132 lines
4.5 KiB
JSON
132 lines
4.5 KiB
JSON
{
|
|
"openapi": "3.1.0",
|
|
"info": {
|
|
"title": "TAS — Tea Advanced Security",
|
|
"description": "Security reporting and gating API for Gitea. Upload SARIF reports per repo/branch; get allowed/new_findings for CI gating.",
|
|
"version": "1.0.0"
|
|
},
|
|
"servers": [{ "url": "http://localhost:3000", "description": "Local" }],
|
|
"paths": {
|
|
"/repos/{owner}/{repo}/branches/{branch}/reports": {
|
|
"post": {
|
|
"operationId": "postReposByOwnerByRepoBranchesByBranchReports",
|
|
"description": "Upload a SARIF report for a repository and branch. Replaces any existing report. On non-default branches, compares to baseline and returns allowed/new_findings for CI gating.",
|
|
"request": {
|
|
"params": {
|
|
"owner": {
|
|
"description": "Repository owner (e.g. t.behrendt)",
|
|
"required": true
|
|
},
|
|
"repo": {
|
|
"description": "Repository name (e.g. k_gitea)",
|
|
"required": true
|
|
},
|
|
"branch": { "description": "Branch name", "required": true }
|
|
},
|
|
"body": {
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"type": "object",
|
|
"description": "SARIF 2.1 document with runs[]"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"responses": {
|
|
"200": {
|
|
"description": "Report stored and (for non-default branch) gating result",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"type": "object",
|
|
"properties": {
|
|
"allowed": { "type": "boolean" },
|
|
"reason": { "type": "string" },
|
|
"new_critical": { "type": "number" },
|
|
"new_high": { "type": "number" },
|
|
"new_medium": { "type": "number" },
|
|
"new_low": { "type": "number" },
|
|
"new_findings": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"properties": {
|
|
"rule_id": { "type": "string" },
|
|
"level": { "type": "string" },
|
|
"message": { "type": "string" },
|
|
"severity": {
|
|
"type": "string",
|
|
"enum": ["CRITICAL", "HIGH", "MEDIUM", "LOW"]
|
|
},
|
|
"artifact_uri": { "type": "string" },
|
|
"region": {
|
|
"type": "object",
|
|
"properties": {
|
|
"start_line": {
|
|
"anyOf": [
|
|
{ "type": "number" },
|
|
{ "type": "null" }
|
|
]
|
|
},
|
|
"start_column": {
|
|
"anyOf": [
|
|
{ "type": "number" },
|
|
{ "type": "null" }
|
|
]
|
|
}
|
|
},
|
|
"required": ["start_line", "start_column"]
|
|
}
|
|
},
|
|
"required": [
|
|
"rule_id",
|
|
"level",
|
|
"message",
|
|
"severity",
|
|
"artifact_uri",
|
|
"region"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"required": [
|
|
"allowed",
|
|
"new_critical",
|
|
"new_high",
|
|
"new_medium",
|
|
"new_low",
|
|
"new_findings"
|
|
]
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"parameters": [
|
|
{
|
|
"schema": { "type": "string" },
|
|
"in": "path",
|
|
"name": "owner",
|
|
"required": true
|
|
},
|
|
{
|
|
"schema": { "type": "string" },
|
|
"in": "path",
|
|
"name": "repo",
|
|
"required": true
|
|
},
|
|
{
|
|
"schema": { "type": "string" },
|
|
"in": "path",
|
|
"name": "branch",
|
|
"required": true
|
|
}
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"components": {}
|
|
}
|