@required {app-id: str(uuid), name: str # The name of the App}
@optional {id: str(uuid) # The ID of the App, description: str # The description of the App}
@returns(200) OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endpoint DELETE /apps/{app-id}
@desc Delete App
@required {app-id: str(uuid)}
@returns(204) No Content
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 500: Internal error}

@endpoint GET /apps/{app-id}/files
@desc Get Files
@required {app-id: str(uuid)}
@optional {index: int(int32), size: int(int32), sort: str, page-token: str}
@returns(200) {data: [any], metadata: any, links: [any]} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint POST /apps/{app-id}/files
@desc Create File
@required {app-id: str(uuid), name: str # The name of the File, type: str(MACRO/RECORDED_TRAFFIC/SELENIUM/WSDL/SWAGGER/CERTIFICATE/GRAPHQL) # The File Type of the File, locked: bool # The Locked property of the File}
@optional {id: str(uuid) # The ID of the File, description: str # The description of the File, owner: any # The ID of the module, content_available: bool # If the File Content has been uploaded, last_updated_by_user: any # The ID of the module, last_updated: str # The time when the File was last updated}
@returns(201) Created
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endpoint GET /apps/{app-id}/files/{file-id}
@desc Get File
@required {app-id: str(uuid), file-id: str(uuid)}
@returns(200) OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint PUT /apps/{app-id}/files/{file-id}
@desc Update File
@required {app-id: str(uuid), file-id: str(uuid), name: str # The name of the File, type: str(MACRO/RECORDED_TRAFFIC/SELENIUM/WSDL/SWAGGER/CERTIFICATE/GRAPHQL) # The File Type of the File, locked: bool # The Locked property of the File}
@optional {id: str(uuid) # The ID of the File, description: str # The description of the File, owner: any # The ID of the module, content_available: bool # If the File Content has been uploaded, last_updated_by_user: any # The ID of the module, last_updated: str # The time when the File was last updated}
@returns(200) OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endpoint POST /apps/{app-id}/files/{file-id}
@desc Upload File Content
@required {app-id: str(uuid), file-id: str(uuid)}
@returns(201) Created
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endpoint DELETE /apps/{app-id}/files/{file-id}
@desc Delete File
@required {app-id: str(uuid), file-id: str(uuid)}
@returns(204) No Content
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 500: Internal error}

@endpoint GET /apps/{app-id}/tags
@desc Get App Tags
@required {app-id: str(uuid)}
@returns(200) OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint POST /apps/{app-id}/tags
@desc Add App Tag
@required {app-id: str(uuid), id: str(uuid)}
@returns(201) Created
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endpoint DELETE /apps/{app-id}/tags/{tag-id}
@desc Remove App Tag
@required {app-id: str(uuid), tag-id: str(uuid)}
@returns(204) No Content
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 500: Internal error}

@endpoint GET /apps/{app-id}/users
@desc Get App Users
@required {app-id: str(uuid)}
@returns(200) OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint POST /apps/{app-id}/users
@desc Add App User
@required {app-id: str(uuid), id: str(uuid)}
@returns(201) Created
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endpoint DELETE /apps/{app-id}/users/{user-id}
@desc Remove App User
@required {app-id: str(uuid), user-id: str(uuid)}
@returns(204) No Content
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 500: Internal error}

@endgroup

@group attack-templates
@endpoint GET /attack-templates
@desc Get Attack Templates
@optional {index: int(int32), size: int(int32), sort: str, page-token: str}
@returns(200) {data: [any], metadata: any, links: [any]} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint POST /attack-templates
@desc Create Attack Template
@required {name: str # The name of the attack template}
@optional {id: str(uuid) # The ID of the attack template, description: str # The description of the attack template, system_defined: bool # A read-only flag that indicates if the Attack Template is system-defined (immutable), browser_encoding_enabled: bool # A flag that is used to enforce browser encoding on all attacks, attack_prioritization: str(SEQUENTIAL/SMART/RANDOMIZED) # The Attack Prioritization type, advanced_attacks_enabled: bool # A flag to enable advanced Attacks, false_positive_regex: str # Regex used to indicate a false positive}
@returns(200) OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endpoint GET /attack-templates/module-configs
@desc Get Attack Modules Configs
@returns(200) OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint GET /attack-templates/{attack-template-id}
@desc Get Attack Template
@required {attack-template-id: str(uuid)}
@returns(200) {id: str(uuid), name: str, description: str, system_defined: bool, browser_encoding_enabled: bool, attack_prioritization: str, advanced_attacks_enabled: bool, false_positive_regex: str, links: [any]} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint PUT /attack-templates/{attack-template-id}
@desc Update Attack Template
@required {attack-template-id: str(uuid), name: str # The name of the attack template}
@optional {id: str(uuid) # The ID of the attack template, description: str # The description of the attack template, system_defined: bool # A read-only flag that indicates if the Attack Template is system-defined (immutable), browser_encoding_enabled: bool # A flag that is used to enforce browser encoding on all attacks, attack_prioritization: str(SEQUENTIAL/SMART/RANDOMIZED) # The Attack Prioritization type, advanced_attacks_enabled: bool # A flag to enable advanced Attacks, false_positive_regex: str # Regex used to indicate a false positive}
@returns(200) OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endpoint DELETE /attack-templates/{attack-template-id}
@desc Delete Attack Template
@required {attack-template-id: str(uuid)}
@returns(204) No Content
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 500: Internal error}

@endpoint GET /attack-templates/{attack-template-id}/modules
@desc Get Attack Modules
@required {attack-template-id: str(uuid)}
@returns(200) OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint POST /attack-templates/{attack-template-id}/modules
@desc Create Attack Module
@required {attack-template-id: str(uuid), module_config_id: str(uuid) # The ID of the configuration for the attack module, severity: str(CRITICAL/HIGH/MEDIUM/LOW/INFORMATIONAL/SAFE) # The severity that should be used for this attack module, max_findings: int(int32) # The maximum findings per attack module}
@optional {id: str(uuid) # The ID of the attack module, enabled: bool # A flag to indicate if this module should be enabled, parameter_locations: [str] # The list of parameter locations for this attack module}
@returns(200) OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endpoint PUT /attack-templates/{attack-template-id}/modules/{attack-module-id}
@desc Update Attack Module
@required {attack-template-id: str(uuid), attack-module-id: str(uuid), module_config_id: str(uuid) # The ID of the configuration for the attack module, severity: str(CRITICAL/HIGH/MEDIUM/LOW/INFORMATIONAL/SAFE) # The severity that should be used for this attack module, max_findings: int(int32) # The maximum findings per attack module}
@optional {id: str(uuid) # The ID of the attack module, enabled: bool # A flag to indicate if this module should be enabled, parameter_locations: [str] # The list of parameter locations for this attack module}
@returns(200) OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endpoint DELETE /attack-templates/{attack-template-id}/modules/{attack-module-id}
@desc Delete Attack Module
@required {attack-template-id: str(uuid), attack-module-id: str(uuid)}
@returns(204) No Content
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 500: Internal error}

@endgroup

@group blackouts
@endpoint GET /blackouts
@desc Get Blackouts
@optional {index: int(int32), size: int(int32), sort: str, page-token: str}
@returns(200) {data: [any], metadata: any, links: [any]} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint POST /blackouts
@desc Create Blackout
@required {name: str # The name of the Blackout, enabled: bool # The enabled property of the Blackout, first_start: str(date-time) # The first start date and time of the Blackout, first_end: str(date-time) # The first end date and time of the Blackout}
@optional {id: str(uuid) # The ID of the Blackout, scope: str(APP/GLOBAL) # The scope of the Blackout, active: bool # The current active status of the Blackout, app: any # The last editor of the comment, last_start: str(date-time) # The last start date and time of the Blackout, frequency: any # The frequency at which the Blackout applies. Should not be included if a rrule has been provided., rrule: str # The rrule describes how (and if) the blackout should repeat. Should not be included if a frequency has been provided.}
@returns(201) Created
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endpoint GET /blackouts/{blackout-id}
@desc Get Blackout
@required {blackout-id: str(uuid)}
@returns(200) {id: str(uuid), name: str, scope: str, enabled: bool, active: bool, app: any, first_start: str(date-time), first_end: str(date-time), last_start: str(date-time), frequency: any, rrule: str, links: [any]} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint PUT /blackouts/{blackout-id}
@desc Update Blackout
@required {blackout-id: str(uuid), name: str # The name of the Blackout, enabled: bool # The enabled property of the Blackout, first_start: str(date-time) # The first start date and time of the Blackout, first_end: str(date-time) # The first end date and time of the Blackout}
@optional {id: str(uuid) # The ID of the Blackout, scope: str(APP/GLOBAL) # The scope of the Blackout, active: bool # The current active status of the Blackout, app: any # The last editor of the comment, last_start: str(date-time) # The last start date and time of the Blackout, frequency: any # The frequency at which the Blackout applies. Should not be included if a rrule has been provided., rrule: str # The rrule describes how (and if) the blackout should repeat. Should not be included if a frequency has been provided.}
@returns(200) OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endpoint DELETE /blackouts/{blackout-id}
@desc Delete Blackout
@required {blackout-id: str(uuid)}
@returns(204) No Content
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 500: Internal error}

@endgroup

@group engine-groups
@endpoint GET /engine-groups
@desc Get Engine Groups
@optional {index: int(int32), size: int(int32), sort: str, page-token: str}
@returns(200) {data: [any], metadata: any, links: [any]} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint POST /engine-groups
@desc Create Engine Group
@required {name: str # The name of the Engine Group}
@optional {id: str(uuid) # The ID of the Engine Group, description: str # The description of the Engine Group}
@returns(201) Created
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endpoint GET /engine-groups/{engine-group-id}
@desc Get Engine Group
@required {engine-group-id: str(uuid)}
@returns(200) {id: str(uuid), name: str, description: str, links: [any]} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint PUT /engine-groups/{engine-group-id}
@desc Update Engine Group
@required {engine-group-id: str(uuid), name: str # The name of the Engine Group}
@optional {id: str(uuid) # The ID of the Engine Group, description: str # The description of the Engine Group}
@returns(200) OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endpoint DELETE /engine-groups/{engine-group-id}
@desc Delete Engine Group
@required {engine-group-id: str(uuid)}
@returns(204) No Content
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 500: Internal error}

@endpoint GET /engine-groups/{engine-group-id}/engines
@desc Get Engine Group Engines
@required {engine-group-id: str(uuid)}
@optional {index: int(int32), size: int(int32), sort: str, page-token: str}
@returns(200) {data: [any], metadata: any, links: [any]} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endgroup

@group engines
@endpoint GET /engines
@desc Get Engines
@required {pageConfig: any}
@returns(200) {data: [any], metadata: any, links: [any]} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint POST /engines
@desc Create Engine
@required {name: str # The name of the Engine, auto_upgrade: bool # A flag which can be set to mark the Engine for auto upgrade}
@optional {id: str(uuid) # The ID of the Engine, engine_group: any # The Engine Group the Engine is assigned to, status: str(INITIALIZING/LICENSING/TERMINATING/IDLE/OFFLINE/SCANNING/UPGRADING/PARKED/FAILED) # The status of the Engine, failure_reason: str(TERMINATION_FAILED/INITIALIZATION_FAILED/UPGRADE_FAILED/GENERAL_FAILURE) # The reason the Engine may have failed, latest_version: bool # A read only flag which indicates if the Engine is latest version, upgradeable: bool # A read only flag which indicates if the Engine is capable of upgrading}
@returns(201) Created
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endpoint GET /engines/{engine-id}
@desc Get Engine
@required {engine-id: str(uuid)}
@returns(200) {id: str(uuid), name: str, engine_group: any, status: str, failure_reason: str, latest_version: bool, upgradeable: bool, auto_upgrade: bool, links: [any]} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint PUT /engines/{engine-id}
@desc Update Engine
@required {engine-id: str(uuid), name: str # The name of the Engine, auto_upgrade: bool # A flag which can be set to mark the Engine for auto upgrade}
@optional {id: str(uuid) # The ID of the Engine, engine_group: any # The Engine Group the Engine is assigned to, status: str(INITIALIZING/LICENSING/TERMINATING/IDLE/OFFLINE/SCANNING/UPGRADING/PARKED/FAILED) # The status of the Engine, failure_reason: str(TERMINATION_FAILED/INITIALIZATION_FAILED/UPGRADE_FAILED/GENERAL_FAILURE) # The reason the Engine may have failed, latest_version: bool # A read only flag which indicates if the Engine is latest version, upgradeable: bool # A read only flag which indicates if the Engine is capable of upgrading}
@returns(200) OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endpoint DELETE /engines/{engine-id}
@desc Delete Engine
@required {engine-id: str(uuid)}
@returns(204) No Content
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 500: Internal error}

@endpoint GET /engines/{engine-id}/credential
@desc Get Engine Credential
@required {engine-id: str(uuid)}
@returns(200) {api_key: str} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint PUT /engines/{engine-id}/credential
@desc Regenerate Engine Credential
@required {engine-id: str(uuid)}
@returns(200) OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endpoint DELETE /engines/{engine-id}/credential
@desc Delete Engine Credential
@required {engine-id: str(uuid)}
@returns(204) No Content
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 500: Internal error}

@endpoint POST /engines/{engine-id}/upgrade
@desc Upgrade Engine
@required {engine-id: str(uuid)}
@returns(202) Accepted
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endgroup

@group modules
@endpoint GET /modules
@desc Get Modules
@returns(200) OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint GET /modules/{module-id}
@desc Get Module
@required {module-id: str(uuid)}
@returns(200) {id: str(uuid), name: str, description: str} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint GET /modules/{module-id}/attacks/{attack-id}
@desc Get Attack
@required {module-id: str(uuid), attack-id: str}
@returns(200) {id: str, type: str, class: str, description: str} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint GET /modules/{module-id}/attacks/{attack-id}/documentation
@desc Get Attack Documentation
@required {module-id: str(uuid), attack-id: str}
@returns(200) {references: map, description: str, recommendation: str} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endgroup

@group reports
@endpoint GET /reports
@desc Get Reports
@optional {index: int(int32), size: int(int32), sort: str, page-token: str}
@returns(200) {data: [any], metadata: any, links: [any]} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint POST /reports
@desc Generate Report
@required {name: str # The name of the Report, type: str(VULN_SUMMARY/VULN_REMEDIATION/PCI_COMPLIANCE/PCI4_COMPLIANCE/OWASP_2013_COMPLIANCE/OWASP_2017_COMPLIANCE/OWASP_2021_COMPLIANCE/OWASP_2023API_COMPLIANCE/OWASP_2025_COMPLIANCE/GDPR_2016_COMPLIANCE/SOX_COMPLIANCE/HIPAA_COMPLIANCE/EXEC_SINGLE_APP/EXEC_ALL_APPS/EXEC_SINGLE_APP_NEW_VULNS/EXEC_ALL_APPS_NEW_VULNS/EXEC_SINGLE_APP_ALL_VULNS/EXEC_ALL_APPS_ALL_VULNS) # The type of the Report.EXEC_SINGLE_APP is deprecated. Use EXEC_SINGLE_APP_NEW_VULNS or EXEC_SINGLE_APP_ALL_VULNS instead. EXEC_ALL_APPS is deprecated. Use EXEC_ALL_APPS_NEW_VULNS or EXEC_ALL_APPS_ALL_VULNS instead., format: str(HTML/CSV/PDF) # The format of the Report}
@optional {scan: any # The Scan associated with the Report, app: any # The App that the Scan is associated with, start: str # The start date range scope for the Report yyyy-mm-dd, end: str # The end date range scope for the Report yyyy-mm-dd, month: str # The month date range scope for the Report yyyy-mm, filter: str # Search-format filter relevant to the Report Type that narrows its scope}
@returns(201) Created
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endpoint GET /reports/{report-id}
@desc Get Report
@required {report-id: str(uuid)}
@returns(200) {id: str(uuid), name: str, type: str, format: str, owner: any, generated_date: str(date-time), app: any, status: str, links: [any]} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint DELETE /reports/{report-id}
@desc Delete Report
@required {report-id: str(uuid)}
@returns(204) No Content
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 500: Internal error}

@endgroup

@group scan-configs
@endpoint GET /scan-configs
@desc Get Scan Configs
@optional {include-errors: bool=true, index: int(int32), size: int(int32), sort: str, page-token: str}
@returns(200) {data: [any], metadata: any, links: [any]} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint POST /scan-configs
@desc Create Scan Config
@required {name: str # The name of the Scan Config, app: any # The App that the Scan is associated with, attack_template: any # The attack template that the Scan Config should use}
@optional {id: str(uuid) # The ID of the Scan Config, description: str # The description of the Scan Config, incremental: bool # A flag to enable incremental scanning, assignment: any # The engine assignment that the Scan should use, errors: [str] # A list of errors that detail any current validation failures}
@returns(201) Created
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endpoint GET /scan-configs/options/default
@desc Get Scan Configs Options Default
@returns(200) {detailed_logging: bool, display_imminent_license_expiry_message: bool, java_script_engine: str, scan_module_parameter_files_list: [any], crawl_config: any, attacker_config: any, auth_config: any, proxy_config: any, ssl_cert_config: any, network_settings_config: any, performance_config: any, http_headers_config: any, manual_crawling_config: any, parameter_training_config: any, auto_sequence_config: any, macro_config: any, selenium_config: any, web_service_config: any, one_time_token_config: any, parameter_parser_config: any, parameter_value_config: any, chrome_host_config: any, token_replacement_config: any, chatbot_config: any} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint GET /scan-configs/{scan-config-id}
@desc Get Scan Config
@required {scan-config-id: str(uuid)}
@returns(200) {id: str(uuid), name: str, description: str, app: any, attack_template: any, incremental: bool, assignment: any, errors: [str], links: [any]} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint PUT /scan-configs/{scan-config-id}
@desc Update Scan Config
@required {scan-config-id: str(uuid), name: str # The name of the Scan Config, app: any # The App that the Scan is associated with, attack_template: any # The attack template that the Scan Config should use}
@optional {id: str(uuid) # The ID of the Scan Config, description: str # The description of the Scan Config, incremental: bool # A flag to enable incremental scanning, assignment: any # The engine assignment that the Scan should use, errors: [str] # A list of errors that detail any current validation failures}
@returns(200) OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endpoint DELETE /scan-configs/{scan-config-id}
@desc Delete Scan Config
@required {scan-config-id: str(uuid)}
@returns(204) No Content
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 500: Internal error}

@endpoint GET /scan-configs/{scan-config-id}/options
@desc Get Scan Config Options
@required {scan-config-id: str(uuid)}
@returns(200) {detailed_logging: bool, display_imminent_license_expiry_message: bool, java_script_engine: str, scan_module_parameter_files_list: [any], crawl_config: any, attacker_config: any, auth_config: any, proxy_config: any, ssl_cert_config: any, network_settings_config: any, performance_config: any, http_headers_config: any, manual_crawling_config: any, parameter_training_config: any, auto_sequence_config: any, macro_config: any, selenium_config: any, web_service_config: any, one_time_token_config: any, parameter_parser_config: any, parameter_value_config: any, chrome_host_config: any, token_replacement_config: any, chatbot_config: any} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint PUT /scan-configs/{scan-config-id}/options
@desc Update Scan Config Options
@required {scan-config-id: str(uuid)}
@optional {detailed_logging: bool, display_imminent_license_expiry_message: bool, java_script_engine: str(DEFAULT/INTERNET_EXPLORER/CHROME/CHROMIUM), scan_module_parameter_files_list: [any], crawl_config: any, attacker_config: any, auth_config: any, proxy_config: any, ssl_cert_config: any, network_settings_config: any, performance_config: any, http_headers_config: any, manual_crawling_config: any, parameter_training_config: any, auto_sequence_config: any, macro_config: any, selenium_config: any, web_service_config: any, one_time_token_config: any, parameter_parser_config: any, parameter_value_config: any, chrome_host_config: any, token_replacement_config: any, chatbot_config: any}
@returns(200) OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endpoint PATCH /scan-configs/{scan-config-id}/options
@desc Patch Scan Config Options
@required {scan-config-id: str(uuid)}
@optional {detailed_logging: bool, display_imminent_license_expiry_message: bool, java_script_engine: str(DEFAULT/INTERNET_EXPLORER/CHROME/CHROMIUM), scan_module_parameter_files_list: [any], crawl_config: any, attacker_config: any, auth_config: any, proxy_config: any, ssl_cert_config: any, network_settings_config: any, performance_config: any, http_headers_config: any, manual_crawling_config: any, parameter_training_config: any, auto_sequence_config: any, macro_config: any, selenium_config: any, web_service_config: any, one_time_token_config: any, parameter_parser_config: any, parameter_value_config: any, chrome_host_config: any, token_replacement_config: any, chatbot_config: any}
@returns(200) OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endgroup

@group scans
@endpoint GET /scans
@desc Get Scans
@optional {index: int(int32), size: int(int32), sort: str, page-token: str}
@returns(200) {data: [any], metadata: any, links: [any]} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint POST /scans
@desc Submit Scan
@required {scan_config: any # The Scan Config used when the Scan was submitted, must be associated with the App specified for this Scan}
@optional {id: str(uuid) # The ID of the Scan, app: any # The ID of the module, submitter: any # The submitter of the Scan, submit_time: str # The time the Scan was submitted, completion_time: str # The time the Scan was completed, status: str(PENDING/QUEUED/PROVISIONING/RUNNING/SCANNED/PROCESSED/COMPLETE/PAUSED/BLACKED_OUT/AWAITING_AUTHENTICATION/AUTHENTICATED/PAUSING/RESUMING/STOPPING/CANCELING/AUTHENTICATING/FAILED) # The status of the Scan, failure_reason: str(CANCELED/NETWORK_UNAVAILABLE/SYSTEM_ERROR/CONFIGURATION_INVALID/BAD_AUTH/LICENSE_INVALID/TARGETS_INVALID/ENGINE_UNAVAILABLE/INITIALIZATION_FAILURE/SWAGGER_PARSING_ERROR/DATABASE_TOO_LARGE/INSUFFICIENT_DISK_SPACE/INSUFFICIENT_MEMORY/TOO_MANY_THREADS/RASP_FAILURE/BOOTSTRAP_AUTHENTICATION_FAILURE/REPORT_GENERATION_FAILURE) # The reason the Scan may have failed, validation: any # The Validation resource. Should not be included if a Specialized Scan Parameters Resource has been provided., scan_type: str(REGULAR/VERIFICATION/INCREMENTAL) # The type of Scan, specialized_scan_parameters: any # The Specialized Scan Parameters Resource used to start a validation scan with a subset of vulnerability ids. Should not be included if a Scan Verification Resource has been provided.}
@returns(201) Created
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endpoint GET /scans/{scan-id}
@desc Get Scan
@required {scan-id: str(uuid)}
@returns(200) {id: str(uuid), app: any, scan_config: any, submitter: any, submit_time: str, completion_time: str, status: str, failure_reason: str, validation: any, scan_type: str, specialized_scan_parameters: any, links: [any]} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint DELETE /scans/{scan-id}
@desc Delete Scan
@required {scan-id: str(uuid)}
@returns(204) No Content
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 500: Internal error}

@endpoint GET /scans/{scan-id}/action
@desc Get Scan Action
@required {scan-id: str(uuid)}
@returns(204) {action: str} # No Content
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint PUT /scans/{scan-id}/action
@desc Submit Scan Action
@required {scan-id: str(uuid), action: str(PAUSE/RESUME/STOP/AUTHENTICATE/CANCEL)}
@returns(200) OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endpoint GET /scans/{scan-id}/engine-events
@desc Get Scan Engine Events
@required {scan-id: str(uuid)}
@returns(200) OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint GET /scans/{scan-id}/execution-details
@desc Get Scan Execution Details
@required {scan-id: str(uuid)}
@returns(200) {logged_in: bool, links_in_queue: int(int32), links_crawled: int(int32), attacks_in_queue: int(int32), attacked: int(int32), vulnerable: int(int32), requests: int(int32), failed_requests: int(int32), network_speed: int(int32), drip_delay: int(int32)} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint GET /scans/{scan-id}/platform-events
@desc Get Scan Platform Events
@required {scan-id: str(uuid)}
@returns(200) OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endgroup

@group schedules
@endpoint GET /schedules
@desc Get Schedules
@optional {index: int(int32), size: int(int32), sort: str, page-token: str}
@returns(200) {data: [any], metadata: any, links: [any]} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint POST /schedules
@desc Create Schedule
@required {name: str # The name of the Schedule, enabled: bool # The enabled property of the Schedule, scan_config: any # The Scan Config of the Schedule, first_start: str(date-time) # The first start date and time of the Schedule}
@optional {id: str(uuid) # The ID of the Schedule, last_start: str(date-time) # The last start date and time of the Schedule, frequency: any # The frequency describes how (and if) the Schedule should repeat. Should not be included if a rrule has been provided., rrule: str # The rrule describes how (and if) the schedule should repeat. Should not be included if a frequency has been provided.}
@returns(201) Created
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endpoint GET /schedules/{schedule-id}
@desc Get Schedule
@required {schedule-id: str(uuid)}
@returns(200) {id: str(uuid), name: str, enabled: bool, scan_config: any, first_start: str(date-time), last_start: str(date-time), frequency: any, rrule: str, links: [any]} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint PUT /schedules/{schedule-id}
@desc Update Schedule
@required {schedule-id: str(uuid), name: str # The name of the Schedule, enabled: bool # The enabled property of the Schedule, scan_config: any # The Scan Config of the Schedule, first_start: str(date-time) # The first start date and time of the Schedule}
@optional {id: str(uuid) # The ID of the Schedule, last_start: str(date-time) # The last start date and time of the Schedule, frequency: any # The frequency describes how (and if) the Schedule should repeat. Should not be included if a rrule has been provided., rrule: str # The rrule describes how (and if) the schedule should repeat. Should not be included if a frequency has been provided.}
@returns(200) OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endpoint DELETE /schedules/{schedule-id}
@desc Delete Schedule
@required {schedule-id: str(uuid)}
@returns(204) No Content
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 500: Internal error}

@endgroup

@group search
@endpoint POST /search
@desc Perform Search
@required {type: str(APP/SCAN/SCAN_CONFIG/VULNERABILITY/VULNERABILITY_DISCOVERY/ATTACK_TEMPLATE/TARGET/ENGINE/ENGINE_GROUP/SCHEDULE/BLACKOUT/FILE/TAG/REPORT) # The type of resource to Search, query: str # The query for the Search}
@optional {limitData: bool, index: int(int32), size: int(int32), sort: str, page-token: str}
@returns(200) {data: [map], metadata: any, links: [any]} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endgroup

@group tags
@endpoint GET /tags
@desc Get Tags
@optional {root: bool=false, index: int(int32), size: int(int32), sort: str, page-token: str}
@returns(200) {data: [any], metadata: any, links: [any]} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint POST /tags
@desc Create Tag
@required {name: str # The name of the Tag}
@optional {id: str(uuid) # The ID of the Tag, creator: any # The ID of the module, create_time: str # The time the Tag was created}
@returns(201) Created
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endpoint GET /tags/{tag-id}
@desc Get Tag
@required {tag-id: str(uuid)}
@returns(200) {id: str(uuid), name: str, creator: any, create_time: str, links: [any]} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint PUT /tags/{tag-id}
@desc Update Tag
@required {tag-id: str(uuid), name: str # The name of the Tag}
@optional {id: str(uuid) # The ID of the Tag, creator: any # The ID of the module, create_time: str # The time the Tag was created}
@returns(200) OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endpoint DELETE /tags/{tag-id}
@desc Delete Tag
@required {tag-id: str(uuid)}
@optional {cascade: bool=false}
@returns(204) No Content
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 500: Internal error}

@endgroup

@group targets
@endpoint GET /targets
@desc Get Targets
@optional {index: int(int32), size: int(int32), sort: str, page-token: str}
@returns(200) {data: [any], metadata: any, links: [any]} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint POST /targets
@desc Create Target
@required {domain: str # The fully qualified domain name of the Target}
@optional {id: str(uuid) # The ID of the Target, enabled: bool # The enabled property of the Target, archived: bool # The archived property of the Target}
@returns(201) Created
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endpoint GET /targets/{target-id}
@desc Get Target
@required {target-id: str(uuid)}
@returns(200) {id: str(uuid), domain: str, enabled: bool, archived: bool, links: [any]} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint PUT /targets/{target-id}
@desc Update Target
@required {target-id: str(uuid), domain: str # The fully qualified domain name of the Target}
@optional {id: str(uuid) # The ID of the Target, enabled: bool # The enabled property of the Target, archived: bool # The archived property of the Target}
@returns(200) OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endpoint DELETE /targets/{target-id}
@desc Delete Target
@required {target-id: str(uuid)}
@returns(204) No Content
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 500: Internal error}

@endgroup

@group vulnerabilities
@endpoint GET /vulnerabilities
@desc Get Vulnerabilities
@optional {index: int(int32), size: int(int32), sort: str, page-token: str}
@returns(200) {data: [any], metadata: any, links: [any]} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint POST /vulnerabilities/variances/documentation
@desc Get Vulnerability Variances Documentation
@optional {variance_ids: [str(uuid)], scan_id: str(uuid), vuln_uuids: [str(uuid)], vuln_ids: [str(uuid)]}
@returns(200) OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endpoint GET /vulnerabilities/{vuln-id}
@desc Get Vulnerability
@required {vuln-id: str(uuid)}
@returns(200) {id: str(uuid), app: any, root_cause: any, severity: str, status: str, first_discovered: str, last_discovered: str, newly_discovered: bool, variances: [any], vector_string: str, vulnerability_score: num(double), insight_ui_url: str, updated_time: str(date-time), links: [any]} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint PUT /vulnerabilities/{vuln-id}
@desc Update Vulnerability
@required {vuln-id: str(uuid)}
@optional {id: str(uuid) # The ID of the Vulnerability, app: any # The ID of the module, root_cause: any # A descriptor for the location of the Vulnerability, severity: str(SAFE/INFORMATIONAL/LOW/MEDIUM/HIGH/CRITICAL) # The severity of the Vulnerability, status: str(UNREVIEWED/FALSE_POSITIVE/VERIFIED/IGNORED/REMEDIATED/DUPLICATE) # The status of the Vulnerability, first_discovered: str # The time the Vulnerability was first discovered, last_discovered: str # The time the Vulnerability was last discovered, newly_discovered: bool # Indicates that the vulnerability has been found in the latest scan and has not been discovered before, variances: [any] # Evidence found that indicates the presence of a Vulnerability, vector_string: str # Textual representation of the metric values used to determine the CVSS score, vulnerability_score: num(double) # CVSS score which represents the severity of an information security vulnerability, insight_ui_url: str # Direct link to the Vulnerability on InsightAppSec UI. Require InsightAppSec login before use., updated_time: str(date-time) # ${public-api.docs.models.vulnerability.properties.updated-time}}
@returns(200) OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endpoint GET /vulnerabilities/{vuln-id}/comments
@desc Get Vulnerability Comments
@required {vuln-id: str(uuid)}
@returns(200) {data: [any], metadata: any, links: [any]} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint POST /vulnerabilities/{vuln-id}/comments
@desc Create Vulnerability Comment
@required {vuln-id: str(uuid), content: str # The content of the Vulnerability Comment}
@optional {id: str(uuid) # The ID of the Vulnerability Comment, vulnerability: any # The last editor of the comment, author: any # The last editor of the comment, last_update_author: any # The last editor of the comment, create_time: str # The time when the Vulnerability Comment was created, update_time: str # The time when the Vulnerability Comment was last edited}
@returns(201) Created
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endpoint GET /vulnerabilities/{vuln-id}/comments/{comment-id}
@desc Get Vulnerability Comment
@required {vuln-id: str(uuid), comment-id: str(uuid)}
@returns(200) {id: str(uuid), vulnerability: any, author: any, last_update_author: any, content: str, create_time: str, update_time: str, links: [any]} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint PUT /vulnerabilities/{vuln-id}/comments/{comment-id}
@desc Update Vulnerability Comment
@required {vuln-id: str(uuid), comment-id: str(uuid), content: str # The content of the Vulnerability Comment}
@optional {id: str(uuid) # The ID of the Vulnerability Comment, vulnerability: any # The last editor of the comment, author: any # The last editor of the comment, last_update_author: any # The last editor of the comment, create_time: str # The time when the Vulnerability Comment was created, update_time: str # The time when the Vulnerability Comment was last edited}
@returns(200) OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 422: Resource validation error, 500: Internal error}

@endpoint DELETE /vulnerabilities/{vuln-id}/comments/{comment-id}
@desc Delete Vulnerability Comment
@required {vuln-id: str(uuid), comment-id: str(uuid)}
@returns(204) No Content
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 409: Action conflict, 415: Unsupported Media Type, 500: Internal error}

@endpoint GET /vulnerabilities/{vuln-id}/discoveries
@desc Get Vulnerability Discoveries
@required {vuln-id: str(uuid)}
@optional {index: int(int32), size: int(int32), sort: str, page-token: str}
@returns(200) {data: [any], metadata: any, links: [any]} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint GET /vulnerabilities/{vuln-id}/discoveries/{vuln-discovery-id}
@desc Get Vulnerability Discovery
@required {vuln-id: str(uuid), vuln-discovery-id: str(uuid)}
@returns(200) {id: str(uuid), vulnerability: any, scan: any, discovered: str, links: [any]} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint GET /vulnerabilities/{vuln-id}/history
@desc Get Vulnerability History
@required {vuln-id: str(uuid)}
@returns(200) {empty: bool, first: any, last: any} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endpoint GET /vulnerabilities/{vuln-id}/variances/{variance-id}/documentation
@desc Get Vulnerability Variance Documentation
@required {vuln-id: str(uuid), variance-id: str(uuid)}
@returns(200) {references: map, description: str, recommendation: str, id: str(uuid)} # OK
@errors {400: Bad Request, 401: Unauthenticated, 403: Unauthorized, 404: Resource not found, 415: Unsupported Media Type, 500: Internal error}

@endgroup

@end