Versions Compared

Old Version 35

changes.mady.by.user Michelle Friedman

Saved on

compared with

New Version 36

changes.mady.by.user Michelle Friedman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Previously, in the responses, the alert UUID was the same for all vulnerabilities related to the same library name. After enabling this feature, the alert UUID is unique per CVE and therefore different for all the vulnerabilities related to the same library.
  • A new element has been added (sourceFiles) to the API response in case there is a relation between a CVE and a source file.
  • The following fields were added to the responses of the APIs: getAlerts, getAlertsByProjectTag, getProjectAlertByType in all the scopes (project/product/organization):
     
    • Modified Date
    • Alert Status
    • Comment

New APIs 

The following is a list of new APIs that are only available to organizations if Vulnerability-based Alerting is installed:

APIs for generating security alerts reports, detailed by vulnerability 

  • getOrganizationSecurityAlertsByVulnerabilityReport
  • getProductSecurityAlertsByVulnerabilityReport
  • getProjectSecurityAlertsByVulnerabilityReport

APIs for generating security alerts reports, detailed by library

  • getOrganizationSecurityAlertsByLibraryReport
  • getProductSecurityAlertsByLibraryReport
  • getProjectSecurityAlertsByLibraryReport

APIs for generating license and compliance alerts reports

  • getOrganizationLicenseAndComplianceAlertReport
  • getProductLicenseAndComplianceAlertReport
  • getProjectLicenseAndComplianceAlertReport

For more details on these API calls, please refer to the API v3 documentation -v1.3 documentation: HTTP API v1.3 (update in progress)3#Vulnerability-basedAlerts

Removed APIs 

Additionally, the following is a list of APIs that are not available to organizations if Vulnerability-based Alerting is installed:

  • getOrganizationAlertsReport
  • getProductAlertsReport
  • getProjectAlertsReport
  • getOrganizationIgnoredAlertsReport
  • getProductIgnoredAlertsReport
  • getProjectIgnoredAlertsReport
  • getOrganizationResolvedAlertsReport
  • getProductResolvedAlertsReport
  • getProjectResolvedAlertsReport

...

For the remaining APIs that have not been affected by the transition to Vulnerability-based Alerting, see the following:

NOTE: In case there is a relation between a CVE and a source file, the following elements will be added to the API response:

...