Description: Search for a component by the CVEs it contains directly
Security: Requires a valid user with "Admin" permissions. For Xray 3.8 and above, this only requires a valid user with the "Manage Reports" role.
Usage: POST api/v1/component/searchByCves
Consumes: application/json
Payload
{ "cves": [ "CVE-2018-1999002" ] }
Produces: application/json
Response:
[ { "cve_details": "CVE-2018-1999002", "components": [ { "name": "org.jenkins-ci.main:jenkins-core", "package_type": "Maven", "version": "2.60.3", "link": "http://localhost:8046/xray/web/#/component/details/gav:~2F~2Forg.jenkins-ci.main:jenkins-core/2.60.3" } ] } ]
Sample usage:
POST api/v1/component/searchByCves { "cves": ["CVE-2017-15708","CVE-2017-15709"] }
Sample Response:
[ { "cve_details": "CVE-2017-15708", "components": [ { "name": "commons-collections:commons-collections", "package_type": "Maven", "version": "3.2.1", "link": "http://10.1.16.130:8000/web/#/component/details/gav:~2F~2Fcommons-collections:commons-collections/3.2.1" } ] }, { "cve_details": "CVE-2017-15709", "components": [] } ]
Response Codes
200: valid response
415: Failed to parse request
400: Got invalid CVE
500: Failed to search components by cves