| Table of Contents | ||||
|---|---|---|---|---|
|
Overview
This resource represents reports.
This topic showcases the API requests and responses for getting the following types of reports:
...
Inventory report for an organization, product or project
...
Source File Inventory report for an organization, product or project
...
Due Diligence report for an organization, product or project
...
Product Comparison report
...
Project Comparison report
...
Custom Attribute Values report for an organization, product or project
...
Library Location report for an organization or product
...
License Compatibility report for a product or project
...
Effective Licenses report for an organization or product
...
In-House report for an organization, product or project
...
Risk report in PDF format for an organization, product or project
...
Vulnerabilities report for an organization, product or project
...
Container Vulnerabilities report for an organization or cluster
...
Effective Usage Analysis report
...
Alerts report for an organization, product or project
...
Ignored Alerts report for an organization, product or project
...
Resolved Alerts report for an organization, product or project
...
Change Log History report
...
Request History report for an organization, product or project
...
Plugin Request History report
...
Members report for an organization, product or project
...
getOrganizationAlertsReport, getProductAlertsReport, getProjectAlertsReport
getOrganizationIgnoredAlertsReport, getProductIgnoredAlertsReport, getProjectIgnoredAlertsReport
getOrganizationResolvedAlertsReport, getProductResolvedAlertsReport, getProjectResolvedAlertsReport
Get Inventory Report
The Inventory report provides a BOM (Bill Of Materials) of all open source libraries in the account. It can present libraries by organization as well as by product (application).
This API request enables you to export organization, product or project-level inventory reports in Excel (xlsx), XML (xml) or JSON (json) format. The default format is Excel (xlsx).
Organization
Get Inventory report for an organization.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns an Inventory report for an organization.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
orgToken
...
API key which is a unique identifier of the organization.
...
string
...
Yes
...
format
...
Requested format of the report. Options are: xlsx (default), xml, or json.
...
string
...
Yes
...
extraLibraryFields
...
Date that the library was last released.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getOrganizationInventoryReport",
"userKey": "user_key",
"orgToken" : "organization_api_key",
"format" : "xml",
"extraLibraryFields": ["releaseDate"]
} |
Response in XML Format
| Code Block |
|---|
<?xml version="1.0" encoding="UTF-8"?>
<inventory>
<library>
<name>json-schema-0.2.3.tgz</name>
<group>json-schema</group>
<artifact>json-schema-0.2.3.tgz</artifact>
<version>0.2.3</version>
<type>javascript/Node.js</type>
<sha1>b480c892e59a2f05954ce727bd3f2a4e882f9e13</sha1>
<description>JSON Schema validation and specifications</description>
<licenses>
<license>Academic 2.1</license>
<license>BSD 3</license>
</licenses>
<matchType>Filename Match</matchType>
<projects>
<project>tenantmetaserv (transitiveDependency)</project>
</projects>
<attribute name="att7"/>
</library>
....... |
Response in JSON Format
| Code Block |
|---|
{
"libraries": [
{
"keyUuid": "36466e69-bda1-43d3-9962-6f3a341720b9",
"type": "javascript/Node.js",
"productName": "Platform_Develop",
"projectName": "tenantmetaserv",
"description": "JSON Schema validation and specifications",
"directDependency": false,
"matchType": "Filename Match",
"sha1": "b480c892e59a2f05954ce727bd3f2a4e882f9e13",
"name": "json-schema-0.2.3.tgz",
"artifactId": "json-schema-0.2.3.tgz",
"version": "0.2.3",
"groupId": "json-schema",
"licenses": [
{
"name": "Academic 2.1",
"references": []
},
{
"name": "BSD 3",
"references": []
}
]
}
]
} |
Product
Get Inventory report for a product.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns an Inventory report for a specific product.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
productToken
...
Unique identifier of the product.
...
string
...
Yes
...
format
...
Requested format of the report. Options are: xlsx (default), xml, or json.
...
string
...
Yes
...
extraLibraryFields
...
Date that the library was last released.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getProductInventoryReport",
"userKey": "user_key",
"productToken" : "product_token",
"format" : "json",
"extraLibraryFields": ["releaseDate"]
} |
Response Example (JSON)
| Code Block |
|---|
{
"libraries": [
{
"keyUuid": "a36b133a-3323-498a-9752-cea250ac27e1",
"type": "Source Library",
"productName": "git",
"projectName": "my-proj",
"description": "The core git plumbing",
"directDependency": true,
"matchType": "Best Match",
"sha1": "d0654dc308b0ba76dd8ed7bbb33c8d8f7aacd783",
"name": "git-v2.25.0",
"artifactId": "git",
"version": "v2.25.0",
"groupId": "Junio C. Hamano",
"licenses": [
{
"name": "GPL 3.0",
"references": []
},
{
"name": "LGPL 2.1",
"references": []
},
{
"name": "GPL 2.0",
"references": []
}
]
},
..... |
Project
Get Inventory report for a project.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns an Inventory report for a specific project.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
projectToken
...
Unique identifier of the project.
...
string
...
Yes
...
format
...
Requested format of the report. Options are: xlsx (default), xml, or json.
...
string
...
Yes
...
extraLibraryFields
...
Date that the library was last released.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getProjectInventoryReport",
"userKey": "user_key",
"projectToken" : "project_token",
"format" : "json",
"extraLibraryFields": ["releaseDate"]
} |
Response Example (JSON)
| Code Block |
|---|
{
"libraries": [
{
"keyUuid": "a70b1eea-b140-4d96-8eda-670efe697f7b",
"type": "Java",
"productName": "My Product",
"projectName": "WST_468",
"description": "Groovy: A powerful, dynamic language for the JVM",
"directDependency": true,
"matchType": "Exact Match",
"sha1": "5396699e9d96c5c75d75ae95aa49acd5af048aac",
"name": "groovy-all-1.8.9.jar",
"artifactId": "groovy-all",
"version": "1.8.9",
"groupId": "org.codehaus.groovy",
"licenses": [
{
"name": "Apache 2.0",
"references": []
}
]
},
{
"keyUuid": "8929e5db-a6cd-4c89-8e75-d1998cc5305f",
"type": "Java",
"productName": "My Product",
"projectName": "WST_468",
"description": "Guava is a suite of core and expanded libraries that include\n utility classes, google's collections, io classes, and much\n much more.\n\n Guava has only one code dependency - javax.annotation,\n per the JSR-305 spec.",
"directDependency": true,
"matchType": "Exact Match",
"sha1": "cce0823396aa693798f8882e64213b1772032b09",
"name": "guava-18.0.jar",
"artifactId": "guava",
"version": "18.0",
"groupId": "com.google.guava",
"licenses": [
{
"name": "Apache 2.0",
"references": []
}
]
},
...... |
Get Source File Inventory Report
The Source File Inventory report enables you to view source files that are matched to a library in your inventory.
This API request enables you to get organization, product or project-level source file inventory reports in Excel (xlsx) or JSON (json) format.
Organization
Get Source File Inventory report for an organization.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a Source File Inventory report for an organization.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
orgToken
...
API key which is a unique identifier of the organization.
...
string
...
Yes
...
format
...
Requested format of the report. Options are: xlsx (default) or json.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getOrganizationSourceFileInventoryReport",
"userKey": "user_key",
"orgToken" : "organization_api_key",
"format" : "json"
} |
Response in JSON Format
| Code Block |
|---|
{
"sourceFiles": [
{
"library": {
"artifactId": "git",
"version": "v2.25.0",
"licenses": [
{
"name": "GPL 3.0",
"references": []
},
{
"name": "GPL 2.0",
"references": []
},
{
"name": "LGPL 2.1",
"references": []
}
]
},
"filename": "abspath.c",
"sha1": "d6215949ebe7cc6ddfcb103e9657057bcb8fbaa1",
"path": "C:\\Users\\TaliaSela\\Projects\\git\\abspath.c",
"productName": "git",
"projectName": "my-proj",
"lastUpdatedDate": "2020-02-03 20:45:38",
"matchType": "AUTOMATIC"
}
]
} |
Response in Excel Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Product
Get Source File Inventory report for a product.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a Source File Inventory report for a product.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
productToken
...
Unique identifier of the product.
...
string
...
Yes
...
format
...
Requested format of the report. Options are: xlsx (default) or json.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getProductSourceFileInventoryReport",
"userKey": "user_key",
"productToken" : "product_token",
"format" : "json"
} |
Response in JSON Format
| Code Block |
|---|
{
"sourceFiles": [
{
"library": {
"artifactId": "portofino",
"version": "portofino-4.2.8-javadoc",
"licenses": [
{
"name": "LGPL 3.0",
"references": []
}
]
},
"filename": "script.js",
"sha1": "a6717beac050d49869c234af4e409404b5593260",
"path": "/RxJava/build/docs/javadoc/io/reactivex/rxjava3/functions/../../../../script.js",
"productName": "GH_1_RxJava",
"projectName": "GH_RxJava",
"lastUpdatedDate": "2016-09-11 21:52:01",
"matchType": "AUTOMATIC"
}
]
} |
Response in Excel Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Project
Get Source File Inventory report for a project.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a Source File Inventory report for a project.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
projectToken
...
Unique identifier of the project.
...
string
...
Yes
...
format
...
Requested format of the report. Options are: xlsx (default) or json.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getProjectSourceFileInventoryReport",
"userKey": "user_key",
"projectToken" : "project_token",
"format" : "json"
} |
Response Example (JSON)
| Code Block |
|---|
{
"sourceFiles": [
{
"library": {
"artifactId": "cloudify-cli",
"version": "20.01.05",
"licenses": [
{
"name": "Apache 2.0",
"references": []
}
]
},
"filename": "agents.py",
"sha1": "c463e1aeeb420afa0dfd4d25b9794a3b2bc0810a",
"path": "C:\\Users\\TaliaSela\\Projects\\cloudify-cli\\cloudify_cli\\commands\\agents.py",
"productName": "Cfy",
"projectName": "cloudify_cli",
"lastUpdatedDate": "2020-02-17 17:59:19",
"matchType": "AUTOMATIC"
},
{
"library": {
"artifactId": "cloudify-cli",
"version": "20.01.05",
"licenses": [
{
"name": "Apache 2.0",
"references": []
}
]
},
"filename": "blueprints.py",
"sha1": "cd0def3e5802cce428f54d141a8be9aec99ffc73",
"path": "C:\\Users\\TaliaSela\\Projects\\cloudify-cli\\cloudify_cli\\commands\\blueprints.py",
"productName": "Cfy",
"projectName": "cloudify_cli",
"lastUpdatedDate": "2020-02-17 17:59:19",
"matchType": "AUTOMATIC"
},
...... |
Response Format (xlsx)
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Get Due Diligence Report
This report provides due diligence related information for each open-source library in order to comply with the relevant legal requirements. For details, see the Due Diligence Report.
The API request enables you to get organization, product, or project-level Due Diligence reports in Excel (xlsx), XML (xml), or JSON (json) format.
Organization
Get Due Diligence report for an organization.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a Due Diligence report for an organization.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
orgToken
...
API key which is a unique identifier of the organization.
...
string
...
Yes
...
format
...
Requested format of the report. Options are: xlsx (default) or json.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getOrganizationDueDiligenceReport",
"userKey": "user_key",
"orgToken" : "organization_api_key",
"format" : "xlsx"
} |
Response in Excel Format
The response to the above example in xlsx format will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Response in JSON Format
| Code Block |
|---|
{
"licenses": [
{
"type": "Open Source",
"riskScore": 39,
"library": "commons-beanutils-1.8.0.jar",
"reference": "https://repo.maven.apache.org/maven2/commons-beanutils/commons-beanutils/1.8.0/commons-beanutils-1.8.0.pom",
"copyright": "2000-2008 Copyright 2000-2008 The Apache Software Foundation",
"homepage": "http://www.apache.org/",
"author": "The Apache Software Foundation",
"projectName": "Demo Data",
"productName": "Demo Product",
"reference_type": "POM file",
"name": "Apache 2.0"
},
{
"type": "Open Source",
"riskScore": 39,
"library": "commons-logging-1.1.1.jar",
"reference": "https://repo.maven.apache.org/maven2/commons-logging/commons-logging/1.1.1/commons-logging-1.1.1.pom",
"copyright": "2001-2007 Copyright 2001-2007 The Apache Software Foundation",
"homepage": "http://www.apache.org/",
"author": "The Apache Software Foundation",
"projectName": "Demo Data",
"productName": "Demo Product",
"reference_type": "POM file",
"name": "Apache 2.0"
}
]
} |
Product
Get Due Diligence report for a product.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a Due Diligence report for a specific product.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
productToken
...
Unique identifier of the product.
...
string
...
Yes
...
format
...
Requested format of the report. Options are: xlsx (default), xml, or json.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getProductDueDiligenceReport",
"userKey": "user_key",
"productToken" : "product_token",
"format" : "json"
} |
Response in JSON Format
| Code Block |
|---|
{
"licenses": [
{
"type": "Open Source",
"riskScore": 39,
"library": "commons-beanutils-1.8.0.jar",
"reference": "https://repo.maven.apache.org/maven2/commons-beanutils/commons-beanutils/1.8.0/commons-beanutils-1.8.0.pom",
"copyright": "2000-2008 Copyright 2000-2008 The Apache Software Foundation",
"homepage": "http://www.apache.org/",
"author": "The Apache Software Foundation",
"projectName": "Demo Data",
"productName": "Demo Product",
"reference_type": "POM file",
"name": "Apache 2.0"
},
{
"type": "Open Source",
"riskScore": 39,
"library": "commons-logging-1.1.1.jar",
"reference": "https://repo.maven.apache.org/maven2/commons-logging/commons-logging/1.1.1/commons-logging-1.1.1.pom",
"copyright": "2001-2007 Copyright 2001-2007 The Apache Software Foundation",
"homepage": "http://www.apache.org/",
"author": "The Apache Software Foundation",
"projectName": "Demo Data",
"productName": "Demo Product",
"reference_type": "POM file",
"name": "Apache 2.0"
}
]
}
|
Response in Excel Format
The response to the above example in xlsx format will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Project
Get Due Diligence report for a product.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a Due Diligence report for a specific project.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
projectToken
...
Unique identifier of the project.
...
string
...
Yes
...
format
...
Requested format of the report. Options are: xlsx (default), xml, or json.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getProjectDueDiligenceReport",
"userKey": "user_key",
"projectToken" : "project_token",
"format" : "json"
} |
Response in JSON Format
| Code Block |
|---|
{
"licenses": [
{
"type": "Closed Source",
"library": "wss-unified-agent.jar",
"reference": "http://whitesourcesoftware.com/",
"copyright": "Unspecified Copyright",
"projectName": "temp",
"productName": "Demo Product",
"reference_type": "Project home page",
"name": "Suspected Proprietary"
}
]
} |
Response in Excel Format
The response to the above request in xlsx format will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Get Attribution Report
The Attribution Report details compliance information on open source software components managed in Mend products and projects.
This API request allows users to get the exported version of the Attribution report, at the product or project-level scope, in HTML or text format.
Product
Get Attribution Report for a product.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns an Attribution report with for a specific product.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
productToken
...
Unique identifier of the product.
...
string
...
Yes
...
reportHeader
...
Report header - default value is Attribution Report.
...
string
...
No
...
reportTitle
...
Text that you want to appear in the report title.
...
string
...
No
...
reportFooter
...
Text that you want to appear in the footer of the report.
...
string
...
No
...
reportingScope
...
Scope of the information to be included in the report. By default, the following:
Summary
Licenses
Copyrights
Notices
Primary attributes
...
string
...
No
...
reportingAggregationMode
...
How to group the information in the report - according to the library (i.e. BY_COMPONENT) or by project (BY_PROJECT).
...
string
...
Yes
...
missingLicenseDisplayOption
...
What to write if the license is missing. Options are: “BLANK” (default) or “GENERIC_LICENSE”.
...
string
...
No
...
exportFormat
...
Format of exported report: TXT, HTML, or JSON. Case insensitive.
...
string
...
No
...
licenseReferenceTextPlacement
...
LICENSE_SECTION (default) or APPENDIX_SECTION.
...
string
...
No
...
customAttribute
...
Name of custom attribute for the product.
...
string
...
No
...
includeVersions
...
“true” (default) or “false”. If set to “false”, the report will not include the “version” field.
...
boolean
...
No
Request Example
...
| Code Block |
|---|
{
"requestType": "getProductAttributionReport",
"productToken" : "product_token",
"userKey": "user_key",
"reportHeader": "header_text", // Default "Attribution Report"
"reportTitle": "title_text", // Default ""
"reportFooter": "footer_text", // Default ""
"reportingScope": ( SUMMARY | LICENSES | COPYRIGHTS | NOTICES | PRIMARY_ATTRIBUTES), // Default all options (SUMMARY, LICENSES, COPYRIGHTS, NOTICES, PRIMARY_ATTRIBUTES)
"reportingAggregationMode": ( BY_COMPONENT | BY_PROJECT ), // Mandatory
"missingLicenseDisplayOption": ( BLANK | GENERIC_LICENSE ), // Default "BLANK"
"exportFormat": ( TXT | HTML | JSON ), // Case insensitive
"licenseReferenceTextPlacement": ( LICENSE_SECTION | APPENDIX_SECTION ), // Default "LICENSE_SECTION"
"customAttribute": "custom_attribute_name",
"includeVersions": "false" // Optional parameter, default value is "true". If set to "false", the attribution report will not include the field "version".
} |
Response Format
The response is in text or HTML formats.
Project
Get Attribution Report for a project.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns an Attribution report with for a specific project.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
projectToken
...
Unique identifier of the project.
...
string
...
Yes
...
reportHeader
...
Report header - default value is Attribution Report.
...
string
...
No
...
reportTitle
...
Text that you want to appear in the report title.
...
string
...
No
...
reportFooter
...
Text that you want to appear in the footer of the report.
...
string
...
No
...
reportingScope
...
Scope of the information to be included in the report. By default, the following:
Summary
Licenses
Copyrights
Notices
Primary attributes
...
string
...
No
...
reportingAggregationMode
...
How to group the information in the report - according to the library (i.e. BY_COMPONENT) or by project (BY_PROJECT).
...
string
...
Yes
...
missingLicenseDisplayOption
...
What to write if the license is missing. Options are: “BLANK” (default) or “GENERIC_LICENSE”.
...
string
...
No
...
exportFormat
...
Format of exported report: TXT, HTML, or JSON. Case insensitive.
...
string
...
No
...
licenseReferenceTextPlacement
...
LICENSE_SECTION (default) or APPENDIX_SECTION.
...
string
...
No
...
customAttribute
...
Name of custom attribute for the project.
...
string
...
No
...
includeVersions
...
“true” (default) or “false”. If set to “false”, the report will not include the “version” field.
...
boolean
...
No
Request Example
...
| Code Block |
|---|
{
"requestType": "getProjectAttributionReport",
"projectToken" : "project_token",
"userKey": "user_key",
"reportHeader": "header_text", // Default "Attribution Report"
"reportTitle": "title_text", // Default ""
"reportFooter": "footer_text", // Default ""
"reportingScope": ( SUMMARY | LICENSES | COPYRIGHTS | NOTICES | PRIMARY_ATTRIBUTES ), // Default all options (SUMMARY, LICENSES, COPYRIGHTS, NOTICES, PRIMARY_ATTRIBUTES)
"reportingAggregationMode": ( BY_COMPONENT | BY_PROJECT ), // Mandatory
"missingLicenseDisplayOption": ( BLANK | GENERIC_LICENSE ), // Default "BLANK"
"exportFormat": ( TXT | HTML | JSON ), // Case insensitive
"licenseReferenceTextPlacement": ( LICENSE_SECTION | APPENDIX_SECTION ), // Default "LICENSE_SECTION"
"customAttribute": "custom_attribute_name",
"includeVersions": "true" // Optional parameter, default value is "true". If set to "false", the attribution report will not include the field "version".
} |
Response Format
The response is in text or HTML format.
Get Product Comparison Report
The Product Comparison report enables you to compare library and license information (such as, number of license occurrences) between two products.
This API request enables you to get a product comparison report in Excel format.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a product comparison report between two products.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
productToken
...
Unique identifier of the first product.
...
string
...
Yes
...
productToken2
...
Unique identifier of the second product.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getProductComparisonReport",
"userKey": "user_key",
"productToken" : "product_token",
"productToken2" : "product_token2"
} |
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product>-<product2>-product-comparison.xlsx
Get Project Comparison Report
The Project Comparison report enables you to compare library and license information (such as, number of license occurrences) between two projects (in the same product or different products).
This API request enables you to get a project comparison report in Excel format.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a project comparison report between two projects.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
projectToken
...
Unique identifier of the first project.
...
string
...
Yes
...
projectToken2
...
Unique identifier of the second project.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getProjectComparisonReport",
"userKey": "user_key",
"projectToken" : "project_token",
"projectToken2" : "project_token2"
} |
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<project>-<project2>-project-comparison.xlsx
Get Custom Attribute Values Report
Custom attributes provide the option for adding customized metadata on a library and then filtering according to custom attribute values in the Attributes Report.
This API request returns a list of all custom attributes along with their set values for each library. This request is available at the organization, product, or project-level.
Organization
Get all custom attributes with their values for an organization.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns custom attributes with their values for a specific organization.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
orgToken
...
API key which is a unique identifier of the organization.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType":"getOrganizationCustomAttributeValues",
"userKey": "user_key",
"orgToken": "organization_api_key"
} |
Response Example
The response is a JSON collection of all the custom attributes in the organization with their values per library. For example:
| Code Block |
|---|
{
"libraries": [
{
"keyUuid": "5c71b215-300f-49f4-99ab-98dad0a7727f",
"customAttributeValues": [
{
"attributeKey": "att4",
"attributeValue": "aaaaa",
"context": "Organizational",
"contextId": 546628,
"contextName": "Talia Playground",
"contextToken": "context_token"
},
{
"attributeKey": "description",
"attributeValue": "This is an org level attribute value",
"context": "Organizational",
"contextId": 546628,
"contextName": "Talia Playground",
"contextToken": "context_token"
},
{
"attributeKey": "att2",
"attributeValue": "att2att2",
"context": "Organizational",
"contextId": 546628,
"contextName": "Talia Playground",
"contextToken": "context_token"
}
]
}
]
} |
Product
Get all custom attributes with their values for a product.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns custom attributes with their values for a specific product.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
productToken
...
Unique identifier of the product.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType":"getProductCustomAttributeValues",
"productToken": "product_key",
"userKey": "user_Key"
} |
Response Example
The response is a JSON collection of all the custom attributes with their values for the specific product. For example:
| Code Block |
|---|
{
"libraries": [
{
"keyUuid": "541df6e9-a095-4ca1-9252-13696ae290dc",
"customAttributeValues": [
{
"attributeKey": "att9",
"attributeValue": "sdfsd",
"context": "Organizational",
"contextId": 546628,
"contextName": "Talia Playground",
"contextToken": "context_token"
},
{
"attributeKey": "descrpition",
"attributeValue": "This is an org level attribute value",
"context": "Organizational",
"contextId": 546628,
"contextName": "Talia Playground",
"contextToken": "context_token"
},
{
"attributeKey": "att2",
"attributeValue": "att2att2",
"context": "Organizational",
"contextId": 546628,
"contextName": "Talia Playground",
"contextToken": "context_token"
}
]
}
]
} |
Project
Get all custom attributes with their values for a project.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns custom attributes with their values for a specific project.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
projectToken
...
Unique identifier of the project.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType":"getProjectCustomAttributeValues",
"userKey": "user_key",
"projectToken": "project_token"
} |
Response Example
The response is a JSON collection of all the custom attributes with their values for the specific project. For example:
...
| Code Block |
|---|
{
"libraries": [
{
"keyUuid": "541df6e9-a095-4ca1-9252-13696ae290dc",
"customAttributeValues": [
{
"organizationAttr0": "valueX",
"context": "Organizational",
"contextId": 2133534,
"contextToken": "context_token",
"contextName": "ACME Corporation"
},
{
"productAttr1": "valueA",
"context": "Product",
"contextId": 989795,
"contextToken": "context_token",
"contextName": "Product A"
},
{
"projectAtt2": "value",
"context": "Project",
"contextId": 985743395,
"contextToken": "context_token",
"contextName": "Project A"
}
]
}
] |
Get Library Location Report
The Library Location report enables you to view libraries according to the location of the filename match. For details, see Matching Libraries by Filename.
NOTE: Matching libraries by filename must first be enabled via the Admin Integration Page.
This API request enables you to get organization or product-level library location reports in Excel format.
Organization
Get a report of all library locations for an organization in Excel format.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns all library locations for a specific organization.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
orgToken
...
API key which is a unique identifier of the organization.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getOrganizationLibraryLocationReport",
"userKey": "user_key",
"orgToken" : "organization_api_key"
} |
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Product
Get a report of all library locations for a specific product in Excel format.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns library locations for a specific product.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
productToken
...
Unique identifier of the product.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getProductLibraryLocationReport",
"userKey": "user_key",
"productToken" : "product_token"
} |
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Get License Compatibility Report
License compatibility is a legal framework that allows for libraries with different software licenses to be distributed together in the same product or project. The License Compatibility Report provides information on the incompatibility of library licenses in a project or product.
Product
Get the compatibility of libraries with different software licenses distributed together in the same product, in Excel format.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a compatibility report of library licenses in a product.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
productToken
...
Unique identifier of the product.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getProductLicenseCompatibilityReport",
"productToken" : "product_token",
"userKey": "user_key"
} |
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename*=UTF-8''<Product Name>-license-compatibility-report.xlsx
Project
Get the compatibility of libraries with different software licenses distributed together in the same project, in Excel format.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a compatibility report of library licenses in a project.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
projectToken
...
Unique identifier of the project.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getProjectLicenseCompatibilityReport",
"projectToken" : "project_token",
"userKey": "user_key"
} |
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename*=UTF-8''<Project Name>-license-compatibility-report.xlsx
Get Effective Licenses Report
The Effective Licenses report tracks the assignments of licenses to libraries in the inventory. Once a license is selected by a user, it will be considered that library's "effective" license from then on. This report shows information about actual library licensing and its original licenses.
This API request enables you to get organization or product-level Effective Licenses reports in Excel format.
Organization
Get a report of all Effective Licenses for an organization in Excel format.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns all Effective Licenses for a specific organization.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
orgToken
...
API key which is a unique identifier of the organization.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getOrganizationEffectiveLicensesReport",
"userKey": "user_key",
"orgToken" : "organization_api_key"
} |
Response Format (Excel)
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
For example:
...
Product
Get a report of all Effective Licenses for a product in Excel format.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns all Effective Licenses for a specific product.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
productToken
...
Unique identifier of the product.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getProductEffectiveLicensesReport",
"userKey": "user_key",
"productToken" : "product_token"
} |
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Get In-House Report
The In-House report provides information on all the In-House libraries in the selected scope.
This API request enables you to get organization, product, and project level in-house report(s) in Excel format.
Organization
Get a report about all In-House libraries in an organization.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a report about all In-House libraries for a specific organization.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
orgToken
...
API key which is a unique identifier of the organization.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getOrganizationInHouseReport",
"orgToken" : "organization_api_key",
"userKey": "user_key"
} |
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>-in-house-report.xlsx
For example:
...
Product
Get a report about all In-House libraries in a product.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a report about all In-House libraries in a specific product.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
productToken
...
Unique identifier of the product.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getProductInHouseReport",
"productToken" : "product_token",
"userKey": "user_key"
} |
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>-in-house-report.xlsx
Project
Get a report about all In-House libraries in a project.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a report about all In-House libraries in a specific project.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
projectToken
...
Unique identifier of the project.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getProjectInHouseReport",
"projectToken" : "project_token",
"userKey": "user_key"
} |
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<project name>-in-house-report.xlsx
Get Risk Report
The Risk report provides a view of all aspects of the account's open-source libraries; security, quality and compliance. It can display libraries by organization, as well as by product (application). For details, see the Risk Report.
This API request enables you to export organization, product, or project-level risk reports in PDF format.
Organization
Get Risk report for an organization.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a report about risk in an organization.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
orgToken
...
API key which is a unique identifier of the organization.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getOrganizationRiskReport",
"userKey": "user_key",
"orgToken" : "organization_api_key"
} |
Response Format
The response will have the following headers:
Content-Type = application/pdf
Content-Disposition: attachment; filename=<organization name>.pdf
PDF Example
...
Product
Get Risk report for a product.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a risk report for a specific product.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
productToken
...
Unique identifier of the product.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getProductRiskReport",
"userKey": "user_key",
"productToken" : "product_token"
} |
Response Format
The response will have the following headers:
Content-Type = application/pdf
Content-Disposition: attachment; filename=<product name>.pdf
Project
Get Risk report for a project.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a risk report for a specific project.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
projectToken
...
Unique identifier of the project.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getProjectRiskReport",
"userKey": "user_key",
"projectToken" : "project_token"
} |
Response Format
The response will have the following headers:
Content-Type = application/pdf
Content-Disposition: attachment; filename=<project name>.pdf
Get Vulnerabilities Report
The Vulnerabilities Report contains all relevant information about your vulnerabilities, such as, severity, number of occurrences, library which was found vulnerable, and so on.
This API request enables you to get organization, product or project-level reports in Excel or JSON format.
Organization
Get Vulnerabilities report for an organization.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a Vulnerabilities report for an organization.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
orgToken
...
API key which is a unique identifier of the organization.
...
string
...
Yes
...
format
...
Requested format of the report. Options are: xlsx (default) or json.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getOrganizationVulnerabilityReport",
"userKey": "user_key",
"orgToken" : "organization_api_key",
"format" : "json"
} |
Response Example (JSON)
| Code Block |
|---|
{
"vulnerabilities": [
{
"name": "CVE-2020-13949",
"type": "CVE",
"severity": "high",
"score": "5.0",
"cvss3_severity": "HIGH",
"cvss3_score": "7.5",
"publishDate": "2021-02-12",
"lastUpdatedDate": "2021-10-04",
"scoreMetadataVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"url": "https://vuln.whitesourcesoftware.com/vulnerability/CVE-2020-13949",
"description": "In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.",
"project": "ilanscana4c",
"product": "My Product",
"cvss3Attributes": {
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"userInteraction": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"library": {
"keyUuid": "d573f5fe-808c-49f7-8abb-41062203e3bb",
"filename": "github.com/apache/thrift-v0.13.0",
"type": "GO_PACKAGE",
"description": "Apache Thrift",
"sha1": "688b9a63daf3b038646ecedac2306c89262eccf0",
"name": "github.com/apache/thrift",
"artifactId": "github.com/apache/thrift",
"version": "v0.13.0",
"groupId": "github.com/apache/thrift",
"architecture": "",
"languageVersion": ""
},
"topFix": {
"vulnerability": "CVE-2020-13949",
"type": "UPGRADE_VERSION",
"origin": "WHITESOURCE_EXPERT",
"url": "https://lists.apache.org/thread.html/r43dc2b2e928e9d845b07ac075634cb759d91bb852421dc282f87a74a%40%3Cdev.thrift.apache.org%3E",
"fixResolution": "Upgrade to version v0.14.0",
"date": "2021-02-12 20:15:00",
"message": "Upgrade to version",
"extraData":"{\"packageLevelFix\":[{\"cveIdentifier\":\"CVE-2020-13949\",\"packageName\":\"thrift\",\"packageType\":\"ARCHLINUX\",\"affectedVersions\":\"(0.13.0-1)\",\"affectedRange\":\"\>\=0.13.0-1 \<0.14.0-1\",\"minFixVersion\":\"0.14.0-1\"}]}"
},
...... |
Product
Get Vulnerabilities report for a product.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a Vulnerabilities report for a specific product.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
productToken
...
Unique identifier of the product.
...
string
...
Yes
...
format
...
Requested format of the report. Options are: xlsx (default) or json.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getProductVulnerabilityReport",
"userKey": "user_key",
"productToken" : "product_token",
"format" : "json"
} |
Response Example
| Code Block |
|---|
{
"vulnerabilities": [
{
"name": "CVE-2021-3918",
"type": "CVE",
"severity": "high",
"score": "7.5",
"cvss3_severity": "HIGH",
"cvss3_score": "9.8",
"publishDate": "2021-11-13",
"lastUpdatedDate": "2021-11-16",
"scoreMetadataVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"url": "https://vuln.whitesourcesoftware.com/vulnerability/CVE-2021-3918",
"description": "json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')",
"project": "tenantmetaserv",
"product": "Platform_Develop",
"cvss3Attributes": {
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"userInteraction": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"library": {
"keyUuid": "36466e69-bda1-43d3-9962-6f3a341720b9",
"filename": "json-schema-0.2.3.tgz",
"type": "NODE_PACKAGED_MODULE",
"description": "JSON Schema validation and specifications",
"sha1": "b480c892e59a2f05954ce727bd3f2a4e882f9e13",
"name": "json-schema",
"artifactId": "json-schema-0.2.3.tgz",
"version": "0.2.3",
"groupId": "json-schema",
"architecture": "",
"languageVersion": ""
},
"topFix": {
"vulnerability": "CVE-2021-3918",
"type": "UPGRADE_VERSION",
"origin": "WHITESOURCE_EXPERT",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3918",
"fixResolution": "Upgrade to version json-schema - 0.4.0",
"date": "2021-11-13 09:15:00",
"message": "Upgrade to version",
"extraData":"{\"packageLevelFix\":[{\"cveIdentifier\":\"CVE-2021-3918\",\"packageName\":\"json-schema\",\"packageType\":\"NPM\",\"affectedVersions\":\"(0.2.0, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.3.0)\",\"affectedRange\":\"\>\=0.2.0 \<0.4.0\",\"minFixVersion\":\"0.4.0\"}]}"
},
"locations": [
{
"matchType": "Filename Match",
"path": "/var/lib/jenkins-slave/workspace/erf-test-from-separate-file-YECM26EQSNY6A7QYPYEUHXPUJZIMNDBB5D6TE6JUFO437GWBAEEQ/tenantmetaserv/node_modules/json-schema/package.json"
}
]
},
...... |
Project
Get Vulnerabilities report for a project.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a Vulnerabilities report for a specific project.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
projectToken
...
Unique identifier of the project.
...
string
...
Yes
...
format
...
Requested format of the report. Options are: xlsx (default) or json.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getProjectVulnerabilityReport",
"userKey": "user_key",
"projectToken" : "project_token",
"format" : "json"
} |
Response Example
| Code Block |
|---|
{
"vulnerabilities": [
{
"name": "CVE-2016-3092",
"type": "CVE",
"severity": "high",
"score": "7.8",
"cvss3_severity": "HIGH",
"cvss3_score": "7.5",
"publishDate": "2016-07-04",
"lastUpdatedDate": "2021-07-17",
"scoreMetadataVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"url": "https://vuln.whitesourcesoftware.com/vulnerability/CVE-2016-3092",
"description": "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.",
"project": "Demo Data",
"product": "Demo Product",
"cvss3Attributes": {
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"userInteraction": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"library": {
"keyUuid": "2d4e959e-602e-4f94-8c3e-d4c30e36ed7c",
"filename": "commons-fileupload-1.2.1-URBA2209RC1.jar",
"type": "MAVEN_ARTIFACT",
"description": "The FileUpload component provides a simple yet flexible means of adding support for multipart\n file upload functionality to servlets and web applications.",
"sha1": "384faa82e193d4e4b0546059ca09572654bc3970",
"name": "commons-fileupload",
"artifactId": "commons-fileupload",
"version": "1.2.1-URBA2209RC1",
"groupId": "commons-fileupload",
"architecture": "",
"languageVersion": ""
},
"topFix": {
"vulnerability": "CVE-2016-3092",
"type": "UPGRADE_VERSION",
"origin": "WHITESOURCE_EXPERT",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092",
"fixResolution": "Upgrade to version org.apache.tomcat.embed:tomcat-embed-core:9.0.0.M8,8.5.3,8.0.36,7.0.70,org.apache.tomcat:tomcat-coyote:9.0.0.M8,8.5.3,8.0.36,7.0.70,commons-fileupload:commons-fileupload:1.3.2",
"date": "2016-07-04 22:59:00",
"message": "Upgrade to version",
"extraData":"{\"packageLevelFix\":[{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"org.apache.tomcat.embed:tomcat-embed-core\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(7.0.0, 7.0.2, 7.0.4, 7.0.5, 7.0.6, 7.0.8, 7.0.11, 7.0.12, 7.0.14, 7.0.16, 7.0.19, 7.0.20, 7.0.21, 7.0.22, 7.0.23, 7.0.25, 7.0.26, 7.0.27, 7.0.28, 7.0.29, 7.0.30, 7.0.32, 7.0.33, 7.0.34, 7.0.35, 7.0.37, 7.0.39, 7.0.40, 7.0.41, 7.0.42, 7.0.47, 7.0.50, 7.0.52, 7.0.53, 7.0.54, 7.0.55, 7.0.56, 7.0.57, 7.0.59, 7.0.61, 7.0.62, 7.0.63, 7.0.64, 7.0.65, 7.0.67, 7.0.68, 7.0.69)\",\"affectedRange\":\"\>\=7.0.0 \<7.0.70\",\"minFixVersion\":\"7.0.70\"},{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"org.apache.tomcat.embed:tomcat-embed-core\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(9.0.0.M3, 9.0.0.M4, 9.0.0.M6)\",\"affectedRange\":\"\>\=9.0.0.M3 \<9.0.0.M8\",\"minFixVersion\":\"9.0.0.M8\"},{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"org.apache.tomcat.embed:tomcat-embed-core\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(8.0.1, 8.0.3, 8.0.5, 8.0.8, 8.0.9, 8.0.11, 8.0.12, 8.0.14, 8.0.15, 8.0.17, 8.0.18, 8.0.20, 8.0.21, 8.0.22, 8.0.23, 8.0.24, 8.0.26, 8.0.27, 8.0.28, 8.0.29, 8.0.30, 8.0.32, 8.0.33, 8.0.35)\",\"affectedRange\":\"\>\=8.0.1 \<8.0.36\",\"minFixVersion\":\"8.0.36\"},{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"org.apache.tomcat:tomcat-coyote\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(8.5.0, 8.5.2)\",\"affectedRange\":\"\>\=8.5.0 \<8.5.3\",\"minFixVersion\":\"8.5.3\"},{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"org.apache.tomcat.embed:tomcat-embed-core\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(9.0.0.M1)\",\"affectedRange\":\"\>\=9.0.0.M1 \<9.0.0.M10\",\"minFixVersion\":\"9.0.0.M10\"},{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"commons-fileupload:commons-fileupload\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(1.2.2, 1.3, 1.3.1)\",\"affectedRange\":\"\>\=1.2.2 \<1.3.1-jenkins-1\",\"minFixVersion\":\"1.3.1-jenkins-1\"},{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"org.apache.tomcat:tomcat-coyote\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(9.0.0.M3, 9.0.0.M4, 9.0.0.M6)\",\"affectedRange\":\"\>\=9.0.0.M3 \<9.0.0.M8\",\"minFixVersion\":\"9.0.0.M8\"},{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"commons-fileupload:commons-fileupload\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(1.0-beta-1, 1.0-rc1, 1.0, 1.1, 1.1.1, 1.2, 1.2.1)\",\"affectedRange\":\"\>\=1.0-beta-1 \<1.2.1-NODEP\",\"minFixVersion\":\"1.2.1-NODEP\"},{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"org.apache.tomcat.embed:tomcat-embed-core\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(8.5.0, 8.5.2)\",\"affectedRange\":\"\>\=8.5.0 \<8.5.3\",\"minFixVersion\":\"8.5.3\"},{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"org.apache.tomcat:tomcat-coyote\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(9.0.0.M1)\",\"affectedRange\":\"\>\=9.0.0.M1 \<9.0.0.M10\",\"minFixVersion\":\"9.0.0.M10\"},{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"org.apache.tomcat:tomcat-coyote\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(7.0.0, 7.0.2, 7.0.4, 7.0.5, 7.0.6, 7.0.8, 7.0.11, 7.0.12, 7.0.14, 7.0.16, 7.0.19, 7.0.20, 7.0.21, 7.0.22, 7.0.23, 7.0.25, 7.0.26, 7.0.27, 7.0.28, 7.0.29, 7.0.30, 7.0.32, 7.0.33, 7.0.34, 7.0.35, 7.0.37, 7.0.39, 7.0.40, 7.0.41, 7.0.42, 7.0.47, 7.0.50, 7.0.52, 7.0.53, 7.0.54, 7.0.55, 7.0.56, 7.0.57, 7.0.59, 7.0.61, 7.0.62, 7.0.63, 7.0.64, 7.0.65, 7.0.67, 7.0.68, 7.0.69)\",\"affectedRange\":\"\>\=7.0.0 \<7.0.70\",\"minFixVersion\":\"7.0.70\"},{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"org.apache.tomcat:tomcat-coyote\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(8.0.1, 8.0.3, 8.0.5, 8.0.8, 8.0.9, 8.0.11, 8.0.12, 8.0.14, 8.0.15, 8.0.17, 8.0.18, 8.0.20, 8.0.21, 8.0.22, 8.0.23, 8.0.24, 8.0.26, 8.0.27, 8.0.28, 8.0.29, 8.0.30, 8.0.32, 8.0.33, 8.0.35)\",\"affectedRange\":\"\>\=8.0.1 \<8.0.36\",\"minFixVersion\":\"8.0.36\"}]}"
},
....... |
Get Container Vulnerabilities Report
This report displays the vulnerabilities per pod, namespace, and cluster. Users can filter specific resources according to their context in the cluster.
This API request enables you to get Container Vulnerabilities reports at the organizational and cluster level, in Excel or JSON format.
Organization
Get Container Vulnerabilities report for an organization.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a Container Vulnerabilities report for an organization.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
orgToken
...
API key which is a unique identifier of the organization.
...
string
...
Yes
...
format
...
Requested format of the report. Options are: xlsx (default) or json.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getOrganizationContainerVulnerabilityReportRequest",
"userKey": "user_key",
"orgToken" : "org_token",
"format" : "xlsx"
} |
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Cluster
Get Container Vulnerabilities report for a cluster.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a Container Vulnerabilities report at the Cluster level.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
productToken
...
Unique identifier of the product.
...
string
...
Yes
...
format
...
Requested format of the report. Options are: xlsx (default) or json.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getClusterVulnerabilityReportRequest",
"userKey": "user_key",
"productToken" : "product_token",
"format" : "xlsx"
} |
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<cluster name>.xlsx
Get Effective Usage Analysis Report
This API request provides comprehensive analysis results using Effective Usage Analysis (EUA) for selected projects in an organization.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns analysis results for all applicable projects in a specified organization.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
orgToken
...
API key which is a unique identifier of the organization.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType":"getOrganizationEffectiveUsageAnalysis",
"userKey":"user_key",
"orgToken":"organization_api_key"
} |
Response Example
The API response shows the analysis results (JSON format) for all applicable projects in the specified organization (by product). For example:
| Code Block |
|---|
{
"analysisReportDate": "2021-01-24",
"orgName": "org_name",
"products": [
{
"projects": [
{
"libraries": [
{
"name": "xstream-1.4.10.jar",
"keyUuid": "8b0f1465-7a32-4aab-b8c7-3a27ad3ec595",
"groupId": "com.thoughtworks.xstream",
"artifactId": "xstream",
"version": "1.4.10",
"sha1": "dfecae23647abc9d9fd0416629a4213a3882b101",
"analysisDateTime": "2020-09-15",
"impactAnalysisStatus": "DATA_UNAVAILABLE",
"impactAnalysisResult": "High (1?);Medium (0)",
"resultingShield": "GREY",
"vulnerabilities": [
{
"name": "CVE-2020-26258",
"type": "CVE",
"severity": "medium",
"score": 5.0,
"publishDate": "2020-12-16",
"url": "https://vuln.whitesourcesoftware.com//CVE-2020-26258",
"description": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request can be activated when unmarshalling. The may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported does not exist if running Java 15 or higher. No user is affected who followed the recommendation to setup XStream's Security Framework with a whitelist! Anyone relying on XStream's default blacklist can immediately switch to a whilelist for the allowed types to avoid the . Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories.",
"topFix": {
"": "CVE-2020-26258",
"type": "CHANGE_FILES",
"origin": "GITHUB_COMMIT",
"url": "https://github.com/x-stream/xstream/commit/ecc111cf22039eb9edcaec68dec05506b67e9382",
"fixResolution": "Replace or update the following files: website.xml, CVE-2020-26258.html, changes.html, security.html",
"date": "2020-12-18",
"message": "Fix and document CVE-2020-26258."
},
"impactAnalysis": {
"references": []
}
}
...... |
Get Alerts Report
The Alerts report presents you with valuable information about the libraries (components) in your products and organizations.
This API request enables you to export organization, product or project-level source file alert reports in Excel (xlsx), XML (xml) or JSON (json) format.
Organization
Get Alerts report for an organization.
NOTE: For customers who have enabled Vulnerability-based Alerting (see Security Alerts: View By Vulnerability), this API will not be available.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a report for all the alerts in an organization.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
orgToken
...
API key which is a unique identifier of the organization.
...
string
...
Yes
...
format
...
Requested format of the report. Options are: xlsx (default), xml, or json.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getOrganizationAlertsReport",
"userKey": "user_key",
"orgToken" : "organization_api_key",
"format" : "xlsx"
} |
Response in Excel Format
The response to the above example in xlsx format will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Response in XML Format
| Code Block |
|---|
<?xml version="1.0" encoding="UTF-8"?>
<alerts>
<alert>
<creationTime>15-12-2020</creationTime>
<level>Error</level>
<type>Policy Violation</type>
<library>json-1.8.3.gem</library>
<description>Reject effective high sev</description>
<occurrences>
<product>
<id>828898</id>
<name>GH_cloudify-cli</name>
<projects>
<project>
<id>2756788</id>
<name>GH_cloudify-cli</name>
</project>
</projects>
</product>
</occurrences>
<librarytype>Ruby</librarytype>
|
Response in JSON Format
| Code Block |
|---|
{
"alerts": [
{
"type": "REJECTED_BY_POLICY_RESOURCE",
"level": "MAJOR",
"library": {
"keyUuid": "9b64843f-30f8-495f-be41-80601c190380",
"filename": "json-1.8.3.gem",
"type": "RUBY_GEM",
"description": "This is a JSON implementation as a Ruby extension in C.",
"sha1": "dcd00a477bbb8c0c722f68f9c28bc8460a7b1d6f",
"name": "json",
"artifactId": "json-1.8.3.gem",
"version": "1.8.3",
"groupId": "json",
"architecture": "",
"languageVersion": ""
},
"product": "GH_cloudify-cli",
"project": "GH_cloudify-cli",
"directDependency": false,
"description": "Reject effective high sev",
"creation_date": "2020-12-15 14:48:33",
"lastUpdatedDate": "2020-12-15 14:48:33"
}
]
}
|
Product
Get Alerts report for a product.
NOTE: For customers who have enabled Vulnerability-based Alerting (see Security Alerts: View By Vulnerability), this API will not be available.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a report for all the alerts in a specific product.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
productToken
...
Unique identifier of the product.
...
string
...
Yes
...
format
...
Requested format of the report. Options are: xlsx (default), xml, or json.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getProductAlertsReport",
"userKey": "user_key",
"productToken" : "product_token",
"format" : "xlsx"
} |
Response Format
The response to the above request example (xlsx format) will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Project
Get Alerts report for a project.
NOTE: For customers who have enabled Vulnerability-based Alerting (see Security Alerts: View by Vulnerability), this API will not be available.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a report for all the alerts in a specific project.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
projectToken
...
Unique identifier of the project.
...
string
...
Yes
...
format
...
Requested format of the report. Options are: xlsx (default), xml, or json.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getProjectAlertsReport",
"userKey": "user_key",
"projectToken" : "project_token",
"format" : "xlsx"
} |
Response Format
The response to the above request example (xlsx format) will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<project name>.xlsx
Get Ignored Alerts Report
This API request enables you to get an organization, product or project-level Ignored Alerts report, in Excel format.
Organization
Get Ignored Alerts report for an organization.
NOTE: For customers who have enabled Vulnerability-based Alerting (see Security Alerts: View By Vulnerability), this API will not be available.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a report for all Ignored Alerts in an organization.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
orgToken
...
API key which is a unique identifier of the organization.
...
string
...
Yes
...
format
...
Requested format of the report. Options are: xlsx (default) or xml.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getOrganizationIgnoredAlertsReport",
"userKey": "user_key",
"orgToken" : "organization_api_key",
"format" : "xlsx"
} |
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Product
Get Ignored Alerts report for a product.
NOTE: For customers who have enabled Vulnerability-based Alerting (see Security Alerts: View By Vulnerability),), this API will not be available.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a report for all Ignored Alerts in a specific product.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
productToken
...
Unique identifier of the product.
...
string
...
Yes
...
format
...
Requested format of the report. Options are: xlsx (default) or xml.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getProductIgnoredAlertsReport",
"userKey": "user_key",
"productToken" : "product_token",
"format" : "xlsx"
} |
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Project
Get Ignored Alerts report for a project.
NOTE: For customers who have enabled Vulnerability-based Alerting (see Security Alerts: View By Vulnerability), this API will not be available.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a report for all Ignored Alerts in a specific project.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
projectToken
...
Unique identifier of the project.
...
string
...
Yes
...
format
...
Requested format of the report. Options are: xlsx (default) or xml.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getProjectIgnoredAlertsReport",
"userKey": "user_key",
"projectToken" : "project_token",
"format" : "xlsx"
} |
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<project name>.xlsx
Get Alert Resolution Duration Report
NOTE: For customers who have enabled Vulnerability-based Alerting (see Security Alerts: View By Vulnerability), this API will not be available.
This API request enables you to get reports on alerts that were resolved, at the organization, product or project-level.
Organization
Get Resolved Alerts report for an organization.
NOTE: For customers who have enabled Vulnerability-based Alerting (see Security Alerts: View By Vulnerability), this API will not be available.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a report for all Resolved Alerts in an organization.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
orgToken
...
API key which is a unique identifier of the organization.
...
string
...
Yes
...
format
...
Requested format of the report. Options are: xlsx (default) or xml.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getOrganizationResolvedAlertsReport",
"userKey": "user_key",
"orgToken" : "organization_api_key",
"format" : "xlsx"
} |
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Product
Get Resolved Alerts report for a product.
NOTE: For customers who have enabled Vulnerability-based Alerting (see Security Alerts: View By Vulnerability), this API will not be available.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a report for all Resolved Alerts in a specific product.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
productToken
...
Unique identifier of the product.
...
string
...
Yes
...
format
...
Requested format of the report. Options are: xlsx (default) or xml.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getProductResolvedAlertsReport",
"userKey": "user_key",
"productToken" : "product_token",
"format" : "xlsx"
} |
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Project
Get Resolved Alerts report for a project.
NOTE: For customers who have enabled Vulnerability-based Alerting (see Security Alerts: View By Vulnerability), this API will not be available.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a report for all Resolved Alerts in a specific project.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
projectToken
...
Unique identifier of the project.
...
string
...
Yes
...
format
...
Requested format of the report. Options are: xlsx (default) or xml.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getProjectResolvedAlertsReport",
"userKey": "user_key",
"projectToken" : "project_token",
"format" : "xlsx"
} |
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<project name>.xlsx
Get Change Log History Report
The Change Log History report provides up-to-date details on manual changes made by either Mend or its users. This report can only be accessed by the organization's administrator(s).
This API request enables you to get organization-level Change Log History in Excel format.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a Change Log History report for an organization.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
orgToken
...
API key which is a unique identifier of the organization.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType":"getChangeLogHistoryReport"
"userKey": "user_key",
"orgToken": "organization_api_key",
} |
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=response.xlsx
Get Request History Report
This report lists all the organization's requests in all statuses.
This API request enables you to get organization, product or project-level request history reports in Excel format.
Organization
Get Request History report for an organization.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a history report of all requests for an organization.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
orgToken
...
API key which is a unique identifier of the organization.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getOrganizationRequestHistoryReport",
"userKey": "user_key",
"orgToken" : "organization_api_key"
} |
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Product
Get Request History report for a product.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a history report of all requests for a specific product.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
productToken
...
Unique identifier of the product.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getProductRequestHistoryReport",
"userKey": "user_key",
"productToken" : "product_token"
} |
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Project
Get Request History report for a project.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a history report of all requests for a specific project.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
projectToken
...
Unique identifier of the project.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getProjectRequestHistoryReport",
"userKey": "user_key",
"projectToken" : "project_token"
} |
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<project name>.xlsx
Get Plugin Request History Report
The Plugin Request History report shows the details of all plugin update requests for an organization, including whether or not there were policy violations.
This API request enables you to get a history report of an organization’s plugin update requests, in Excel format.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a history report of all plugin update requests for an organization.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
orgToken
...
API key which is a unique identifier of the organization.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getPluginRequestHistoryReport",
"userKey": "user_key",
"orgToken" : "organization_api_key"
} |
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Get Members Report
This report provides information about the members in an organization, such as, email address and number of pending requests assigned to them.
This API request enables you to get Members reports at the organization, product or project-level, in Excel format.
Organization
Get Members report for an organization.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a report of all members in an organization.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
orgToken
...
API key which is a unique identifier of the organization.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getOrganizationMembersReport",
"userKey": "user_key",
"orgToken" : "organization_api_key"
} |
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Product
Get Members report for a product.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a report of all members in a product.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
productToken
...
Unique identifier of the product.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getProductMembersReport",
"userKey": "user_key",
"productToken" : "product_token"
} |
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Project
Get Members report for a project.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a report of all members in a project.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
projectToken
...
Unique identifier of the project.
...
string
...
Yes
Request Example
...
| Code Block |
|---|
{
"requestType" : "getProjectMembersReport",
"userKey": "user_key",
"projectToken" : "project_token"
} |
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<project name>.xlsx
Get Security Alerts by Vulnerability Report
NOTE: This API is only supported in organizations that have Vulnerability-based Alerting installed (see Security Alerts: View By Vulnerability).
This API request generates a security alerts report detailed by vulnerability, in the scope of the organization, a specific product or a specific project.
For details of the structure of the security vulnerability alert object, see Security Vulnerability Object.
Organization
Get a report on security alerts by vulnerability for an organization.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a report of all security alerts by vulnerability in an organization.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
orgToken
...
API key which is a unique identifier of the organization.
...
string
...
Yes
...
status
...
Requested status of the alerts: Active, Ignored or Resolved. By default, all statuses are returned.
...
string
...
Yes
...
format
...
Requested format of the report. Options are: xlsx (default), xml, or json.
...
string
...
Yes
Request Example
| Code Block |
|---|
{
"requestType" : "getOrganizationSecurityAlertsByVulnerabilityReport",
"userKey": "user_key",
"orgToken" : "organization_api_key",
"status" : "active",
"format" : "json"
} |
Response Example
| Code Block |
|---|
{
"alerts": [
{
"vulnerabilityId": "CVE-2014-3558",
"libraryName": "hibernate-validator-4.2.0.Final.jar",
"product": "Demo Product",
"project": "Demo Data",
"severity": "MEDIUM",
"cvssType": "CVSS_3",
"cvssScore": "5.3",
"status": "ACTIVE",
"libraryType": "Java",
"creationDate": "2020-03-09 15:28:47",
"modifiedDate": "2020-03-09 15:28:47",
"topFix": {
"vulnerability": "CVE-2014-3558",
"type": "UPGRADE_VERSION",
"origin": "WHITESOURCE_EXPERT",
"url": "https://hibernate.atlassian.net/browse/HV-912",
"fixResolution": "Upgrade to version Upgrade to version Upgrade to version Upgrade to version Upgrade to version org.hibernate:hibernate-validator:4.3.2.Final,5.1.2.Final",
"date": "2014-09-30 14:55:09",
"message": "Upgrade to version",
"extraData":"{\"packageLevelFix\":[{\"cveIdentifier\":\"CVE-2014-3558\",\"packageName\":\"org.hibernate:hibernate-validator\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(5.0.0.Alpha1, 5.0.0.Alpha2, 5.0.0.Beta1, 5.0.0.CR1, 5.0.0.CR2, 5.0.0.CR3, 5.0.0.CR4, 5.0.0.CR5, 5.0.0.Final, 5.0.1.Final, 5.0.2.Final, 5.0.3.Final, 5.1.0.Alpha1, 5.1.0.Beta1, 5.1.0.CR1, 5.1.0.Final, 5.1.1.Final)\",\"affectedRange\":\"\>\=5.0.0.Alpha1 \<5.1.2.Final\",\"minFixVersion\":\"5.1.2.Final\"},{\"cveIdentifier\":\"CVE-2014-3558\",\"packageName\":\"org.apache.servicemix.bundles:org.apache.servicemix.bundles.hibernate-validator\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(5.0.2.Final_1)\",\"affectedRange\":\"\>\=5.0.2.Final_1 \<5.4.2.Final_1\",\"minFixVersion\":\"5.4.2.Final_1\"},{\"cveIdentifier\":\"CVE-2014-3558\",\"packageName\":\"org.hibernate:hibernate-validator\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(4.2.0.Beta1, 4.2.0.Beta2, 4.2.0.CR1, 4.2.0.Final)\",\"affectedRange\":\"\>\=4.2.0.Beta1 \<4.2.0.Final-redhat-1\",\"minFixVersion\":\"4.2.0.Final-redhat-1\"},{\"cveIdentifier\":\"CVE-2014-3558\",\"packageName\":\"org.hibernate:hibernate-validator\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(4.3.0.Alpha1, 4.3.0.Beta1, 4.3.0.CR1, 4.3.0.Final, 4.3.1.Final)\",\"affectedRange\":\"\>\=4.3.0.Alpha1 \<4.3.1.Final-redhat-1\",\"minFixVersion\":\"4.3.1.Final-redhat-1\"}]}"
}
},
{
"vulnerabilityId": "CVE-2013-2186",
"libraryName": "commons-fileupload-1.2.1-URBA2209RC1.jar",
"product": "Demo Product",
"project": "Demo Data",
"severity": "HIGH",
"cvssType": "CVSS_3",
"cvssScore": "7.3",
"status": "ACTIVE",
"libraryType": "Java",
"creationDate": "2020-03-09 15:28:46",
"modifiedDate": "2020-03-09 15:28:46",
"topFix": {
"vulnerability": "CVE-2013-2186",
"type": "UPGRADE_VERSION",
"origin": "WHITESOURCE_EXPERT",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2186",
"fixResolution": "Upgrade to version Upgrade to version Upgrade to version Upgrade to version Upgrade to version 1.3.1",
"date": "2013-10-28 21:55:05",
"message": "Upgrade to version",
"extraData":"{\"packageLevelFix\":[{\"cveIdentifier\":\"CVE-2013-2186\",\"packageName\":\"commons-fileupload:commons-fileupload\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(1.0-beta-1, 1.0-rc1, 1.0, 1.1, 1.1.1, 1.2, 1.2.1)\",\"affectedRange\":\"\>\=1.0-beta-1 \<1.2.1-NODEP\",\"minFixVersion\":\"1.2.1-NODEP\"},{\"cveIdentifier\":\"CVE-2013-2186\",\"packageName\":\"commons-fileupload:commons-fileupload\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(1.2.2, 1.3)\",\"affectedRange\":\"\>\=1.2.2 \<1.3.1\",\"minFixVersion\":\"1.3.1\"}]}"
}
}
]
} |
Product
Get a report on security alerts by vulnerability for a product.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a report of all security alerts by vulnerability for a product.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
productToken
...
Unique identifier of the product.
...
string
...
Yes
...
status
...
Requested status of the alerts: Active, Ignored or Resolved. By default, all statuses are returned.
...
string
...
Yes
...
format
...
Requested format of the report. Options are: xlsx (default), xml, or json.
...
string
...
Yes
Request Example
| Code Block |
|---|
{
"requestType" : "getProductSecurityAlertsByVulnerabilityReport",
"userKey": "user_key",
"productToken" : "product_token",
"status" : "ignored",
"format" : "json"
} |
Response Example
| Code Block |
|---|
{
"alerts": [
{
"vulnerabilityId": "CVE-2016-10173",
"libraryName": "minitar-0.5.4.gem",
"product": "GH_cloudify-cli",
"project": "GH_cloudify-cli",
"severity": "HIGH",
"cvssType": "CVSS_3",
"cvssScore": "7.5",
"status": "ACTIVE",
"libraryType": "Ruby",
"creationDate": "2020-08-02 07:45:22",
"modifiedDate": "2020-08-02 07:45:22",
"topFix": {
"vulnerability": "CVE-2016-10173",
"type": "UPGRADE_VERSION",
"origin": "WHITESOURCE_EXPERT",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10173",
"fixResolution": "Upgrade to version 0.6",
"date": "2017-02-01 15:59:00",
"message": "Upgrade to version",
"extraData":"{\"packageLevelFix\":[{\"cveIdentifier\":\"CVE-2016-10173\",\"packageName\":\"minitar\",\"packageType\":\"RUBY\",\"affectedVersions\":\"(0.5.3, 0.5.4, 0.6)\",\"affectedRange\":\"\>\=0.5.3 \<0.6.1\",\"minFixVersion\":\"0.6.1\"},{\"cveIdentifier\":\"CVE-2016-10173\",\"packageName\":\"archive-tar-minitar\",\"packageType\":\"RUBY\",\"affectedVersions\":\"(0.5.1, 0.5.2, 0.6)\",\"affectedRange\":\"\>\=0.5.1 \<0.6.1\",\"minFixVersion\":\"0.6.1\"}]}"
}
},
{
"vulnerabilityId": "CVE-2017-5946",
"libraryName": "rubyzip-1.1.7.gem",
"product": "GH_cloudify-cli",
"project": "GH_cloudify-cli",
"severity": "HIGH",
"cvssType": "CVSS_3",
"cvssScore": "9.8",
"status": "ACTIVE",
"libraryType": "Ruby",
"creationDate": "2020-08-02 07:45:22",
"modifiedDate": "2020-08-02 07:45:22",
"topFix": {
"vulnerability": "CVE-2017-5946",
"type": "UPGRADE_VERSION",
"origin": "WHITESOURCE_EXPERT",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5946",
"fixResolution": "Upgrade to version 1.2.1",
"date": "2017-02-27 07:59:00",
"message": "Upgrade to version",
"extraData":"{\"packageLevelFix\":[{\"cveIdentifier\":\"CVE-2017-5946\",\"packageName\":\"rubyzip\",\"packageType\":\"RUBY\",\"affectedVersions\":\"(1.0.0, 1.0.0.beta1, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.2.0)\",\"affectedRange\":\"\>\=1.0.0 \<1.2.1\",\"minFixVersion\":\"1.2.1\"}]}"
}
}
]
} |
Project
Get a report on security alerts by vulnerability for a project.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a report of all security alerts by vulnerability for a project.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
projectToken
...
Unique identifier of the project.
...
string
...
Yes
...
status
...
Requested status of the alerts: Active, Ignored or Resolved. By default, all statuses are returned.
...
string
...
Yes
...
format
...
Requested format of the report. Options are: xlsx (default), xml, or json.
...
string
...
Yes
Request Example
| Code Block |
|---|
{
"requestType" : "getProjectSecurityAlertsByVulnerabilityReport",
"userKey": "user_key",
"projectToken" : "project_token",
"status": "active"
"format" : "json"
} |
Response Example
| Code Block |
|---|
{
"alerts": [
{
"vulnerabilityId": "CVE-2018-10237",
"libraryName": "guava-18.0.jar",
"product": "My Product",
"project": "WST_468",
"euaShield": "RED",
"severity": "MEDIUM",
"cvssType": "CVSS_3",
"cvssScore": "5.9",
"status": "ACTIVE",
"libraryType": "Java",
"creationDate": "2021-05-31 14:08:17",
"modifiedDate": "2021-05-31 14:08:17",
"topFix": {
"vulnerability": "CVE-2018-10237",
"type": "UPGRADE_VERSION",
"origin": "WHITESOURCE_EXPERT",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10237",
"fixResolution": "Upgrade to version 24.1.1-jre, 24.1.1-android",
"date": "2018-04-26 21:29:00",
"message": "Upgrade to version",
"extraData":"{\"packageLevelFix\":[{\"cveIdentifier\":\"CVE-2018-10237\",\"packageName\":\"com.google.guava:guava\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(11.0.2-redhat-1, 11.0.2-redhat-2, 12.0-rc1, 12.0-rc2, 12.0, 12.0.1, 13.0-rc1, 13.0-rc2, 13.0, 13.0-final, 13.0.1, 13.0.1-redhat-1, 13.0.1.redhat-2, 13.0.1.redhat-3, 14.0-rc1, 14.0-rc2, 14.0-rc3, 14.0, 14.0.1, 14.0.1.redhat-1, 15.0-rc1, 15.0, 16.0-rc1, 16.0, 16.0.1, 16.0.1.redhat-3, 17.0-rc1, 17.0-rc2, 17.0, 18.0-rc1, 18.0-rc2, 18.0, 18.0.0.redhat-1, 19.0-rc1, 19.0-rc2, 19.0-rc3, 19.0, 19.0.20150826, 19.0.0.jbossorg-1, 19.0.0.jbossorg-2, 19.0.0.redhat-1, 20.0-rc1, 20.0, 20.0-hal, 20.0.0.redhat-1, 21.0-rc1, 21.0-rc2, 21.0, 22.0-rc1, 22.0-rc1-android, 22.0, 22.0-android, 23.0-rc1, 23.0-rc1-android, 23.0, 23.0-android, 23.1-android, 23.1-jre, 23.2-android, 23.2-jre, 23.3-android, 23.3-jre, 23.4-android, 23.4-jre, 23.5-android, 23.5-jre, 23.6-android, 23.6-jre, 23.6.1-android, 23.6.1-jre, 24.0-android, 24.0-jre, 24.1-android, 24.1-jre)\",\"affectedRange\":\"\>\=11.0.2-redhat-1 \<24.1.1-android\",\"minFixVersion\":\"24.1.1-android\"},{\"cveIdentifier\":\"CVE-2018-10237\",\"packageName\":\"org.apache.servicemix.bundles:org.apache.servicemix.bundles.guava\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(11.0.2_1, 11.0.2_2)\",\"affectedRange\":\"\>\=11.0.2_1 \<11_1\",\"minFixVersion\":\"11_1\"},{\"cveIdentifier\":\"CVE-2018-10237\",\"packageName\":\"com.google.guava:guava\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(11.0, 11.0.1, 11.0.2)\",\"affectedRange\":\"\>\=11.0 \<11.0.2-atlassian-01\",\"minFixVersion\":\"11.0.2-atlassian-01\"}]}"
}
},
.......
]
} |
Get Security Alerts by Library Report
NOTE: This API is only supported in organizations that have Vulnerability-based Alerting installed (see Security Alerts: View By Library).
This API request generates a report of all Vulnerability-based alerts that are associated with a specific library, in the scope of the organization, a specific product or a specific project.
Organization
Get a report on security alerts by library for an organization.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a report of all security alerts by library in an organization.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
orgToken
...
API key which is a unique identifier of the organization.
...
string
...
Yes
...
status
...
Requested status of the alerts: Active or Ignored. By default, all statuses are returned.
A library that is marked as "active" has at least 1 active alert; a library that is marked as "ignored" has at least 1 ignored alert.
...
string
...
Yes
...
format
...
Requested format of the report. Options are: xlsx (default), xml, or json.
...
string
...
Yes
Request Example
| Code Block |
|---|
{
"requestType" : "getOrganizationSecurityAlertsByLibraryReport",
"userKey": "user_key",
"orgToken" : "organization_api_key",
"status" : "active",
"format" : "json"
} |
Response in JSON Format
| Code Block |
|---|
{
"alerts": [
{
"libraryName": "hibernate-validator-4.2.0.Final.jar",
"product": "Demo Product",
"project": "Demo Data",
"severity": {
"medium": 2
},
"totalAlerts": 2,
"libraryType": "Java",
"creationDate": "2020-03-09 15:28:47",
"modifiedDate": "2021-06-27 12:04:50"
},
{
"libraryName": "commons-fileupload-1.2.1-URBA2209RC1.jar",
"product": "Demo Product",
"project": "Demo Data",
"severity": {
"high": 5,
"medium": 1
},
"totalAlerts": 6,
"ignoredAlerts": 1,
"libraryType": "Java",
"creationDate": "2020-03-09 15:28:46",
"modifiedDate": "2021-05-30 15:24:44"
},
{
"libraryName": "commons-httpclient-3.1.jar",
"product": "Demo Product",
"project": "Demo Data",
"severity": {
"medium": 1
},
"totalAlerts": 1,
"libraryType": "Java",
"creationDate": "2020-03-09 15:28:46",
"modifiedDate": "2020-03-09 15:28:46"
},
.......
]
} |
Product
Get a report on security alerts by library for a product.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a report of all security alerts by library for a product.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
productToken
...
Unique identifier of the product.
...
string
...
Yes
...
status
...
Requested status of the alerts: Active or Ignored. By default, all statuses are returned.
A library that is marked as "active" has at least 1 active alert; a library that is marked as "ignored" has at least 1 ignored alert.
...
string
...
Yes
...
format
...
Requested format of the report. Options are: xlsx (default), xml, or json.
...
string
...
Yes
Request Example
| Code Block |
|---|
{
"requestType" : "getProductSecurityAlertsByLibraryReport",
"userKey": "user_key",
"productToken" : "product_token",
"status" : "ignored",
"format" : "json"
} |
Response in JSON Format
| Code Block |
|---|
{
"alerts": [
{
"libraryName": "Jinja2-2.10.3-py2.py3-none-any.whl",
"product": "GH_cloudify-cli",
"project": "GH_cloudify-cli",
"severity": {
"medium": 1
},
"totalAlerts": 1,
"ignoredAlerts": 1,
"libraryType": "Python",
"creationDate": "2021-02-02 12:16:51",
"modifiedDate": "2021-02-02 13:47:40"
}
]
} |
Project
Get a report on security alerts by library for a project.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a report of all security alerts by library for a project.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
projectToken
...
Unique identifier of the project.
...
string
...
Yes
...
status
...
Requested status of the alerts: Active or Ignored. By default, all statuses are returned.
A library that is marked as "active" has at least 1 active alert; a library that is marked as "ignored" has at least 1 ignored alert.
...
string
...
Yes
...
format
...
Requested format of the report. Options are: xlsx (default), xml, or json.
...
string
...
Yes
Request Example
| Code Block |
|---|
{
"requestType" : "getProjectSecurityAlertsByLibraryReport",
"userKey": "user_key",
"projectToken" : "project_token",
"status" : "active",
"format" : "json"
} |
Response in JSON Format
| Code Block |
|---|
{
"alerts": [
{
"libraryName": "guava-18.0.jar",
"libraryUuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"product": "My Product",
"project": "WST_468",
"severity": {
"euaShield": "RED",
"medium": 1,
"low": 1
},
"totalAlerts": 2,
"libraryType": "Java",
"creationDate": "2021-05-31 14:08:17",
"modifiedDate": "2021-05-31 14:08:17"
},
{
"libraryName": "groovy-all-1.8.9.jar",
"libraryUuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"product": "My Product",
"project": "WST_468",
"severity": {
"high": 2
},
"totalAlerts": 2,
"libraryType": "Java",
"creationDate": "2021-05-31 14:08:17",
"modifiedDate": "2021-05-31 14:08:17"
}
]
} |
Get License and Compliance Alerts Report
The Licensing and Compliance Alerts report enables you to review alert details for licensing and compliance/quality issues reported for an organization, product or project.
This API request generates a License and Compliance alerts report in the scope of the organization, a specific product or a specific project.
Organization
Get Licensing and Compliance alerts for an organization.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a report of licensing and compliance alerts for an organization.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
orgToken
...
API key which is a unique identifier of the organization.
...
string
...
Yes
...
status
...
Yes status of the alerts: Active, Ignored or Resolved. By default, all statuses are returned.
...
string
...
Yes
...
format
...
Requested format of the report. Options are: xlsx (default), xml, or json.
...
string
...
Yes
Request Example
| Code Block |
|---|
{
"requestType" : "getOrganizationLicenseAndComplianceAlertReport",
"userKey": "user_key",
"orgToken" : "organization_api_key",
"status" : "active",
"format" : "xlsx"
} |
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>-license-and-compliance-alert-report.xlsx
Product
Get Licensing and Compliance alerts for a product.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a report of licensing and compliance alerts for a specific product.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
productToken
...
Unique identifier of the product.
...
string
...
Yes
...
status
...
Yes status of the alerts: Active, Ignored or Resolved. By default, all statuses are returned.
...
string
...
Yes
...
format
...
Requested format of the report. Options are: xlsx (default), xml, or json.
...
string
...
Yes
Request Example
| Code Block |
|---|
{
"requestType" : "getProductLicenseAndComplianceAlertReport",
"userKey": "user_key",
"productToken" : "product_token",
"status" : "ignored",
"format" : "xlsx"
} |
Response Format (xlsx)
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>-license-and-compliance-alert-report.xlsx
Project
Get Licensing and Compliance alerts for a project.
QUERY PARAMETERS
...
Parameter
...
Description
...
Type
...
Required
...
requestType
...
API request type that returns a report of licensing and compliance alerts for a specific project.
...
string
...
Yes
...
userKey
...
The ID of the user’s profile, which uniquely identifies the user in Mend.
...
string
...
Yes
...
projectToken
...
Unique identifier of the project.
...
string
...
Yes
...
status
...
Yes status of the alerts: Active, Ignored or Resolved. By default, all statuses are returned.
...
string
...
Yes
...
format
...
Requested format of the report. Options are: xlsx (default), xml, or json.
...
string
...
Yes
Request Example
| Code Block |
|---|
{
"requestType" : "getProjectLicenseAndComplianceAlertReport",
"userKey": "user_key",
"projectToken" : "project_token",
"status" : "active"
"format" : "json"
} |
Response in JSON Format
| Code Block |
|---|
{
"alerts": [
{
"type": "REJECTED_BY_POLICY_RESOURCE",
"library": {
"keyUuid": "b33c8590-5327-47dc-8de2-92ec8313453f",
"filename": "jcommander-1.72.jar",
"type": "MAVEN_ARTIFACT",
"description": "Command line parsing",
"sha1": "6375e521c1e11d6563d4f25a07ce124ccf8cd171",
"name": "jcommander",
"architecture": "",
"languageVersion": ""
},
"product": "GH_1_RxJava",
"project": "GH_RxJava",
"description": "Reject effective high sev",
"status": "OPEN",
"creation_date": "15-12-2020",
"lastUpdatedDate": "15-12-2020"
}
]
} |
Back to top.This page is available at https://docs.mend.io/bundle/api/page/reports_api_-_synchronous.html