Generate CVE Search Report

Xray REST APIs

Products
JFrog Xray
Content Type
REST API
ft:sourceType
Paligo

Description: Generates a CVE Search Report with data defined by scope and filters. This request starts the report generation process which runs in the background. 

The search will only work on indexed resources.

The report limit is up to 5 reports. Any new reports after the 5 limit, will delete previously generated reports.

Since: 3.73.x

Security: Requires a user with the Manage Reports role.

Usage: POST /api/v1/reports/cveSearch

Usage Notes:

  • Request can have exactly one resource type: Repositories/Build/ReleaseBundle/Project.

  • Repositories can have include/exclude patterns.

  • Build can have patterns or repos/name. Last versions must be higher than 0. Include pattern can be ‘*’.

  • Release bundles must have either names or patterns. Last versions must be higher than 0. Include pattern can be ‘*’.

  • Project must have either key or patterns. Last versions must be higher than 0. Include pattern can be ‘*’.

  • CVE must follow regex pattern.

Required Parameters

Parameter

Type

Mandatory/Optional

Description

CVE

string

mandatory

The CVE for the report

name

string

optional

The given name for the report

resources

object <resources>

mandatory

The scope for the report

filters

object <filters>

optional

The filters for results

Filters

Parameter

Type

Mandatory/Optional

Description

vulnerable_component

string

optional

Wildcard patterns for excluding components.

scan_date.start

string

optional

The start of this date range. This is a timestamp in RFC 3339 format: <YYYY-MM-DDTHH-MM-SSZ>

scan_date.end

string

optional

The end of this date range. This is a timestamp in RFC 3339 format: <YYYY-MM-DDTHH-MM-SSZ>

impacted_artifact

string

optional

Wildcard patterns for excluding artifacts.

Resources

Parameter

Type

Mandatory/Optional

repositories

array <repo>

Providing a singe resource type is mandatory

builds

object <build>

release_bundles

object <bundle>

projects

object <project>

repo

Parameter

Type

Mandatory/Optional

Description

name

string

Providing one of the parameters is mandatory

Repository name

include_path_patterns

array <string>

Wildcard patterns for including repository paths.

exclude_path_patterns

array <string>

Wildcard patterns for excluding repository paths.

build

Parameter

Type

Mandatory/Optional

Description

names

array <string>

Providing one of the parameters is mandatory

builds_with_repos

array <build_with_repo>

include_patterns

array <string>

Wildcard patterns for including build names

exclude_patterns

array <string>

Wildcard patterns for build names.

number_of_latest_versions

int

mandatory

The limit of latest versions to reference

bundle

Parameter

Type

Mandatory/Optional

Description

names

array <string>

Providing one of the parameters is mandatory

builds_with_repos

array <build_with_repo>

include_patterns

array <string>

Wildcard patterns for including release bundle names.

exclude_patterns

array <string>

Wildcard patterns for release bundle names.

number_of_latest_versions

int

mandatory

The limit of latest versions to reference

build_with_repo

Parameter

Type

Mandatory/Optional

Description

build

string

mandatory

Build name

project

string

mandatory

project key

repo

string

mandatory

Repository name

projects

Parameter

Type

Mandatory/Optional

Description

names

array <string>

Providing one of the parameters is mandatory

List of project keys to include.

include_key_patterns

array <string>

Wildcard patterns for including project keys.

exclude_key_patterns

array <string>

Wildcard patterns for project keys.

number_of_latest_versions

int

mandatory

The limit of latest versions to reference.

Response Codes

Status Code

Description

200

OK

201

Created

400

Bad request

500

Server error

Sample Request

{
  "cve": "CVE-2021-45046",
  "name": "report-name",
  "filters": {
    "vulnerable_component": "*vulnerable:component*",
    "impacted_artifact": "*impacted:artifact*",
    "scan_date": {
        "start": "2023-01-05T08:00:00Z",
        "end": "2023-01-22T20:00:00Z"
    }
  },
  "resources": {
    "repositories": [
        {
            "name": "repo-local"
        },
        {
            "include_path_patterns": [
                "c/d/*",
                "t/s*"
            ],
            "exclude_path_patterns": [
                "x/z/*"
            ]
        }
    ],
    "builds": {
        "builds_with_repos": [
            {
                "build": "build_name",
                "project": "projectKey",
                "repo": "repo-name",
            },
        ],
        "include_patterns": [
            "c/d/*",
            "t/s*"
        ],
        "exclude_patterns": [
            "x/z/*"
        ],
        "names": [
            "name1",
            "name2"
        ],
        "number_of_latest_versions": 12345
    },
  }
}

Sample Response

200 OK
{
  "report_id": 3,
  "status": "pending"
}