Find Component by CVE

Xray REST APIs

Products
JFrog Xray
Content Type
REST API
ft:sourceType
Paligo

Description: Search for a component by the CVEs it contains directly

Security: Requires a valid user with "Admin" permissions. For Xray 3.8 and above, this only requires a valid user with the "Manage Reports'' role.

Usage: POST api/v1/component/searchByCves

Consumes: application/json

Produces: application/json

Request body:

Name

Type

Required/Optional

Description

cves

array

required

An array of CVEs to search for

Response body:

Name

Type

Description

cve_details

string

The CVE identifier

components

array

An array of components containing the specified CVEs

Component Object:

Name

Type

Description

name

string

The name of the component

package_type

string

The package type of the component

version

string

The version of the component

link

string

The link to the component details in Xray

Example Usage: POST api/v1/component/searchByCves

Request Body

[
    {
        "checksum": "1e4aa36346ceb27a30ea0fb2a531b35fb74e4fe7cf5231ee94a58736518d5685",
        "binary_manager_id": "default",
        "repo": "xray-demo-docker-local",
        "path": "/ics/latest/manifest.json",
        "package_name": "docker://ics",
        "version": "latest"
    },
    {
        "checksum": "1e4aa36346ceb27a30ea0fb2a531b35fb74e4fe7cf5231ee94a58736518d5685",
        "binary_manager_id": "default",
        "repo": "xray-demo-docker-local",
        "path": "/ics/latest/manifest.json",
        "package_name": "docker://ics/latest",
        "version": "latest"
    },
    {
        "checksum": "1e4aa36346ceb27a30ea0fb2a531b35fb74e4fe7cf5231ee94a58736518d5685",
        "binary_manager_id": "default",
        "repo": "xray-demo-docker-local",
        "path": "/ics/latest/manifest.json",
        "package_name": "docker://ics1",
        "version": "latest"
    }
]

Sample Response

[
  {
    "cve_details": "CVE-2017-15708",
    "components": [
      {
        "name": "commons-collections:commons-collections",
        "package_type": "Maven",
        "version": "3.2.1",
        "link": "http://10.1.16.130:8000/web/#/component/details/gav:~2F~2Fcommons-collections:commons-collections/3.2.1"
      }
    ]
  },
  {
    "cve_details": "CVE-2017-15709",
    "components": []
  }
]

Response Codes

Response Code

Description

200

Valid response

415

Failed to parse request

400

Got invalid CVE

600

Failed to search components by CVEs