Component Details REST API - v2

The Component Details REST API - v2 provides information on security vulnerability, license data, age, and popularity information for a specified component.

Methods supported:

  1. POST
POST api/v2/components/details

Using the POST request, this API can be used to retrieve component data in 3 ways:

  1. Passing the componentIdentifier object
  2. Passing the packageURL identifier for the component
  3. Passing the hash for the component

Example 1: Passing the componentIdentifier

In our example we’ll be searching using Maven coordinates.

Include the componentIdentfier as JSON

{
  "components": [
    {
        "componentIdentifier": {
        "format": "maven",
        "coordinates": {
          "artifactId": "tomcat-util",
          "extension": "jar",
          "groupId": "tomcat",
          "version": "5.5.23"
         }
      }
    }
  ]
}

Putting this together with the cURL command, as well as including the IQ Server URL for the POST resource path, you should have something that looks like this:

curl -u admin:admin123 -X POST -H "Content-Type: application/json" -d '{"components":[{"hash": null,"componentIdentifier": {"format":"maven","coordinates": {"artifactId":"tomcat-util","extension":"jar","groupId":"tomcat","version":"5.5.23"}}}]}' 'http://localhost:8070/api/v2/components/details'

Example 2: Passing the packageURL Identifier

Example for retrieving information on a Maven component:

{
 "components": [
   {
     "packageUrl":"pkg:maven/tomcat/tomcat-util@5.5.23?type=jar"
   }
 ]
}

cURL command to run this request:

curl -u admin:admin123 -X POST -H "Content-Type: application/json" -d '{"components":[{"packageUrl":"pkg:maven/tomcat/tomcat-util@5.5.23?type=jar"}]}' 'http://localhost:8070/api/v2/components/details'

Example 3: Passing the hash for the component

Example for retrieving details based on component hash:

curl -u admin:admin123 -X POST -H "Content-Type: application/json" -d '{"components":[{"hash":"1249e25aebb15358beddd23d4cb09d793c75c33d"}]}' 'http://localhost:8070/api/v2/components/details'

Response Fields:

IQ Server will respond with the component details as shown below. Please note that the returned hash value is truncated and is meant to be used as an identifier that can be passed into subsequent REST API calls. It is not intended to be used as a checksum. 


{
   "componentDetails":[
      {
         "component":{
            "packageUrl": "pkg:maven/tomcat/tomcat-util@5.5.23?type=jar",
            "hash":"1249e25aebb15358bedd",
            "componentIdentifier":{
               "format":"maven",
               "coordinates":{
                  "artifactId":"tomcat-util",
                  "classifier":"",
                  "extension":"jar",
                  "groupId":"tomcat",
                  "version":"5.5.23"
               }
            },
            "displayName": "tomcat : tomcat-util : 5.5.23"
         },
         "matchState":"exact",
         "catalogDate":"2008-01-29T01:45:22.000-05:00",
         "relativePopularity":100,
         "hygieneRating": "Exemplar",
         "integrityRating": "Pending",
         "licenseData":{
            "declaredLicenses":[
               {
                  "licenseId":"Apache-2.0",
                  "licenseName":"Apache-2.0"
               }
            ],
            "observedLicenses":[
               {
                  "licenseId":"No-Sources",
                  "licenseName":"No Sources"
               }
            ],
            "effectiveLicenses":[
               {
                  "licenseId":"Apache-2.0",
                  "licenseName":"Apache-2.0"
               }
            ]
         },
         "securityData":{
            "securityIssues":[
               {
                  "source":"cve",
                  "reference":"CVE-2007-3385",
                  "severity":4.3,
                  "url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385",
                  "threatCategory":"severe"
               },
               {
                  "source":"cve",
                  "reference":"CVE-2007-5333",
                  "severity":5.0,
                  "url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333",
                  "threatCategory":"severe"
               },
               {
                  "source":"cve",
                  "reference":"CVE-2011-2526",
                  "severity":4.4,
                  "url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526",
                  "threatCategory":"severe"
               },
               {
                  "source":"cve",
                  "reference":"CVE-2012-0022",
                  "severity":5.0,
                  "url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022",
                  "threatCategory":"severe"
               },
               {
                  "source":"osvdb",
                  "reference":"37071",
                  "severity":4.3,
                  "url":"http://osvdb.org/37071",
                  "threatCategory":"severe"
               },
               {
                  "source":"osvdb",
                  "reference":"41435",
                  "severity":5.0,
                  "url":"http://osvdb.org/41435",
                  "threatCategory":"severe"
               },
               {
                  "source":"osvdb",
                  "reference":"73797",
                  "severity":4.4,
                  "url":"http://osvdb.org/73797",
                  "threatCategory":"severe"
               },
               {
                  "source":"osvdb",
                  "reference":"73798",
                  "severity":4.4,
                  "url":"http://osvdb.org/73798",
                  "threatCategory":"severe"
               },
               {
                  "source":"osvdb",
                  "reference":"78573",
                  "severity":5.0,
                  "url":"http://osvdb.org/78573",
                  "threatCategory":"severe"
               }
            ]
         },
         "projectData" : {
            "firstReleaseDate" : "2008-01-24T03:19:17.000-07:00",
            "lastReleaseDate" : "2008-01-24T03:19:17.000-07:00",
            "projectMetadata" : {
               "description" : "The Apache Software Foundation provides support for the Apache community of open-source software projects.\n    The Apache projects are characterized by a collaborative, consensus based development process, an open and\n    pragmatic software license, and a desire to create high quality software that leads the way in its field.\n    We consider ourselves not simply a group of projects sharing a server, but rather a community of developers\n    and users.",
               "organization" : "The Apache Software Foundation"
            },
            "sourceControlManagement" : {
               "scmUrl" : "https://svn.apache.org/repos/asf/maven/pom/tags/apache-4/tomcat-parent/tomcat-util"
            }
         }
      }
   ]
}

Change history for Component Details REST API - v2 

NameTypeRelease supported from 
integrityRatingresponse fieldRelease 134
hygieneRatingresponse fieldRelease 134
projectDataresponse fieldRelease 100
effectiveLicensesresponse fieldRelease 88
packageURLresponse fieldRelease 67
packageURLinput parameterRelease 67

Other Related APIs:

To retreive component data related to Application Composition Report, after application evaluation, use Report-related REST APIs - v2