...
| Code Block |
|---|
{
"requestType" : "getOrganizationSecurityAlertsByLibraryReport",
"userKey": "user_key",
"orgToken" : "organization_api_key",
"status" : "active",
"format" : "xlsx"
} |
...
json"
} |
Response Example
| Code Block |
|---|
{
"alerts": [
{
"libraryName": "hibernate-validator-4.2.0.Final.jar",
"product": "Demo Product",
"project": "Demo Data",
"severity": {
"medium": 2
},
"totalAlerts": 2,
"libraryType": "Java",
"creationDate": "2020-03-09 15:28:47",
"modifiedDate": "2021-06-27 12:04:50"
},
{
"libraryName": "commons-fileupload-1.2.1-URBA2209RC1.jar",
"product": "Demo Product",
"project": "Demo Data",
"severity": {
"high": 5,
"medium": 1
},
"totalAlerts": 6,
"ignoredAlerts": 1,
"libraryType": "Java",
"creationDate": "2020-03-09 15:28:46",
"modifiedDate": "2021-05-30 15:24:44"
},
{
"libraryName": "spring-web-2.5.jar",
"product": "Demo Product",
"project": "Demo Data",
"severity": {
"high": 1,
"medium": 5
},
"totalAlerts": 6,
"libraryType": "Java",
"creationDate": "2020-03-09 15:28:47",
"modifiedDate": "2021-12-01 00:09:03"
},
......... |
Product
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a report of all the security alerts by library for a specific product in an organization. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in WhiteSource. | string | Yes |
productToken | Unique identifier of the product. | string | Yes |
status | Current status of the alert(s): Active or Ignored. | string | Yes |
format | Requested format of the report. Options are: xlsx (default), xml, or json. | string | Yes |
Request Example
| Code Block |
|---|
{
"requestType" : "getProductSecurityAlertsByLibraryReport",
"userKey": "user_key",
"productToken" : "product_token",
"status" : "ignored",
"format" : "json"
} |
Response Example
| Code Block |
|---|
{
"alerts": [
{
"libraryName": "Jinja2-2.10.3-py2.py3-none-any.whl",
"product": "GH_cloudify-cli",
"project": "GH_cloudify-cli",
"severity": {
"medium": 1
},
"totalAlerts": 1,
"ignoredAlerts": 1,
"libraryType": "Python",
"creationDate": "2021-02-02 12:16:51",
"modifiedDate": "2021-02-02 13:47:40"
}
]
} |
Project
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a report of all the security alerts by library for a specific |
project. | string | Yes | |
userKey | The ID of the user’s profile, which uniquely identifies the user in WhiteSource. | string | Yes |
projectToken | Unique identifier of the |
project. | string | Yes |
Current status of the alert(s): Active or Ignored.
string
Yes
format | Requested format of the report. Options are: xlsx (default), xml, or json. | string |
Yes
...
Yes |
Request Example
| Code Block |
|---|
{
"requestType" : "getProjectSecurityAlertsByLibraryReport",
"userKey": "user_key",
"projectToken" : "project_token",
"format" : "xlsx"
} |
Response Example
| Code Block |
|---|
{
"requestType" : "getProductSecurityAlertsByLibraryReport",
"userKey": "user_key",
"productToken" : "product_token",
"status" : "ignored",
"format" : "xlsx"
} |
Project
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a report of all the security alerts by library for a specific project.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in WhiteSource.
...
string
...
Yes
...
projectToken
...
Unique identifier of the project.
...
string
...
Yes
...
format
...
Requested format of the report. Options are: xlsx (default), xml, or json.
...
string
...
Yes
Request Example
| Code Block |
|---|
{
"requestType" : "getProjectSecurityAlertsByLibraryReport",
"userKey": "user_key",
"projectToken" : "project_token",
"format" : "xlsx"
} |
Response
The response will have the following headers:
...
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
...
alerts": [
{
"libraryName": "guava-18.0.jar",
"product": "My Product",
"project": "WST_468",
"severity": {
"euaShield": "RED",
"medium": 1,
"low": 1
},
"totalAlerts": 2,
"libraryType": "Java",
"creationDate": "2021-05-31 14:08:17",
"modifiedDate": "2021-05-31 14:08:17"
},
{
"libraryName": "groovy-all-1.8.9.jar",
"product": "My Product",
"project": "WST_468",
"severity": {
"high": 2
},
"totalAlerts": 2,
"libraryType": "Java",
"creationDate": "2021-05-31 14:08:17",
"modifiedDate": "2021-05-31 14:08:17"
}
]
} |
Get Alerts
Organization
...
|
Response Example
The response is a JSON collection of all the alerts in the product with their details. For example:
...
|
Response Example
The response is a JSON collection of all the alerts in the project with their details. For example:
...
| Code Block |
|---|
{
"requestType": "getAlertsByProjectTag",
"orgToken": "organization_api_key",
"userKey": "user_key",
"tagKey": "status",
"tagValue": "production"
} |
Response Example
The response is a JSON collection of all the alerts in the organization with the specified project tag. For example:
...
| Code Block |
|---|
{
"requestType" : "getOrganizationIgnoredAlerts",
"userKey":"user_key",
"orgToken":"organization_api_key"
} |
Response Example
The response is a JSON collection of the ignored alerts in the organization with their details. For example:
...
|
Response Example
The response is a JSON collection of the ignored alerts in the product with their details. For example:
...
|
Response Example
The response is a JSON collection of the ignored alerts in the project with their details. For example:
...
| Code Block |
|---|
{
"requestType": "getOrganizationAlertsByType",
"userKey": "user_key",
"alertType": "alert_type",
"orgToken": "organization_api_key",
"fromDate": "2020-09-01"
} |
Response Example
A JSON collection listing the alerts of the specified type that were generated in the specified scope (organization, product, or project) and within the specified date range:
...
| Code Block |
|---|
{
"requestType": "getProductAlertsByType",
"userKey": "user_key",
"alertType": "SECURITY_VULNERABILITY", //just an example
"productToken": "product_token",
"fromDate": "2010-09-01",
"toDate": "2021-12-31"
} |
Response Example
| Code Block |
|---|
{
"alerts": [
{
"vulnerability": {
"name": "CVE-2010-2076",
"type": "CVE",
"severity": "high",
"score": 7.5,
"publishDate": "2010-08-19",
"url": "https://vuln.whitesourcesoftware.com/vulnerability/CVE-2010-2076",
"description": "Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.",
"topFix": {
"vulnerability": "CVE-2010-2076",
"type": "UPGRADE_VERSION",
"origin": "WHITESOURCE_EXPERT",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2076",
"fixResolution": "2.0.13,2.1.10,2.2.9",
"date": "2010-08-19",
"message": "Upgrade to version",
"extraData":"{\"packageLevelFix\":[{\"cveIdentifier\":\"CVE-2010-2076\",\"packageName\":\"org.apache.cxf:cxf-rt-bindings-soap\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(2.1, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.1.8, 2.1.9)\",\"affectedRange\":\"\>\=2.1 \<2.1.10\",\"minFixVersion\":\"2.1.10\"},{\"cveIdentifier\":\"CVE-2010-2076\",\"packageName\":\"org.apache.cxf:cxf-common-utilities\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.1.8, 2.1.9)\",\"affectedRange\":\"\>\=2.1.1 \<2.1.10\",\"minFixVersion\":\"2.1.10\"},{\"cveIdentifier\":\"CVE-2010-2076\",\"packageName\":\"org.apache.cxf:cxf-common-utilities\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12)\",\"affectedRange\":\"\>\=2.0.6 \<2.0.13\",\"minFixVersion\":\"2.0.13\"},{\"cveIdentifier\":\"CVE-2010-2076\",\"packageName\":\"org.apache.cxf:cxf-rt-bindings-soap\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(2.2, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.6-fuse-01-01, 2.2.7, 2.2.8)\",\"affectedRange\":\"\>\=2.2 \<2.2.9\",\"minFixVersion\":\"2.2.9\"},{\"cveIdentifier\":\"CVE-2010-2076\",\"packageName\":\"org.apache.cxf:cxf-common-utilities\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.6-fuse-01-01, 2.2.7, 2.2.8)\",\"affectedRange\":\"\>\=2.2.1 \<2.2.9\",\"minFixVersion\":\"2.2.9\"},{\"cveIdentifier\":\"CVE-2010-2076\",\"packageName\":\"org.apache.cxf:cxf-rt-bindings-soap\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12)\",\"affectedRange\":\"\>\=2.0.6 \<2.0.13\",\"minFixVersion\":\"2.0.13\"}]}"
},
"allFixes": [
{
"vulnerability": "CVE-2010-2076",
"type": "UPGRADE_VERSION",
"origin": "WHITESOURCE_EXPERT",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2076",
"fixResolution": "2.0.13,2.1.10,2.2.9",
"date": "2010-08-19",
"message": "Upgrade to version",
"extraData":"{\"packageLevelFix\":[{\"cveIdentifier\":\"CVE-2010-2076\",\"packageName\":\"org.apache.cxf:cxf-rt-bindings-soap\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(2.1, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.1.8, 2.1.9)\",\"affectedRange\":\"\>\=2.1 \<2.1.10\",\"minFixVersion\":\"2.1.10\"},{\"cveIdentifier\":\"CVE-2010-2076\",\"packageName\":\"org.apache.cxf:cxf-common-utilities\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.1.8, 2.1.9)\",\"affectedRange\":\"\>\=2.1.1 \<2.1.10\",\"minFixVersion\":\"2.1.10\"},{\"cveIdentifier\":\"CVE-2010-2076\",\"packageName\":\"org.apache.cxf:cxf-common-utilities\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12)\",\"affectedRange\":\"\>\=2.0.6 \<2.0.13\",\"minFixVersion\":\"2.0.13\"},{\"cveIdentifier\":\"CVE-2010-2076\",\"packageName\":\"org.apache.cxf:cxf-rt-bindings-soap\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(2.2, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.6-fuse-01-01, 2.2.7, 2.2.8)\",\"affectedRange\":\"\>\=2.2 \<2.2.9\",\"minFixVersion\":\"2.2.9\"},{\"cveIdentifier\":\"CVE-2010-2076\",\"packageName\":\"org.apache.cxf:cxf-common-utilities\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.6-fuse-01-01, 2.2.7, 2.2.8)\",\"affectedRange\":\"\>\=2.2.1 \<2.2.9\",\"minFixVersion\":\"2.2.9\"},{\"cveIdentifier\":\"CVE-2010-2076\",\"packageName\":\"org.apache.cxf:cxf-rt-bindings-soap\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12)\",\"affectedRange\":\"\>\=2.0.6 \<2.0.13\",\"minFixVersion\":\"2.0.13\"}]}"
}
],
"fixResolutionText": "Upgrade to version 2.0.13,2.1.10,2.2.9",
"references": []
},
"type": "SECURITY_VULNERABILITY",
"level": "MAJOR",
"library": {
"keyUuid": "c0a07bfe-dd9a-4caa-84f8-d99404b13496",
"keyId": 332377,
"filename": "cxf-common-utilities-2.2.7.jar",
"type": "Java",
"resolvedType": "Java",
"references": {
"url": "http://cxf.apache.org",
"issueUrl": "https://issues.apache.org/jira/browse/CXF",
"pomUrl": "https://repo.maven.apache.org/maven2/org/apache/cxf/cxf-common-utilities/2.2.7/cxf-common-utilities-2.2.7.pom"
},
"sha1": "b378945db083d216a2aff1956c1c3ae968a2adf0",
"name": "Apache CXF Common Utilities",
"artifactId": "cxf-common-utilities",
"version": "2.2.7",
"groupId": "org.apache.cxf"
},
"project": "Demo Data",
"projectId": 1559006,
"projectToken": "5715a92ea3d345d29512481363d8f9751b87c8fb50c44c46a44e81e90e7407e6",
"directDependency": true,
"description": "High:1",
"date": "2021-09-05",
"modifiedDate": "2021-09-05",
"status": "OPEN",
"time": 1630800000000,
"alertUuid": "93de3f9b-fc34-4cab-9e58-916a368fa546"
}
]
}
|
...