Get Contextual Analysis per Vulnerability V2

Description: Retrieves Contextual Analysis data for vulnerability

Since: 3.91.x

Notes: In Get Contextual Analysis per Vulnerability v2 REST API the “applicability” boolean was replaced with the “result” string. Possible values: not_scanned, applicable, not_applicable, undetermined, rescan_required, upgrade_required, not_covered

Currently, you can retrieve the evidence details only with the Get Contextual Analysis per Vulnerability V1

Security: Requires a valid user with the "Read" permissions

Usage: GET /xray/api/v2/cve_applicability

Produces: application/json

Query parameters:

Name	Type	Required/Optional	Description
`component_id`	string	required	Component id is the resource id (artifact/build/release-bundle). Component id is not unique, all relevant results returned. If the id is of a build or a release bundle, all artifacts which are direct children of the build/bundle will be considered. Examples: `docker://pyyaml_3_10_app:1` `build://example-build:1 releaseBundleV2://[release-bundles-v2]/docker-rbv2:4`
`vulnerability_id`	string	required	Xray id Example: `XRAY-95701`
`source_comp_id`	string	optional	Source component id is the SBOM package that the vulnerability originates from. If given, only a result matching that component will be returned. If not given, returned results will contain data for any component in the artifact. Example: pypi://PyYAML:3.10
`path`	string	optional	If given, will be used to identify the specific artifact that is relevant. Otherwise, going only by component_id can result in aggregation of results from several artifacts. Only relevant for artifacts (not build/release-bundle). Example: `docker-local/rabbitmq/latest/manifest.json` `maven-local/student-services-security-0.0.1-20230711.143048-1.jar`
`user_issue_id`	string	optional	If given, will be used to identify the specific artifact that is relevant. Otherwise, going only by component_id can result in aggregation of results from several artifacts. Only relevant for artifacts (not build/bundle). Example: `147764179185893785`

Response body:

Name	Type	Description
`result`	string	An aggregated Contextual Analysis The result is based on priority of the results of all the items(ItemObj). For example `applicable` overrules `not_scanned`. Possible values: `not_scanned`, `applicable`, `not_applicable`, `undetermined`, `rescan_required`, `upgrade_required`, `not_covered`
`items`	Array [ItemObj]	Array of results

Name

Type

Description

result

string

An aggregated Contextual Analysis The result is based on priority of the results of all the items(ItemObj). For example applicable overrules not_scanned.

Possible values: not_scanned, applicable, not_applicable, undetermined, rescan_required, upgrade_required, not_covered

items

Array [ItemObj]

Array of results

ItemObj

Name	Type	Description
`component_id`	string	Component id
`source_comp_id`	string	Source component id
`vulnerability_id`	string	CVE id (or Xray id if not existing)
`result`	string	Contextual Analysis result. Possible values: `not_scanned`, `applicable`, `not_applicable`, `undetermined`, `rescan_required`, `upgrade_required`, `not_covered`
`scanner_explanation`	string	Scanner explanation (html format)
`info`	string	Information about the scan result

Response codes:

Status code	Description
200	OK
400	Bad request - Required fields are missing
403	Permission denied

Example request - repository:

Url: /xray/api/v2/cve_applicability?component_id=docker://xmas:policy&vulnerability_id=XRAY-95701&path=docker-local/app/latest/manifest.json

Example of successful response:

200 OK

{
    "result": "applicable",
    "items": [
        {
            "component_id": "docker://app:latest",
            "source_comp_id": "pypi://PyYAML:5.2",
            "vulnerability_id": "CVE-2020-1747",
            "result": "applicable",
            "scanner_explanation": "<p>The scanner checks whether any of the following vulnerable functions are called:</p>\n<ul>\n<li><code>yaml.full_load()</code></li>\n<li><code>yaml.load()</code> only unsafe calls (without specifying <code>SafeLoader</code> as the <code>Loader</code>class).</li>\n</ul>",
            "info": "The vulnerable function yaml.full_load/load is called"
        }
    ]
}

Example request build: Url: /xray/api/v2/cve_applicability?vulnerability_id=XRAY-95701&component_id=build://docker-build:1

Example of successful response:

200 OK

{
    "result": "applicable",
    "items": [
        {
            "component_id": "build://docker-build:1",
            "source_comp_id": "pypi://PyYAML:5.2",
            "vulnerability_id": "CVE-2020-1747",
            "result": "applicable",
            "scanner_explanation": "<p>The scanner checks whether any of the following vulnerable functions are called:</p>\n<ul>\n<li><code>yaml.full_load()</code></li>\n<li><code>yaml.load()</code> only unsafe calls (without specifying <code>SafeLoader</code> as the <code>Loader</code>class).</li>\n</ul>",
            "info": "The vulnerable function yaml.full_load/load is called"
        }
    ]
}

Example request release bundle: Url: /xray/api/v2/cve_applicability?vulnerability_id=XRAY-95701&component_id=releaseBundleV2://[release-bundles-v2]/docker-rbv2:4

Example of successful response:

200 OK

{
    "result": "applicable",
    "items": [
        {
            "component_id": "releaseBundleV2://[release-bundles-v2]/docker-rbv2:4",
            "source_comp_id": "pypi://PyYAML:5.2",
            "vulnerability_id": "CVE-2020-1747",
            "result": "applicable",
            "scanner_explanation": "<p>The scanner checks whether any of the following vulnerable functions are called:</p>\n<ul>\n<li><code>yaml.full_load()</code></li>\n<li><code>yaml.load()</code> only unsafe calls (without specifying <code>SafeLoader</code> as the <code>Loader</code>class).</li>\n</ul>",
            "info": "The vulnerable function yaml.full_load/load is called"
        }
    ]
}

Example error response:

400 Bad request

{
    "error": "Badly formatted request"
}