Meterian
  • Meterian
    • The Platform
    • SSO and MFA
    • Support
  • Codebase scanner
    • The Thin Client
      • How does the client work?
      • How does the client authenticate me?
      • How do I get the client?
      • What if I need a previous release?
      • Use the thin client on Windows
    • Using the client from your command line
      • Authorization in interactive mode
      • Interrupting the client
      • Example: running the client in interactive mode
    • Using the client in your CI/CD pipeline
      • Authorization in non-interactive mode
      • Providing the project branch
      • Concurrent mode
      • Two phases build
      • Controlling the exit code
      • Example: running the client in non-interactive mode
    • General operations
      • Running the analysis remotely
      • Interrupting the client
      • Generating a report
      • Forcing or avoiding specific scans
      • Excluding (and including) specific folders
      • Connecting through a proxy
    • System requirements
    • Command line parameters
      • General configuration
      • Overriding scores
      • Overriding scopes
      • Producing reports
      • Selecting scanners
      • Defining projects
      • Advanced options
        • Autofix
        • Pull Requests
      • System information
      • Specific controls
        • Maven specific controls
        • Dotnet specific controls
        • Npm/Yarn specific controls
        • Gradle specific controls
        • Ant/Ivy specific controls
    • The Dockerized Client
      • Basic usage
      • Advanced usage
        • Invoking via Docker
        • Platform-specific images
        • Usage on a CI/CD platform
        • Disable the client auto-update
      • Troubleshooting
        • Client auto update failure
        • Docker specifics
    • How scores work
    • Guide: your first scan!
      • Your first scan (java thin client)
      • Your first scan (dockerized client)
      • Your first scan (GitHub Action)
  • Scan behaviour matrix
  • THE METERIAN DASHBOARD
    • The Web Dashboard
      • Projects
      • Insights
      • Tokens
      • Badges
      • Policies
      • Tags
      • Teams
      • Configuration
        • Automatic Temporary Branches Clean-up
    • Advanced functionalities
      • Multi-factor Authentication
      • Safe versions
      • Software Bill Of Materials (SBOM)
      • Auto-grouping
        • Domain auto-grouping
        • Github auto-grouping
      • How to set a vulnerability exclusion
        • From the report page
        • From the dashboard
        • The .meterian file
        • Generate the .meterian file
    • Troubleshooting
      • Login with credentials
  • Notifications
    • Sentinel
      • Notifications for Slack
      • Notifications for Email
    • Allerta
  • Github Badges
    • Introduction
    • Public repository
    • Private repository
  • ONLINE INTEGRATIONS
    • Introduction
    • GitHub Action
      • Using the Thin Client
      • Code scanning
    • Bitbucket Pipe
    • Azure DevOps Pipelines
  • Languages support
    • Introduction
    • C/C++
    • Clojure
    • Dart / Flutter
    • Elixir (erlang)
    • Golang
    • Java/Kotlin/Scala
      • Scanning EAR or WAR files
    • Javascript
    • .NET
      • Scanning DLLs
    • NodeJS
    • Perl
    • PHP
    • Python
    • R
    • Ruby
    • Rust
    • Swift / Objective-C
    • Generic (third party)
  • Special platfoms
  • Unity Packages
  • Jupyter Notebooks
    • License detection
  • Yocto license manifests
  • Container scanner
    • Container Scanner
      • Introduction
      • General usage
      • Command line parameters
        • General configuration
        • Overriding scores
        • Producing reports
        • Defining projects
        • Advanced Options
        • System information
      • How to set a vulnerability exclusion
  • IaC SCANNER
    • Introduction
    • General usage
    • Command line parameters
      • Producing reports
      • Defining projects
    • Policy management page
    • How to set a vulnerability exclusion
  • CI INTEGRATIONS
    • Introduction
    • AWS CodeBuild
    • Azure DevOps
      • Using the Docker image
      • Using the Java Thin client
    • Bamboo
    • Bitrise
    • CircleCI
    • CodeShip
    • Concourse CI
    • Generic CI
    • GitLab CI/CD
      • Docker-in-Docker configuration
      • Meterian Docker image configuration
      • Non-Meterian Docker image configuration
    • Jenkins
      • Pipeline
    • TeamCity
    • TravisCI
  • DevOps Integrations
    • GitLab Ultimate
    • SonarQube
      • Compatibility
      • Download and installation
      • Plugin properties
      • Usage
      • Report page
  • Management Platforms
    • Threadfix
    • DefectDojo
      • Uploading from a CI
    • Armorcode
    • Jira
  • Dedicated Instance
    • Introduction
    • On Cloud (MC/CC)
    • On Premises (OP)
      • Requirements and install
      • Managing the system
        • Admin dashboard
        • Managing your license
        • Managing accounts
    • Using the scanners
      • Thin client
      • Dockerized client
      • Container Scanner
      • IaC Scanner
  • Meterian API
  • API basics
  • Authorizing the APIs
  • Account APIs
    • Knowing your account
    • Listing your projects
  • Samples
  • Guides
    • Managing teams and members
    • Generating reports via APIs
Powered by GitBook
On this page
  • Synchronous generation
  • Asynchronous generation

Was this helpful?

  1. Guides

Generating reports via APIs

A simple guide to generate reports using APIs

PreviousManaging teams and members

Last updated 1 year ago

Was this helpful?

Usually reports can be generated directly via the clients (see how to produce reports using the or the ), and it's also possible to generate reports from the . However, sometimes one may need to generate a report just using the APIs. This is easy and requires a simple HTTP call that can be executed with a curl command.

First, please make sure you have an adequate token to invoke the API, loaded in the environment variable METERIAN_API_TOKEN. The token can be generated via the .

You will also need the UUID of the project you want to report: this can be picked up from the URL of a report, which is in the form . Let's assume we have this loaded in the environment variable PROJECT_UUID, and the branch is "master".

Synchronous generation

Reports can be generated synchronously, but when generating large reports you should allow a long timeout, as the generation may take time. This depends on the condition of the project and of the platform. This is especially true with the SBOM reports, as they include copyright information about the packages. Please see the specific section to learn how to execute calls asynchronously if you want to avoid long timeouts.

Generating a JSON report

A JSON report containing the results of the analysis.

curl -X GET \
"https://www.meterian.com/api/v1/reports/$PROJECT_UUID/full?branch=master" \
--max-time 90 \
-H "Authorization: token $METERIAN_API_TOKEN" \
-H "accept: application/json" > report.json

Generating a PDF report

A PDF report containing the results of the analysis.

curl -X GET \
"https://www.meterian.com/api/v1/reports/$PROJECT_UUID/pdf?branch=master" \
--max-time 90 \
-H "Authorization: token $METERIAN_API_TOKEN" \
-H "accept: application/pdf" > report.pdf

Generating a JSON dependency tree report

A JSON report listing the full dependency tree of the project.

curl -X GET \
"https://www.meterian.com/api/v1/reports/$PROJECT_UUID/tree?branch=master" \
--max-time 90 \
-H "Authorization: token $METERIAN_API_TOKEN" \
-H "accept: application/json" > report.tree.json

Generating a SBOM CSV report

A simple CSV report listing all the components of the projects.

curl -X GET \
"https://www.meterian.com/api/v1/reports/$PROJECT_UUID/sbom.csv?branch=master" \
--max-time 90 \
-H "Authorization: token $METERIAN_API_TOKEN" \
-H "accept: text/csv" > report.sbom.csv

Generating a SBOM CycloneDX JSON report

A JSON report in CycloneDX format.

curl -X GET \
"https://www.meterian.com/api/v1/reports/$PROJECT_UUID/sbom-cdx.json?branch=master" \
--max-time 90 \
-H "Authorization: token $METERIAN_API_TOKEN" \
-H "accept: application/json" > report.cdx.json

Generating a SBOM CycloneDX XML report

An XML report in CycloneDX format.

curl -X GET \
"https://www.meterian.com/api/v1/reports/$PROJECT_UUID/sbom-cdx.xml?branch=master" \
--max-time 90 \
-H "Authorization: token $METERIAN_API_TOKEN" \
-H "accept: application/xml" > report.cdx.xml

Generating a PDF BIBLE report

curl -X GET \
"https://www.meterian.com/api/v1/reports/$PROJECT_UUID/bible.pdf?branch=master" \
--max-time 90 \
-H "Authorization: token $METERIAN_API_TOKEN" \
-H "accept: application/pdf" > bible.pdf

Asynchronous generation

In case of large project or large reports, it's possible to generate then asynchronously. You can send a request to the server asking to start the report generation, which will return a unique id. you can then use this id to enquiry about the progress of the generation. When complete, you can then call any of the synchronous APIs and get the report immediately.

Start preparation

When this API is executed the preparation of the report will be initiated. A unique identifier will be returned, to be used in following enquiries. In this case we store the result in the variable ID, which we will later use.

ID=`curl -X POST \
"https://www.meterian.com/api/v1/reports/$PROJECT_UUID/bible?branch=master" \
-H "Authorization: token $METERIAN_API_TOKEN" \
-H "accept: text/plain"`

Check progress

With this API you can check the progress of the preparation. It returns a number from 0 to 100 that is equivalent to the percentage of preparation. When it's 100, you can then call any of the synchronous API listed before. It also returns 200 if done or 404 if in progress.

curl -X GET \
"https://www.meterian.com/api/v1/reports/$PROJECT_UUID/bible/$ID" \
-H "Authorization: token $METERIAN_API_TOKEN" \
-H "accept: application/json"

When finished, please use the synchronous section to see how to call the APIs to collect the reports. Please note that a prepared bible, which is used to generate reports, will expire usually in 10 minutes, or even earlier, based on the status of the server.

codebase scanner
container scanner
web report page
Web Dashboard
https://www.meterian.io/projects/?pid=UUID&mode=...