Description: Gets the Xray violations based on a set of search criteria
Notes: Starting from Xray version 3.42.3, JFrog Security CVE Research and Enrichment data is supported. Important notes:
The following fields are markdown texts
short_description
full_description
remediation
Extended information fields will not appear to Free Tier users.
Security: Requires a user with Read permissions.
Usage: POST /api/v1/violations
Consumes: application/JSON
Produces: application/JSON
Path parameters: none
Query parameters:
Name | Type | Mandatory/Optional | Description |
|---|---|---|---|
projectKey | string | Optional | When included the REST API response as if executed from the scope of a project |
Request body:
Name | Type | Mandatory/Optional | Description |
|---|---|---|---|
| Filters | Optional | Filtering parameters |
| Pagination | Optional | Pagination and sorting parameters |
Filters
Name | Type | Mandatory/Optional | Description |
|---|---|---|---|
| string | Optional | Filtering the results for those included in the requested string in the |
| string | Optional | Filtering by the response for specific violation type. Valid values: |
| string | Optional | Filtering the results for those generated from the selected watch. Default: Any watch. |
| string | Optional | Filtering the results for those that their Valid values: (Note: the values are listed in descending severity order) |
| string | Optional | Filter for violations created as of this time. Valid value: A timestamp in RFC 3339 format: <YYYY-MM-DDTHH:MM:SSZ>, <YYYY-MM-DDTHH:MM:SS+HH:MM> or, <YYYY-MM-DDTHH:MM:SS-HH:MM> |
| string | Optional | Filter for violations created up to this time. Valid value: A timestamp in RFC 3339 format: <lYYYY-MM-DDTHH:MM:SSZ>, <YYYY-MM-DDTHH:MM:SS+HH:MM> or, <YYYY-MM-DDTHH:MM:SS-HH:MM> |
| Resources | Optional | Filter for violations found in specific resources |
| string | Optional | Filter for violations resulting from the requested Issue ID. Valid values: strings representing the issue ID e.g:
|
| string | Optional | Filter for violations resulting from the requested CVE. Valid values: a CVE standard identifier format <CVE-YYYY-NNNNNN> |
Pagination
Name | Type | Mandatory/Optional | Description |
|---|---|---|---|
| string | Optional | Sorting /ordering key Valid values: Default: |
| string | Optional | An integer value representing the maximum number of items to include in the response. Valid values: A positive integer greater than zero. Default: 25 |
| string | Optional | A page offset to the requested page. Default: 1 |
| string | Optional | The direction by which to order the results (either ascending or descending). Valid values: Default:
|
Resources
Name | Type | Mandatory/Optional | Description |
|---|---|---|---|
| Array [Artifact] | Optional | The artifacts to be included in the scope of the filter |
| Array [Build] | Optional | The builds to be included in the scope of the filter |
| Array [ReleaseBundle] | Optional | The release bundles to be included in the scope of the filter |
| Array [ReleaseBundleV2] | Optional | The V2 release bundles to be included in the scope of the filter |
Artifact
Name | Type | Mandatory/Optional | Description |
|---|---|---|---|
| string | Mandatory | The name of the repository |
| string | Mandatory | Path including file name |
Build
Name | Type | Mandatory/Optional | Description |
|---|---|---|---|
| string | Mandatory | The build name |
| string | Mandatory | The build number/version |
| string | Optional | The project key |
ReleaseBundle
Name | Type | Mandatory/Optional | Description |
|---|---|---|---|
| string | Mandatory | The Release Bundle name |
| string | Mandatory | The Release Bundle version |
ReleaseBundleV2
Name | Type | Mandatory/Optional | Description |
|---|---|---|---|
| string | Mandatory | The Release Bundle name |
| string | Mandatory | The Release Bundle version |
| string | Optional | The project key |
Sample Request
{
"filters": {
"watch_name": "exmaple_watch",
"violation_type": "Security",
"min_severity": "High",
"created_from": "2022-04-23T18:22:04-03:00",
"created_until": "2023-04-23T18:22:04-03:00",
"cve_id": "CVE-2019-17531",
"resources": {
"artifacts": [
{
"repo": "docker-local",
"path": "desktop-storage/1.0/manifest.json"
}
],
"builds": [
{
"name": "docker-build",
"number": "1",
"project": "pkey"
}
],
"release_bundles": [
{
"name": "rb_example",
"version": "1.3"
}
],
"release_bundles_v2": [
{
"name": "rb-v2-example",
"version": "1.1",
"project": "pkey"
}
]
}
},
"pagination": {
"order_by": "created",
"direction": "asc",
"limit": 100,
"offset": 1
}
}
Operational Risk Sample Request
POST /api/v1/violations
{
"filters": {
"violation_type": "Operational_Risk",
"watch_name": "watch",
"min_severity": "Medium",
},
"pagination": {
"order_by": "updated",
"limit": 25,
"offset": 1
}
}Sample response:
{
"total_violations": 295,
"violations": [
{
"description": "Amazon Digital Services License",
"severity": "High",
"type": "License",
"infected_component": [
"generic://sha256:72daef35b54f95a97e7da5ae2dd7cccecc71183788656083f35fdf6e0ca5a24f/opkg-4.3.54.jar"
],
"created": "2018-05-29T17:30:49+03:00",
"watch_name": "watch_license",
"issue_id": "ADSL",
"violation_details_url": "localhost:8000/api/v1/violations?watch_id=5b163b41ab1bdddbb2e16492&issue_id=XRAY-60763",
"impacted_artifacts": [
"arti1/libs-release-local/jfrog-artifactory-pro-5.9.0.zip"
]
},
{
"description": "If a user of Commons-Email (typically an application programmer) passes unvalidated input as the so-called \"Bounce Address\", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated.",
"severity": "Low",
"type": "Security",
"infected_component": [
"gav://org.apache.commons:commons-email:1.1"
],
"created": "2018-06-06T12:21:18+03:00",
"watch_name": "all",
"issue_id": "XRAY-60829",
"violation_details_url": "localhost:8000/api/v1/violations?watch_id=5b163b41ab1bdddbb2e16492&issue_id=XRAY-60829",
"impacted_artifacts": [
"arti1/libs-release-local/jfrog-artifactory-pro-5.9.0.zip"
]
}
]
}CVE Research and Enrichment Sample Response
{
"total_violations": 1,
"violations": [{
"description": "urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.",
"severity": "Critical",
"type": "Security",
"infected_components": [
"pypi://urllib3:1.22"
],
"created": "2021-11-30T06:40:10+02:00",
"watch_name": "MyFirstWatch",
"issue_id": "XRAY-74787",
"violation_details_url": "http://localhost:8046/xray/api/v1/violations?watch_id=7c64876c5e206011ed08ce25&issue_id=XRAY-74787&comp_id=build:%2F%2Fexample-build:3.10.0",
"impacted_artifacts": [
"default/builds/example-build"
],
"extended_information": {
"short_description": "An information leak in urllib3 can lead to authentication bypass via leaked HTTP authorization client credentials",
"full_description": "urllib3 does not remove the `Authorization` HTTP header when following redirects (even cross-origin redirects, that differ in host, port, or scheme)\r\n\r\nThis issue can be exploited when a client is using `urllib3` and the following conditions apply:\r\n1. The client uses some kind of HTTP authorization (`Basic`, `Digest`, etc.)\r\n2. The client initially contacts an HTTPS server\r\n3. The HTTPS server redirects the client to a non-HTTP server\r\n4. The attacker can sniff the data between the client and the HTTP server (possibly by using a MitM attack)\r\n\r\nThe issue is not relevant if the client originally contacts an HTTP server, since the `Authorization` header can be sniffed by an attacker from the original connection, regardless of this CVE.\r\n\r\nRed Hat also updated the original CVSS analysis, which was downgraded to [7.5](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)",
"jfrog_research_severity": "Medium",
"jfrog_research_severity_reasons": [
{
"name": "The CVE can be remotely exploited",
"is_positive": false
},
{
"name": "The CVE has a published technical writeup",
"is_positive": false
},
{
"name": "The CVE has no exploit published",
"is_positive": true
},
{
"name": "The CVE has difficult prerequisites for exploitation",
"description": "See CVE details for more information",
"is_positive": true
},
{
"name": "The initial CVSS was disputed by Red Hat, and downgraded to 7.5",
"is_positive": true
}
]
}
}
]
}Operational Risk Sample Response
{
"total_violations": 1,
"violations": [
{
"description": "Number of new versions and Version Age",
"severity": "High",
"type": "Operational_Risk",
"infected_components": [
"gav://joda-time:joda-time:2.9.9"
],
"created": "2022-03-24T14:54:42+02:00",
"watch_name": "OpRiskWatch",
"issue_id": "1ea7a8e0904b4a6c1a837e8ab437e0892dd00ad203814f3b9edfd2a3d8be3b88",
"violation_details_url": "http://test.jfrog.io/xray/api/v1/violations?watch_id=8d5a6d7364154c5c2455993a&issue_id=1ea7a8e0904b4a6c1a837e8ab437e0892dd00ad203814f3b9edfd2a3d8be3b88&comp_id=gav:%2F%2Forg.jruby:jruby-complete:9.2.0.0",
"impacted_artifacts": [
"default/generic-local/jruby-complete-9.2.0.0.jar"
],
"applicability": null
}
]
} Exposures Violations Sample Response
{
"total_violations": 1,
"violations": [
{
"description": "Number of new versions and Version Age",
"severity": "High",
"type": "Operational_Risk",
"infected_components": [
"gav://joda-time:joda-time:2.9.9"
],
"created": "2022-03-24T14:54:42+02:00",
"watch_name": "OpRiskWatch",
"issue_id": "1ea7a8e0904b4a6c1a837e8ab437e0892dd00ad203814f3b9edfd2a3d8be3b88",
"violation_details_url": "http://test.jfrog.io/xray/api/v1/violations?watch_id=8d5a6d7364154c5c2455993a&issue_id=1ea7a8e0904b4a6c1a837e8ab437e0892dd00ad203814f3b9edfd2a3d8be3b88&comp_id=gav:%2F%2Forg.jruby:jruby-complete:9.2.0.0",
"impacted_artifacts": [
"default/generic-local/jruby-complete-9.2.0.0.jar"
],
"applicability": null
}
]
}