Analyse Package Archive (REST API)

This tutorial complements the REST API section, and the aim here is to show the API features while analyzing a package archive.

Tip

As a perquisite, check our REST API chapter for more details on REST API and how to get started.

Instructions:

  • First, let’s create a new project called boolean.py-3.8.

  • We’ll be using this package as the project input.

  • We can add and execute the scan_package pipeline on our new project.

Note

Whether you follow this tutorial and previous instructions using cURL or Python script, the final results should be the same.

Using cURL

  • In your terminal, insert the following:

api_url="http://localhost/api/projects/"
content_type="Content-Type: application/json"
data='{
    "name": "boolean.py-3.8",
    "input_urls": "https://github.com/bastikr/boolean.py/archive/refs/tags/v3.8.zip",
    "pipeline": "scan_package",
    "execute_now": true
}'

curl -X POST "$api_url" -H "$content_type" -d "$data"

Note

You have to set the api_url to http://127.0.0.1:8001/api/projects/ if you run on a local development setup.

Tip

You can provide the data using a json file with the text below, which will be passed in the -d parameter of the curl request:

{
    "name": "boolean.py-3.8",
    "input_urls": "https://github.com/bastikr/boolean.py/archive/refs/tags/v3.8.zip",
    "pipeline": "scan_package",
    "execute_now": true
}

While in the same directory as your JSON file, here called boolean.py-3.8_cURL.json, create your new project with the following curl request:

curl -X POST "http://localhost/api/projects/" -H "Content-Type: application/json" -d @boolean.py-3.8_cURL.json

If the new project has been successfully created, the response should include the project’s details URL value among the returned data.

{
    "name": "boolean.py-3.8",
    "url": "http://localhost/api/projects/11de938f-fb86-4178-870c-99f4952b8881/",
    "[...]": "[...]"
}

If you click on the project url, you’ll be directed to the new project’s instance page that allows you to perform extra actions on the project including deleting it.

Note

Refer to our REST API section for more information about these extra actions.

Using Python script

Tip

To interact with REST APIs, we will be turning to the requests library.

  • To follow the above instructions and create a new project, start up the Python interpreter by typing python in your terminal.

  • If you are seeing the prompt >>>, you can execute the following commands:

import requests

api_url = "http://localhost/api/projects/"
data = {
    "name": "boolean.py-3.8",
    "input_urls": "https://github.com/bastikr/boolean.py/archive/refs/tags/v3.8.zip",
    "pipeline": "scan_package",
    "execute_now": True,
}
response = requests.post(api_url, data=data)
response.json()

The JSON response includes a generated UUID for the new project.

# print(response.json())
{
    "name": "boolean.py-3.8",
    "url": "http://localhost/api/projects/11de938f-fb86-4178-870c-99f4952b8881/",
    "[...]": "[...]",
}

Note

Alternatively, you can create a Python script with the above commands/text. Then, navigate to the same directory as your Python file and run the script to create your new project. However, no response will be shown on the terminal, and to access a given project details, you need to visit the projects’ API endpoint.

Tip

You can check the REST API section for more details on how to view and download your scan results.