WAF++ PASS – API server for persisting and querying scan results
Project description
wafpass-server
REST API for persisting and querying WAF++ PASS scan results.
Receives wafpass-result.json payloads from wafpass check --output json,
stores them in PostgreSQL, and exposes them to the dashboard and CI tooling.
API endpoints
| Method | Path | Description |
|---|---|---|
POST |
/runs |
Ingest a wafpass-result.json payload |
GET |
/runs |
List runs (query: limit, offset, project) |
GET |
/runs/{id} |
Single run with all findings |
GET |
/runs/{id}/findings |
Findings only (query: severity, pillar, status) |
GET |
/health |
Health check |
GET |
/api/docs |
Swagger UI |
Setup
Environment variables
Copy .env.example from the repo root:
DATABASE_URL=postgresql+asyncpg://wafpass:changeme@localhost:5432/wafpass
WAFPASS_ENV=local
CORS_ORIGINS=http://localhost:5173,http://localhost:3000
Run locally
pip install -e ".[dev]"
alembic upgrade head
uvicorn wafpass_server.main:app --reload --port 8000
Run migrations
alembic upgrade head # apply all migrations
alembic downgrade -1 # roll back one step
alembic revision --autogenerate -m "add column" # generate new migration
Docker
docker build -t wafpass-server .
docker run -e DATABASE_URL=... -p 8000:8000 wafpass-server
docker-compose (full stack)
From the repo root:
cp .env.example .env # fill in passwords
docker compose up
Posting a scan result
wafpass check infra/ --output json > result.json
curl -X POST http://localhost:8000/runs \
-H "Content-Type: application/json" \
-d @result.json
Or set metadata fields before posting:
import json, httpx
result = json.load(open("result.json"))
result.update({"project": "my-infra", "branch": "main", "git_sha": "abc1234"})
httpx.post("http://localhost:8000/runs", json=result)
Result schema
The payload shape is defined by WafpassResultSchema in wafpass-core
(wafpass/schema.py). wafpass-server mirrors that schema in
wafpass_server/schemas.py (RunCreate). Once wafpass-core is published
to PyPI, replace the local definition with a direct import.
Key fields stored per run:
| Column | Type | Description |
|---|---|---|
id |
uuid | Auto-generated primary key |
project |
text | Repo / project name |
branch |
text | VCS branch |
git_sha |
text | Commit SHA |
triggered_by |
text | local | github-actions | gitlab-ci | … |
iac_framework |
text | terraform | cdk | … |
score |
int | Overall compliance score (0–100) |
pillar_scores |
jsonb | Per-pillar scores {"SEC": 90, …} |
findings |
jsonb | Array of check results |
created_at |
timestamptz | Inserted at |
Development
pip install -e ".[dev]"
pytest
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file wafpass_server-0.3.4.tar.gz.
File metadata
- Download URL: wafpass_server-0.3.4.tar.gz
- Upload date:
- Size: 9.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
91f3f3735d0eb3fd62f17aae134e7ba7825032e224e7a5226bfcc0f5272e4804
|
|
| MD5 |
a6a8e4db0d6eab49c1efafbfaac977a5
|
|
| BLAKE2b-256 |
5a2b2af84d91d15237e659b8f5f5af16a711796a0fed11ff9c30d5f0b3fc548c
|
Provenance
The following attestation bundles were made for wafpass_server-0.3.4.tar.gz:
Publisher:
release.yml on WAF2p/wafpass-server
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
wafpass_server-0.3.4.tar.gz -
Subject digest:
91f3f3735d0eb3fd62f17aae134e7ba7825032e224e7a5226bfcc0f5272e4804 - Sigstore transparency entry: 1226228710
- Sigstore integration time:
-
Permalink:
WAF2p/wafpass-server@e0d84a3afc9ce5b6044276fb0d7ab6a4b6563df3 -
Branch / Tag:
refs/heads/main - Owner: https://github.com/WAF2p
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@e0d84a3afc9ce5b6044276fb0d7ab6a4b6563df3 -
Trigger Event:
push
-
Statement type:
File details
Details for the file wafpass_server-0.3.4-py3-none-any.whl.
File metadata
- Download URL: wafpass_server-0.3.4-py3-none-any.whl
- Upload date:
- Size: 9.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b26204e70bc43984ef2d57c6cfc201b65323b121260d93837a2066dba9667446
|
|
| MD5 |
2d3a074f8405f0a475bf57f202654fa7
|
|
| BLAKE2b-256 |
e5d11d532c03e9c92947fd9b47cfd4a7a6e908ab30b1224835b5cfe6ba1175e8
|
Provenance
The following attestation bundles were made for wafpass_server-0.3.4-py3-none-any.whl:
Publisher:
release.yml on WAF2p/wafpass-server
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
wafpass_server-0.3.4-py3-none-any.whl -
Subject digest:
b26204e70bc43984ef2d57c6cfc201b65323b121260d93837a2066dba9667446 - Sigstore transparency entry: 1226228796
- Sigstore integration time:
-
Permalink:
WAF2p/wafpass-server@e0d84a3afc9ce5b6044276fb0d7ab6a4b6563df3 -
Branch / Tag:
refs/heads/main - Owner: https://github.com/WAF2p
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@e0d84a3afc9ce5b6044276fb0d7ab6a4b6563df3 -
Trigger Event:
push
-
Statement type:
