Skip to main content

Component Details REST API

The Component Details REST API provides information on security vulnerability, license data, age, and popularity information for a specified component.

For more information on supported formats and examples, refer to Sonatype Component Identifiers.

Methods supported:

  • POST

POST api/v2/components/details

Using the POST request, this API can be used to retrieve component data in 3 ways:

  1. Passing the componentIdentifier object

  2. Passing the packageURL identifier for the component

  3. Passing the hash for the component

Example 1: Passing the componentIdentifier

In our example we’ll be searching using Maven coordinates.

Include the componentIdentfier as JSON

{
  "components": [
    {
        "componentIdentifier": {
        "format": "maven",
        "coordinates": {
          "artifactId": "tomcat-util",
          "extension": "jar",
          "groupId": "tomcat",
          "version": "5.5.23"
         }
      }
    }
  ]
}

Putting this together with the cURL command, as well as including the IQ Server URL for the POST resource path, you should have something that looks like this:

curl -u admin:admin123 -X POST -H "Content-Type: application/json" -d '{"components":[{"hash": null,"componentIdentifier": {"format":"maven","coordinates": {"artifactId":"tomcat-util","extension":"jar","groupId":"tomcat","version":"5.5.23"}}}]}' 'http://localhost:8070/api/v2/components/details'

Example 2: Passing the packageURL Identifier

Example for retrieving information on a Maven component:

{
 "components": [
   {
     "packageUrl":"pkg:maven/tomcat/tomcat-util@5.5.23?type=jar"
   }
 ]
}

cURL command to run this request:

curl -u admin:admin123 -X POST -H "Content-Type: application/json" -d '{"components":[{"packageUrl":"pkg:maven/tomcat/tomcat-util@5.5.23?type=jar"}]}' 'http://localhost:8070/api/v2/components/details'

Example 3: Passing the hash for the component

Example for retrieving details based on component hash:

curl -u admin:admin123 -X POST -H "Content-Type: application/json" -d '{"components":[{"hash":"1249e25aebb15358beddd23d4cb09d793c75c33d"}]}' 'http://localhost:8070/api/v2/components/details'

Response Fields:

IQ Server will respond with the component details as shown below. Note that the returned hash value is truncated and is meant to be used as an identifier that can be passed into subsequent REST API calls. It is not intended to be used as a checksum.

{
   "componentDetails":[
      {
         "component":{
            "packageUrl": "pkg:maven/tomcat/tomcat-util@5.5.23?type=jar",
            "hash":"1249e25aebb15358bedd",
            "componentIdentifier":{
               "format":"maven",
               "coordinates":{
                  "artifactId":"tomcat-util",
                  "classifier":"",
                  "extension":"jar",
                  "groupId":"tomcat",
                  "version":"5.5.23"
               }
            },
            "displayName": "tomcat : tomcat-util : 5.5.23"
         },
         "matchState":"exact",
         "catalogDate":"2008-01-29T01:45:22.000-05:00",
         "relativePopularity":100,
         "hygieneRating": "Exemplar",
         "integrityRating": "Pending",
         "licenseData":{
            "declaredLicenses":[
               {
                  "licenseId":"Apache-2.0",
                  "licenseName":"Apache-2.0"
               }
            ],
            "observedLicenses":[
               {
                  "licenseId":"No-Sources",
                  "licenseName":"No Sources"
               }
            ],
            "effectiveLicenses":[
               {
                  "licenseId":"Apache-2.0",
                  "licenseName":"Apache-2.0"
               }
            ]
         },
         "securityData":{
            "securityIssues":[
               {
                  "source":"cve",
                  "reference":"CVE-2007-3385",
                  "severity":4.3,
                  "url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385",
                  "threatCategory":"severe"
               },
               {
                  "source":"cve",
                  "reference":"CVE-2007-5333",
                  "severity":5.0,
                  "url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333",
                  "threatCategory":"severe"
               },
               {
                  "source":"cve",
                  "reference":"CVE-2011-2526",
                  "severity":4.4,
                  "url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526",
                  "threatCategory":"severe"
               },
               {
                  "source":"cve",
                  "reference":"CVE-2012-0022",
                  "severity":5.0,
                  "url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022",
                  "threatCategory":"severe"
               },
               {
                  "source":"osvdb",
                  "reference":"37071",
                  "severity":4.3,
                  "url":"http://osvdb.org/37071",
                  "threatCategory":"severe"
               },
               {
                  "source":"osvdb",
                  "reference":"41435",
                  "severity":5.0,
                  "url":"http://osvdb.org/41435",
                  "threatCategory":"severe"
               },
               {
                  "source":"osvdb",
                  "reference":"73797",
                  "severity":4.4,
                  "url":"http://osvdb.org/73797",
                  "threatCategory":"severe"
               },
               {
                  "source":"osvdb",
                  "reference":"73798",
                  "severity":4.4,
                  "url":"http://osvdb.org/73798",
                  "threatCategory":"severe"
               },
               {
                  "source":"osvdb",
                  "reference":"78573",
                  "severity":5.0,
                  "url":"http://osvdb.org/78573",
                  "threatCategory":"severe"
               }
            ]
         },
         "projectData" : {
            "firstReleaseDate" : "2008-01-24T03:19:17.000-07:00",
            "lastReleaseDate" : "2008-01-24T03:19:17.000-07:00",
            "projectMetadata" : {
               "description" : "The Apache Software Foundation provides support for the Apache community of open-source software projects.\n    The Apache projects are characterized by a collaborative, consensus based development process, an open and\n    pragmatic software license, and a desire to create high quality software that leads the way in its field.\n    We consider ourselves not simply a group of projects sharing a server, but rather a community of developers\n    and users.",
               "organization" : "The Apache Software Foundation"
            },
            "sourceControlManagement" : {
               "scmUrl" : "https://svn.apache.org/repos/asf/maven/pom/tags/apache-4/tomcat-parent/tomcat-util"
            }
         }
      }
   ]
}

Change history for Component Details REST API

Name

Type

Release supported from

integrityRating

response field

hygieneRating

response field

projectData

response field

Release 100

effectiveLicenses

response field

Release 88

packageURL

response field

Release 67

packageURL

input parameter

Release 67