| Table of Contents |
|---|
| Info |
|---|
NOTES:
|
...
| Info |
|---|
Date format in all responses is "yyyy-MM-dd". None of the results are sorted in any order. |
Alerts
Get Alerts
| Info |
|---|
For customers who have enabled vulnerability based alerting, there are several changes to API version 1.3. Refer here for details. |
...
| Code Block |
|---|
{
"requestType" : "getProjectAlerts",
"userKey": "user_key",
"projectToken" : "project_token"
} |
Get Alerts by Project Tags
| Info |
|---|
For customers who have enabled Security Alerts: View By Vulnerability, there are several changes to API version 1.3. Refer here for details. |
...
| Info |
|---|
Alert level is either minor or major. |
Get Ignored Alerts
| Info |
|---|
For customers who have enabled Security Alerts: View By Vulnerability, there are several changes to API version 1.3. Refer here for details. |
...
| Code Block | ||
|---|---|---|
| ||
{
"alerts": [
{
"vulnerability": {
"name": "CVE-2019-10202",
"type": "CVE",
"severity": "high",
"score": 7.5,
"cvss3_score": 0.0,
"publishDate": "2019-10-01",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10202",
"description": "A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017- 17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.",
"allFixes": [],
"references": []
},
"type": "SECURITY_VULNERABILITY",
"level": "MAJOR",
"library": {
"keyUuid": "029092aa-fe0c-4ab5-ae02-a5a05c9cb8c5",
"keyId": 13673550,
"filename": "jackson-mapper-asl-1.9.2.jar",
"type": "Java",
"description": "Data Mapper package is a high-performance data binding package\nbuilt on Jackson JSON processor",
"references": {
"url": "http://jackson.codehaus.org",
"issueUrl": "http://jira.codehaus.org/browse/JACKSON",
"pomUrl": "https://index.whitesourcesoftware.com/nexus/content/groups/public-on-prem/org/codehaus/jackson/jackson-mapper-asl/1.9.2/jackson-mapper-asl-1.9.2.pom"
},
"sha1": "95400a7922ce75383866eb72f6ef4a7897923945",
"name": "Data Mapper for Jackson",
"artifactId": "jackson-mapper-asl",
"version": "1.9.2",
"groupId": "org.codehaus.jackson",
"licenses": [
{
"name": "Apache 2.0",
"url": "http://www.opensource.org/licenses/Apache-2.0",
"profileInfo": {
"copyrightRiskScore": "THREE",
"patentRiskScore": "ONE",
"copyleft": "NO",
"linking": "DYNAMIC",
"royaltyFree": "CONDITIONAL"
},
"references": [
{
"referenceType": "POM file",
"reference": "https://index.whitesourcesoftware.com/nexus/content/groups/public-on-prem/org/codehaus/jackson/jackson-mapper- asl/1.9.2/jackson-mapper-asl-1.9.2.pom"
}
]
}
]
},
"project": "wss-dal-entity-mysql",
"projectId": 1976,
"projectToken": "fe305449dc244aeb8f0dd729182669b1251ceabede7548b4a86e61b3903f02e4",
"directDependency": true,
"description": "Medium:1,",
"date": "2019-10-10",
"time": 1570703663000,
"alertUuid": "e2d992ce-eaa6-4469-98b3-221e35d6f5fe",
"comments": "Ignore this alert"
},
{
"vulnerability": {
"name": "CVE-2019-10202",
"type": "CVE",
"severity": "high",
"score": 7.5,
"cvss3_score": 0.0,
"publishDate": "2019-10-01",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10202",
"description": "A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.",
"allFixes": [],
"references": []
},
"type": "SECURITY_VULNERABILITY",
"level": "MAJOR",
"library": {
"keyUuid": "029092aa-fe0c-4ab5-ae02-a5a05c9cb8c5",
"keyId": 13673550,
"filename": "jackson-mapper-asl-1.9.2.jar",
"type": "Java",
"description": "Data Mapper package is a high-performance data binding package\nbuilt on Jackson JSON processor",
"references": {
"url": "http://jackson.codehaus.org",
"issueUrl": "http://jira.codehaus.org/browse/JACKSON",
"pomUrl": "https://index.whitesourcesoftware.com/nexus/content/groups/public-on-prem/org/codehaus/jackson/jackson-mapper-asl/1.9.2/jackson-mapper-asl-1.9.2.pom"
},
"sha1": "95400a7922ce75383866eb72f6ef4a7897923945",
"name": "Data Mapper for Jackson",
"artifactId": "jackson-mapper-asl",
"version": "1.9.2",
"groupId": "org.codehaus.jackson",
"licenses": [
{
"name": "Apache 2.0",
"url": "http://www.opensource.org/licenses/Apache-2.0",
"profileInfo": {
"copyrightRiskScore": "THREE",
"patentRiskScore": "ONE",
"copyleft": "NO",
"linking": "DYNAMIC",
"royaltyFree": "CONDITIONAL"
},
"references": [
{
"referenceType": "POM file",
"reference": "https://index.whitesourcesoftware.com/nexus/content/groups/public-on-prem/org/codehaus/jackson/jackson-mapper-asl/1.9.2/jackson-mapper-asl-1.9.2.pom"
}
]
}
]
},
"project": "wss-server",
"projectId": 1978,
"projectToken": "2e139a0b5c494042b2c92807bc595c0bdd4645ae5ab34800a968999140e38e24",
"directDependency": true,
"description": "Medium:1,",
"date": "2019-10-10",
"time": 1570703663000,
"alertUuid": "5f869dba-9d5d-437a-8a03-b51c23997f99",
"comments": "Ignore this alert as well"
}
]
}
|
Security Vulnerability
Alerts will also contain the following object:
...
Field name | Value |
|---|---|
name | The id in the vulnerability DB (CVE or WS) |
type | Either CVE or WS |
severity | Severity of the CVSS 2 vulnerability (low, medium, high) |
score | The CVSS 2 base score [0.0 - 10.0] |
cvss3_severity | The score severity, if CVSS 3 score is between 0-3.9 - Low, if CVSS 3 score is between 4-6.9 - Medium, if CVSS 3 score is between 7-10 - High |
cvss3_score | The CVSS 3 base score [0.0 - 10.0] |
scoreMetadataVector | See specification link |
publishDate | Original release date |
url | URL of the CVE |
description | A short description of the security vulnerability |
topFix | Top recommended fix (when available) |
allFixes | List of all fixes (when available) |
fixResolutionText | The actual resolution text to display for the given fix. |
Get Alerts by Type
| Info |
|---|
For customers who have enabled Security Alerts: View By Vulnerability, there are several changes to API version 1.3. Refer here for details. |
...
| Info |
|---|
Same as alerts response |
Ignore Alerts
Enables users with Organization Administrators, Product Administrators, and Alert Ignorers roles to ignore alerts according to their unique identifier. You can use any alert-related API to get the alertUUID of a particular alert.
...
| Code Block |
|---|
{
"message": "Successfully ignored alerts"
} |
Set Alert Status
Enables users with Organization Administrators, Product Administrators, and Alert Ignorers roles to set the status of alert(s) according to their unique identifier. This API can also be used to change the alert's comments.
...
| Code Block |
|---|
{
"message": "Successfully set the alert's status"
} |
Get Change Log Report
Get organization level Change Log Report in various formats.
...
| Code Block |
|---|
{
"changes": [
{
"startDateTime": "2018-07-04 09:07:21",
"category": "METADATA",
"type": "SOURCE_MATCHING",
"changeType": "CHANGED",
"scope": "SOURCE_FILE",
"scopeName": "activation_mode.h",
"scopeId": 2922950,
"beforeChange": [
"tensorflow-v1.4.0-rc0"
],
"afterChange": [
"tensorflow-v1.4.0-rc0"
],
"operator": "USER",
"userEmail": "john@doe.com",
"productId": 69491,
"productName": "tensorflow",
"projectId": 338568,
"projectName": "tensor",
"comment": "changed lib of source file"
}
]
} |
Get Licenses
Get all libraries and their licenses for a given organization/product/project.
...
| Code Block |
|---|
"libraries" : [
{
"licenses" : [
"license_name_1",
"license_name_2",
"spdxName":"license_spdx_name"
],
"copyrightReferences": [
{
"copyright": "library_copyright_text",
"startYear": "library_copyright_start_year"
}
],
"keyUuid": "library_key_uuid",
"keyId": "library_key_id",
"filename": "library_file_name",
"name" : "libarary_name",
"groupId" : "library_group_id",
"artifactId" : "library_artifact_id",
"version" : "library_version",
"sha1" : "library_sha1",
"languages": "library_language",
"references" : {"url":"library_url",
"downloadLink":"library_download_link"
}
}
] |
Get License Histogram
Get the license histogram (license name : occurrence) for a given organization/product/project.
...
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<project name>.xlsx
Get Change Log Report
Get organization level Change Log in Excel format.
...