Skip to main content

Firewall APIs

Endpoints

Firewall Dashboard Metrics

Request to get the Firewall dashboard metrics.

GET /api/v2/firewall/metrics/embedded
curl -u admin:admin123 'http://localhost:8070/api/v2/firewall/metrics/embedded'

Response: Firewall dashboard metrics

{
  "SAFE_VERSIONS_SELECTED_AUTOMATICALLY": {
    "firewallMetricsValue": 3,
    "latestUpdatedTime": "2024-01-10T07:02:26.000-05:00"
  },
  "COMPONENTS_AUTO_RELEASED": {
    "firewallMetricsValue": 2,
    "latestUpdatedTime": "2024-01-10T07:02:26.000-05:00"
  },    
  "NAMESPACE_ATTACKS_BLOCKED": {
    "firewallMetricsValue": 4,
    "latestUpdatedTime": "2024-01-10T07:02:26.000-05:00"
  },    
  "SUPPLY_CHAIN_ATTACKS_BLOCKED": {
    "firewallMetricsValue": 1,
    "latestUpdatedTime": "2023-11-15T07:02:26.000-05:00"
  },    
  "WAIVED_COMPONENTS": {
    "firewallMetricsValue": 3,
    "latestUpdatedTime": "2024-01-10T09:12:26.000-05:00"    
  },    
  "COMPONENTS_QUARANTINED": {
    "firewallMetricsValue": 4,
    "latestUpdatedTime": "2024-01-08T09:12:26.000-05:00"    
  }
}

Quarantined components summary

Request for a summary of quarantined components.

GET /api/v2/firewall/quarantine/summary
curl -u admin:admin123 http://localhost:8070/api/v2/firewall/quarantine/summary

Response: quarantined components summary

{
  "repositoryCount": 2,
  "quarantineEnabledRepositoryCount": 2,
  "quarantineEnabled": true,
  "totalComponentCount": 25,
  "quarantinedComponentCount": 0
}

Item

Description

repositoryCount

The total number of repositories

quarantineEnabledRepositoryCount

The total number of repositories with the quarantine capability enabled

quarantineEnabled

The true if any repository has the quarantine capability enabled, false otherwise

totalComponentCount

The total number of components across all repositories

quarantinedComponentCount

The total number of quarantined components

Auto-released from quarantine summary

Request for a summary of components auto-released from quarantine.

GET /api/v2/firewall/releaseQuarantine/summary
curl -u admin:admin123 http://localhost:8070/api/v2/firewall/releaseQuarantine/summary

Response: auto-released from quarantine summary

{
  "autoReleaseQuarantineCountMTD": 3,
  "autoReleaseQuarantineCountYTD": 120
}

Item

Description

autoReleaseQuarantineCountMTD

The number of auto-released quarantine components from the start of the current month to the current date

autoReleaseQuarantineCountYTD

The number of auto-released quarantine components from the start of the current year to the current date

Configuration of auto-released from quarantine

List the configuration for auto-release from quarantine. This is a set of policy condition types configurable for auto-release from quarantine

GET /api/v2/firewall/releaseQuarantine/configuration
curl -u admin:admin123 \
 http://localhost:8070/api/v2/firewall/releaseQuarantine/configuration

Response: auto-release configuration

[
  {
    "autoReleaseQuarantineEnabled": true,
    "id": "IntegrityRating",
    "name": "Integrity Rating"
  },
  {
    "autoReleaseQuarantineEnabled": false,
    "id": "License",
    "name": "License"
  },
  {
    "autoReleaseQuarantineEnabled": false,
    "id": "License Threat Group",
    "name": "License Threat Group"
  },
  {
    "autoReleaseQuarantineEnabled": false,
    "id": "MatchState",
    "name": "Match State"
  },
  {
    "autoReleaseQuarantineEnabled": false,
    "id": "SecurityVulnerabilitySeverity",
    "name": "Security Vulnerability Severity"
  },
  {
    "autoReleaseQuarantineEnabled": false,
    "id": "SecurityVulnerabilityCategory",
    "name": "Security Vulnerability Category"
  },
  {
    "autoReleaseQuarantineEnabled": false,
    "id": "SecurityVulnerabilityCustomRemediation",
    "name": "Security Vulnerability Custom Remediation"
  },
  {
    "autoReleaseQuarantineEnabled": false,
    "id": "SecurityVulnerabilityCustomCVSSVectorString",
    "name": "Security Vulnerability Custom CVSS"
  },
  {
    "autoReleaseQuarantineEnabled": false,
    "id": "SecurityVulnerabilityResearchType",
    "name": "Security Research Type"
  }
]

Update configuration for auto-releasing from quarantine

Set the auto-release from quarantine configuration. Use the get request for a list of the configurable properties.

PUT /api/v2/firewall/releaseQuarantine/configuration
[
  {
    "id": "IntegrityRating",
    "autoReleaseQuarantineEnabled": true
  },
  {
    "id": "License",
    "autoReleaseQuarantineEnabled": false
  }
]
curl -X PUT -u admin:admin123 \
  -H "Content-Type: application/json" \
  -d '[{"id":"IntegrityRating","autoReleaseQuarantineEnabled":true},{"id":"License","autoReleaseQuarantineEnabled":false}]' \
  http://localhost:8070/api/v2/firewall/releaseQuarantine/configuration

This request returns the updated list of properties from the GET request.

Components auto-released from quarantine

Report of components that have been auto-released from quarantine.

GET /api/v2/firewall/components/autoReleasedFromQuarantine?{parmeter1}={value1}&{parmeter2}={value2}
curl -u admin:admin123 \
  http://localhost:8070/api/v2/firewall/components/autoReleasedFromQuarantine?page=1&pageSize=10&policyId=384b7857d9b5424d91e00a0b945e3ec8&componentName=t&sortBy=releaseQuarantineTime&asc=true

Reference: auto-released component parameters

Parameter

Description

Optional

Default Value

page

The pagination page number.

The minimum allowed page number is 1.

Yes

1

pageSize

The maximum number of records to return per page.

The value should be between 1 and 10000.

Yes

10

policyId

When provided, the API returns only the components that have a policy violation that causes quarantine (fail action) against the policy with this ID.

Yes

componentName

When provided, the API returns the components with display names that contain (case-insensitively) the value of this parameter.

Yes

sortBy

The field the records to be sorted by. For now, the API only supports sorting by releaseQuarantineTime and quarantineTime.

Quarantined components can only be sorted by quarantineTime.

Yes

When released:

releaseQuarantineTime

When quarantined: quarantineTime

asc

A boolean value indicates the order of sorting.

True indicates that the records will be sorted in ascending order.

Yes

true

Response: auto-released components

{
  "page": 1,
  "pageCount": 1,
  "pageSize": 10,
  "results":
  [
    {
      "componentIdentifier":
      {
          "coordinates":
          {
              "packageId": "1_test",
              "version": "0.0.0"
          },
          "format": "npm"
      },
      "dateCleared": "2021-03-24T18:53:45.588+0000",
      "displayName": "1_test : 0.0.0",
      "hash": "2cfd634fae225311e3b6",
      "matchState": "exact",
      "pathname": "1_test/-/1_test-0.0.0.tgz",
      "quarantineDate": "2021-03-24T17:36:34.612+0000",
      "quarantinePolicyViolations":
      [],
      "quarantined": false,
      "repository": "npm_proxy",
      "repositoryId": "298bf707fd4f4323b7a0200b8dddd201"
    },
    {
      "componentIdentifier":
      {
        "coordinates":
        {
          "packageId": "rc-util",
          "version": "1.2.0"
        },
        "format": "npm"
      },
      "dateCleared": "2021-03-24T18:53:46.115+0000",
      "displayName": "rc-util : 5.9.5",
      "hash": "b3e3c46f8a404334a2b3a5633d4f0be7",
      "matchState": "exact",
      "pathname": "rc-util/-/rc-util-5.9.5.tgz",
      "quarantineDate": "2021-03-24T14:45:02.567+0000",
      "quarantinePolicyViolations":
      [],
      "quarantined": false,
      "repository": "npm_proxy",
      "repositoryId": "298bf707fd4f4323b7a0200b8dddd201"
    }
  ],
  "total": 2
}

Item

Description

total

Total number of records this query can return across all pages

page

Page number specified on the query

pageSize

Page size specified on the query

pageCount

Total number of pages this query can return

displayName

Name of the component and version

repository

Repository where the component is installed

quarantineDate

The date and time when the component was quarantined

dateCleared

The date and time when the component was released from quarantine.

quarantinePolicyViolations

Policy violations that caused this component to be quarantined. This will be empty for components automatically released from quarantine.

componentIdentifier

The format and coordinates for the claimed component.

pathname

The component path in the repository.

hash

The component hash.

matchState

Verify if the comparison of a component to known components is or is not a match in one of the following ways: Exact, Similar, or Unknown.

repositoryId

The repository ID where the component is installed.

quarantined

Whether the component is quarantined or not.

Components in Quarantine

Request a list of the quarantine components. Use the filters to find specific components.

GET /api/v2/firewall/components/quarantined?{parmeter1}={value1}&{parmeter2}={value2}
curl -u admin:admin123 \
   http://localhost:8070/api/v2/firewall/components/quarantined?page=1&pageSize=10&policyId=384b7857d9b5424d91e00a0b945e3ec8&componentName=add&sortBy=quarantineTime&asc=true

Response: list quarantined components

{
  "total": 1,
  "page": 1,
  "pageSize": 10,
  "pageCount": 1,
  "results": [
    {
      "displayName": "add-fedops : 0.0.0",
      "repository": "npm_proxy",
      "quarantineDate": "2021-03-29T14:43:51.477+0000",
      "dateCleared": null,
      "quarantinePolicyViolations": [
        {
          "policyId": "384b7857d9b5424d91e00a0b945e3ec8",
          "policyName": "Integrity-Rating",
          "policyViolationId": "974d9e6cd7924ecdb622f9f7cef47510",
          "threatLevel": 9,
          "constraintViolations": [
            {
              "constraintId": "f03a3a2abdf94703a019e37b8c5cdc16",
              "constraintName": "Suspicious integrity rating",
              "reasons": [
                {
                  "reason": "Integrity Rating was Suspicious",
                  "reference": null
                }
              ]
            }
          ]
        }
      ],
      "componentIdentifier": {
          "format": "npm",
          "coordinates": {
            "packageId": "add-fedops",
            "version": "0.0.0"
          }
      },
      "pathname": "add-fedops/-/add-fedops-0.0.0.tgz",
      "hash": "b1b6ea3b7e4aa4f49250",
      "matchState": "exact",
      "repositoryId": "298bf707fd4f4323b7a0200b8dddd201",
      "quarantined": true
    }
  ]
}

Configure Anonymous Access

Set the anonymous access for the Quarantined Component View. This configuration is enabled by default

PUT /api/v2/firewall/quarantinedComponentView/configuration/anonymousAccess/false
curl -X PUT -u admin:admin123 \
  http://localhost:8070/api/v2/firewall/quarantinedComponentView/configuration/anonymousAccess/false

Repository Manager Configuration

List the configuration for configured repository managers in Firewall.

GET /api/v2/firewall/repositoryManagers
curl -u admin:admin123 "http://localhost:8070/api/v2/firewall/repositoryManagers"

Response: repository manager configurations

{
  "repositoryManagers": [
    {
      "id": "02bafbc10b3545eeb949db5b248df2a8",
      "name": null,
      "instanceId": "060BCE87-FF88120D-15BE693B-15B5880C-C5B80470",
      "productName": "Nexus",
      "productVersion": "3.60.0"
    }
  ]
}

Update Repository Manager Configuration

Request to add a repository manager container to the Firewall configuration.

POST /api/v2/firewall/repositoryManagers
{
  "name": "My Repository Manager",
  "instanceId": "060BCE87-FF88120D-15BE693B-15B5880C-C5B80477",
  "productName": "Nexus",
  "productVersion": "3.60.0"
}
curl -X POST -u admin:admin123 -H "Content-Type: application/json" \
     -d "{\"name\": \"My Repository Manager\", \"instanceId\": \"060BCE87-FF88120D-15BE693B-15B5880C-C5B80477\", \"productName\": \"Nexus\", \"productVersion\": \"3.60.0\"}" \ 
     "http://localhost:8070/api/v2/firewall/repositoryManagers"

Response: update repository manager configuration

The command returns the configuration of the newly created repository manager, including its ID.

{
  "id":"0160d7c72c9946c3bece12bc8441dc7e",
  "name": "My Repository Manager",
  "instanceId": "060BCE87-FF88120D-15BE693B-15B5880C-C5B80477",
  "productName": "Nexus",
  "productVersion": "3.60.0"
}

Configuration for a Repository Manager in Firewall

Request the configuration for a specific repository manager. Returns an array of proxy and hosted repositories configured in the repository manager container.

The <repositoryManagerId> can be found using the 'Get repository managers configurations' endpoint.

GET /api/v2/firewall/repositories/configuration/<repositoryManagerId>

Example

curl -u admin:admin123 "http://localhost:8070/api/v2/firewall/repositories/configuration/2d093cc49e0b4146ba67d529eb57e663"

Response: repository manager configuration

{
  "repositories": [
    {
      "repositoryId": "e24c0dc8e24a4b53b949c49faa14da0b",
      "publicId": "maven-remote",
      "format": "maven2",
      "type": "proxy",
      "auditEnabled": true,
      "quarantineEnabled": true,
      "policyCompliantComponentSelectionEnabled": false,
      "namespaceConfusionProtectionEnabled": false
    }
  ]
}

Update Repository Configurations for a Repository Manager

Request to update the repository configuration for a repository manager. Used to add new proxy repositories to the repository manager container

POST /api/v2/firewall/repositories/configuration/<repositoryManagerId>

Request body to send repository details.

{
  "repositories":
  [
    {
      "format": "maven2",
      "publicId": "my-repo-1",      
      "type": "proxy",
      "auditEnabled": true,
      "quarantineEnabled": true,
      "namespaceConfusionProtectionEnabled": false,
      "policyCompliantComponentSelectionEnabled": false
    }
  ]
}
curl -X POST -u admin:admin123 -H "Content-Type: application/json" \
     -d "{\"repositories\":[{\"publicId\":\"my-repo-1\", \"format\":\"maven2\", \"type\":\"proxy\", \"auditEnabled\":true, \"quarantineEnabled\":true, \"policyCompliantComponentSelectionEnabled\":false, \"namespaceConfusionProtectionEnabled\":false}]}" \
     "http://localhost:8070/api/v2/firewall/repositories/configuration/2d093cc49e0b4146ba67d529eb57e663"