Projects 101

Team and permissions

Activity feed and revision history

The Project Scheduler

Comments, Notifications, & Subscriptions

Using Nodes to structure the project

Node properties

Working with Notes

The Report Content page

Adding issues and evidence

Liquid Dynamic Content

Combine multiple Issues

Bulk-update Issues

CVSSv3 and DREAD calculators

Add attachments

Tagging issues

Using methodologies

Project templates

Upload and work with tool output

Upload and work with CSV files

Search your project

Restore deleted content with the Trash feature

Quality Assurance View

Generate your report

Importing and exporting projects

Performing a retest

The Administrator role

Managing users

Enabling / disabling sign ups

Working with teams

Working with projects

The Instance-wide Trash

Integration and Tool Manager

Project Scheduler

The Business Intelligence Dashboard

The Remediation Tracker

The Plugin Manager

The Rules Engine

The IssueLibrary

Report templates

Report template properties

Note templates

Project templates

Methodology templates

Kit Uploads

System settings

Upgrading the app

Customizations and Configurations

Re-encrypt your LUKS-encrypted disk and generate a new volume key

Automatically unlock your LUKS-encrypted drive

Change your LUKs-encrypted drive's passphrase

Change default CIC password

Set up SSL certificates so that upgrades won't override them

Set up SSL certificates with Let's Encrypt

Increase the number of puma threads

Increase the number of export worker processes

Set maximum login attempts

Increase session timeout period

Usage analytics sharing

Configure the mail server

Configure the Burp-Dradis Extension

Connecting Dradis to MediaWiki

Enable extra import add-ons

Intro to the Command Line Interface

User's guide to the Dradis Console

Upload tool output from the command line

[scripting] Find projects with XSS issues

[scripting] Find Issues added in the past 24 hours

[scripting] Statistics on Issues and Projects

[scripting] From Nessus output to custom report

[scripting] Update your IssueLibrary entries

Intro to the BI Dashboard

Custom Team Properties

Custom Project Properties

From Properties to Metrics

Trend Analysis

Intro to Liquid Gateway Themes

Creating Liquid Gateway Themes

Using Liquid Gateway Themes

  1. Support Home
  2. Collaborate
  3. REST API
  4. Evidence endpoint

Evidence endpoint

Instances of Evidence belong to a Node in a Project

When working with data for a specific Project like Issues or Evidence, make sure to define the Dradis-Project-Id HTTP header like so:

$ curl \
  -H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \
  -H 'Dradis-Project-Id: 3' \
  https://dradis-pro.dev/pro/api/nodes/8/evidence

GET /pro/api/nodes/:node_id/evidence

Retrieves all the Evidence associated with the specific Node in your project, ordered by evidence id descending.

You can paginate the results for 25 views per page by appending e.g. \?page\=1 and \?page\=2, so e.g. http://dradis-pro.dev/pro/api/nodes/8/evidence\?page\=1.

Sample request:

curl \
  -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
  -H 'Dradis-Project-Id: 3' \
  http://dradis-pro.dev/pro/api/nodes/8/evidence

Result:

[
  {
    "id": 12,
    "author": "Nessus upload plugin",
    "content": "bc. Placeholder Evidence content.",
    "fields": {
      "Label": "scanme.insecure.org"
    },
    "issue": {
      "id": 30,
      "title": "DNS Server Recursive Query Cache Poisoning Weakness",
      "url": "http://dradis-pro.dev/pro/api/issues/30"
    }
  },
  {
    "id": 11,
    "author": "Nessus upload plugin",
    "content": "bc. Placeholder Evidence content.",
    "fields": {
      "Label": "scanme.insecure.org"
    },
    "issue": {
      "id": 33,
      "title": "DNS Server Cache Snooping Information Disclosure",
      "url": "http://dradis-pro.dev/pro/api/issues/33"
    }
  }
]

GET /pro/api/nodes/:node_id/evidence/:evidence_id

Retrieves a single piece of Evidence from a Node in your project.

Sample request:

curl \
  -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
  -H 'Dradis-Project-Id: 3' \
  http://dradis-pro.dev/pro/api/nodes/8/evidence/11

Result:

{
  "id": 11,
  "author": "Nessus upload plugin",
  "content": "bc. Placeholder Evidence content.",
  "fields": {
    "Label": "scanme.insecure.org"
  },
  "issue": {
    "id": 33,
    "title": "DNS Server Cache Snooping Information Disclosure",
    "url": "https://dradis-pro.dev/pro/api/issues/33"
  }
}

POST /pro/api/nodes/:node_id/evidence

Creates a piece of Evidence on the specified Node in your project. The attributes for the Evidence must be provided in the POST body as JSON.

HTTP status 201 will be returned if the creation completes successfully, and a Location header will be sent with the response, set to the URL of the newly created resource.

Accepted Parameter Use
evidence Pass it the content and issue_id parameters.
content Pass it the content of the Evidence using JSON on one line subbing in \r\n for new lines. Don't forget to include field names with the #[ ]# syntax.
issue_id Pass it the ID of the Issue you want to associate the Evidence with.

Sample request:

curl \
  -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
  -H 'Dradis-Project-Id: 3' \
  -H 'Content-type: application/json' \
  -X POST \
  -d '{"evidence":{"content": "#[Description]#\r\nbc. Placeholder evidence content.", "issue_id": "24" }}' \
  http://dradis-pro.dev/pro/api/nodes/8/evidence

Result:

{
  "id": 16,
  "author": "admin@securityroots.com",
  "content": "#[Description]#\r\nbc. Placeholder evidence content.",
  "fields": {
    "Description": "bc. Placeholder evidence content.",
    "Label": "scanme.insecure.org"
  },
  "issue": {
    "id": 24,
    "title": "Backported Security Patch Detection (WWW)",
    "url": "http://dradis-pro.dev/pro/api/issues/24"
  }
}

PUT /pro/api/nodes/:node_id/evidence/:evidence_id

Updates a specific piece of Evidence on a Node in your project. The attributes to be updated must be provided in the body as JSON. Like the POST method, make sure to write out the new content of the Issue using JSON on one line subbing in \r\n to create newlines as needed and using the #[ ]# syntax for field names.

HTTP status 200 will be returned if the update completes successfully.

See POST above for more details on the accepted parameters.

Sample request:

curl \
  -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
  -H 'Dradis-Project-Id: 3' \
  -H 'Content-type: application/json' \
  -X PUT \
  -d '{"evidence":{"content": "#[Description]#\r\nUpdated evidence content.", "issue_id": "24" }}' \
  http://dradis-pro.dev/pro/api/nodes/8/evidence/16

Result:

{
  "id": 16,
  "author": "admin@securityroots.com",
  "content": "#[Description]#\r\nUpdated evidence content.",
  "fields": {
    "Description": "Updated evidence content.",
    "Label": "scanme.insecure.org"
  },
  "issue": {
    "id": 24,
    "title": "Backported Security Patch Detection (WWW)",
    "url": "https://dradis-pro.dev/pro/api/issues/24"
  }
}

DELETE /pro/api/node/:node_id/evidence/:evidence_id

Deletes a piece of Evidence from the specified Node in your project. HTTP status 200 will be returned if the deletion completes successfully.

Sample request:

curl \
  -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
  -H 'Dradis-Project-Id: 3' \
  -H 'Content-type: application/json' \
  -X DELETE \
  http://dradis-pro.dev/pro/api/nodes/8/evidence/16

Result:

{
  "message": "Resource deleted successfully"
}

Next help article: Content Blocks endpoint →

Streamline InfoSec Project Delivery

Learn practical tips to reduce the overhead that drags down security assessment delivery with this 5-day course. These proven, innovative, and straightforward techniques will optimize all areas of your next engagement including:

  • Scoping
  • Scheduling
  • Project Planning
  • Delivery
  • Intra-team Collaboration
  • Reporting and much more...

Your email is kept private. We don't do the spam thing.