Generate Violations Report

Xray REST APIs

Products

JFrog Xray

Content Type

REST API

ft:sourceType

Paligo

Description: Generates a Violations report with data defined by scope and filters. This request starts the report generation process which runs in the background. The returned report ID is used in other requests that require it such as Get Report Content, Delete Report, etc.

Since: 3.11

Security: Requires a user with the Manage Reports role.

Notes: For Xray version 3.21.2 and above with Projects, a Project Admin with Manage Security Assets privilege can generate a Violations report using this REST API in the scope of a project, by using the additional query parameter projectKey.

Usage: POST /api/v1/reports/violations

Parameters: All filter parameters are optional.

Sample Request

{
  "name": "ViolationsReport",
  "resources": {
    "repositories": [
      {
        "name": "libs-release-local"
      },
      {
        "name": "plugins-release-local",
        "include_path_patterns": [
          "*folder1/*path"
        ]
      },
      {
        "name": "ext-release-local",
        "include_path_patterns": [
          "folder1/path/*",
          "folder2/path*"
        ],
        "exclude_path_patterns": [
          "folder1/path2/*",
          "folder2/path2*"
        ]
      }
    ],
    "builds": {
      "names": [
        "art-docker-test",
        "art-docker-prod"
      ],
      "include_patterns": [
        "release*",
        "feat*ure"
      ],
      "exclude_patterns": [
        "snapshots*",
        "test*"
      ],
      "number_of_latest_versions": 5
    },
    "release_bundles": {
      "names": [
        "art-pkg",
        "xray_pkg"
      ],
      "include_patterns": [
        "release*",
        "feat*ure"
      ],
      "exclude_patterns": [
        "snapshots*",
        "test*"
      ],
      "number_of_latest_versions": 5
    },
    "projects": {
      "names": [
        "test1",
        "test2"
     ],
     "include_key_patterns": [
       "test*",

     ],
      "number_of_latest_versions": 5
    }
  },
  "filters": {
    "type": "security|license|operational_risk",
    "watch_names": [
      "NameOfWatch1",
      "NameOfWatch2"
    ],
    "watch_patterns": [
      "WildcardWatch*"
    ],
    "component": "*vulnerable:component*",
    "artifact": "some://impacted*artifact",
    "policy_names": [
      "NameOfPolicy"
    ],
    "severities": [
      "High",
      "Medium"
    ],
    "updated": {
      "start": "2020-01-02T15:00:00Z",
      "end": "2020-12-15T00:00:00Z"
    },
    "security_filters": {
      "cve": "CVE-2020-10693",
      "issue_id": "XRAY-87343",
      "cvss_score": {
        "min_score": 6.3,
        "max_score": 9
      },
      "summary_contains": "kernel",
      "has_remediation": false
    },
    "license_filters": {
      "unknown": false,
      "unrecognized": true,
      "license_names": [
        "Apache",
        "MIT",
        "AFL"
      ],
      "license_patterns": [
        "*Apache*",
        "AFL*"
      ]
    }
  }
}

Sample Response

{
    "report_id": 43,
    "status": "pending"
}

Generate Violations Report in Projects

POST /api/v1/reports/violations?projectKey=<project_key>