Description: Search for CVEs by the infected components
Security: Requires a valid user with "Admin" permissions. For Xray 3.8 and above, this only requires a valid user with the "Manage Reports'' role.
Usage: POST /xray/api/v1/component/searchCvesByComponents
Consumes: application/json
Produces: application/json
Request body:
Name | Type | Required/Optional | Description |
|---|---|---|---|
| array | required | An array of component IDs to search for CVEs |
Response body:
Name | Type | Description |
|---|---|---|
| string | The component ID |
| array | An array of CVEs associated with the component |
| string | Error message if component retrieval fails |
Example Usage: POST api/v1/component/searchCvesByComponents
Request Body
{
"components_id": ["gav://commons-collections:commons-collections:3.2.1","c2"]
}
Sample Response:
[
{
"component": "gav://commons-collections:commons-collections:3.2.1",
"cves": [
"CVE-2017-15708"
]
},
{
"component": "c2",
"error": "Failed to get component",
"cves": []
}
]
Response Codes
Status Code | Description |
|---|---|
200 | Valid Response |
415 | Failed to parse request |
500 | Failed to search CVEs of components |