NowSecure Auto
NowSecure Auto is an application security tool that assesses the security of your mobile applications. You can bring application, assessment, and security data from NowSecure Auto into Brinqa to provide a clearer view of your mobile device security landscape, thus strengthening your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with NowSecure Auto and how to obtain that information from NowSecure. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select NowSecure Auto from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate NowSecure Auto with Brinqa:
-
API URL: The NowSecure Auto API URL. The default URL is
https://lab-api.nowsecure.com. -
Access Token: The access token associated with the NowSecure Auto account, which must have permissions to log in to the API server and return data.
Generate a NowSecure Auto access token
For the NowSecure Auto connector to use the NowSecure API, you must provide an access token. To do so, follow these steps:
-
Log in to your organization's NowSecure portal as an administrator.
-
Click the profile icon and select Tokens from the drop-down.
-
Enter a name for the token and click Generate Token.
The new access token displays. You cannot view this token again. Click Copy Token or copy the token manually and save it to a secure location.
If you do not have the permissions to create an access token, contact your NowSecure Auto administrator. For additional information, see NowSecure documentation.
Types of data to retrieve
The NowSecure Auto connector can retrieve the following types of data from the NowSecure API:
Table 1: Data retrieved from NowSecure Auto
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Application | Yes | Application |
| Assessment | Yes | Assessment |
| Dynamic Code Finding | Yes | Dynamic Code Finding |
| Dynamic Code Finding Definition | Yes | Dynamic Code Finding Definition |
| Static Code Finding | Yes | Static Code Finding |
| Static Code Finding Definition | Yes | Static Code Finding Definition |
| Vulnerability Audit Record | No | Not mapped |
The NowSecure auto connector does not currently support operation options for the types of data it retrieves.
For detailed steps on how to view the data retrieved from NowSecure Auto in the Brinqa Platform, see How to view your data.
Attribute mappings
Click the tabs below to view the mappings between the source and the Brinqa data model attributes.
- Application
- Assessment
- Finding
- Finding Definition
Table 2: Application attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| CATEGORIES | categories |
| CONFIG | Local variable |
| LAST_COMPLETED_ASSESSMENT | lastAssessed |
| LAST_SCANNED | lastScanned |
| PACKAGE | Local variable |
| PLATFORM | Local variable |
| SCORE | Local variable |
| STATUS | status |
| SYS_ID | uid |
| TITLE | name |
| VERSION | currentVersion |
Table 3: Assessment attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| APPLICATION | targets |
| CONFIG | Local variable |
| CREATED_AT | sourceCreatedDate |
| ERROR_CODE | Local variable |
| PACKAGE | Local variable |
| PLATFORM | Local variable |
| SYS_ID | uid |
| TITLE | name |
Table 4: Dynamic and Static Code Finding attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| APP_ID | targets |
| CONTROL_ID | type |
| DESCRIPTION | description |
| LAST_FOUND | lastFound |
| RECOMMENDATION | recommendation |
| SEVERITY | severity, severityScore |
| SYS_ID | uid |
| TITLE | name |
Table 5: Dynamic and Static Code Finding Definition attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| CATEGORY | categories |
| CVE | cveIds, cveRecords |
| CVSS_SCORE | cvssV2BaseScore, cvssV3BaseScore |
| CVSS_VECTOR | cvssV2Vector, cvssV3Vector |
| CWE | cweIds, cweRecords |
| DESCRIPTION | description |
| KIND | Local variable |
| RECOMMENDATION | recommendation |
| REFS | references |
| SUMMARY | summary |
| SYS_ID | uid |
| TITLE | name |
| Other CVSS V2 and V3 fields | Use CVSS Calculator |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models (UDM). They only exist on the source data model.
Use CVSS calculator indicates that the CVSS (Common Vulnerability Scoring System) vectors and scores aren't directly mapped to a specific attribute on the UDM. Instead, a specialized library calculates the CVSS scores from the provided CVSS vector strings.
APIs
The NowSecure Auto connector uses both NowSecure Auto REST API endpoints and the NowSecure Auto GraphQL API, providing a flexible approach to retrieve your NowSecure Auto data.
NowSecure Auto REST API
The NowSecure Auto connector uses the NowSecure Auto REST API. Specifically, it uses the following endpoints:
Table 6: NowSecure Auto REST API Endpoints
| Connector Object | API Endpoint |
|---|---|
| Dynamic Code Finding | GET https://lab-api.nowsecure.com/app/{platform}/{package}/assessment/{task}/results |
| Dynamic Code Finding Definition | GET https://lab-api.nowsecure.com/app/{platform}/{package}/assessment/{task}/results |
| Static Code Finding | GET https://lab-api.nowsecure.com/app/{platform}/{package}/assessment/{task}/results |
| Static Code Finding Definition | GET https://lab-api.nowsecure.com/app/{platform}/{package}/assessment/{task}/results |
| Vulnerability Audit Record | GET https://lab-api.nowsecure.com/resource/app/:app_ref/vulnerability/ |
NowSecure Auto GraphQL API
The NowSecure connector also uses the NowSecure GraphQL API v1. Specifically, it uses the /graphql endpoint and the following queries:
Application GraphQL query
The following GraphQL query retrieves details about your applications in NowSecure Auto, such as reference, title, package key, platform type, analysis configuration, the latest complete assessment information, and more:
query {
auto {
applications {
ref
title
packageKey
platformType
analysisConfig {
searchTerms {
name
value
}
}
latestCompleteAssessment {
ref
createdAt
taskId
score
build {
ref
version
}
}
}
}
}
Assessment GraphQL query
The following GraphQL query retrieves details about your assessments in NowSecure Auto, such as reference, package key, application reference, app store application key, creation date, and more:
query {
auto {
assessments {
ref
packageKey
applicationRef
appstoreApplicationKey
createdAt
creatingUserRef
errorCode
platformType
config
build {
ref
title
}
taskId
}
}
}
Finding GraphQL query
The following GraphQL query retrieves details about your dynamic and static code findings in NowSecure Auto, such as reference, titles, names, values, package keys, and more:
query {
auto {
applications {
ref
title
packageKey
platformType
analysisConfig {
searchTerms {
name
value
}
}
latestCompleteAssessment {
ref
createdAt
taskId
score
build {
ref
version
}
}
}
}
}
Finding Definition GraphQL query
The following GraphQL query retrieves details about your dynamic and static code finding definitions in NowSecure Auto, such as applications, titles, package keys, names, and more:
query {
auto {
applications {
ref
title
packageKey
platformType
analysisConfig {
searchTerms {
name
value
}
}
latestCompleteAssessment {
ref
createdAt
taskId
score
build {
ref
version
}
}
}
}
}
Vulnerability Audit Record GraphQL query
The following GraphQL query retrieves details about your vulnerability audit records in NowSecure Auto, such as applications, titles, names, values, and more:
query {
auto {
applications {
ref
title
packageKey
platformType
analysisConfig {
searchTerms {
name
value
}
}
latestCompleteAssessment {
ref
createdAt
taskId
score
build {
ref
version
}
}
}
}
}
Changelog
The NowSecure connector has undergone the following changes:
3.0.3
- Fixed an issue where the LAST_ASSESSED attribute on the Application object wasn't setting a timestamp properly.
3.0.2
- Updated dependencies.
3.0.1
- Initial Integration+ release.