Search Impacted Resources by Package Version

Xray REST APIs
Products
JFrog Xray
Content Type
REST API

Description: Search all resources (artifacts) that include a specific package version.

Since: 3.130

Applicable Environment: JFrog Cloud,  JFrog Self-Hosted

Security: REPORTS_MANAGER

UsageGET /api/v2/search/impactedResources/PkgVersion

Consumes:  application/json

Produces:  application/json

Query parameters:

Name

Type

Required/Optional

Default

Description

pkg_version_name

string

required

The name of the package to search for.

pkg_version_type

string

required

The type of package (e.g., maven, npm, docker, etc.).

version

string

required

The version of the package.

ecosystem

string

optional

generic

The ecosystem of the package.

namespace

string

optional

public

The namespace of the package.

limit

int

optional

1000

The number of resources to return.

Max: 10,000

last_key

string

optional

Cursor for pagination from the previous response.

Note: Preserve the original query parameters when using last_key.

Response body:

Name

Type

Description

result

ResultObject[]

Response results.

last_key

string

Pagination cursor for the next page. Empty or absent when there are no more results.

ResultObject:

Name

Type

Description

type

string

Type of impacted resource (e.g., artifact, docker).

name

string

Resource name or manifest file.

path

string

Path to the resource.

repo

string

Repository name.

version

string

Resource version (if applicable).

artifact_name

string

Artifact file name.

artifact_pkg_version

object

Details of the artifact’s own package version (type, name, namespace, version, ecosystem).

scan_date

timestamp

RFC 3339 timestamp when the resource was scanned.

impacted_pkg_version

object

Details of the searched package version (type, name, version, ecosystem).

Response Codes:

Status Code

Description

200

OK

400

Bad request - Invalid filter params

403

Permission denied

500

Internal server error

Sample Request:

curl -X GET "https://your-xray-instance/api/v2/search/impactedResources/PkgVersion?pkg_version_name=org.apache.tomcat:tomcat-catalina&pkg_version_type=maven&version=8.5.45" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json"

Sample Response:

200 OK
{
  "result": [
    {
      "type": "artifact",
      "name": "my-app-1.0.0.jar",
      "path": "/path/to/artifact",
      "repo": "maven-releases",
      "version": "1.0.0",
      "artifact_name": "my-app",
      "artifact_pkg_version": {
        "type": "maven",
        "name": "com.example:my-app",
        "namespace": "public",
        "version": "1.0.0",
        "ecosystem": "generic"
      },
      "scan_date": "2024-01-15T10:30:00Z",
      "impacted_pkg_version": {
        "type": "maven",
        "name": "org.apache.tomcat:tomcat-catalina",
        "namespace": "public",
        "version": "8.5.45",
        "ecosystem": "generic"
      }
    }
  ],
  "last_key": "<pagination_cursor>"
}