Get Contextual Analysis per Vulnerability V2

Xray REST APIs

Products
JFrog Xray
Content Type
REST API
ft:sourceType
Paligo

Description: Retrieves Contextual Analysis data for vulnerability

Since: 3.91.x

Notes: In Get Contextual Analysis per Vulnerability v2 REST API the “applicability” boolean was replaced with the “result” string. Possible values: not_scannedapplicable, not_applicable, undetermined, rescan_required, upgrade_required, not_covered

Currently, you can retrieve the evidence details only with the Get Contextual Analysis per Vulnerability V1

Security: Requires a valid user with the "Read" permissions

Usage: GET /xray/api/v2/cve_applicability

Produces: application/json

Query parameters:

Name

Type

Required/Optional

Description

component_id

string

required

Component id is the resource id (artifact/build/release-bundle).

Component id is not unique, all relevant results returned.

If the id is of a build or a release bundle, all artifacts which are direct children of the build/bundle will be considered.

Examples:

docker://pyyaml_3_10_app:1

build://example-build:1 releaseBundleV2://[release-bundles-v2]/docker-rbv2:4

vulnerability_id

string

required

Xray id

Example: XRAY-95701

source_comp_id

string

optional

Source component id is the SBOM package that the vulnerability originates from. If given, only a result matching that component will be returned. If not given, returned results will contain data for any component in the artifact.

Example:

pypi://PyYAML:3.10

path

string

optional

If given, will be used to identify the specific artifact that is relevant. Otherwise, going only by component_id can result in aggregation of results from several artifacts. Only relevant for artifacts (not build/release-bundle).

Example:

docker-local/rabbitmq/latest/manifest.json maven-local/student-services-security-0.0.1-20230711.143048-1.jar

user_issue_id

string

optional

If given, will be used to identify the specific artifact that is relevant. Otherwise, going only by component_id can result in aggregation of results from several artifacts. Only relevant for artifacts (not build/bundle).

Example:

147764179185893785

Response body:

Name

Type

Description

result

string

An aggregated Contextual Analysis The result is based on priority of the results of all the items(ItemObj). For example applicable overrules not_scanned.

Possible values: not_scanned, applicable, not_applicable, undetermined, rescan_required, upgrade_required, not_covered

items

Array [ItemObj]

Array of results

ItemObj

Name

Type

Description

component_id

string

Component id

source_comp_id

string

Source component id

vulnerability_id

string

CVE id (or Xray id if not existing)

result

string

Contextual Analysis result.

Possible values: not_scanned, applicable, not_applicable, undetermined, rescan_required, upgrade_required, not_covered

scanner_explanation

string

Scanner explanation (html format)

info

string

Information about the scan result

Response codes:

Status code

Description

200

OK

400

Bad request - Required fields are missing

403

Permission denied

Example request - repository:

Url: /xray/api/v2/cve_applicability?component_id=docker://xmas:policy&vulnerability_id=XRAY-95701&path=docker-local/app/latest/manifest.json

Example of successful response:

200 OK
{
    "result": "applicable",
    "items": [
        {
            "component_id": "docker://app:latest",
            "source_comp_id": "pypi://PyYAML:5.2",
            "vulnerability_id": "CVE-2020-1747",
            "result": "applicable",
            "scanner_explanation": "<p>The scanner checks whether any of the following vulnerable functions are called:</p>\n<ul>\n<li><code>yaml.full_load()</code></li>\n<li><code>yaml.load()</code> only unsafe calls (without specifying <code>SafeLoader</code> as the <code>Loader</code>class).</li>\n</ul>",
            "info": "The vulnerable function yaml.full_load/load is called"
        }
    ]
}

Example request buildUrl: /xray/api/v2/cve_applicability?vulnerability_id=XRAY-95701&amp;component_id=build://docker-build:1

Example of successful response:

200 OK
{
    "result": "applicable",
    "items": [
        {
            "component_id": "build://docker-build:1",
            "source_comp_id": "pypi://PyYAML:5.2",
            "vulnerability_id": "CVE-2020-1747",
            "result": "applicable",
            "scanner_explanation": "<p>The scanner checks whether any of the following vulnerable functions are called:</p>\n<ul>\n<li><code>yaml.full_load()</code></li>\n<li><code>yaml.load()</code> only unsafe calls (without specifying <code>SafeLoader</code> as the <code>Loader</code>class).</li>\n</ul>",
            "info": "The vulnerable function yaml.full_load/load is called"
        }
    ]
}

Example request release bundleUrl: /xray/api/v2/cve_applicability?vulnerability_id=XRAY-95701&amp;component_id=releaseBundleV2://[release-bundles-v2]/docker-rbv2:4

Example of successful response:

200 OK
{
    "result": "applicable",
    "items": [
        {
            "component_id": "releaseBundleV2://[release-bundles-v2]/docker-rbv2:4",
            "source_comp_id": "pypi://PyYAML:5.2",
            "vulnerability_id": "CVE-2020-1747",
            "result": "applicable",
            "scanner_explanation": "<p>The scanner checks whether any of the following vulnerable functions are called:</p>\n<ul>\n<li><code>yaml.full_load()</code></li>\n<li><code>yaml.load()</code> only unsafe calls (without specifying <code>SafeLoader</code> as the <code>Loader</code>class).</li>\n</ul>",
            "info": "The vulnerable function yaml.full_load/load is called"
        }
    ]
}

Example error response:

400 Bad request
{
    "error": "Badly formatted request"
}