Description: Search resources (Artifacts, Builds, and Release bundles) based on vulnerability and package.
Since: 3.101.5
Applicable Environment: JFrog Cloud, JFrog Self-Hosted
Security: Admin only
Usage:
POST /xray/api/v2/search/artifacts
POST /xray/api/v2/search/builds
POST /xray/api/v2/search/bundles
Consumes: application/json
Produces: application/json
Query parameters:
Name | Type | Required/Optional | Description |
---|---|---|---|
| int | optional | The list number of resources. Default = 10 Valid Values = 1,…,1000 |
| string | optional | A representation of the latest resource returned by the REST API. Note: The original query parameters and body must be preserved when using the last_key query parameter. Default = ““ (empty string) |
| string | optional | Valid Values: name/version/scan_date default: scan_date For Artifacts, you can order by package_type as well. |
| string | optional | Valid Values: ASC/DESC Default - ASC |
Request body:
Name | Type | Required/Optional | Description |
---|---|---|---|
|
| required | Search filters |
FiltersObject:
Name | Type | Required/Optional | Description |
---|---|---|---|
| string | required | Filter by CVE-ID/XRAY-ID Either |
| string | required | Filter by component ID Either |
| string | optional | Filter by name (exact match) |
| string | optional | Filter by version (exact match) |
| string | optional | Filter by path (exact match) |
| timestamp | optional | Filter resources that were created after the specified date |
| timestamp | optional | Filter resources that were created before the specified date |
| string | optional | Filter by the package type of the artifact. Available only for artifacts resources. Valid values:
|
Response body:
Name | Type | Description |
---|---|---|
|
| Response result |
ResultObject:
Name | Type | Description |
---|---|---|
| string | Resource name |
| string | Resource version |
| string | The path of the resource |
| timestamp | The scan date of the resource |
| string | Package type:
|
|
| The package that contains the vulnerability or component ID. |
| string | Representation of the last resource returned to the client. |
AffectedInfoObject:
Name | Type | Description |
---|---|---|
| string | The name of the artifact that introduced the vulnerability/component |
| string | The type of the artifact that introduced the vulnerability/component |
| string | The version of the artifact that introduced the vulnerability/component |
| string | The xray-id of the vulnerability |
| string | The cve-id of the vulnerability |
| string | The resource path |
| string | The artifact introduced the vulnerability. Only applicable for builds and bundles resources. |
Response Codes:
Status Code | Description |
---|---|
200 | OK |
400 | Bad request - Required fields are missing |
403 | Permission denied |
404 | Not found |
500 | Internal server error |
Sample Request:
POST /xray/api/v2/search/artifacts?limit=2&order_by=version&direction=DESC HTTP/1.1 Host: <Host name> Content-Type: application/json Content-Length: <calculated content length> { "filters": { "vulnerability": "XRAY-198072", "type": "docker", "version": "latest", "last_key": "CEAmGToBBBcdF1ZlHU0CLRECExsXRUlAXV1tR0hTRUhEZjJfSmVNXEhYWElDVVZeakA_QV5HBzoFABw7GR0LS1RFR1dcCW8QA1NfUEI7AEJGbxtXXwtYUERPDQxnEVEBQVVDOVQOUCJUTSIIHAYeEU1XJFEJCh8MAH1cXV59Fx0WDBw4ERtNV30ABgIcOhA-EgpQc1oLGxsLBAcLAAN9SUciISZWc0QJADAVMAEKDwksBg4ZOlFfQUJVRG5LX0NySF4mWV5dQ1JVXW8pR09QERsAFQwTMScLEx0LRUlAX11vQkhTQ0hEbjJfQmVIX0hZXj1RTk0bKh8LBgAEFjYKBgYmWlVQKjgiXlBfXGdeV1NHVUJ9Sk0xCT0mNhpMXShALDsaXldTQ11ZbVZaQmlaMg8U" } }
Sample Response:
200 OK { "result": [ { "name": "debian", "version": "latest", "path": "docker/debian/latest/manifest.json", "last_scan_date": "2024-07-15T17:15:44.390611+03:00", "package_type": "docker", "affected_info": [ { "name": "debian:bookworm:mount", "type": "deb", "version": "2.38.1-5+deb12u1", "xray_id": "XRAY-198072", "cve_ids": [ "CVE-2022-0563" ], "paths": [ "sha256__60bdaf986dbe787297bb85c9f6a28d13ea7b9608b95206ef7ce6cdea50cd5505.tar.gz", "mount:2.38.1-5+deb12u1" ] }, { "name": "debian:bookworm:util-linux-extra", "type": "deb", "version": "2.38.1-5+deb12u1", "xray_id": "XRAY-198072", "cve_ids": [ "CVE-2022-0563" ], "paths": [ "sha256__60bdaf986dbe787297bb85c9f6a28d13ea7b9608b95206ef7ce6cdea50cd5505.tar.gz", "util-linux-extra:2.38.1-5+deb12u1" ] }, { "name": "debian:bookworm:util-linux", "type": "deb", "version": "2.38.1-5+deb12u1", "xray_id": "XRAY-198072", "cve_ids": [ "CVE-2022-0563" ], "paths": [ "sha256__60bdaf986dbe787297bb85c9f6a28d13ea7b9608b95206ef7ce6cdea50cd5505.tar.gz", "util-linux:2.38.1-5+deb12u1" ] }, { "name": "debian:bookworm:libmount1", "type": "deb", "version": "2.38.1-5+deb12u1", "xray_id": "XRAY-198072", "cve_ids": [ "CVE-2022-0563" ], "paths": [ "sha256__60bdaf986dbe787297bb85c9f6a28d13ea7b9608b95206ef7ce6cdea50cd5505.tar.gz", "libmount1:2.38.1-5+deb12u1" ] }, { "name": "debian:bookworm:libsmartcols1", "type": "deb", "version": "2.38.1-5+deb12u1", "xray_id": "XRAY-198072", "cve_ids": [ "CVE-2022-0563" ], "paths": [ "sha256__60bdaf986dbe787297bb85c9f6a28d13ea7b9608b95206ef7ce6cdea50cd5505.tar.gz", "libsmartcols1:2.38.1-5+deb12u1" ] }, { "name": "debian:bookworm:libblkid1", "type": "deb", "version": "2.38.1-5+deb12u1", "xray_id": "XRAY-198072", "cve_ids": [ "CVE-2022-0563" ], "paths": [ "sha256__60bdaf986dbe787297bb85c9f6a28d13ea7b9608b95206ef7ce6cdea50cd5505.tar.gz", "libblkid1:2.38.1-5+deb12u1" ] }, { "name": "debian:bookworm:bsdutils", "type": "deb", "version": "1:2.38.1-5+deb12u1", "xray_id": "XRAY-198072", "cve_ids": [ "CVE-2022-0563" ], "paths": [ "sha256__60bdaf986dbe787297bb85c9f6a28d13ea7b9608b95206ef7ce6cdea50cd5505.tar.gz", "bsdutils:1:2.38.1-5+deb12u1" ] }, { "name": "debian:bookworm:libuuid1", "type": "deb", "version": "2.38.1-5+deb12u1", "xray_id": "XRAY-198072", "cve_ids": [ "CVE-2022-0563" ], "paths": [ "sha256__60bdaf986dbe787297bb85c9f6a28d13ea7b9608b95206ef7ce6cdea50cd5505.tar.gz", "libuuid1:2.38.1-5+deb12u1" ] } ] } ], "last_key": "CEAmGToBBBcdF1ZlHU0CLRECExsXRUlAAwwrFhYXUElWLAMMHTEcDgAQTF1RBF1Vb0RRARZIRW5fDV9rQAkWRFdRRldCXzxHVQdCB0ZnAgtDfQVDUDkPFRIPHE9lCEcPGwgdK0RVQHNaAAANCxUsABZPZVETBgAWHTAITV59HAYADA0TGg0BT2VRISYhJlZzRBkXLQsGHQdMXVEODhk6ABFBXkcSLQkCLSwbDhw2CgYHB01XfUNVU0NIRG5LX0MLSF9IWV5dQ1I1T3NREQwtFhc-CDAWPgwKUFNMV0NSXkBvQkhTQzFEb1xfQmVIXyhLQkUFFwMDOgEEARsJHSsfTUh9ID0zMENWSlpfWm1RSUExMzEWIhxQZSNNMT8rSkFSXV9yQ1BVQUcpIhs=" }