Description: Gets the Xray violations based on a set of search criteria
Notes:
Starting from Xray version 3.88.10 and above, the Get Violations REST API supports optional ordering direction and additional optional filters for resources, latest create time, CVE, and violation issue identifier.
Starting from Xray version 3.42.3, JFrog Security CVE Research and Enrichment data is supported. Important notes:
The following fields are markdown texts
short_description
full_description
remediation
Extended information fields will not appear to Free Tier users
Security: Requires a user with Read permissions.
Usage: POST /api/v1/violations
Consumes: application/JSON
Produces: application/JSON
Path parameters: none
Query parameters:
Name | Type | Mandatory/Optional | Description |
---|---|---|---|
projectKey | string | Optional | When included the REST API response as if executed from the scope of a project |
Request body:
Name | Type | Mandatory/Optional | Description |
---|---|---|---|
| Filters | Optional | Filtering parameters |
| Pagination | Optional | Pagination and sorting parameters |
Filters
Name | Type | Mandatory/Optional | Description |
---|---|---|---|
| string | Optional | Filtering the results for those included in the requested string in the |
| string | Optional | Filtering by the response for specific violation type. Valid values: |
| string | Optional | Filtering the results for those generated from the selected watch. Default: Any watch. |
| string | Optional | Filtering the results for those that their Valid values: (Note: the values are listed in descending severity order) |
| string | Optional | Filter for violations created as of this time. Valid value: A timestamp in RFC 3339 format: <YYYY-MM-DDTHH:MM:SSZ>, <YYYY-MM-DDTHH:MM:SS+HH:MM> or, <YYYY-MM-DDTHH:MM:SS-HH:MM> |
| string | Optional | Filter for violations created up to this time. Valid value: A timestamp in RFC 3339 format: <lYYYY-MM-DDTHH:MM:SSZ>, <YYYY-MM-DDTHH:MM:SS+HH:MM> or, <YYYY-MM-DDTHH:MM:SS-HH:MM> |
| Resources | Optional | Filter for violations found in specific resources |
| string | Optional | Filter for violations resulting from the requested Issue ID. Valid values: strings representing the issue ID e.g:
|
| string | Optional | Filter for violations resulting from the requested CVE. Valid values: a CVE standard identifier format <CVE-YYYY-NNNNNN> |
Pagination
Name | Type | Mandatory/Optional | Description |
---|---|---|---|
| string | Optional | Sorting /ordering key Valid values: Default: |
| string | Optional | An integer value representing the maximum number of items to include in the response. Valid values: A positive integer greater than zero. Default: 25 |
| string | Optional | A page offset to the requested page. Default: 1 |
| string | Optional | The direction by which to order the results (either ascending or descending). Valid values: Default:
|
Resources
Name | Type | Mandatory/Optional | Description |
---|---|---|---|
| Array [Artifact] | Optional | The artifacts to be included in the scope of the filter |
| Array [Build] | Optional | The builds to be included in the scope of the filter |
| Array [ReleaseBundle] | Optional | The release bundles to be included in the scope of the filter |
| Array [ReleaseBundleV2] | Optional | The V2 release bundles to be included in the scope of the filter |
Artifact
Name | Type | Mandatory/Optional | Description |
---|---|---|---|
| string | Mandatory | The name of the repository |
| string | Mandatory | Path including file name |
Build
Name | Type | Mandatory/Optional | Description |
---|---|---|---|
| string | Mandatory | The build name |
| string | Mandatory | The build number/version |
| string | Optional | The project key |
ReleaseBundle
Name | Type | Mandatory/Optional | Description |
---|---|---|---|
| string | Mandatory | The Release Bundle name |
| string | Mandatory | The Release Bundle version |
ReleaseBundleV2
Name | Type | Mandatory/Optional | Description |
---|---|---|---|
| string | Mandatory | The Release Bundle name |
| string | Mandatory | The Release Bundle version |
| string | Optional | The project key |
Sample Request
{ "filters": { "watch_name": "exmaple_watch", "violation_type": "Security", "min_severity": "High", "created_from": "2022-04-23T18:22:04-03:00", "created_until": "2023-04-23T18:22:04-03:00", "cve_id": "CVE-2019-17531", "resources": { "artifacts": [ { "repo": "docker-local", "path": "desktop-storage/1.0/manifest.json" } ], "builds": [ { "name": "docker-build", "number": "1", "project": "pkey" } ], "release_bundles": [ { "name": "rb_example", "version": "1.3" } ], "release_bundles_v2": [ { "name": "rb-v2-example", "version": "1.1", "project": "pkey" } ] } }, "pagination": { "order_by": "created", "direction": "asc", "limit": 100, "offset": 1 } }
Operational Risk Sample Request
POST /api/v1/violations { "filters": { "violation_type": "Operational_Risk", "watch_name": "watch", "min_severity": "Medium", }, "pagination": { "order_by": "updated", "limit": 25, "offset": 1 } }
Sample response:
{ "total_violations": 295, "violations": [ { "description": "Amazon Digital Services License", "severity": "High", "type": "License", "infected_component": [ "generic://sha256:72daef35b54f95a97e7da5ae2dd7cccecc71183788656083f35fdf6e0ca5a24f/opkg-4.3.54.jar" ], "created": "2018-05-29T17:30:49+03:00", "watch_name": "watch_license", "issue_id": "ADSL", "violation_details_url": "localhost:8000/api/v1/violations?watch_id=5b163b41ab1bdddbb2e16492&issue_id=XRAY-60763", "impacted_artifacts": [ "arti1/libs-release-local/jfrog-artifactory-pro-5.9.0.zip" ] }, { "description": "If a user of Commons-Email (typically an application programmer) passes unvalidated input as the so-called \"Bounce Address\", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated.", "severity": "Low", "type": "Security", "infected_component": [ "gav://org.apache.commons:commons-email:1.1" ], "created": "2018-06-06T12:21:18+03:00", "watch_name": "all", "issue_id": "XRAY-60829", "violation_details_url": "localhost:8000/api/v1/violations?watch_id=5b163b41ab1bdddbb2e16492&issue_id=XRAY-60829", "impacted_artifacts": [ "arti1/libs-release-local/jfrog-artifactory-pro-5.9.0.zip" ] } ] }
CVE Research and Enrichment Sample Response
{ "total_violations": 1, "violations": [{ "description": "urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.", "severity": "Critical", "type": "Security", "infected_components": [ "pypi://urllib3:1.22" ], "created": "2021-11-30T06:40:10+02:00", "watch_name": "MyFirstWatch", "issue_id": "XRAY-74787", "violation_details_url": "http://localhost:8046/xray/api/v1/violations?watch_id=7c64876c5e206011ed08ce25&issue_id=XRAY-74787&comp_id=build:%2F%2Fexample-build:3.10.0", "impacted_artifacts": [ "default/builds/example-build" ], "extended_information": { "short_description": "An information leak in urllib3 can lead to authentication bypass via leaked HTTP authorization client credentials", "full_description": "urllib3 does not remove the `Authorization` HTTP header when following redirects (even cross-origin redirects, that differ in host, port, or scheme)\r\n\r\nThis issue can be exploited when a client is using `urllib3` and the following conditions apply:\r\n1. The client uses some kind of HTTP authorization (`Basic`, `Digest`, etc.)\r\n2. The client initially contacts an HTTPS server\r\n3. The HTTPS server redirects the client to a non-HTTP server\r\n4. The attacker can sniff the data between the client and the HTTP server (possibly by using a MitM attack)\r\n\r\nThe issue is not relevant if the client originally contacts an HTTP server, since the `Authorization` header can be sniffed by an attacker from the original connection, regardless of this CVE.\r\n\r\nRed Hat also updated the original CVSS analysis, which was downgraded to [7.5](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)", "jfrog_research_severity": "Medium", "jfrog_research_severity_reasons": [ { "name": "The CVE can be remotely exploited", "is_positive": false }, { "name": "The CVE has a published technical writeup", "is_positive": false }, { "name": "The CVE has no exploit published", "is_positive": true }, { "name": "The CVE has difficult prerequisites for exploitation", "description": "See CVE details for more information", "is_positive": true }, { "name": "The initial CVSS was disputed by Red Hat, and downgraded to 7.5", "is_positive": true } ] } } ] }
Operational Risk Sample Response
{ "total_violations": 1, "violations": [ { "description": "Number of new versions and Version Age", "severity": "High", "type": "Operational_Risk", "infected_components": [ "gav://joda-time:joda-time:2.9.9" ], "created": "2022-03-24T14:54:42+02:00", "watch_name": "OpRiskWatch", "issue_id": "1ea7a8e0904b4a6c1a837e8ab437e0892dd00ad203814f3b9edfd2a3d8be3b88", "violation_details_url": "http://test.jfrog.io/xray/api/v1/violations?watch_id=8d5a6d7364154c5c2455993a&issue_id=1ea7a8e0904b4a6c1a837e8ab437e0892dd00ad203814f3b9edfd2a3d8be3b88&comp_id=gav:%2F%2Forg.jruby:jruby-complete:9.2.0.0", "impacted_artifacts": [ "default/generic-local/jruby-complete-9.2.0.0.jar" ], "applicability": null } ] }
Exposures Violations Sample Response
{ "total_violations": 1, "violations": [ { "description": "Number of new versions and Version Age", "severity": "High", "type": "Operational_Risk", "infected_components": [ "gav://joda-time:joda-time:2.9.9" ], "created": "2022-03-24T14:54:42+02:00", "watch_name": "OpRiskWatch", "issue_id": "1ea7a8e0904b4a6c1a837e8ab437e0892dd00ad203814f3b9edfd2a3d8be3b88", "violation_details_url": "http://test.jfrog.io/xray/api/v1/violations?watch_id=8d5a6d7364154c5c2455993a&issue_id=1ea7a8e0904b4a6c1a837e8ab437e0892dd00ad203814f3b9edfd2a3d8be3b88&comp_id=gav:%2F%2Forg.jruby:jruby-complete:9.2.0.0", "impacted_artifacts": [ "default/generic-local/jruby-complete-9.2.0.0.jar" ], "applicability": null } ] }