Description: Create an Ignore Rule.
Since: 3.11
Security: Requires a valid user with the "Manage Watches" permission.
Notes: For Xray version 3.21.2 and above with Projects, a Project Admin with the Manage Assets privilege can create Ignore Rules using this REST API in the scope of a project, by using the additional query parameter projectKey
. Wildcards are not supported for artifact names.
Usage: POST /api/v1/ignore_rules
Parameters:
“vulnerabilities”/“licenses”/“cves”/“policies”/“watches”/“docker-layers” - []string
Example Format
["Value 1", "Value 2", ...]
“release-bundles”/“builds”/“components” - []{name(string), version(string)} (name - must)
Example Format
[{"name": test, "version": number},...]
“artifacts” - []{name(string), version(string), path(string)} (name - must)
Example Format
[{"name": test, "version": number, "path": path},...]
“operational_risk” - []string
Note: Only ‘Any’ is supported for this parameter
Example Format
[“any”]
Functionality level | Objective | Scope | Source |
---|---|---|---|
Filters |
|
|
|
Ignore filters:
Sample Request
{ "notes": "ignore any license for any version of alpine for the base layer within all 'myApp' builds", "ignore_filters": { "licenses":[ "any" ], "builds": [ { "name":"myApp" } ], "components": [ { "name":"docker://alpine" } ], "docker-layers": [ "0503825856099e6adb39c8297af09547f69684b7016b7f3680ed801aa310baaa" ] } }
Sample Request
{ "notes": "ignore 'CVE-2016-2168' when watch is 'tstWatch'", "ignore_filters": { "cves":[ "CVE-2016-2168" ], "watches":[ "tstWatch" ] } }
Sample Request
{ "notes": "ignore 'CVE-2016-2168' until the expiration date set'", "expires_at": "2020-06-29T00:00:00Z", "ignore_filters": { "cves":[ "CVE-2016-2168" ], "watches":[ "tstWatch" ] } }
Sample Request
{ "notes": "ignore 'XRAY-12345' for component 'rpm://juice' of version '6.0.0", "ignore_filters": { "vulnerabilities":[ "XRAY-12345" ], "components":[ { "name":"rpm://juice", "version":"6.0.0" } ] } }
Sample Request
{ "notes": "ignore any violation for 'tstRB' release-bundle", "ignore_filters": { "vulnerabilities":[ "any" ], "licenses":[ "any" ], "release-bundles":[ { "name":"tstRB" } ] } }
Sample Request
{ "notes": "ignore any violation for 'gav://dev' artifact only under repo 'devRepo' when violation sources are any version of 'go://gosu' or 'rpm://juice'", "ignore_filters": { "vulnerabilities":[ "any" ], "licenses":[ "any" ], "artifacts":[ { "name":"gav://dev", "path":"devRepo/" } ], "components":[ { "name":"go://gosu" }, { "name":"rpm://juice" } ] } }
Sample Request
{ "notes": string, "ignore_filters": { "vulnerabilities": [ "any" ], "licenses": [ "any" ], "artifacts": [ {name:"docker://redis", version: "any", path: "/testRepo"} ] } }
Operational Risk Sample Request
{ "notes": "ignore Operational Risk violations for artifact 'gav://org.jfrog.ignored:ignored-core' of version '2.0.0", "ignore_filters": { "operational_risk":[ "any" ], "artifacts":[ { "name":"gav://org.jfrog.ignored:ignored-core", "version":"2.0.0" } ] } }
Sample Response
successfully added ignore rule with id: {id}
Projects Filter:
Note: Add project field to Builds filter, a Build without a project is referred to as a Global Build.
{ "notes": "ignore any license for any version of alpine for the base layer within all 'myApp' builds", "ignore_filters": { "licenses":[ "any" ], "builds": [ { "name":"myApp", "project":"projA" } ], "components": [ { "name":"docker://alpine" } ], "projects": [ "projA", "projB" ] } }
Exposures Sample Request 1
Ignore exposures by category on a given path within the artifact.
{ "notes": "path /etc/envoy/req.sw.envoy.admin-localhost.yaml", "ignore_filters": { "exposures": { "categories": [ "secrets", "services" ], "file_path": [ "/etc/envoy/req.sw.envoy.admin-localhost.yaml" ] } }}
Exposures Sample Response 1
{ "info": "Successfully added Ignore rule with id: 269c3872-4735-4244-4886-17ae1dc5fcd6"}
Exposures Sample Request 2
Ignore exposures by scanner on a given path within the artifact.
{ "notes": "path /etc/envoy/req.sw.envoy.admin-localhost.yaml", "ignore_filters": { "exposures": { "scanners": [ "EXP-12345" ], "file_path": [ "/etc/envoy/req.sw.envoy.admin-localhost.yaml" ] } }}
Exposures Sample Response 2
{ "info": "Successfully added Ignore rule with id: 45f570bb-15f9-4370-4414-5f13aa6387d1"}
Response Codes:
201 - successfully created ignore rule id: {ignore_rule_id}
500 - Failed to create ignore rule
400 - Parsing/validation error
401 - Unauthorized
403 - Forbidden
415 - Unsupported media type