| Table of Contents | ||
|---|---|---|
|
...
Inventory report for an organization, product or project
Source File Inventory report for an organization, product or project
Due Diligence report for an organization, product or project
Attribution report for a product or project
Product Comparison report
Project Comparison report
Custom Attribute Values report for an organization, product or project
Library Location report for an organization or product
License Compatability report for a product or project
Effective Licenses report for an organization or product
In-House report for an organization, product or project
Risk report in PDF format for an organization, product or project
Vulnerability Vulnerabilities report for an organization, product or project
Container Vulnerability Vulnerabilities report for an organization or cluster
Effective Usage Analysis report
Alerts report for an organization, product or project
Ignored Alerts report for an organization, product or project
Resolved Alerts report for an organization, product or project
Change Log History report
Request History report for an organization, product or project
Plugin Request History report
Members report for an organization, product or project
NOTE: The following APIs are not supported if Vulnerability-based Alerting is installed; they will be deprecated in January 2022:
...
This report provides due diligence related information for each open-source library in order to comply with the relevant legal requirements. For details, see https:/wiki/spaces/whitesource.atlassian.netnullWD/pages/createpage.action?spaceKey=WD&title=Due%20Diligence%20Report&linkCreation=true&fromPageId=1730543766.33915056.
The API request enables you to get organization, product, or project-level Due Diligence reports in Excel (xlsx), XML (xml), or JSON (json) format.
...
The Risk report provides a view of all aspects of the account's open-source libraries; security, quality and compliance. It can display libraries by organization, as well as by product (application). For details, see https:/wiki/spaces/whitesource.atlassian.netnullWD/pages/createpage.action?spaceKey=WD&title=Risk%20Report&linkCreation=true&fromPageId=1730543766. 34177230.
This API request enables you to export organization, product, or project-level risk reports in PDF format.
...
Content-Type = application/pdf
Content-Disposition: attachment; filename=<project name>.pdf
Get
...
Vulnerabilities Report
The Vulnerability report Vulnerabilities Report contains all relevant information about your vulnerabilities, such as, severity, number of occurrences, library which was found vulnerable, and so on.
This API request enables you to get organization, product or project-level vulnerability reports in Excel or JSON format.
Organization
Get Vulnerability Vulnerabilities report for an organization.
...
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a Vulnerability Vulnerabilities report for an organization. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in WhiteSource. | string | Yes |
orgToken | API key which is a unique identifier of the organization. | string | Yes |
format | Requested format of the report. Options are: xlsx (default) or json. | string | Yes |
...
|
...
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Product
Get Vulnerability Vulnerabilities report for a product.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a Vulnerability Vulnerabilities report for a specific product. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in WhiteSource. | string | Yes |
productToken | API key which is a unique identifier of the product. | string | Yes |
format | Requested format of the report. Options are: xlsx (default) or json. | string | Yes |
...
|
...
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Project
Get Vulnerability Vulnerabilities report for a project.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a Vulnerability Vulnerabilities report for a specific project. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in WhiteSource. | string | Yes |
projectToken | API key which is a unique identifier of the project. | string | Yes |
format | Requested format of the report. Options are: xlsx (default) or json. | string | Yes |
...
|
...
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<project name>.xlsx
Get Container
...
Vulnerabilities Report
This report displays the vulnerabilities per pod, namespace, and cluster. Users can filter specific resources according to their context in the cluster. For details, see https:/wiki/spaces/whitesource.atlassian.netnullWD/pages/createpage.action?spaceKey=WD&title=Container%20Vulnerabilities%20Report&linkCreation=true&fromPageId=1730543766722895103 .
This API request enables you to get Container Vulnerability Vulnerabilities reports at the organizational and cluster level, in Excel or JSON format.
Organization
Get Container Vulnerability Vulnerabilities report for an organization.
...
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a Container Vulnerability Vulnerabilities report for an organization. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in WhiteSource. | string | Yes |
orgToken | API key which is a unique identifier of the organization. | string | Yes |
format | Requested format of the report. Options are: xlsx (default) or json. | string | Yes |
...
|
...
Cluster
Get Container Vulnerability Vulnerabilities report for a cluster.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a Container Vulnerability Vulnerabilities report at the Cluster level. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in WhiteSource. | string | Yes |
productToken | API key which is a unique identifier of the product. | string | Yes |
format | Requested format of the report. Options are: xlsx (default) or json. | string | Yes |
...
|
...
| Code Block |
|---|
{
"analysisReportDate": "2021-01-24",
"orgName": "org_name",
"products": [
{
"projects": [
{
"libraries": [
{
"name": "xstream-1.4.10.jar",
"keyUuid": "8b0f1465-7a32-4aab-b8c7-3a27ad3ec595",
"groupId": "com.thoughtworks.xstream",
"artifactId": "xstream",
"version": "1.4.10",
"sha1": "dfecae23647abc9d9fd0416629a4213a3882b101",
"analysisDateTime": "2020-09-15",
"impactAnalysisStatus": "DATA_UNAVAILABLE",
"impactAnalysisResult": "High (1?);Medium (0)",
"resultingShield": "GREY",
"vulnerabilities": [
{
"name": "CVE-2020-26258",
"type": "CVE",
"severity": "medium",
"score": 5.0,
"publishDate": "2020-12-16",
"url": "https://vuln.whitesourcesoftware.com/vulnerability/CVE-2020-26258",
"description": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshallingSide Forgery Request can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream The may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist if running Java 15 or higher The reported does not exist if running Java 15 or higher. No user is affected who followed the recommendation to setup XStream's Security Framework with a whitelist! Anyone relying on XStream's default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerabilitys default blacklist can immediately switch to a whilelist for the allowed types to avoid the . Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories.",
"topFix": {
"vulnerability": "CVE-2020-26258",
"type": "CHANGE_FILES",
"origin": "GITHUB_COMMIT",
"url": "https://github.com/x-stream/xstream/commit/ecc111cf22039eb9edcaec68dec05506b67e9382",
"fixResolution": "Replace or update the following files: website.xml, CVE-2020-26258.html, changes.html, security.html",
"date": "2020-12-18",
"message": "Fix and document CVE-2020-26258."
},
"impactAnalysis": {
"references": []
}
},
...... |
...
NOTE: For customers who have enabled Vulnerabilityenabled -based Alerting (see Security Alerts: View By Vulnerability), this API will not be available.
...
NOTE: For customers who have enabled Vulnerabilityenabled -based Alerting (see Security Alerts: View By Vulnerability), this API will not be available.
...
NOTE: For customers who have enabled Vulnerabilityenabled -based Alerting (see Security Alerts: View By Vulnerability), this API will not be available.
...
NOTE: For customers who have enabled Vulnerabilityenabled -based Alerting (see Security Alerts: View By Vulnerability), this API will not be available.
...
NOTE: For customers who have enabled Vulnerabilityenabled -based Alerting (see Security Alerts: View By Vulnerability), this API will not be available.
...
NOTE: For customers who have enabled Vulnerabilityenabled -based Alerting (see Security Alerts: View By Vulnerability), this API will not be available.
...
NOTE: For customers who have enabled Vulnerabilityenabled -based Alerting (see Security Alerts: View By Vulnerability), this API will not be available.
...
NOTE: For customers who have enabled Vulnerabilityenabled -based Alerting (see Security Alerts: View By Vulnerability), this API will not be available.
...
NOTE: For customers who have enabled Vulnerabilityenabled -based Alerting (see Security Alerts: View By Vulnerability), this API will not be available.
...
NOTE: For customers who have enabled Vulnerabilityenabled -based Alerting (see Security Alerts: View By Vulnerability), this API will not be available.
...
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<project name>.xlsx
Get Security Alerts by
...
Report
NOTE: This API is only supported in organizations that have Vulnerability-based Alerting installed (see Security Alerts: View By Vulnerability).
This API request generates a security alerts report detailed by vulnerability , in the scope of the organization, a specific product or a specific project.
Organization
Get security alerts by vulnerability for an organization.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a report of all security alerts by vulnerability in an organization. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in WhiteSource. | string | Yes |
orgToken | API key which is a unique identifier of the organization. | string | Yes |
status | Yes status of the alerts: Active, Ignored or Resolved. By default, all statuses are returned. | string | Yes |
format | Requested format of the report. Options are: xlsx (default), xml, or json. | string | Yes |
...
| Code Block |
|---|
{
"requestType" : "getOrganizationSecurityAlertsByVulnerabilityReportgetOrganizationSecurityAlertsByReport",
"userKey": "user_key",
"orgToken" : "organization_api_key",
"status" : "active",
"format" : "xlsx"
} |
...
Product
Get security alerts by vulnerability for a product.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a report of all security alerts by vulnerability for a product. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in WhiteSource. | string | Yes |
productToken | API key which is a unique identifier of the product. | string | Yes |
status | Yes status of the alerts: Active, Ignored or Resolved. By default, all statuses are returned. | string | Yes |
format | Requested format of the report. Options are: xlsx (default), xml, or json. | string | Yes |
...
| Code Block |
|---|
{
"requestType" : "getProductSecurityAlertsByVulnerabilityReportgetProductSecurityAlertsByReport",
"userKey": "user_key",
"productToken" : "product_token",
"status" : "ignored",
"format" : "xlsx"
} |
...
Project
Get security alerts by vulnerability for a project.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a report of all security alerts by vulnerability for a project. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in WhiteSource. | string | Yes |
projectToken | API key which is a unique identifier of the project. | string | Yes |
status | Yes status of the alerts: Active, Ignored or Resolved. By default, all statuses are returned. | string | Yes |
format | Requested format of the report. Options are: xlsx (default), xml, or json. | string | Yes |
...
| Code Block |
|---|
{
"requestType" : "getProjectSecurityAlertsByVulnerabilityReportgetProjectSecurityAlertsByReport",
"userKey": "user_key",
"projectToken" : "project_token",
"format" : "xlsx"
} |
...
NOTE: This API is only supported in organizations that have Vulnerability-based Alerting installed (see Security Alerts: View By Library).
This API request generates a report of all vulnerability -based alerts that are associated with a specific library, in the scope of the organization, a specific product or a specific project.
...