WAF++ PASS – API server for persisting and querying scan results

Navigation

Verified details

These details have been verified by PyPI
Project links
Owner
GitHub Statistics

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Artem Lajko, Sascha Lewandowski, Sebastian Meyer, Tim Urlaub
  • Tags api , cloud , compliance , devsecops , fastapi , governance , iac , multi-cloud , security , waf++
  • Requires: Python >=3.11
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

wafpass-server

REST API for persisting and querying WAF++ PASS scan results.

Receives wafpass-result.json payloads from wafpass check --output json, stores them in PostgreSQL, and exposes them to the dashboard and CI tooling.

API endpoints

Method Path Description
POST /runs Ingest a wafpass-result.json payload
GET /runs List runs (query: limit, offset, project)
GET /runs/{id} Single run with all findings
GET /runs/{id}/findings Findings only (query: severity, pillar, status)
GET /health Health check
GET /api/docs Swagger UI

Setup

Environment variables

Copy .env.example from the repo root:

DATABASE_URL=postgresql+asyncpg://wafpass:changeme@localhost:5432/wafpass
WAFPASS_ENV=local
CORS_ORIGINS=http://localhost:5173,http://localhost:3000

Run locally

pip install -e ".[dev]"
alembic upgrade head
uvicorn wafpass_server.main:app --reload --port 8000

Run migrations

alembic upgrade head       # apply all migrations
alembic downgrade -1       # roll back one step
alembic revision --autogenerate -m "add column"  # generate new migration

Docker

docker build -t wafpass-server .
docker run -e DATABASE_URL=... -p 8000:8000 wafpass-server

docker-compose (full stack)

From the repo root:

cp .env.example .env   # fill in passwords
docker compose up

Posting a scan result

wafpass check infra/ --output json > result.json
curl -X POST http://localhost:8000/runs \
     -H "Content-Type: application/json" \
     -d @result.json

Or set metadata fields before posting:

import json, httpx

result = json.load(open("result.json"))
result.update({"project": "my-infra", "branch": "main", "git_sha": "abc1234"})
httpx.post("http://localhost:8000/runs", json=result)

Result schema

The payload shape is defined by WafpassResultSchema in wafpass-core (wafpass/schema.py). wafpass-server mirrors that schema in wafpass_server/schemas.py (RunCreate). Once wafpass-core is published to PyPI, replace the local definition with a direct import.

Key fields stored per run:

Column Type Description
id uuid Auto-generated primary key
project text Repo / project name
branch text VCS branch
git_sha text Commit SHA
triggered_by text local | github-actions | gitlab-ci | …
iac_framework text terraform | cdk | …
score int Overall compliance score (0–100)
pillar_scores jsonb Per-pillar scores {"SEC": 90, …}
findings jsonb Array of check results
created_at timestamptz Inserted at

Development

pip install -e ".[dev]"
pytest

Project details

Verified details

These details have been verified by PyPI
Project links
Owner
GitHub Statistics

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Artem Lajko, Sascha Lewandowski, Sebastian Meyer, Tim Urlaub
  • Tags api , cloud , compliance , devsecops , fastapi , governance , iac , multi-cloud , security , waf++
  • Requires: Python >=3.11
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

0.4.2

0.4.1

0.4.0

This version

0.3.6

0.3.5

0.3.4

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

wafpass_server-0.3.6.tar.gz (14.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

wafpass_server-0.3.6-py3-none-any.whl (14.3 kB view details)

Uploaded Python 3

File details

Details for the file wafpass_server-0.3.6.tar.gz.

File metadata

  • Download URL: wafpass_server-0.3.6.tar.gz
  • Upload date:
  • Size: 14.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for wafpass_server-0.3.6.tar.gz
Algorithm Hash digest
SHA256 4775bed3cd1b54d22dfa9323c2cc62a013155714286d0e1286ba61afde99b5fd
MD5 f3403c4231936461a9fd416d6591a28a
BLAKE2b-256 857d17324e9a1418f90baee7183779bbb44f501849b472c847f75bdaaca3ef24

See more details on using hashes here.

Provenance

The following attestation bundles were made for wafpass_server-0.3.6.tar.gz:

Publisher: release.yml on WAF2p/wafpass-server

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file wafpass_server-0.3.6-py3-none-any.whl.

File metadata

  • Download URL: wafpass_server-0.3.6-py3-none-any.whl
  • Upload date:
  • Size: 14.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for wafpass_server-0.3.6-py3-none-any.whl
Algorithm Hash digest
SHA256 2543c11794eabed7bd734fcc6fef1438f3311d1a3043c4aa44bf51da573e8df9
MD5 29df843ee44e62ed8791a56faa7e457c
BLAKE2b-256 589950f59a8be58e8e4e0256e3fcfae346886d6e53dd78d29385732884ef5342

See more details on using hashes here.

Provenance

The following attestation bundles were made for wafpass_server-0.3.6-py3-none-any.whl:

Publisher: release.yml on WAF2p/wafpass-server

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page