#input your credentials here - can be found on the Contrast UI $url = $org_id = $app_id = $auth = $apikey = $username = 'email@example.com' $app_name = 'example' $currentTime = Get-Date -format "dd-MMM-yyyy" $fileName = "$app_name-$currentTime .pdf" #endpoint to generate an attestation report $generateUrl = $url + '/Contrast/api/ng/' + $org_id + '/applications/' + $app_id + '/attestation' #GET request neccessary org information to be loaded $loadReportInfo = Invoke-WebRequest $generateUrl -Method 'GET' -Headers @{'Authorization' = $auth; 'API-Key' = $apikey; 'Accept' = 'application/json';} -Body $Body -ContentType 'application/json; charset=UTF-8' Write-Output "loading org's report info" Start-Sleep -s 5 #report details $Body = @{ 'vulnerabilityStatuses' = @() 'vulnerabilitySeverities' = @() 'vulnerabilityTypes' = @() 'vulnerabilityTags' = @() 'serverEnvironments' = @() 'serverTags' = @() 'showVulnerabilitiesDetails' = 'true' 'complianceReports' = @("owasp-2013") } | ConvertTo-Json #POST reques that generates report $reportResponse = Invoke-WebRequest $generateUrl -Method 'POST' -Headers @{'Authorization' = $auth; 'API-Key' = $apikey; 'Accept' = 'application/json';} -Body $Body -ContentType 'application/json; charset=UTF-8' | Select-Object -Expand Content Write-Output 'Generating report at ' $generateUrl #EDIT THIS TIMER RELATIVE TO THE NUMBER OF FINDINGS IN YOUR APPLICATION -- Start-Sleep -s 60 #endpoint to check notifications for report uuid $uuidUrl = $url +'/Contrast/api/ng/' + $org_id + '/notifications?expand=skip_links&limit=1&offset=0' Write-Output $uuidUrl #GET request to TeamServer's notifcation endpoint, responds with JSON data $getResponse = Invoke-WebRequest -Uri $uuidUrl -Method 'GET' -Headers @{'Authorization' = $auth; 'API-Key' = $apikey; 'Accept' = 'application/json';} -ContentType 'application/json, text/plain, */*' -UseBasicParsing | Select-Object -Expand Content #Convert the JSON into a custom PS Object Write-Output $getResponse $jsonResponse = $getResponse | ConvertFrom-Json #Select the notification array containing pertinent info $notifResponse = Write-Output $jsonResponse.notifications #Get the message entry which contains the string with the report uuid $reportUuid = Write-Output $notifResponse.message if ($reportUuid.Contains('ATTESTATION_REPORT_DOWNLOAD:') -eq 'true' -and $notifResponse.source_type.Contains('REPORT_SUCCESS')) { $colonSplit = $reportUuid -split ":",2 $uuid = ($colonSplit -split "\$\$",2)[1] $downloadReportUrl = $url + '/Contrast/api/ng/' + $org_id + '/reports/download/' + $username + '/' + $uuid + '/?expand=skip_links' Write-Output = $downloadReportUrl Invoke-WebRequest $downloadReportUrl -Method 'POST' -Headers @{'Authorization' = $auth; 'API-Key' = $apikey; 'Accept' = 'application/json; text/plain; */*'} -OutFile "$fileName" | Select-Object -Expand content } else { Write-Output "Failed to generate report" } Write-Output $uuid