Description: Get specific content in a Vulnerabilities report.
Since: 3.8
Security: Requires a user with the Manage Reports role.
Notes: For Xray version 3.21.2 and above with Projects, a Project Admin with Manage Security Assets privilege can get specific content in a Vulnerabilities report. using this REST API in the scope of a project, by using the additional query parameter projectKey
.
Usage: POST api/v1/reports/vulnerabilities/{id}}
Mandatory Pagination Parameters: You can order by
severity
published
cve
vulnerable_component
impacted_artifact
path
fixed_versions
package_type
provider
cvss2
cvss3
summary
Sample Request
POST .../api/v1/reports/vulnerabilities/21?direction=asc&page_num=2&num_of_rows=10&order_by=summary
Sample Response
{ "total_rows": 100, "rows" :[ { "cves" : [ { "cve" : "CVE-2015-8902", "cvss_v2_score": 4.3, "cvss_v2_vector": "CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3_score": 5.5, "cvss_v3_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "cve" : "CVE-2016-8902", "cvss_v2_score": 5.3, "cvss_v2_vector": "CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3_score": 6.5, "cvss_v3_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "summary": "Algorithmic complexity vulnerability", "severity": "High", "vulnerable_component": "source", "impacted_artifact": "artifact", "path": "repo1/folder1/artifact", "fixed_versions": [ "2.3", "2.4", "2.5" ], "published": "1970-01-01T03:00:00+02:00", "issue_id": "XRAY-1234", "package_type": "maven", "provider": "JFrog", "description": "Algorithmic complexity vulnerability", "references": [ "github.com", "nvd.com" ] } ] }
Get Vulnerabilities Report Content in Projects
POST /api/v1/reports/vulnerabilities/21?direction=asc&page_num=2&num_of_rows=10&order_by=summary?projectKey=<project_key>