Add endpoint to get number of alerts grouped by risk level

[GoogleCodeExporter]

The current REST api exposes an endpoint to get the total number of alerts in 
the current ZAP session.

http://zap/JSON/core/view/numberOfAlerts/?zapapiformat=JSON&baseurl=

 It would be great to modify the existing endpoint(for all formats) to return the number of alerts grouped by risk level. A sample output could be

{
  "totalNumberOfAlerts": "170",
  "highRisk": "100",
  "mediumRisk": "20",
  "lowRisk": "20",
  "informational": "30"
}

Original issue reported on code.google.com by diveshpr...@gmail.com on 1 May 2015 at 12:37

[GoogleCodeExporter]

Do you see value in adding a breakdown by confidence within risk level?

So that if there are say 100 high risk, you would know that 10 are false 
positive, 10 are low confidence, 20 are medium confidence, 20 are high 
confidence, and 40 are confirmed.

(Keeping in mind that scanners/plugins are only supposed to set the middle 3 
and the extreme ends are actually user set....so api applicability with a grain 
of salt).

Original comment by kingtho...@gmail.com on 1 May 2015 at 6:56

[GoogleCodeExporter]

It's better to use a new view, changing "numberOfAlerts" will break existing 
clients/consumers.

Original comment by THC...@gmail.com on 4 May 2015 at 2:57

[GoogleCodeExporter]

Agreed re the new view, I've actually been meaning to add this for a while ;)
Re breaking down by confidence level, we could always have an optional 
parameter for the minimum confidence level to be reported?
So you could get all (non false positive) alerts (the default), or counts of 
all at least High confidence etc

Original comment by psii...@gmail.com on 5 May 2015 at 8:57

• Changed state: Accepted

[GoogleCodeExporter]

ZAP has been migrated to github

This issue will be on github issues with the same ID: 
https://github.com/zaproxy/zaproxy/issues

Original comment by psii...@gmail.com on 5 Jun 2015 at 9:18

• Changed state: Done