Component Details API - v2

The Component Details API provides all available (to Sonatype) security vulnerability, license data, age, and popularity information for a specified component. What is not included, is any information related to policy violations for an evaluated application.

If you are looking for component information for a component that has been evaluated as part of an application, please see the Component Details by Report API.

This API uses POST REST resource

Below, we have provided a step-by-step example using the HTTP client cURL, though any HTTP client could be used.

Step 1: Get the Component HASH or Component Identifier

Depending on the type of component, and the information you have, the API allows you to specify the component hash, the component identifier, or both. In our example we’ll be searching using Maven coordinates.

If desired you can specify more than one component.

Step 2 - Submit the Specified Component to Retrieve Details

First let’s take a look at the POST resource:

POST api/v2/components/details

You will also need to include JSON data specifying the component information you are providing.

{
  "components": [
    {
      "hash": null,
      "componentIdentifier": {
        "format": "maven",
        "coordinates": {
          "artifactId": "tomcat-util",
          "extension": "jar",
          "groupId": "tomcat",
          "version": "5.5.23"
         }
      }
    }
  ]
}

Putting this together with the cURL command, as well as including the IQ Server URL for the POST resource path, you should have something that looks like this:

curl -u admin:admin123 -X POST -H "Content-Type: application/json" -d '{"components":[{"hash": null,"componentIdentifier": {"format":"maven","coordinates": {"artifactId":"tomcat-util","extension":"jar","groupId":"tomcat","version":"5.5.23"}}}]}' 'http://localhost:8070/api/v2/components/details'

The IQ Server will then respond with the component details. An example is provided below.

{
   "componentDetails":[
      {
         "component":{
            "hash":"1249e25aebb15358bedd",
            "componentIdentifier":{
               "format":"maven",
               "coordinates":{
                  "artifactId":"tomcat-util",
                  "classifier":"",
                  "extension":"jar",
                  "groupId":"tomcat",
                  "version":"5.5.23"
               }
            }
         },
         "matchState":"exact",
         "catalogDate":"2008-01-29T01:45:22.000-05:00",
         "relativePopularity":100,
         "licenseData":{
            "declaredLicenses":[
               {
                  "licenseId":"Apache-2.0",
                  "licenseName":"Apache-2.0"
               }
            ],
            "observedLicenses":[
               {
                  "licenseId":"No-Sources",
                  "licenseName":"No Sources"
               }
            ]
         },
         "securityData":{
            "securityIssues":[
               {
                  "source":"cve",
                  "reference":"CVE-2007-3385",
                  "severity":4.3,
                  "url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385",
                  "threatCategory":"severe"
               },
               {
                  "source":"cve",
                  "reference":"CVE-2007-5333",
                  "severity":5.0,
                  "url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333",
                  "threatCategory":"severe"
               },
               {
                  "source":"cve",
                  "reference":"CVE-2011-2526",
                  "severity":4.4,
                  "url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526",
                  "threatCategory":"severe"
               },
               {
                  "source":"cve",
                  "reference":"CVE-2012-0022",
                  "severity":5.0,
                  "url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022",
                  "threatCategory":"severe"
               },
               {
                  "source":"osvdb",
                  "reference":"37071",
                  "severity":4.3,
                  "url":"http://osvdb.org/37071",
                  "threatCategory":"severe"
               },
               {
                  "source":"osvdb",
                  "reference":"41435",
                  "severity":5.0,
                  "url":"http://osvdb.org/41435",
                  "threatCategory":"severe"
               },
               {
                  "source":"osvdb",
                  "reference":"73797",
                  "severity":4.4,
                  "url":"http://osvdb.org/73797",
                  "threatCategory":"severe"
               },
               {
                  "source":"osvdb",
                  "reference":"73798",
                  "severity":4.4,
                  "url":"http://osvdb.org/73798",
                  "threatCategory":"severe"
               },
               {
                  "source":"osvdb",
                  "reference":"78573",
                  "severity":5.0,
                  "url":"http://osvdb.org/78573",
                  "threatCategory":"severe"
               }
            ]
         }
      }
   ]
}