Find CVEs by Component

Xray REST APIs

Products
JFrog Xray
Content Type
REST API
ft:sourceType
Paligo

Description: Search for CVEs by the infected components

Security: Requires a valid user with "Admin" permissions. For Xray 3.8 and above, this only requires a valid user with the "Manage Reports'' role.

Usage: POST api/v1/component/searchCvesByComponents

Consumes: application/json

Produces: application/json

Request body:

Name

Type

Required/Optional

Description

components_id

array

required

An array of component IDs to search for CVEs

Response body:

Name

Type

Description

component

string

The component ID

cves

array

An array of CVEs associated with the component

error

string

Error message if component retrieval fails

Example Usage: POST api/v1/component/searchCvesByComponents

Request Body

{
    "components_id": ["gav://commons-collections:commons-collections:3.2.1","c2"]
}

Sample Response:

[
  {
    "component": "gav://commons-collections:commons-collections:3.2.1",
    "cves": [
      "CVE-2017-15708"
    ]
  },
  {
    "component": "c2",
    "error": "Failed to get component",
    "cves": []
  }
]

Response Codes

Status Code

Description

200

Valid Response

415

Failed to parse request

500

Failed to search CVEs of components