Generate Vulnerabilities Report

Xray REST APIs

Products

JFrog Xray

Content Type

REST API

ft:sourceType

Paligo

Description: Generates a Vulnerabilities report with data defined by scope and filters. This request starts the report generation process which runs in the background. The returned report ID is used in other requests that require it such as Get Report Content, Delete Report, etc.

Since: 3.8

Security: Requires a user with the Manage Reports role.

Notes: For Xray version 3.21.2 and above with Projects, a Project Admin with Manage Security Assets privilege can generate a Vulnerabilities report using this REST API in the scope of a project, by using the additional query parameter projectKey.

Usage: POST api/v1/reports/vulnerabilities

Sample Request

{

    "name": "report1",
    "resources": {
        "repositories": [
            {
                "name": "libs-release-local"
            },

            {
                "name": "plugins-release-local",
                "include_path_patterns": [
                    "*folder1/*path"
                ]
            },

            {
                "name": "ext-release-local",
                "include_path_patterns": [
                    "folder1/path/*",
                    "folder2/path*"
                ],
                "exclude_path_patterns": [
                    "folder1/path2/*",
                    "folder2/path2*"
                ]
            }
        ],
        "builds": {
            "names": [
                "art-docker-test",
                "art-docker-prod"
            ],
            "include_patterns": [
                "release*",
                "feat*ure"
            ],
            "exclude_patterns": [
                "snapshots*",
                "test*"
            ],
            "number_of_latest_versions": 5
        },
        "release_bundles": {
            "names": [
                "art-pkg",
                "xray_pkg"
            ],
            "include_patterns": [
                "release*",
                "feat*ure"
            ],
            "exclude_patterns": [
                "snapshots*",
                "test*"
            ],
            "number_of_latest_versions": 5
        },
        "projects": {
            "names": [
                "test1",
                "test2"
            ],
            "include_key_patterns": [
                "test*",
            ],
            "number_of_latest_versions": 5
       }
    },
    "filters": {
        "vulnerable_component": "*vulnerable:component*",
        "impacted_artifact": "some://impacted*artifact",
        "has_remediation": false,
        "cve": "CVE-1234-1234",
        "issue_id": "XRAY-1234",
        "severities": [
            "High",
            "Medium"
        ],
        "cvss_score": {
            "min_score": 6.3,
            "max_score": 9
        },
        "published": {
            "start": "2020-06-29T12:22:16Z",
            "end": "2020-06-29T12:22:16Z"
        },
        "scan_date": {
            "start": "2020-06-29T12:22:16Z",
            "end": "2020-06-29T12:22:16Z"
 }

    }

}

Sample Response

{
   "report_id": 23,
   "status": "pending"
}

Generate Vulnerabilities Report in Projects

POST /api/v1/reports/vulnerabilities?projectKey=<project_key>