Get Violations

Xray REST APIs

Products
JFrog Xray
Content Type
REST API
ft:sourceType
Paligo

Description: Gets the Xray violations based on a set of search criteria

Notes:

  • Starting from Xray version 3.88.10 and above, the Get Violations REST API supports optional ordering direction and additional optional filters for resources, latest create time, CVE, and violation issue identifier.

  • Starting from Xray version 3.42.3, JFrog Security CVE Research and Enrichment data is supported. Important notes:JFrog Security CVE Research and Enrichment

    • The following fields are markdown texts

      • short_description

      • full_description

      • remediation

  • Extended information fields will not appear to Free Tier users

Security: Requires a user with Read permissions.

Usage: POST /api/v1/violations

Consumes: application/JSON

Produces: application/JSON

Path parameters: none

Query parameters:

Name

Type

Mandatory/Optional

Description

projectKey

string

Optional

When included the REST API response as if executed from the scope of a project

Request body:

Name

Type

Mandatory/Optional

Description

filters

Filters

Optional

Filtering parameters

pagination

Pagination

Optional

Pagination and sorting parameters

Filters

Name

Type

Mandatory/Optional

Description

name_contains

string

Optional

Filtering the results for those included in the requested string in the description property.

violation_type

string

Optional

Filtering by the response for specific violation type.

Valid values: Security, License, Operational_Risk

watch_name

string

Optional

Filtering the results for those generated from the selected watch. 

Default: Any watch.

min_severity

string

Optional

Filtering the results for those that their severity  is equal or higher than min_severity.

Valid values: Critical, High, Medium, Low, Information, Unknown

(Note:  the values are listed in descending severity order)

created_from

string

Optional

Filter for violations created as of this time. 

Valid value:  A timestamp in RFC 3339 format:

<YYYY-MM-DDTHH:MM:SSZ>, <YYYY-MM-DDTHH:MM:SS+HH:MM> or, <YYYY-MM-DDTHH:MM:SS-HH:MM>

created_until

string

Optional

Filter for violations created up to this time. 

Valid value:  A timestamp in RFC 3339 format:

<lYYYY-MM-DDTHH:MM:SSZ>, <YYYY-MM-DDTHH:MM:SS+HH:MM> or, <YYYY-MM-DDTHH:MM:SS-HH:MM>

resources

Resources

Optional

Filter for violations found in specific resources

issue_id

string

Optional

Filter for violations resulting from the requested Issue ID.

Valid values: strings representing the issue ID e.g:

XRAY-94620

EXP-1552-00002

GPL-3.0

b1670bb2d3438da6213ed386577fd755bc

b8fdf85cab594e6a3717b4f182b07b

cve_id

string

Optional

Filter for violations resulting from the requested CVE.

Valid values:  a CVE standard identifier format <CVE-YYYY-NNNNNN>

Pagination

Name

Type

Mandatory/Optional

Description

order_by

string

Optional

Sorting /ordering key

Valid values:  created, summary, severity, type, watcher_name, issue_id

Default: created

limit

string

Optional

An integer value representing the maximum number of items to include in the response.

Valid values: A positive integer greater than zero.

Default: 25

offset

string

Optional

A page offset to the requested page.  

Default: 1

direction

string

Optional

The direction by which to order the results (either ascending or descending).

Valid values: asc, desc

Default:

  • For ordering by Severity: desc

  • For all other asc

Resources

Name

Type

Mandatory/Optional

Description

artifacts

Array [Artifact]

Optional

The artifacts to be included in the scope of the filter

builds

Array [Build]

Optional

The builds to be included in the scope of the filter

release_bundles

Array [ReleaseBundle]

Optional

The release bundles to be included in the scope of the filter

release_bundels_v2

Array [ReleaseBundleV2]

Optional

The V2 release bundles to be included in the scope of the filter

Artifact

Name

Type

Mandatory/Optional

Description

repo

string

Mandatory

The name of the repository

path

string

Mandatory

Path including file name

Build

Name

Type

Mandatory/Optional

Description

name

string

Mandatory

The build name

number

string

Mandatory

The build number/version

project

string

Optional

The project key

ReleaseBundle

Name

Type

Mandatory/Optional

Description

name

string

Mandatory

The Release Bundle name

version

string

Mandatory

The Release Bundle version

ReleaseBundleV2

Name

Type

Mandatory/Optional

Description

name

string

Mandatory

The Release Bundle name

version

string

Mandatory

The Release Bundle version

project

string

Optional

The project key

Sample Request

{
  "filters": {
    "watch_name": "exmaple_watch",
    "violation_type": "Security",
    "min_severity": "High",
    "created_from": "2022-04-23T18:22:04-03:00",
    "created_until": "2023-04-23T18:22:04-03:00",
    "cve_id": "CVE-2019-17531",
    "resources": {
      "artifacts": [
        {
          "repo": "docker-local",
          "path": "desktop-storage/1.0/manifest.json"
        }
      ],
      "builds": [
        {
          "name": "docker-build",
          "number": "1",
          "project": "pkey"
        }
      ],
      "release_bundles": [
        {
          "name": "rb_example",
          "version": "1.3"
        }
      ],
      "release_bundles_v2": [
        {
          "name": "rb-v2-example",
          "version": "1.1",
          "project": "pkey"
        }
      ]
    }
  },
  "pagination": {
    "order_by": "created",
    "direction": "asc",
    "limit": 100,
    "offset": 1
  }
}

Operational Risk Sample Request

POST /api/v1/violations
{
    "filters": {
        "violation_type": "Operational_Risk",
        "watch_name": "watch",
        "min_severity": "Medium",
    },
    "pagination": {
        "order_by": "updated",
        "limit": 25,
        "offset": 1
    }
}

Sample response:

{
  "total_violations": 295,
  "violations": [
    {
      "description": "Amazon Digital Services License",
      "severity": "High",
      "type": "License",
      "infected_component": [
        "generic://sha256:72daef35b54f95a97e7da5ae2dd7cccecc71183788656083f35fdf6e0ca5a24f/opkg-4.3.54.jar"
      ],
      "created": "2018-05-29T17:30:49+03:00",
      "watch_name": "watch_license",
      "issue_id": "ADSL",
      "violation_details_url": "localhost:8000/api/v1/violations?watch_id=5b163b41ab1bdddbb2e16492&issue_id=XRAY-60763",
      "impacted_artifacts": [
        "arti1/libs-release-local/jfrog-artifactory-pro-5.9.0.zip"
      ]
    },
    {
      "description": "If a user of Commons-Email (typically an application programmer) passes unvalidated input as the so-called \"Bounce Address\", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated.",
      "severity": "Low",
      "type": "Security",
      "infected_component": [
        "gav://org.apache.commons:commons-email:1.1"
      ],
      "created": "2018-06-06T12:21:18+03:00",
      "watch_name": "all",
      "issue_id": "XRAY-60829",
      "violation_details_url": "localhost:8000/api/v1/violations?watch_id=5b163b41ab1bdddbb2e16492&issue_id=XRAY-60829",
      "impacted_artifacts": [
        "arti1/libs-release-local/jfrog-artifactory-pro-5.9.0.zip"
      ]
    }
  ]
}

CVE Research and Enrichment Sample Response

{
    "total_violations": 1,
    "violations": [{
            "description": "urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.",
            "severity": "Critical",
            "type": "Security",
            "infected_components": [
                "pypi://urllib3:1.22"
            ],
            "created": "2021-11-30T06:40:10+02:00",
            "watch_name": "MyFirstWatch",
            "issue_id": "XRAY-74787",
            "violation_details_url": "http://localhost:8046/xray/api/v1/violations?watch_id=7c64876c5e206011ed08ce25&issue_id=XRAY-74787&comp_id=build:%2F%2Fexample-build:3.10.0",
            "impacted_artifacts": [
                "default/builds/example-build"
            ],
            "extended_information": {
                "short_description": "An information leak in urllib3 can lead to authentication bypass via leaked HTTP authorization client credentials",
                "full_description": "urllib3 does not remove the `Authorization` HTTP header when following redirects (even cross-origin redirects, that differ in host, port, or scheme)\r\n\r\nThis issue can be exploited when a client is using `urllib3` and the following conditions apply:\r\n1. The client uses some kind of HTTP authorization (`Basic`, `Digest`, etc.)\r\n2. The client initially contacts an HTTPS server\r\n3. The HTTPS server redirects the client to a non-HTTP server\r\n4. The attacker can sniff the data between the client and the HTTP server (possibly by using a MitM attack)\r\n\r\nThe issue is not relevant if the client originally contacts an HTTP server, since the `Authorization` header can be sniffed by an attacker from the original connection, regardless of this CVE.\r\n\r\nRed Hat also updated the original CVSS analysis, which was downgraded to [7.5](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)",
                "jfrog_research_severity": "Medium",
                "jfrog_research_severity_reasons": [
                    {
                        "name": "The CVE can be remotely exploited",
                        "is_positive": false
                    },
                    {
                        "name": "The CVE has a published technical writeup",
                        "is_positive": false
                    },
                    {
                        "name": "The CVE has no exploit published",
                        "is_positive": true
                    },
                    {
                        "name": "The CVE has difficult prerequisites for exploitation",
                        "description": "See CVE details for more information",
                        "is_positive": true
                    },
                    {
                        "name": "The initial CVSS was disputed by Red Hat, and downgraded to 7.5",
                        "is_positive": true
                    }
                ]
            }
        }
    ]
}

Operational Risk Sample Response

{
  "total_violations": 1,
  "violations": [
    {
      "description": "Number of new versions and Version Age",
      "severity": "High",
      "type": "Operational_Risk",
      "infected_components": [
        "gav://joda-time:joda-time:2.9.9"
      ],
      "created": "2022-03-24T14:54:42+02:00",
      "watch_name": "OpRiskWatch",
      "issue_id": "1ea7a8e0904b4a6c1a837e8ab437e0892dd00ad203814f3b9edfd2a3d8be3b88",
      "violation_details_url": "http://test.jfrog.io/xray/api/v1/violations?watch_id=8d5a6d7364154c5c2455993a&issue_id=1ea7a8e0904b4a6c1a837e8ab437e0892dd00ad203814f3b9edfd2a3d8be3b88&comp_id=gav:%2F%2Forg.jruby:jruby-complete:9.2.0.0",
      "impacted_artifacts": [
        "default/generic-local/jruby-complete-9.2.0.0.jar"
      ],
      "applicability": null
    }
  ]
}      

Exposures Violations Sample Response

{
  "total_violations": 1,
  "violations": [
    {
      "description": "Number of new versions and Version Age",
      "severity": "High",
      "type": "Operational_Risk",
      "infected_components": [
        "gav://joda-time:joda-time:2.9.9"
      ],
      "created": "2022-03-24T14:54:42+02:00",
      "watch_name": "OpRiskWatch",
      "issue_id": "1ea7a8e0904b4a6c1a837e8ab437e0892dd00ad203814f3b9edfd2a3d8be3b88",
      "violation_details_url": "http://test.jfrog.io/xray/api/v1/violations?watch_id=8d5a6d7364154c5c2455993a&issue_id=1ea7a8e0904b4a6c1a837e8ab437e0892dd00ad203814f3b9edfd2a3d8be3b88&comp_id=gav:%2F%2Forg.jruby:jruby-complete:9.2.0.0",
      "impacted_artifacts": [
        "default/generic-local/jruby-complete-9.2.0.0.jar"
      ],
      "applicability": null
    }
  ]
}