Find Component by CVE

Xray REST APIs

Products

JFrog Xray

Content Type

REST API

ft:sourceType

Paligo

Description: Search for a component by the CVEs it contains directly

Security: Requires a valid user with "Admin" permissions. For Xray 3.8 and above, this only requires a valid user with the "Manage Reports" role.

Usage: POST api/v1/component/searchByCves

Consumes: application/json

Payload

{
    "cves": [
        "CVE-2018-1999002"
    ]
}

Produces: application/json

Response:

[
    {
        "cve_details": "CVE-2018-1999002",
        "components": [
            {
                "name": "org.jenkins-ci.main:jenkins-core",
                "package_type": "Maven",
                "version": "2.60.3",
                "link": "http://localhost:8046/xray/web/#/component/details/gav:~2F~2Forg.jenkins-ci.main:jenkins-core/2.60.3"
            }
        ]
    }
]

Sample usage:

POST api/v1/component/searchByCves
{
        "cves": ["CVE-2017-15708","CVE-2017-15709"]
}

Sample Response:

[
    {
        "cve_details": "CVE-2017-15708",
        "components": [
            {
                "name": "commons-collections:commons-collections",
                "package_type": "Maven",
                "version": "3.2.1",
                "link": "http://10.1.16.130:8000/web/#/component/details/gav:~2F~2Fcommons-collections:commons-collections/3.2.1"
            }
        ]
    },
    {
        "cve_details": "CVE-2017-15709",
        "components": []
    }
]

Response Codes

200: valid response

415: Failed to parse request

400: Got invalid CVE

500: Failed to search components by cves