Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

Date format in all responses is "yyyy-MM-dd".

None of the results are sorted in any order.

Alerts

Get Alerts

Info

For customers who have enabled vulnerability based alerting, there are several changes to API version 1.3. Refer here for details.

...

Code Block
{
	"requestType" : "getProjectAlerts",
    "userKey": "user_key", 
	"projectToken" : "project_token"
}

Get Alerts by Project Tags

Info

For customers who have enabled Security Alerts: View By Vulnerability, there are several changes to API version 1.3. Refer here for details.

...

Info

Alert level is either minor or major.

Get Ignored Alerts

Info

For customers who have enabled Security Alerts: View By Vulnerability, there are several changes to API version 1.3. Refer here for details.

...

Code Block
languagejs
{
    "alerts": [
        {
            "vulnerability": {
                "name": "CVE-2019-10202",
                "type": "CVE",
                "severity": "high",
                "score": 7.5,
                "cvss3_score": 0.0,
                "publishDate": "2019-10-01",
                "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10202",
                "description": "A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-	17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.",
                "allFixes": [],
                "references": []
            },
            "type": "SECURITY_VULNERABILITY",
            "level": "MAJOR",
            "library": {
                "keyUuid": "029092aa-fe0c-4ab5-ae02-a5a05c9cb8c5",
                "keyId": 13673550,
                "filename": "jackson-mapper-asl-1.9.2.jar",
                "type": "Java",
                "description": "Data Mapper package is a high-performance data binding package\nbuilt on Jackson JSON processor",
                "references": {
                    "url": "http://jackson.codehaus.org",
                    "issueUrl": "http://jira.codehaus.org/browse/JACKSON",
                    "pomUrl": "https://index.whitesourcesoftware.com/nexus/content/groups/public-on-prem/org/codehaus/jackson/jackson-mapper-asl/1.9.2/jackson-mapper-asl-1.9.2.pom"
                },
                "sha1": "95400a7922ce75383866eb72f6ef4a7897923945",
                "name": "Data Mapper for Jackson",
                "artifactId": "jackson-mapper-asl",
                "version": "1.9.2",
                "groupId": "org.codehaus.jackson",
                "licenses": [
                    {
                        "name": "Apache 2.0",
                        "url": "http://www.opensource.org/licenses/Apache-2.0",
                        "profileInfo": {
                            "copyrightRiskScore": "THREE",
                            "patentRiskScore": "ONE",
                            "copyleft": "NO",
                            "linking": "DYNAMIC",
                            "royaltyFree": "CONDITIONAL"
                        },
                        "references": [
                            {
                                "referenceType": "POM file",
                                "reference": "https://index.whitesourcesoftware.com/nexus/content/groups/public-on-prem/org/codehaus/jackson/jackson-mapper-	asl/1.9.2/jackson-mapper-asl-1.9.2.pom"
                            }
                        ]
                    }
                ]
            },
            "project": "wss-dal-entity-mysql",
            "projectId": 1976,
            "projectToken": "fe305449dc244aeb8f0dd729182669b1251ceabede7548b4a86e61b3903f02e4",
            "directDependency": true,
            "description": "Medium:1,",
            "date": "2019-10-10",
            "time": 1570703663000,
            "alertUuid": "e2d992ce-eaa6-4469-98b3-221e35d6f5fe",
            "comments": "Ignore this alert"
        },
        {
            "vulnerability": {
                "name": "CVE-2019-10202",
                "type": "CVE",
                "severity": "high",
                "score": 7.5,
                "cvss3_score": 0.0,
                "publishDate": "2019-10-01",
                "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10202",
                "description": "A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.",
                "allFixes": [],
                "references": []
            },
            "type": "SECURITY_VULNERABILITY",
            "level": "MAJOR",
            "library": {
                "keyUuid": "029092aa-fe0c-4ab5-ae02-a5a05c9cb8c5",
                "keyId": 13673550,
                "filename": "jackson-mapper-asl-1.9.2.jar",
                "type": "Java",
                "description": "Data Mapper package is a high-performance data binding package\nbuilt on Jackson JSON processor",
                "references": {
                    "url": "http://jackson.codehaus.org",
                    "issueUrl": "http://jira.codehaus.org/browse/JACKSON",
                    "pomUrl": "https://index.whitesourcesoftware.com/nexus/content/groups/public-on-prem/org/codehaus/jackson/jackson-mapper-asl/1.9.2/jackson-mapper-asl-1.9.2.pom"
                },
                "sha1": "95400a7922ce75383866eb72f6ef4a7897923945",
                "name": "Data Mapper for Jackson",
                "artifactId": "jackson-mapper-asl",
                "version": "1.9.2",
                "groupId": "org.codehaus.jackson",
                "licenses": [
                    {
                        "name": "Apache 2.0",
                        "url": "http://www.opensource.org/licenses/Apache-2.0",
                        "profileInfo": {
                            "copyrightRiskScore": "THREE",
                            "patentRiskScore": "ONE",
                            "copyleft": "NO",
                            "linking": "DYNAMIC",
                            "royaltyFree": "CONDITIONAL"
                        },
                        "references": [
                            {
                                "referenceType": "POM file",
                                "reference": "https://index.whitesourcesoftware.com/nexus/content/groups/public-on-prem/org/codehaus/jackson/jackson-mapper-asl/1.9.2/jackson-mapper-asl-1.9.2.pom"
                            }
                        ]
                    }
                ]
            },
            "project": "wss-server",
            "projectId": 1978,
            "projectToken": "2e139a0b5c494042b2c92807bc595c0bdd4645ae5ab34800a968999140e38e24",
            "directDependency": true,
            "description": "Medium:1,",
            "date": "2019-10-10",
            "time": 1570703663000,
            "alertUuid": "5f869dba-9d5d-437a-8a03-b51c23997f99",
            "comments": "Ignore this alert as well"
        }
    ]
}

Security Vulnerability 

Alerts will also contain the following object:

...

Field name

Value

name

The id in the vulnerability DB (CVE or WS)

type

Either CVE or WS

severity

Severity of the CVSS 2 vulnerability (low, medium, high)

score

The CVSS 2 base score [0.0 - 10.0]

cvss3_severity

The score severity, if CVSS 3 score is between 0-3.9 - Low, if CVSS 3 score is between 4-6.9 - Medium, if CVSS 3 score is between 7-10 - High

cvss3_score

The CVSS 3 base score [0.0 - 10.0]

scoreMetadataVector

See specification link

publishDate

Original release date

url

URL of the CVE

description

A short description of the security vulnerability

topFix

Top recommended fix (when available)

allFixes

List of all fixes (when available)

fixResolutionText

The actual resolution text to display for the given fix.

Get Alerts by Type

Info

For customers who have enabled Security Alerts: View By Vulnerability, there are several changes to API version 1.3. Refer here for details.

...

Info

Same as alerts response

Ignore Alerts

Enables users with Organization Administrators, Product Administrators, and Alert Ignorers roles to ignore alerts according to their unique identifier. You can use any alert-related API to get the alertUUID of a particular alert. 

...

Code Block
{
    "message": "Successfully ignored alerts"
}

Set Alert Status

Enables users with Organization Administrators, Product Administrators, and Alert Ignorers roles to set the status of alert(s) according to their unique identifier. This API can also be used to change the alert's comments.  

...

Code Block
{
    "message": "Successfully set the alert's status"
}

Get Change Log Report

Get organization level Change Log Report in various formats.

...

Code Block
{
    "changes": [
        {
            "startDateTime": "2018-07-04 09:07:21",
            "category": "METADATA",
            "type": "SOURCE_MATCHING",
            "changeType": "CHANGED",
            "scope": "SOURCE_FILE",
            "scopeName": "activation_mode.h",
            "scopeId": 2922950,
            "beforeChange": [
                "tensorflow-v1.4.0-rc0"
            ],
            "afterChange": [
                "tensorflow-v1.4.0-rc0"
            ],
            "operator": "USER",
            "userEmail": "john@doe.com",
            "productId": 69491,
            "productName": "tensorflow",
            "projectId": 338568,
            "projectName": "tensor",
            "comment": "changed lib of source file"
        }
    ]
}

Get Licenses

Get all libraries and their licenses for a given organization/product/project.

...

Code Block
"libraries" : [
	{
        "licenses" : [
            "license_name_1",
            "license_name_2", 
            "spdxName":"license_spdx_name"
        ],
        "copyrightReferences": [
            {
            "copyright": "library_copyright_text",
            "startYear": "library_copyright_start_year"
            }
        ],
        "keyUuid": "library_key_uuid",
        "keyId": "library_key_id",
        "filename": "library_file_name",
        "name" : "libarary_name",
        "groupId" : "library_group_id",
        "artifactId" : "library_artifact_id",
        "version" : "library_version",
        "sha1" : "library_sha1",
        "languages": "library_language",
        "references" : {"url":"library_url",
                        "downloadLink":"library_download_link"
                        }
    }
]

Get License Histogram

Get the license histogram (license name : occurrence) for a given organization/product/project.

...

  • Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet

  • Content-Disposition: attachment; filename=<project name>.xlsx

Get Change Log Report

Get organization level Change Log in Excel format.

...