HTTP API v1.2
API capability requires an additional WhiteSource license. Contact your CSM for more details.
This page covers APIs for version 1.2. All version 1.2 APIs must include the following prerequisite:
- The admin user provides a valid ‘userKey’ as part of the API call. This is the case regardless of whether the checkbox "Enforce user level access" in the Integrate page is enabled/disabled. See also User Level Access Control in Integrations and APIs.
Overview
The WhiteSource HTTP API is available for WhiteSource customers who are licensed to use it. The APIs can be accessed by the organization's administrator(s).
This document describes the WhiteSource HTTP API v1.2. The API URL can be obtained by copying the 'WhiteSource Server URL', which can be retrieved from your 'Profile' page on the 'Server URLs' panel. Then, add the path '/api/v1.2' to it. For example: https://saas.whitesourcesoftware.com/api/v1.2.
The API is simply an HTTP endpoint implementing a JSON speaking web service and handling POST requests. Like the service itself, communication is secured with SSL.
The old WhiteSource API is currently still supported, and is documented in the HTTP API page.
API Execution Scope
Generally, each level of the administrator (Organization, Product) can get/set the API attributes in the API calls that refer to their scope and/or under their scope. For example, Product administrators can only execute API calls related to their Projects/Products that are defined in WhiteSource, but they cannot execute Organization related API calls which are outside of their scope. There are two API calls that do not follow this rule:
- getProjectVitals – Product administrators can use the Organization level call and get the product/project vitals related to their products/projects.
- getRequestState – Although an Organization token is required in the call, a product administrator can also execute it.
API URL
The base URL for all API endpoints can be obtained from the 'Integrate' tab (calls to HTTP cannot be redirected to HTTPS).
Only POST requests are accepted.
Request payload should have:
- Content-Type = application/json
Character Sets
WhiteSource HTTP API v1.x supports Accept-Charset header.
If the value of the header is a supported charset (see supported values below) the response would be in that charset.
Otherwise, if the value is not supported or the header isn't sent, the default response character set will be UTF-8.
Supported character sets:
- utf-8
- utf-16
- iso-8859-1
- iso-8859-2
- iso-8859-4
- iso-8859-5
- iso-8859-7
- iso-8859-9
- us-ascii
Supported methods
WhiteSource HTTP API supports the following methods:
Alerts
- Get All Organization Alerts
- Get All Product Alerts
- Get All Project Alerts
- Get Alerts by Project tag
Alerts by Type
- Get Organization Alerts by Type
- Get Product Alerts by Type
- Get Project Alerts by Type
Change Log
- Get Change Log
Licenses
- Get All Organization Licenses
- Get All Product Licenses
- Get All Project Licenses
License Histogram
- Get Organization License Histogram
- Get Product License Histogram
- Get Project License Histogram
Organization Vitals
- Get All Organizations
- Get Organization Details
Project / Product Vitals
- Get All Products
- Get All Projects
- Get Organization Project Vitals (vitals of all projects within an organization)
- Get Product Project Vitals (vitals of all projects within a product)
- Get Project Vitals
- Get Organization Product Vitals (vitals of all products within an organization)
Project Tags
- Get Organization Project Tags
- Get Product Project Tags
- Get Project Tags
- Save Project Tag
Misc.
- Get Product Licenses Text Zip file
- Update project with JNinka result file (jninka.xml)
Reports
- Get Organization Risk Report
- Get Product Risk Report
- Get Organization Inventory Report
- Get Product Inventory Report
- Get Project Inventory Report
- Get Organization Container Vulnerability Report
- Get Cluster Vulnerability Report
- Get Organization Vulnerability Report
- Get Product Vulnerability Report
- Get Project Vulnerability Report
- Get Organization Source File Inventory Report
- Get Product Source File Inventory Report
- Get Organization Alerts Report
- Get Product Alerts Report
- Get Project Alerts Report
- Get Organization Attributes Report
- Get Product Attributes Report
- Get Organization Library Location Report
- Get Product Library Location Report
- Get Organization Due Diligence Report
- Get Product Due Diligence Report
- Get Organization Effective Licenses Report
- Get Product Effective Licenses Report
- Get Organization Bugs Report
- Get Product Bugs Report
- Get Project Bugs Report
- Get Organization Ignored Alerts Report
- Get Product Ignored Alerts Report
- Get Project Ignored Alerts Report
- Get Organization Resolved Alerts Report
- Get Product Resolved Alerts Report
- Get Project Resolved Alerts Report
- Get Organization Request History Report
- Get Product Request History Report
- Get Project Request History Report
- Get Organization Members Report
- Get Product Members Report
- Get Project Members Report
- Get Plugin Request History Report
- Get Product Attribution Report
- Get Project Attribution Report
Library Locations
- Get Product Library Locations
- Get Project Library Locations
Policies
See Policies API
- Get Organization Policies
- Get Product Policies
- Get Project Policies
- Add Organization Policy
- Add Product Policy
- Add Project Policies
- Update Organization Policy
- Update Product Policy
- Update Project Policy
- Remove Organization Policies
- Remove Product Policies
- Remove Project Policies
- Reorder Organization Policy Priorities
- Reorder Product Policy Priorities
- Reorder Project Policy Priorities
- Get Licenses
Groups and Users
- Create Group
- Create User
- Invite User
- Get All Groups
- Get All users
- Get Organization Assignments
- Get Product Assignments
- Set Organization Assignments
- Set Product Assignments
- Add Users to Groups
- Remove User from Group
- Remove User from Organization:
Project Create / Delete
- Create Project
- Delete Project
Product Create / Delete
- Create Product
- Delete Product
Project API Requests
- Get Project Hierarchy
- Get Project Inventory
- Get Project State
- Get Library Source Files
WhiteSource Advise for Chrome
- Invite user to WhiteSource Advise for Chrome
API Format
All requests require a token available via the API Integration page in your WhiteSource account, according to the request's context (organization / product / project).
The requestType field is mandatory for all requests
Fields
| Field name | Value |
|---|---|
| requestType | One of the following:
|
| orgToken | Your organization API key |
| productToken | A unique identifier for your product |
| projectToken | A unique identifier for your project |
| alertType | One of the following:
|
Alert Types
| Name | Description |
|---|---|
| SECURITY_VULNERABILITY | A security vulnerability has been detected for a library in the inventory |
| NEW_MAJOR_VERSION | A new major version has been released for a library in the inventory (only if major version updates is enabled) |
| NEW_MINOR_VERSION | A new minor version has been released for a library in the inventory (only if minor version updates is enabled) |
| MULTIPLE_LIBRARY_VERSIONS | Multiple versions of the same library are being used |
| REJECTED_BY_POLICY_RESOURCE | A library violating one of your policies is being used |
Notice: For version numbers, if there are 3 or more version parts, (E.g. x.y.z or x.y.z.w) both x and y are considered a major version (x.y).
If there are 2 major parts (x.y), then x is considered a major version.
Date format in all responses is "yyyy-MM-dd".
None of the results are sorted in any order.
Alerts
Get all alerts for a given organization/product/project.
Organization
{
"requestType" : "getOrganizationAlerts",
"userKey": "user_key",
"orgToken" : "organization_api_key"
}
Product
{
"requestType" : "getProductAlerts",
"userKey": "user_key",
"productToken" : "product_token"
}
Project
{
"requestType" : "getProjectAlerts",
"userKey": "user_key",
"projectToken" : "project_token"
}
Get Alerts by Project Tags
{
"requestType" : "getAlertsByProjectTag",
"userKey": "user_key",
"orgToken" : "orgToken",
"tagKey":"key1",
"tagValue":"value1"
}
Response Format when Direct Dependency
"apiAlertInfo" : [
{
"type" : "alert_type",
"level" : "alert_level",
"library": {
"keyUuid": "library_unique_id",
"filename": "library_file_name",
"name": "library_name",
"groupId": "library_group_id",
"artifactId": "library_artifact_id",
"version": "library_version",
"sha1": "library_sha1",
"type": "library_type",
"description": "library_description",
"references": {
"url": "library_url",
"pomUrl": "library_pom_url",
"scmUrl": "library_scm_url"
},
"licenses": [
{
"name": "library_license_name",
"url": "library_license_url",
"profileInfo": {
"copyrightRiskScore": "library_license_copyright_risk_score",
"patentRiskScore": "library_patent_risk_score",
"copyleft": "library_license_patent_copyleft",
"linking": "library_license_linking",
"royaltyFree": "library_license_royalty_free"
}
}
]
},
"project" : "project_name",
"directDependency": true,
"description" : "alert_description",
"date" : "alert_creation_date",
"time" : "alert_creation_time_in_epoch_format"
"alertUuid": "6f07c029-f211-4d14-bbb6-5628aa87a1d1"
}
]
Response Format with Transitive Dependency
"apiAlertInfo" : [
{
"type" : "alert_type",
"level" : "alert_level",
"library": {
"keyUuid": "library_unique_id",
"filename": "library_file_name",
"name": "library_name",
"groupId": "library_group_id",
"artifactId": "library_artifact_id",
"version": "library_version",
"sha1": "library_sha1",
"type": "library_type",
"description": "library_description",
"references": {
"url": "library_url",
"pomUrl": "library_pom_url",
"scmUrl": "library_scm_url"
},
"licenses": [
{
"name": "library_license_name",
"url": "library_license_url",
"profileInfo": {
"copyrightRiskScore": "library_license_copyright_risk_score",
"patentRiskScore": "library_patent_risk_score",
"copyleft": "library_license_patent_copyleft",
"linking": "library_license_linking",
"royaltyFree": "library_license_royalty_free"
}
}
]
},
"project" : "project_name",
"directDependency": false,
"description" : "alert_description",
"date" : "alert_creation_date",
"time" : "alert_creation_time_in_epoch_format"
"alertUuid": "6f07c029-f211-4d14-bbb6-5628aa87a1d1"
}
]
Alert level is either minor or major.
Ignored Alerts
Get a list of ignored alerts per scope (organization/product/project).
Organization
{
"requestType" : "getOrganizationIgnoredAlerts",
"userKey": "user_key",
"orgToken" : "organization_api_key"
}
Product
{
"requestType" : "getProductIgnoredAlerts",
"userKey": "user_key",
"productToken" : "product_token"
}
Project
{
"requestType" : "getProjectIgnoredAlerts",
"userKey": "user_key",
"projectToken" : "project_token"
}
Response Format
"alerts": [
{
"type":"alert_type",
"level":"alert_level",
"library": {
"keyUuid":"library_unique_id",
"filename":"library_file_name",
"name":"library_name",
"groupId":"library_group_id",
"artifactId":"library_artifact_id",
"version":"library_version",
"sha1":"library_sha1",
"type":"library_type",
"description":"library_description",
"references": {
"url":"library_url",
"pomUrl":"library_pom_url",
"scmUrl":"library_scm_url"
},
"comments":"comments"
}
}
]
Security Vulnerability
Alerts will also contain the following object:
"vulnerability": {
"name": "vulnerability_name",
"type": "vulnerability_type",
"severity": "vulnerability_severity",
"score": cvss_2_vulnerability_score,
"cvss3_severity": "cvss_3_score_severity",
"cvss3_score": cvss_3_vulnerability_score,
"publishDate": "vulnerability_publish_date"
"scoreMetadataVector": "cvss_3_metadata_vector",
"url": "URL_of_vulnerability"
"description": "vulnerability_description",
"topFix": {
"vulnerability": "vulnerability_fix_name",
"type": "vulnerability_fix_type",
"origin": "origin_of_fix",
"url": "URL_of_fix",
"fixResolution": "fix_resolution",
"date": "date_of_fix",
"message": "summary_of_fix",
"extraData": "additional_data_on_fix"
},
"allFixes": [{
"vulnerability": "vulnerability_fix_name",
"type": "vulnerability_fix_type",
"origin": "origin_of_fix",
"url": "URL_of_fix",
"fixResolution": "fix_resolution",
"date": "date_of_fix",
"message": "details_on_fix",
"extraData": "additional_data"
}]
}
topFix & allFixes objects:
These objects are displayed only when a fix is available for the specific vulnerability.
The vulnerability object has the following fields:
| Field name | Value |
|---|---|
| name | The id in the vulnerability DB (CVE or WS) |
| type | Either CVE or WS |
| severity | Severity of the CVSS 2 vulnerability (low, medium, high) |
| score | The CVSS 2 base score [0.0 - 10.0] |
| cvss3_severity | The score severity, if CVSS 3 score is between 0-3.9 - Low, if CVSS 3 score is between 4-6.9 - Medium, if CVSS 3 score is between 7-10 - High |
| cvss3_score | The CVSS 3 base score [0.0 - 10.0] |
| scoreMetadataVector | See specification link |
| publishDate | Original release date |
| url | URL of the CVE |
| description | A short description of the security vulnerability |
| topFix | Top recommended fix (when available) |
| allFixes | List of all fixes (when available) |
| fixResolutionText | The actual resolution text to display for the given fix. |
Alerts by Type
Get all alerts of a certain type for a given organization / product / project.
'fromDate' and 'toDate' are optional filtering fields. The format of these fields is either with or without time ('yyyy-MM-dd' or 'yyyy-MM-dd hh:mm:ss').
When 'fromDate' is not specified, it will be treated as the beginning of time.
When 'toDate' is not specified, it will be treated as the current date and time.
The following API calls return all alerts that were created or modified within the provided date range:
Organization
{
"requestType" : "getOrganizationAlertsByType",
"userKey": "user_key",
"alertType" : "alert_type",
"orgToken" : "organization_api_key",
"fromDate" : "2016-01-01 10:00:00",
"toDate" : "2016-01-02 10:00:00"
}
Product
{
"requestType" : "getProductAlertsByType",
"userKey": "user_key",
"alertType" : "alert_type",
"productToken" : "product_token",
"fromDate" : "2016-01-01 11:00:31",
"toDate" : "2016-01-02 11:00:31"
}
Project
{
"requestType" : "getProjectAlertsByType",
"userKey": "user_key",
"alertType" : "alert_type",
"projectToken" : "project_token",
"fromDate" : "2016-01-01 11:00:00",
"toDate" : "2016-01-02 11:00:00"
}
Response Format
Same as alerts response
Ignore Alerts
Enables users with Organization Administrators, Product Administrators, and Alert Ignorers roles to ignore alerts according to their unique identifier. You can use any alert-related API to get the alertUUID of a particular alert. See HTTP API v1.2#Alerts.
'alertUuids' and 'comments' are mandatory fields.
Request
{
"requestType":"ignoreAlerts",
"orgToken": "organization_api_key",
"userKey": "user_key",
"alertUuids": ["22f72c74-c2ea-4ed9-b37f-75d77bc52045","22f72c74-c2ea-4ed9-b37f-75d77bc52046"],
"comments": "alerts not relevant to service"
}
Response
{
"message": "Successfully ignored alerts"
}
Change Log
Get organization level Change Log Report in various formats.
Request
{
"userKey": "user_key",
"orgToken": "organization_api_key",
"requestType": "getChangesReport",
"startDateTime": "2019-08-21 08:08:08"
}
Optional Parameters
- startDateTime: Date and time for the reported change. Default value: The last seven days including today's date. For example, if today is March 15, then the filtering is for the dates 9-15 of March.
Valid options (strings in uppercase):- Any past valid date and time in the following format: 'yyyy-mm-dd hh:mm:ss'.
Response
{
"changes": [
{
"startDateTime": "2018-07-04 09:07:21",
"category": "METADATA",
"type": "SOURCE_MATCHING",
"changeType": "CHANGED",
"scope": "SOURCE_FILE",
"scopeName": "activation_mode.h",
"scopeId": 2922950,
"beforeChange": [
"tensorflow-v1.4.0-rc0"
],
"afterChange": [
"tensorflow-v1.4.0-rc0"
],
"operator": "USER",
"userEmail": "john@doe.com",
"productId": 69491,
"productName": "tensorflow",
"projectId": 338568,
"projectName": "tensor",
"comment": "changed lib of source file"
}
]
}
Licenses
Get all libraries and their licenses for a given organization/product/project.
Organization
{
"requestType" : "getOrganizationLicenses",
"userKey": "user_key",
"orgToken" : "organization_api_key",
"excludeProjectOccurrences" : true/false"
}
Product
{
"requestType" : "getProductLicenses",
"userKey": "user_key",
"productToken" : "product_token",
"excludeProjectOccurrences" : true/false"
}
Project
{
"requestType" : "getProjectLicenses",
"userKey": "user_key",
"projectToken" : "project_token",
"excludeProjectOccurrences" : true/false"
}
Response Format
"libraries" : [
{
"licenses" : [
"license_name_1",
"license_name_2"
],
"keyUuid": "library_key_uuid",
"keyId": "library_key_id",
"filename": "library_file_name",
"name" : "libarary_name",
"groupId" : "library_group_id",
"artifactId" : "library_artifact_id",
"version" : "library_version",
"sha1" : "library_sha1",
"languages": "library_language",
"references" : {"url":"library_url",
"downloadLink":"library_download_link"
}
}
]
License Histogram
Get the license histogram (license name : occurrence) for a given organization/product/project.
Organization
{
"requestType" : "getOrganizationLicenseHistogram",
"userKey": "user_key",
"orgToken" : "organization_api_key"
}
Product
{
"requestType" : "getProductLicenseHistogram",
"productToken" : "product_token"
}
Project
{
"requestType" : "getProjectLicenseHistogram",
"userKey": "user_key",
"projectToken" : "project_token"
}
Response Example
{
"licenseHistogram" : {
"Apache 2.0" : 2,
"BSD 3" : 2,
"GPL 3.0" : 1,
}
}
Get Organization Details
Returns the Organization name, creation date, number of Products, number of Projects, number of groups, and number of users
Request
{
"requestType":"getOrganizationDetails",
"orgToken":"org_token",
“userKey”:”user_key”
}
Response (Example)
{
"orgName": "Org A",
"orgToken": "Org_a_token"
"creationDate": "2016-01-01 12:00:00"
"numberOfProducts": "15"
"numberOfProjects": "105"
"numberOfGroups": "2"
"numberOfUsers": "3"
}
Get All Organizations
Returns data on all organizations within the Global Organization.
Request
{
"requestType":"getAllOrganizations",
"userKey": "user_key",
"globalOrgToken":"global_organization_token"
}
Response
{
"organizations": [
{
"orgName": "Org A",
"orgToken": "Org_a_token"
},
{
"orgName": "Org B",
"orgToken": "Org_b_token"
}
],
"message": "Success"
}
Get All Products
Receives an orgToken and returns all products in the organization; name and token of each.
Request
{
"requestType":"getAllProducts",
"userKey": "user_key",
"orgToken":"org_token"
}
Response
{
"products": [
{
"productName": "Product A",
"productToken": "product_a_token"
},
{
"productName": "Product B",
"productToken": "product_b_token"
}
],
"message": "Success"
}
Get All Projects
Receives a productToken and returns all projects in the product; name and token of each.
Request
{
"requestType":"getAllProjects",
"userKey": "user_key",
"productToken":"product_token"
}
Response
{
"projects": [
{
"projectName": "project_a",
"projectToken": "project_a_token"
},
{
"projectName": "project_b",
"projectToken": "project_b_token"
}
],
"message": "Success"
}
Get All In-House Libraries
Get information regarding all in-house libraries on an organization, product, and project level.
Request
{
"requestType" : "getOrganizationInHouseLibraries",
"orgToken" : "organization_api_key",
"userKey": "user_key"
}
{
"requestType" : "getProductInHouseLibraries",
"productToken" : "product_token",
"userKey": "user_key"
}
{
"requestType" : "getProjectInHouseLibraries",
"projectToken" : "project_token",
"userKey": "user_key"
}
Response
"libraries" : [
{
"matchType" : "manual",
"comment": "manually set to in-house",
"keyUuid": "library_unique_id",
"filename": "library_file_name",
"groupId": "library_group_id",
"artifactId": "library_artifact_id",
"version": "library_version",
"sha1": "library_sha1",
"type": "library_type",
"description": "library_description",
"productName" : "product_name",
"productToken" : "product_token",
"projectName" : "project_name",
"projectToken" : "project_token"
},
{
"matchType" : "automatic",
"pattern" : "common-*",
"keyUuid": "library_unique_id",
"filename": "library_file_name",
"groupId": "library_group_id",
"artifactId": "library_artifact_id",
"version": "library_version",
"sha1": "library_sha1",
"type": "library_type",
"description": "library_description",
"productName" : "product_name",
"productToken" : "product_token",
"projectName" : "project_name",
"projectToken" : "project_token
}
]
Response Parameters
- matchType parameter value can be either 'manual' (manually marked by user) or 'automatic' (automatically marked by in-house rule).
- pattern parameter is not returned for a library if matchType value is 'manual'.
- comment parameter is not returned for a library if matchType value is 'automatic'.
Project / Product Vitals
Get basic information regarding a project: name, token, creation date and last updated date.
Project
Organization
{
"requestType" : "getOrganizationProjectVitals",
"userKey": "user_key",
"orgToken" : "organization_api_key"
}
Product
{
"requestType" : "getProductProjectVitals",
"userKey": "user_key",
"productToken" : "product_token"
}
Project
{
"requestType" : "getProjectVitals",
"userKey": "user_key",
"projectToken" : "project_token"
}
Response
{
"projectVitals":[
{
"pluginName":"fs-agent:18.2.2",
"name": "My Project",
"token": "project_token",
"uploadedBy": "name_of_user_who_ran_scan",
"creationDate": "2016-01-01 12:00:00",
"lastUpdatedDate": "2016-02-02 16:50:59"
}
]
}
Product
Organization
{
"requestType" : "getOrganizationProductVitals",
"userKey": "user_key",
"orgToken" : "organization_api_key"
}
Response
{
"productVitals":[
{
"name": "My Product",
"token": "product_token",
"creationDate": "2016-01-01 12:00:00",
"lastUpdatedDate": "2016-02-02 16:50:59"
}
]
}
Product Tags
Get product tags: key, value.
Get Product Tags
Request
{
"requestType": "getProductTags",
"userKey": "user_key",
"productToken": productToken
}
Response
{
"productTags":[
{
"name": "My Product A",
"token": "product_token",
"tags": {
"newKey": [
"newValue",
"newValue2"
],
"tagKeyA": [
"tagValueA"
]
}
}
]
Products without tags are returned as well.
Save a Product Tag
Save a product tag: key, value.
Request
{
"requestType": "saveProductTag",
"userKey": "user_key",
"productToken": "productToken",
"tagKey": "newKey",
"tagValue": "newValue"
}
Response
{
"productTagsInfo": {
"name": "productA",
"token": {productToken},
"tags": {
"newKey": "newValue"
}
}
}
Products without tags are returned as well.
Get Organizational Product Tags
Get organizational product tags: key, value.
Request
{
"requestType": "getOrganizationProductTags",
"userKey": "user_key",
"orgToken": "orgToken"
}
Response
{
"productTags": [
{
"name": "productA",
"token": " productAToken",
"tags": {
"newKey": [
"newValue",
"newValue2"
],
"tagKeyA": [
"tagValueA"
]
}
},
{
"name": " productB",
"token": " productBToken",
"tags": {}
}
]
}
Products without tags are returned as well.
Remove a Product Tag
Remove a product tag: key, value.
Request
{
"requestType" : "removeProductTag",
"userKey": "user_key",
"productToken" : "product_token",
"tagKey": "newKey",
"tagValue": "newValue"
}
Response
{
"message": "Successfully removed product tag"
}
Project Tags
Get project tags: key, value.
Organization
{
"requestType" : "getOrganizationProjectTags",
"userKey": "user_key",
"orgToken" : "organization_api_key"
}
Product
{
"requestType" : "getProductProjectTags",
"userKey": "user_key",
"productToken" : "product_token"
}
Project
{
"requestType" : "getProjectTags",
"userKey": "user_key",
"projectToken" : "project_token"
}
Response
{
"projectTags":[
{
"name": "My Project 1",
"token": "project_token_1",
"tags":{
"Component": "Database",
"Module": "Server"
}
},
{
"name": "My Project 2",
"token": "project_token_2",
"tags":{}
}
]
}
Projects without tags are returned as well
Save a Project Tag
Save a project tag by key, value.
Project
{
"requestType" : "saveProjectTag",
"userKey": "user_key",
"projectToken" : "project_token",
"tagKey":"key1",
"tagValue":"value1"
}
Response
{
"projectTags":
{
"name": "My Project 1",
"token": "project_token_1",
"tags":
{
"key1": "value1"
}
}
}
Licenses Text Zip
Get the licenses terms and conditions text files contained in a single zip file.
This request is available only for products
Product
{
"requestType" : "getLicensesTextZip",
"userKey": "user_key",
"productToken" : "product_token"
}
Response
The response will have the following headers:
- Content-Type = application/zip
- Content-Disposition: attachment; filename=product_name-licenses.zip
The response is a zip file, not a json formatted message
Copyrights Text File
Get the copyrights text files.
This request is available only for products
Product
{
"requestType" : "getCopyrightsTextFile",
"userKey": "user_key",
"productToken" : "product_token"
}
Response
The response will have the following headers:
- Content-Type = text/plain
- Content-Disposition: attachment; filename=product_name-copyrights.zip
Notices Text File
Get the notices text files.
This request is available only for products
Product
{
"requestType" : "getNoticesTextFile",
"userKey": "user_key",
"productToken" : "product_token"
}
Response
The response will have the following headers:
- Content-Type = text/plain
- Content-Disposition: attachment; filename=product_name-notices.zip
Risk Report
Get organization or product level risk reports in PDF format.
This request is available for organizations or products
Organization
{
"requestType" : "getOrganizationRiskReport",
"userKey": "user_key",
"orgToken" : "organization_api_key"
}
Response
The response will have the following headers:
- Content-Type = application/pdf
- Content-Disposition: attachment; filename=<organization name>.pdf
Product
{
"requestType" : "getProductRiskReport",
"userKey": "user_key",
"productToken" : "product_token"
}
Response
The response will have the following headers:
- Content-Type = application/pdf
- Content-Disposition: attachment; filename=<product name>.pdf
Project
{
"requestType" : "getProjectRiskReport",
"userKey": "user_key",
"projectToken" : "project_token"
}
Response
The response will have the following headers:
- Content-Type = application/pdf
- Content-Disposition: attachment; filename=<project name>.pdf
Inventory Report
Get organization, product or project level inventory reports in Excel (xlsx) or JSON (json) format.
This request is available for organizations, products or projects.
An xlsx format is used when no format is provided.
Organization
{
"requestType" : "getOrganizationInventoryReport",
"userKey": "user_key",
"orgToken" : "organization_api_key",
"format" : "json"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<organization name>.xslx
Product
{
"requestType" : "getProductInventoryReport",
"userKey": "user_key",
"productToken" : "product_token",
"format" : "xlsx"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<product name>.xslx
Project
{
"requestType" : "getProjectInventoryReport",
"userKey": "user_key",
"projectToken" : "project_token",
"format" : "xlsx"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<project name>.xslx
Change Log Report
Get organization level Change Log in Excel format.
Request
{
"userKey": "user_key",
"orgToken": "organization_api_key",
"requestType":"getChangeLogHistoryReport"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=response.xslx
Vulnerability Report
Get organization, product or project level vulnerability reports in Excel or JSON format.
This request is available for organizations, products or projects. An 'xlsx' format is used when no 'format' parameter is provided.
Organization
{
"requestType" : "getOrganizationVulnerabilityReport",
"userKey": "user_key",
"orgToken" : "organization_api_key",
"format" : "xlsx"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<organization name>.xslx
Product
{
"requestType" : "getProductVulnerabilityReport",
"userKey": "user_key",
"productToken" : "product_token",
"format" : "xlsx"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<product name>.xslx
Project
{
"requestType" : "getProjectVulnerabilityReport",
"userKey": "user_key",
"projectToken" : "project_token",
"format" : "json"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<project name>.xslx
Container Vulnerability Report
Get organization or cluster level container vulnerability reports in Excel or JSON format.
This request is available for the organization and cluster level. An 'xlsx' format is used when no 'format' parameter is provided.
Organization
{
"requestType" : "getOrganizationContainerVulnerabilityReport",
"userKey": "user_key",
"orgToken" : "org_token",
"format" : "xlsx"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<organization name>.xslx
Cluster
{
"requestType" : "getClusterVulnerabilityReport",
"userKey": "user_key",
"productToken" : "product_token",
"format" : "json"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<cluster name>.xslx
Source File Inventory Report
Get organization, product or project level source file inventory reports in Excel (xlsx) or JSON (json) format.
This request is available for organizations, products or projects.
An xlsx format is used when no format is provided.
Organization
{
"requestType" : "getOrganizationSourceFileInventoryReport",
"userKey": "user_key",
"orgToken" : "organization_api_key",
"format" : "json"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<organization name>.xslx
Product
{
"requestType" : "getProductSourceFileInventoryReport",
"userKey": "user_key",
"productToken" : "product_token",
"format" : "json"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<product name>.xslx
Project
{
"requestType" : "getProjectSourceFileInventoryReport",
"userKey": "user_key",
"projectToken" : "project_token",
"format" : "xlsx"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<product name>.xslx
Alerts Report
Get organization, product or project level alerts reports in Excel format.
This request is available for organizations, products or projects. An 'xlsx' format is used when no 'format' parameter is provided.
Organization
{
"requestType" : "getOrganizationAlertsReport",
"userKey": "user_key",
"orgToken" : "organization_api_key",
"format" : "xlsx"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<organization name>.xslx
Product
{
"requestType" : "getProductAlertsReport",
"userKey": "user_key",
"productToken" : "product_token",
"format" : "json"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<product name>.xslx
Project
{
"requestType" : "getProjectAlertsReport",
"userKey": "user_key",
"projectToken" : "project_token",
"format" : "xlsx"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<project name>.xslx
Attributes Report
Get organization or product level attributes reports in Excel format.
This request is available for organizations or products
Organization
{
"requestType" : "getOrganizationAttributesReport",
"userKey": "user_key",
"orgToken" : "organization_api_key"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<organization name>.xslx
Product
{
"requestType" : "getProductAttributesReport",
"userKey": "user_key",
"productToken" : "product_token"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<product name>.xslx
Custom Attributes Values
Returns list of all custom attributes along with their set values for each library.
Organization
{
"requestType":"getOrganizationCustomAttributeValues",
"userKey": "user_key",
"orgToken": "<orgToken>", // For example, orgToken for "ACME Corporation"
"userKey": "<userKey>"
}
Response
"customAttributeValues": [
{
"<keyUuid>": [
{
"organizationAttr0": "value0",
"context": "Organizational",
"contextId": 2133534,
"contextToken": "4534fgdfjghj5456jlklsdf7",
"contextName": "ACME Corporation"
}
]
},
{
"<keyUuid>": [
{
"organizationAttr0": "valueX",
"context": "Organizational",
"contextId": 2133534,
"contextToken": "4534j5456jlklsdf7",
"contextName": "ACME Corporation"
},
{
"productAttr1": "valueA",
"context": "Product",
"contextId": 989795,
"contextToken": "isdfsdfkhosdf935pokwt",
"contextName": "Product A"
},
{
"productAttr1": "valueB",
"context": "Product",
"contextId": 07435365,
"contextToken": "llsfi4trerg90824sdf",
"contextName": "Product B"
},
{
"projectAtt2": "value",
"context": "Project",
"contextId": 985743395,
"contextToken": "ldshwufnvf9235jgdg0",
"contextName": "Project A"
},
{
"projectAtt2": "value",
"context": "Project",
"contextId": 098345345,
"contextToken": "klasd309438dflkl0934t",
"contextName": "Project B"
}
]
}
]
Product
{
"requestType":"getProductCustomAttributeValues",
"userKey": "user_key",
"productToken": "<productToken>", // For example, productToken for "Product A"
"userKey": "<userKey>"
}
Response
"customAttributeValues": [
{
"<keyUuid>": [
{
"organizationAttr0": "value0",
"context": "Organizational",
"contextId": 2133534,
"contextToken": "45345345fdg5456jlklsdf7",
"contextName": "ACME Corporation"
}
]
},
{
"<keyUuid>": [
{
"organizationAttr0": "valueX",
"context": "Organizational",
"contextId": 2133534,
"contextToken": "45345345fdgdfgdfjghjlsdf7",
"contextName": "ACME Corporation"
},
{
"productAttr1": "valueA",
"context": "Product",
"contextId": 989795,
"contextToken": "isdfsdfkh3086h35pokwt",
"contextName": "Product A"
},
{
"projectAtt2": "value",
"context": "Project",
"contextId": 985743395,
"contextToken": "ldshwufnvo59332hf9gdg0",
"contextName": "Project A"
},
{
"projectAtt2": "value",
"context": "Project",
"contextId": 098345345,
"contextToken": "klasd309438dflkjg94t0934t",
"contextName": "Project B"
}
]
}
]
Project
{
"requestType":"getProjectCustomAttributeValues",
"userKey": "user_key",
"projectToken": "<projectToken>", // For example, projectToken for "Project A" that belongs to "Product A"
"userKey": "<userKey>"
}
Response
"customAttributeValues": [
{
"<keyUuid>": [
{
"organizationAttr0": "value0",
"context": "Organizational",
"contextId": 2133534,
"contextToken": "45345345fdgdfgd456jlklsdf7",
"contextValue": "ACME Corporation"
}
]
},
{
"<keyUuid>": [
{
"organizationAttr0": "valueX",
"context": "Organizational",
"contextId": 2133534,
"contextToken": "45345345fdgdfgdfjghjlklsdf7",
"contextName": "ACME Corporation"
},
{
"productAttr1": "valueA",
"context": "Product",
"contextId": 989795,
"contextToken": "isdfsdfkh30osdf935pokwt",
"contextName": "Product A"
},
{
"projectAtt2": "value",
"context": "Project",
"contextId": 985743395,
"contextToken": "ldshwufnvo59332hfjgdg0",
"contextName": "Project A"
}
]
}
]
Library Location Report
Get organization or product level library location reports in Excel format.
This request is available for organizations or products
Organization
{
"requestType" : "getOrganizationLibraryLocationReport",
"userKey": "user_key",
"orgToken" : "organization_api_key"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<organization name>.xslx
Product
{
"requestType" : "getProductLibraryLocationReport",
"userKey": "user_key",
"productToken" : "product_token"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<product name>.xslx
Due Diligence Report
Get organization or product level due diligence reports in Excel (xlsx) or JSON (json) format.
This request is available for organizations, products or projects.
An xlsx format is used when no format is provided.
Organization
{
"requestType" : "getOrganizationDueDiligenceReport",
"userKey": "user_key",
"orgToken" : "organization_api_key",
"format" : "xlsx"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<organization name>.xslx
Product
{
"requestType" : "getProductDueDiligenceReport",
"userKey": "user_key",
"productToken" : "product_token",
"format" : "json"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<product name>.xslx
Project
{
"requestType" : "getProjectDueDiligenceReport",
"userKey": "user_key",
"projectToken" : "project_token",
"format" : "json"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<product name>.xslx
Effective Licenses Report
Get organization or product level effective licenses reports in Excel format.
This request is available for organizations or products
Organization
{
"requestType" : "getOrganizationEffectiveLicensesReport",
"userKey": "user_key",
"orgToken" : "organization_api_key"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<organization name>.xslx
Product
{
"requestType" : "getProductEffectiveLicensesReport",
"userKey": "user_key",
"productToken" : "product_token"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<product name>.xslx
Bugs Report
Get organization, product or project level bugs reports in Excel format.
This request is available for organizations, products or projects
Organization
{
"requestType" : "getOrganizationBugsReport",
"userKey": "user_key",
"orgToken" : "organization_api_key"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<organization name>.xslx
Product
{
"requestType" : "getProductBugsReport",
"productToken" : "product_token"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<product name>.xslx
Project
{
"requestType" : "getProjectBugsReport",
"userKey": "user_key",
"projectToken" : "project_token"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<project name>.xslx
Ignored Alerts Report
Get organization, product or project level ignored alerts reports in Excel format.
This request is available for organizations, products or projects
Organization
{
"requestType" : "getOrganizationIgnoredAlertsReport",
"userKey": "user_key",
"orgToken" : "organization_api_key"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<organization name>.xslx
Product
{
"requestType" : "getProductIgnoredAlertsReport",
"userKey": "user_key",
"productToken" : "product_token"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<product name>.xslx
Project
{
"requestType" : "getProjectIgnoredAlertsReport",
"userKey": "user_key",
"projectToken" : "project_token"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<project name>.xslx
Resolved Alerts Report
Get organization, product or project level resolved alerts reports in Excel format.
This request is available for organizations, products or projects
Organization
{
"requestType" : "getOrganizationResolvedAlertsReport",
"userKey": "user_key",
"orgToken" : "organization_api_key"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<organization name>.xslx
Product
{
"requestType" : "getProductResolvedAlertsReport",
"userKey": "user_key",
"productToken" : "product_token"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<product name>.xslx
Project
{
"requestType" : "getProjectResolvedAlertsReport",
"userKey": "user_key",
"projectToken" : "project_token"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<project name>.xslx
Attribution Report
Get product or project level attribution reports in HTML or text format.
The requests are available for products or projects
Product
{
"requestType": "getProductAttributionReport",
"productToken" : "product_token",
"userKey": "user_key",
"reportHeader": "header_text", // Default "Attribution Report"
"reportTitle": "title_text", // Default ""
"reportFooter": "footer_text", // Default ""
"reportingScope": ( SUMMARY | LICENSES | COPYRIGHTS | NOTICES | PRIMARY_ATTRIBUTES), // Default all options (SUMMARY, LICENSES, COPYRIGHTS, NOTICES, PRIMARY_ATTRIBUTES)
"reportingAggregationMode": ( BY_COMPONENT | BY_PROJECT ), // Mandatory
"missingLicenseDisplayOption": ( BLANK | GENERIC_LICENSE ), // Default "BLANK"
"exportFormat": ( TXT | HTML ) // Case insensitive
}
Response
The response is in text or HTML formats.
Project
{
"requestType": "getProjectAttributionReport",
"productToken" : "project_token",
"userKey": "user_key",
"reportHeader": "header_text", // Default "Attribution Report"
"reportTitle": "title_text", // Default ""
"reportFooter": "footer_text", // Default ""
"reportingScope": ( SUMMARY | LICENSES | COPYRIGHTS | NOTICES | PRIMARY_ATTRIBUTES ), // Default all options (SUMMARY, LICENSES, COPYRIGHTS, NOTICES, PRIMARY_ATTRIBUTES)
"reportingAggregationMode": ( BY_COMPONENT | BY_PROJECT ), // Mandatory
"missingLicenseDisplayOption": ( BLANK | GENERIC_LICENSE ), // Default "BLANK"
"exportFormat": ( TXT | HTML ) // Case insensitive
}
Response
The response is in text or HTML formats.
Request History Report
Get organization, product or project level request history reports in Excel format.
This request is available for organizations, products or projects
Organization
{
"requestType" : "getOrganizationRequestHistoryReport",
"userKey": "user_key",
"orgToken" : "organization_api_key"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<organization name>.xslx
Product
{
"requestType" : "getProductRequestHistoryReport",
"userKey": "user_key",
"productToken" : "product_token"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<product name>.xslx
Project
{
"requestType" : "getProjectRequestHistoryReport",
"userKey": "user_key",
"projectToken" : "project_token"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<project name>.xslx
Members Report
Get organization, product or project level members reports in Excel format.
This request is available for organizations, products or projects
Organization
{
"requestType" : "getOrganizationMembersReport",
"userKey": "user_key",
"orgToken" : "organization_api_key"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<organization name>.xslx
Product
{
"requestType" : "getProductMembersReport",
"userKey": "user_key",
"productToken" : "product_token"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<product name>.xslx
Project
{
"requestType" : "getProjectMembersReport",
"userKey": "user_key",
"projectToken" : "project_token"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<project name>.xslx
Plugin Request History Report
Get organization level plugin request history reports in Excel format.
This request is available for organizations
Organization
{
"requestType" : "getPluginRequestHistoryReport",
"userKey": "user_key",
"orgToken" : "organization_api_key"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<organization name>.xslx
Product Comparison Report
Get organization level product comparison reports in Excel format.
This request is available for use with 2 products
Organization
{
"requestType" : "getProductComparisonReport",
"userKey": "user_key",
"productToken" : "product_token",
"productToken2" : "product_token2"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<product>-<product2>-product-comparison.xslx
Project Comparison Report
Get organization level project comparison reports in Excel format.
This request is available for use with 2 projects
Organization
{
"requestType" : "getProjectComparisonReport",
"userKey": "user_key",
"projectToken" : "project_token",
"projectToken2" : "project_token2"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<project>-<project2>-project-comparison.xslx
In-House Report
Get organization, product, and project level in-house report(s) in Excel format.
Organization
{
"requestType" : "getOrganizationInHouseReport",
"orgToken" : "organization_api_key",
"userKey": "user_key"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<organization name>-in-house-report.xslx
Product
{
"requestType" : "getProductInHouseReport",
"productToken" : "product_token",
"userKey": "user_key"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<product name>-in-house-report.xslx
Project
{
"requestType" : "getProjectInHouseReport",
"projectToken" : "project_token",
"userKey": "user_key"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename=<project name>-in-house-report.xslx
License Compatibility Report
Get the compatibility of libraries with different software licenses distributed together in the same product/project, in Excel format.
Product
{
"requestType" : "getProductLicenseCompatibilityReport",
"productToken" : "product_token",
"userKey": "user_key"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename*=UTF-8''<Product Name>-license-compatibility-report.xlsx
Project
{
"requestType" : "getProjectLicenseCompatibilityReport",
"projectToken" : "project_token",
"userKey": "user_key"
}
Response
The response will have the following headers:
- Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- Content-Disposition: attachment; filename*=UTF-8''<Project Name>-license-compatibility-report.xlsx
Library Locations
Product
{
"requestType" : "getProductLibraryLocations",
"userKey": "user_key",
"productToken" : "product_token"
}
Response Format
"libraryLocations" : [
{
"name" : "library_name",
"keyId" : key_id,
"keyUuid" : "key_uuid",
"locations": [
{
"path" : "library_location_1\library_name",
"matchType": "SHA1"
},
{
"path": "library_location_2\\library_name",
"matchType": "FILENAME"
}
]
}
]
Project
{
"requestType" : "getProjectLibraryLocations",
"userKey": "user_key",
"projectToken" : "project_token"
}
Response Format
"libraryLocations" : [
{
"name" : "library_name",
"keyId" : key_id,
"keyUuid" : "key_uuid",
"locations": [
{
"path" : "library_location_1\library_name",
"dependencyFile" : "home/ubuntu/GiHubRepos/Samples123/pom.xml"
"matchType": "SHA1"
},
{
"path": "library_location_2\\library_name",
"dependencyFile" : "home/ubuntu/GiHubRepos/Samples234/pom.xml"
"matchType": "FILENAME"
}
]
}
]
Policies
See Policies API for documentation.
Groups and Users
Create Group
{
"requestType": "createGroup",
"userKey": "user_key",
"orgToken": "organization_api_key",
"group":{
"name":"group_name",
"description":"group_description"
}
}
Response Format
{
"group":{
"id": 8340,
"name": "test_group",
"description": "best group ever",
"users":[]
},
"message": "Successfully created group test_group"
}
Create User
The following API request must be executed by Organization Administrators only.
{
"requestType": "createUser",
"userKey": "user_key",
"orgToken": "organization_api_key",
"inviter":{
"email": "inviter_email"
},
"addedUser":{
"name":"new_user_name",
"email":"new_user_email"
}
}
Response Format
"message":"Successfully created user new_user_name"
Invite Users
The following API request must be executed by Organization Administrators only.
{
"requestType": "inviteUsers",
"userKey": "user_key",
"orgToken": "organization_api_key",
"inviter":{
"email":"inviter_email"
},
"emails":[
"new_email1",
"new_email2"
]
}
Response Format
"message":"Successfully sent invitation to new_email1,new_email2"
Get All Groups
The following API request must be executed by Organization Administrators only.
{
"requestType": "getAllGroups",
"userKey": "user_key",
"orgToken": "organization_api_key"
}
Response Format
{
"groups":[
{
"id": 2373,
"name": "admins",
"description": "Alex playground administrators",
"users":[
{"id": 2458, "email": "john1@gmail.com", "name": "John2"},
{"id": 1841, "email": "john2@gmail.com", "name": "John1"}
]}],
"message":"Organization groups"
}
Get All users
The following API request must be executed by Organization Administrators only.
{
"requestType": "getAllUsers",
"userKey": "user_key",
"orgToken": "organization_api_key"
}
Response Format
{
"users":[
{
"id": 1841,
"email": "john@gmail.com",
"name": "John Doe"
}],
"message":"Organization users"
}
Add Users to Groups
The following API request must be executed by Organization Administrators only.
{
"requestType": "addUsersToGroups",
"userKey": "user_key",
"orgToken": "organization_api_key",
"assignedUsers" :
[
[{"name":"group_name"},[{"email":"assigned_user_email"},
{"email":"assigned_user_email"}]]
]
}
Response Format
"message":"Successfully assigned users to groups"
Remove User from Group
You have to provide both group and user for this API call (not only the user).
The following API request must be executed by Organization Administrators only.
{
"requestType": "removeUserFromGroup",
"userKey": "user_key",
"orgToken": "your_org_token",
"group": { "name": "group_name" },
"user": { "email": "user_email" }
}
Response Format
"message":"Successfully removed user from group"
Remove User from Organization
The following API request must be executed by Organization Administrators only.
{
"requestType": "removeUserFromOrganization",
"userKey": "user_key",
"orgToken":"your_org_token",
"user": { "email": "user_email" }
}
Response Format
"message":"Successfully removed user from organization"
Get Organization Assignments
{
"requestType":"getOrganizationAssignments",
"userKey": "user_key",
"orgToken":"organization_api_key"
}
Response Format
{
"groupRoles":{
"USER":[
{
"id":group_id,
"name":"users",
"description":"All users in organization",
"users":[
{
"id":user_id,
"email":"user_email",
"name":"No Name"
},
{
"id":user_id,
"email":"user_email",
"name":"user_name"
}
]
}
],
"ADMIN":[
{
"id":group_id,
"name":"admins",
"description":"Administrators",
"users":[
{
"id":user_id,
"email":"user_email",
"name":"user_name"
}
]
}
]
},
"userRoles":{
"USER":[
{
"id":user_id,
"email":"user_email",
"name":"user_name"
},
{
"id":user_id,
"email":"user_email",
"name":"user_name"
}
],
"DEFAULT_APPROVER":[
{
"id":user_id,
"email":"user_email",
"name":"user_name"
}
]
}
}
Get Product Assignments
{
"requestType":"getProductAssignments",
"userKey": "user_key",
"productToken":"product_api_key"
}
Response Format
{
"groupRoles":{
"ALERT_EMAIL_RECEIVER":[
{
"id":group_id,
"name":"group_name",
"description":"Email receivers",
"users":[
{
"id":user_id,
"email":"user_email",
"name":"user_name"
}
]
}
],
"ADMIN":[
{
"id":group_id,
"name":"group_name",
"description":"Administrators",
"users":[
{
"id":user_id,
"email":"user_email",
"name":"user_name"
}
]
}
],
"PRODUCT_INTEGRATOR":[
{
"id":group_id,
"name":"group_name",
"description":"Product Integrators",
"users":[
{
"id":user_id,
"email":"user_email",
"name":"user_name"
}
]
}
]
},
"userRoles":{
}
}
Set Organization Assignments
You can assign an Organization-level role to specific users or to a group of users using the below API calls. The following roles are supported:
Administrators
Administrators have control over the entire organization. They can create, invite and remove users, add products and projects and much more.
You can assign the Administrator role to a specific user or group.
Assigning the role of Administrator to individuals is not recommended. Instead, consider using only groups for simpler and easier user and role management.
{
"requestType": "setOrganizationAssignments",
"userKey": "user_key",
"orgToken": "organization_api_key",
"administrators" :
{
"groupAssignments":[{"name":"group_name"},{"name":"group_name"}],
"userAssignments":[{"email":"user_email"},{"email":"user_email"}]
}
}
Response Format
"message":"Successfully set organization assignments"
New Alert Email Receivers
{
"requestType": "setOrganizationAssignments",
"userKey": "user_key",
"orgToken": "organization_api_key",
"alertsEmailReceivers" :
{
"groupAssignments":[{"name":"group_name"},{"name":"group_name"}],
"userAssignments":[{"email":"user_email"},{"email":"user_email"}]
}
}
Response Format
"message":"Successfully set organization assignments"
Default Approver
All pending tasks in the organization are sent to the Default Approver. Changing the Default Approver only impacts future tasks. Existing tasks are assigned to their original Approver.
The organization must have a Default Approver at all times. The role of Default Approver is assigned to the organization creator by default, and any member of the organization can be assigned to this role. You also have the option to assign the Default Approver to a specific group.
The Product level Default Approver overrides the organization level Default Approver for their relevant Product(s).
{
"requestType": "setOrganizationAssignments",
"userKey": "user_key",
"orgToken": "organization_api_key",
"defaultApprover" :
{
"groupAssignments":[{"name":"group_name"},{"name":"group_name"}],
"userAssignments":[{"email":"user_email"},{"email":"user_email"}]
}
}
Response Format
"message":"Successfully set organization assignments"
Set Product Assignments
You can assign a Product-level role to specific users or to a group of users using the below API calls. The following roles are supported:
Product Administrators
Product Administrators have control over the entire product, they can rename and delete the product, and all the projects under it.
{
"requestType": "setProductAssignments",
"userKey": "user_key",
"productToken": "product_api_key",
"productAdmins" :
{
"userAssignments":[{"email":"user_email"}],
"groupAssignments":[{"name":"group_name"}]
}
}
Response Format
"message":"Successfully set product assignments"
New Alert Email Receivers
{
"requestType": "setProductAssignments",
"userKey": "user_key",
"productToken": "product_api_key",
"alertsEmailReceivers" :
{
"userAssignments":[{"email":"user_email"}],
"groupAssignments":[{"name":"group_name"}]
}
}
Response Format
"message":"Successfully set product assignments"
Product Membership/Assignment
Product members can view the product data and of all projects under it, and open tickets for libraries.
By default all users in the organization are members of the product, assigning a user as member of the product will cause all other users to be excluded.
{
"requestType": "setProductAssignments",
"userKey": "user_key",
"productToken": "product_api_key",
"productMembership" :
{
"userAssignments":[{"email":"user_email"}],
"groupAssignments":[{"name":"group_name"}]
}
}
Response Format
"message":"Successfully set product assignments"
Product Default Approver
All tickets in the product are sent to the Default Approver. When the role of Product Approver is not assigned, all product tickets are sent to the organization default approver. Any member of the organization can be assigned to this role. You can also assign the Default Approver to a specific group. Changing the Product Approver will only affect future pending tasks, existing tasks will still be assigned to their original approver.
{
"requestType": "setProductAssignments",
"userKey": "user_key",
"productToken": "product_api_key",
"productApprovers" :
{
"userAssignments":[{"email":"user_email"}],
"groupAssignments":[{"name":"group_name"}]
}
}
Response Format
"message":"Successfully set product assignments"
Product Integrators
{
"requestType": "setProductAssignments",
"userKey": "user_key",
"productToken": "product_api_key",
"productIntegrators" :
{
"userAssignments":[{"email":"user_email"}],
"groupAssignments":[{"name":"group_name"}]
}
}
Response Format
"message":"Successfully set product assignments"
Project Create / Delete
Create Project
{
"requestType" : "createProject",
"userKey": "user_key",
"productToken": "product_token",
"projectName": "my new project",
"projectDescription" : "optional field. Not mandatory"
}
The "projectDescription" field is an optional field.
Response Format
{
"projectToken": "new project token here",
"message": "Successfully created project my new project"
}
Delete Project
{
"requestType" : "deleteProject",
"userKey": "user_key",
"productToken" : "parent product token",
"projectToken": "token of the project to be deleted"
}
Response Format
{
"message": "Successfully deleted project <project name>"
}
Product Create / Delete
Create Product
{
"requestType" : "createProduct",
"userKey": "user_key",
"productName" : "new product name",
"orgToken" : "organization token"
}
Response Format
{
"productToken": "new product token",
"message": "Successfully created product <new product name>"
}
Delete Product
{
"requestType" : "deleteProduct",
"userKey": "user_key",
"orgToken" : "organization token",
"productToken" :"product token"
}
Response Format
{
"message": "Successfully deleted product <product name>"
}
Project Requests
Get Project Hierarchy
'includeInHouseData' is an optional parameter. When set to ‘false’, in-house libraries data is not returned in the API response (default is ‘true’).
{
"requestType" : "getProjectHierarchy",
"userKey": "user_key",
"projectToken" : "project token",
"includeInHouseData" : true
}
Response Format
{
"libraries": [
{
"keyUuid": "1f9ee6ec-eded-45d3-8fdb-2d0d735e5b14",
"keyId": 43,
"filename": "log4j-1.2.17.jar",
"name": "log4j",
"groupId": "log4j",
"artifactId": "log4j",
"version": "1.2.17",
"sha1": "5af35056b4d257e4b64b9e8069c0746e8b08629f",
"type": "UNKNOWN_ARTIFACT",
"coordinates": "log4j:log4j:1.2.17"
},
{
"keyUuid": "f362c53f-ce25-4d0c-b53b-ee2768b32d1a",
"keyId": 45,
"filename": "akka-actor_2.11-2.5.2.jar",
"name": "akka-actor",
"groupId": "com.typesafe.akka",
"artifactId": "akka-actor_2.11",
"version": "2.5.2",
"sha1": "183ccaed9002bfa10628a5df48e7bac6f1c03f7b",
"type": "MAVEN_ARTIFACT",
"coordinates": "com.typesafe.akka:akka-actor_2.11:2.5.2",
"dependencies": [
{
"keyUuid": "49c6840d-bf96-470f-8892-6c2a536c91eb",
"keyId": 44,
"filename": "scala-library-2.11.11.jar",
"name": "Scala Library",
"groupId": "org.scala-lang",
"artifactId": "scala-library",
"version": "2.11.11",
"sha1": "e283d2b7fde6504f6a86458b1f6af465353907cc",
"type": "MAVEN_ARTIFACT",
"coordinates": "org.scala-lang:scala-library:2.11.11"
},
{
"keyUuid": "e5e730d1-8b41-4d2d-a8c5-610a374b6501",
"keyId": 46,
"filename": "scala-java8-compat_2.11-0.7.0.jar",inve
"name": "scala-java8-compat_2.11",
"groupId": "org.scala-lang.modules",
"artifactId": "scala-java8-compat_2.11",
"version": "0.7.0",
"sha1": "a31b1b36bcf0d53657733b5d40c78d5f090a5dea",
"type": "UNKNOWN_ARTIFACT",
"coordinates": "org.scala-lang.modules:scala-java8-compat_2.11:0.7.0"
},
{
"keyUuid": "426c0056-f180-4cac-a9dd-c266a76b32c9",
"keyId": 47,
"filename": "config-1.3.1.jar",
"name": "config",
"groupId": "com.typesafe",
"artifactId": "config",
"version": "1.3.1",
"sha1": "2cf7a6cc79732e3bdf1647d7404279900ca63eb0",
"type": "UNKNOWN_ARTIFACT",
"coordinates": "com.typesafe:config:1.3.1"
}
]
},
{
"keyUuid": "25a8ceaa-4548-4fe4-9819-8658b8cbe9aa",
"keyId": 48,
"filename": "kafka-clients-0.10.2.1.jar",
"name": "Apache Kafka",
"groupId": "org.apache.kafka",
"artifactId": "kafka-clients",
"version": "0.10.2.1",
"sha1": "3dd2aa4c9f87ac54175d017bcb63b4bb5dca63dd",
"type": "MAVEN_ARTIFACT",
"coordinates": "org.apache.kafka:kafka-clients:0.10.2.1",
"dependencies": [
{
"keyUuid": "71065ffb-e509-4e2d-88bc-9184bc50888d",
"keyId": 49,
"filename": "lz4-1.3.0.jar",
"name": "LZ4 and xxHash",
"groupId": "net.jpountz.lz4",
"artifactId": "lz4",
"version": "1.3.0",
"sha1": "c708bb2590c0652a642236ef45d9f99ff842a2ce",
"type": "MAVEN_ARTIFACT",
"coordinates": "net.jpountz.lz4:lz4:1.3.0"
},
{
"keyUuid": "e44ab569-de95-4562-8efa-a2ebfe808471",
"keyId": 50,
"filename": "slf4j-api-1.7.21.jar",
"name": "SLF4J API Module",
"groupId": "org.slf4j",
"artifactId": "slf4j-api",
"version": "1.7.21",
"sha1": "139535a69a4239db087de9bab0bee568bf8e0b70",
"type": "MAVEN_ARTIFACT",
"coordinates": "org.slf4j:slf4j-api:1.7.21"
},
{
"keyUuid": "72ecad5e-9f35-466c-9ed8-0974e7ce4e29",
"keyId": 51,
"filename": "snappy-java-1.1.2.6.jar",
"name": "snappy-java",
"groupId": "org.xerial.snappy",
"artifactId": "snappy-java",
"version": "1.1.2.6",
"sha1": "48d92871ca286a47f230feb375f0bbffa83b85f6",
"type": "UNKNOWN_ARTIFACT",
"coordinates": "org.xerial.snappy:snappy-java:1.1.2.6"
}
]
}
]
}
Get Project Inventory
'includeInHouseData' is an optional parameter. When set to ‘false’, in-house libraries data is not returned in the API response (default is ‘true’).
{
"requestType" : "getProjectInventory",
"userKey": "user_key",
"projectToken" : "project_token",
"includeInHouseData" : true
}
Response Format
{"projectVitals":{
"productName": "fsa",
"name": "fsa",
"token": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"creationDate": "2017-06-17 07:12:29",
"lastUpdatedDate": "2017-06-17 07:34:31"
},
"libraries":[
{
"keyUuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"keyId": 24559109,
"name": "comm-2.0.3.jar",
"artifactId": "comm-2.0.3.jar",
"type": "MAVEN_ARTIFACT",
"licenses":[],
"vulnerabilities":[],
"outdated": false,
"matchType": "FILENAME"
}]}
Get Project State
{
"requestType":"getProjectState",
"userKey": "user_key",
"projectToken":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
Response Format
{
"projectState":{
"lastProcess":"UPDATE",
"inProgress":false,
"date":"2017-06-17"}
}
Get Library Source Files
{
"requestType":"getLibrarySourceFiles",
"userKey": "user_key",
"projectToken":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"keyUuid":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
Response Format
{"sourceFiles":[{
"sha1":"6bf3b8ddfecac64a916ba69de50e9faac70992ba",
"name":"x509_obj.c",
"path":"C:\\Users\\Work1\\Documents\\FSA\\GITHUB-downloads\\openssl_openssl_OpenSSL_0_9_4_openssl_openssl_OpenSSL_0_9_4_crypto_x509_x509_obj.c"}]
}
Get Project Library Dependencies
{
"requestType":"getProjectLibraryDependencies",
"userKey": "user_key",
"projectToken":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"keyUuid":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
Response Format
{
"dependencies":[
[
{
"keyUuid":"0b6a3818-ed95-4190-b40d-0d0d9ca51166",
"name":"CDI APIs",
"groupId":"javax.enterprise",
"artifactId":"cdi-api",
"version":"1.0",
"classifier":"",
"scope":"COMPILE",
"extension":"jar",
"sha1":"44c453f60909dfc223552ace63e05c694215156b",
"dependencies":[
{
"keyUuid":"e8d725f6-081c-4e7d-b09c-3fadcb861a35",
"name":"JSR-250 Common Annotations for the JavaTM Platform",
"groupId":"javax.annotation",
"artifactId":"jsr250-api",
"version":"1.0",
"classifier":"",
"scope":"COMPILE",
"extension":"jar",
"sha1":"5025422767732a1ab45d93abfea846513d742dcf",
"dependencies":[
],
"licenses":[
{
"name":"CDDL 1.0",
"url":"http://www.opensource.org/licenses/CDDL-1.0"
}
]
}
],
"licenses":[
{
"name":"Apache 2.0",
"url":"http://www.opensource.org/licenses/Apache-2.0"
}
]
},
{
"keyUuid":"b4264d26-09ca-4266-97ba-0bec7318d984",
"name":"org.eclipse.sisu.inject",
"groupId":"org.eclipse.sisu",
"artifactId":"org.eclipse.sisu.inject",
"version":"0.3.2",
"classifier":"",
"scope":"COMPILE",
"extension":"jar",
"sha1":"59044b92ec27cc6fda7a2d24b2cd6cec23f31d5b",
"dependencies":[
],
"licenses":[
{
"name":"Eclipse 1.0",
"url":"http://www.opensource.org/licenses/EPL-1.0"
}
]
}
]
]
}
WhiteSource Advise for Chrome
Invite User to WhiteSource Advise for Chrome
{
"requestType" : "inviteUserToWebAdvisor",
"userKey": "user_key",
"orgToken" : "Organization Token",
"userEmail": "User email address"
}
Response
{ "message": "Successfully invited external user" }
Service User
Create a Service User
{
"requestType": "createServiceUser",
"orgToken": "organization_api_key",
"userKey": "user_key",
"addedUser":{
"name":"new_user_name"
}
}
Response
{
"user" : {
"userKey": xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
}
Regenerate User Key for a Service User
{
"requestType": "regenerateUserKey",
"orgToken": "organization_api_key",
"userKey": "user_key",
"serviceUserKey": "service_user_key"
}
Response
{
"user" : {
"userKey": 232gkey45gt34
}
Get Organization Service User
{
"requestType":"getOrganizationServiceUsers",
"userKey":"user_key",
"orgToken":"org_token"
}
Response
{
"serviceUsers": [
{
"serviceUserName": "user_a",
"serviceUserToken": "user_a_token"
},
{
"serviceUserName": "user_b",
"serviceUserToken": "user_b_token"
}
]
}
Get Product Service User
{
"requestType":"getProductServiceUsers",
"userKey":"user_key",
"productToken":"product_token"
}
Response
{
"serviceUsers": [
{
"serviceUserName": "user_a",
"serviceUserToken": "user_a_token"
}
]
}
Origin Library Modification
Changes the origin library of source files.
Change Origin Library
{
"requestType" : "changeOriginLibrary",
"userKey": "userKey",
"orgToken" : "orgToken",
"targetKeyUuid": "key-uuid-of-the-source-library-to-change-files",
"sourceFiles": ["sha1_1", "sha1_2"],
"userComments": "user-comments"
}
Response Format
{
"message": "Successfully changed origin library"
}
Project Setup Notification Configuration
This request enables you to define rules for email notifications.
Set Project Setup Notification Configuration
{
"requestType" : "setProjectSetupNotificationConfig",
"orgToken" : "organization_api_key",
"userKey" : "user_api_key",
"action": "notification_ENABLED|DISABLED|CUSTOM",
"projectTagKeyRegex" : "project_tag_key_pattern",
"projectTagValueRegex" : "project_tag_value_pattern"
}
Response Format
{
"message": "Successfully changed project setup completion notification configuration"
}
'action' values are: CUSTOM, ENABLED, DISABLED
'projectTagKeyRegex' and 'projectTagValueRegex' are mandatory only in case the action is CUSTOM. Both of their values must be formatted regex valid strings. In such cases, the notifications are sent when both projectTagKeyRegex and projectTagValueRegex are in accordance with the defined project tags.
CUSTOM Action Sample
{
"requestType" : "setProjectSetupNotificationConfig",
"orgToken" : "5dc3e478a8f6500e5b525f3",
"userKey" : "7e3694ac0a50ebb",
"action": "CUSTOM",
"projectTagKeyRegex" : "^[0-9]*$",
"projectTagValueRegex" : "^(ProjectTagValue)"
}
Plugin Request State
Get Request State
{
"requestType" : "getRequestState",
"userKey": "user_key",
"orgToken" : "organization token",
"requestToken" : "support token"
}
Response Format
{
"requestState": "FINISHED",
"timestamp": "2018-02-28T17:48:19Z"
}
Possible requestState values:
- UNKNOWN - either orgToken or requestToken are invalid
- IN_PROGRESS - update is in progress
- UPDATED - inventory has been modified yet alerts have not been calculated yet
- FINISHED - alerts have been calculated successfully
- FAILED - an error has occurred during the update process
The timestamp field is GMT time.
The requestToken (also displayed as "Support Token" when printing results to the console from the plugins) can be found in the data of the response returned form the server).
Note: Available since version 18.2.1
Response Structure
Structure of the vulnerability in each security vulnerability alert object:
Vulnerability
Each vulnerability object has the following fields:
name - the name of the vulnerability (e.g. CVE-2008-0983).
severity - the CVSS severity (as taken from NVD), can be one of:
HIGH
MEDIUM
LOW
score - the CVSS score (as taken from NVD), values range from 0-10.
- cvss3_score - the CVSS score 3 (as taken from NVD), values range from 0-10.
- cvss3_severity - if cvss 3 score is between 0-3.9 - low, if cvss 3 score is between 4-6.9 - medium, if cvss 3 score is between 7-10 - high
- scoreMetadataVector - a text representation of a set of CVSS metrics. See also related specification.
description - the vulnerability description.
publishDate - the publish date.
sourceFile - in case the vulnerability was matched to a source file, not the binary library, the sourceFile field will be populated (see details below).
Note: only libraries with type SOURCE_LIBRARY have source files.vulnerabilityFix - the top fix of the vulnerability (see details below).
fixResolutionText - the actual resolution text to display for the given fix.
The 'vulnerabilityFix' and 'fixResolutionText' fields are populated only when there is an available fix.
Library details overview
| type | groupId | artifactId | version | name | filename |
|---|---|---|---|---|---|
ActionScript Alpine Arch Linux Debian Java Archive JavaScript javascript/Node.js Nuget Python RPM Ruby | Package name | Filename | Package version | Package name | Filename (taken from artifactId) |
| Java | Maven groupId | Maven artifactId | Maven version | Maven project name | artifactId + version + extension |
| javascript/Bower | Project owner | Package name | Package version | Package name | artifactId + version |
| .NET | Owner / Organization | .NET project name | Package version | .NET project name | artifactId + version + extension |
| Source Library | Project owner | SCM project name | Repository version / tag | artifactId + version | artifactId + version |
| Unknown Library | - If the artifact has owner, it will be displayed as groupId | filename + extension. | - Will be shown only in case the artifact has version when uploaded | filename + extension If the artifact has artifactId and version, the name will consist of them | Filename + extension |
Source File
Each source file object has the following fields:
name - the name of the source file.
sha1 - the SHA-1 checksum.
Vulnerability Fix
Each vulnerability fix object has the following fields:
vulnerability - the name of the vulnerability (e.g. CVE-2008-0983).
type - the type of fix available, can be one of:
CHANGE_FILES
PATCH
UPGRADE_VERSION
vulnerabilityFixOrigin - the site, service or provider of the fix, can be one of:
GITHUB_COMMIT
JIRA
BUGZILLA
NODE_SECURITY_ADVISORY
PIVOTAL_VULNERABILITY_REPORT
FFMPEG_SECURITY
STRUTS_SECURITY_BULLETIN
XFORCE_VULNERABILITY_REPORT
SECURITY_TRACKER
- WHITESOURCE_EXPERT - Used whenever a WhiteSource security researcher discovers that a vulnerability can be fixed by upgrading to a newer version, and there are no other sources for the vulnerability fix.
url - the URL of the fix.
fixResolution - the fix resolution. Depending on the origin the fixResolution field may vary:
GITHUB_COMMIT - comma separated file names to change.
JIRA - comma separated list of versions, e.g. “1.0.5,1.1.3”.
BUGZILLA - comma separated list of versions.
NODE_SECURITY_ADVISORY - text taken as-is from the origin, e.g. “>= 1.0.4” or “Upgrade to version 0.2.5 or greater.”
PIVOTAL_VULNERABILITY_REPORT - text taken as-is from the origin.
FFMPEG_SECURITY - comma separated list of versions.
STRUTS_SECURITY_BULLETIN - text taken as-is from the origin, e.g. “Developers should upgrade to Struts 2.0.12”.
XFORCE_VULNERABILITY_REPORT - text taken as-is from the origin, e.g. “Refer to ASA-2007-010 for patch, upgrade or suggested workaround information. See References.”.
SECURITY_TRACKER - text taken as-is from origin, e.g. “The vendor has issued a fix (2.3.17, 2.4.11).”.
date - publish date of the fix (not always available).
messsage - the title / description of the fix as taken from the origin.
extraData - extra data stored for each fix in key_1=value_1&key_2&value_2 pairs. Depending on the origin the extraData field may vary:
key - the short commit SHA-1.
committerName - the name of the committer.
committerUrl - a link to the committer’s page on GitHub.
committerAvatar - a link to the committer’s avatar.
key - the issue id.
assignee - the person assigned to the issue.
key - the issue id.
assignee - the person assigned to the issue.
key - the advisory id.
key - the report id, which is simply the CVE name.
key - the bulletin id.
key - the report id.
- key - the alert id.
GITHUB_COMMIT
JIRA
BUGZILLA
NODE_SECURITY_ADVISORY
PIVOTAL_VULNERABILITY_REPORT
FFMPEG_SECURITY - no extra data available.
STRUTS_SECURITY_BULLETIN
XFORCE_VULNERABILITY_REPORT
SECURITY_TRACKER
Project State
- SETUP - Initializing project.
- DIFF - Calculating inventory changes.
- UPDATE - Updating inventory.
- CHANGE_EXCLUSIONS - Updating dependency exclusions.
- CHANGE_LOCAL_PATHS - Updating library paths.
- REMOVE - Removing libraries.
- PARTNER_UPDATE - Updating inventory.
- UPDATE_ALERTS - Updating alerts.
- CREATE_ISSUES - Creating external tickets
Assignments
- ADMIN
- ALERTS_IGNORER
- ALERT_EMAIL_RECEIVER
- DEFAULT_APPROVER
- LEGAL_ASSIGNER
- USER
Copyright © 2024 Mend.io (White Source Ltd.) | All rights reserved.