Skip to main content

Firewall REST API

GET Auto-Released from Quarantine Summary

Issue a GET request for a summary of auto-released from quarantine components.

GET /api/v2/firewall/releaseQuarantine/summary

Example

curl -u admin:admin123 http://localhost:8070/api/v2/firewall/releaseQuarantine/summary

Example response

{
    "autoReleaseQuarantineCountMTD": 3,
    "autoReleaseQuarantineCountYTD": 120
}

Item

Description

autoReleaseQuarantineCountMTD

The number of auto-released from quarantine components from the start of the current month to the current date

autoReleaseQuarantineCountYTD

The number of auto-released from quarantine components from the start of the current year to the current date

GET Quarantined Components Summary

Issue a GET request for a summary of quarantined components.

GET /api/v2/firewall/quarantine/summary

Example

curl -u admin:admin123 http://localhost:8070/api/v2/firewall/quarantine/summary

Example response

{
    "repositoryCount": 2,
    "quarantineEnabledRepositoryCount": 2,
    "quarantineEnabled": true,
    "totalComponentCount": 25,
    "quarantinedComponentCount": 0
}

Item

Description

repositoryCount

The total number of repositories

quarantineEnabledRepositoryCount

The total number of repositories with the quarantine capability enabled

quarantineEnabled

The true if any repository has the quarantine capability enabled, false otherwise

totalComponentCount

The total number of components across all repositories

quarantinedComponentCount

The total number of quarantined components

GET Auto-Released from Quarantine Config

Issue a GET request for a list of policy condition types that are configurable for auto-release from quarantine and whether they have auto-release from quarantine capability turned on or not.

GET /api/v2/firewall/releaseQuarantine/configuration

Example

curl -u admin:admin123 http://localhost:8070/api/v2/firewall/releaseQuarantine/configuration

Example response

[
    {
        "id": "IntegrityRating",
        "name": "Integrity Rating",
        "autoReleaseQuarantineEnabled": true
    },
    {
        "id": "License",
        "name": "License",
        "autoReleaseQuarantineEnabled": true
    },
    {
        "id": "License Threat Group",
        "name": "License Threat Group",
        "autoReleaseQuarantineEnabled": true
    },
    {
        "id": "SecurityVulnerabilitySeverity",
        "name": "Security Vulnerability Severity",
        "autoReleaseQuarantineEnabled": true
    },
    {
        "id": "SecurityVulnerabilityCategory",
        "name": "Security Vulnerability Category",
        "autoReleaseQuarantineEnabled": true
    }
]

PUT to Update Auto-Released from Quarantine Config

You can enable or disable the auto-release from quarantine capability on some or all of the policy condition types that are configurable for auto-release from quarantine by issuing the PUT request:

PUT /api/v2/firewall/releaseQuarantine/configuration

You will also need to include JSON data specifying the policy condition types that need to be updated. For example:

[
    {
        "id": "IntegrityRating",
        "autoReleaseQuarantineEnabled": true
    },
    {
        "id": "License",
        "autoReleaseQuarantineEnabled": false
    }
]

The above request only enables auto-release from quarantine capability on the Integrity Rating policy condition type and disables it for the License policy condition type. Other policy condition types not part of the JSON body are not updated.

Example

curl -u admin:admin123 -X PUT -H "Content-Type: application/json" -d '[{"id":"IntegrityRating","name":"Integrity Rating","autoReleaseQuarantineEnabled":true},{"id":"License","name":"License","autoReleaseQuarantineEnabled":false}]' http://localhost:8070/api/v2/firewall/releaseQuarantine/configuration

Example response

[
    {
        "id": "IntegrityRating",
        "name": "Integrity Rating",
        "autoReleaseQuarantineEnabled": true
    },
    {
        "id": "License",
        "name": "License",
        "autoReleaseQuarantineEnabled": false
    },
    {
        "id": "License Threat Group",
        "name": "License Threat Group",
        "autoReleaseQuarantineEnabled": true
    },
    {
        "id": "SecurityVulnerabilitySeverity",
        "name": "Security Vulnerability Severity",
        "autoReleaseQuarantineEnabled": true
    },
    {
        "id": "SecurityVulnerabilityCategory",
        "name": "Security Vulnerability Category",
        "autoReleaseQuarantineEnabled": true
    }
]

GET List of Auto-Released from Quarantine Components

Issue a GET request to get a summary of auto-released from quarantine components.

GET /api/v2/firewall/components/autoReleasedFromQuarantine?page=1&pageSize=10&policyId=384b7857d9b5424d91e00a0b945e3ec8&componentName=t&sortBy=releaseQuarantineTime&asc=true

Query Parameter

Description

Optional

Default Value

page

The pagination page number. The minimum allowed page number is 1.

Yes

1

pageSize

The maximum number of records to return per page. The value should be between 1 and 10000.

Yes

10

policyId

When provided, the API returns only the components that have a policy violation that causes quarantine (fail action) against the policy with this ID.

Yes

componentName

RELEASE 160When provided, the API returns only the components with display names that contain (case-insensitively) the value of this parameter.

Yes

sortBy

The field the records to be sorted by. For now, the API only supports sorting by releaseQuarantineTime and quarantineTime.

Quarantined components can only be sorted by quarantineTime.

Yes

Auto-Released from Quarantine Components: releaseQuarantineTime

Quarantined Components: quarantineTime

asc

A boolean value indicates the order of sorting.

true indicates that the records will be sorted in ascending order, false indicates they will be sorted in descending order.

Yes

true

Example command

curl -u admin:admin123 http://localhost:8070/api/v2/firewall/components/autoReleasedFromQuarantine?page=1&pageSize=10&policyId=384b7857d9b5424d91e00a0b945e3ec8&componentName=t&sortBy=releaseQuarantineTime&asc=true

Example JSON response

{
    "total": 2,
    "page": 1,
    "pageSize": 10,
    "pageCount": 1,
    "results": [
        {
            "displayName": "1_test : 0.0.0",
            "repository": "npm_proxy",
            "quarantineDate": "2021-03-24T17:36:34.612+0000",
            "dateCleared": "2021-03-24T18:53:45.588+0000",
            "quarantinePolicyViolations": [],
                        "componentIdentifier": {
                "format": "npm",
                "coordinates": {
                    "packageId": "1_test",
                    "version": "0.0.0"
                }
            },
                        "pathname": "1_test/-/1_test-0.0.0.tgz",
            "hash": "2cfd634fae225311e3b6",
            "matchState": "exact",
            "repositoryId": "298bf707fd4f4323b7a0200b8dddd201",
            "quarantined": false
        },
        {
            "displayName": "rc-util : 5.9.5",
            "repository": "npm_proxy",
            "quarantineDate": "2021-03-24T14:45:02.567+0000",
            "dateCleared": "2021-03-24T18:53:46.115+0000",
            "quarantinePolicyViolations": [],
                        "componentIdentifier": {
                "format": "npm",
                "coordinates": {
                    "packageId": "rc-util",
                    "version": "1.2.0"
                }
            },
                        "pathname": "rc-util/-/rc-util-5.9.5.tgz",
            "hash": "b3e3c46f8a404334a2b3a5633d4f0be7",
            "matchState": "exact",
            "repositoryId": "298bf707fd4f4323b7a0200b8dddd201",
            "quarantined": false
        }
    ]
}

Item

Description

total

Total number of records this query can return across all pages

page

Page number specified on the query

pageSize

Page size specified on the query

pageCount

Total number of pages this query can return

displayName

Name of the component and version

repository

Repository where the component is installed

quarantineDate

The date and time when the component was quarantined

dateCleared

The date and time when the component was released from quarantine.

quarantinePolicyViolations

Policy violations that caused this component to be quarantined. This will be empty for components automatically released from quarantine.

Refer to Policy Violation REST API - v2#v2-Step2-GetthePolicyViolations for more details on the JSON structure.

componentIdentifier

The format and coordinates for the claimed component.

pathname

The component path in the repository.

hash

The component hash.

matchState

Verify if the comparison of a component to known components is or is not a match in one of the following ways: Exact, Similar, or Unknown.

repositoryId

The repository ID where the component is installed.

quarantined

Whether the component is quarantined or not.

GET List of Quarantined Components

Issue a GET request to get a summary of quarantine components

GET /api/v2/firewall/components/quarantined?page=1&pageSize=10&policyId=384b7857d9b5424d91e00a0b945e3ec8&componentName=add&sortBy=releaseQuarantineTime&asc=true

Example command

curl -u admin:admin123 http://localhost:8070/api/v2/firewall/components/quarantined?page=1&pageSize=10&policyId=384b7857d9b5424d91e00a0b945e3ec8&componentName=add&sortBy=quarantineTime&asc=true

Example JSON response

{
    "total": 1,
    "page": 1,
    "pageSize": 10,
    "pageCount": 1,
    "results": [
        {
            "displayName": "add-fedops : 0.0.0",
            "repository": "npm_proxy",
            "quarantineDate": "2021-03-29T14:43:51.477+0000",
            "dateCleared": null,
            "quarantinePolicyViolations": [
                {
                    "policyId": "384b7857d9b5424d91e00a0b945e3ec8",
                    "policyName": "Integrity-Rating",
                    "policyViolationId": "974d9e6cd7924ecdb622f9f7cef47510",
                    "threatLevel": 9,
                    "constraintViolations": [
                        {
                            "constraintId": "f03a3a2abdf94703a019e37b8c5cdc16",
                            "constraintName": "Suspicious integrity rating",
                            "reasons": [
                                {
                                    "reason": "Integrity Rating was Suspicious",
                                    "reference": null
                                }
                            ]
                        }
                    ]
                }
            ],
                        "componentIdentifier": {
                "format": "npm",
                "coordinates": {
                    "packageId": "add-fedops",
                    "version": "0.0.0"
                }
            },
                        "pathname": "add-fedops/-/add-fedops-0.0.0.tgz",
            "hash": "b1b6ea3b7e4aa4f49250",
            "matchState": "exact",
            "repositoryId": "298bf707fd4f4323b7a0200b8dddd201",
            "quarantined": true
        }
    ]
}

PUT Configure Anonymous Access for the Quarantined Component View

Issue a PUT request to enable or disable anonymous access for the Quarantined Component View

  • Anonymous access to the Quarantined Component View is enabled by default

PUT /api/v2/firewall/quarantinedComponentView/configuration/anonymousAccess/false

Example command

curl -u admin:admin123 -X PUT http://localhost:8070/api/v2/firewall/quarantinedComponentView/configuration/anonymousAccess/false

GET Repository Manager Configurations

Issue a GET request to get the configuration for all configured repository managers.

  • A 200 response is returned when successful

GET /api/v2/firewall/repositoryManagers

Example

curl -u admin:admin123 -X GET "http://localhost:8070/api/v2/firewall/repositoryManagers"

Example response

{
        "repositoryManagers": [
            {
                        "id": "02bafbc10b3545eeb949db5b248df2a8",
                        "name": null,
                        "instanceId": "060BCE87-FF88120D-15BE693B-15B5880C-C5B80470",
                        "productName": "Nexus",
                        "productVersion": "3.60.0"
                }
        ]
}

Add Repository Manager Configuration

Issue a POST request to add a repository manager:

POST /api/v2/firewall/repositoryManagers

and include the json data specifiying the repository manager to be added:

{
        "name": "My Repository Manager",
        "instanceId": "060BCE87-FF88120D-15BE693B-15B5880C-C5B80477",
        "productName": "Nexus",
        "productVersion": "3.60.0"
}

The command returns the configuration of the newly created repository manager, including its ID. A 200 response is returned when successful.

Example

curl -u admin:admin123 -X POST -H "Content-Type: application/json" -d '{"name": "My Repository Manager", "instanceId": "060BCE87-FF88120D-15BE693B-15B5880C-C5B80477", "productName": "Nexus", "productVersion": "3.60.0"}' "http://localhost:8070/api/v2/firewall/repositoryManagers"

Example response

{
        "id":"0160d7c72c9946c3bece12bc8441dc7e",
        "name": "My Repository Manager",
        "instanceId": "060BCE87-FF88120D-15BE693B-15B5880C-C5B80477",
        "productName": "Nexus",
        "productVersion": "3.60.0"
}

GET Repository Configurations for a Repository Manager

Issue a GET request to get the configuration for a specific repository manager. The <repositoryManagerId> can be found using the 'Get repository managers configurations' endpoint.

  • A 200 response is returned when successful

GET /api/v2/firewall/repositories/configuration/<repositoryManagerId>

Example

curl -u admin:admin123 -X GET "http://localhost:8070/api/v2/firewall/repositories/configuration/2d093cc49e0b4146ba67d529eb57e663"

Example response

{
        "repositories": [
                {
                        "repositoryId": "e24c0dc8e24a4b53b949c49faa14da0b",
                        "publicId": "maven-remote",
                        "format": "maven2",
                        "type": "proxy",
                        "auditEnabled": true,
                        "quarantineEnabled": true,
                        "policyCompliantComponentSelectionEnabled": false,
                        "namespaceConfusionProtectionEnabled": false
                }
        ]
}

Add/Update Repository Configurations for a Repository Manager

Issue a POST request to add/update repository configurations for a repository manager. The <repositoryManagerId> is found using the 'Get repository managers configurations' endpoint.

  • A 204 response is returned when successful

POST /api/v2/firewall/repositories/configuration/<repositoryManagerId>

Example

curl -u admin:admin123 -X POST -H "Content-Type: application/json" "http://localhost:8070/api/v2/firewall/repositories/configuration/2d093cc49e0b4146ba67d529eb57e663" -d '{"repositories":[{"publicId":"my-repo-1", "format":"maven2", "type":"proxy", "auditEnabled":true, "quarantineEnabled":true, "policyCompliantComponentSelectionEnabled":false, "namespaceConfusionProtectionEnabled":false}]}'

GET Firewall Metrics

Issue a GET request to get the following Firewall Metrics:

  • Supply chain attacks blocked

  • Components quarantined

  • Safer versions are selected automatically

  • Namespace attacks blocked

  • Components auto-released

  • Waived components

A 200 response is returned when successful

GET /api/v2/firewall/metrics/embedded

Example

curl -u admin:admin123 -X GET 'http://localhost:8070/api/v2/firewall/metrics/embedded'

Example response

{
  "SAFE_VERSIONS_SELECTED_AUTOMATICALLY": {
    "firewallMetricsValue": 3,
    "latestUpdatedTime": "2024-01-10T07:02:26.000-05:00"
  },
  "COMPONENTS_AUTO_RELEASED": {
    "firewallMetricsValue": 2,
    "latestUpdatedTime": "2024-01-10T07:02:26.000-05:00"
  },    
  "NAMESPACE_ATTACKS_BLOCKED": {
    "firewallMetricsValue": 4,
    "latestUpdatedTime": "2024-01-10T07:02:26.000-05:00"
  },    
  "SUPPLY_CHAIN_ATTACKS_BLOCKED": {
    "firewallMetricsValue": 1,
    "latestUpdatedTime": "2023-11-15T07:02:26.000-05:00"
  },    
  "WAIVED_COMPONENTS": {
    "firewallMetricsValue": 3,
    "latestUpdatedTime": "2024-01-10T09:12:26.000-05:00"    
  },    
  "COMPONENTS_QUARANTINED": {
    "firewallMetricsValue": 4,
    "latestUpdatedTime": "2024-01-08T09:12:26.000-05:00"    
  }
}