Get Violations

JFrog REST APIs

ft:sourceType
Paligo

Description: Gets the Xray violations based on a set of search criteria

Security: Requires a user with Read permissions.

Notes: Starting from Xray version 3.42.3, JFrog Security CVE Research and Enrichment data is supported. Important notes:JFrog Security CVE Research and Enrichment

  • The following fields are markdown texts

    • short_description

    • full_description

    • remediation

  • Extended information fields will not appear to Free Tier users.

Usage: POST /api/v1/violations

Consumes: application/json

Sample usage (all of the filter fields are optional):

POST /api/v1/violations
{
        "filters": {
                "name_contains": "Denial of service attack",
                "violation_type": "Security",
                "watch_name": "watch",
                "min_severity": "Medium",
                "created_from": "2018-06-06T12:22:16+03:00"
        },
        "pagination": {
                "order_by": "updated",
                "limit": 25,
                "offset": 1
        }
}

Operational Risk Sample Request

POST /api/v1/violations
{
    "filters": {
        "violation_type": "Operational_Risk",
        "watch_name": "watch",
        "min_severity": "Medium",
    },
    "pagination": {
        "order_by": "updated",
        "limit": 25,
        "offset": 1
    }
}

Sample response:

{
  "total_violations": 295,
  "violations": [
    {
      "description": "Amazon Digital Services License",
      "severity": "High",
      "type": "License",
      "infected_component": [
        "generic://sha256:72daef35b54f95a97e7da5ae2dd7cccecc71183788656083f35fdf6e0ca5a24f/opkg-4.3.54.jar"
      ],
      "created": "2018-05-29T17:30:49+03:00",
      "watch_name": "watch_license",
      "issue_id": "ADSL",
      "violation_details_url": "localhost:8000/api/v1/violations?watch_id=5b163b41ab1bdddbb2e16492&issue_id=XRAY-60763",
      "impacted_artifacts": [
        "arti1/libs-release-local/jfrog-artifactory-pro-5.9.0.zip"
      ]
    },
    {
      "description": "If a user of Commons-Email (typically an application programmer) passes unvalidated input as the so-called \"Bounce Address\", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated.",
      "severity": "Low",
      "type": "Security",
      "infected_component": [
        "gav://org.apache.commons:commons-email:1.1"
      ],
      "created": "2018-06-06T12:21:18+03:00",
      "watch_name": "all",
      "issue_id": "XRAY-60829",
      "violation_details_url": "localhost:8000/api/v1/violations?watch_id=5b163b41ab1bdddbb2e16492&issue_id=XRAY-60829",
      "impacted_artifacts": [
        "arti1/libs-release-local/jfrog-artifactory-pro-5.9.0.zip"
      ]
    }
  ]
}

CVE Research and Enrichment Sample Response

{
    "total_violations": 1,
    "violations": [{
            "description": "urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.",
            "severity": "Critical",
            "type": "Security",
            "infected_components": [
                "pypi://urllib3:1.22"
            ],
            "created": "2021-11-30T06:40:10+02:00",
            "watch_name": "MyFirstWatch",
            "issue_id": "XRAY-74787",
            "violation_details_url": "http://localhost:8046/xray/api/v1/violations?watch_id=7c64876c5e206011ed08ce25&issue_id=XRAY-74787&comp_id=build:%2F%2Fexample-build:3.10.0",
            "impacted_artifacts": [
                "default/builds/example-build"
            ],
            "extended_information": {
                "short_description": "An information leak in urllib3 can lead to authentication bypass via leaked HTTP authorization client credentials",
                "full_description": "urllib3 does not remove the `Authorization` HTTP header when following redirects (even cross-origin redirects, that differ in host, port, or scheme)\r\n\r\nThis issue can be exploited when a client is using `urllib3` and the following conditions apply:\r\n1. The client uses some kind of HTTP authorization (`Basic`, `Digest`, etc.)\r\n2. The client initially contacts an HTTPS server\r\n3. The HTTPS server redirects the client to a non-HTTP server\r\n4. The attacker can sniff the data between the client and the HTTP server (possibly by using a MitM attack)\r\n\r\nThe issue is not relevant if the client originally contacts an HTTP server, since the `Authorization` header can be sniffed by an attacker from the original connection, regardless of this CVE.\r\n\r\nRed Hat also updated the original CVSS analysis, which was downgraded to [7.5](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)",
                "jfrog_research_severity": "Medium",
                "jfrog_research_severity_reasons": [
                    {
                        "name": "The CVE can be remotely exploited",
                        "is_positive": false
                    },
                    {
                        "name": "The CVE has a published technical writeup",
                        "is_positive": false
                    },
                    {
                        "name": "The CVE has no exploit published",
                        "is_positive": true
                    },
                    {
                        "name": "The CVE has difficult prerequisites for exploitation",
                        "description": "See CVE details for more information",
                        "is_positive": true
                    },
                    {
                        "name": "The initial CVSS was disputed by Red Hat, and downgraded to 7.5",
                        "is_positive": true
                    }
                ]
            }
        }
    ]
}

Operational Risk Sample Response

{
  "total_violations": 1,
  "violations": [
    {
      "description": "Number of new versions and Version Age",
      "severity": "High",
      "type": "Operational_Risk",
      "infected_components": [
        "gav://joda-time:joda-time:2.9.9"
      ],
      "created": "2022-03-24T14:54:42+02:00",
      "watch_name": "OpRiskWatch",
      "issue_id": "1ea7a8e0904b4a6c1a837e8ab437e0892dd00ad203814f3b9edfd2a3d8be3b88",
      "violation_details_url": "http://test.jfrog.io/xray/api/v1/violations?watch_id=8d5a6d7364154c5c2455993a&issue_id=1ea7a8e0904b4a6c1a837e8ab437e0892dd00ad203814f3b9edfd2a3d8be3b88&comp_id=gav:%2F%2Forg.jruby:jruby-complete:9.2.0.0",
      "impacted_artifacts": [
        "default/generic-local/jruby-complete-9.2.0.0.jar"
      ],
      "applicability": null
    }
  ]
}      

Exposures Violations Sample Response

{
  "total_violations": 1,
  "violations": [
    {
      "description": "Number of new versions and Version Age",
      "severity": "High",
      "type": "Operational_Risk",
      "infected_components": [
        "gav://joda-time:joda-time:2.9.9"
      ],
      "created": "2022-03-24T14:54:42+02:00",
      "watch_name": "OpRiskWatch",
      "issue_id": "1ea7a8e0904b4a6c1a837e8ab437e0892dd00ad203814f3b9edfd2a3d8be3b88",
      "violation_details_url": "http://test.jfrog.io/xray/api/v1/violations?watch_id=8d5a6d7364154c5c2455993a&issue_id=1ea7a8e0904b4a6c1a837e8ab437e0892dd00ad203814f3b9edfd2a3d8be3b88&comp_id=gav:%2F%2Forg.jruby:jruby-complete:9.2.0.0",
      "impacted_artifacts": [
        "default/generic-local/jruby-complete-9.2.0.0.jar"
      ],
      "applicability": null
    }
  ]
}