Firewall REST API - v2
Requirements
Only applicable with the Firewall license
GET Auto-Released from Quarantine Summary
NEXT-GEN FIREWALL
Issue a GET request for a summary of auto-released from quarantine components.
GET /api/v2/firewall/releaseQuarantine/summary
Example command
curl -u admin:admin123 http://localhost:8070/api/v2/firewall/releaseQuarantine/summary
Example JSON response
{ "autoReleaseQuarantineCountMTD": 3, "autoReleaseQuarantineCountYTD": 120 }
Item | Description |
---|---|
autoReleaseQuarantineCountMTD | The number of auto-released from quarantine components from the start of the current month to the current date |
autoReleaseQuarantineCountYTD | The number of auto-released from quarantine components from the start of the current year to the current date |
GET Quarantined Components Summary
Issue a GET request for a summary of quarantined components.
GET /api/v2/firewall/quarantine/summary
Example command
curl -u admin:admin123 http://localhost:8070/api/v2/firewall/quarantine/summary
Example JSON response
{ "repositoryCount": 2, "quarantineEnabledRepositoryCount": 2, "quarantineEnabled": true, "totalComponentCount": 25, "quarantinedComponentCount": 0 }
Item | Description |
---|---|
repositoryCount | The total number of repositories |
quarantineEnabledRepositoryCount | The total number of repositories with the quarantine capability enabled |
quarantineEnabled | The true if any repository has the quarantine capability enabled, false otherwise |
totalComponentCount | The total number of components across all repositories |
quarantinedComponentCount | The total number of quarantined components |
GET Auto-Released from Quarantine Config
NEXT-GEN FIREWALL
Issue a GET request for a list of policy condition types that are configurable for auto-release from quarantine and whether they have auto-release from quarantine capability turned on or not.
GET /api/v2/firewall/releaseQuarantine/configuration
Example command
curl -u admin:admin123 http://localhost:8070/api/v2/firewall/releaseQuarantine/configuration
Example JSON response
[ { "id": "IntegrityRating", "name": "Integrity Rating", "autoReleaseQuarantineEnabled": true }, { "id": "License", "name": "License", "autoReleaseQuarantineEnabled": true }, { "id": "License Threat Group", "name": "License Threat Group", "autoReleaseQuarantineEnabled": true }, { "id": "SecurityVulnerabilitySeverity", "name": "Security Vulnerability Severity", "autoReleaseQuarantineEnabled": true }, { "id": "SecurityVulnerabilityCategory", "name": "Security Vulnerability Category", "autoReleaseQuarantineEnabled": true } ]
PUT to Update Auto-Released from Quarantine Config
NEXT-GEN FIREWALL
You can enable or disable the auto-release from quarantine capability on some or all of the policy condition types that are configurable for auto-release from quarantine by issuing the PUT request:
PUT /api/v2/firewall/releaseQuarantine/configuration
You will also need to include JSON data specifying the policy condition types that need to be updated. For example:
[ { "id": "IntegrityRating", "autoReleaseQuarantineEnabled": true }, { "id": "License", "autoReleaseQuarantineEnabled": false } ]
The above request only enables auto-release from quarantine capability on the Integrity Rating policy condition type and disables it for the License policy condition type. Other policy condition types not part of the JSON body are not updated.
Example command
curl -u admin:admin123 -X PUT -H "Content-Type: application/json" -d '[{"id":"IntegrityRating","name":"Integrity Rating","autoReleaseQuarantineEnabled":true},{"id":"License","name":"License","autoReleaseQuarantineEnabled":false}]' http://localhost:8070/api/v2/firewall/releaseQuarantine/configuration
Example JSON response
[ { "id": "IntegrityRating", "name": "Integrity Rating", "autoReleaseQuarantineEnabled": true }, { "id": "License", "name": "License", "autoReleaseQuarantineEnabled": false }, { "id": "License Threat Group", "name": "License Threat Group", "autoReleaseQuarantineEnabled": true }, { "id": "SecurityVulnerabilitySeverity", "name": "Security Vulnerability Severity", "autoReleaseQuarantineEnabled": true }, { "id": "SecurityVulnerabilityCategory", "name": "Security Vulnerability Category", "autoReleaseQuarantineEnabled": true } ]
GET List of Auto-Released from Quarantine Components
NEXT-GEN FIREWALL
Issue a GET request to get a summary of auto-released from quarantine components.
GET /api/v2/firewall/components/autoReleasedFromQuarantine?page=1&pageSize=10&policyId=384b7857d9b5424d91e00a0b945e3ec8&componentName=t&sortBy=releaseQuarantineTime&asc=true
Query Parameter | Description | Optional | Default Value |
---|---|---|---|
page | The pagination page number. The minimum allowed page number is 1. | Yes | 1 |
pageSize | The maximum number of records to return per page. The value should be between 1 and 10000. | Yes | 10 |
policyId | When provided, the API returns only the components that have a policy violation that causes quarantine (fail action) against the policy with this ID. | Yes | |
componentName | RELEASE 160 When provided, the API returns only the components with display names that contain (case-insensitively) the value of this parameter. | Yes | |
sortBy | The field the records to be sorted by. For now, the API only supports sorting by Quarantined components can only be sorted by | Yes | Auto-Released from Quarantine Components: Quarantined Components: |
asc | A boolean value indicates the order of sorting.
| Yes | true |
Example command
curl -u admin:admin123 http://localhost:8070/api/v2/firewall/components/autoReleasedFromQuarantine?page=1&pageSize=10&policyId=384b7857d9b5424d91e00a0b945e3ec8&componentName=t&sortBy=releaseQuarantineTime&asc=true
Example JSON response
{ "total": 2, "page": 1, "pageSize": 10, "pageCount": 1, "results": [ { "displayName": "1_test : 0.0.0", "repository": "npm_proxy", "quarantineDate": "2021-03-24T17:36:34.612+0000", "dateCleared": "2021-03-24T18:53:45.588+0000", "quarantinePolicyViolations": [], "componentIdentifier": { "format": "npm", "coordinates": { "packageId": "1_test", "version": "0.0.0" } }, "pathname": "1_test/-/1_test-0.0.0.tgz", "hash": "2cfd634fae225311e3b6", "matchState": "exact", "repositoryId": "298bf707fd4f4323b7a0200b8dddd201", "quarantined": false }, { "displayName": "rc-util : 5.9.5", "repository": "npm_proxy", "quarantineDate": "2021-03-24T14:45:02.567+0000", "dateCleared": "2021-03-24T18:53:46.115+0000", "quarantinePolicyViolations": [], "componentIdentifier": { "format": "npm", "coordinates": { "packageId": "rc-util", "version": "1.2.0" } }, "pathname": "rc-util/-/rc-util-5.9.5.tgz", "hash": "b3e3c46f8a404334a2b3a5633d4f0be7", "matchState": "exact", "repositoryId": "298bf707fd4f4323b7a0200b8dddd201", "quarantined": false } ] }
Item | Description |
---|---|
total | Total number of records this query can return across all pages |
page | Page number specified on the query |
pageSize | Page size specified on the query |
pageCount | Total number of pages this query can return |
displayName | Name of the component and version |
repository | Repository where the component is installed |
quarantineDate | The date and time when the component was quarantined |
dateCleared | The date and time when the component was released from quarantine. |
quarantinePolicyViolations | Policy violations that caused this component to be quarantined. This will be empty for components automatically released from quarantine. Refer to Policy Violation REST API - v2 for more details on the JSON structure. |
componentIdentifier | The format and coordinates for the claimed component. |
pathname | The component path in the repository. |
hash | The component hash. |
matchState | Verify if the comparison of a component to known components is or is not a match in one of the following ways: Exact, Similar, or Unknown. |
repositoryId | The repository ID where the component is installed. |
quarantined | Whether the component is quarantined or not. |
GET List of Quarantined Components
Issue a GET request to get a summary of auto-released from quarantine components
GET /api/v2/firewall/components/quarantined?page=1&pageSize=10&policyId=384b7857d9b5424d91e00a0b945e3ec8&componentName=add&sortBy=releaseQuarantineTime&asc=true
Example command
curl -u admin:admin123 http://localhost:8070/api/v2/firewall/components/quarantined?page=1&pageSize=10&policyId=384b7857d9b5424d91e00a0b945e3ec8&componentName=add&sortBy=quarantineTime&asc=true
Example JSON response
{ "total": 1, "page": 1, "pageSize": 10, "pageCount": 1, "results": [ { "displayName": "add-fedops : 0.0.0", "repository": "npm_proxy", "quarantineDate": "2021-03-29T14:43:51.477+0000", "dateCleared": null, "quarantinePolicyViolations": [ { "policyId": "384b7857d9b5424d91e00a0b945e3ec8", "policyName": "Integrity-Rating", "policyViolationId": "974d9e6cd7924ecdb622f9f7cef47510", "threatLevel": 9, "constraintViolations": [ { "constraintId": "f03a3a2abdf94703a019e37b8c5cdc16", "constraintName": "Suspicious integrity rating", "reasons": [ { "reason": "Integrity Rating was Suspicious", "reference": null } ] } ] } ], "componentIdentifier": { "format": "npm", "coordinates": { "packageId": "add-fedops", "version": "0.0.0" } }, "pathname": "add-fedops/-/add-fedops-0.0.0.tgz", "hash": "b1b6ea3b7e4aa4f49250", "matchState": "exact", "repositoryId": "298bf707fd4f4323b7a0200b8dddd201", "quarantined": true } ] }
PUT Configure Anonymous Access for the Quarantined Component View
Issue a PUT request to enable or disable anonymous access for the Quarantined Component View
- Anonymous access to the Quarantined Component View is enabled by default
PUT /api/v2/firewall/quarantinedComponentView/configuration/anonymousAccess/false
Example command
curl -u admin:admin123 -X PUT http://localhost:8070/api/v2/firewall/quarantinedComponentView/configuration/anonymousAccess/false
GET Repository Manager Configurations
RELEASE 168
Issue a GET request to get the configuration for all configured repository managers.
- A 200 response is returned when successful
GET /api/v2/firewall/repositoryManagers
Example command
curl -u admin:admin123 -X GET "http://localhost:8070/api/v2/firewall/repositoryManagers"
Example JSON response
{ "repositoryManagers": [ { "id": "02bafbc10b3545eeb949db5b248df2a8", "name": null, "instanceId": "060BCE87-FF88120D-15BE693B-15B5880C-C5B80470", "productName": "Nexus", "productVersion": "3.60.0" } ] }
Add Repository Manager Configuration
RELEASE 169
Issue a POST request to add a repository manager:
POST /api/v2/firewall/repositoryManagers
and include the json data specifiying the repository manager to be added:
{ "name": "My Repository Manager", "instanceId": "060BCE87-FF88120D-15BE693B-15B5880C-C5B80477", "productName": "Nexus", "productVersion": "3.60.0" }
The command returns the configuration of the newly created repository manager, including its ID. A 200 response is returned when successful.
Example command:
curl -u admin:admin123 -X POST -H "Content-Type: application/json" -d '{"name": "My Repository Manager", "instanceId": "060BCE87-FF88120D-15BE693B-15B5880C-C5B80477", "productName": "Nexus", "productVersion": "3.60.0"}' "http://localhost:8070/api/v2/firewall/repositoryManagers"
Example JSON response:
{ "id":"0160d7c72c9946c3bece12bc8441dc7e", "name": "My Repository Manager", "instanceId": "060BCE87-FF88120D-15BE693B-15B5880C-C5B80477", "productName": "Nexus", "productVersion": "3.60.0" }
GET Repository Configurations for a Repository Manager
RELEASE 168
Issue a GET request to get the configuration for a specific repository manager. The <repositoryManagerId> can be found using the 'Get repository managers configurations' endpoint.
- A 200 response is returned when successful
GET /api/v2/firewall/repositories/configuration/<repositoryManagerId>
Example command
curl -u admin:admin123 -X GET "http://localhost:8070/api/v2/firewall/repositories/configuration/2d093cc49e0b4146ba67d529eb57e663"
Example JSON response
{ "repositories": [ { "repositoryId": "e24c0dc8e24a4b53b949c49faa14da0b", "publicId": "maven-remote", "format": "maven2", "type": "proxy", "auditEnabled": true, "quarantineEnabled": true, "policyCompliantComponentSelectionEnabled": false, "namespaceConfusionProtectionEnabled": false } ] }
Add/Update Repository Configurations for a Repository Manager
RELEASE 168
Issue a POST request to add/update repository configurations for a repository manager. The <repositoryManagerId> is found using the 'Get repository managers configurations' endpoint.
- A 204 response is returned when successful
POST /api/v2/firewall/repositories/configuration/<repositoryManagerId>
Example command
curl -u admin:admin123 -X POST -H "Content-Type: application/json" "http://localhost:8070/api/v2/firewall/repositories/configuration/2d093cc49e0b4146ba67d529eb57e663" -d '{"repositories":[{"publicId":"my-repo-1", "format":"maven2", "type":"proxy", "auditEnabled":true, "quarantineEnabled":true, "policyCompliantComponentSelectionEnabled":false, "namespaceConfusionProtectionEnabled":false}]}'