Table of Contents |
---|
Overview
Info |
---|
SAML capability requires an additional WhiteSource license. Contact your CSM for more details. |
To access the new and recommended version of the WhiteSource HTTP API, use HTTP API v1.1.
This document describes the old version of the WhiteSource HTTP API. The API URL can be obtained by copying the 'WhiteSource Server URL' which can be retrieved from your 'Profile' page on the 'Server URLs' panel. Then, add the '/api' path to it. For example: https://saas.whitesourcesoftware.com/api.
...
Note |
---|
The requestType field is mandatory for all requests If the 'Enforce user level access' option is enabled inside the 'Integrate' page, then the userKey field is also mandatory for all requests. |
Fields
Field name | Value |
---|---|
requestType | One of the following:
|
orgToken | Your organization API key |
userKey | Your user key (can be obtained from your Profile page) |
productToken | A unique identifier for your product |
projectToken | A unique identifier for your project |
alertType | One of the following:
|
...
Notice: For version numbers, if there are 3 or more version parts, (E.g. x.y.z or x.y.z.w) both x and y are considered a major version (x.y).
If there are 2 major parts (x.y), then x is considered a major version.
Info |
---|
Date format in all responses is "yyyy-MM-dd". Non of the results are sorted by any order. |
...
Code Block |
---|
{ "licenseHistogram" : { "Apache 2.0" : 2, "BSD 3" : 2, "GPL 3.0" : 1, } } |
Get All Products
Receives an orgToken and returns all products in the organization; name and token of each.
Request
Code Block |
---|
{ "requestType":"getAllProducts", "orgToken":"org_token" } |
Response
Code Block |
---|
{ "products": [ { "productName": "Product A", "productToken": "product_a_token" }, { "productName": "Product B", "productToken": "product_b_token" } ], "message": "Success" } |
Get All Projects
Receives a productToken and returns all projects in the product; name and token of each.
Request
Code Block |
---|
{ "requestType":"getAllProjects", "productToken":"product_token" } |
Response
Code Block |
---|
{ "projects": [ { "projectName": "project_a", "projectToken": "project_a_token" }, { "projectName": "project_b", "projectToken": "project_b_token" } ], "message": "Success" } |
...
Code Block |
---|
{ "projectTags":[ { "name": "My Project 1", "token": "project_token_1", "tags":{ "Component": "Database", "Module": "Server" } }, { "name": "My Project 2", "token": "project_token_2", "tags":{} } ] } |
Info |
---|
Projects without tags are returned as well |
Save Project Tags
Save project tags by key, value.
...
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<project name>.xslx
Change Log Report
Get organization level Change Log Report in various formats.
Request
Code Block |
---|
{ "userKey": "user_key", "orgToken": "organization_api_key", "requestType": "getChangesReport", "startDateTime": "2018-01-01 10:02:00" } |
...
Get organization, product or project level alerts reports in Excel format.
Info |
---|
This request is available for organizations, products or projects. An 'xlsx' format is used when no 'format' parameter is provided. |
Organization
Code Block |
---|
{ "requestType" : "getOrganizationAlertsReport", "orgToken" : "organization_api_key", "format" : "xlsx" } |
...
Get Project Hierarchy
Info |
---|
'includeInHouseData' is an optional parameter. When set to ‘false’, in-house libraries data is not returned in the API response (default is ‘true’). |
...
Get Project Inventory
Info |
---|
'includeInHouseData' is an optional parameter. When set to ‘false’, in-house libraries data is not returned in the API response (default is ‘true’). |
...
vulnerability - the name of the vulnerability (e.g. CVE-2008-0983).
type - the type of fix available, can be one of:
CHANGE_FILES
PATCH
UPGRADE_VERSION
vulnerabilityFixOrigin - the site, service or provider of the fix, can be one of:
GITHUB_COMMIT
JIRA
BUGZILLA
NODE_SECURITY_ADVISORY
PIVOTAL_VULNERABILITY_REPORT
FFMPEG_SECURITY
STRUTS_SECURITY_BULLETIN
XFORCE_VULNERABILITY_REPORT
SECURITY_TRACKER
- WHITESOURCE_EXPERT - Used whenever a WhiteSource security researcher discovers that a vulnerability can be fixed by upgrading to a newer version, and there are no other sources for the vulnerability fix.
url - the URL of the fix.
fixResolution - the fix resolution. Depending on the origin the fixResolution field may vary:
GITHUB_COMMIT - comma separated file names to change.
JIRA - comma separated list of versions, e.g. “1.0.5,1.1.3”.
BUGZILLA - comma separated list of versions.
NODE_SECURITY_ADVISORY - text taken as-is from the origin, e.g. “>= 1.0.4” or “Upgrade to version 0.2.5 or greater.”
PIVOTAL_VULNERABILITY_REPORT - text taken as-is from the origin.
FFMPEG_SECURITY - comma separated list of versions.
STRUTS_SECURITY_BULLETIN - text taken as-is from the origin, e.g. “Developers should upgrade to Struts 2.0.12”.
XFORCE_VULNERABILITY_REPORT - text taken as-is from the origin, e.g. “Refer to ASA-2007-010 for patch, upgrade or suggested workaround information. See References.”.
SECURITY_TRACKER - text taken as-is from origin, e.g. “The vendor has issued a fix (2.3.17, 2.4.11).”.
date - publish date of the fix (not always available).
messsage - the title / description of the fix as taken from the origin.
extraData - extra data stored for each fix in key_1=value_1&key_2&value_2 pairs. Depending on the origin the extraData field may vary:
key - the short commit SHA-1.
committerName - the name of the committer.
committerUrl - a link to the committer’s page on GitHub.
committerAvatar - a link to the committer’s avatar.
key - the issue id.
assignee - the person assigned to the issue.
key - the issue id.
assignee - the person assigned to the issue.
key - the advisory id.
key - the report id, which is simply the CVE name.
key - the bulletin id.
key - the report id.
- key - the alert id.
GITHUB_COMMIT
JIRA
BUGZILLA
NODE_SECURITY_ADVISORY
PIVOTAL_VULNERABILITY_REPORT
FFMPEG_SECURITY - no extra data available.
STRUTS_SECURITY_BULLETIN
XFORCE_VULNERABILITY_REPORT
SECURITY_TRACKER
...