Component Details REST API
The Component Details REST API provides information on security vulnerability, license data, age, and popularity information for a specified component.
For more information on supported formats and examples, refer to Sonatype Component Identifiers.
Methods supported:
POST
POST api/v2/components/details
Using the POST request, this API can be used to retrieve component data in 3 ways:
Passing the componentIdentifier object
Passing the packageURL identifier for the component
Passing the hash for the component
Example 1: Passing the componentIdentifier
In our example we’ll be searching using Maven coordinates.
Include the componentIdentfier as JSON
{
"components": [
{
"componentIdentifier": {
"format": "maven",
"coordinates": {
"artifactId": "tomcat-util",
"extension": "jar",
"groupId": "tomcat",
"version": "5.5.23"
}
}
}
]
}Putting this together with the cURL command, as well as including the IQ Server URL for the POST resource path, you should have something that looks like this:
curl -u admin:admin123 -X POST -H "Content-Type: application/json" -d '{"components":[{"hash": null,"componentIdentifier": {"format":"maven","coordinates": {"artifactId":"tomcat-util","extension":"jar","groupId":"tomcat","version":"5.5.23"}}}]}' 'http://localhost:8070/api/v2/components/details'Example 2: Passing the packageURL Identifier
Example for retrieving information on a Maven component:
{
"components": [
{
"packageUrl":"pkg:maven/tomcat/tomcat-util@5.5.23?type=jar"
}
]
}cURL command to run this request:
curl -u admin:admin123 -X POST -H "Content-Type: application/json" -d '{"components":[{"packageUrl":"pkg:maven/tomcat/tomcat-util@5.5.23?type=jar"}]}' 'http://localhost:8070/api/v2/components/details'Example 3: Passing the hash for the component
Example for retrieving details based on component hash:
curl -u admin:admin123 -X POST -H "Content-Type: application/json" -d '{"components":[{"hash":"1249e25aebb15358beddd23d4cb09d793c75c33d"}]}' 'http://localhost:8070/api/v2/components/details'Response Fields:
IQ Server will respond with the component details as shown below. Note that the returned hash value is truncated and is meant to be used as an identifier that can be passed into subsequent REST API calls. It is not intended to be used as a checksum.
{
"componentDetails":[
{
"component":{
"packageUrl": "pkg:maven/tomcat/tomcat-util@5.5.23?type=jar",
"hash":"1249e25aebb15358bedd",
"componentIdentifier":{
"format":"maven",
"coordinates":{
"artifactId":"tomcat-util",
"classifier":"",
"extension":"jar",
"groupId":"tomcat",
"version":"5.5.23"
}
},
"displayName": "tomcat : tomcat-util : 5.5.23"
},
"matchState":"exact",
"catalogDate":"2008-01-29T01:45:22.000-05:00",
"relativePopularity":100,
"hygieneRating": "Exemplar",
"integrityRating": "Pending",
"licenseData":{
"declaredLicenses":[
{
"licenseId":"Apache-2.0",
"licenseName":"Apache-2.0"
}
],
"observedLicenses":[
{
"licenseId":"No-Sources",
"licenseName":"No Sources"
}
],
"effectiveLicenses":[
{
"licenseId":"Apache-2.0",
"licenseName":"Apache-2.0"
}
]
},
"securityData":{
"securityIssues":[
{
"source":"cve",
"reference":"CVE-2007-3385",
"severity":4.3,
"url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385",
"threatCategory":"severe"
},
{
"source":"cve",
"reference":"CVE-2007-5333",
"severity":5.0,
"url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333",
"threatCategory":"severe"
},
{
"source":"cve",
"reference":"CVE-2011-2526",
"severity":4.4,
"url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526",
"threatCategory":"severe"
},
{
"source":"cve",
"reference":"CVE-2012-0022",
"severity":5.0,
"url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022",
"threatCategory":"severe"
},
{
"source":"osvdb",
"reference":"37071",
"severity":4.3,
"url":"http://osvdb.org/37071",
"threatCategory":"severe"
},
{
"source":"osvdb",
"reference":"41435",
"severity":5.0,
"url":"http://osvdb.org/41435",
"threatCategory":"severe"
},
{
"source":"osvdb",
"reference":"73797",
"severity":4.4,
"url":"http://osvdb.org/73797",
"threatCategory":"severe"
},
{
"source":"osvdb",
"reference":"73798",
"severity":4.4,
"url":"http://osvdb.org/73798",
"threatCategory":"severe"
},
{
"source":"osvdb",
"reference":"78573",
"severity":5.0,
"url":"http://osvdb.org/78573",
"threatCategory":"severe"
}
]
},
"projectData" : {
"firstReleaseDate" : "2008-01-24T03:19:17.000-07:00",
"lastReleaseDate" : "2008-01-24T03:19:17.000-07:00",
"projectMetadata" : {
"description" : "The Apache Software Foundation provides support for the Apache community of open-source software projects.\n The Apache projects are characterized by a collaborative, consensus based development process, an open and\n pragmatic software license, and a desire to create high quality software that leads the way in its field.\n We consider ourselves not simply a group of projects sharing a server, but rather a community of developers\n and users.",
"organization" : "The Apache Software Foundation"
},
"sourceControlManagement" : {
"scmUrl" : "https://svn.apache.org/repos/asf/maven/pom/tags/apache-4/tomcat-parent/tomcat-util"
}
}
}
]
}Change history for Component Details REST API
Name | Type | Release supported from |
|---|---|---|
integrityRating | response field | |
hygieneRating | response field | |
projectData | response field | Release 100 |
effectiveLicenses | response field | Release 88 |
packageURL | response field | Release 67 |
packageURL | input parameter | Release 67 |