Component Details REST API - v2
The Component Details REST API - v2 provides information on security vulnerability, license data, age, and popularity information for a specified component.
Methods supported:
- POST
POST api/v2/components/details
Using the POST request, this API can be used to retrieve component data in 3 ways:
- Passing the componentIdentifier object
- Passing the packageURL identifier for the component
- Passing the hash for the component
Example 1: Passing the componentIdentifier
In our example we’ll be searching using Maven coordinates.
Include the componentIdentfier as JSON
{
"components": [
{
"componentIdentifier": {
"format": "maven",
"coordinates": {
"artifactId": "tomcat-util",
"extension": "jar",
"groupId": "tomcat",
"version": "5.5.23"
}
}
}
]
}Putting this together with the cURL command, as well as including the IQ Server URL for the POST resource path, you should have something that looks like this:
curl -u admin:admin123 -X POST -H "Content-Type: application/json" -d '{"components":[{"hash": null,"componentIdentifier": {"format":"maven","coordinates": {"artifactId":"tomcat-util","extension":"jar","groupId":"tomcat","version":"5.5.23"}}}]}' 'http://localhost:8070/api/v2/components/details'Example 2: Passing the packageURL Identifier
Example for retrieving information on a Maven component:
{
"components": [
{
"packageUrl":"pkg:maven/tomcat/tomcat-util@5.5.23?type=jar"
}
]
}cURL command to run this request:
curl -u admin:admin123 -X POST -H "Content-Type: application/json" -d '{"components":[{"packageUrl":"pkg:maven/tomcat/tomcat-util@5.5.23?type=jar"}]}' 'http://localhost:8070/api/v2/components/details'Example 3: Passing the hash for the component
Example for retrieving details based on component hash:
curl -u admin:admin123 -X POST -H "Content-Type: application/json" -d '{"components":[{"hash":"1249e25aebb15358beddd23d4cb09d793c75c33d"}]}' 'http://localhost:8070/api/v2/components/details'Response Fields:
IQ Server will respond with the component details as shown below. Please note that the returned hash value is truncated and is meant to be used as an identifier that can be passed into subsequent REST API calls. It is not intended to be used as a checksum.
{
"componentDetails":[
{
"component":{
"packageUrl": "pkg:maven/tomcat/tomcat-util@5.5.23?type=jar",
"hash":"1249e25aebb15358bedd",
"componentIdentifier":{
"format":"maven",
"coordinates":{
"artifactId":"tomcat-util",
"classifier":"",
"extension":"jar",
"groupId":"tomcat",
"version":"5.5.23"
}
},
"displayName": "tomcat : tomcat-util : 5.5.23"
},
"matchState":"exact",
"catalogDate":"2008-01-29T01:45:22.000-05:00",
"relativePopularity":100,
"hygieneRating": "Exemplar",
"integrityRating": "Pending",
"licenseData":{
"declaredLicenses":[
{
"licenseId":"Apache-2.0",
"licenseName":"Apache-2.0"
}
],
"observedLicenses":[
{
"licenseId":"No-Sources",
"licenseName":"No Sources"
}
],
"effectiveLicenses":[
{
"licenseId":"Apache-2.0",
"licenseName":"Apache-2.0"
}
]
},
"securityData":{
"securityIssues":[
{
"source":"cve",
"reference":"CVE-2007-3385",
"severity":4.3,
"url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385",
"threatCategory":"severe"
},
{
"source":"cve",
"reference":"CVE-2007-5333",
"severity":5.0,
"url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333",
"threatCategory":"severe"
},
{
"source":"cve",
"reference":"CVE-2011-2526",
"severity":4.4,
"url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526",
"threatCategory":"severe"
},
{
"source":"cve",
"reference":"CVE-2012-0022",
"severity":5.0,
"url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022",
"threatCategory":"severe"
},
{
"source":"osvdb",
"reference":"37071",
"severity":4.3,
"url":"http://osvdb.org/37071",
"threatCategory":"severe"
},
{
"source":"osvdb",
"reference":"41435",
"severity":5.0,
"url":"http://osvdb.org/41435",
"threatCategory":"severe"
},
{
"source":"osvdb",
"reference":"73797",
"severity":4.4,
"url":"http://osvdb.org/73797",
"threatCategory":"severe"
},
{
"source":"osvdb",
"reference":"73798",
"severity":4.4,
"url":"http://osvdb.org/73798",
"threatCategory":"severe"
},
{
"source":"osvdb",
"reference":"78573",
"severity":5.0,
"url":"http://osvdb.org/78573",
"threatCategory":"severe"
}
]
},
"projectData" : {
"firstReleaseDate" : "2008-01-24T03:19:17.000-07:00",
"lastReleaseDate" : "2008-01-24T03:19:17.000-07:00",
"projectMetadata" : {
"description" : "The Apache Software Foundation provides support for the Apache community of open-source software projects.\n The Apache projects are characterized by a collaborative, consensus based development process, an open and\n pragmatic software license, and a desire to create high quality software that leads the way in its field.\n We consider ourselves not simply a group of projects sharing a server, but rather a community of developers\n and users.",
"organization" : "The Apache Software Foundation"
},
"sourceControlManagement" : {
"scmUrl" : "https://svn.apache.org/repos/asf/maven/pom/tags/apache-4/tomcat-parent/tomcat-util"
}
}
}
]
}Change history for Component Details REST API - v2
| Name | Type | Release supported from |
|---|---|---|
| integrityRating | response field | Release 134 |
| hygieneRating | response field | Release 134 |
| projectData | response field | Release 100 |
| effectiveLicenses | response field | Release 88 |
| packageURL | response field | Release 67 |
| packageURL | input parameter | Release 67 |
Other Related APIs:
To retreive component data related to Application Composition Report, after application evaluation, use Report-related REST APIs - v2