Description: Search for a component by the CVEs it contains directly
Security: Requires a valid user with "Admin" permissions. For Xray 3.8 and above, this only requires a valid user with the "Manage Reports'' role.
Usage: POST /xray/api/v1/component/searchByCves
Consumes: application/json
Produces: application/json
Request body:
Name | Type | Required/Optional | Description |
|---|---|---|---|
| array | required | An array of CVEs to search for |
Response body:
Name | Type | Description |
|---|---|---|
| string | The CVE identifier |
| array | An array of components containing the specified CVEs |
Component Object:
Name | Type | Description |
|---|---|---|
| string | The name of the component |
| string | The package type of the component |
| string | The version of the component |
| string | The link to the component details in Xray |
Example Usage: POST api/v1/component/searchByCves
Request Body
{
"cves": ["CVE-2024-12085"]
} Sample Response
[
{
"cve_details": "CVE-2024-12085",
"components": [
{
"name": "debian:jessie:rsync",
"package_type": "Debian",
"version": "3.1.1-3+deb8u2",
"link": "https://instanceid.jfrog.io/"
},
{
"name": "ubuntu:jammy:rsync",
"package_type": "Debian",
"version": "3.2.7-0ubuntu0.22.04.2",
"link": "https://instanceid.jfrog.io/"
},
{
"name": "8:rsync",
"package_type": "Rpm",
"version": "0:3.1.3-12.el8",
"link": "https://instanceid.jfrog.io/"
},
{
"name": "8:rsync",
"package_type": "Rpm",
"version": "0:3.1.3-14.el8_6.5",
"link": "https://instanceid.jfrog.io/"
},
{
"name": "8:rsync",
"package_type": "Rpm",
"version": "0:3.1.3-19.el8",
"link": "https://instanceid.jfrog.io/"
},
{
"name": "8:rsync",
"package_type": "Rpm",
"version": "0:3.1.3-19.el8_7.1",
"link": "https://instanceid.jfrog.io/"
}
]
}
]Response Codes
Response Code | Description |
|---|---|
200 | Valid response |
415 | Failed to parse request |
400 | Got invalid CVE |
600 | Failed to search components by CVEs |