Description: Invokes scanning of a build that was uploaded to Artifactory as requested by a CI server
Security: Requires the "Manage Xray Metadata" role to be set on the User or Group level.
Usage: POST /api/v1/scanBuild
Consumes: application/json
Produces: wild card
{
"artifactory_Id": "artifactory-id",
"buildName": "build-name",
"buildNumber": "8",
"rescan": true, //this is for scanning the artifact even if it was already scanned - scanned will be performed only if there is no other scan of this build name and number in progress
"filters": {
"includeLicenses": true //in order to get also the licenses
}
}{
"artifactory_Id": "artifactory-id",
"buildName": "build-name",
"buildNumber": "8",
"project": "<project_key>"
}{
"summary": {
"fail_build": <true | false>,
"message": <message with more information regarding the fail/success>,
"more_details_url": <link to all created Alerts in Xray>,
"total_alerts": <number of alerts generated from the scan>
},
"alerts": [ <alert details>
{
"created": <creation time of the Alert>,
"issues": [ <the issues the Alert includes>
{
"created": <creation time of the issue>,
"cve": "",
"description": <issue description>,
"impacted_artifacts": [
{
"depth": "int",
"display_name": "",
"infected_files": [
{
"component_id": "",
"depth": "int",
"details": [
{
"banned_licenses": [
{
"alert_type": "",
"description": "",
"id": {},
"severity": "",
"summary": ""
}
],
"child": "ImpactedFile",
"vulnerabilities": [
{
"alert_type": "",
"description": "",
"id": {},
"severity": "",
"summary": ""
}
]
}
],
"display_name": "",
"name": "",
"parent_sha": "",
"path": "",
"pkg_type": "",
"sha1": "",
"sha256": ""
}
],
"name": "",
"parent_sha": "",
"path": "",
"pkg_type": "",
"sha1": "",
"sha256": ""
}
],
"provider": <issue provider>,
"severity": <issue severity>,
"summary": <issue summary>,
"type": <issue type>
}
],
"top_severity": <Alert's top severity>,
"watch_name": <name of the Watch which caused the Alert>
}
],
"licenses": [
{
"name": <license name>
"components": [<names of build components with this license>],
"full_name": <license full name>,
"more_info_url": [<links to more information about this license>],
}
]
}Operational Risk Sample Response
{
"summary": {
"Total_alerts": <number of alerts generated from the scan>,
"fail_build": <true | false>,
"message": <message with more information regarding the fail/success>,
"more_details_url": <link to all created Alerts in Xray>
},
"alerts": [
{
"created": <creation time of the Alert>,
"top_severity": <Top_severity>,
"watch_name": "<watch_name>,
"issues": [
{
"severity": "Low",
"type": "Operational_Risk",
"provider": "JFrog",
"created": "2022-03-21T16:06:19.485Z",
"summary": "Custom Rule",
"description": "Custom Rule",
"impacted_artifacts": [
{
"name": "test",
"display_name": "test:1",
"path": "default/builds/test",
"pkg_type": "Build",
"sha256": "f33dc9012526711ad2b332252d5aaf20fc5a7d02169094fb0c3b1396713271ad",
"sha1": "",
"depth": 0,
"parent_sha": "f33dc9012526711ad2b332252d5aaf20fc5a7d02169094fb0c3b1396713271ad",
"infected_files": [
{
"name": "flink-sequence-file-1.11.3.jar",
"path": "",
"sha256": "8308dd8c95b58138165d6c596c079b408cd844c94a8173b28f9bc86be083f3ca",
"component_id": "gav://org.apache.flink:flink-sequence-file:1.11.3",
"depth": 0,
"parent_sha": "f33dc9012526711ad2b332252d5aaf20fc5a7d02169094fb0c3b1396713271ad",
"display_name": "org.apache.flink:flink-sequence-file:1.11.3"
}
]
}
]
},
]
}
Response Codes:
200: Build scanned
415: Failed to parse scan build request
400: Request is missing mandatory fields
403: No valid license was found
500: Failed to get Artifactory instance data
500: Failed to check watches
500: Failed to send build to scan