Versions Compared

Old Version 81

changes.mady.by.user Tsur Rothfeld

Saved on

compared with

New Version 87

changes.mady.by.user Tsur Rothfeld

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
Info

NOTES:

  • API capability requires an additional WhiteSource license. Contact your CSM for more details.

  • For customers who have enabled vulnerability-based alerting, there are several changes to API version 1.3 -  refer here for details.

  • This page covers APIs for version 1.3. All version 1.3 APIs must include:

...

See /wiki/spaces/WD/pages/33816708.

  • Get Organization Policies

  • Get Product Policies

  • Get Project Policies

  • Add Organization Policy

  • Add Product Policy

  • Add Project Policies

  • Update Organization Policy

  • Update Product Policy

  • Update Project Policy

  • Remove Organization Policies

  • Remove Product Policies

  • Remove Project Policies

  • Reorder Organization Policy Priorities

  • Reorder Product Policy Priorities

  • Reorder Project Policy Priorities

  • Get Licenses

...

Info

For customers who have enabled vulnerability based alerting, there are several changes to API version 1.3. Refer here for details.

Get all alerts for a given organization/product/project.

...

Info

For customers who have enabled Security Alerts: View By Vulnerability, there are several changes to API version 1.3. Refer here for details.

Code Block
{
	"requestType" : "getAlertsByProjectTag",
    "userKey": "user_key", 
	"orgToken" : "orgToken",
    "tagKey":"key1",
    "tagValue":"value1"
}

...

Info

For customers who have enabled Security Alerts: View By Vulnerability, there are several changes to API version 1.3. Refer here for details.

Get a list of ignored alerts per scope (organization/product/project).

...

Field name

Value

name

The id in the vulnerability DB (CVE or WS)

type

Either CVE or WS

severity

Severity of the CVSS 2 vulnerability (low, medium, high)

score

The CVSS 2 base score [0.0 - 10.0]

cvss3_severity

The score severity, if CVSS 3 score is between 0-3.9 - Low, if CVSS 3 score is between 4-6.9 - Medium, if CVSS 3 score is between 7-10 - High

cvss3_score

The CVSS 3 base score [0.0 - 10.0]

scoreMetadataVector

See specification link

publishDate

Original release date

url

URL of the CVE

description

A short description of the security vulnerability

topFix

Top recommended fix (when available)

allFixes

List of all fixes (when available)

fixResolutionText

The actual resolution text to display for the given fix.

...

Info

For customers who have enabled Security Alerts: View By Vulnerability, there are several changes to API version 1.3. Refer here for details.

Get all alerts of a certain type for a given organization / product / project.

...

Prioritize/ Effective Usage Analysis

See /wiki/spaces/WD/pages/1217627009 here for details.

Get Alerts Report

...

  • Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet;'|

  • '

  • ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////Content-Disposition: attachment; filename=<product name>-in-house-report.xlsx

...

  • Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet

  • Content-Disposition: attachment; filename=<project name>-in-house-report.xlsx

...

Get

...

Organization

Code Block
{
    "requestType" : "getOrganizationInHouseReport",
    "orgToken" : "organization_api_key",
    "userKey": "user_key"
}

Response

T

Get License Compatibility Report 

...

Code Block
{
	"requestType" : "getProductLibraryLocations",     
     "userKey": "user_key", 
	"productTokenprojectToken" : "productproject_token"	
}

Response Format

Code Block
"libraryLocations" : [
	{
		"name" : "library_name",
		"keyId" : key_id,
		"keyUuid" : "key_uuid",
		"locations": [
			{
				"path" : "library_location_1\library_name",
				"matchType": "SHA1"
			},
			{
				"path": "library_location_2\\library_name",
				"matchType": "FILENAME"
			}
		]
	}
]

...

Code Block
"libraryLocations" : [
	{
		"name" : "library_name",
		"keyId" : key_id,
		"keyUuid" : "key_uuid",
		"locations": [
			{
				"path" : "library_location_1\library_name",
				"dependencyFile" : "home/ubuntu/GiHubRepos/Samples123/pom.xml"	
				"matchType": "SHA1"
			},
			{
				"path": "library_location_2\\library_name",
				"dependencyFile" : "home/ubuntu/GiHubRepos/Samples234/pom.xml"	
				"matchType": "FILENAME"
			}
		]
	}
]

Get Policies

See /wiki/spaces/WD/pages/33816708Policies API for documentation.

Groups and Users

...

  1. name - the name of the vulnerability (e.g. CVE-2008-0983).

  2. severity - the CVSS severity (as taken from NVD), can be one of:

    1. HIGH

    2. MEDIUM

    3. LOW

  4. score - the CVSS score (as taken from NVD), values range from 0-10.

  5. cvss3_score - the CVSS score 3 (as taken from NVD), values range from 0-10.

  6. cvss3_severity - if cvss 3 score is between 0-3.9 - low, if cvss 3 score is between 4-6.9 - medium, if cvss 3 score is between 7-10 - high

  7. scoreMetadataVector - a text representation of a set of CVSS metrics. See also related specification.

  8. description - the vulnerability description.

  9. publishDate - the publish date.

  10. sourceFile - in case the vulnerability was matched to a source file, not the binary library, the sourceFile field will be populated (see details below).
    Note: only libraries with type SOURCE_LIBRARY have source files.

  11. vulnerabilityFix - the top fix of the vulnerability (see details below).

  12. fixResolutionText - the actual resolution text to display for the given fix.

...