Similar Waivers REST API
You can use this REST API to retrieve all similar waivers that could potentially be applied a given policy violation.
A waiver is considered "similar" if it meets all of the following conditions:
The user has View permission for the waiver, i.e. View permission on the organization or application that the waiver is scoped to.
The waiver is created for the same policy.
The waiver is applicable to the current component, either by being an exact waiver, applicable to any version of the same component or by being applicable to “All components”.
The expiration date of the waiver is later than the current date.
The waiver is not already applicable to the policy violation.
For security violations only, a waiver is considered "similar" if the vulnerabilityId (CVE or Sonatype Id) matches the vulnerabilityId of the security violation.
GET Similar Waivers
The API can be accessed via the following endpoint as a GET request, relative to IQ Server's base URL.
GET /api/v2/policyViolations/{policyViolationId}/applicableWaiversNote
The Policy Violation ID can be obtained by Policy Violation REST API or Report Related REST API.
Assuming a local installation of IQ Server with its default configuration, the following example using cURL lists waivers that apply to a policy violation:
curl -u admin:admin123 -X GET -H "Content-Type: application/json" 'http://localhost:8070/api/v2/policyViolations/{policyViolationId}/applicableWaivers'Response
The response contains a list of waivers, where each waiver contains the following fields.
Response Field | Description |
|---|---|
policyWaiverId | A unique identifier that identifies this policy waiver. |
constraintFacts | A list of the constraintFacts that are applicable to the waiver. Used to match against potential applicable policy violations. |
constraintFactsJson | A JSON representation of constraintFacts. |
policyViolationId | The id of the policy violation on which the waiver is acting. |
comment | Comment text that was entered during waiver creation. |
createTime | The waiver creation time. |
expiryTime | The time after which the policy waiver is considered expired. This field may not be present in the response, in which case it indicates that the waiver is not set to expire. |
scopeOwnerType | The scope at which the waiver was applied. This can be one of three values:
|
scopeOwnerId | A unique identifier that identifies the scope. |
scopeOwnerName | The descriptive name of the scope. If the scope type is application, this will be the application name. If the scope type is organization, this will be the organization name. If the scope type is root_organization, this will be the root organization name. |
hash | If the waiver was applied to a specific component, this will contain the uniquely identifying hash of that component. If the waiver was applied to all components, the value for this property will be null. |
policyId | The unique id of the policy for which the waiver is applied. |
vulnerabilityId | The vulnerabilityId if it is a security policy. |
creatorId | The id (username) of the user that created the waiver |
creatorName | The full name of the user that created the waiver |
matcherStrategy | Enumeration field with 3 possible values EXACT_COMPONENT, ALL_COMPONENTS, ALL_VERSIONS. |
associatedPackageUrl | Package URL of the component, only present if the waiver is of type ALL_VERSIONS or EXACT_COMPONENT and is not an unknown component. |
componentIdentifier | Component Identifier, only present if the waiver is of type ALL_VERSIONS or EXACT_COMPONENT and is not an unknown component. |
displayName | Display Name, only present if the waiver is of type ALL_VERSIONS or EXACT_COMPONENT and is not an unknown component. |
Sample Response:
[
{
"policyWaiverId": "bea40e6ab8514227a3e17f2d890bcc7e",
"constraintFacts": [
{
"constraintId": "adc2b3bc98e1494d8eee349d1050f969",
"constraintName": "Critical risk CVSS score",
"operatorName": "AND",
"conditionFacts": [
{
"conditionTypeId": "SecurityVulnerabilitySeverity",
"conditionIndex": 0,
"summary": "Security Vulnerability Severity >= 9",
"reason": "Found security vulnerability CVE-2020-10683 with severity >= 9 (severity = 9.8)",
"reference": {
"value": "CVE-2020-10683",
"type": "SECURITY_VULNERABILITY_REFID"
},
"triggerJson": "{\"conditionIndex\":0,\"trigger\":{\"refId\":\"CVE-2020-10683\",\"severity\":9.8}}"
}
]
}
],
"constraintFactsJson": "[{\"constraintId\":\"adc2b3bc98e1494d8eee349d1050f969\",\"constraintName\":\"Critical risk CVSS score\",\"operatorName\":\"AND\",\"conditionFacts\":[{\"conditionTypeId\":\"SecurityVulnerabilitySeverity\",\"conditionIndex\":0,\"summary\":\"Security Vulnerability Severity >= 9\",\"reason\":\"Found security vulnerability CVE-2020-10683 with severity >= 9 (severity = 9.8)\",\"reference\":{\"value\":\"CVE-2020-10683\",\"type\":\"SECURITY_VULNERABILITY_REFID\"},\"triggerJson\":\"{\\\"conditionIndex\\\":0,\\\"trigger\\\":{\\\"refId\\\":\\\"CVE-2020-10683\\\",\\\"severity\\\":9.8}}\"}]}]",
"policyViolationId": "a29617dc4a094f7099617ad381899456",
"comment": "This is on app2",
"createTime": "2024-04-29T16:08:20.122+0000",
"expiryTime": "2024-05-14T05:59:59.999+0000",
"scopeOwnerType": "application",
"scopeOwnerId": "affb9abdd9244546a9626d568bc64dc5",
"scopeOwnerName": "app2webwolf",
"hash": "3dce5dbb3571aa820c67",
"policyId": "d36ff1fe8b9a43d8b90a09b5e0677b68",
"vulnerabilityId": "CVE-2020-10683",
"creatorId": "admin",
"creatorName": "Admin BuiltIn",
"matcherStrategy": "EXACT_COMPONENT",
"associatedPackageUrl": "pkg:maven/org.dom4j/dom4j@2.1.1?type=jar",
"componentIdentifier": {
"format": "maven",
"coordinates": {
"artifactId": "dom4j",
"extension": "jar",
"groupId": "org.dom4j",
"version": "2.1.1"
}
},
"displayName": {
"parts": [
{
"field": "Group",
"value": "org.dom4j"
},
{
"value": " : "
},
{
"field": "Artifact",
"value": "dom4j"
},
{
"value": " : "
},
{
"field": "Version",
"value": "2.1.1"
}
],
"name": "dom4j"
}
},
{...}
]