Get Vulnerabilities Report Content

Xray REST APIs

Products
JFrog Xray
Content Type
REST API
ft:sourceType
Paligo

Description: Get specific content in a Vulnerabilities report.

Since: 3.8

Security: Requires a user with the Manage Reports role.

Notes: For Xray version 3.21.2 and above with Projects, a Project Admin with Manage Security Assets privilege can get specific content in a Vulnerabilities report. using this REST API in the scope of a project, by using the additional query parameter projectKey.

Usage: POST api/v1/reports/vulnerabilities/{id}}

Mandatory Pagination Parameters: You can order by

  • severity

  • published

  • cve

  • vulnerable_component

  • impacted_artifact

  • path

  • fixed_versions

  • package_type

  • provider

  • cvss2

  • cvss3

  • summary

Sample Request

POST .../api/v1/reports/vulnerabilities/21?direction=asc&page_num=2&num_of_rows=10&order_by=summary

Sample Response

{

"total_rows": 100,
"rows" :[
    {
        "cves" : [ 

        {
            "cve" : "CVE-2015-8902",
            "cvss_v2_score": 4.3,             
            "cvss_v2_vector": "CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "cvss_v3_score": 5.5,
            "cvss_v3_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"

        },

        {
            "cve" : "CVE-2016-8902",
            "cvss_v2_score": 5.3,
            "cvss_v2_vector": "CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "cvss_v3_score": 6.5,             
            "cvss_v3_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        }        
    ],
        "summary": "Algorithmic complexity vulnerability",
        "severity": "High",
        "vulnerable_component": "source",
        "impacted_artifact": "artifact",
        "path": "repo1/folder1/artifact",
        "fixed_versions": [
            "2.3",
            "2.4",            "2.5"

        ],
        "published": "1970-01-01T03:00:00+02:00",
        "issue_id": "XRAY-1234",
        "package_type": "maven",
        "provider": "JFrog",
        "description": "Algorithmic complexity vulnerability",
        "references": [
            "github.com",
            "nvd.com"
        ]

    }

]

}

Get Vulnerabilities Report Content in Projects

POST /api/v1/reports/vulnerabilities/21?direction=asc&page_num=2&num_of_rows=10&order_by=summary?projectKey=<project_key>