Skip to content
  • There are no suggestions because the search field is empty.

Retrieving and Exporting CWE Records with Aspen Adapt API

Use the Aspen Reporting API to retrieve, filter, and export CWE findings for integration with BI, analytics, and security reporting platforms.

Retrieving CWE Records

Authenticate with your Aspen API key, as described in this article.

Security Journey Aspen Adapt API

https://api.securityjourney.com/integrations/cwes

Method GET 
Requires API Key with Read permissions

Query Parameters

Field

Type

Required

Description

pageSize integer No Number of items per page (default: 100, max: 1000) 
page integer No Page number (default: 1) 
sortBy string No createdAt, cwe, username, gitRepo, or gitCommitterEmail (default: createdAt
sortOrder string No asc or desc (default: desc
emails array of strings No Limit results to these committer emails 
cwes array of integers No Limit results to these pull/merge request numbers 
dateFrom timestamp No Inclusive lower bound on createdAt (e.g. `2025-01-01T00:00:00Z`) 
dateTo timestamp No Inclusive upper bound on createdAt (e.g. `2025-12-31T23:59:59Z`)
dedupeBy array of strings No Collapses results to one row per dedup group. Each element names a grouping field. Recognized values: gitCommitterEmail, gitRepo. Must always include gitCommitterEmail. Examples: dedupeBy=gitCommitterEmail (group by cwe + email) or dedupeBy=gitCommitterEmail&dedupeBy=gitRepo (group by cwe + email + repo). Omit for raw undeduplicated results.

Note: Query parameters and POST body fields also accept snake_case (e.g. page_size, git_repos) — both casings work. Response fields are always camelCase.

Response Body

Field Type Description
cwes array of CWE Matching CWE records for the page requested
totalCount integer Total number of records matching the filters
page integer Page number returned 
pageSize integer Page size used
totalPages integer Total number of pages available
filters object emails, cwes, gitRepos, and prNumbers distinct values available for this tenant

Each CWE record contains: username, cwe, gitRepo, gitCommitterEmail, directoryUuid, gitHeadSha, prNumber, createdAt, firstSeen, lastSeen, occurrenceCount.

Note on deduplication: When dedupeBy is set, totalCount and totalPages reflect the number of distinct groups matching the filters, not the total raw findings. The firstSeen and lastSeen fields show the time range of all findings collapsed into each group, and occurrenceCount shows how many raw findings were collapsed. When dedupeBy is omitted, occurrenceCount is always `1` and firstSeen/lastSeen equal createdAt.

Example cURL Request

bash
curl -X GET "https://api.securityjourney.com/integrations/cwes?page=1&pageSize=100&sortBy=createdAt&sortOrder=desc" \
-H "Authorization: Bearer {API token}"

Filtering by repository and PR number (repeat the parameter for multiple values):

bash
curl -X GET "https://api.securityjourney.com/integrations/cwes?gitRepos=my-org/my-service&prNumbers=42" \
-H "Authorization: Bearer {API token}"

Deduplicating by committer email (one row per CWE + email):

bash
curl -X GET "https://api.securityjourney.com/integrations/cwes?dedupeBy=gitCommitterEmail" \

-H "Authorization: Bearer {API token}"

Deduplicating by committer email and repository (repeat the parameter):

bash
curl -X GET "https://api.securityjourney.com/integrations/cwes?dedupeBy=gitCommitterEmail&dedupeBy=gitRepo" \
-H "Authorization: Bearer {API token}"```

Exporting CWE Records

Authenticate with your Aspen API key, as described above.

https://api.securityjourney.com/integrations/cwes/export

Method GET 
Requires API Key with Read permissions

Returns all CWE records for the tenant as a gzip-compressed CSV. The response body is the raw gzip-compressed CSV data — not a JSON object.

Note: Requests must include an Accept-Encoding header containing gzip, or the API returns 406 Not Acceptable.

Response Headers
Header

Value

Content-Type text/csv
Content-Encoding gzip
Content-Disposition attachment; filename=cwes.csv
Example cURL Request
bash
curl -X GET "https://api.securityjourney.com/integrations/cwes/export" \
-H "Authorization: Bearer {API token}" \
-H "Accept-Encoding: gzip" \
-o cwes.csv.gz

The CSV header row is: cwe, username, gitCommitterEmail, gitRepo, prNumber, gitHeadSha, createdAt.


Summary


The Aspen API provides endpoints for retrieving and exporting CWE (Common Weakness Enumeration) records associated with your organization. Using the /integrations/cwes endpoint, you can filter results by date range, committer email, CWE ID, repository, and pull request number, while also supporting sorting, pagination, and optional deduplication. Responses include detailed CWE metadata such as repository information, committer email, occurrence counts, and timestamps. For large-scale analysis and reporting, the /integrations/cwes/export endpoint allows you to download all CWE records as a gzip-compressed CSV file containing key finding details for further processing.