Description: Get specific content in a Violations report.
Since: 3.11
Security: Requires a user with the Manage Reports role.
Notes: For Xray version 3.21.2 and above with Projects, a Project Admin with Manage Security Assets privilege can get specific content in a Violations report. using this REST API in the scope of a project, by using the additional query parameter projectKey
.
Usage: POST /api/v1/reports/violations/{id}
Mandatory Pagination Parameters: You can order by
type
summary
severity
updated
impacted_artifact
path
vulnerable_component
cves
cvss2_max_score
cvss3_max_score
Sample Request
POST /api/v1/reports/violations?page_num=2&num_of_rows=10&order_by=field1&direction=asc
Sample Response
{ "total_rows": 6, "rows": [ { "type": "security", "vulnerable_component": "lodash", "impacted_artifact": "docker://docker-violations:latest", "path": "docker-local/docker-violations/latest/", "watch_id": "45b397d9097293612f5c037e", "watch_name": "HighVulnWatch", "summary": "Lodash Package for Node.js lodash.js baseSet() Function Prototype Pollution DoS", "policy_names": ["HighVuln"], "severity": "High", "package_type": "npm", "issue_id": "XRAY-121295", "updated": "2020-08-31T16:01:42.64+03:00", "published": "2020-01-01T00:00:00+03:00", "artifact_scan_time": "2020-01-01T00:00:00+03:00", "references": [], "cves": [ { "cvss_v2_score": 7.1, "cvss_v2_vector": "CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C" } ], "cvss2_max_score": 7.1, ] }, { "type": "license", "vulnerable_component": "gav://io.netty:netty-handler-proxy:4.1.48.Final", "impacted_artifact": "generic://sha256:06bde4ed74044d133fce9d596258ec57c7e42023df5e3e542209a488347eb340/jfrog-artifactory-oss-7.7.3-linux.tar.gz", "path": "generic-local/jfrog-artifactory-oss-7.7.3-linux.tar.gz", "watch_id": "4db8cec50cd846fd4de117c7", "watch_name": "AnyWatchLicense", "summary": "The Apache Software License, Version 2.0", "policy_names": ["BanApacheLicense2","BanApacheLicense"], "severity": "High", "package_type": "maven", "updated": "2020-09-03T22:11:09.865+03:00", "published": null, "artifact_scan_time": "1970-01-01T02:00:00+02:00", "references": [], "license_name": "Apache-2.0" }, ] }
Get Violations Report Content in Projects
POST /api/v1/reports/violations?page_num=2&num_of_rows=10&order_by=field1&direction=asc?projectKey=<project_key>