Cross-Stage Policy Violation REST API
A Cross-Stage violation represents an aggregate of time-overlapping but equal policy violations within a given app across all stages. This data allows analysis such as how long it takes to investigate and remove a violation that was found during a stage until it is no longer reported in any stage.
You may use the steps described in Policy Violation REST API to extract a particular policy violation ID you want to track.
Available Endpoints
Once you have located the desired ID you can use the following endpoints to obtain the information on the cross-stage violation:
Search by the violation ID:
This endpoint returns cross-stage violation information given violationId.
The violationId is the id of the first occurrence of the violation in question. If the ID doesn't correspond to the earliest occurrence of the violation the API will return a not found error. This should return the fastest response if available.
GET /api/v2/policyViolations/crossStage/{violationId}
Using curl as an example on a typical local installation, you can use the following command to communicate with this endpoint
curl -u admin:admin123 -X GET 'http://localhost:8070/api/v2/policyViolations/crossStage/fb4c05d6054043ddaf434a71db8384db'
Note
In order to search by any violation ID aggregated by cross-stage violation
Search by constituentID:
This endpoint will provide cross-stage violation information for any violationId regardless of the time or stage of the occurrence
GET /api/v2/policyViolations/crossStage?constituentId=fb4c05d6054043ddaf434a71db8384db
Using curl as an example on a typical local installation, you can use the following command to communicate with this endpoint
curl -u admin:admin123 -X GET 'http://localhost:8070/api/v2/policyViolations/crossStage?constituentId=fb4c05d6054043ddaf434a71db8384db'
Response Data
Here is the example of a cross-stage violation response from the above endpoints, where the cross-stage violation represents two occurrences of the same violation: build violation and release stage violation.
{ "policyId": "93be2ac23c294d7683ec81d6faaca604", "policyName": "Security-Critical", "policyViolationId": "fb4c05d6054043ddaf434a71db8384db", "threatLevel": 10, "constraintViolations": [ { "constraintId": "d0818181e9d342e7b8c7625409f5935e", "constraintName": "Critical risk CVSS score", "reasons": [ { "reason": "Found security vulnerability sonatype-2019-0115 with severity >= 9 (severity = 9.8)", "reference": { "type": "SECURITY_VULNERABILITY_REFID", "value": "sonatype-2019-0115" } } ] } ], "applicationPublicId": "Webgoat", "applicationName": "Webgoat", "organizationName": "Ex Main", "openTime": "2020-06-17T11:32:16.024-05:00", "fixTime": null, "hash": "37081687a930b9a4a29c", "policyThreatCategory": "security", "displayName": { "parts": [ { "field": "Name", "value": "org.webjars jquery" }, { "value": " " }, { "field": "Version", "value": "1.10.2" } ] }, "componentIdentifier": { "format": "a-name", "coordinates": { "name": "org.webjars jquery", "qualifier": "", "version": "1.10.2" } }, "filename": "jquery-1.10.2.min.js", "stageData": { "build": { "mostRecentEvaluationTime": "2020-06-17T11:32:16.024-05:00", "mostRecentScanId": "c6e307ca087b4682998b9298245b74d6", "actionTypeId": "fail" }, "stage-release": { "mostRecentEvaluationTime": "2020-06-18T11:03:01.933-05:00", "mostRecentScanId": "e78e289a664b4b8fb6b969d531fc1dea", "actionTypeId": "fail" } }, "policyOwner": { "ownerId": "ROOT_ORGANIZATION_ID", "ownerName": "Root Organization", "ownerType": "organization" } }
Note
If the violated policy no longer exists, policyOwner will have null properties. This can happen after importing new policies.
The policyViolationId is the cross-stage violation Id
The stageData will report the information for stages where the violation was found, including the Ids of the specific scans where it was reported.
The rest of the information returned by the API is analog to the information returned by Policy Violation REST API