API reference for Supply Chain Security Tools - Store
This topic contains API reference information for Supply Chain Security Tools - Store. See API walkthrough for an SCST - Store example.
Information
Version
1.7.0
Content negotiation
URI Schemes
- http
- https
Consumes
- application/json
- multipart/form-data
- application/xml
Produces
- application/json
All endpoints
images
| Method | URI | Name | Summary |
|---|---|---|---|
| POST | /api/imageReport | create image report | ( Use POST /api/v1/images instead ) Create a new image report. Related packages and vulnerabilities are also created. |
| GET | /api/images | get images | Search image by id, name or digest . |
| GET | /api/packages/{IDorName}/images | get package images | List the images that contain the given package. |
| GET | /api/vulnerabilities/{CVEID}/images | get vulnerability images | List the images that contain the given vulnerability. |
Operations
| Method | URI | Name | Summary |
|---|---|---|---|
| GET | /api/health | health check |
Packages
| Method | URI | Name | Summary |
|---|---|---|---|
| GET | /api/images/{IDorDigest}/packages | get image packages | List the packages in an image. |
| GET | /api/images/packages | get image packages query | List packages of the given image. |
| GET | /api/packages | get packages | Search packages by id, name and/or version. |
| GET | /api/sources/{IDorRepoorSha}/packages | get source packages | |
| GET | /api/sources/packages | get source packages query | List packages of the given source. |
| GET | /api/vulnerabilities/{CVEID}/packages | get vulnerability packages | List packages that contain the given CVE id. |
Sources
| Method | URI | Name | Summary |
|---|---|---|---|
| POST | /api/sourceReport | create source report | ( Use POST /api/v1/sources instead ) Create a new source report. Related packages and vulnerabilities are also created. |
| GET | /api/packages/{IDorName}/sources | get package sources | List the sources containing the given package. |
| GET | /api/sources | get sources | Search for sources by ID, repository, commit sha and/or organization. |
| GET | /api/vulnerabilities/{CVEID}/sources | get vulnerability sources | List sources that contain the given vulnerability. |
v1/artifact_groups
| Method | URI | Name | Summary |
|---|---|---|---|
| POST | /api/v1/artifact-groups | create artifact group | Create an artifact group with specified labels and entity |
| POST | /api/v1/artifact-groups/_search | search artifact groups | Query for a list of artifact group that contains image(s) with specified digests, and or source(s) with specified shas. At least one image digest or source sha must be provided. This query can be further refined by matching images and sources with a specific combination of package name and/or cve id. |
| POST | /api/v1/artifact-groups/vulnerabilities/_reach | search artifact groups vuln reach | Search for how many artifact groups are affected by vulnerabilities associated with the specified image(s) digests, and/or source(s) shas. At least one image digest or source sha must be provided. |
| POST | /api/v1/artifact-groups/vulnerabilities/_search | search artifact groups vulnerabilities | Search for all vulnerabilities associated with an artifact group that contains image(s) with specified digests, and/or source(s) with specified shas. At least one image digest or source sha must be provided. |
v1/images
| Method | URI | Name | Summary |
|---|---|---|---|
| GET | /api/v1/images/{ID_OR_DIGEST} | v1 get image | Search image by ID or DIGEST |
| GET | /api/v1/images | v1 get images | Query for images. If no parameters are given, this endpoint will return all images. |
| POST | /api/v1/images | v1 post images | Add an image with a CycloneDX or SPDX report |
v1/packages
| Method | URI | Name | Summary |
|---|---|---|---|
| GET | /api/v1/packages/{ID} | get package by ID | Search package by ID |
| GET | /api/v1/images/packages | v1 get images packages | Query for packages with images parameters. If no parameters are given, this endpoint will return all packages related to images. |
| GET | /api/v1/packages | v1 get packages | Query for packages. If no parameters are given, this endpoint will return all packages. |
| GET | /api/v1/sources/packages | v1 get sources packages | Query for packages with source parameters. If no parameters are given, this endpoint will return all packages related to sources. |
v1/reports
| Method | URI | Name | Summary |
|---|---|---|---|
| GET | /api/v1/reports/{ReportUID} | v1 get report | Get a specific report by its unique identifier |
| POST | /api/v1/reports/_search | v1 search multiple reports | Search multiple reports by their unique identifiers |
| GET | /api/v1/reports | v1 search reports | Query for a list of reports with specified image digest, source sha, or original location. |
v1/sources
| Method | URI | Name | Summary |
|---|---|---|---|
| GET | /api/v1/sources/{ID_OR_SHA} | v1 get source | Search source by ID or SHA |
| GET | /api/v1/sources | v1 get sources | Query for sources. If no parameters are given, this endpoint will return all sources. |
| GET | /api/v1/sources/vulnerabilities | v1 get sources vulnerabilities | Query for vulnerabilities with source parameters. If no parameters are given, this endpoint will return all vulnerabilities. |
| POST | /api/v1/sources | v1 post sources | Add a source with a CycloneDX or SPDX report |
v1/triage
| Method | URI | Name | Summary |
|---|---|---|---|
| POST | /api/v1/triage/{UID}/copy | v1 copy vulnerability analysis | Copies the analysis of an existing triage to a new target. |
| POST | /api/v1/triage | v1 create vulnerability analysis | Inserts or updates a vulnerability analysis |
| GET | /api/v1/triage/rebase | v1 get rebase options | Search for analysis that can be rebased on the specified image within an artifact group. |
| GET | /api/v1/triage | v1 get triage | Query for Triage Analysis. If no parameters are given, this endpoint will return all analysis instances. |
v1/vulnerabilities
| Method | URI | Name | Summary |
|---|---|---|---|
| GET | /api/v1/vulnerabilities/{ID} | get vulnerability by ID | Search vulnerability by ID |
| GET | /api/v1/images/vulnerabilities | v1 get images vulnerabilities | Query for vulnerabilities with image parameters. If no parameters are give, this endpoint will return all vulnerabilities. |
vulnerabilities
| Method | URI | Name | Summary |
|---|---|---|---|
| GET | /api/images/{IDorDigest}/vulnerabilities | get image vulnerabilities | List vulnerabilities from the given image. |
| GET | /api/packages/{IDorName}/vulnerabilities | get package vulnerabilities | List vulnerabilities from the given package. |
| GET | /api/sources/{IDorRepoorSha}/vulnerabilities | get source vulnerabilities | |
| GET | /api/sources/vulnerabilities | get source vulnerabilities query | List vulnerabilities of the given source. |
| GET | /api/vulnerabilities | get vulnerabilities | Search for vulnerabilities by CVE id. |
Paths
Create an artifact group with specified labels and entity (CreateArtifactGroup)
POST /api/v1/artifact-groups
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| ArtifactGroupPostRequest | body |
ArtifactGroupPostRequest | models.ArtifactGroupPostRequest |
✓ |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 201 | Created | ArtifactGroupCreatePostResponse | schema | |
| 400 | Bad Request | ErrorMessage | schema | |
| default | ErrorMessage | schema |
Responses
201 - ArtifactGroupCreatePostResponse
Status: Created
Schema
ArtifactGroupCreatePostResponse
400 - ErrorMessage
Status: Bad Request
Schema
Default Response
ErrorMessage
Schema
( Use POST /api/v1/images instead ) Create a new image report. Related packages and vulnerabilities are also created. (CreateImageReport)
POST /api/imageReport
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| Image | body |
Image | models.Image |
✓ |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | Image | schema | |
| default | ErrorMessage | schema |
Responses
200 - Image
Status: OK
Schema
Default Response
ErrorMessage
Schema
( Use POST /api/v1/sources instead ) Create a new source report. Related packages and vulnerabilities are also created. (CreateSourceReport)
POST /api/sourceReport
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| Image | body |
Source | models.Source |
✓ |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | Source | schema | |
| default | ErrorMessage | schema |
Responses
200 - Source
Status: OK
Schema
Default Response
ErrorMessage
Schema
List the packages in an image. (GetImagePackages)
GET /api/images/{IDorDigest}/packages
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| IDorDigest | path |
string | string |
✓ |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | Package | schema | |
| default | ErrorMessage | schema |
Responses
200 - Package
Status: OK
Schema
Default Response
ErrorMessage
Schema
List packages of the given image. (GetImagePackagesQuery)
GET /api/images/packages
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| digest | query |
string | string |
||||
| id | query |
int64 (formatted integer) | int64 |
||||
| name | query |
string | string |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | Package | schema | |
| default | ErrorMessage | schema |
Responses
200 - Package
Status: OK
Schema
Default Response
ErrorMessage
Schema
List vulnerabilities from the given image. (GetImageVulnerabilities)
GET /api/images/{IDorDigest}/vulnerabilities
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| IDorDigest | path |
string | string |
✓ | |||
| Severity | query |
string | string |
Case insensitive vulnerabilities severity filter. Possible values are: low, medium, high, critical, unknown. |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | Vulnerability | schema | |
| default | ErrorMessage | schema |
Responses
200 - Vulnerability
Status: OK
Schema
Default Response
ErrorMessage
Schema
Search image by id, name or digest . (GetImages)
GET /api/images
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | Image | schema | |
| default | ErrorMessage | schema |
Responses
200 - Image
Status: OK
Schema
Default Response
ErrorMessage
Schema
Search package by ID (GetPackageByID)
GET /api/v1/packages/{ID}
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| ID | path |
uint64 (formatted integer) | uint64 |
✓ |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | Package | schema | |
| 404 | Not Found | ErrorMessage | schema | |
| default | ErrorMessage | schema |
Responses
200 - Package
Status: OK
Schema
404 - ErrorMessage
Status: Not Found
Schema
Default Response
ErrorMessage
Schema
List the images that contain the given package. (GetPackageImages)
GET /api/packages/{IDorName}/images
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| IDorName | path |
string | string |
✓ |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | Image | schema | |
| default | ErrorMessage | schema |
Responses
200 - Image
Status: OK
Schema
Default Response
ErrorMessage
Schema
List the sources containing the given package. (GetPackageSources)
GET /api/packages/{IDorName}/sources
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| IDorName | path |
string | string |
✓ |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | Source | schema | |
| default | ErrorMessage | schema |
Responses
200 - Source
Status: OK
Schema
Default Response
ErrorMessage
Schema
List vulnerabilities from the given package. (GetPackageVulnerabilities)
GET /api/packages/{IDorName}/vulnerabilities
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| IDorName | path |
string | string |
✓ | |||
| Severity | query |
string | string |
Case insensitive vulnerabilities severity filter. Possible values are: low, medium, high, critical, unknown. |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | Vulnerability | schema | |
| default | ErrorMessage | schema |
Responses
200 - Vulnerability
Status: OK
Schema
Default Response
ErrorMessage
Schema
Search packages by id, name and/or version. (GetPackages)
GET /api/packages
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| id | query |
int64 (formatted integer) | int64 |
Any of id or name must be provided | |||
| name | query |
string | string |
Any of id or name must be provided | |||
| version | query |
string | string |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | Package | schema | |
| default | ErrorMessage | schema |
Responses
200 - Package
Status: OK
Schema
Default Response
ErrorMessage
Schema
get source packages (GetSourcePackages)
GET /api/sources/{IDorRepoorSha}/packages
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| IDorRepoorSha | path |
string | string |
✓ |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | Package | schema | |
| default | ErrorMessage | schema |
Responses
200 - Package
Status: OK
Schema
Default Response
ErrorMessage
Schema
List packages of the given source. (GetSourcePackagesQuery)
GET /api/sources/packages
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| id | query |
uint64 (formatted integer) | uint64 |
||||
| repo | query |
string | string |
||||
| sha | query |
string | string |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | Package | schema | |
| default | ErrorMessage | schema |
Responses
200 - Package
Status: OK
Schema
Default Response
ErrorMessage
Schema
get source vulnerabilities (GetSourceVulnerabilities)
GET /api/sources/{IDorRepoorSha}/vulnerabilities
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| IDorRepoorSha | path |
string | string |
✓ |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | Vulnerability | schema | |
| default | ErrorMessage | schema |
Responses
200 - Vulnerability
Status: OK
Schema
Default Response
ErrorMessage
Schema
List vulnerabilities of the given source. (GetSourceVulnerabilitiesQuery)
GET /api/sources/vulnerabilities
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| Severity | query |
string | string |
Case insensitive vulnerabilities severity filter. Possible values are: low, medium, high, critical, unknown. | |||
| id | query |
uint64 (formatted integer) | uint64 |
||||
| repo | query |
string | string |
||||
| sha | query |
string | string |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | Vulnerability | schema | |
| default | ErrorMessage | schema |
Responses
200 - Vulnerability
Status: OK
Schema
Default Response
ErrorMessage
Schema
Search for sources by ID, repository, commit sha and/or organization. (GetSources)
GET /api/sources
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| id | query |
int64 (formatted integer) | int64 |
||||
| org | query |
string | string |
||||
| repo | query |
string | string |
||||
| sha | query |
string | string |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | Source | schema | |
| default | ErrorMessage | schema |
Responses
200 - Source
Status: OK
Schema
Default Response
ErrorMessage
Schema
Search for vulnerabilities by CVE id. (GetVulnerabilities)
GET /api/vulnerabilities
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| CVEID | query |
string | string |
✓ | |||
| Severity | query |
string | string |
Case insensitive vulnerabilities severity filter. Possible values are: low, medium, high, critical, unknown. |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | Vulnerability | schema | |
| default | ErrorMessage | schema |
Responses
200 - Vulnerability
Status: OK
Schema
Default Response
ErrorMessage
Schema
Search vulnerability by ID (GetVulnerabilityByID)
GET /api/v1/vulnerabilities/{ID}
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| ID | path |
uint64 (formatted integer) | uint64 |
✓ |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | Vulnerability | schema | |
| 404 | Not Found | ErrorMessage | schema | |
| default | ErrorMessage | schema |
Responses
200 - Vulnerability
Status: OK
Schema
404 - ErrorMessage
Status: Not Found
Schema
Default Response
ErrorMessage
Schema
List the images that contain the given vulnerability. (GetVulnerabilityImages)
GET /api/vulnerabilities/{CVEID}/images
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| CVEID | path |
string | string |
✓ |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | Image | schema | |
| default | ErrorMessage | schema |
Responses
200 - Image
Status: OK
Schema
Default Response
ErrorMessage
Schema
List packages that contain the given CVE id. (GetVulnerabilityPackages)
GET /api/vulnerabilities/{CVEID}/packages
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| CVEID | path |
string | string |
✓ |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | Package | schema | |
| default | ErrorMessage | schema |
Responses
200 - Package
Status: OK
Schema
Default Response
ErrorMessage
Schema
List sources that contain the given vulnerability. (GetVulnerabilitySources)
GET /api/vulnerabilities/{CVEID}/sources
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| CVEID | path |
string | string |
✓ |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | Source | schema | |
| default | ErrorMessage | schema |
Responses
200 - Source
Status: OK
Schema
Default Response
ErrorMessage
Schema
health check (HealthCheck)
GET /api/health
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | schema | ||
| default | ErrorMessage | schema |
Responses
200
Status: OK
Schema
Default Response
ErrorMessage
Schema
Query for a list of artifact group that contains image(s) with specified digests, and or source(s) with specified shas. At least one image digest or source sha must be provided. This query can be further refined by matching images and sources with a specific combination of package name and/or cve id. (SearchArtifactGroups)
POST /api/v1/artifact-groups/_search
Query for a list of artifact group that contains image(s) with specified digests, and or source(s) with specified shas.
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| ArtifactGroupFiltersPostRequest | body |
ArtifactGroupSearchFilters | models.ArtifactGroupSearchFilters |
✓ |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | PaginatedArtifactGroupSearchPostResponse | schema | |
| 400 | Bad Request | ErrorMessage | schema | |
| default | ErrorMessage | schema |
Responses
200 - PaginatedArtifactGroupSearchPostResponse
Status: OK
Schema
PaginatedArtifactGroupSearchPostResponse
400 - ErrorMessage
Status: Bad Request
Schema
Default Response
ErrorMessage
Schema
Search for how many artifact groups are affected by vulnerabilities associated with the specified image(s) digests, and/or source(s) shas. At least one image digest or source sha must be provided. (SearchArtifactGroupsVulnReach)
POST /api/v1/artifact-groups/vulnerabilities/_reach
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| ArtifactGroupVulnReachFiltersPostRequest | body |
ArtifactGroupVulnReachFiltersPostRequest | models.ArtifactGroupVulnReachFiltersPostRequest |
✓ |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | PaginatedArtifactGroupVulnReachPostResponse | schema | |
| 400 | Bad Request | ErrorMessage | schema | |
| default | ErrorMessage | schema |
Responses
200 - PaginatedArtifactGroupVulnReachPostResponse
Status: OK
Schema
PaginatedArtifactGroupVulnReachPostResponse
400 - ErrorMessage
Status: Bad Request
Schema
Default Response
ErrorMessage
Schema
Search for all vulnerabilities associated with an artifact group that contains image(s) with specified digests, and/or source(s) with specified shas. At least one image digest or source sha must be provided. (SearchArtifactGroupsVulnerabilities)
POST /api/v1/artifact-groups/vulnerabilities/_search
The result can be further refined by matching the images and sources with a package name and/or an artifact group UID
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| ArtifactGroupVulnSearchFiltersPostRequest | body |
ArtifactGroupVulnSearchFilters | models.ArtifactGroupVulnSearchFilters |
✓ |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | PaginatedArtifactGroupVulnSearchPostResponse | schema | |
| 400 | Bad Request | ErrorMessage | schema | |
| default | ErrorMessage | schema |
Responses
200 - PaginatedArtifactGroupVulnSearchPostResponse
Status: OK
Schema
PaginatedArtifactGroupVulnSearchPostResponse
400 - ErrorMessage
Status: Bad Request
Schema
Default Response
ErrorMessage
Schema
Copies the analysis of an existing triage to a new target. (V1CopyVulnerabilityAnalysis)
POST /api/v1/triage/{UID}/copy
This endpoint takes an existing analysis instance and copies its latest state into a new instance, replacing the image/source/artifact group of the existing analysis with the ones provided in the request.
If an instance with the targeted parameters already exists, it updates its analysis to match that of the instance found by the provided uid.
Consumes
- application/json
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| UID | path |
string | string |
✓ | UID of triage to copy from | ||
| VulnerabilityAnalysisCopyRequest | body |
VulnerabilityAnalysisCopyRequest | models.VulnerabilityAnalysisCopyRequest |
✓ |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | V1AnalysisInstanceUIDResponse | schema | |
| 201 | Created | V1AnalysisInstanceUIDResponse | schema | |
| 400 | Bad Request | ErrorMessage | schema | |
| 404 | Not Found | ErrorMessage | schema | |
| 503 | Service Unavailable | ErrorMessage | schema |
Responses
200 - V1AnalysisInstanceUIDResponse
Status: OK
Schema
201 - V1AnalysisInstanceUIDResponse
Status: Created
Schema
400 - ErrorMessage
Status: Bad Request
Schema
404 - ErrorMessage
Status: Not Found
Schema
503 - ErrorMessage
Status: Service Unavailable
Schema
Inserts or updates a vulnerability analysis (V1CreateVulnerabilityAnalysis)
POST /api/v1/triage
Creates or updates a vulnerability analysis for a particular vulnerability instance. A vulnerability instance is a combination of Vulnerability + OS/Application Package + Image or Source + Artifact Group.
A vulnerability analysis contains the necessary data to assess the impact of a particular vulnerability. This endpoint follows CycloneDX Vex specification for vulnerability analysis.
Consumes
- application/json
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| VulnerabilityAnalysisRequest | body |
VulnerabilityAnalysisRequest | models.VulnerabilityAnalysisRequest |
✓ |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | V1AnalysisInstanceUIDResponse | schema | |
| 201 | Created | V1AnalysisInstanceUIDResponse | schema | |
| 400 | Bad Request | ErrorMessage | schema | |
| 503 | Service Unavailable | ErrorMessage | schema |
Responses
200 - V1AnalysisInstanceUIDResponse
Status: OK
Schema
201 - V1AnalysisInstanceUIDResponse
Status: Created
Schema
400 - ErrorMessage
Status: Bad Request
Schema
503 - ErrorMessage
Status: Service Unavailable
Schema
Search image by ID or DIGEST (V1GetImage)
GET /api/v1/images/{ID_OR_DIGEST}
One of the following combination of headers is needed (—> response format):
- Report-Type-Format: cyclonedx and Accept: application/json —> cyclonedx SBOM
- Report-Type-Format: cyclonedx and Accept: application/xml —> cyclonedx SBOM
- Report-Type-Format: spdx2.2 and Accept: application/json —> spdx SBOM
- Report-Type-Format and Accept not present at all —> Image
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| ID_OR_DIGEST | path |
string | string |
✓ | |||
| Accept | header |
string | string |
The Accept type of the input report. Supported values are ‘application/json’, ‘application/xml’ | |||
| Report-Type-Format | header |
string | string |
The input report type format. Supported values are ‘cyclonedx’ and ‘spdx2.2’ |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | Image | schema | |
| 404 | Not Found | ErrorMessage | schema | |
| default | ErrorMessage | schema |
Responses
200 - Image
Status: OK
Schema
404 - ErrorMessage
Status: Not Found
Schema
Default Response
ErrorMessage
Schema
Query for images. If no parameters are given, this endpoint will return all images. (V1GetImages)
GET /api/v1/images
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| all | query |
boolean | bool |
If no pagination parameters are provided, defaults to true and returns all available results. | |||
| digest | query |
string | string |
||||
| name | query |
string | string |
||||
| page | query |
int64 (formatted integer) | int64 |
1 |
|||
| page_size | query |
int64 (formatted integer) | int64 |
20 |
|||
| registry | query |
string | string |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | PaginatedImageResponse | schema | |
| 404 | Not Found | ErrorMessage | schema | |
| default | ErrorMessage | schema |
Responses
200 - PaginatedImageResponse
Status: OK
Schema
404 - ErrorMessage
Status: Not Found
Schema
Default Response
ErrorMessage
Schema
Query for packages with images parameters. If no parameters are given, this endpoint will return all packages related to images. (V1GetImagesPackages)
GET /api/v1/images/packages
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| all | query |
boolean | bool |
If no pagination parameters are provided, defaults to true and returns all available results. | |||
| digest | query |
string | string |
||||
| name | query |
string | string |
||||
| package_name | query |
string | string |
Substring package name filter. For example, setting name=cur would match curl and libcurl. |
|||
| page | query |
int64 (formatted integer) | int64 |
1 |
|||
| page_size | query |
int64 (formatted integer) | int64 |
20 |
|||
| registry | query |
string | string |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | PaginatedPackageResponse | schema | |
| 404 | Not Found | ErrorMessage | schema | |
| default | ErrorMessage | schema |
Responses
200 - PaginatedPackageResponse
Status: OK
Schema
404 - ErrorMessage
Status: Not Found
Schema
Default Response
ErrorMessage
Schema
Query for vulnerabilities with image parameters. If no parameters are give, this endpoint will return all vulnerabilities. (V1GetImagesVulnerabilities)
GET /api/v1/images/vulnerabilities
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| Severity | query |
string | string |
Case insensitive vulnerabilities severity filter. Possible values are: low, medium, high, critical, unknown. | |||
| all | query |
boolean | bool |
If no pagination parameters are provided, defaults to true and returns all available results. | |||
| digest | query |
string | string |
||||
| name | query |
string | string |
||||
| page | query |
int64 (formatted integer) | int64 |
1 |
|||
| page_size | query |
int64 (formatted integer) | int64 |
20 |
|||
| registry | query |
string | string |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | PaginatedVulnerabilityResponse | schema | |
| 404 | Not Found | ErrorMessage | schema | |
| default | ErrorMessage | schema |
Responses
200 - PaginatedVulnerabilityResponse
Status: OK
Schema
PaginatedVulnerabilityResponse
404 - ErrorMessage
Status: Not Found
Schema
Default Response
ErrorMessage
Schema
Query for packages. If no parameters are given, this endpoint will return all packages. (V1GetPackages)
GET /api/v1/packages
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| all | query |
boolean | bool |
If no pagination parameters are provided, defaults to true and returns all available results. | |||
| name | query |
string | string |
Name filter works as a substring match on the package name. For example, setting name=cur would match curl and libcurl. |
|||
| package_manager | query |
string | string |
||||
| page | query |
int64 (formatted integer) | int64 |
1 |
|||
| page_size | query |
int64 (formatted integer) | int64 |
20 |
|||
| version | query |
string | string |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | PaginatedPackageResponse | schema | |
| 404 | Not Found | ErrorMessage | schema | |
| default | ErrorMessage | schema |
Responses
200 - PaginatedPackageResponse
Status: OK
Schema
404 - ErrorMessage
Status: Not Found
Schema
Default Response
ErrorMessage
Schema
Search for analysis that can be rebased on the specified image within an artifact group. (V1GetRebaseOptions)
GET /api/v1/triage/rebase
An analysis can be rebased when it matches the following conditions: They are linked to the specified artifact group They are linked to images that belong to the artifact group, have the same name as the specified image but have an older creation date They are linked to packages that the specified image also contains, but have no existing analysis for the specified image
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| all | query |
boolean | bool |
If no pagination parameters are provided, defaults to true and returns all available results. | |||
| artifact_group_uid | query |
string | string |
✓ | UID of Workload to rebase within | ||
| digest | query |
string | string |
✓ | The sha256 digest of the image | ||
| page | query |
int64 (formatted integer) | int64 |
1 |
|||
| page_size | query |
int64 (formatted integer) | int64 |
20 |
|||
| registry | query |
string | string |
The registry name where the image is hosted. |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | PaginatedVulnerabilityAnalysisResponse | schema | |
| 400 | Bad Request | ErrorMessage | schema |
Responses
200 - PaginatedVulnerabilityAnalysisResponse
Status: OK
Schema
PaginatedVulnerabilityAnalysisResponse
400 - ErrorMessage
Status: Bad Request
Schema
Get a specific report by its unique identifier (V1GetReport)
GET /api/v1/reports/{ReportUID}
One of the following combination of headers is needed (—> response format):
- Report-Type-Format: CycloneDX and Accept: application/json —> CycloneDX SBOM
- Report-Type-Format: CycloneDX and Accept: application/xml —> CycloneDX SBOM
- Report-Type-Format: spdx2.2 and Accept: application/json —> SPDX SBOM
- Report-Type-Format and Accept not present at all —> ReportResponse
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| ReportUID | path |
string | string |
✓ | The report’s unique identifier | ||
| Accept | header |
string | string |
The Accept type of the input report. Supported values are ‘application/json’, ‘application/xml’ | |||
| Report-Type-Format | header |
string | string |
The input report type format. Supported values are ‘cyclonedx’ and ‘spdx2.2’ |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | ReportResponse | schema | |
| 400 | Bad Request | ErrorMessage | schema | |
| 404 | Not Found | ErrorMessage | schema | |
| 503 | Service Unavailable | ErrorMessage | schema |
Responses
200 - ReportResponse
Status: OK
Schema
400 - ErrorMessage
Status: Bad Request
Schema
404 - ErrorMessage
Status: Not Found
Schema
503 - ErrorMessage
Status: Service Unavailable
Schema
Search source by ID or SHA (V1GetSource)
GET /api/v1/sources/{ID_OR_SHA}
One of the following combinations of headers could be used, if not headers are sent the default response is Source (—> response format):
- Report-Type-Format: cyclonedx and Accept: application/json —> cyclonedx SBOM
- Report-Type-Format: cyclonedx and Accept: application/xml —> cyclonedx SBOM
- Report-Type-Format: spdx2.2 and Accept: application/json —> spdx SBOM
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| ID_OR_SHA | path |
string | string |
✓ | |||
| Accept | header |
string | string |
The Accept type of the input report. Supported values are ‘application/json’, ‘application/xml’ | |||
| Report-Type-Format | header |
string | string |
The input report type format. Supported values are ‘cyclonedx’ and ‘spdx2.2’ |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | Source | schema | |
| 404 | Not Found | ErrorMessage | schema | |
| default | ErrorMessage | schema |
Responses
200 - Source
Status: OK
Schema
404 - ErrorMessage
Status: Not Found
Schema
Default Response
ErrorMessage
Schema
Query for sources. If no parameters are given, this endpoint will return all sources. (V1GetSources)
GET /api/v1/sources
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| all | query |
boolean | bool |
If no pagination parameters are provided, defaults to true and returns all available results. | |||
| org | query |
string | string |
||||
| page | query |
int64 (formatted integer) | int64 |
1 |
|||
| page_size | query |
int64 (formatted integer) | int64 |
20 |
|||
| repo | query |
string | string |
||||
| sha | query |
string | string |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | PaginatedSourceResponse | schema | |
| 404 | Not Found | ErrorMessage | schema | |
| default | ErrorMessage | schema |
Responses
200 - PaginatedSourceResponse
Status: OK
Schema
404 - ErrorMessage
Status: Not Found
Schema
Default Response
ErrorMessage
Schema
Query for packages with source parameters. If no parameters are given, this endpoint will return all packages related to sources. (V1GetSourcesPackages)
GET /api/v1/sources/packages
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | PaginatedPackageResponse | schema | |
| 404 | Not Found | ErrorMessage | schema | |
| default | ErrorMessage | schema |
Responses
200 - PaginatedPackageResponse
Status: OK
Schema
404 - ErrorMessage
Status: Not Found
Schema
Default Response
ErrorMessage
Schema
Query for vulnerabilities with source parameters. If no parameters are given, this endpoint will return all vulnerabilities. (V1GetSourcesVulnerabilities)
GET /api/v1/sources/vulnerabilities
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| Severity | query |
string | string |
Case insensitive vulnerabilities severity filter. Possible values are: low, medium, high, critical, unknown. | |||
| all | query |
boolean | bool |
If no pagination parameters are provided, defaults to true and returns all available results. | |||
| org | query |
string | string |
||||
| page | query |
int64 (formatted integer) | int64 |
1 |
|||
| page_size | query |
int64 (formatted integer) | int64 |
20 |
|||
| repo | query |
string | string |
||||
| sha | query |
string | string |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | PaginatedVulnerabilityResponse | schema | |
| 404 | Not Found | ErrorMessage | schema | |
| default | ErrorMessage | schema |
Responses
200 - PaginatedVulnerabilityResponse
Status: OK
Schema
PaginatedVulnerabilityResponse
404 - ErrorMessage
Status: Not Found
Schema
Default Response
ErrorMessage
Schema
Query for Triage Analysis. If no parameters are given, this endpoint will return all analysis instances. (V1GetTriage)
GET /api/v1/triage
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| all | query |
boolean | bool |
If no pagination parameters are provided, defaults to true and returns all available results. | |||
| artifact_group_uid | query |
string | string |
The artifact group unique identifier. | |||
| commit | query |
string | string |
The commit sha of the source. | |||
| digest | query |
string | string |
The sha256 digest of the image | |||
| org | query |
string | string |
The organization name of the source. | |||
| page | query |
int64 (formatted integer) | int64 |
1 |
|||
| page_size | query |
int64 (formatted integer) | int64 |
20 |
|||
| registry | query |
string | string |
The registry name where the image is hosted. | |||
| repo | query |
string | string |
The repository name of the source. |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | PaginatedVulnerabilityAnalysisResponse | schema | |
| 400 | Bad Request | ErrorMessage | schema |
Responses
200 - PaginatedVulnerabilityAnalysisResponse
Status: OK
Schema
PaginatedVulnerabilityAnalysisResponse
400 - ErrorMessage
Status: Bad Request
Schema
Add an image with a CycloneDX or SPDX report (V1PostImages)
POST /api/v1/images
A CycloneDX or SPDX report can be sent in one of two ways: 1) through the body of the request or 2) through uploading the file via a multi-part form.
To add an image via a CycloneDX report or SPDX report submitted in the body of the request, use one of the following supported header combinations: 1. Report-Type-Format: cyclonedx and Content-Type: application/json 2. Report-Type-Format: cyclonedx and Content-Type: application/xml 3. Report-Type-Format: spdx and Content-Type: application/json
To add an image via a CycloneDX report or SPDX report submitted by uploading a file, the following are required: 1. the Content-Type header must be ‘multipart/form-data’ 2. the Report-Type-Format header must also be specified as either ‘cyclonedx’ or ‘spdx’ 3. formData includes field ‘file’ for the CycloneDX or SPDX report file 4. formData includes field ‘format’ of the report file
Consumes
- application/json
- application/xml
- multipart/form-data
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| Content-Type | header |
string | string |
✓ | The content type of the input report. Supported values are ‘application/json’, ‘application/xml’, and ‘multipart/form-data’ | ||
| Entity-Name | header |
string | string |
Manual input of the name of the entity. If this value is provided, Entity-Version header must also be provided. If this value is not provided, the value will be read from the submitted SBOM | |||
| Entity-Version | header |
string | string |
Manual input of the version of the entity. If this value is provided, Entity-Name header must also be provided. If this value is not provided, the value will be read from the submitted SBOM | |||
| Image-File-Path | header |
string | string |
The location inside the bundle where the original SBOM vulnerability scan that generated this report can be found. | |||
| Used when the original location points to a bundle that contains multiple SBOM vulnerability scans. | |||||||
| Original-Location | header |
string | string |
The stored location of the original SBOM vulnerability scan result used to create this report. | |||
| This can be an individual file, or a bundle | |||||||
| Report-Type-Format | header |
string | string |
✓ | The input report type format. Supported values are ‘cyclonedx’ and ‘spdx’ | ||
| Report-UID | header |
string | string |
A unique identifier to assign to the report. If omitted, a unique identifier will be randomly generated for the report. Supported characters: ALPHA DIGIT “-” / “.” / “_” / “~” | |||
| file | formData |
file | io.ReadCloser |
CycloneDX or SPDX report (required if using ‘multipart/form-data’) | |||
| format | formData |
string | string |
The file format of the report file. Supported values are ‘application/json’ and ‘application/xml’ (required if using ‘multipart/form-data’) |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | V1ImagePostResponse | schema | |
| 400 | Bad Request | ErrorMessage | schema | |
| default | ErrorMessage | schema |
Responses
200 - V1ImagePostResponse
Status: OK
Schema
400 - ErrorMessage
Status: Bad Request
Schema
Default Response
ErrorMessage
Schema
Add a source with a CycloneDX or SPDX report (V1PostSources)
POST /api/v1/sources
A CycloneDX or SPDX report can be sent in one of two ways: 1) through the body of the request or 2) through uploading the file via a multi-part form.
To add a source via a CycloneDX report or SPDX report submitted in the body of the request, use one of the following supported header combinations: 1. Report-Type-Format: cyclonedx and Content-Type: application/json 2. Report-Type-Format: cyclonedx and Content-Type: application/xml 3. Report-Type-Format: spdx and Content-Type: application/json
To add a source via a CycloneDX report or SPDX report submitted by uploading a file, the following are required: 1. the Content-Type header must be ‘multipart/form-data’ 2. the Report-Type-Format header must also be specified as either ‘cyclonedx’ or ‘spdx’ 3. formData includes field ‘file’ for the CycloneDX or SPDX report file 4. formData includes field ‘format’ of the report file
Consumes
- application/json
- application/xml
- multipart/form-data
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| Content-Type | header |
string | string |
✓ | The content type of the input report. Supported values are ‘application/json’, ‘application/xml’, and ‘multipart/form-data’ | ||
| Entity-Name | header |
string | string |
Manual input of the name of the entity. If this value is provided, Entity-Version header must also be provided. If this value is not provided, the value will be read from the submitted SBOM | |||
| Entity-Version | header |
string | string |
Manual input of the version of the entity. If this value is provided, Entity-Name header must also be provided. If this value is not provided, the value will be read from the submitted SBOM | |||
| Original-Location | header |
string | string |
The stored location of the original SBOM vulnerability scan result used to create this report. | |||
| This can be an individual file, or a bundle | |||||||
| Report-Type-Format | header |
string | string |
✓ | The input report type format. Supported values are ‘cyclonedx’ and ‘spdx’ | ||
| Report-UID | header |
string | string |
A unique identifier to assign to the report. If omitted, a unique identifier will be randomly generated for the report. Supported characters: ALPHA DIGIT “-” / “.” / “_” / “~” | |||
| file | formData |
file | io.ReadCloser |
CycloneDX or SPDX report (required if using ‘multipart/form-data’) | |||
| format | formData |
string | string |
The file format of the report file. Supported values are ‘application/json’ and ‘application/xml’ (required if using ‘multipart/form-data’) |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | V1SourcePostResponse | schema | |
| 400 | Bad Request | ErrorMessage | schema |
Responses
200 - V1SourcePostResponse
Status: OK
Schema
400 - ErrorMessage
Status: Bad Request
Schema
Search multiple reports by their unique identifiers (V1SearchMultipleReports)
POST /api/v1/reports/_search
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| ReportsSearchFiltersPostRequest | body |
MultipleReportSearchFilters | models.MultipleReportSearchFilters |
✓ |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | PaginatedReportsSearchPostResponse | schema | |
| 400 | Bad Request | ErrorMessage | schema | |
| 500 | Internal Server Error | ErrorMessage | schema | |
| 503 | Service Unavailable | ErrorMessage | schema |
Responses
200 - PaginatedReportsSearchPostResponse
Status: OK
Schema
PaginatedReportsSearchPostResponse
400 - ErrorMessage
Status: Bad Request
Schema
500 - ErrorMessage
Status: Internal Server Error
Schema
503 - ErrorMessage
Status: Service Unavailable
Schema
Query for a list of reports with specified image digest, source sha, or original location. (V1SearchReports)
GET /api/v1/reports
Parameters
| Name | Source | Type | Go type | Separator | Required | Default | Description |
|---|---|---|---|---|---|---|---|
| all | query |
boolean | bool |
If no pagination parameters are provided, defaults to true and returns all available results. | |||
| artifact_group_name | query |
string | string |
Filter reports by the associated artifact group with provided “name” label value. Only available when searching by image or source. | |||
| artifact_group_namespace | query |
string | string |
Filter reports by the associated artifact group with provided “namespace” label value. Only available when searching by image or source. | |||
| artifact_group_uid | query |
string | string |
The uid of the artifact group that the report(s) are associated with. Only available when searching by image or source. | |||
| digest | query |
string | string |
✓ | The digest of the image. Only one of image digest, source sha, or original location should be provided. | ||
| ordering | query |
string | string |
"DESC" |
The order in which the list of reports will be returned. When set to ASC, will return the list in ascending order (oldest to newest) by date/time the report was generated. When set to DESC, will return the list in descending order (newest to oldest). | ||
| original_location | query |
string | string |
✓ | The URI of where the original SBOM scan reports are stored. Only one of image digest, source sha, or original location should be provided. | ||
| page | query |
int64 (formatted integer) | int64 |
1 |
|||
| page_size | query |
int64 (formatted integer) | int64 |
20 |
|||
| sha | query |
string | string |
✓ | The sha index of the source. Only one of image digest, source sha, or original location should be provided. |
All responses
| Code | Status | Description | Has headers | Schema |
|---|---|---|---|---|
| 200 | OK | PaginatedSearchReportResponse | schema | |
| 400 | Bad Request | ErrorMessage | schema | |
| 404 | Not Found | ErrorMessage | schema | |
| 500 | Internal Server Error | ErrorMessage | schema |
Responses
200 - PaginatedSearchReportResponse
Status: OK
Schema
400 - ErrorMessage
Status: Bad Request
Schema
404 - ErrorMessage
Status: Not Found
Schema
500 - ErrorMessage
Status: Internal Server Error
Schema
Models
AnalysisInstanceImageDependency
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Digest | string | string |
✓ | The digest of the image | sha256:f7de1564f13da1ef7e5720ebce14006793242c0d8d7d60c343632bcf3bc5306d |
|
| Registry | string | string |
The DNS name of the registry that stores the image | docker.io |
AnalysisInstancePackageDependency
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Name | string | string |
✓ | OS or Application package name | libc |
|
| Version | string | string |
✓ | OS or Application package version | 0.0.1 |
AnalysisInstanceSourceDependency
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Org | string | string |
The repository organization name of the source entity | my-organization |
||
| Repo | string | string |
The repository name of the source | my-sample-repo |
||
| Sha | string | string |
✓ | The commit sha of the source | d6cd1e2bd19e03a81132a23b2025920577f84e37 |
AnalysisInstanceUIDResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| UID | string | string |
Unique identifier for the analysis instance | 8b1cc5da-fabe-45a6-ab8c-49260bbeef99 |
AnalysisRequest
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Comments | string | string |
Free form comments for the analysis | Lorem ipsum dolor sit amet |
||
| Justification | string | string |
The rationale of why the analysis state was asserted | code_not_present |
||
| Response | []string | []string |
A response to the vulnerability by the manufacturer, supplier, or project responsible for the affected component or service | |||
| State | string | string |
✓ | Triage analysis state | in_triage |
ArtifactGroupCreatePostResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Entities | []EntityCreatePostResponse | []*EntityCreatePostResponse |
Entities associated with the Artifact Group | |||
| Labels | map of string | map[string]string |
Key-Value pair of labels associated with the Artifact Group | {"env":"production","namespace":"default"} |
||
| ReportUID | string | string |
Unique identifier for the report | |||
| UID | string | string |
Unique identifier for the Artifact Group such as workload UID | 8b1cc5da-fabe-45a6-ab8c-49260bbeef99 |
ArtifactGroupPostRequest
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| EntityID | uint64 (formatted integer) | uint64 |
The database ID of the source or image being associated with this artifact group | 24 |
||
| Labels | map of string | map[string]string |
Key-Value pair of labels associated with the Artifact Group | {"env":"production","namespace":"default"} |
||
| ReportUID | string | string |
Report’s unique identifier. Supported characters: ALPHA DIGIT “-” / “.” / “_” / “~” | |||
| in: header | ||||||
| Type | string | string |
The entity type being associated with this artifact group. Allowable values: image, source | image |
||
| UID | string | string |
✓ | Unique identifier for the Artifact Group such as workload UID | 8b1cc5da-fabe-45a6-ab8c-49260bbeef99 |
ArtifactGroupResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Entities | []EntityResponse | []*EntityResponse |
Entities associated with the Artifact Group | |||
| Labels | map of string | map[string]string |
Key-Value pair of labels associated with the Artifact Group | {"env":"production","namespace":"default"} |
||
| ReportUID | string | string |
Unique identifier for the report | |||
| UID | string | string |
Unique identifier for the Artifact Group such as workload UID | 8b1cc5da-fabe-45a6-ab8c-49260bbeef99 |
ArtifactGroupSearchEntityPostResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Digest | string | string |
The digest of the image entity. Only visible if the entity is of image type | sha256:f7de1564f13da1ef7e5720ebce14006793242c0d8d7d60c343632bcf3bc5306d |
||
| Host | string | string |
The dns name where the source entity is hosted on. Only visible if the entity type is of source type | gitlab.com |
||
| ID | uint64 (formatted integer) | uint64 |
✓ | The database ID of the source or image | 24 |
|
| Name | string | string |
The name of the image entity. Only visible if the entity is of image type | checkr/flagr |
||
| Org | string | string |
The organization name of the source entity. Only visible if the entity type is of source type | my-organization |
||
| Packages | []ArtifactGroupSearchPackagePostResponse | []*ArtifactGroupSearchPackagePostResponse |
||||
| Registry | string | string |
The DNS name of the registry that stores the image entity. Only visible if the entity is of image type | docker.io |
||
| Repo | string | string |
The repository name of the source entity. Only visible if the entity type is of source type | my-sample-repo |
||
| Sha | string | string |
The commit sha of the source entity. Only visible if the entity type is of source type | d6cd1e2bd19e03a81132a23b2025920577f84e37 |
||
| Type | string | string |
✓ | The entity Type of scan that is stored. This is set to either “image” or “source” | image |
ArtifactGroupSearchFilters
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| All | boolean | bool |
If no pagination parameters are provided, defaults to true and returns all available results. | |||
| CVEID | string | string |
An optional CVE ID that the image and source must contain. Only packages, and their images and sources, with this CVE ID will be returned. If both package name and CVE ID are provided, then only the images and sources with the specified package name and CVE ID will be returned. | CVE-7467-2020 |
||
| Digests | []string | []string |
A list of image digests. At least one image digest or source sha must be provided. | ["9n38274ods897fmay487gsdyfga678wr82","7n38274ods897fmay487gsdyfga678wr82"] |
||
| PackageName | string | string |
An optional package name that the image and source must contain. Only packages, and their images and sources, with this name will be returned. If both package name and CVE ID are provided, then only the images and sources with the specified package name and CVE ID will be returned. | package1 |
||
| Page | int64 (formatted integer) | int64 |
1 |
|||
| PageSize | int64 (formatted integer) | int64 |
20 |
|||
| Shas | []string | []string |
A list of source shas. At least one image digest or source sha must be provided. | ["sha256:2c11624a8d9c9071996a886a4acaf09939ef3386e4c07735c6a2532f02eed4ea","sha256:04bafe0d8df23ec342edb72acc3fb02f61c418bc6e8d7093149956a9aad2d12a"] |
ArtifactGroupSearchPackagePostResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Homepage | string | string |
URL of the package’s homepage | https://github.com/jackc/pgconn |
||
| ID | uint64 (formatted integer) | uint64 |
Package ID | 12 |
||
| Name | string | string |
Name of the package | github.com/jackc/pgconn |
||
| PackageManager | string | string |
Package manager used to install, upgrade, configure, and remove the package | Go |
||
| Version | string | string |
Version of the package | v1.13.0 |
||
| Vulnerabilities | []VulnerabilityResponse | []*VulnerabilityResponse |
ArtifactGroupSearchPostResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Entities | []ArtifactGroupSearchEntityPostResponse | []*ArtifactGroupSearchEntityPostResponse |
Entities associated with the Artifact Group | |||
| Labels | map of string | map[string]string |
Key-Value pair of labels associated with the Artifact Group | {"env":"production","namespace":"default"} |
||
| ReportUID | string | string |
Unique identifier for the report | |||
| UID | string | string |
Unique identifier for the Artifact Group such as workload UID | 8b1cc5da-fabe-45a6-ab8c-49260bbeef99 |
ArtifactGroupVulnReachFiltersPostRequest
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| All | boolean | bool |
If no pagination parameters are provided, defaults to true and returns all available results. | |||
| Digests | []string | []string |
A list of image digests. | ["sha256:2c11624a8d9c9071996a886a4acaf09939ef3386e4c07735c6a2532f02eed4ea","sha256:04bafe0d8df23ec342edb72acc3fb02f61c418bc6e8d7093149956a9aad2d12a"] |
||
| Page | int64 (formatted integer) | int64 |
1 |
|||
| PageSize | int64 (formatted integer) | int64 |
20 |
|||
| Severities | []string | []string |
Optional list of severities to filter vulnerabilities on. Possible values are: low, medium, high, critical, unknown. | ["critical","high"] |
||
| Shas | []string | []string |
A list of source shas. | ["9n38274ods897fmay487gsdyfga678wr82","7n38274ods897fmay487gsdyfga678wr82"] |
ArtifactGroupVulnReachPostResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| AgCount | uint64 (formatted integer) | uint64 |
Number of artifact groups affected by the vulnerability | 5 |
||
| Vulnerability | VulnerabilityResponse | VulnerabilityResponse |
ArtifactGroupVulnSearchFilters
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| All | boolean | bool |
If no pagination parameters are provided, defaults to true and returns all available results. | |||
| ArtifactGroupUID | string | string |
An optional artifact group UID that the image and source must contain. Only artifact groups, and their images and sources, with this artifact group UID will be returned. If both package name and artifact group UID are provided, then only the images and sources with the specified package name and artifact group UID will be returned. | 9aa3548e-5fae-11ed-9b6a-0242ac120002 |
||
| Digests | []string | []string |
A list of image digests. At least one image digest or source sha must be provided. | ["9n38274ods897fmay487gsdyfga678wr82","7n38274ods897fmay487gsdyfga678wr82"] |
||
| PackageName | string | string |
An optional package name that the image and source must contain. Only packages, and their images and sources, with this name will be returned. If both package name and artifact group UID are provided, then only the images and sources with the specified package name and artifact group UID will be returned. | package1 |
||
| Page | int64 (formatted integer) | int64 |
1 |
|||
| PageSize | int64 (formatted integer) | int64 |
20 |
|||
| Shas | []string | []string |
A list of source shas. At least one image digest or source sha must be provided. | ["sha256:2c11624a8d9c9071996a886a4acaf09939ef3386e4c07735c6a2532f02eed4ea","sha256:04bafe0d8df23ec342edb72acc3fb02f61c418bc6e8d7093149956a9aad2d12a"] |
ArtifactGroupVulnSearchPostResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| ArtifactGroups | []ArtifactGroupResponse | []*ArtifactGroupResponse |
||||
| CNA | string | string |
CVE Numbering Authority | GitHub, Inc. |
||
| CVEID | string | string |
CVE ID of the vulnerability | CVE-7467-2020 |
||
| Description | string | string |
Description of the vulnerability | IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 could allow unauthorized viewing of logs and files due to insufficient authorization checks. IBM X-Force ID: 218856. |
||
| ID | uint64 (formatted integer) | uint64 |
Vulnerability ID | 12 |
||
| Packages | []PackageResponse | []*PackageResponse |
||||
| Ratings | []RatingResponse | []*RatingResponse |
Rating information | |||
| References | []string | []string |
Additional external links | ["https://github.com/example/repo/issues/11","https://github.com/example/repo/issues/31"] |
||
| URL | string | string |
Related url to the vulnerability | https://nvd.nist.gov/vuln/detail/CVE-7467-2020 |
BaseArtifactGroupResponse
BaseEntityResponse
BasePackageResponse
BaseRatingResponse
BaseReportResponse
BaseVulnerabilityResponse
DeletedAt
- composed type NullTime
EntityCreatePostResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| ID | uint64 (formatted integer) | uint64 |
✓ | The database ID of the source or image | 24 |
|
| Type | string | string |
✓ | The entity Type of scan that is stored. This is set to either “image” or “source”. | image |
EntityResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Digest | string | string |
The digest of the image entity. Only visible if the entity is of image type | sha256:f7de1564f13da1ef7e5720ebce14006793242c0d8d7d60c343632bcf3bc5306d |
||
| Host | string | string |
The dns name where the source entity is hosted on. Only visible if the entity type is of source type | gitlab.com |
||
| ID | uint64 (formatted integer) | uint64 |
✓ | The database ID of the source or image | 24 |
|
| Name | string | string |
The name of the image entity. Only visible if the entity is of image type | checkr/flagr |
||
| Org | string | string |
The organization name of the source entity. Only visible if the entity type is of source type | my-organization |
||
| Registry | string | string |
The DNS name of the registry that stores the image entity. Only visible if the entity is of image type | docker.io |
||
| Repo | string | string |
The repository name of the source entity. Only visible if the entity type is of source type | my-sample-repo |
||
| Sha | string | string |
The commit sha of the source entity. Only visible if the entity type is of source type | d6cd1e2bd19e03a81132a23b2025920577f84e37 |
||
| Type | string | string |
✓ | The entity Type of scan that is stored. This is set to either “image” or “source” | image |
ErrorMessage
ErrorMessage wraps an error message in a struct so responses are properly marshalled as a JSON object.
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Message | string | string |
in: body | something went wrong |
GetVulnerabilityAnalysisResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Analysis | []VAAnalysisResponse | []*VAAnalysisResponse |
✓ | A collection of analyses regarding the applicability and response to the | ||
| detected vulnerability | ||||||
| ArtifactGroupUID | string | string |
Unique user identifier for the artifact group | workload-11 |
||
| CreatedBy | string | string |
The identity of the person responsible for creating the triage | John Doe |
||
| UID | string | string |
✓ | Unique identifier for the vulnerability analysis | 8b1cc5da-fabe-45a6-ab8c-49260bbeef99 |
|
| image | VAImageResponse | VAImageResponse |
||||
| package | VAPackageResponse | VAPackageResponse |
✓ | |||
| source | VASourceResponse | VASourceResponse |
||||
| vulnerability | VAVulnerabilityResponse | VAVulnerabilityResponse |
✓ |
Image
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Digest | string | string |
✓ | 9n38274ods897fmay487gsdyfga678wr82 |
||
| ID | uint64 (formatted integer) | uint64 |
||||
| Name | string | string |
✓ | myorg/application |
||
| Packages | []Package | []*Package |
||||
| Registry | string | string |
✓ | docker.io |
||
| Sources | []Source | []*Source |
MethodType
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| CreatedAt | date-time (formatted string) | strfmt.DateTime |
||||
| DeletedAt | DeletedAt | DeletedAt |
||||
| ID | uint64 (formatted integer) | uint64 |
||||
| Name | string | string |
||||
| Rating | []Rating | []*Rating |
||||
| UpdatedAt | date-time (formatted string) | strfmt.DateTime |
Model
type User struct { gorm.Model }
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| CreatedAt | date-time (formatted string) | strfmt.DateTime |
||||
| DeletedAt | DeletedAt | DeletedAt |
||||
| ID | uint64 (formatted integer) | uint64 |
||||
| UpdatedAt | date-time (formatted string) | strfmt.DateTime |
MultipleReportSearchFilters
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| All | boolean | bool |
If no pagination parameters are provided, defaults to true and returns all available results. | |||
| Page | int64 (formatted integer) | int64 |
1 |
|||
| PageSize | int64 (formatted integer) | int64 |
20 |
|||
| ReportUIDs | []string | []string |
✓ | ["8b1cc5da-fabe-45a6-ab8c-49260bbeef99","030834c0-972b-48a0-a9d7-f31552da2870"] |
NullTime
NullTime implements the Scanner interface so it can be used as a scan destination, similar to NullString.
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Time | date-time (formatted string) | strfmt.DateTime |
||||
| Valid | boolean | bool |
Package
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Homepage | string | string |
||||
| ID | uint64 (formatted integer) | uint64 |
||||
| Images | []Image | []*Image |
||||
| Name | string | string |
||||
| PackageManager | string | string |
||||
| Sources | []Source | []*Source |
||||
| Version | string | string |
||||
| Vulnerabilities | []Vulnerability | []*Vulnerability |
PackageResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Homepage | string | string |
URL of the package’s homepage | https://github.com/jackc/pgconn |
||
| ID | uint64 (formatted integer) | uint64 |
Package ID | 12 |
||
| Name | string | string |
Name of the package | github.com/jackc/pgconn |
||
| PackageManager | string | string |
Package manager used to install, upgrade, configure, and remove the package | Go |
||
| Version | string | string |
Version of the package | v1.13.0 |
PaginatedArtifactGroupSearchPostResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Count | int64 (formatted integer) | int64 |
Total number of results of all combined pages | 10 |
||
| CurrentPage | int64 (formatted integer) | int64 |
Current page of results to return | 1 |
||
| LastPage | int64 (formatted integer) | int64 |
Last page which contains results | 2 |
||
| PageSize | int64 (formatted integer) | int64 |
Number of results returned per request | 20 |
||
| Results | []ArtifactGroupSearchPostResponse | []*ArtifactGroupSearchPostResponse |
PaginatedArtifactGroupVulnReachPostResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Count | int64 (formatted integer) | int64 |
Total number of results of all combined pages | 10 |
||
| CurrentPage | int64 (formatted integer) | int64 |
Current page of results to return | 1 |
||
| LastPage | int64 (formatted integer) | int64 |
Last page which contains results | 2 |
||
| PageSize | int64 (formatted integer) | int64 |
Number of results returned per request | 20 |
||
| Results | []ArtifactGroupVulnReachPostResponse | []*ArtifactGroupVulnReachPostResponse |
PaginatedArtifactGroupVulnSearchPostResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Count | int64 (formatted integer) | int64 |
Total number of results of all combined pages | 10 |
||
| CurrentPage | int64 (formatted integer) | int64 |
Current page of results to return | 1 |
||
| LastPage | int64 (formatted integer) | int64 |
Last page which contains results | 2 |
||
| PageSize | int64 (formatted integer) | int64 |
Number of results returned per request | 20 |
||
| Results | []ArtifactGroupVulnSearchPostResponse | []*ArtifactGroupVulnSearchPostResponse |
PaginatedReportsSearchPostResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Count | int64 (formatted integer) | int64 |
Total number of results of all combined pages | 10 |
||
| CurrentPage | int64 (formatted integer) | int64 |
Current page of results to return | 1 |
||
| LastPage | int64 (formatted integer) | int64 |
Last page which contains results | 2 |
||
| PageSize | int64 (formatted integer) | int64 |
Number of results returned per request | 20 |
||
| Results | []ReportResponse | []*ReportResponse |
PaginatedResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Count | int64 (formatted integer) | int64 |
Total number of results of all combined pages | 10 |
||
| CurrentPage | int64 (formatted integer) | int64 |
Current page of results to return | 1 |
||
| LastPage | int64 (formatted integer) | int64 |
Last page which contains results | 2 |
||
| PageSize | int64 (formatted integer) | int64 |
Number of results returned per request | 20 |
||
| Results | [][interface{}](#interface) | []interface{} |
PaginatedSearchReportResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Count | int64 (formatted integer) | int64 |
Total number of results of all combined pages | 10 |
||
| CurrentPage | int64 (formatted integer) | int64 |
Current page of results to return | 1 |
||
| LastPage | int64 (formatted integer) | int64 |
Last page which contains results | 2 |
||
| PageSize | int64 (formatted integer) | int64 |
Number of results returned per request | 20 |
||
| Results | []SearchReportResponse | []*SearchReportResponse |
PaginatedVulnerabilityAnalysisResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Count | int64 (formatted integer) | int64 |
Total number of results of all combined pages | 10 |
||
| CurrentPage | int64 (formatted integer) | int64 |
Current page of results to return | 1 |
||
| LastPage | int64 (formatted integer) | int64 |
Last page which contains results | 2 |
||
| PageSize | int64 (formatted integer) | int64 |
Number of results returned per request | 20 |
||
| Results | []GetVulnerabilityAnalysisResponse | []*GetVulnerabilityAnalysisResponse |
Rating
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| ID | uint64 (formatted integer) | uint64 |
||||
| MethodType | MethodType | MethodType |
||||
| MethodTypeID | uint64 (formatted integer) | uint64 |
||||
| Score | double (formatted number) | float64 |
||||
| Severity | string | string |
||||
| Vector | string | string |
RatingResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| ID | uint64 (formatted integer) | uint64 |
Rating ID | 3 |
||
| MethodTypeID | uint64 (formatted integer) | uint64 |
ID of the method used to score the Rating. 1: CVSSv2, 2: CVSSv3, 4: CVSSv31, 5: OWASP, all other ids: Unknown | 1 |
||
| Score | double (formatted number) | float64 |
CVSS score | 9.7 |
||
| Severity | string | string |
Threat level of vulnerability | High |
||
| Vector | string | string |
CVSS score in vector format | AV:L/AC:L/Au:N/C:C/I:C/A:C |
ReportArtifactGroupResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Labels | map of string | map[string]string |
Key-Value pair of labels associated with the Artifact Group | {"env":"production","namespace":"default"} |
||
| UID | string | string |
Unique identifier for the Artifact Group such as workload UID | 8b1cc5da-fabe-45a6-ab8c-49260bbeef99 |
ReportEntityResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| ArtifactGroups | []ReportArtifactGroupResponse | []*ReportArtifactGroupResponse |
The artifact group this report is part of | |||
| Digest | string | string |
The digest of the image entity. Only visible if the entity is of image type | sha256:f7de1564f13da1ef7e5720ebce14006793242c0d8d7d60c343632bcf3bc5306d |
||
| Host | string | string |
The dns name where the source entity is hosted on. Only visible if the entity type is of source type | gitlab.com |
||
| Name | string | string |
The name of the image entity. Only visible if the entity is of image type | checkr/flagr |
||
| Org | string | string |
The organization name of the source entity. Only visible if the entity type is of source type | my-organization |
||
| Packages | []ReportPackageResponse | []*ReportPackageResponse |
List of packages that are associated with the report | |||
| Registry | string | string |
The DNS name of the registry that stores the image entity. Only visible if the entity is of image type | docker.io |
||
| Repo | string | string |
The repository name of the source entity. Only visible if the entity type is of source type | my-sample-repo |
||
| Sha | string | string |
The commit sha of the source entity. Only visible if the entity type is of source type | d6cd1e2bd19e03a81132a23b2025920577f84e37 |
||
| Type | string | string |
✓ | The entity Type of scan that is stored. This is set to either “image” or “source” | image |
ReportPackageResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Homepage | string | string |
URL of the package’s homepage | https://github.com/jackc/pgconn |
||
| Name | string | string |
Name of the package | github.com/jackc/pgconn |
||
| PackageManager | string | string |
Package manager used to install, upgrade, configure, and remove the package | Go |
||
| Version | string | string |
Version of the package | v1.13.0 |
||
| Vulnerabilities | []ReportVulnerabilityResponse | []*ReportVulnerabilityResponse |
List of vulnerabilities associated with this package that were surfaced in this report |
ReportRatingResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| MethodType | string | string |
Method used to score the Rating | CVSSv2 |
||
| Score | double (formatted number) | float64 |
CVSS score | 9.7 |
||
| Severity | string | string |
Threat level of vulnerability | High |
||
| Vector | string | string |
CVSS score in vector format | AV:L/AC:L/Au:N/C:C/I:C/A:C |
ReportResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| GeneratedAt | string | string |
The date and time this report was submitted to the Store. Time format is in ISO 8601 | 2006-01-02T15:04:05Z07:00 |
||
| OriginalLocation | string | string |
The OCI registry location of the original SBOM vulnerability scan that generated this report | |||
| This can be an individual file, or a bundle | ||||||
| OriginalLocationFilePath | string | string |
The location inside the bundle where the original SBOM vulnerability scan that generated this report can be found. | |||
| Used when the original location points to a bundle that contains multiple SBOM vulnerability scans. | some/path/scan-result.cyclonedx.yaml |
|||||
| UID | string | string |
The unique identifier of the report | 6b96a6ff-248d-4c36-b385-93c3813e1e86 |
||
| entity | ReportEntityResponse | ReportEntityResponse |
||||
| tool | ReportToolResponse | ReportToolResponse |
ReportToolResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Name | string | string |
The name of the tool that generated the original SBOM report | Grype |
||
| Vendor | string | string |
The name of the vendor of the tool that generated the original SBOM report | Anchore |
||
| Version | string | string |
The version of the tool that generated the original SBOM report | v0.61.1 |
ReportVulnerabilityResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| CNA | string | string |
CVE Numbering Authority | GitHub, Inc. |
||
| CVEID | string | string |
CVE ID of the vulnerability | CVE-7467-2020 |
||
| Description | string | string |
Description of the vulnerability | IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 could allow unauthorized viewing of logs and files due to insufficient authorization checks. IBM X-Force ID: 218856. |
||
| Ratings | []ReportRatingResponse | []*ReportRatingResponse |
List of ratings associated with this vulnerability that were surfaced in this report | |||
| References | []string | []string |
Additional external links | ["https://github.com/example/repo/issues/11","https://github.com/example/repo/issues/31"] |
||
| URL | string | string |
Related url to the vulnerability | https://nvd.nist.gov/vuln/detail/CVE-7467-2020 |
SearchReportResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| EntityType | string | string |
The entity type of scan that is stored. This is set to either “image” or “source” | image |
||
| EntityUID | string | string |
The sha/digest of the source or image associated with this report | sha256:5435994e6ae823886689fddeba452f6e806947c5efcca0e4e76f0a187b7d9871 |
||
| GeneratedAt | string | string |
The date and time this report was submitted to the Store. Time format is in ISO 8601 | 2006-01-02T15:04:05Z07:00 |
||
| OriginalLocation | string | string |
The OCI registry location of the original SBOM vulnerability scan that generated this report | |||
| This can be an individual file, or a bundle | ||||||
| OriginalLocationFilePath | string | string |
The location inside the bundle where the original SBOM vulnerability scan that generated this report can be found. | |||
| Used when the original location points to a bundle that contains multiple SBOM vulnerability scans. | some/path/scan-result.cyclonedx.yaml |
|||||
| UID | string | string |
The unique identifier of the report | 6b96a6ff-248d-4c36-b385-93c3813e1e86 |
||
| artifact_group | ReportArtifactGroupResponse | ReportArtifactGroupResponse |
||||
| tool | ReportToolResponse | ReportToolResponse |
Source
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| DeletedAt | DeletedAt | DeletedAt |
||||
| Host | string | string |
gitlab.com |
|||
| ID | uint64 (formatted integer) | uint64 |
||||
| Images | []Image | []*Image |
||||
| Organization | string | string |
vmware |
|||
| Packages | []Package | []*Package |
||||
| Repository | string | string |
✓ | myproject |
||
| Sha | string | string |
✓ | 0eb5fcd1 |
StringArray
[]string
V1ImagePostResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Digest | string | string |
The sha256 digest of the image | sha256:2b46bcf70f38c3146370208d547db81e548437a40b4b23326b0135330d62c2a0 |
||
| ID | int64 (formatted integer) | int64 |
The database ID of the image. | 24 |
||
| Name | string | string |
The name of the image repository containing the image | anchore/grype |
||
| Registry | string | string |
The registry name where the image is hosted. | my-sample-repo |
||
| ReportUid | string | string |
The report’s unique identifier associated with the data submitted by this image | 6b96a6ff-248d-4c36-b385-93c3813e1e86 |
V1SourcePostResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Host | string | string |
The dns name where the source is hosted. | gitlab.com |
||
| ID | int64 (formatted integer) | int64 |
The database ID of the source. | 24 |
||
| Organization | string | string |
The organization name of the source. | my-organization |
||
| ReportUID | string | string |
The global unique identifier for the report. | 1234abcd-1234-1234-1234-123456abcdef |
||
| Repository | string | string |
The repository name of the source. | my-sample-repo |
||
| Sha | string | string |
The commit sha of the source. | d6cd1e2bd19e03a81132a23b2025920577f84e37 |
VAAnalysisResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Comments | string | string |
Free form comments for the analysis | Lorem ipsum dolor sit amet |
||
| CreatedBy | string | string |
Author of the vulnerability analysis | John Doe |
||
| Justification | string | string |
The rationale of why the analysis state was asserted | code_not_present |
||
| Response | []string | []string |
A response to the vulnerability by the manufacturer, supplier, or project responsible for the affected component or service | |||
| State | string | string |
✓ | Triage analysis state | in_triage |
VAImageResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Digest | string | string |
✓ | The digest of the image | sha256:f7de1564f13da1ef7e5720ebce14006793242c0d8d7d60c343632bcf3bc5306d |
|
| Name | string | string |
✓ | The name of the image repository containing the image | anchore/grype |
|
| Registry | string | string |
The DNS name of the registry that stores the image | docker.io |
VAPackageResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Name | string | string |
✓ | OS or Application package name | libc |
|
| PackageManager | string | string |
✓ | Package manager used to install, upgrade, configure, and remove the package | Go |
|
| Version | string | string |
✓ | OS or Application package version | 0.0.1 |
VASourceResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Org | string | string |
The organization name of the source entity | my-organization |
||
| Repo | string | string |
The repository name of the source | my-sample-repo |
||
| Sha | string | string |
✓ | The commit sha of the source | d6cd1e2bd19e03a81132a23b2025920577f84e37 |
VAVulnerabilityResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| CVEID | string | string |
✓ | Unique identifier of the vulnerability | CVE-2020-0001 |
|
| Description | string | string |
A description of the vulnerability identified by the CVEID | An attacker who can control log messages or log message parameters can execute arbitrary code loaded |
Vulnerability
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| CNA | string | string |
GitHub, Inc. |
|||
| CVEID | string | string |
✓ | CVE-7467-2020 |
||
| Description | string | string |
A description of CVE-7467-2020 |
|||
| ID | uint64 (formatted integer) | uint64 |
||||
| Packages | []Package | []*Package |
||||
| Ratings | []Rating | []*Rating |
||||
| References | StringArray | StringArray |
||||
| URL | string | string |
https://nvd.nist.gov/vuln/detail/CVE-7467-2020 |
VulnerabilityAnalysisCopyRequest
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| ArtifactGroupUid | string | string |
UID of Workload linked to the image or source | 8b1cc5da-fabe-45a6-ab8c-49260bbeef99 |
||
| CreatedBy | string | string |
User calling in the endpoint | [email protected] |
||
| image | AnalysisInstanceImageDependency | AnalysisInstanceImageDependency |
||||
| source | AnalysisInstanceSourceDependency | AnalysisInstanceSourceDependency |
VulnerabilityAnalysisRequest
- composed type VulnerabilityAnalysisCopyRequest
- inlined member (AO1)
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| analysis | AnalysisRequest | AnalysisRequest |
||||
| package | AnalysisInstancePackageDependency | AnalysisInstancePackageDependency |
✓ | |||
| vulnerability | Vulnerability | Vulnerability |
✓ |
Inlined models
Vulnerability
Vulnerability to triage
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| CVEID | string | string |
Unique identifier of the vulnerability | CVE-2020-0001 |
VulnerabilityResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| CNA | string | string |
CVE Numbering Authority | GitHub, Inc. |
||
| CVEID | string | string |
CVE ID of the vulnerability | CVE-7467-2020 |
||
| Description | string | string |
Description of the vulnerability | IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 could allow unauthorized viewing of logs and files due to insufficient authorization checks. IBM X-Force ID: 218856. |
||
| ID | uint64 (formatted integer) | uint64 |
Vulnerability ID | 12 |
||
| Ratings | []RatingResponse | []*RatingResponse |
Rating information | |||
| References | []string | []string |
Additional external links | ["https://github.com/example/repo/issues/11","https://github.com/example/repo/issues/31"] |
||
| URL | string | string |
Related url to the vulnerability | https://nvd.nist.gov/vuln/detail/CVE-7467-2020 |
paginatedImageResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Count | int64 (formatted integer) | int64 |
Total number of results of all combined pages | 10 |
||
| CurrentPage | int64 (formatted integer) | int64 |
Current page of results to return | 1 |
||
| LastPage | int64 (formatted integer) | int64 |
Last page which contains results | 2 |
||
| PageSize | int64 (formatted integer) | int64 |
Number of results returned per request | 20 |
||
| Results | []ResponseImage | []*ResponseImage |
paginatedPackageResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Count | int64 (formatted integer) | int64 |
Total number of results of all combined pages | 10 |
||
| CurrentPage | int64 (formatted integer) | int64 |
Current page of results to return | 1 |
||
| LastPage | int64 (formatted integer) | int64 |
Last page which contains results | 2 |
||
| PageSize | int64 (formatted integer) | int64 |
Number of results returned per request | 20 |
||
| Results | []ResponsePackage | []*ResponsePackage |
paginatedSourceResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Count | int64 (formatted integer) | int64 |
Total number of results of all combined pages | 10 |
||
| CurrentPage | int64 (formatted integer) | int64 |
Current page of results to return | 1 |
||
| LastPage | int64 (formatted integer) | int64 |
Last page which contains results | 2 |
||
| PageSize | int64 (formatted integer) | int64 |
Number of results returned per request | 20 |
||
| Results | []ResponseSource | []*ResponseSource |
paginatedVulnerabilityResponse
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| Count | int64 (formatted integer) | int64 |
Total number of results of all combined pages | 10 |
||
| CurrentPage | int64 (formatted integer) | int64 |
Current page of results to return | 1 |
||
| LastPage | int64 (formatted integer) | int64 |
Last page which contains results | 2 |
||
| PageSize | int64 (formatted integer) | int64 |
Number of results returned per request | 20 |
||
| Results | []ResponseVulnerability | []*ResponseVulnerability |
responseImage
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| CreatedAt | date-time (formatted string) | strfmt.DateTime |
||||
| Digest | string | string |
✓ | 9n38274ods897fmay487gsdyfga678wr82 |
||
| ID | uint64 (formatted integer) | uint64 |
||||
| Name | string | string |
✓ | myorg/application |
||
| Packages | []Package | []*Package |
||||
| Registry | string | string |
✓ | docker.io |
||
| Sources | []Source | []*Source |
||||
| UpdatedAt | date-time (formatted string) | strfmt.DateTime |
responsePackage
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| CreatedAt | date-time (formatted string) | strfmt.DateTime |
||||
| Homepage | string | string |
||||
| ID | uint64 (formatted integer) | uint64 |
||||
| Images | []Image | []*Image |
||||
| Name | string | string |
||||
| PackageManager | string | string |
||||
| Sources | []Source | []*Source |
||||
| UpdatedAt | date-time (formatted string) | strfmt.DateTime |
||||
| Version | string | string |
||||
| Vulnerabilities | []Vulnerability | []*Vulnerability |
responseSource
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| CreatedAt | date-time (formatted string) | strfmt.DateTime |
||||
| DeletedAt | DeletedAt | DeletedAt |
||||
| Host | string | string |
gitlab.com |
|||
| ID | uint64 (formatted integer) | uint64 |
||||
| Images | []Image | []*Image |
||||
| Organization | string | string |
vmware |
|||
| Packages | []Package | []*Package |
||||
| Repository | string | string |
✓ | myproject |
||
| Sha | string | string |
✓ | 0eb5fcd1 |
||
| UpdatedAt | date-time (formatted string) | strfmt.DateTime |
responseVulnerability
Properties
| Name | Type | Go type | Required | Default | Description | Example |
|---|---|---|---|---|---|---|
| CNA | string | string |
GitHub, Inc. |
|||
| CVEID | string | string |
✓ | CVE-7467-2020 |
||
| CreatedAt | date-time (formatted string) | strfmt.DateTime |
||||
| Description | string | string |
A description of CVE-7467-2020 |
|||
| ID | uint64 (formatted integer) | uint64 |
||||
| Packages | []Package | []*Package |
||||
| Ratings | []Rating | []*Rating |
||||
| References | StringArray | StringArray |
||||
| URL | string | string |
https://nvd.nist.gov/vuln/detail/CVE-7467-2020 |
|||
| UpdatedAt | date-time (formatted string) | strfmt.DateTime |
