Firewall APIs
Custom Quarantine Messages
Set a Custom Quarantine Messages using the IQ Server Configuration REST API.
Components in Quarantine
The Quarantine REST API lists all components in quarantine.
Endpoints
Firewall Dashboard Metrics
Request to get the Firewall dashboard metrics.
GET /api/v2/firewall/metrics/embedded
curl -u admin:admin123 'http://localhost:8070/api/v2/firewall/metrics/embedded'
{ "SAFE_VERSIONS_SELECTED_AUTOMATICALLY": { "firewallMetricsValue": 3, "latestUpdatedTime": "2024-01-10T07:02:26.000-05:00" }, "COMPONENTS_AUTO_RELEASED": { "firewallMetricsValue": 2, "latestUpdatedTime": "2024-01-10T07:02:26.000-05:00" }, "NAMESPACE_ATTACKS_BLOCKED": { "firewallMetricsValue": 4, "latestUpdatedTime": "2024-01-10T07:02:26.000-05:00" }, "SUPPLY_CHAIN_ATTACKS_BLOCKED": { "firewallMetricsValue": 1, "latestUpdatedTime": "2023-11-15T07:02:26.000-05:00" }, "WAIVED_COMPONENTS": { "firewallMetricsValue": 3, "latestUpdatedTime": "2024-01-10T09:12:26.000-05:00" }, "COMPONENTS_QUARANTINED": { "firewallMetricsValue": 4, "latestUpdatedTime": "2024-01-08T09:12:26.000-05:00" } }
Quarantined components summary
Request for a summary of quarantined components.
GET /api/v2/firewall/quarantine/summary
curl -u admin:admin123 http://localhost:8070/api/v2/firewall/quarantine/summary
{ "repositoryCount": 2, "quarantineEnabledRepositoryCount": 2, "quarantineEnabled": true, "totalComponentCount": 25, "quarantinedComponentCount": 0 }
Item | Description |
---|---|
repositoryCount | The total number of repositories |
quarantineEnabledRepositoryCount | The total number of repositories with the quarantine capability enabled |
quarantineEnabled | The true if any repository has the quarantine capability enabled, false otherwise |
totalComponentCount | The total number of components across all repositories |
quarantinedComponentCount | The total number of quarantined components |
Auto-released from quarantine summary
Request for a summary of components auto-released from quarantine.
GET /api/v2/firewall/releaseQuarantine/summary
curl -u admin:admin123 http://localhost:8070/api/v2/firewall/releaseQuarantine/summary
{ "autoReleaseQuarantineCountMTD": 3, "autoReleaseQuarantineCountYTD": 120 }
Item | Description |
---|---|
autoReleaseQuarantineCountMTD | The number of auto-released quarantine components from the start of the current month to the current date |
autoReleaseQuarantineCountYTD | The number of auto-released quarantine components from the start of the current year to the current date |
Configuration of auto-released from quarantine
List the configuration for auto-release from quarantine. This is a set of policy condition types configurable for auto-release from quarantine
GET /api/v2/firewall/releaseQuarantine/configuration
curl -u admin:admin123 \ http://localhost:8070/api/v2/firewall/releaseQuarantine/configuration
[ { "autoReleaseQuarantineEnabled": true, "id": "IntegrityRating", "name": "Integrity Rating" }, { "autoReleaseQuarantineEnabled": false, "id": "License", "name": "License" }, { "autoReleaseQuarantineEnabled": false, "id": "License Threat Group", "name": "License Threat Group" }, { "autoReleaseQuarantineEnabled": false, "id": "MatchState", "name": "Match State" }, { "autoReleaseQuarantineEnabled": false, "id": "SecurityVulnerabilitySeverity", "name": "Security Vulnerability Severity" }, { "autoReleaseQuarantineEnabled": false, "id": "SecurityVulnerabilityCategory", "name": "Security Vulnerability Category" }, { "autoReleaseQuarantineEnabled": false, "id": "SecurityVulnerabilityCustomRemediation", "name": "Security Vulnerability Custom Remediation" }, { "autoReleaseQuarantineEnabled": false, "id": "SecurityVulnerabilityCustomCVSSVectorString", "name": "Security Vulnerability Custom CVSS" }, { "autoReleaseQuarantineEnabled": false, "id": "SecurityVulnerabilityResearchType", "name": "Security Research Type" } ]
Update configuration for auto-releasing from quarantine
Set the auto-release from quarantine configuration. Use the get request for a list of the configurable properties.
PUT /api/v2/firewall/releaseQuarantine/configuration
[ { "id": "IntegrityRating", "autoReleaseQuarantineEnabled": true }, { "id": "License", "autoReleaseQuarantineEnabled": false } ]
curl -X PUT -u admin:admin123 \ -H "Content-Type: application/json" \ -d '[{"id":"IntegrityRating","autoReleaseQuarantineEnabled":true},{"id":"License","autoReleaseQuarantineEnabled":false}]' \ http://localhost:8070/api/v2/firewall/releaseQuarantine/configuration
This request returns the updated list of properties from the GET request.
Components auto-released from quarantine
Report of components that have been auto-released from quarantine.
GET /api/v2/firewall/components/autoReleasedFromQuarantine?{parmeter1}={value1}&{parmeter2}={value2}
curl -u admin:admin123 \ http://localhost:8070/api/v2/firewall/components/autoReleasedFromQuarantine?page=1&pageSize=10&policyId=384b7857d9b5424d91e00a0b945e3ec8&componentName=t&sortBy=releaseQuarantineTime&asc=true
Parameter | Description | Optional | Default Value |
---|---|---|---|
page | The pagination page number. The minimum allowed page number is 1. | Yes | 1 |
pageSize | The maximum number of records to return per page. The value should be between 1 and 10000. | Yes | 10 |
policyId | When provided, the API returns only the components that have a policy violation that causes quarantine (fail action) against the policy with this ID. | Yes | |
componentName | When provided, the API returns the components with display names that contain (case-insensitively) the value of this parameter. | Yes | |
sortBy | The field the records to be sorted by. For now, the API only supports sorting by Quarantined components can only be sorted by | Yes | When released:
When quarantined: |
asc | A boolean value indicates the order of sorting. True indicates that the records will be sorted in ascending order. | Yes |
|
{ "page": 1, "pageCount": 1, "pageSize": 10, "results": [ { "componentIdentifier": { "coordinates": { "packageId": "1_test", "version": "0.0.0" }, "format": "npm" }, "dateCleared": "2021-03-24T18:53:45.588+0000", "displayName": "1_test : 0.0.0", "hash": "2cfd634fae225311e3b6", "matchState": "exact", "pathname": "1_test/-/1_test-0.0.0.tgz", "quarantineDate": "2021-03-24T17:36:34.612+0000", "quarantinePolicyViolations": [], "quarantined": false, "repository": "npm_proxy", "repositoryId": "298bf707fd4f4323b7a0200b8dddd201" }, { "componentIdentifier": { "coordinates": { "packageId": "rc-util", "version": "1.2.0" }, "format": "npm" }, "dateCleared": "2021-03-24T18:53:46.115+0000", "displayName": "rc-util : 5.9.5", "hash": "b3e3c46f8a404334a2b3a5633d4f0be7", "matchState": "exact", "pathname": "rc-util/-/rc-util-5.9.5.tgz", "quarantineDate": "2021-03-24T14:45:02.567+0000", "quarantinePolicyViolations": [], "quarantined": false, "repository": "npm_proxy", "repositoryId": "298bf707fd4f4323b7a0200b8dddd201" } ], "total": 2 }
Item | Description |
---|---|
total | Total number of records this query can return across all pages |
page | Page number specified on the query |
pageSize | Page size specified on the query |
pageCount | Total number of pages this query can return |
displayName | Name of the component and version |
repository | Repository where the component is installed |
quarantineDate | The date and time when the component was quarantined |
dateCleared | The date and time when the component was released from quarantine. |
quarantinePolicyViolations | Policy violations that caused this component to be quarantined. This will be empty for components automatically released from quarantine. |
componentIdentifier | The format and coordinates for the claimed component. |
pathname | The component path in the repository. |
hash | The component hash. |
matchState | Verify if the comparison of a component to known components is or is not a match in one of the following ways: Exact, Similar, or Unknown. |
repositoryId | The repository ID where the component is installed. |
quarantined | Whether the component is quarantined or not. |
Components in Quarantine
Request a list of the quarantine components. Use the filters to find specific components.
GET /api/v2/firewall/components/quarantined?{parmeter1}={value1}&{parmeter2}={value2}
curl -u admin:admin123 \ http://localhost:8070/api/v2/firewall/components/quarantined?page=1&pageSize=10&policyId=384b7857d9b5424d91e00a0b945e3ec8&componentName=add&sortBy=quarantineTime&asc=true
{ "total": 1, "page": 1, "pageSize": 10, "pageCount": 1, "results": [ { "displayName": "add-fedops : 0.0.0", "repository": "npm_proxy", "quarantineDate": "2021-03-29T14:43:51.477+0000", "dateCleared": null, "quarantinePolicyViolations": [ { "policyId": "384b7857d9b5424d91e00a0b945e3ec8", "policyName": "Integrity-Rating", "policyViolationId": "974d9e6cd7924ecdb622f9f7cef47510", "threatLevel": 9, "constraintViolations": [ { "constraintId": "f03a3a2abdf94703a019e37b8c5cdc16", "constraintName": "Suspicious integrity rating", "reasons": [ { "reason": "Integrity Rating was Suspicious", "reference": null } ] } ] } ], "componentIdentifier": { "format": "npm", "coordinates": { "packageId": "add-fedops", "version": "0.0.0" } }, "pathname": "add-fedops/-/add-fedops-0.0.0.tgz", "hash": "b1b6ea3b7e4aa4f49250", "matchState": "exact", "repositoryId": "298bf707fd4f4323b7a0200b8dddd201", "quarantined": true } ] }
Configure Anonymous Access
Set the anonymous access for the Quarantined Component View. This configuration is enabled by default
PUT /api/v2/firewall/quarantinedComponentView/configuration/anonymousAccess/false
curl -X PUT -u admin:admin123 \ http://localhost:8070/api/v2/firewall/quarantinedComponentView/configuration/anonymousAccess/false
Repository Manager Configuration
List the configuration for configured repository managers in Firewall.
GET /api/v2/firewall/repositoryManagers
curl -u admin:admin123 "http://localhost:8070/api/v2/firewall/repositoryManagers"
{ "repositoryManagers": [ { "id": "02bafbc10b3545eeb949db5b248df2a8", "name": null, "instanceId": "060BCE87-FF88120D-15BE693B-15B5880C-C5B80470", "productName": "Nexus", "productVersion": "3.60.0" } ] }
Update Repository Manager Configuration
Request to add a repository manager container to the Firewall configuration.
POST /api/v2/firewall/repositoryManagers
{ "name": "My Repository Manager", "instanceId": "060BCE87-FF88120D-15BE693B-15B5880C-C5B80477", "productName": "Nexus", "productVersion": "3.60.0" }
curl -X POST -u admin:admin123 -H "Content-Type: application/json" \ -d "{\"name\": \"My Repository Manager\", \"instanceId\": \"060BCE87-FF88120D-15BE693B-15B5880C-C5B80477\", \"productName\": \"Nexus\", \"productVersion\": \"3.60.0\"}" \ "http://localhost:8070/api/v2/firewall/repositoryManagers"
The command returns the configuration of the newly created repository manager, including its ID.
{ "id":"0160d7c72c9946c3bece12bc8441dc7e", "name": "My Repository Manager", "instanceId": "060BCE87-FF88120D-15BE693B-15B5880C-C5B80477", "productName": "Nexus", "productVersion": "3.60.0" }
Configuration for a Repository Manager in Firewall
Request the configuration for a specific repository manager. Returns an array of proxy and hosted repositories configured in the repository manager container.
The <repositoryManagerId> can be found using the 'Get repository managers configurations' endpoint.
GET /api/v2/firewall/repositories/configuration/<repositoryManagerId>
Example
curl -u admin:admin123 "http://localhost:8070/api/v2/firewall/repositories/configuration/2d093cc49e0b4146ba67d529eb57e663"
{ "repositories": [ { "repositoryId": "e24c0dc8e24a4b53b949c49faa14da0b", "publicId": "maven-remote", "format": "maven2", "type": "proxy", "auditEnabled": true, "quarantineEnabled": true, "policyCompliantComponentSelectionEnabled": false, "namespaceConfusionProtectionEnabled": false } ] }
Update Repository Configurations for a Repository Manager
Request to update the repository configuration for a repository manager. Used to add new proxy repositories to the repository manager container
POST /api/v2/firewall/repositories/configuration/<repositoryManagerId>
Request body to send repository details.
{ "repositories": [ { "format": "maven2", "publicId": "my-repo-1", "type": "proxy", "auditEnabled": true, "quarantineEnabled": true, "namespaceConfusionProtectionEnabled": false, "policyCompliantComponentSelectionEnabled": false } ] }
curl -X POST -u admin:admin123 -H "Content-Type: application/json" \ -d "{\"repositories\":[{\"publicId\":\"my-repo-1\", \"format\":\"maven2\", \"type\":\"proxy\", \"auditEnabled\":true, \"quarantineEnabled\":true, \"policyCompliantComponentSelectionEnabled\":false, \"namespaceConfusionProtectionEnabled\":false}]}" \ "http://localhost:8070/api/v2/firewall/repositories/configuration/2d093cc49e0b4146ba67d529eb57e663"