Get Violations Report Content

Xray REST APIs
Products
JFrog Xray
Content Type
REST API
ft:sourceType
Paligo

Description: Get specific content in a Violations report.

Since: 3.11

Security: Requires a user with the Manage Reports role.

Notes: For Xray version 3.21.2 and above with Projects, a Project Admin with Manage Security Assets privilege can get specific content in a Violations report. using this REST API in the scope of a project, by using the additional query parameter projectKey.

Usage: POST /api/v1/reports/violations/{id}

Mandatory Pagination Parameters: You can order by

  • type

  • summary

  • severity

  • updated

  • impacted_artifact

  • path

  • vulnerable_component

  • cves

  • cvss2_max_score

  • cvss3_max_score

Sample Request

POST /api/v1/reports/violations?page_num=2&num_of_rows=10&order_by=field1&direction=asc

Sample Response

{
    "total_rows": 6,
    "rows": [
        {
            "type": "security",
            "vulnerable_component": "lodash",
            "impacted_artifact": "docker://docker-violations:latest",
            "path": "docker-local/docker-violations/latest/",
            "watch_id": "45b397d9097293612f5c037e",
            "watch_name": "HighVulnWatch",
            "summary": "Lodash Package for Node.js lodash.js baseSet() Function Prototype Pollution DoS",
            "policy_names": ["HighVuln"],
            "severity": "High",
            "package_type": "npm",
            "issue_id": "XRAY-121295",
            "updated": "2020-08-31T16:01:42.64+03:00",
            "published": "2020-01-01T00:00:00+03:00",
            "artifact_scan_time": "2020-01-01T00:00:00+03:00",
            "references": [],
            "cves": [
                {
                    "cvss_v2_score": 7.1,
                    "cvss_v2_vector": "CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C"
                }
            ],
            "cvss2_max_score": 7.1,
            ]
        },
        {
           "type": "license",
           "vulnerable_component": "gav://io.netty:netty-handler-proxy:4.1.48.Final",
           "impacted_artifact": "generic://sha256:06bde4ed74044d133fce9d596258ec57c7e42023df5e3e542209a488347eb340/jfrog-artifactory-oss-7.7.3-linux.tar.gz",
           "path": "generic-local/jfrog-artifactory-oss-7.7.3-linux.tar.gz",
           "watch_id": "4db8cec50cd846fd4de117c7",
           "watch_name": "AnyWatchLicense",
           "summary": "The Apache Software License, Version 2.0",
           "policy_names": ["BanApacheLicense2","BanApacheLicense"],
           "severity": "High",
           "package_type": "maven",
           "updated": "2020-09-03T22:11:09.865+03:00",
           "published": null,
           "artifact_scan_time": "1970-01-01T02:00:00+02:00",
           "references": [],
           "license_name": "Apache-2.0"
       },
    ]
}

Get Violations Report Content in Projects

POST /api/v1/reports/violations?page_num=2&num_of_rows=10&order_by=field1&direction=asc?projectKey=<project_key>