Get Ignored Violations

Description: Gets a list of all Ignored violations on a watch.

API Version: v1

Notes: Setting pagination parameters are optional. You can get the list sorted using order_by according to severity or updated.

The default values are:

limit = 500
offset = 1
order_by = updated

Security: Requires the "Manage Watches" role to be set on the User or Group level.

Notes:

For Xray version 3.21.2 and above with Projects, a Project Admin with Manage Security Assets privilege can gets a list of all Ignored violations on a Watch using this REST API in the scope of a project, by using the additional query parameter projectKey.
Starting from Xray version 3.42.3, JFrog Security CVE Research and Enrichment data is supported. Important notes:
- The following fields are markdown texts
  - short_description
  - full_description
  - remediation
- Extended information fields will not appear to Free Tier users.

Usage: GET /violations/ignored/ {watch_name}

Produces: application/json

Sample Response

Get api/v1/violations/ignored/{watch_name}?limit={limit}&order_by={order_by}&offset={offset}

{
    "violations_count": 1,
    "violations": [
        {
            "violation_id": "5ddd31eb9c0a3c25fe242bdd",
            "description": "The Apache Software License, Version 2.0",
            "severity": "High",
            "type": "License",
            "infected_components": [
                "gav://commons-lang:commons-lang:2.4",
                "gav://commons-io:commons-io:1.2",
                "gav://commons-collections:commons-collections:3.2",
                "gav://org.apache.wicket:wicket:1.3.7"
            ],
            "created": "2019-11-26T18:03:37+02:00",
            "watch_name": "watch_all",
            "matched_policies": [
                {
                    "policy": "hgh",
                    "rule": "hi",
                    "is_blocking": false
                }
            ],
            "issue_id": "Apache-2.0",
            "ignore_rule_info": {
                "ignore_rule_type": "Ignore Permanently",
                "author": "admin",
                "created": 1574846905
            }
        }
    ]

Get Ignored Violation in a Watch in Projects Sample Usage

Get api/v1/violations/ignored/proj-watch?projectKey=<project_key>&?limit={limit}&order_by={order_by}&offset={offset}

CVE Research and Enrichment Sample Response

{
    "violations_count": 1,
    "violations": [
        {
            "violation_id": "1467958130936188928",
            "description": "basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value   (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.",
            "severity": "Medium",
            "type": "Security",
            "infected_components": [
                "deb://debian:bullseye:libudev1:247.3-3",
                "deb://debian:bullseye:libsystemd0:247.3-3"
            ],
            "created": "2021-12-06T22:44:26+02:00",
            "watch_name": "AllSeverityWatch",
            "matched_policies": [
                {
                    "policy": "AllSeverityPolicy",
                    "rule": "AllSeveritiyRule",
                    "is_blocking": false,
                    "is_ignored": true
                }
            ],
            "issue_id": "XRAY-179888",
            "impacted_artifacts": [
                "default/containers/pktvisor/latest/"
            ],
            "ignore_rule_info": {
                "id": "d8af732b-7ca0-442d-7baf-45c11e2ca847",
                "ignore_rule_type": "Ignore Permanently",
                "author": "admin",
                "created": 1638823637,
                "notes": "TestRemedationInVulnerabilityIgnoreRule",
                "is_expired": false
            },
            "extended_information": {
                "short_description": "Insufficient bounds checking in basic/unit-name in systemd allows local attackers to perform denial of service by mounting a filesystem with a very long path",
                "full_description": "[systemd]( https://systemd.io/) is a software suite that provides an array of system components for Linux-based operating systems. Its main aim is to unify service configuration and behavior across Linux distributions.\r\n\r\nWhen systemd parses the `/proc/self/mountinfo` file, each mountpoint is passed to `mount_setup_unit()` which eventually calls `unit_name_path_escape()`.\r\n`unit_name_path_escape()` uses `strdupa` which allows a local attacker to exhaust kernel stack memory before string length restrictions are applied, leading to OS denial of service.\r\n\r\nTo exploit this, an attacker will have to create nested directories such that the total path length exceeds 4MB.\r\n\r\nThis vulnerability is exploitable only if the kernel supports unprivileged user namespaces (`CONFIG_USER_NS`).",
                "jfrog_research_severity": "High",
                "jfrog_research_severity_reasons": [
                    {
                        "name": "The CVE has an exploit published",
                        "is_positive": false
                    }
                ],
                "remediation": "##### Development upgrade\n\n- Upgrade the component to any of the suggested fixed versions.\n\n##### Development mitigation\nApply this [patch]( https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce) and build from source.\n\n##### Deployment mitigation\nSet /proc/sys/kernel/unprivileged_userns_clone to 0 - to prevent an attacker from mounting a long directory in user namespace.\n\nSet /proc/sys/kernel/unprivileged_bpf_disabled to 1 – to prevent an attacker from loading ebpf program into kernel.\n\nNote: these mitigations apply for the exploit that was detailed in the [technical writeup]( https://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html)\nbut might not be applicable for other techniques."
            }
        }
    ]
}