Security Vulnerability Override API
API to obtain the status (Security Vulnerability Override) of security vulnerabilities in the system, when one has been applied at a point in time.
Available endpoints
Get security vulnerability overrides
This endpoint returns existing security vulnerability overrides, for applications and repositories the calling user has access to.
GET /api/v2/securityOverrides[?filter=filterValue]
Using the available filters is strongly recommended in order to reduce the response time and returned data of the API; however, these are optional and all the information can be queried if necessary without using them.
The API supports the following filters:
purl: The component identifier in Package-URL format (pkg:format/GroupCoord/ArtifactCoord@VersionCoord)
refId: The reference id of the security vulnerability (sonatype-2019-0115)
ownerId: The id of the owner of the security vulnerability
Using curl as an example on a typical local installation, you can use the following command to communicate with this endpoint (the following example uses filtering by ownerId)
curl -u admin:admin123 -X GET 'http://localhost:8070/api/v2/securityOverrides?ownerId=bef62081db3140b49274bb807bbbc60e'
Response Data
Here is the example of a response for a call to the endpoint described above
{
"securityOverrides":[
{
"securityOverrideId":"b318b2555bac47089d00bdad1eb11a4c",
"hash":"894ebaea50d38ef8776d",
"referenceId":"CVE-2020-11023",
"status":"Not Applicable",
"comment":"This security vulnerability is not currently applicable",
"owner":{
"ownerPublicId":"nemesis",
"ownerId":"bef62081db3140b49274bb807bbbc60e",
"ownerName":"Nemesis",
"ownerType":"APPLICATION"
},
"currentlyAffectedComponents":[
{
"packageUrl":"pkg:a-name/jQuery@1.6.4",
"hash":"894ebaea50d38ef8776d",
"componentIdentifier":{
"format":"a-name",
"coordinates":{
"name":"jQuery",
"qualifier":"",
"version":"1.6.4"
}
},
"proprietary":false,
"thirdParty":false
}
]
}
]
}