Find CVEs by Component

Xray REST APIs

Products

JFrog Xray

Content Type

REST API

ft:sourceType

Paligo

Description: Search for CVEs by the infected components

Security: Requires a valid user with "Admin" permissions. For Xray 3.8 and above, this only requires a valid user with the "Manage Reports" role.

Usage: POST api/v1/component/searchCvesByComponents

Consumes: application/json

{
        "components_id": ["<component ID>"]
}

Produces: application/json

[
    {
        "component": "<Component ID>",
        "cves": [
            "<CVE ID>"
        ]
    },
    {
        "component": "c2",
        "error": "Failed to get component",
        "cves": []
    }
]

Sample Usage:

POST api/v1/component/searchCvesByComponents

{
        "components_id": ["gav://commons-collections:commons-collections:3.2.1","c2"]
}

Sample Response:

[
    {
        "component": "gav://commons-collections:commons-collections:3.2.1",
        "cves": [
            "CVE-2017-15708"
        ]
    },
    {
        "component": "c2",
        "error": "Failed to get component",
        "cves": []
    }
]

Response Codes

200: Valid response

415: Failed to parse request

500: Failed to search CVEs of components