Security Vulnerability Override API
API to obtain the status (Security Vulnerability Override) of security vulnerabilities in the system, when one has been applied at a point in time.
Available endpoints
Get security vulnerability overrides
This endpoint returns existing security vulnerability overrides, for applications and repositories the calling user has access to.
GET /api/v2/securityOverrides[?filter=filterValue]
Using the available filters is strongly recommended in order to reduce the response time and returned data of the API; however, these are optional and all the information can be queried if necesssary without using them.
The API supports the following filters:
purl: The component identifier in purl format (pkg:format/GroupCoord/ArtifactCoord@VersionCoord)
refId: The reference id of the security vulnerability (sonatype-2019-0115)
ownerId: The id of the owner of the security vulnerability
Using curl as an example on a typical local installation, you can use the following command to communicate with this endpoint (the following example uses filtering by ownerId)
curl -u admin:admin123 -X GET 'http://localhost:8070/api/v2/securityOverrides?ownerId=bef62081db3140b49274bb807bbbc60e'
Response Data
Here is the example of a response for a call to the endpoint described above
{ "securityOverrides":[ { "securityOverrideId":"b318b2555bac47089d00bdad1eb11a4c", "hash":"894ebaea50d38ef8776d", "referenceId":"CVE-2020-11023", "status":"Not Applicable", "comment":"This security vulnerability is not currently applicable", "owner":{ "ownerPublicId":"nemesis", "ownerId":"bef62081db3140b49274bb807bbbc60e", "ownerName":"Nemesis", "ownerType":"APPLICATION" }, "currentlyAffectedComponents":[ { "packageUrl":"pkg:a-name/jQuery@1.6.4", "hash":"894ebaea50d38ef8776d", "componentIdentifier":{ "format":"a-name", "coordinates":{ "name":"jQuery", "qualifier":"", "version":"1.6.4" } }, "proprietary":false, "thirdParty":false } ] } ] }