| Table of Contents | ||||
|---|---|---|---|---|
|
| Info |
|---|
NOTES:
|
...
The WhiteSource HTTP API is available for WhiteSource customers who are licensed to use it. The APIs can be accessed by the organization's administrator(s).
The API is simply an HTTP endpoint implementing a JSON speaking web service and handling POST requests. Like the service itself, communication is secured with SSL.
This document describes the WhiteSource HTTP API v1.3. The API URL can be obtained by copying the 'WhiteSource Server URL', which can be retrieved from your 'Profile' page on the 'Server URLs' panel. Then, add the path '/api/v1.3' to it. For example: https https://saas.whitesourcesoftware.com/api/v1.3.
The API is simply an HTTP endpoint implementing a JSON speaking web service and handling POST requests. Like the service itself, communication is secured with SSL.
The old WhiteSource API Regarding version numbers, if there are 3 or more version parts, (for example, x.y.z or x.y.z.w) both x and y are considered a major version (x.y).
If there are 2 major parts (x.y), then x is considered a major version.
NOTE: The previous WhiteSource API version is currently still supported, and is documented in the HTTP API v1.2 page.
Note that when the following about API calls:
When performing API calls, the time recorded for the action is in GMT time zone, therefore, this is the time displayed in the relevant reports.
Date format in all responses is "yyyy-MM-dd".
The API results are not sorted in any order.
API Execution Scope
Generally, each level of the administrator (Organization, Product) can get/set the API attributes in the API calls that refer to their scope and/or under their scope. For example, Product administrators can execute API calls related to their Projects/Products that are defined in WhiteSource, but they cannot execute Organization-related API calls which are outside their scope. However, there are two API calls that are exceptions to this rule:
getProjectVitals – getProjectVitals – Product administrators can use the Organization level call and get the product/project vitals related to their products/projects.
getRequestState – Although an Organization token is required in the call, a product administrator can also execute it.
...
Request payload should have: Content-Type = application/json
Character Sets
WhiteSource HTTP API v1.x supports Accept-Charset header.
...
API Format
All requests require a token available via the API Integration page in your WhiteSource account, according to the request's context (organization / product / project).
| Note |
|---|
The requestType parameter is mandatory for all requests. |
Parameter | Description |
|---|---|
requestType | For details, see Supported Requests. |
orgToken | Your organization API key. |
productToken | A unique identifier for your product. |
projectToken | A unique identifier for your project. |
Character Sets
WhiteSource HTTP API v1.x supports Accept-Charset header.
If the value of the header is a supported character set (see supported values below) the response would be in that character set.
Otherwise, if the value is not supported or if the header isn't sent, the default response character set will be UTF-8.
...
The following characters are NOT supported as API input: <, >, % and &
Documentation of Supported
...
WhiteSource HTTP API supports the following methods:
Alerts
Get All Organization Alerts
Get All Product Alerts
Get All Project Alerts
Get Alerts by Project tag
Alerts by Type
Get Organization Alerts by Type
Get Product Alerts by Type
Get Project Alerts by Type
Change Log
Get Change Log
Licenses
Get All Organization Licenses
Get All Product Licenses
Get All Project Licenses
License Histogram
Get Organization License Histogram
Get Product License Histogram
Get Project License Histogram
Organization Vitals
Get All Organizations
Get Organization Details
Project / Product Vitals
Get All Products
Get All Projects
Get Organization Project Vitals (vitals of all projects within an organization)
Get Product Project Vitals (vitals of all projects within a product)
Get Project Vitals
Get Organization Product Vitals (vitals of all products within an organization)
Project Tags
Get Organization Project Tags
Get Product Project Tags
Get Project Tags
Save Project Tag
Misc.
Get Product Licenses Text Zip file
Update project with JNinka result file (jninka.xml)
Reports
Get Organization Risk Report
Get Product Risk Report
Get Organization Inventory Report
Get Product Inventory Report
Get Project Inventory Report
Get Organization Container Vulnerability Report
Get Prioritize/ Effective Usage Analysis Report
Get Cluster Vulnerability Report
Get Organization Vulnerability Report
Get Product Vulnerability Report
Get Project Vulnerability Report
Get Organization Source File Inventory Report
Get Product Source File Inventory Report
Get Organization Alerts Report
Get Product Alerts Report
Get Project Alerts Report
Get Organization Attributes Report
Get Product Attributes Report
Get Organization Library Location Report
Get Product Library Location Report
Get Organization Due Diligence Report
Get Product Due Diligence Report
Get Organization Effective Licenses Report
Get Product Effective Licenses Report
Get Organization Effective Usage Analysis Report
Get Organization Bugs Report
Get Product Bugs Report
Get Project Bugs Report
Get Organization Ignored Alerts Report
Get Product Ignored Alerts Report
Get Project Ignored Alerts Report
Get Organization Resolved Alerts Report
Get Product Resolved Alerts Report
Get Project Resolved Alerts Report
Get Organization Request History Report
Get Product Request History Report
Get Project Request History Report
Get Organization Members Report
Get Product Members Report
Get Project Members Report
Get Plugin Request History Report
Get Product Attribution Report
Get Project Attribution Report
Library Locations
Get Product Library Locations
Get Project Library Locations
...
See /wiki/spaces/WD/pages/33816708.
Get Organization Policies
Get Product Policies
Get Project Policies
Add Organization Policy
Add Product Policy
Add Project Policies
Update Organization Policy
Update Product Policy
Update Project Policy
Remove Organization Policies
Remove Product Policies
Remove Project Policies
Reorder Organization Policy Priorities
Reorder Product Policy Priorities
Reorder Project Policy Priorities
Get Licenses
Groups and Users
Create Group
Create User
Invite User
Get All Groups
Get All users
Get Organization Assignments
Get Product Assignments
Set Organization Assignments
Set Product Assignments
Add Users to Groups
Remove User from Group
Remove User from Organization:
Project Create / Delete
Create Project
Delete Project
Product Create / Delete
Create Product
Delete Product
Project API Requests
Get Project Hierarchy
Get Project Inventory
Get Project State
Get Library Source Files
WhiteSource Advise for Chrome
Invite user to WhiteSource Advise for Chrome
API Format
All requests require a token available via the API Integration page in your WhiteSource account, according to the request's context (organization / product / project).
| Note |
|---|
The requestType field is mandatory for all requests. |
Fields
...
Field name
...
Value
...
requestType
...
One of the following:
getOrganizationAlerts
getOrganizationIgnoredAlerts
getProductAlerts
getProjectAlerts
getAlertsByProjectTag
getOrganizationAlertsByType
getProductAlertsByType
getProjectAlertsByType
getOrganizationLicenses
getProductLicenses
getProjectLicenses
getOrganizationEffectiveUsageAnalysis
getOrganizationLicenseHistogram
getProductLicenseHistogram
getProjectLicenseHistogram
getLicensesTextZip
saveProjectTag
getProductLibraryLocations
getProjectLibraryLocations
getOrganizationRiskReport
getProductRiskReport
getOrganizationInventoryReport
getProductInventoryReport
getProjectInventoryReport
getOrganizationVulnerabilityReport
getOrganizationContainerVulnerabilityReport
getClusterVulnerabilityReport
getProductVulnerabilityReport
getProjectVulnerabilityReport
getOrganizationSourceFileInventoryReport
getProductSourceFileInventoryReport
getProjectSourceFileInventoryReport
getOrganizationAlertsReport
getProductAlertsReport
getProjectAlertsReport
getOrganizationAttributesReport
getProductAttributesReport
getOrganizationCustomAttributeValues
getProductCustomAttributeValues
getProjectCustomAttributeValues
getOrganizationLibraryLocationReport
getProductLibraryLocationReport
getOrganizationDueDiligenceReport
getProductDueDiligenceReport
getProjectDueDiligenceReport
getOrganizationEffectiveLicensesReport
getProductEffectiveLicensesReport
getOrganizationBugsReport
getProductBugsReport
getProjectBugsReport
getOrganizationIgnoredAlertsReport
getProductIgnoredAlertsReport
getProjectIgnoredAlertsReport
getOrganizationResolvedAlertsReport
getProductResolvedAlertsReport
getProjectResolvedAlertsReport
getOrganizationRequestHistoryReport
getProductRequestHistoryReport
getProjectRequestHistoryReport
getPluginRequestHistoryReport
getOrganizationMembersReport
getProductMembersReport
getProjectMembersReport
getProductComparisonReport
getProjectComparisonReport
getOrganizationInHouseReport
getProductInHouseReport
getProjectInHouseReport
getOrganizationPolicies
getChangesReport
getProductAttributionReport
getProjectAttributionReport
getProductPolicies
addOrganizationPolicy
addProductPolicy
updateOrganizationPolicy
updateProductPolicy
removeOrganizationPolicies
removeProductPolicies
reorderOrganizationPolicyPriorities
reorderProductPolicyPriorities
getLicenses
createUser
inviteUsers
createGroup
getAllGroups
getAllUsers
getOrganizationAssignments
getProductAssignments
setOrganizationAssignments
setProductAssignments
addUsersToGroups
removeUserFromGroup
removeUserFromOrganization
createProject
deleteProject
createProduct
deleteProduct
getProjectHierarchy
getProjectInventory
getProjectState
getLibrarySourceFiles
inviteUserToWebAdvisor
createServiceUser
changeOriginLibrary
...
orgToken
...
Your organization API key
...
productToken
...
A unique identifier for your product
...
projectToken
...
A unique identifier for your project
...
alertType
...
One of the following:
SECURITY_VULNERABILITY
NEW_MAJOR_VERSION
NEW_MINOR_VERSION
MULTIPLE_LIBRARY_VERSIONS
REJECTED_BY_POLICY_RESOURCE
...
Name
...
Description
...
SECURITY_VULNERABILITY
...
A security vulnerability has been detected for a library in the inventory
...
NEW_MAJOR_VERSION
...
A new major version has been released for a library in the inventory (only if major version updates is enabled)
...
NEW_MINOR_VERSION
...
A new minor version has been released for a library in the inventory (only if minor version updates is enabled)
...
MULTIPLE_LIBRARY_VERSIONS
...
Multiple versions of the same library are being used
...
REJECTED_BY_POLICY_RESOURCE
...
A library violating one of your policies is being used
Notice: For version numbers, if there are 3 or more version parts, (E.g. x.y.z or x.y.z.w) both x and y are considered a major version (x.y).
If there are 2 major parts (x.y), then x is considered a major version.
| Info |
|---|
Date format in all responses is "yyyy-MM-dd". None of the results are sorted in any order. |
Alerts
Get Alerts
| Info |
|---|
For customers who have enabled vulnerability based alerting, there are several changes to API version 1.3. Refer here for details. |
Get all alerts for a given organization/product/project.
Organization
| Code Block |
|---|
{
"requestType" : "getOrganizationAlerts",
"userKey": "user_key",
"orgToken" : "organization_api_key"
} |
Product
| Code Block |
|---|
{
"requestType" : "getProductAlerts",
"userKey": "user_key",
"productToken" : "product_token"
} |
Project
| Code Block |
|---|
{
"requestType" : "getProjectAlerts",
"userKey": "user_key",
"projectToken" : "project_token"
} |
Get Alerts by Project Tags
| Info |
|---|
For customers who have enabled Security Alerts: View By Vulnerability, there are several changes to API version 1.3. Refer here for details. |
| Code Block |
|---|
{
"requestType" : "getAlertsByProjectTag",
"userKey": "user_key",
"orgToken" : "orgToken",
"tagKey":"key1",
"tagValue":"value1"
} |
Response Format when Direct Dependency
| Code Block |
|---|
"apiAlertInfo" : [
{
"type" : "alert_type",
"level" : "alert_level",
"library": {
"keyUuid": "library_unique_id",
"filename": "library_file_name",
"name": "library_name",
"groupId": "library_group_id",
"artifactId": "library_artifact_id",
"version": "library_version",
"sha1": "library_sha1",
"type": "library_type",
"description": "library_description",
"references": {
"url": "library_url",
"pomUrl": "library_pom_url",
"scmUrl": "library_scm_url"
},
"licenses": [
{
"name": "library_license_name",
"url": "library_license_url",
"profileInfo": {
"copyrightRiskScore": "library_license_copyright_risk_score",
"patentRiskScore": "library_patent_risk_score",
"copyleft": "library_license_patent_copyleft",
"linking": "library_license_linking",
"royaltyFree": "library_license_royalty_free"
}
}
]
},
"project" : "project_name",
"directDependency": true,
"description" : "alert_description",
"date" : "alert_creation_date",
"time" : "alert_creation_time_in_epoch_format"
"alertUuid": "6f07c029-f211-4d14-bbb6-5628aa87a1d1"
}
] |
Response Format with Transitive Dependency
| Code Block |
|---|
"apiAlertInfo" : [
{
"type" : "alert_type",
"level" : "alert_level",
"library": {
"keyUuid": "library_unique_id",
"filename": "library_file_name",
"name": "library_name",
"groupId": "library_group_id",
"artifactId": "library_artifact_id",
"version": "library_version",
"sha1": "library_sha1",
"type": "library_type",
"description": "library_description",
"references": {
"url": "library_url",
"pomUrl": "library_pom_url",
"scmUrl": "library_scm_url"
},
"licenses": [
{
"name": "library_license_name",
"url": "library_license_url",
"profileInfo": {
"copyrightRiskScore": "library_license_copyright_risk_score",
"patentRiskScore": "library_patent_risk_score",
"copyleft": "library_license_patent_copyleft",
"linking": "library_license_linking",
"royaltyFree": "library_license_royalty_free"
}
}
]
},
"project" : "project_name",
"directDependency": false,
"description" : "alert_description",
"date" : "alert_creation_date",
"time" : "alert_creation_time_in_epoch_format"
"alertUuid": "6f07c029-f211-4d14-bbb6-5628aa87a1d1"
}
] |
| Info |
|---|
Alert level is either minor or major. |
Get Ignored Alerts
| Info |
|---|
For customers who have enabled Security Alerts: View By Vulnerability, there are several changes to API version 1.3. Refer here for details. |
Get a list of ignored alerts per scope (organization/product/project).
Organization
| Code Block |
|---|
{
"requestType" : "getOrganizationIgnoredAlerts",
"userKey": "user_key",
"orgToken" : "organization_api_key"
} |
Product
| Code Block |
|---|
{
"requestType" : "getProductIgnoredAlerts",
"userKey": "user_key",
"productToken" : "product_token"
} |
Project
| Code Block |
|---|
{
"requestType" : "getProjectIgnoredAlerts",
"userKey": "user_key",
"projectToken" : "project_token"
} |
Response Format
| Code Block | ||
|---|---|---|
| ||
{
"alerts": [
{
"vulnerability": {
"name": "CVE-2019-10202",
"type": "CVE",
"severity": "high",
"score": 7.5,
"cvss3_score": 0.0,
"publishDate": "2019-10-01",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10202",
"description": "A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017- 17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.",
"allFixes": [],
"references": []
},
"type": "SECURITY_VULNERABILITY",
"level": "MAJOR",
"library": {
"keyUuid": "029092aa-fe0c-4ab5-ae02-a5a05c9cb8c5",
"keyId": 13673550,
"filename": "jackson-mapper-asl-1.9.2.jar",
"type": "Java",
"description": "Data Mapper package is a high-performance data binding package\nbuilt on Jackson JSON processor",
"references": {
"url": "http://jackson.codehaus.org",
"issueUrl": "http://jira.codehaus.org/browse/JACKSON",
"pomUrl": "https://index.whitesourcesoftware.com/nexus/content/groups/public-on-prem/org/codehaus/jackson/jackson-mapper-asl/1.9.2/jackson-mapper-asl-1.9.2.pom"
},
"sha1": "95400a7922ce75383866eb72f6ef4a7897923945",
"name": "Data Mapper for Jackson",
"artifactId": "jackson-mapper-asl",
"version": "1.9.2",
"groupId": "org.codehaus.jackson",
"licenses": [
{
"name": "Apache 2.0",
"url": "http://www.opensource.org/licenses/Apache-2.0",
"profileInfo": {
"copyrightRiskScore": "THREE",
"patentRiskScore": "ONE",
"copyleft": "NO",
"linking": "DYNAMIC",
"royaltyFree": "CONDITIONAL"
},
"references": [
{
"referenceType": "POM file",
"reference": "https://index.whitesourcesoftware.com/nexus/content/groups/public-on-prem/org/codehaus/jackson/jackson-mapper- asl/1.9.2/jackson-mapper-asl-1.9.2.pom"
}
]
}
]
},
"project": "wss-dal-entity-mysql",
"projectId": 1976,
"projectToken": "fe305449dc244aeb8f0dd729182669b1251ceabede7548b4a86e61b3903f02e4",
"directDependency": true,
"description": "Medium:1,",
"date": "2019-10-10",
"time": 1570703663000,
"alertUuid": "e2d992ce-eaa6-4469-98b3-221e35d6f5fe",
"comments": "Ignore this alert"
},
{
"vulnerability": {
"name": "CVE-2019-10202",
"type": "CVE",
"severity": "high",
"score": 7.5,
"cvss3_score": 0.0,
"publishDate": "2019-10-01",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10202",
"description": "A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.",
"allFixes": [],
"references": []
},
"type": "SECURITY_VULNERABILITY",
"level": "MAJOR",
"library": {
"keyUuid": "029092aa-fe0c-4ab5-ae02-a5a05c9cb8c5",
"keyId": 13673550,
"filename": "jackson-mapper-asl-1.9.2.jar",
"type": "Java",
"description": "Data Mapper package is a high-performance data binding package\nbuilt on Jackson JSON processor",
"references": {
"url": "http://jackson.codehaus.org",
"issueUrl": "http://jira.codehaus.org/browse/JACKSON",
"pomUrl": "https://index.whitesourcesoftware.com/nexus/content/groups/public-on-prem/org/codehaus/jackson/jackson-mapper-asl/1.9.2/jackson-mapper-asl-1.9.2.pom"
},
"sha1": "95400a7922ce75383866eb72f6ef4a7897923945",
"name": "Data Mapper for Jackson",
"artifactId": "jackson-mapper-asl",
"version": "1.9.2",
"groupId": "org.codehaus.jackson",
"licenses": [
{
"name": "Apache 2.0",
"url": "http://www.opensource.org/licenses/Apache-2.0",
"profileInfo": {
"copyrightRiskScore": "THREE",
"patentRiskScore": "ONE",
"copyleft": "NO",
"linking": "DYNAMIC",
"royaltyFree": "CONDITIONAL"
},
"references": [
{
"referenceType": "POM file",
"reference": "https://index.whitesourcesoftware.com/nexus/content/groups/public-on-prem/org/codehaus/jackson/jackson-mapper-asl/1.9.2/jackson-mapper-asl-1.9.2.pom"
}
]
}
]
},
"project": "wss-server",
"projectId": 1978,
"projectToken": "2e139a0b5c494042b2c92807bc595c0bdd4645ae5ab34800a968999140e38e24",
"directDependency": true,
"description": "Medium:1,",
"date": "2019-10-10",
"time": 1570703663000,
"alertUuid": "5f869dba-9d5d-437a-8a03-b51c23997f99",
"comments": "Ignore this alert as well"
}
]
}
|
Security Vulnerability
Alerts will also contain the following object:
| Code Block |
|---|
"vulnerability": {
"name": "vulnerability_name",
"type": "vulnerability_type",
"severity": "vulnerability_severity",
"score": cvss_2_vulnerability_score,
"cvss3_severity": "cvss_3_score_severity",
"cvss3_score": cvss_3_vulnerability_score,
"publishDate": "vulnerability_publish_date"
"scoreMetadataVector": "cvss_3_metadata_vector",
"url": "URL_of_vulnerability"
"description": "vulnerability_description",
"topFix": {
"vulnerability": "vulnerability_fix_name",
"type": "vulnerability_fix_type",
"origin": "origin_of_fix",
"url": "URL_of_fix",
"fixResolution": "fix_resolution",
"date": "date_of_fix",
"message": "summary_of_fix",
"extraData": "additional_data_on_fix"
},
"allFixes": [{
"vulnerability": "vulnerability_fix_name",
"type": "vulnerability_fix_type",
"origin": "origin_of_fix",
"url": "URL_of_fix",
"fixResolution": "fix_resolution",
"date": "date_of_fix",
"message": "details_on_fix",
"extraData": "additional_data"
}]
} |
| Info |
|---|
topFix & allFixes objects: These objects are displayed only when a fix is available for the specific vulnerability. |
The vulnerability object has the following fields:
...
Field name
...
Value
...
name
...
The id in the vulnerability DB (CVE or WS)
...
type
...
Either CVE or WS
...
severity
...
Severity of the CVSS 2 vulnerability (low, medium, high)
...
score
...
The CVSS 2 base score [0.0 - 10.0]
...
cvss3_severity
...
The score severity, if CVSS 3 score is between 0-3.9 - Low, if CVSS 3 score is between 4-6.9 - Medium, if CVSS 3 score is between 7-10 - High
...
cvss3_score
...
The CVSS 3 base score [0.0 - 10.0]
...
scoreMetadataVector
...
See specification link
...
publishDate
...
Original release date
...
url
...
URL of the CVE
...
description
...
A short description of the security vulnerability
...
topFix
...
Top recommended fix (when available)
...
allFixes
...
List of all fixes (when available)
...
fixResolutionText
...
The actual resolution text to display for the given fix.
Get Alerts by Type
| Info |
|---|
For customers who have enabled Security Alerts: View By Vulnerability, there are several changes to API version 1.3. Refer here for details. |
Get all alerts of a certain type for a given organization / product / project.
...
'fromDate' and 'toDate' are optional filtering fields. The format of these fields is either with or without time ('yyyy-MM-dd' or 'yyyy-MM-dd hh:mm:ss').
...
Organization
| Code Block |
|---|
{
"requestType" : "getOrganizationAlertsByType",
"userKey": "user_key",
"alertType" : "alert_type",
"orgToken" : "organization_api_key",
"fromDate" : "2016-01-01 10:00:00",
"toDate" : "2016-01-02 10:00:00"
} |
Product
| Code Block |
|---|
{
"requestType" : "getProductAlertsByType",
"userKey": "user_key",
"alertType" : "alert_type",
"productToken" : "product_token",
"fromDate" : "2016-01-01 11:00:31",
"toDate" : "2016-01-02 11:00:31"
} |
Project
| Code Block |
|---|
{
"requestType" : "getProjectAlertsByType",
"userKey": "user_key",
"alertType" : "alert_type",
"projectToken" : "project_token",
"fromDate" : "2016-01-01 11:00:00",
"toDate" : "2016-01-02 11:00:00",
"sourceFiles": true
} |
Optional Parameters:
When sourceFiles is set to true in the API request, the response will include the vulnerable source files.
...
| Info |
|---|
Same as alerts response |
Ignore Alerts
Enables users with Organization Administrators role to ignore alerts according to their unique identifier. You can use any alert-related API to get the alertUUID of a particular alert.
| Info |
|---|
'alertUuids' and 'comments' are mandatory fields. |
Request
| Code Block |
|---|
{
"requestType":"ignoreAlerts",
"orgToken": "organization_api_key",
"userKey": "user_key",
"alertUuids": ["22f72c74-c2ea-4ed9-b37f-75d77bc52045","22f72c74-c2ea-4ed9-b37f-75d77bc52046"],
"comments": "alerts not relevant to service"
} |
Response
| Code Block |
|---|
{
"message": "Successfully ignored alerts"
} |
Set Alert Status
Enables users with Organization Administrators role to set the status of alert(s) according to their unique identifier. This API can also be used to change the alert's comments.
Request
| Code Block |
|---|
{
"requestType":"setAlertsStatus",
"orgToken":"organization_api_key",
"userKey": "user_key",
"alertUuids": ["alert1_UUID", "alert2_UUID"],
"comments": "Enter you comment here",
"status": "Active"
} |
Status can have one of the following values: Active or Ignored.
Response
| Code Block |
|---|
{
"message": "Successfully set the alert's status"
} |
Get Change Log Report
Get organization level Change Log Report in various formats.
Request
| Code Block |
|---|
{
"userKey": "user_key",
"orgToken": "organization_api_key",
"requestType": "getChangesReport",
"startDateTime": "2019-08-21 08:08:08"
}
|
Optional Parameters
startDateTime: Date and time for the reported change. Default value: The last seven days including today's date. For example, if today is March 15, then the filtering is for the dates 9-15 of March.
Valid options (strings in uppercase):Any past valid date and time in the following format: 'yyyy-mm-dd hh:mm:ss'.
Response
| Code Block |
|---|
{
"changes": [
{
"startDateTime": "2018-07-04 09:07:21",
"category": "METADATA",
"type": "SOURCE_MATCHING",
"changeType": "CHANGED",
"scope": "SOURCE_FILE",
"scopeName": "activation_mode.h",
"scopeId": 2922950,
"beforeChange": [
"tensorflow-v1.4.0-rc0"
],
"afterChange": [
"tensorflow-v1.4.0-rc0"
],
"operator": "USER",
"userEmail": "john@doe.com",
"productId": 69491,
"productName": "tensorflow",
"projectId": 338568,
"projectName": "tensor",
"comment": "changed lib of source file"
}
]
} |
Get Licenses
Get all libraries and their licenses for a given organization/product/project.
Organization
| Code Block |
|---|
{
"requestType" : "getOrganizationLicenses",
"userKey": "user_key",
"orgToken" : "organization_api_key",
"excludeProjectOccurrences" : true/false
} |
Product
| Code Block |
|---|
{
"requestType" : "getProductLicenses",
"userKey": "user_key",
"productToken" : "product_token",
"excludeProjectOccurrences" : true/false
} |
Project
| Code Block |
|---|
{
"requestType" : "getProjectLicenses",
"userKey": "user_key",
"projectToken" : "project_token",
"excludeProjectOccurrences" : true/false
} |
Response Format
| Code Block |
|---|
"libraries" : [
{
"licenses" : [
"license_name_1",
"license_name_2",
"spdxName":"license_spdx_name"
],
"copyrightReferences": [
{
"copyright": "library_copyright_text",
"startYear": "library_copyright_start_year"
}
],
"keyUuid": "library_key_uuid",
"keyId": "library_key_id",
"filename": "library_file_name",
"name" : "libarary_name",
"groupId" : "library_group_id",
"artifactId" : "library_artifact_id",
"version" : "library_version",
"sha1" : "library_sha1",
"languages": "library_language",
"references" : {"url":"library_url",
"downloadLink":"library_download_link"
}
}
] |
Get License Histogram
Get the license histogram (license name : occurrence) for a given organization/product/project.
Organization
| Code Block |
|---|
{
"requestType" : "getOrganizationLicenseHistogram",
"userKey": "user_key",
"orgToken" : "organization_api_key"
} |
Product
| Code Block |
|---|
{
"requestType" : "getProductLicenseHistogram",
"productToken" : "product_token"
} |
Project
| Code Block |
|---|
{
"requestType" : "getProjectLicenseHistogram",
"userKey": "user_key",
"projectToken" : "project_token"
} |
Response Example
| Code Block |
|---|
{
"licenseHistogram" : {
"Apache 2.0" : 2,
"BSD 3" : 2,
"GPL 3.0" : 1,
}
} |
Get Organization Details
Returns the Organization name, creation date, number of Products, number of Projects, number of groups, and number of users
Request
| Code Block |
|---|
{
"requestType":"getOrganizationDetails",
"orgToken":"org_token",
“userKey”:”user_key”
} |
Response (Example)
| Code Block |
|---|
{
"orgName": "Org A",
"orgToken": "Org_a_token"
"creationDate": "2016-01-01 12:00:00"
"numberOfProducts": "15"
"numberOfProjects": "105"
"numberOfGroups": "2"
"numberOfUsers": "3"
} |
Get All Products
Receives an orgToken and returns all products in the organization; name and token of each.
Request
| Code Block |
|---|
{
"requestType":"getAllProducts",
"userKey": "user_key",
"orgToken":"org_token"
} |
Response
| Code Block |
|---|
{
"products": [
{
"productName": "Product A",
"productToken": "product_a_token"
},
{
"productName": "Product B",
"productToken": "product_b_token"
}
],
"message": "Success"
} |
Get All Projects
Receives a productToken and returns all projects in the product; name and token of each.
Request
| Code Block |
|---|
{
"requestType":"getAllProjects",
"userKey": "user_key",
"productToken":"product_token"
} |
Response
| Code Block |
|---|
{
"projects": [
{
"projectName": "project_a",
"projectToken": "project_a_token"
},
{
"projectName": "project_b",
"projectToken": "project_b_token"
}
],
"message": "Success"
} |
Get In-House Libraries
Get information regarding all in-house libraries on an organization, product, and project level.
Request
Organization Level
| Code Block |
|---|
{
"requestType" : "getOrganizationInHouseLibraries",
"orgToken" : "organization_api_key",
"userKey": "user_key"
} |
Product Level
| Code Block |
|---|
{
"requestType" : "getProductInHouseLibraries",
"productToken" : "product_token",
"userKey": "user_key"
} |
Project Level
| Code Block |
|---|
{
"requestType" : "getProjectInHouseLibraries",
"projectToken" : "project_token",
"userKey": "user_key"
} |
Response
| Code Block |
|---|
"libraries" : [
{
"matchType" : "manual",
"comment": "manually set to in-house",
"keyUuid": "library_unique_id",
"filename": "library_file_name",
"groupId": "library_group_id",
"artifactId": "library_artifact_id",
"version": "library_version",
"sha1": "library_sha1",
"type": "library_type",
"description": "library_description",
"productName" : "product_name",
"productToken" : "product_token",
"projectName" : "project_name",
"projectToken" : "project_token"
},
{
"matchType" : "automatic",
"pattern" : "common-*",
"keyUuid": "library_unique_id",
"filename": "library_file_name",
"groupId": "library_group_id",
"artifactId": "library_artifact_id",
"version": "library_version",
"sha1": "library_sha1",
"type": "library_type",
"description": "library_description",
"productName" : "product_name",
"productToken" : "product_token",
"projectName" : "project_name",
"projectToken" : "project_token
}
] |
| Info |
|---|
Response Parameters
|
Unmark In-House Libraries
Unmark libraries that were manually assigned as in-house.
This request is only in organization level, and therefore requires an org token.
Request
Organization Level
| Code Block |
|---|
{
"requestType": "unmarkManualInHouseLibrary",
"userKey": "user_key",
"orgToken": "organization_api_key",
"keyUuid" : "library_UUID"
} |
Response
| Code Block |
|---|
{
"message": "Successfully unmarked in-house library"
} |
Get Project Vitals
Get basic information regarding a project: name, token, creation date and last updated date.
Organization
| Code Block |
|---|
{
"requestType" : "getOrganizationProjectVitals",
"userKey": "user_key",
"orgToken" : "organization_api_key"
} |
Product
| Code Block |
|---|
{
"requestType" : "getProductProjectVitals",
"userKey": "user_key",
"productToken" : "product_token"
} |
Project
| Code Block |
|---|
{
"requestType" : "getProjectVitals",
"userKey": "user_key",
"projectToken" : "project_token"
} |
Response
| Code Block |
|---|
{
"projectVitals":[
{
"pluginName":"fs-agent:18.2.2",
"name": "My Project",
"token": "project_token",
"uploadedBy": "name_of_user_who_ran_scan",
"creationDate": "2016-01-01 12:00:00",
"lastUpdatedDate": "2016-02-02 16:50:59"
}
]
} |
Get Product Vitals
Get basic information regarding a product: name, token, creation date and last updated date.
Organization
| Code Block |
|---|
{
"requestType" : "getOrganizationProductVitals",
"userKey": "user_key",
"orgToken" : "organization_api_key"
} |
...
| Code Block |
|---|
{
"productVitals":[
{
"name": "My Product",
"token": "product_token",
"creationDate": "2016-01-01 12:00:00",
"lastUpdatedDate": "2016-02-02 16:50:59"
}
]
} |
Global Organization
According to permissions, users can create global organizations, assign them to organizations, or remove them from the organizations.
Create Global Organization
| Code Block |
|---|
{
"requestType": "createGlobalOrg",
"userKey": "user_key",
"name": "global_org_name",
"accountAdminEmail": "enter_account_admin_email@here.com"
} |
Response
| Code Block |
|---|
{
"globalOrgToken": "global_org_token"
} |
Assign Global Organization to an Organization
| Code Block |
|---|
{
"requestType": "assignGlobalOrgToOrg",
"userKey": "user_key",
"orgToken": "org_token",
"globalOrgToken": "global_org_token"
} |
Remove Global Organization from an Organization
| Code Block |
|---|
{
"requestType": "removeGlobalOrgFromOrg",
"userKey": "user_key",
"orgToken": "org_token",
"globalOrgToken": "global_org_token"
} |
Get All Organizations
Returns data on all organizations within the Global Organization.
Request
| Code Block |
|---|
{
"requestType":"getAllOrganizations",
"userKey": "user_key",
"globalOrgToken":"global_organization_token"
} |
Response
| Code Block |
|---|
{
"organizations": [
{
"orgName": "Org A",
"orgToken": "Org_a_token"
},
{
"orgName": "Org B",
"orgToken": "Org_b_token"
}
],
"message": "Success"
} |
Product Tags
Get Product Tags
Get product tags: key, value.
Request
| Code Block |
|---|
{
"requestType": "getProductTags",
"userKey": "user_key",
"productToken": productToken
} |
Response
| Code Block |
|---|
{
"productTags":[
{
"name": "My Product A",
"token": "product_token",
"tags": {
"newKey": [
"newValue",
"newValue2"
],
"tagKeyA": [
"tagValueA"
]
}
}
] |
| Info |
|---|
Products without tags are returned as well. |
Save a Product Tag
Save a product tag: key, value.
Request
| Code Block |
|---|
{
"requestType": "saveProductTag",
"userKey": "user_key",
"productToken": "productToken",
"tagKey": "newKey",
"tagValue": "newValue"
} |
Response
| Code Block |
|---|
{
"productTagsInfo": {
"name": "productA",
"token": {productToken},
"tags": {
"newKey": "newValue"
}
}
} |
| Info |
|---|
Products without tags are also returned. |
Get Organizational Product Tags
Get organizational product tags: key, value.
Request
| Code Block |
|---|
{
"requestType": "getOrganizationProductTags",
"userKey": "user_key",
"orgToken": "orgToken"
} |
Response
| Code Block |
|---|
{
"productTags": [
{
"name": "productA",
"token": " productAToken",
"tags": {
"newKey": [
"newValue",
"newValue2"
],
"tagKeyA": [
"tagValueA"
]
}
},
{
"name": " productB",
"token": " productBToken",
"tags": {}
}
]
} |
| Info |
|---|
Products without tags are also returned. |
Remove a Product Tag
Remove a product tag: key, value.
Request
| Code Block |
|---|
{
"requestType" : "removeProductTag",
"userKey": "user_key",
"productToken" : "product_token",
"tagKey": "newKey",
"tagValue": "newValue"
} |
Response
| Code Block |
|---|
{
"message": "Successfully removed product tag"
} |
Project Tags
Get Project Tags
Get project tags: key, value.
Organization
| Code Block |
|---|
{
"requestType" : "getOrganizationProjectTags",
"userKey": "user_key",
"orgToken" : "organization_api_key"
} |
Product
| Code Block |
|---|
{
"requestType" : "getProductProjectTags",
"userKey": "user_key",
"productToken" : "product_token"
} |
Project
| Code Block |
|---|
{
"requestType" : "getProjectTags",
"userKey": "user_key",
"projectToken" : "project_token"
} |
Response
| Code Block |
|---|
{
"projectTags":[
{
"name": "My Project 1",
"token": "project_token_1",
"tags":{
"Component": "Database",
"Module": "Server"
}
},
{
"name": "My Project 2",
"token": "project_token_2",
"tags":{}
}
]
} |
| Info |
|---|
Projects without tags are also returned. |
Save a Project Tag
Save a project tag by key, value.
Project
| Code Block |
|---|
{
"requestType" : "saveProjectTag",
"userKey": "user_key",
"projectToken" : "project_token",
"tagKey":"key1",
"tagValue":"value1"
} |
Response
| Code Block |
|---|
{
"projectTags":
{
"name": "My Project 1",
"token": "project_token_1",
"tags":
{
"key1": "value1"
}
}
} |
Licenses Text Zip
Get the licenses terms and conditions text files contained in a single zip file.
Product
| Code Block |
|---|
{
"requestType" : "getLicensesTextZip",
"userKey": "user_key",
"productToken" : "product_token"
} |
Project
| Code Block |
|---|
{
"requestType" : "getProjectLicensesTextZip",
"userKey": "user_key",
"projectToken" : "project_token"
} |
Response
The response will have the following headers:
Content-Type = application/zip
Content-Disposition: attachment; filename=product_name-licenses.zip
| Note |
|---|
The response is a zip file, not a json formatted message |
Copyrights Text File
Get the copyrights' text files.
Product
| Code Block |
|---|
{
"requestType" : "getCopyrightsTextFile",
"userKey": "user_key",
"productToken" : "product_token"
} |
Project
| Code Block |
|---|
{
"requestType" : "getProjectCopyrightsTextFile",
"userKey": "user_key",
"projectToken" : "project_token"
} |
Response
The response will have the following headers:
Content-Type = text/plain
Content-Disposition: attachment; filename=product_name-copyrights.zip
Set Library Notices
This API enables setting the value of the library’s notice.
Request
| Code Block |
|---|
{
"requestType": "setLibraryNotice",
"orgToken" : "org_token",
"userKey": "user_key",
"libraryUUID": "library_UUID",
"text": "Notices are fun!",
"reference": "And references are too"
} |
NOTE: The reference field is optional.
Response
| Code Block |
|---|
{
"message": "Successfully set notice"
} |
Get Notices Text File
Get the notices text files.
| Info |
|---|
This request is available only for products |
Product
| Code Block |
|---|
{
"requestType" : "getNoticesTextFile",
"userKey": "user_key",
"productToken" : "product_token"
} |
Response
The response will have the following headers:
Content-Type = text/plain
Content-Disposition: attachment; filename=product_name-notices.zip
Get Risk Report
Get organization or product level risk reports in PDF format.
| Info |
|---|
This request is available for organizations or products |
...
| Code Block |
|---|
{
"requestType" : "getOrganizationRiskReport",
"userKey": "user_key",
"orgToken" : "organization_api_key"
} |
Response
The response will have the following headers:
Content-Type = application/pdf
Content-Disposition: attachment; filename=<organization name>.pdf
Product
| Code Block |
|---|
{
"requestType" : "getProductRiskReport",
"userKey": "user_key",
"productToken" : "product_token"
} |
Response
The response will have the following headers:
Content-Type = application/pdf
Content-Disposition: attachment; filename=<product name>.pdf
Project
| Code Block |
|---|
{
"requestType" : "getProjectRiskReport",
"userKey": "user_key",
"projectToken" : "project_token"
} |
Response
The response will have the following headers:
Content-Type = application/pdf
Content-Disposition: attachment; filename=<project name>.pdf
Get Inventory Report
Get organization, product or project level inventory reports in Excel (xlsx) or JSON (json) format.
| Info |
|---|
This request is available for organizations, products or projects. |
Organization
| Code Block |
|---|
{
"requestType" : "getOrganizationInventoryReport",
"userKey": "user_key",
"orgToken" : "organization_api_key",
"format" : "json"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Product
| Code Block |
|---|
{
"requestType" : "getProductInventoryReport",
"userKey": "user_key",
"productToken" : "product_token",
"format" : "xlsx"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Project
| Code Block |
|---|
{
"requestType" : "getProjectInventoryReport",
"userKey": "user_key",
"projectToken" : "project_token",
"format" : "xlsx"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<project name>.xlsx
Get Change Log Report
Get organization level Change Log in Excel format.
Request
| Code Block |
|---|
{
"userKey": "user_key",
"orgToken": "organization_api_key",
"requestType":"getChangeLogHistoryReport"
}
|
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=response.xlsx
Get Vulnerability Report
Get organization, product or project level vulnerability reports in Excel or JSON format.
| Info |
|---|
This request is available for organizations, products or projects. An 'xlsx' format is used when no 'format' parameter is provided. |
Organization
| Code Block |
|---|
{
"requestType" : "getOrganizationVulnerabilityReport",
"userKey": "user_key",
"orgToken" : "organization_api_key",
"format" : "xlsx"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Product
| Code Block |
|---|
{
"requestType" : "getProductVulnerabilityReport",
"userKey": "user_key",
"productToken" : "product_token",
"format" : "xlsx"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Project
| Code Block |
|---|
{
"requestType" : "getProjectVulnerabilityReport",
"userKey": "user_key",
"projectToken" : "project_token",
"format" : "json"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<project name>.xlsx
Get Container Vulnerability Report
Get organization or cluster level container vulnerability reports in Excel or JSON format.
| Info |
|---|
This request is available for the organization and cluster level. An 'xlsx' format is used when no 'format' parameter is provided. |
Organization
| Code Block |
|---|
{
"requestType" : "getOrganizationContainerVulnerabilityReport",
"userKey": "user_key",
"orgToken" : "org_token",
"format" : "xlsx"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Cluster
| Code Block |
|---|
{
"requestType" : "getClusterVulnerabilityReport",
"userKey": "user_key",
"productToken" : "product_token",
"format" : "json"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<cluster name>.xlsx
Get Source File Inventory Report
Get organization, product or project level source file inventory reports in Excel (xlsx) or JSON (json) format.
| Info |
|---|
This request is available for organizations, products or projects. |
Organization
| Code Block |
|---|
{
"requestType" : "getOrganizationSourceFileInventoryReport",
"userKey": "user_key",
"orgToken" : "organization_api_key",
"format" : "json"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Product
| Code Block |
|---|
{
"requestType" : "getProductSourceFileInventoryReport",
"userKey": "user_key",
"productToken" : "product_token",
"format" : "json"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Project
| Code Block |
|---|
{
"requestType" : "getProjectSourceFileInventoryReport",
"userKey": "user_key",
"projectToken" : "project_token",
"format" : "xlsx"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Prioritize/ Effective Usage Analysis
See here for details.
Get Alerts Report
Get organization, product or project level alerts reports in Excel format.
| Info |
|---|
This request is available for organizations, products or projects. An 'xlsx' format is used when no 'format' parameter is provided. |
Organization
| Info |
|---|
For customers who have enabled Security Alerts: View By Vulnerability, this API will not be available. |
| Code Block |
|---|
{
"requestType" : "getOrganizationAlertsReport",
"userKey": "user_key",
"orgToken" : "organization_api_key",
"format" : "xlsx"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Product
| Info |
|---|
For customers who have enabled Security Alerts: View By Vulnerability, this API will not be available. |
| Code Block |
|---|
{
"requestType" : "getProductAlertsReport",
"userKey": "user_key",
"productToken" : "product_token",
"format" : "xlsx"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Project
| Info |
|---|
For customers who have enabled Security Alerts: View By Vulnerability, this API will not be available. |
| Code Block |
|---|
{
"requestType" : "getProjectAlertsReport",
"userKey": "user_key",
"projectToken" : "project_token",
"format" : "xlsx"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<project name>.xlsx
Get Attributes Report
Get organization or product level attributes reports in Excel format.
| Info |
|---|
This request is available for organizations or products |
Organization
| Code Block |
|---|
{
"requestType" : "getOrganizationAttributesReport",
"userKey": "user_key",
"orgToken" : "organization_api_key"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Product
| Code Block |
|---|
{
"requestType" : "getProductAttributesReport",
"userKey": "user_key",
"productToken" : "product_token"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Get Custom Attributes Values
Returns list of all custom attributes along with their set values for each library.
Organization
| Code Block |
|---|
{
"requestType":"getOrganizationCustomAttributeValues",
"userKey": "user_key",
"orgToken": "<orgToken>", // For example, orgToken for "ACME Corporation"
"userKey": "<userKey>"
} |
Response
| Code Block |
|---|
"customAttributeValues": [
{
"<keyUuid>": [
{
"organizationAttr0": "value0",
"context": "Organizational",
"contextId": 2133534,
"contextToken": "4534fgdfjghj5456jlklsdf7",
"contextName": "ACME Corporation"
}
]
},
{
"<keyUuid>": [
{
"organizationAttr0": "valueX",
"context": "Organizational",
"contextId": 2133534,
"contextToken": "4534j5456jlklsdf7",
"contextName": "ACME Corporation"
},
{
"productAttr1": "valueA",
"context": "Product",
"contextId": 989795,
"contextToken": "isdfsdfkhosdf935pokwt",
"contextName": "Product A"
},
{
"productAttr1": "valueB",
"context": "Product",
"contextId": 07435365,
"contextToken": "llsfi4trerg90824sdf",
"contextName": "Product B"
},
{
"projectAtt2": "value",
"context": "Project",
"contextId": 985743395,
"contextToken": "ldshwufnvf9235jgdg0",
"contextName": "Project A"
},
{
"projectAtt2": "value",
"context": "Project",
"contextId": 098345345,
"contextToken": "klasd309438dflkl0934t",
"contextName": "Project B"
}
]
}
] |
Product
| Code Block |
|---|
{
"requestType":"getProductCustomAttributeValues",
"userKey": "user_key",
"productToken": "<productToken>", // For example, productToken for "Product A"
"userKey": "<userKey>"
} |
Response
| Code Block |
|---|
"customAttributeValues": [
{
"<keyUuid>": [
{
"organizationAttr0": "value0",
"context": "Organizational",
"contextId": 2133534,
"contextToken": "45345345fdg5456jlklsdf7",
"contextName": "ACME Corporation"
}
]
},
{
"<keyUuid>": [
{
"organizationAttr0": "valueX",
"context": "Organizational",
"contextId": 2133534,
"contextToken": "45345345fdgdfgdfjghjlsdf7",
"contextName": "ACME Corporation"
},
{
"productAttr1": "valueA",
"context": "Product",
"contextId": 989795,
"contextToken": "isdfsdfkh3086h35pokwt",
"contextName": "Product A"
},
{
"projectAtt2": "value",
"context": "Project",
"contextId": 985743395,
"contextToken": "ldshwufnvo59332hf9gdg0",
"contextName": "Project A"
},
{
"projectAtt2": "value",
"context": "Project",
"contextId": 098345345,
"contextToken": "klasd309438dflkjg94t0934t",
"contextName": "Project B"
}
]
}
] |
Project
| Code Block |
|---|
{
"requestType":"getProjectCustomAttributeValues",
"userKey": "user_key",
"projectToken": "<projectToken>", // For example, projectToken for "Project A" that belongs to "Product A"
"userKey": "<userKey>"
} |
Response
| Code Block |
|---|
"customAttributeValues": [
{
"<keyUuid>": [
{
"organizationAttr0": "value0",
"context": "Organizational",
"contextId": 2133534,
"contextToken": "45345345fdgdfgd456jlklsdf7",
"contextValue": "ACME Corporation"
}
]
},
{
"<keyUuid>": [
{
"organizationAttr0": "valueX",
"context": "Organizational",
"contextId": 2133534,
"contextToken": "45345345fdgdfgdfjghjlklsdf7",
"contextName": "ACME Corporation"
},
{
"productAttr1": "valueA",
"context": "Product",
"contextId": 989795,
"contextToken": "isdfsdfkh30osdf935pokwt",
"contextName": "Product A"
},
{
"projectAtt2": "value",
"context": "Project",
"contextId": 985743395,
"contextToken": "ldshwufnvo59332hfjgdg0",
"contextName": "Project A"
}
]
}
] |
Get Library Location Report
Get organization or product level library location reports in Excel format.
| Info |
|---|
This request is available for organizations or products |
Organization
| Code Block |
|---|
{
"requestType" : "getOrganizationLibraryLocationReport",
"userKey": "user_key",
"orgToken" : "organization_api_key"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Product
| Code Block |
|---|
{
"requestType" : "getProductLibraryLocationReport",
"userKey": "user_key",
"productToken" : "product_token"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Get Due Diligence Report
Get organization or product level due diligence reports in Excel (xlsx) or JSON (json) format.
| Info |
|---|
This request is available for organizations, products or projects. |
Organization
| Code Block |
|---|
{
"requestType" : "getOrganizationDueDiligenceReport",
"userKey": "user_key",
"orgToken" : "organization_api_key",
"format" : "xlsx"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Product
| Code Block |
|---|
{
"requestType" : "getProductDueDiligenceReport",
"userKey": "user_key",
"productToken" : "product_token",
"format" : "json"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Project
| Code Block |
|---|
{
"requestType" : "getProjectDueDiligenceReport",
"userKey": "user_key",
"projectToken" : "project_token",
"format" : "json"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Get Effective Licenses Report
Get organization or product level effective licenses reports in Excel format.
| Info |
|---|
This request is available for organizations or products |
Organization
| Code Block |
|---|
{
"requestType" : "getOrganizationEffectiveLicensesReport",
"userKey": "user_key",
"orgToken" : "organization_api_key"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Product
| Code Block |
|---|
{
"requestType" : "getProductEffectiveLicensesReport",
"userKey": "user_key",
"productToken" : "product_token"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Get Bugs Report
Get organization, product or project level bugs reports in Excel format.
| Info |
|---|
This request is available for organizations, products or projects |
Organization
| Code Block |
|---|
{
"requestType" : "getOrganizationBugsReport",
"userKey": "user_key",
"orgToken" : "organization_api_key"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Product
| Code Block |
|---|
{
"requestType" : "getProductBugsReport",
"productToken" : "product_token"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Project
| Code Block |
|---|
{
"requestType" : "getProjectBugsReport",
"userKey": "user_key",
"projectToken" : "project_token"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<project name>.xlsx
Get Ignored Alerts Report
Get organization, product or project level ignored alerts reports in Excel format.
| Info |
|---|
This request is available for organizations, products or projects. |
Organization
| Info |
|---|
For customers who have enabled Security Alerts: View By Vulnerability, this API will not be available. |
| Code Block |
|---|
{
"requestType" : "getOrganizationIgnoredAlertsReport",
"userKey": "user_key",
"orgToken" : "organization_api_key",
"format" : "xlsx"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Product
| Info |
|---|
For customers who have enabled Security Alerts: View By Vulnerability, this API will not be available. |
| Code Block |
|---|
{
"requestType" : "getProductIgnoredAlertsReport",
"userKey": "user_key",
"productToken" : "product_token",
"format" : "xlsx"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Project
| Info |
|---|
For customers who have enabled Security Alerts: View By Vulnerability, this API will not be available. |
| Code Block |
|---|
{
"requestType" : "getProjectIgnoredAlertsReport",
"userKey": "user_key",
"projectToken" : "project_token",
"format" : "xlsx"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<project name>.xlsx
Get Resolved Alerts Report
Get organization, product or project level resolved alerts reports in Excel format.
| Info |
|---|
This request is available for organizations, products or projects |
Organization
| Info |
|---|
For customers who have enabled Security Alerts: View By Vulnerability, this API will not be available. |
| Code Block |
|---|
{
"requestType" : "getOrganizationResolvedAlertsReport",
"userKey": "user_key",
"orgToken" : "organization_api_key",
"format" : "xlsx"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Product
| Info |
|---|
For customers who have enabled Security Alerts: View By Vulnerability, this API will not be available. |
| Code Block |
|---|
{
"requestType" : "getProductResolvedAlertsReport",
"userKey": "user_key",
"productToken" : "product_token",
"format" : "xlsx"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Project
| Info |
|---|
For customers who have enabled Security Alerts: View By Vulnerability, this API will not be available. |
| Code Block |
|---|
{
"requestType" : "getProjectResolvedAlertsReport",
"userKey": "user_key",
"projectToken" : "project_token",
"format" : "xlsx"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<project name>.xlsx
Get Attribution Report
Get product or project level attribution reports in HTML or text format.
| Info |
|---|
The requests are available for products or projects |
Product
| Code Block |
|---|
{
"requestType": "getProductAttributionReport",
"productToken" : "product_token",
"userKey": "user_key",
"reportHeader": "header_text", // Default "Attribution Report"
"reportTitle": "title_text", // Default ""
"reportFooter": "footer_text", // Default ""
"reportingScope": ( SUMMARY | LICENSES | COPYRIGHTS | NOTICES | PRIMARY_ATTRIBUTES), // Default all options (SUMMARY, LICENSES, COPYRIGHTS, NOTICES, PRIMARY_ATTRIBUTES)
"reportingAggregationMode": ( BY_COMPONENT | BY_PROJECT ), // Mandatory
"missingLicenseDisplayOption": ( BLANK | GENERIC_LICENSE ), // Default "BLANK"
"exportFormat": ( TXT | HTML | JSON ), // Case insensitive
"licenseReferenceTextPlacement": ( LICENSE_SECTION | APPENDIX_SECTION ), // Default "LICENSE_SECTION"
"customAttribute": "custom_attribute_name",
"includeVersions": "false" // Optional parameter, default value is "true". If set to "false", the attribution report will not include the field "version".
} |
Response
The response is in text or HTML formats.
Project
| Code Block |
|---|
{
"requestType": "getProjectAttributionReport",
"projectToken" : "project_token",
"userKey": "user_key",
"reportHeader": "header_text", // Default "Attribution Report"
"reportTitle": "title_text", // Default ""
"reportFooter": "footer_text", // Default ""
"reportingScope": ( SUMMARY | LICENSES | COPYRIGHTS | NOTICES | PRIMARY_ATTRIBUTES ), // Default all options (SUMMARY, LICENSES, COPYRIGHTS, NOTICES, PRIMARY_ATTRIBUTES)
"reportingAggregationMode": ( BY_COMPONENT | BY_PROJECT ), // Mandatory
"missingLicenseDisplayOption": ( BLANK | GENERIC_LICENSE ), // Default "BLANK"
"exportFormat": ( TXT | HTML | JSON ), // Case insensitive
"licenseReferenceTextPlacement": ( LICENSE_SECTION | APPENDIX_SECTION ), // Default "LICENSE_SECTION"
"customAttribute": "custom_attribute_name",
"includeVersions": "true" // Optional parameter, default value is "true". If set to "false", the attribution report will not include the field "version".
} |
Response
The response is in text or HTML formats.
Get Request History Report
Get organization, product or project level request history reports in Excel format.
| Info |
|---|
This request is available for organizations, products or projects |
Organization
| Code Block |
|---|
{
"requestType" : "getOrganizationRequestHistoryReport",
"userKey": "user_key",
"orgToken" : "organization_api_key"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Product
| Code Block |
|---|
{
"requestType" : "getProductRequestHistoryReport",
"userKey": "user_key",
"productToken" : "product_token"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Project
| Code Block |
|---|
{
"requestType" : "getProjectRequestHistoryReport",
"userKey": "user_key",
"projectToken" : "project_token"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<project name>.xlsx
Get Members Report
Get organization, product or project level members reports in Excel format.
| Info |
|---|
This request is available for organizations, products or projects |
Organization
| Code Block |
|---|
{
"requestType" : "getOrganizationMembersReport",
"userKey": "user_key",
"orgToken" : "organization_api_key"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Product
| Code Block |
|---|
{
"requestType" : "getProductMembersReport",
"userKey": "user_key",
"productToken" : "product_token"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Project
| Code Block |
|---|
{
"requestType" : "getProjectMembersReport",
"userKey": "user_key",
"projectToken" : "project_token"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<project name>.xlsx
Get Plugin Request History Report
Get organization level plugin request history reports in Excel format.
| Info |
|---|
This request is available for organizations |
Organization
| Code Block |
|---|
{
"requestType" : "getPluginRequestHistoryReport",
"userKey": "user_key",
"orgToken" : "organization_api_key"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Get Product Comparison Report
Get organization level product comparison reports in Excel format.
| Info |
|---|
This request is available for use with 2 products |
Organization
| Code Block |
|---|
{
"requestType" : "getProductComparisonReport",
"userKey": "user_key",
"productToken" : "product_token",
"productToken2" : "product_token2"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product>-<product2>-product-comparison.xlsx
Get Project Comparison Report
Get organization level project comparison reports in Excel format.
| Info |
|---|
This request is available for use with 2 projects |
Organization
| Code Block |
|---|
{
"requestType" : "getProjectComparisonReport",
"userKey": "user_key",
"projectToken" : "project_token",
"projectToken2" : "project_token2"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<project>-<project2>-project-comparison.xlsx
Get In-House Report
Get organization, product, and project level in-house report(s) in Excel format.
Organization
| Code Block |
|---|
{
"requestType" : "getOrganizationInHouseReport",
"orgToken" : "organization_api_key",
"userKey": "user_key"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>-in-house-report.xlsx
Product
| Code Block |
|---|
{
"requestType" : "getProductInHouseReport",
"productToken" : "product_token",
"userKey": "user_key"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet;'|
Content-Disposition: attachment; filename=<product name>-in-house-report.xlsx
Project
| Code Block |
|---|
{
"requestType" : "getProjectInHouseReport",
"projectToken" : "project_token",
"userKey": "user_key"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<project name>-in-house-report.xlsx
Get License Compatibility Report
Get the compatibility of libraries with different software licenses distributed together in the same product/project, in Excel format.
Product
| Code Block |
|---|
{
"requestType" : "getProductLicenseCompatibilityReport",
"productToken" : "product_token",
"userKey": "user_key"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename*=UTF-8''<Product Name>-license-compatibility-report.xlsx
Project
| Code Block |
|---|
{
"requestType" : "getProjectLicenseCompatibilityReport",
"projectToken" : "project_token",
"userKey": "user_key"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename*=UTF-8''<Project Name>-license-compatibility-report.xlsx
Get Library Locations
Product
| Code Block |
|---|
{
"requestType" : "getProductLibraryLocations",
"userKey": "user_key",
"projectToken" : "project_token"
} |
Response Format
| Code Block |
|---|
"libraryLocations" : [
{
"name" : "library_name",
"keyId" : key_id,
"keyUuid" : "key_uuid",
"locations": [
{
"path" : "library_location_1\library_name",
"matchType": "SHA1"
},
{
"path": "library_location_2\\library_name",
"matchType": "FILENAME"
}
]
}
] |
Project
| Code Block |
|---|
{
"requestType" : "getProjectLibraryLocations",
"userKey": "user_key",
"projectToken" : "project_token"
} |
Response Format
| Code Block |
|---|
"libraryLocations" : [
{
"name" : "library_name",
"keyId" : key_id,
"keyUuid" : "key_uuid",
"locations": [
{
"path" : "library_location_1\library_name",
"dependencyFile" : "home/ubuntu/GiHubRepos/Samples123/pom.xml"
"matchType": "SHA1"
},
{
"path": "library_location_2\\library_name",
"dependencyFile" : "home/ubuntu/GiHubRepos/Samples234/pom.xml"
"matchType": "FILENAME"
}
]
}
] |
Get Policies
See Policies API for documentation.
Groups and Users
Create Group
| Code Block |
|---|
{
"requestType": "createGroup",
"userKey": "user_key",
"orgToken": "organization_api_key",
"group":{
"name":"group_name",
"description":"group_description"
}
} |
...
| Code Block |
|---|
{
"group":{
"id": 8340,
"name": "test_group",
"description": "best group ever",
"users":[]
},
"message": "Successfully created group test_group"
} |
Create user
| Info |
|---|
The following API request must be executed by Organization Administrators only. |
| Code Block |
|---|
{
"requestType": "createUser",
"userKey": "user_key",
"orgToken": "organization_api_key",
"inviter":{
"email": "inviter_email"
},
"addedUser":{
"name":"new_user_name",
"email":"new_user_email"
}
} |
Response Format
| Code Block |
|---|
"message":"Successfully created user new_user_name" |
Invite Users
| Info |
|---|
The following API request must be executed by Organization Administrators only. |
| Code Block |
|---|
{
"requestType": "inviteUsers",
"userKey": "user_key",
"orgToken": "organization_api_key",
"inviter":{
"email":"inviter_email"
},
"emails":[
"new_email1",
"new_email2"
]
} |
Response Format
| Code Block |
|---|
"message":"Successfully sent invitation to new_email1,new_email2" |
Get All Groups
| Info |
|---|
The following API request must be executed by Organization Administrators only. |
| Code Block |
|---|
{
"requestType": "getAllGroups",
"userKey": "user_key",
"orgToken": "organization_api_key"
} |
Response Format
| Code Block |
|---|
{
"groups":[
{
"id": 2373,
"name": "admins",
"description": "Alex playground administrators",
"users":[
{"id": 2458, "email": "john1@gmail.com", "name": "John2"},
{"id": 1841, "email": "john2@gmail.com", "name": "John1"}
]}],
"message":"Organization groups"
}
|
Get All Users
| Info |
|---|
The following API request must be executed by Organization Administrators only. |
| Code Block |
|---|
{
"requestType": "getAllUsers",
"userKey": "user_key",
"orgToken": "organization_api_key"
} |
Response Format
| Code Block |
|---|
{
"users":[
{
"id": 1841,
"email": "john@gmail.com",
"name": "John Doe"
}],
"message":"Organization users"
} |
Add Users to Groups
| Info |
|---|
The following API request must be executed by Organization Administrators only. |
| Code Block |
|---|
{
"requestType": "addUsersToGroups",
"userKey": "user_key",
"orgToken": "organization_api_key",
"assignedUsers" :
[
[{"name":"group_name"},[{"email":"assigned_user_email"},
{"email":"assigned_user_email"}]]
]
} |
Response Format
| Code Block |
|---|
"message":"Successfully assigned users to groups" |
Remove User from Group
| Info |
|---|
The following API request must be executed by Organization Administrators only. |
| Info |
|---|
You must provide both group and user for this API call (not only the user). |
Response Format
| Code Block |
|---|
"message":"Successfully removed user from group" |
Remove User from Organization
| Info |
|---|
The following API request must be executed by Organization Administrators only. |
| Code Block |
|---|
{
"requestType": "removeUserFromOrganization",
"userKey": "user_key",
"orgToken":"your_org_token",
"user": { "email": "user_email" }
} |
Response Format
| Code Block |
|---|
"message":"Successfully removed user from organization" |
Assignments
Get Organization Assignments
| Code Block |
|---|
{
"requestType":"getOrganizationAssignments",
"userKey": "user_key",
"orgToken":"organization_api_key"
} |
Response Format
| Code Block |
|---|
{
"groupRoles":{
"USER":[
{
"id":group_id,
"name":"users",
"description":"All users in organization",
"users":[
{
"id":user_id,
"email":"user_email",
"name":"No Name"
},
{
"id":user_id,
"email":"user_email",
"name":"user_name"
}
]
}
],
"ADMIN":[
{
"id":group_id,
"name":"admins",
"description":"Administrators",
"users":[
{
"id":user_id,
"email":"user_email",
"name":"user_name"
}
]
}
]
},
"userRoles":{
"USER":[
{
"id":user_id,
"email":"user_email",
"name":"user_name"
},
{
"id":user_id,
"email":"user_email",
"name":"user_name"
}
],
"DEFAULT_APPROVER":[
{
"id":user_id,
"email":"user_email",
"name":"user_name"
}
]
}
} |
Get Product Assignments
| Code Block |
|---|
{
"requestType":"getProductAssignments",
"userKey": "user_key",
"productToken":"product_api_key"
} |
Response Format
| Code Block |
|---|
{
"groupRoles":{
"ALERT_EMAIL_RECEIVER":[
{
"id":group_id,
"name":"group_name",
"description":"Email receivers",
"users":[
{
"id":user_id,
"email":"user_email",
"name":"user_name"
}
]
}
],
"ADMIN":[
{
"id":group_id,
"name":"group_name",
"description":"Administrators",
"users":[
{
"id":user_id,
"email":"user_email",
"name":"user_name"
}
]
}
],
"PRODUCT_INTEGRATOR":[
{
"id":group_id,
"name":"group_name",
"description":"Product Integrators",
"users":[
{
"id":user_id,
"email":"user_email",
"name":"user_name"
}
]
}
]
},
"userRoles":{
}
} |
Set Organization Assignments
You can assign an Organization-level role to specific users or to a group of users using the below API calls. The following roles are supported:
Administrators
Administrators have control over the entire organization. They can create, invite and remove users, add products and projects and much more.
You can assign the Administrator role to a specific user or group.
Assigning the role of Administrator to individuals is not recommended. Instead, consider using only groups for simpler and easier user and role management.
| Code Block |
|---|
{
"requestType": "setOrganizationAssignments",
"userKey": "user_key",
"orgToken": "organization_api_key",
"administrators" :
{
"groupAssignments":[{"name":"group_name"},{"name":"group_name"}],
"userAssignments":[{"email":"user_email"},{"email":"user_email"}]
}
} |
Response Format
| Code Block |
|---|
"message":"Successfully set organization assignments" |
New Alert Email Receivers
| Code Block |
|---|
{
"requestType": "setOrganizationAssignments",
"userKey": "user_key",
"orgToken": "organization_api_key",
"alertsEmailReceivers" :
{
"groupAssignments":[{"name":"group_name"},{"name":"group_name"}],
"userAssignments":[{"email":"user_email"},{"email":"user_email"}]
}
} |
Response Format
| Code Block |
|---|
"message":"Successfully set organization assignments" |
Default Approver
All pending tasks in the organization are sent to the Default Approver. Changing the Default Approver only impacts future tasks. Existing tasks are assigned to their original Approver.
The organization must have a Default Approver at all times. The role of Default Approver is assigned to the organization creator by default, and any member of the organization can be assigned to this role. You also have the option to assign the Default Approver to a specific group.
The Product level Default Approver overrides the organization level Default Approver for their relevant Product(s).
| Code Block |
|---|
{
"requestType": "setOrganizationAssignments",
"userKey": "user_key",
"orgToken": "organization_api_key",
"defaultApprover" :
{
"groupAssignments":[{"name":"group_name"},{"name":"group_name"}],
"userAssignments":[{"email":"user_email"},{"email":"user_email"}]
}
} |
Response Format
| Code Block |
|---|
"message":"Successfully set organization assignments" |
Auditor
The Auditor role can be assigned to service users to grant them read-only permissions in the scope of a specific organization. It is recommended to use this role when you want service users to fetch organizational information, but don't want to grant them full admin permissions.
NOTE: The groupAssignment and userAssignment are single entity fields, while groupAssignments and userAssignments are arrays that support receiving multiple values.
| Code Block |
|---|
{
"requestType" : "setOrganizationAssignments",
"userKey":"admin_user_key"
"orgToken" : "organization_api_key",
"readOnlyUsers" :
{
"groupAssignments":[{"name":"group_name"},{"name":"group_name"}], // This parameter will be deprecated shortly. Only the first value in each array will be used, since the default approver role only supports a single user.
"userAssignments":[{"email":"user_email"},{"email":"user_email"}], //This parameter will be deprecated shortly. Only the first value in each array will be used, since the default approver role only supports a single group.
"groupAssignment":{"name":"group_name"},{"name":"group_name"},
"userAssignment":{"email":"user_email"},{"email":"user_email"}
}
} |
Response Format
| Code Block |
|---|
"message": "The following organization assignments have been set: Read Only" |
Set Product Assignments
You can assign a Product-level role to specific users or to a group of users using the below API calls. The following roles are supported:
Product Administrators
Product Administrators have control over the entire product, they can rename and delete the product, and all the projects under it.
| Code Block |
|---|
{
"requestType": "setProductAssignments",
"userKey": "user_key",
"productToken": "product_api_key",
"productAdmins" :
{
"userAssignments":[{"email":"user_email"}],
"groupAssignments":[{"name":"group_name"}]
}
} |
Response Format
| Code Block |
|---|
"message":"Successfully set product assignments" |
New Alert Email Receivers
| Code Block |
|---|
{
"requestType": "setProductAssignments",
"userKey": "user_key",
"productToken": "product_api_key",
"alertsEmailReceivers" :
{
"userAssignments":[{"email":"user_email"}],
"groupAssignments":[{"name":"group_name"}]
}
} |
Response Format
| Code Block |
|---|
"message":"Successfully set product assignments" |
Product Membership/Assignment
Product members can view the product data and of all projects under it, and open tickets for libraries.
By default all users in the organization are members of the product, assigning a user as member of the product will cause all other users to be excluded.
| Code Block |
|---|
{
"requestType": "setProductAssignments",
"userKey": "user_key",
"productToken": "product_api_key",
"productMembership" :
{
"userAssignments":[{"email":"user_email"}],
"groupAssignments":[{"name":"group_name"}]
}
} |
Response Format
| Code Block |
|---|
"message":"Successfully set product assignments" |
Product Default Approver
All tickets in the product are sent to the Default Approver. When the role of Product Approver is not assigned, all product tickets are sent to the organization default approver. Any member of the organization can be assigned to this role. You can also assign the Default Approver to a specific group. Changing the Product Approver will only affect future pending tasks, existing tasks will still be assigned to their original approver.
| Code Block |
|---|
{
"requestType": "setProductAssignments",
"userKey": "user_key",
"productToken": "product_api_key",
"productApprovers" :
{
"userAssignments":[{"email":"user_email"}],
"groupAssignments":[{"name":"group_name"}]
}
} |
Response Format
| Code Block |
|---|
"message":"Successfully set product assignments" |
Product Integrators
Product integrators can run a scan on a new or existing project within the product.
They can also view data on the product and all projects under it, and open tickets for libraries.
NOTE: The groupAssignment and userAssignment are single entity fields, while groupAssignments and userAssignments are arrays that support receiving multiple values.
| Code Block |
|---|
{
"requestType": "setProductAssignments",
"userKey": "user_key",
"productToken": "product_api_key",
"productIntegrators" :
{
"userAssignments":[{"email":"user_email"}], // This parameter will be deprecated shortly. Only the first value in each array will be used, since the default approver role only supports a single user.
"groupAssignments":[{"name":"group_name"}], //This parameter will be deprecated shortly. Only the first value in each array will be used, since the default approver role only supports a single group.
"userAssignment":{"email":"user_email"},
"groupAssignment":{"name":"group_name"}
}
} |
Response Format
| Code Block |
|---|
"message":"Successfully set product assignments"
|
Create Project
| Code Block |
|---|
{
"requestType" : "createProject",
"userKey": "user_key",
"productToken": "product_token",
"projectName": "my new project",
"projectDescription" : "optional field. Not mandatory"
} |
| Info |
|---|
The "projectDescription" field is an optional field. |
Response Format
| Code Block |
|---|
{
"projectToken": "new project token here",
"message": "Successfully created project my new project"
} |
Delete Project
| Code Block |
|---|
{
"requestType" : "deleteProject",
"userKey": "user_key",
"productToken" : "parent product token",
"projectToken": "token of the project to be deleted"
} |
Response Format
| Code Block |
|---|
{
"message": "Successfully deleted project <project name>"
} |
Create Product
| Code Block |
|---|
{
"requestType" : "createProduct",
"userKey": "user_key",
"productName" : "new product name",
"orgToken" : "organization token"
}
|
Response Format
| Code Block |
|---|
{
"productToken": "new product token",
"message": "Successfully created product <new product name>"
} |
Delete Product
| Code Block |
|---|
{
"requestType" : "deleteProduct",
"userKey": "user_key",
"orgToken" : "organization token",
"productToken" :"product token"
} |
Response Format
| Code Block |
|---|
{
"message": "Successfully deleted product <product name>"
} |
Get Project Hierarchy
| Info |
|---|
'includeInHouseData' is an optional parameter. When set to ‘false’, in-house libraries data is not returned in the API response (default is ‘true’). |
| Code Block |
|---|
{
"requestType" : "getProjectHierarchy",
"userKey": "user_key",
"projectToken" : "project token",
"includeInHouseData" : true
} |
Response Format
| Code Block |
|---|
{
"libraries": [
{
"keyUuid": "1f9ee6ec-eded-45d3-8fdb-2d0d735e5b14",
"keyId": 43,
"filename": "log4j-1.2.17.jar",
"name": "log4j",
"groupId": "log4j",
"artifactId": "log4j",
"version": "1.2.17",
"sha1": "5af35056b4d257e4b64b9e8069c0746e8b08629f",
"type": "UNKNOWN_ARTIFACT",
"coordinates": "log4j:log4j:1.2.17"
},
{
"keyUuid": "f362c53f-ce25-4d0c-b53b-ee2768b32d1a",
"keyId": 45,
"filename": "akka-actor_2.11-2.5.2.jar",
"name": "akka-actor",
"groupId": "com.typesafe.akka",
"artifactId": "akka-actor_2.11",
"version": "2.5.2",
"sha1": "183ccaed9002bfa10628a5df48e7bac6f1c03f7b",
"type": "MAVEN_ARTIFACT",
"coordinates": "com.typesafe.akka:akka-actor_2.11:2.5.2",
"dependencies": [
{
"keyUuid": "49c6840d-bf96-470f-8892-6c2a536c91eb",
"keyId": 44,
"filename": "scala-library-2.11.11.jar",
"name": "Scala Library",
"groupId": "org.scala-lang",
"artifactId": "scala-library",
"version": "2.11.11",
"sha1": "e283d2b7fde6504f6a86458b1f6af465353907cc",
"type": "MAVEN_ARTIFACT",
"coordinates": "org.scala-lang:scala-library:2.11.11"
},
{
"keyUuid": "e5e730d1-8b41-4d2d-a8c5-610a374b6501",
"keyId": 46,
"filename": "scala-java8-compat_2.11-0.7.0.jar",inve
"name": "scala-java8-compat_2.11",
"groupId": "org.scala-lang.modules",
"artifactId": "scala-java8-compat_2.11",
"version": "0.7.0",
"sha1": "a31b1b36bcf0d53657733b5d40c78d5f090a5dea",
"type": "UNKNOWN_ARTIFACT",
"coordinates": "org.scala-lang.modules:scala-java8-compat_2.11:0.7.0"
},
{
"keyUuid": "426c0056-f180-4cac-a9dd-c266a76b32c9",
"keyId": 47,
"filename": "config-1.3.1.jar",
"name": "config",
"groupId": "com.typesafe",
"artifactId": "config",
"version": "1.3.1",
"sha1": "2cf7a6cc79732e3bdf1647d7404279900ca63eb0",
"type": "UNKNOWN_ARTIFACT",
"coordinates": "com.typesafe:config:1.3.1"
}
]
},
{
"keyUuid": "25a8ceaa-4548-4fe4-9819-8658b8cbe9aa",
"keyId": 48,
"filename": "kafka-clients-0.10.2.1.jar",
"name": "Apache Kafka",
"groupId": "org.apache.kafka",
"artifactId": "kafka-clients",
"version": "0.10.2.1",
"sha1": "3dd2aa4c9f87ac54175d017bcb63b4bb5dca63dd",
"type": "MAVEN_ARTIFACT",
"coordinates": "org.apache.kafka:kafka-clients:0.10.2.1",
"dependencies": [
{
"keyUuid": "71065ffb-e509-4e2d-88bc-9184bc50888d",
"keyId": 49,
"filename": "lz4-1.3.0.jar",
"name": "LZ4 and xxHash",
"groupId": "net.jpountz.lz4",
"artifactId": "lz4",
"version": "1.3.0",
"sha1": "c708bb2590c0652a642236ef45d9f99ff842a2ce",
"type": "MAVEN_ARTIFACT",
"coordinates": "net.jpountz.lz4:lz4:1.3.0"
},
{
"keyUuid": "e44ab569-de95-4562-8efa-a2ebfe808471",
"keyId": 50,
"filename": "slf4j-api-1.7.21.jar",
"name": "SLF4J API Module",
"groupId": "org.slf4j",
"artifactId": "slf4j-api",
"version": "1.7.21",
"sha1": "139535a69a4239db087de9bab0bee568bf8e0b70",
"type": "MAVEN_ARTIFACT",
"coordinates": "org.slf4j:slf4j-api:1.7.21"
},
{
"keyUuid": "72ecad5e-9f35-466c-9ed8-0974e7ce4e29",
"keyId": 51,
"filename": "snappy-java-1.1.2.6.jar",
"name": "snappy-java",
"groupId": "org.xerial.snappy",
"artifactId": "snappy-java",
"version": "1.1.2.6",
"sha1": "48d92871ca286a47f230feb375f0bbffa83b85f6",
"type": "UNKNOWN_ARTIFACT",
"coordinates": "org.xerial.snappy:snappy-java:1.1.2.6"
}
]
}
]
} |
Get Project Inventory
| Info |
|---|
'includeInHouseData' is an optional parameter. When set to ‘false’, in-house libraries data is not returned in the API response (default is ‘true’). |
| Code Block |
|---|
{
"requestType" : "getProjectInventory",
"userKey": "user_key",
"projectToken" : "project_token",
"includeInHouseData" : true
} |
Response Format
| Code Block |
|---|
{"projectVitals":{
"productName": "fsa",
"name": "fsa",
"token": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"creationDate": "2017-06-17 07:12:29",
"lastUpdatedDate": "2017-06-17 07:34:31"
},
"libraries":[
{
"keyUuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"keyId": 24559109,
"name": "comm-2.0.3.jar",
"artifactId": "comm-2.0.3.jar",
"type": "MAVEN_ARTIFACT",
"licenses":[],
"vulnerabilities":[],
"outdated": false,
"matchType": "FILENAME"
}]} |
Get Project State
| Code Block |
|---|
{
"requestType":"getProjectState",
"userKey": "user_key",
"projectToken":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
} |
Response Format
| Code Block |
|---|
{
"projectState":{
"lastProcess":"UPDATE",
"inProgress":false,
"date":"2017-06-17"}
} |
Get Library Source Files
| Code Block |
|---|
{
"requestType":"getLibrarySourceFiles",
"userKey": "user_key",
"projectToken":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"keyUuid":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
} |
Response Format
| Code Block |
|---|
{"sourceFiles":[{
"sha1":"6bf3b8ddfecac64a916ba69de50e9faac70992ba",
"name":"x509_obj.c",
"path":"C:\\Users\\Work1\\Documents\\FSA\\GITHUB-downloads\\openssl_openssl_OpenSSL_0_9_4_openssl_openssl_OpenSSL_0_9_4_crypto_x509_x509_obj.c"}]
} |
Get Project Library Dependencies
| Code Block |
|---|
{
"requestType":"getProjectLibraryDependencies",
"userKey": "user_key",
"projectToken":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"keyUuid":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
} |
...
| Code Block |
|---|
{
"dependencies":[
[
{
"keyUuid":"0b6a3818-ed95-4190-b40d-0d0d9ca51166",
"name":"CDI APIs",
"groupId":"javax.enterprise",
"artifactId":"cdi-api",
"version":"1.0",
"classifier":"",
"scope":"COMPILE",
"extension":"jar",
"sha1":"44c453f60909dfc223552ace63e05c694215156b",
"dependencies":[
{
"keyUuid":"e8d725f6-081c-4e7d-b09c-3fadcb861a35",
"name":"JSR-250 Common Annotations for the JavaTM Platform",
"groupId":"javax.annotation",
"artifactId":"jsr250-api",
"version":"1.0",
"classifier":"",
"scope":"COMPILE",
"extension":"jar",
"sha1":"5025422767732a1ab45d93abfea846513d742dcf",
"dependencies":[
],
"licenses":[
{
"name":"CDDL 1.0",
"url":"http://www.opensource.org/licenses/CDDL-1.0"
}
]
}
],
"licenses":[
{
"name":"Apache 2.0",
"url":"http://www.opensource.org/licenses/Apache-2.0"
}
]
},
{
"keyUuid":"b4264d26-09ca-4266-97ba-0bec7318d984",
"name":"org.eclipse.sisu.inject",
"groupId":"org.eclipse.sisu",
"artifactId":"org.eclipse.sisu.inject",
"version":"0.3.2",
"classifier":"",
"scope":"COMPILE",
"extension":"jar",
"sha1":"59044b92ec27cc6fda7a2d24b2cd6cec23f31d5b",
"dependencies":[
],
"licenses":[
{
"name":"Eclipse 1.0",
"url":"http://www.opensource.org/licenses/EPL-1.0"
}
]
}
]
]
} |
WhiteSource Advise for Chrome
Invite User to WhiteSource Advise for Chrome
| Code Block |
|---|
{
"requestType" : "inviteUserToWebAdvisor",
"userKey": "user_key",
"orgToken" : "Organization Token",
"userEmail": "User email address"
}
|
Response
| Code Block |
|---|
{ "message": "Successfully invited external user" } |
Service User
Create a Service User
| Code Block |
|---|
{
"requestType": "createServiceUser",
"orgToken": "organization_api_key",
"userKey": "user_key",
"addedUser":{
"name":"new_user_name"
}
}
|
Response
| Code Block |
|---|
{
"user" : {
"userKey": xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
} |
Regenerate User Key for a Service User
| Code Block |
|---|
{
"requestType": "regenerateUserKey",
"orgToken": "organization_api_key",
"userKey": "user_key",
"serviceUserKey": "service_user_key"
}
|
Response
| Code Block |
|---|
{
"user" : {
"userKey": 232gkey45gt34
} |
Get Organization Service User
| Code Block |
|---|
{
"requestType":"getOrganizationServiceUsers",
"userKey":"user_key",
"orgToken":"org_token"
}
|
Response
| Code Block |
|---|
{
"serviceUsers": [
{
"serviceUserName": "user_a",
"serviceUserToken": "user_a_token"
},
{
"serviceUserName": "user_b",
"serviceUserToken": "user_b_token"
}
]
} |
Get Product Service User
| Code Block |
|---|
{
"requestType":"getProductServiceUsers",
"userKey":"user_key",
"productToken":"product_token"
}
|
Response
| Code Block |
|---|
{
"serviceUsers": [
{
"serviceUserName": "user_a",
"serviceUserToken": "user_a_token"
}
]
} |
Change Origin Library
Changes the origin library of source files.
| Code Block |
|---|
{
"requestType" : "changeOriginLibrary",
"userKey": "userKey",
"orgToken" : "orgToken",
"targetKeyUuid": "key-uuid-of-the-source-library-to-change-files",
"sourceFiles": ["sha1_1", "sha1_2"],
"userComments": "user-comments"
} |
Response Format
| Code Block |
|---|
{
"message": "Successfully changed origin library"
} |
Set Project Setup Notification Configuration
This request enables you to define rules for email notifications.
| Code Block |
|---|
{
"requestType" : "setProjectSetupNotificationConfig",
"orgToken" : "organization_api_key",
"userKey" : "user_api_key",
"action": "notification_ENABLED|DISABLED|CUSTOM",
"projectTagKeyRegex" : "project_tag_key_pattern",
"projectTagValueRegex" : "project_tag_value_pattern"
} |
Response Format
| Code Block |
|---|
{
"message": "Successfully changed project setup completion notification configuration"
} |
'action' values are: CUSTOM, ENABLED, DISABLED
'projectTagKeyRegex' and 'projectTagValueRegex' are mandatory only in case the action is CUSTOM. Both of their values must be formatted regex valid strings. In such cases, the notifications are sent when both projectTagKeyRegex and projectTagValueRegex are in accordance with the defined project tags.
CUSTOM Action Sample
| Code Block |
|---|
{
"requestType" : "setProjectSetupNotificationConfig",
"orgToken" : "5dc3e478a8f6500e5b525f3",
"userKey" : "7e3694ac0a50ebb",
"action": "CUSTOM",
"projectTagKeyRegex" : "^[0-9]*$",
"projectTagValueRegex" : "^(ProjectTagValue)"
} |
Get Plugin Request State
Get Request State
| Code Block |
|---|
{
"requestType" : "getRequestState",
"userKey": "user_key",
"orgToken" : "organization token",
"requestToken" : "support token"
} |
Response Format
| Code Block |
|---|
{
"requestState": "FINISHED",
"timestamp": "2018-02-28T17:48:19Z"
} |
Possible requestState values:
UNKNOWN - either orgToken or requestToken are invalid
IN_PROGRESS - update is in progress
UPDATED - inventory has been modified yet alerts have not been calculated yet
FINISHED - alerts have been calculated successfully
FAILED - an error has occurred during the update process
SKIPPED - when a scan for a project is requested while a scan for the same project is being executed simultaneously, the new scan is skipped
The timestamp field is in UTC format.
The requestToken (also displayed as "Support Token" when printing results to the console from the plugins) can be found in the data of the response returned form the server).
Note: Available since version 18.2.1
Vulnerability-Based Alerts
| Info |
|---|
The following APIs are only available in organization set to vulnerability based alerting mode. |
Get Security Alerts by Vulnerability Report
Generates security alerts report detailed by vulnerability, in the scope of the organization, a specific product or a specific project.
The "status" parameter allows filtering of specific alerts statuses ("Active", "Ignored", "Resolved") and by default is set to all statuses.
Organization
| Code Block |
|---|
{
"requestType" : "getOrganizationSecurityAlertsByVulnerabilityReport",
"userKey": "user_key",
"orgToken" : "organization_api_key",
"status" : "active",
"format" : "xlsx"
} |
Product
| Code Block |
|---|
{
"requestType" : "getProductSecurityAlertsByVulnerabilityReport",
"userKey": "user_key",
"productToken" : "product_token",
"status" : "ignored",
"format" : "xlsx"
} |
Project
| Code Block |
|---|
{
"requestType" : "getProjectSecurityAlertsByVulnerabilityReport",
"userKey": "user_key",
"projectToken" : "project_token",
"format" : "xlsx"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>-alerts-report.xlsx
Get Security Alerts by Library Report
Generates security alerts report detailed by library, in the scope of the organization, a specific product or a specific project.
The "status" parameter allows filtering of specific alerts statuses ("Active", "Ignored") and by default is set to all statuses. A library that is marked as "active" has at list 1 active alert. A library that is marked as "ignored" has at list 1 ignored alert.
Organization
| Code Block |
|---|
{
"requestType" : "getOrganizationSecurityAlertsByLibraryReport",
"userKey": "user_key",
"orgToken" : "organization_api_key",
"status" : "active",
"format" : "xlsx"
} |
Product
| Code Block |
|---|
{
"requestType" : "getProductSecurityAlertsByLibraryReport",
"userKey": "user_key",
"productToken" : "product_token",
"status" : "ignored",
"format" : "xlsx"
} |
Project
| Code Block |
|---|
{
"requestType" : "getProjectSecurityAlertsByLibraryReport",
"userKey": "user_key",
"projectToken" : "project_token",
"format" : "xlsx"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>-alerts-report.xlsx
Get License and Compliance Alerts Report
Generates license and Compliance alerts report in the scope of the organization, a specific product or a specific project.
The "status" parameter allows filtering of specific alerts statuses ("Active", "Ignored", “Resolved”) and by default is set to all statuses.
Organization
| Code Block |
|---|
{
"requestType" : "getOrganizationLicenseAndComplianceAlertReport",
"userKey": "user_key",
"orgToken" : "organization_api_key",
"status" : "active",
"format" : "xlsx"
} |
Product
| Code Block |
|---|
{
"requestType" : "getProductLicenseAndComplianceAlertReport",
"userKey": "user_key",
"productToken" : "product_token",
"status" : "ignored",
"format" : "xlsx"
} |
Project
| Code Block |
|---|
{
"requestType" : "getProjectLicenseAndComplianceAlertReport",
"userKey": "user_key",
"projectToken" : "project_token",
"format" : "json"
} |
Response
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>-license-and-compliance-alert-report.xlsx
Response Structure
Structure of the vulnerability in each security vulnerability alert object:
Vulnerability
Each vulnerability object has the following fields:
...
name - the name of the vulnerability (e.g. CVE-2008-0983).
...
severity - the CVSS severity (as taken from NVD), can be one of:
HIGH
MEDIUM
LOW
...
score - the CVSS score (as taken from NVD), values range from 0-10.
...
cvss3_score - the CVSS score 3 (as taken from NVD), values range from 0-10.
...
cvss3_severity - if cvss 3 score is between 0-3.9 - low, if cvss 3 score is between 4-6.9 - medium, if cvss 3 score is between 7-10 - high
...
scoreMetadataVector - a text representation of a set of CVSS metrics. See also related specification.
...
description - the vulnerability description.
...
publishDate - the publish date.
...
sourceFile - in case the vulnerability was matched to a source file, not the binary library, the sourceFile field will be populated (see details below).
Note: only libraries with type SOURCE_LIBRARY have source files.
...
vulnerabilityFix - the top fix of the vulnerability (see details below).
...
fixResolutionText - the actual resolution text to display for the given fix.
| Info |
|---|
The 'vulnerabilityFix' and 'fixResolutionText' fields are populated only when there is an available fix. |
Library Details Overview
...
type
...
groupId
...
artifactId
...
version
...
name
...
filename
...
ActionScript
Alpine
Arch Linux
Debian
Java Archive
JavaScript
javascript/Node.js
Nuget
Python
RPM
Ruby
...
Package name
...
Filename
...
Package version
...
Package name
...
Filename (taken from artifactId)
...
Java
...
Maven groupId
...
Maven artifactId
...
Maven version
...
Maven project name
...
artifactId + version + extension
...
javascript/Bower
...
Project owner
...
Package name
...
Package version
...
Package name
...
artifactId + version
...
.NET
...
Owner / Organization
...
.NET project name
...
Package version
...
.NET project name
...
artifactId + version + extension
...
Source Library
...
Project owner
...
SCM project name
...
Repository version / tag
...
artifactId + version
...
artifactId + version
...
Unknown Library
...
-
If the artifact has owner, it will be displayed as groupId
...
filename + extension.
...
-
Will be shown only in case the artifact has version when uploaded
...
filename + extension
If the artifact has artifactId and version, the name will consist of them
...
Filename + extension
Source File
Each source file object has the following fields:
name - the name of the source file.
sha1 - the SHA-1 checksum.
Vulnerability Fix
Each vulnerability fix object has the following fields:
...
vulnerability - the name of the vulnerability (e.g. CVE-2008-0983).
...
type - the type of fix available, can be one of:
CHANGE_FILES
PATCH
UPGRADE_VERSION
...
vulnerabilityFixOrigin - the site, service or provider of the fix, can be one of:
GITHUB_COMMIT
JIRA
BUGZILLA
NODE_SECURITY_ADVISORY
PIVOTAL_VULNERABILITY_REPORT
FFMPEG_SECURITY
STRUTS_SECURITY_BULLETIN
XFORCE_VULNERABILITY_REPORT
SECURITY_TRACKER
WHITESOURCE_EXPERT - Used whenever a WhiteSource security researcher discovers that a vulnerability can be fixed by upgrading to a newer version, and there are no other sources for the vulnerability fix.
...
url - the URL of the fix.
...
fixResolution - the fix resolution. Depending on the origin the fixResolution field may vary:
GITHUB_COMMIT - comma separated file names to change.
JIRA - comma separated list of versions, e.g. “1.0.5,1.1.3”.
BUGZILLA - comma separated list of versions.
NODE_SECURITY_ADVISORY - text taken as-is from the origin, e.g. “>= 1.0.4” or “Upgrade to version 0.2.5 or greater.”
PIVOTAL_VULNERABILITY_REPORT - text taken as-is from the origin.
FFMPEG_SECURITY - comma separated list of versions.
STRUTS_SECURITY_BULLETIN - text taken as-is from the origin, e.g. “Developers should upgrade to Struts 2.0.12”.
XFORCE_VULNERABILITY_REPORT - text taken as-is from the origin, e.g. “Refer to ASA-2007-010 for patch, upgrade or suggested workaround information. See References.”.
SECURITY_TRACKER - text taken as-is from origin, e.g. “The vendor has issued a fix (2.3.17, 2.4.11).”.
...
date - publish date of the fix (not always available).
...
messsage - the title / description of the fix as taken from the origin.
...
extraData - extra data stored for each fix in key_1=value_1&key_2&value_2 pairs. Depending on the origin the extraData field may vary:
key - the short commit SHA-1.
committerName - the name of the committer.
committerUrl - a link to the committer’s page on GitHub.
committerAvatar - a link to the committer’s avatar.
key - the issue id.
assignee - the person assigned to the issue.
key - the issue id.
assignee - the person assigned to the issue.
key - the advisory id.
key - the report id, which is simply the CVE name.
key - the bulletin id.
key - the report id.
key - the alert id.
GITHUB_COMMIT
JIRA
BUGZILLA
NODE_SECURITY_ADVISORY
PIVOTAL_VULNERABILITY_REPORT
FFMPEG_SECURITY - no extra data available.
STRUTS_SECURITY_BULLETIN
XFORCE_VULNERABILITY_REPORT
SECURITY_TRACKER
Project State
SETUP - Initializing project.
DIFF - Calculating inventory changes.
UPDATE - Updating inventory.
CHANGE_EXCLUSIONS - Updating dependency exclusions.
CHANGE_LOCAL_PATHS - Updating library paths.
REMOVE - Removing libraries.
PARTNER_UPDATE - Updating inventory.
UPDATE_ALERTS - Updating alerts.
CREATE_ISSUES - Creating external tickets
Assignments
...
ADMIN
...
ALERTS_IGNORER
...
ALERT_EMAIL_RECEIVER
...
DEFAULT_APPROVER
...
LEGAL_ASSIGNER
...
USER
...
API Requests
For documentation of API requests that relate to:
Policies, see /wiki/spaces/WD/pages/33816708
Alerts, see Alerts API
Groups and Users, see Groups and Users API
Reports, see Reports API
Licenses and Libraries, see Licenses and Library API
Global Orgs/Organizations/Products/Projects, see Global Org/Organization/Product/Project API
Products and Projects, see Product and Project-Level API