Scan Build V1

JFrog REST APIs

ft:sourceType
Paligo

Description: Invokes scanning of a build that was uploaded to Artifactory as requested by a CI server

Security: Requires the "Manage Xray Metadata" role to be set on the User or Group level.

Usage: POST /api/v1/scanBuild

Consumes: application/json

Produces: wild card

{
 "artifactory_Id": "artifactory-id",
 "buildName": "build-name",
 "buildNumber": "8",
 "rescan": true,   //this is for scanning the artifact even if it was already scanned - scanned will be performed only if there is no other scan of this build  name and number in progress
  "filters": {
   "includeLicenses": true //in order to get also the licenses
   }
}
{
  "artifactory_Id": "artifactory-id",
  "buildName": "build-name",
  "buildNumber": "8",
  "project": "<project_key>"
}
{
  "summary": {
    "fail_build": <true | false>,
    "message": <message with more information regarding the fail/success>,
    "more_details_url": <link to all created Alerts in Xray>,
    "total_alerts": <number of alerts generated from the scan>
  },
  "alerts": [  <alert details>
    {
      "created": <creation time of the Alert>,
      "issues": [ <the issues the Alert includes>
        {
          "created": <creation time of the issue>,
          "cve": "",
          "description": <issue description>,
          "impacted_artifacts": [
            {
              "depth": "int",
              "display_name": "",
              "infected_files": [
                {
                  "component_id": "",
                  "depth": "int",
                  "details": [
                    {
                      "banned_licenses": [
                        {
                          "alert_type": "",
                          "description": "",
                          "id": {},
                          "severity": "",
                          "summary": ""
                        }
                      ],
                      "child": "ImpactedFile",
                      "vulnerabilities": [
                        {
                          "alert_type": "",
                          "description": "",
                          "id": {},
                          "severity": "",
                          "summary": ""
                        }
                      ]
                    }
                  ],
                  "display_name": "",
                  "name": "",
                  "parent_sha": "",
                  "path": "",
                  "pkg_type": "",
                  "sha1": "",
                  "sha256": ""
                }
              ],
              "name": "",
              "parent_sha": "",
              "path": "",
              "pkg_type": "",
              "sha1": "",
              "sha256": ""
            }
          ],
          "provider": <issue provider>,
          "severity": <issue severity>,
          "summary": <issue summary>,
          "type": <issue type>
        }
      ],
      "top_severity": <Alert's top severity>,
      "watch_name": <name of the Watch which caused the Alert>
    }
  ],
  "licenses": [
    {
      "name": <license name>
      "components": [<names of build components with this license>],
      "full_name": <license full name>,
      "more_info_url": [<links to more information about this license>],
    }
  ]
}

Operational Risk Sample Response

{

  "summary": {

    "Total_alerts": <number of alerts generated from the scan>,
    "fail_build": <true | false>,
    "message": <message with more information regarding the fail/success>,
    "more_details_url": <link to all created Alerts in Xray>
  },
  "alerts": [
    {

      "created": <creation time of the Alert>,
      "top_severity": <Top_severity>,
      "watch_name": "<watch_name>,
      "issues": [
                {
          "severity": "Low",
          "type": "Operational_Risk",
          "provider": "JFrog",
          "created": "2022-03-21T16:06:19.485Z",
          "summary": "Custom Rule",
          "description": "Custom Rule",
          "impacted_artifacts": [
            {

              "name": "test",
              "display_name": "test:1",
              "path": "default/builds/test",
              "pkg_type": "Build",
              "sha256": "f33dc9012526711ad2b332252d5aaf20fc5a7d02169094fb0c3b1396713271ad",
              "sha1": "",
              "depth": 0,
              "parent_sha": "f33dc9012526711ad2b332252d5aaf20fc5a7d02169094fb0c3b1396713271ad",
              "infected_files": [

                {

                  "name": "flink-sequence-file-1.11.3.jar",
                  "path": "",
                  "sha256": "8308dd8c95b58138165d6c596c079b408cd844c94a8173b28f9bc86be083f3ca",
                  "component_id": "gav://org.apache.flink:flink-sequence-file:1.11.3",
                  "depth": 0,
                  "parent_sha": "f33dc9012526711ad2b332252d5aaf20fc5a7d02169094fb0c3b1396713271ad",
                  "display_name": "org.apache.flink:flink-sequence-file:1.11.3"
                }
              ]
            }
       ]
    },
   ]
}

Response Codes:

200: Build scanned

415: Failed to parse scan build request

400: Request is missing mandatory fields

403: No valid license was found

500: Failed to get Artifactory instance data

500: Failed to check watches

500: Failed to send build to scan