Table of Contents |
---|
Info |
---|
NOTES:
|
...
See /wiki/spaces/WD/pages/33816708.
Get Organization Policies
Get Product Policies
Get Project Policies
Add Organization Policy
Add Product Policy
Add Project Policies
Update Organization Policy
Update Product Policy
Update Project Policy
Remove Organization Policies
Remove Product Policies
Remove Project Policies
Reorder Organization Policy Priorities
Reorder Product Policy Priorities
Reorder Project Policy Priorities
Get Licenses
...
Info |
---|
For customers who have enabled vulnerability based alerting, there are several changes to API version 1.3. Refer here for details. |
Get all alerts for a given organization/product/project.
...
Info |
---|
For customers who have enabled Security Alerts: View By Vulnerability, there are several changes to API version 1.3. Refer here for details. |
Code Block |
---|
{ "requestType" : "getAlertsByProjectTag", "userKey": "user_key", "orgToken" : "orgToken", "tagKey":"key1", "tagValue":"value1" } |
...
Info |
---|
For customers who have enabled Security Alerts: View By Vulnerability, there are several changes to API version 1.3. Refer here for details. |
Get a list of ignored alerts per scope (organization/product/project).
...
Field name | Value |
---|---|
name | The id in the vulnerability DB (CVE or WS) |
type | Either CVE or WS |
severity | Severity of the CVSS 2 vulnerability (low, medium, high) |
score | The CVSS 2 base score [0.0 - 10.0] |
cvss3_severity | The score severity, if CVSS 3 score is between 0-3.9 - Low, if CVSS 3 score is between 4-6.9 - Medium, if CVSS 3 score is between 7-10 - High |
cvss3_score | The CVSS 3 base score [0.0 - 10.0] |
scoreMetadataVector | See specification link |
publishDate | Original release date |
url | URL of the CVE |
description | A short description of the security vulnerability |
topFix | Top recommended fix (when available) |
allFixes | List of all fixes (when available) |
fixResolutionText | The actual resolution text to display for the given fix. |
...
Info |
---|
For customers who have enabled Security Alerts: View By Vulnerability, there are several changes to API version 1.3. Refer here for details. |
Get all alerts of a certain type for a given organization / product / project.
...
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet;'|
'
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////Content-Disposition: attachment; filename=<product name>-in-house-report.xlsx
...
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<project name>-in-house-report.xlsx
Unmark manually-assigned In-House libraries
...
Get License Compatibility Report
Get the compatibility of libraries with different software licenses distributed together in the same product/project, in Excel format.
OrganizationProduct
Code Block |
---|
{ "requestType" : "getOrganizationInHouseReportgetProductLicenseCompatibilityReport", "orgTokenproductToken" : "organizationproduct_api_keytoken", "userKey": "user_key" } |
Response
T
Get License Compatibility Report
Get the compatibility of libraries with different software licenses distributed together in the same product/project, in Excel format.
Product
Code Block |
---|
{
"requestType" : "getProductLicenseCompatibilityReport",
"productToken" : "product_token",
"userKey": "user_key"
} |
Response
The response will have the following headers:
...
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename*=UTF-8''<Product Name>-license-compatibility-report.xlsx
...
Code Block |
---|
{ "requestType" : "getProductLibraryLocations", "userKey": "user_key", "productTokenprojectToken" : "productproject_token" } |
Response Format
Code Block |
---|
"libraryLocations" : [ { "name" : "library_name", "keyId" : key_id, "keyUuid" : "key_uuid", "locations": [ { "path" : "library_location_1\library_name", "matchType": "SHA1" }, { "path": "library_location_2\\library_name", "matchType": "FILENAME" } ] } ] |
...
Code Block |
---|
"libraryLocations" : [ { "name" : "library_name", "keyId" : key_id, "keyUuid" : "key_uuid", "locations": [ { "path" : "library_location_1\library_name", "dependencyFile" : "home/ubuntu/GiHubRepos/Samples123/pom.xml" "matchType": "SHA1" }, { "path": "library_location_2\\library_name", "dependencyFile" : "home/ubuntu/GiHubRepos/Samples234/pom.xml" "matchType": "FILENAME" } ] } ] |
Get Policies
See /wiki/spaces/WD/pages/33816708Policies API for documentation.
Groups and Users
...
The Auditor role can be assigned to service users to grant them read-only permissions in the scope of a specific organization. It is recommended to use this role when you want service users to fetch organizational information, but don't want to grant them full admin permissions.
NOTE: The groupAssignment and userAssignment are single entity fields, while groupAssignments and userAssignments are arrays that support receiving multiple values.
Code Block |
---|
{ "requestType" : "setOrganizationAssignments", "userKey":"admin_user_key" "orgToken" : "organization_api_key", "readOnlyUsers" : { "groupAssignments":[{"name":"group_name"},{"name":"group_name"}], // This parameter will be deprecated shortly. Only the first value in each array will be used, since the default approver role only supports a single user. "userAssignments":[{"email":"user_email"},{"email":"user_email"}], //This parameter will be deprecated shortly. Only the first value in each array will be used, since the default approver role only supports a single group. "groupAssignmentsgroupAssignment":[{"name":"group_name"},{"name":"group_name"}], "userAssignmentsuserAssignment":[{"email":"user_email"},{"email":"user_email"}] } } |
Response Format
Code Block |
---|
"message": "The following organization assignments have been set: Read Only" |
...
They can also view data on the product and all projects under it, and open tickets for libraries.
NOTE: The groupAssignment and userAssignment are single entity fields, while groupAssignments and userAssignments are arrays that support receiving multiple values.
Code Block |
---|
{ "requestType": "setProductAssignments", "userKey": "user_key", "productToken": "product_api_key", "productIntegrators" : { "userAssignments":[{"email":"user_email"}], // This parameter will be deprecated shortly. Only the first value in each array will be used, since the default approver role only supports a single user. "groupAssignments":[{"name":"group_name"}], //This parameter will be deprecated shortly. Only the first value in each array will be used, since the default approver role only supports a single group. "userAssignment":{"email":"user_email"}, "groupAssignment":{"name":"group_name"} } } |
Response Format
Code Block |
---|
"message":"Successfully set product assignments" |
...
UNKNOWN - either orgToken or requestToken are invalid
IN_PROGRESS - update is in progress
UPDATED - inventory has been modified yet alerts have not been calculated yet
FINISHED - alerts have been calculated successfully
FAILED - an error has occurred during the update process
SKIPPED - when a scan for a project is requested while a scan for the same project is being executed simultaneously, the new scan is skipped
The timestamp field is in UTC formatGMT time.
The requestToken (also displayed as "Support Token" when printing results to the console from the plugins) can be found in the data of the response returned form the server).
...
name - the name of the vulnerability (e.g. CVE-2008-0983).
severity - the CVSS severity (as taken from NVD), can be one of:
HIGH
MEDIUM
LOW
score - the CVSS score (as taken from NVD), values range from 0-10.
cvss3_score - the CVSS score 3 (as taken from NVD), values range from 0-10.
cvss3_severity - if cvss 3 score is between 0-3.9 - low, if cvss 3 score is between 4-6.9 - medium, if cvss 3 score is between 7-10 - high
scoreMetadataVector - a text representation of a set of CVSS metrics. See also related specification.
description - the vulnerability description.
publishDate - the publish date.
sourceFile - in case the vulnerability was matched to a source file, not the binary library, the sourceFile field will be populated (see details below).
Note: only libraries with type SOURCE_LIBRARY have source files.vulnerabilityFix - the top fix of the vulnerability (see details below).
fixResolutionText - the actual resolution text to display for the given fix.
...