Description: Search for CVEs by the infected components
Security: Requires a valid user with "Admin" permissions. For Xray 3.8 and above, this only requires a valid user with the "Manage Reports" role.
Usage: POST api/v1/component/searchCvesByComponents
Consumes: application/json
{ "components_id": ["<component ID>"] }
Produces: application/json
[ { "component": "<Component ID>", "cves": [ "<CVE ID>" ] }, { "component": "c2", "error": "Failed to get component", "cves": [] } ]
Sample Usage:
POST api/v1/component/searchCvesByComponents { "components_id": ["gav://commons-collections:commons-collections:3.2.1","c2"] }
Sample Response:
[ { "component": "gav://commons-collections:commons-collections:3.2.1", "cves": [ "CVE-2017-15708" ] }, { "component": "c2", "error": "Failed to get component", "cves": [] } ]
Response Codes
200: Valid response
415: Failed to parse request
500: Failed to search CVEs of components