Description: Get specific content in a Vulnerabilities report.
Since: 3.8
Security: Requires a user with the Manage Reports role.
Notes: For Xray version 3.21.2 and above with Projects, a Project Admin with Manage Security Assets privilege can get specific content in a Vulnerabilities report. using this REST API in the scope of a project, by using the additional query parameter projectKey.
Usage: POST api/v1/reports/vulnerabilities/{id}}
Mandatory Pagination Parameters: You can order by
severity
published
cve
vulnerable_component
impacted_artifact
path
fixed_versions
package_type
provider
cvss2
cvss3
summary
Sample Request
POST .../api/v1/reports/vulnerabilities/21?direction=asc&page_num=2&num_of_rows=10&order_by=summary
Sample Response
{
"total_rows": 100,
"rows" :[
{
"cves" : [
{
"cve" : "CVE-2015-8902",
"cvss_v2_score": 4.3,
"cvss_v2_vector": "CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P",
"cvss_v3_score": 5.5,
"cvss_v3_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
},
{
"cve" : "CVE-2016-8902",
"cvss_v2_score": 5.3,
"cvss_v2_vector": "CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P",
"cvss_v3_score": 6.5,
"cvss_v3_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
}
],
"summary": "Algorithmic complexity vulnerability",
"severity": "High",
"vulnerable_component": "source",
"impacted_artifact": "artifact",
"path": "repo1/folder1/artifact",
"fixed_versions": [
"2.3",
"2.4", "2.5"
],
"published": "1970-01-01T03:00:00+02:00",
"issue_id": "XRAY-1234",
"package_type": "maven",
"provider": "JFrog",
"description": "Algorithmic complexity vulnerability",
"references": [
"github.com",
"nvd.com"
]
}
]
}Get Vulnerabilities Report Content in Projects
POST /api/v1/reports/vulnerabilities/21?direction=asc&page_num=2&num_of_rows=10&order_by=summary?projectKey=<project_key>