Description: Generates a CVE Search Report with data defined by scope and filters. This request starts the report generation process which runs in the background.
The search will only work on indexed resources.
The report limit is up to 5 reports. Any new reports after the 5 limit, will delete previously generated reports.
Since: 3.73.x
Security: Requires a user with the Manage Reports role.
Usage: POST /api/v1/reports/cveSearch
Usage Notes:
Request can have exactly one resource type: Repositories/Build/ReleaseBundle/Project.
Repositories can have include/exclude patterns.
Build can have patterns or repos/name. Last versions must be higher than 0. Include pattern can be ‘*’.
Release bundles must have either names or patterns. Last versions must be higher than 0. Include pattern can be ‘*’.
Project must have either key or patterns. Last versions must be higher than 0. Include pattern can be ‘*’.
CVE must follow regex pattern.
Required Parameters
Parameter | Type | Mandatory/Optional | Description |
|---|---|---|---|
CVE | string | mandatory | The CVE for the report |
name | string | optional | The given name for the report |
resources | object <resources> | mandatory | The scope for the report |
filters | object <filters> | optional | The filters for results |
Filters
Parameter | Type | Mandatory/Optional | Description |
|---|---|---|---|
vulnerable_component | string | optional | Wildcard patterns for excluding components. |
scan_date.start | string | optional | The start of this date range. This is a timestamp in RFC 3339 format: <YYYY-MM-DDTHH-MM-SSZ> |
scan_date.end | string | optional | The end of this date range. This is a timestamp in RFC 3339 format: <YYYY-MM-DDTHH-MM-SSZ> |
impacted_artifact | string | optional | Wildcard patterns for excluding artifacts. |
Resources
Parameter | Type | Mandatory/Optional |
|---|---|---|
repositories | array <repo> | Providing a singe resource type is mandatory |
builds | object <build> | |
release_bundles | object <bundle> | |
projects | object <project> |
repo
Parameter | Type | Mandatory/Optional | Description |
|---|---|---|---|
name | string | Providing one of the parameters is mandatory | Repository name |
include_path_patterns | array <string> | Wildcard patterns for including repository paths. | |
exclude_path_patterns | array <string> | Wildcard patterns for excluding repository paths. |
build
Parameter | Type | Mandatory/Optional | Description |
|---|---|---|---|
names | array <string> | Providing one of the parameters is mandatory | |
builds_with_repos | array <build_with_repo> | ||
include_patterns | array <string> | Wildcard patterns for including build names | |
exclude_patterns | array <string> | Wildcard patterns for build names. | |
number_of_latest_versions | int | mandatory | The limit of latest versions to reference |
bundle
Parameter | Type | Mandatory/Optional | Description |
|---|---|---|---|
names | array <string> | Providing one of the parameters is mandatory | |
builds_with_repos | array <build_with_repo> | ||
include_patterns | array <string> | Wildcard patterns for including release bundle names. | |
exclude_patterns | array <string> | Wildcard patterns for release bundle names. | |
number_of_latest_versions | int | mandatory | The limit of latest versions to reference |
build_with_repo
Parameter | Type | Mandatory/Optional | Description |
|---|---|---|---|
build | string | mandatory | Build name |
project | string | mandatory | project key |
repo | string | mandatory | Repository name |
projects
Parameter | Type | Mandatory/Optional | Description |
|---|---|---|---|
names | array <string> | Providing one of the parameters is mandatory | List of project keys to include. |
include_key_patterns | array <string> | Wildcard patterns for including project keys. | |
exclude_key_patterns | array <string> | Wildcard patterns for project keys. | |
number_of_latest_versions | int | mandatory | The limit of latest versions to reference. |
Response Codes
Status Code | Description |
|---|---|
200 | OK |
201 | Created |
400 | Bad request |
500 | Server error |
Sample Request
{
"cve": "CVE-2021-45046",
"name": "report-name",
"filters": {
"vulnerable_component": "*vulnerable:component*",
"impacted_artifact": "*impacted:artifact*",
"scan_date": {
"start": "2023-01-05T08:00:00Z",
"end": "2023-01-22T20:00:00Z"
}
},
"resources": {
"repositories": [
{
"name": "repo-local"
},
{
"include_path_patterns": [
"c/d/*",
"t/s*"
],
"exclude_path_patterns": [
"x/z/*"
]
}
],
"builds": {
"builds_with_repos": [
{
"build": "build_name",
"project": "projectKey",
"repo": "repo-name",
},
],
"include_patterns": [
"c/d/*",
"t/s*"
],
"exclude_patterns": [
"x/z/*"
],
"names": [
"name1",
"name2"
],
"number_of_latest_versions": 12345
},
}
}Sample Response
200 OK
{
"report_id": 3,
"status": "pending"
}