• Added new API endpoints to get, create, and delete Auth Integration connections.

Team Onboarding

  • Updated existing API endpoints for Team Onboarding Connections to include two new fields (repo_full_name and integration_key).


Team Onboarding

  • Added new API endpoints to get Team Onboarding scans and to start a Team Onboarding scan job.
  • Added new API endpoints to get, create, update, and delete Team Onboarding connections.


  • Added parent_answer field on /api/v2/library/componentquestions/ endpoint.
  • Added tree depth and path fields to the /api/v2/library/attributes/ endpoint response.
  • Added additional filters to the /api/v2/library/attributes/ endpoint: name, description, parent and depth. Added expand filter for path.
  • Added Create and Update endpoints to /api/v2/library/attributes/
  • Added Beta notes for /api/v2/library/componentquestions/, /api/v2/library/attributes/, and /api/docs/library-components/ endpoints.


  • Added ordering for active field for profiles on the GET api/v2/profiles/ endpoint
  • Added the following query params for /api/v2/profiles/ endpoint.
    • type__in
    • active__in
  • Added PATCH functionality for active, answers, default, description, and name fields for custom profiles on the /api/v2/profiles/{profile_id} endpoint.
  • Added DELETE functionality to /api/v2/profiles/{profile_id} endpoint.
  • Added POST functionality to /api/v2/profiles/ endpoint.
  • Added readonly created_by, created_date, last_updated_date, and last_updated_by fields


Advanced Reports

  • Added new Trend Reporting contexts for query field on POST api/v2/queries/ and PATCH api/v2/queries/{query_id}/ endpoints.
  • Added timeDimensions field to the query field on POST api/v2/queries/ and PATCH api/v2/queries/{query_id}/ endpoints.
  • Added type field on POST api/v2/queries/ and PATCH api/v2/queries/{query_id}/ endpoints.


  • Added the /api/v2/library/component-icons/ endpoint to provide a list of available icons for Library Components.
  • Added icon_slug and icon_url fields to the /api/v2/library/components/ endpoint.



  • Revised terminology to align with industry standards. Problems will now be referred to as Weaknesses, and Tasks will be referred to as Countermeasures.


  • Added /api/v2/automation/trigger-event/ endpoint to allow users to trigger the automations.


  • Deprecated /api/v2/projects/{project_id}/diagram/


  • Added the Library Component Question, and Subquestions when answers are expanded, to the /api/v2/library/componentquestions/ endpoint.

Library attributes

  • Added Library Attributes endpoint.

Library components

  • Added an expandable implied_attributes field in /api/v2/library/components/{component_id}/ and /api/v2/library/components/ endpoints.
  • Added component_questions field in /api/v2/library/components/ endpoint.



  • Added external_id field in /api/v2/users/ endpoint.


  • Added external_id field in /api/v2/projects/ endpoint.
  • Added relevant_via_survey element to GET /api/v2/projects/{project_id}/tasks/ endpoint.

Project Survey History

  • Added answer expand filter option in the /api/v2/projects/1/survey/history/ endpoint.
  • Added visible_only query parameter
  • Added carried_over_history include parameter to /api/v2/projects/{project_id}/survey/history/ endpoint.

Project Survey Draft

  • Added dirty field to the /api/v2/projects/{project_id}/survey/draft/ endpoint.


  • Updated response to reflect CAM JSON returning from /api/v2/projects/{project_id}/diagram/ instead of Cytoscape JSON.


Library components

  • Added type field in /api/v2/library/components/{component_id}/ and /api/v2/library/components/ endpoints.
  • Updated default ordering for library components in /api/v2/library/components/ to be by title as opposed to id previously.
  • Updated PUT/PATCH /api/v2/library/components/{component_id}/ endpoint to allow updating Built-in Component fields other than hidden.
  • Added hidden filter param to /api/v2/library/components/ endpoint.
  • Added search by title capability to /api/v2/library/components/ endpoint.


  • Added /api/v2/sso/ endpoint to allow users to get and update their SSO type.
  • Added GET method for /api/v2/sso/saml/ api endpoint to configure SAML settings on the SSOSettings model
  • Added /api/v2/sso/saml/role-mappings/ endpoint to allow users to create, update, get, and delete their SAML Role Mappings.
  • Added /api/v2/sso/saml/group-mappings/ endpoint to allow users to create, update, get, and delete their SAML Group Mappings.


  • Updated answer_mapping field in /api/v2/library/components/{component_id}/ and /api/v2/library/components/ endpoints.
  • Updated is_active field for GET /api/v2/library/answers/ and GET /api/v2/library/answers/{answer_id}/
  • Added the Project Threats /api/v2/projects/{project_id}/threats/ endpoint.
  • Added the /api/v2/connectors/analysis/{id}/mapping/ endpoint to allow uploading Custom Countermeasure Mappings for Verification Connectors.
  • Added GET /api/v2/plugins/analysis/{plugin_id}/mapping endpoint.
  • Added the Connected Component /api/v2/projects/{project_id}/connected-component/ endpoint.
  • Added the connected_components field to the /api/v2/projects/ and /api/v2/projects/{project_id}/ endpoints. This is connected to the component generated by the project, if any. It is null when there's no connected component, and component_id when a connected component has been created.
  • Added schemas field to query parameter in the /queries/{query_id}/ endpoint.
  • Added PATCH functionality to /api/v2/library/answers/{answer_id}/endpoint for the is_active field.
  • Moved the threats_count field under /api/v2/projects/ endpoint to the Project Threats endpoint, and renamed it to total_threats_count.
  • Renamed the weaknesses field on the Library Threats endpoint to problems.
  • System administrators have access to /api/v2/sso/saml/ and /api/v2/sso/


  • Updated documentation for GET /api/v2/flags/ about the changes to its permission.
  • Added /api/v2/projects/{project_id}/survey/comments-details/ endpoint.
  • Added /dashboards/{dashboard_id}/ endpoint.
  • Added /dashboards/{dashboard_id}/preferences/ endpoint
  • Added /dashboards/default/ endpoint.
  • Added threats_count field under /api/v2/projects/ endpoint and threats_count under /api/v2/projects/{project_id}/components/ endpoint
  • Added the /api/v2/library/capecs/ endpoint to return all active Library CAPECs.
  • Updated pinned_survey_comments_retention entry in the Fields table to accept one of the following string values NO_COMMENTS, REQUIRED, ALL_PINNED.
  • Added a comment_required field to questions and subquestions in the Project Survey Draft endpoint when including a survey section.
  • Added the Library Threats /api/v2/library/threats endpoint.


  • Added url field under reason_for_inclusion field of /api/v2/projects/{project_id}/tasks/ endpoint.
  • Added the /api/v2/flags/ API for toggling product features.
  • Added /queries/{query_id}/ endpoint.
  • Added CubeAPI documentation for Advanced Reporting.
  • Added /api/v2/projects/{project_id}/diagram/ endpoint.


  • Added Library Components, Project Component, Component Task Status Mappings and Project Component Updates endpoints.


Added the backup restore API.


  • Added reason_for_inclusion include parameter to /api/v2/projects/{project_id}/tasks/ endpoint.


  • Added a pinned_survey_comments_retention entry to the Fields table for creating new Project Releases.


  • Added task_ids optional payload field to /api/v2/projects/{project_id}/task-updates/ endpoint.


  • Added project_locked field to project/{project-id} endpoint. Note: The project_locked field can only be edited if the ENABLE_PROJECT_LOCKING flag is enabled.


  • Added tasks_count filter param to project/{project-id}/problems/ endpoint.
  • Added missing slug field to business_unit query parameters.
  • Added Project Specific Problems carryover fields to Releases endpoint.
  • Added project/{project-id}/survey/comments/ endpoint.


  • Added release_project field to projects endpoint.


  • Fixed examples in the Applications endpoints to have business_unit match the actual API behavior.


  • Added a source filter to Project Problems endpoint.
  • Added endpoints to POST (create), PATCH (update), and DELETE (delete) project specific Problems.
    • Added project_specific to output of all Project Problem endpoint responses
  • Added library/cwes endpoint for listing and retrieving active CWEs
  • Added problem field to the Tasks endpoint for changing the Problem of a project specific Task
    • Added problem to output of all Task endpoint responses
    • Added expand parameter expand=problem to Task endpoints


  • Added new filters for Project Problem Tasks
  • Added db_id field to Library content API endpoints:
    • Library Tasks (api/v2/library/tasks/)
    • Answers (api/v2/library/answers/)
    • Library Problems (api/v2/library/problems/)
    • Phases (api/v2/phases)


  • Added created and last_updated fields to risk factors.
  • Updated Project Problems and Project Problem Tasks endpoint URLs with new problem_id format.
  • Removed the related_tasks include parameter from the Project Problems endpoint.


  • Updated description expand parameter for Tasks endpoint to text
  • Added endpoint for Project Problems.
  • Added endpoint for associated Tasks of Project Problems.
  • Moved Answers section to Library Answers for consistency.
  • Added project/{project-id}/survey/history endpoint for listing project survey changes.


  • Added risk-factors endpoint.
  • Added factor_expression field to project classifications endpoint.
  • Added requires_comment field to task statuses


  • Updated documented Library Problems endpoints.


  • Added endpoints for Events and Actions in Automation.
  • Added active field to Profile resources in /profiles/ endpoint.
  • Added active field to nested profile field within project resources


  • Added library/content-pack endpoint for Library Content Packs.
  • Added automation/event-filters endpoint
  • Added automation/events endpoint
  • Added automation/actions endpoint


  • Add is_unclassified field to Project Classifications.
  • Add unclassified include parameter to Project Classifications.
  • LDAP Connections:
    • Removed ldap_start_tls field
    • Added ldap_method field.
      • The accepted ldap_method value that replaces ldap_start_tls is ldap_tls.


  • Added verification_categories to connector/connection endpoints.
  • Added answers endpoint.
  • Added project-classifications endpoint for Project Classifications.
  • Added read-only project_classification field to Projects endpoint.
  • Added read-only project_classifications field to Risk Policies.
  • Added project_classification field to Project Survey Draft endpoint.
  • Added matched_classification_answers field to Project Survey Draft endpoint.


  • Added group-mappings endpoint for LDAP connection.


  • Added answers and deselect_answers to Project and Release endpoint.
    • Ability to select and deselect survey answers when creating a new project or release.
  • Added missing documentation for the carryover_project_specific_tasks field in the Create a Release endpoint.
    • Determines whether to retain project specific tasks in a new release.


  • Added facets parameter to Tasks endpoint.
    • Tasks endpoint now performs basic faceting to show task counts by phase.
  • Added Remote Integration Agent endpoint.


  • Added Task Note examples for POST (create) and PATCH (update).


  • Added Project Analysis file upload endpoint.


  • Added Compliance Regulations endpoint.
  • Added Verification Status endpoint.
  • Updated Risk Policy endpoint.
    • Added conditions.statuses field.
    • Merged existing conditions.task_statuses field into conditions.statuses.
    • filters.regulations now returns item IDs instead of a slug.
  • Tasks without a verification status will now display the value "none" instead of none in the verification_status field.


  • Added alm_auth_mode and analysis_auth_mode to ALM and Verification Connection params.
    • Supported values are basic or api_token.
  • Added api_token as an additional authentication mode for CA Agile Central.
  • Added custom lookup filtering to the name field in the activities and project-activities endpoint.
  • Added regulations field to the Risk Policy endpoint.
  • Removed filtering of risk policies by phases, tags, task_statuses
  • Added combined jobs (ALM/Analysis/LDAP) endpoint
  • Added project filter to the Verification Connections endpoint


  • Added is_file_upload field for Verification connections.
  • Added filtering to Analysis Plugins endpoint:
    • Can now filter by is_file_upload.


  • Added Analysis Plugins endpoint.


  • Added archived field to the parent field of Projects and Releases endpoints:
    • The url field on the Project resource and on the parent field will now return a null value if it is meaningless (i.e. archived projects don't have valid urls).
  • Added risk_relevant filter to Tasks endpoint.
  • Added status_note field to Tasks endpoint. Allows a note to be added when changing the status of a Task.
  • Added hidden include parameter to Project Survey endpoint. Allows hidden answers and questions to be displayed.


  • Added key_hint_text and value_hint_text to alm-plugins to provide more details when labelling JSON fields.
  • Added risk_rating field to expanded problem field in Library and Project Tasks.
  • Added became_relevant field to Tasks.
  • Added last_note and last_verification include filters to Tasks.
  • Added application expand filter to Projects.


  • Added writable project-level tagging to Tasks.
  • Task tags can be expanded into library-level & project-level tags.
  • Added Risk Policy endpoint.
  • Updated Business Units/Applications/Projects endpoints with risk policy fields.
  • Added debug_mode field to Verification Connections and ALM Connections.
  • Removed redundancy of nesting the survey twice on the project survey endpoint.
  • Added profile_draft, survey_complete and survey_dirty fields to projects endpoint.


  • Dropped references to PUT in the docs, to encourage the use of PATCH.
  • Updated the structure of the filters field in the report-settings endpoint.
  • Added search capabilities to phases endpoint.
  • Added documentation for Project Release endpoint (previously undocumented).
  • Added test endpoints for connectors and connections.


  • Added support for creation and deletion of manually added library tasks to Tasks endpoint:
    • Added manually_added_from_library field to Task resources.
    • Added manually_added_from_library field to Assigned Task.
    • The ad_hoc field has been renamed to project_specific.


  • Added tags to the Application endpoint.
  • Added application_tags to Project endpoint.
  • Changed related_tasks to include the title, phase, and url of each related task in the Tasks and specific Task endpoints.
  • Changed notify_tasks attribute of UserProfile to include id, name.
  • Changed updater field to be expanded by default in Task Notes endpoint.


  • Renamed base to base_project for the Project endpoint.
  • Added incomplete_tasks include filter and redesign task_counts include filter on projects endpoint.
  • Removed business_unit as expand filter.
  • Expanded instances of business_unit in applications by default.
  • Added ALM plugins endpoint, which returns metadata for each ALM integration. Used to render ALM forms.
  • Added params field to connector endpoint & make connector endpoint writeable.


  • Added base (original project that spawned any number of new releases) to the Project endpoint. (Note: this field will be renamed to base_project in v4.8.)


  • Added persist_phases to Business Unit endpoint.
  • Added updater and updated fields to Analysis Note endpoint.
  • Renamed ldap group query field to group base dn.
  • Original SDE phases can now be edited via the API.


  • Phases can be created, edited, or deleted.
  • Changed the value of user to email instead of id, since we filter users by email.
  • Password can be changed, password metadata retrieved on GET (session / basic authentication only).
  • Password reset questions can be created, edited, or deleted.
  • API tokens can be generated, revoked or regenerated.
  • Email notification settings can be updated.
  • Group endpoint now has sync_connections include filter to fetch LDAP connections that reference groups.
  • Group can no longer be deleted if referenced by LDAP connection.
  • User Profile can be retrieved or updated via /users/me/.
  • LDAP Connections:
    • Added ldap_start_tls.
    • Removed ldap_method.
    • Renamed deactivation to deactivate_stale_users.
    • Change group_mapping to use SDE group ids instead of group names.


  • Added include field last_job for connections returned by the ALM, Analysis and LDAP Connection endpoints.
  • Added updaterfield tasks returned from the tasks endpoint.
  • Added documentation for LDAP connections and jobs.
  • LDAP Connections can be created, edited, or deleted.
  • LDAP Jobs can be initiated or the results may be submitted.
  • Global Roles can be deleted.
  • Projects endpoint now has include parameter to get the completion data by phases.
  • Added Project Activity endpoint.
  • Add is_creator to users in Projects endpoint.


  • Initiate a password reset via the API (session / basic authentication only).
  • Global roles can be created, edited, or deleted.


  • Added documentation for session and basic authentication.
  • Business Units, Groups, and Tasks includes the role of the users the resource returns.
  • Included the first name, last name for the users returned by the tasks endpoint.
  • ALM and Verification Connections include whether they are accessible or not, and the id of their parent Connector.
  • ALM and Verification Connections can be created, edited, or deleted.
  • ALM sync jobs can be initiated by POSTing to the alm jobs endpoint.
  • Analysis import jobs can be initiated by POSTing to the analysis jobs endpoint.
  • Project Role can be ordered and searched for by name.
  • (Customer created) Project Roles can be deleted.
  • Users endpoint returns if a password reset is in progress.

v4.1, v4.0, v3.9, etc.

  • The dark times where we had no change log.

results matching ""

    No results matching ""