Description: Invokes scanning of a build that was uploaded to Artifactory as requested by a CI server
Security: Requires the "Manage Xray Metadata" role to be set on the User or Group level.
Usage: POST /api/v1/scanBuild
Consumes: application/json
Produces: wild card
{ "artifactory_Id": "artifactory-id", "buildName": "build-name", "buildNumber": "8", "rescan": true, //this is for scanning the artifact even if it was already scanned - scanned will be performed only if there is no other scan of this build name and number in progress "filters": { "includeLicenses": true //in order to get also the licenses } }
{ "artifactory_Id": "artifactory-id", "buildName": "build-name", "buildNumber": "8", "project": "<project_key>" }
{ "summary": { "fail_build": <true | false>, "message": <message with more information regarding the fail/success>, "more_details_url": <link to all created Alerts in Xray>, "total_alerts": <number of alerts generated from the scan> }, "alerts": [ <alert details> { "created": <creation time of the Alert>, "issues": [ <the issues the Alert includes> { "created": <creation time of the issue>, "cve": "", "description": <issue description>, "impacted_artifacts": [ { "depth": "int", "display_name": "", "infected_files": [ { "component_id": "", "depth": "int", "details": [ { "banned_licenses": [ { "alert_type": "", "description": "", "id": {}, "severity": "", "summary": "" } ], "child": "ImpactedFile", "vulnerabilities": [ { "alert_type": "", "description": "", "id": {}, "severity": "", "summary": "" } ] } ], "display_name": "", "name": "", "parent_sha": "", "path": "", "pkg_type": "", "sha1": "", "sha256": "" } ], "name": "", "parent_sha": "", "path": "", "pkg_type": "", "sha1": "", "sha256": "" } ], "provider": <issue provider>, "severity": <issue severity>, "summary": <issue summary>, "type": <issue type> } ], "top_severity": <Alert's top severity>, "watch_name": <name of the Watch which caused the Alert> } ], "licenses": [ { "name": <license name> "components": [<names of build components with this license>], "full_name": <license full name>, "more_info_url": [<links to more information about this license>], } ] }
Operational Risk Sample Response
{ "summary": { "Total_alerts": <number of alerts generated from the scan>, "fail_build": <true | false>, "message": <message with more information regarding the fail/success>, "more_details_url": <link to all created Alerts in Xray> }, "alerts": [ { "created": <creation time of the Alert>, "top_severity": <Top_severity>, "watch_name": "<watch_name>, "issues": [ { "severity": "Low", "type": "Operational_Risk", "provider": "JFrog", "created": "2022-03-21T16:06:19.485Z", "summary": "Custom Rule", "description": "Custom Rule", "impacted_artifacts": [ { "name": "test", "display_name": "test:1", "path": "default/builds/test", "pkg_type": "Build", "sha256": "f33dc9012526711ad2b332252d5aaf20fc5a7d02169094fb0c3b1396713271ad", "sha1": "", "depth": 0, "parent_sha": "f33dc9012526711ad2b332252d5aaf20fc5a7d02169094fb0c3b1396713271ad", "infected_files": [ { "name": "flink-sequence-file-1.11.3.jar", "path": "", "sha256": "8308dd8c95b58138165d6c596c079b408cd844c94a8173b28f9bc86be083f3ca", "component_id": "gav://org.apache.flink:flink-sequence-file:1.11.3", "depth": 0, "parent_sha": "f33dc9012526711ad2b332252d5aaf20fc5a7d02169094fb0c3b1396713271ad", "display_name": "org.apache.flink:flink-sequence-file:1.11.3" } ] } ] }, ] }
Response Codes:
200: Build scanned
415: Failed to parse scan build request
400: Request is missing mandatory fields
403: No valid license was found
500: Failed to get Artifactory instance data
500: Failed to check watches
500: Failed to send build to scan