Firewall REST API
Firewall Dashboard Metrics
Request to get the Firewall dashboard metrics.
GET /api/v2/firewall/metrics/embedded
curl -u admin:admin123 'http://localhost:8070/api/v2/firewall/metrics/embedded'
{
"SAFE_VERSIONS_SELECTED_AUTOMATICALLY": {
"firewallMetricsValue": 3,
"latestUpdatedTime": "2024-01-10T07:02:26.000-05:00"
},
"COMPONENTS_AUTO_RELEASED": {
"firewallMetricsValue": 2,
"latestUpdatedTime": "2024-01-10T07:02:26.000-05:00"
},
"NAMESPACE_ATTACKS_BLOCKED": {
"firewallMetricsValue": 4,
"latestUpdatedTime": "2024-01-10T07:02:26.000-05:00"
},
"SUPPLY_CHAIN_ATTACKS_BLOCKED": {
"firewallMetricsValue": 1,
"latestUpdatedTime": "2023-11-15T07:02:26.000-05:00"
},
"WAIVED_COMPONENTS": {
"firewallMetricsValue": 3,
"latestUpdatedTime": "2024-01-10T09:12:26.000-05:00"
},
"COMPONENTS_QUARANTINED": {
"firewallMetricsValue": 4,
"latestUpdatedTime": "2024-01-08T09:12:26.000-05:00"
}
}Quarantined components summary
Request for a summary of quarantined components.
GET /api/v2/firewall/quarantine/summary
curl -u admin:admin123 http://localhost:8070/api/v2/firewall/quarantine/summary
{
"repositoryCount": 2,
"quarantineEnabledRepositoryCount": 2,
"quarantineEnabled": true,
"totalComponentCount": 25,
"quarantinedComponentCount": 0
}Item | Description |
|---|---|
repositoryCount | The total number of repositories |
quarantineEnabledRepositoryCount | The total number of repositories with the quarantine capability enabled |
quarantineEnabled | The true if any repository has the quarantine capability enabled, false otherwise |
totalComponentCount | The total number of components across all repositories |
quarantinedComponentCount | The total number of quarantined components |
Auto-released from quarantine summary
Request for a summary of components auto-released from quarantine.
GET /api/v2/firewall/releaseQuarantine/summary
curl -u admin:admin123 http://localhost:8070/api/v2/firewall/releaseQuarantine/summary
{
"autoReleaseQuarantineCountMTD": 3,
"autoReleaseQuarantineCountYTD": 120
}Item | Description |
|---|---|
autoReleaseQuarantineCountMTD | The number of auto-released quarantine components from the start of the current month to the current date |
autoReleaseQuarantineCountYTD | The number of auto-released quarantine components from the start of the current year to the current date |
Configuration of auto-released from quarantine
List the configuration for auto-release from quarantine. This is a set of policy condition types configurable for auto-release from quarantine
GET /api/v2/firewall/releaseQuarantine/configuration
curl -u admin:admin123 \ http://localhost:8070/api/v2/firewall/releaseQuarantine/configuration
[
{
"autoReleaseQuarantineEnabled": true,
"id": "IntegrityRating",
"name": "Integrity Rating"
},
{
"autoReleaseQuarantineEnabled": false,
"id": "License",
"name": "License"
},
{
"autoReleaseQuarantineEnabled": false,
"id": "License Threat Group",
"name": "License Threat Group"
},
{
"autoReleaseQuarantineEnabled": false,
"id": "MatchState",
"name": "Match State"
},
{
"autoReleaseQuarantineEnabled": false,
"id": "SecurityVulnerabilitySeverity",
"name": "Security Vulnerability Severity"
},
{
"autoReleaseQuarantineEnabled": false,
"id": "SecurityVulnerabilityCategory",
"name": "Security Vulnerability Category"
},
{
"autoReleaseQuarantineEnabled": false,
"id": "SecurityVulnerabilityCustomRemediation",
"name": "Security Vulnerability Custom Remediation"
},
{
"autoReleaseQuarantineEnabled": false,
"id": "SecurityVulnerabilityCustomCVSSVectorString",
"name": "Security Vulnerability Custom CVSS"
},
{
"autoReleaseQuarantineEnabled": false,
"id": "SecurityVulnerabilityResearchType",
"name": "Security Research Type"
}
]
Update configuration for auto-releasing from quarantine
Set the auto-release from quarantine configuration. Use the get request for a list of the configurable properties.
PUT /api/v2/firewall/releaseQuarantine/configuration
[
{
"id": "IntegrityRating",
"autoReleaseQuarantineEnabled": true
},
{
"id": "License",
"autoReleaseQuarantineEnabled": false
}
]curl -X PUT -u admin:admin123 \
-H "Content-Type: application/json" \
-d '[{"id":"IntegrityRating","autoReleaseQuarantineEnabled":true},{"id":"License","autoReleaseQuarantineEnabled":false}]' \
http://localhost:8070/api/v2/firewall/releaseQuarantine/configurationThis request returns the updated list of properties from the GET request.
Components auto-released from quarantine
Report of components that have been auto-released from quarantine.
GET /api/v2/firewall/components/autoReleasedFromQuarantine?{parmeter1}={value1}&{parmeter2}={value2}curl -u admin:admin123 \ http://localhost:8070/api/v2/firewall/components/autoReleasedFromQuarantine?page=1&pageSize=10&policyId=384b7857d9b5424d91e00a0b945e3ec8&componentName=t&sortBy=releaseQuarantineTime&asc=true
Parameter | Description | Optional | Default Value |
|---|---|---|---|
page | The pagination page number. The minimum allowed page number is 1. | Yes | 1 |
pageSize | The maximum number of records to return per page. The value should be between 1 and 10000. | Yes | 10 |
policyId | When provided, the API returns only the components that have a policy violation that causes quarantine (fail action) against the policy with this ID. | Yes | |
componentName | When provided, the API returns the components with display names that contain (case-insensitively) the value of this parameter. | Yes | |
sortBy | The field the records to be sorted by. For now, the API only supports sorting by Quarantined components can only be sorted by | Yes | When released:
When quarantined: |
asc | A boolean value indicates the order of sorting. True indicates that the records will be sorted in ascending order. | Yes |
|
{
"page": 1,
"pageCount": 1,
"pageSize": 10,
"results":
[
{
"componentIdentifier":
{
"coordinates":
{
"packageId": "1_test",
"version": "0.0.0"
},
"format": "npm"
},
"dateCleared": "2021-03-24T18:53:45.588+0000",
"displayName": "1_test : 0.0.0",
"hash": "2cfd634fae225311e3b6",
"matchState": "exact",
"pathname": "1_test/-/1_test-0.0.0.tgz",
"quarantineDate": "2021-03-24T17:36:34.612+0000",
"quarantinePolicyViolations":
[],
"quarantined": false,
"repository": "npm_proxy",
"repositoryId": "298bf707fd4f4323b7a0200b8dddd201"
},
{
"componentIdentifier":
{
"coordinates":
{
"packageId": "rc-util",
"version": "1.2.0"
},
"format": "npm"
},
"dateCleared": "2021-03-24T18:53:46.115+0000",
"displayName": "rc-util : 5.9.5",
"hash": "b3e3c46f8a404334a2b3a5633d4f0be7",
"matchState": "exact",
"pathname": "rc-util/-/rc-util-5.9.5.tgz",
"quarantineDate": "2021-03-24T14:45:02.567+0000",
"quarantinePolicyViolations":
[],
"quarantined": false,
"repository": "npm_proxy",
"repositoryId": "298bf707fd4f4323b7a0200b8dddd201"
}
],
"total": 2
}Item | Description |
|---|---|
total | Total number of records this query can return across all pages |
page | Page number specified on the query |
pageSize | Page size specified on the query |
pageCount | Total number of pages this query can return |
displayName | Name of the component and version |
repository | Repository where the component is installed |
quarantineDate | The date and time when the component was quarantined |
dateCleared | The date and time when the component was released from quarantine. |
quarantinePolicyViolations | Policy violations that caused this component to be quarantined. This will be empty for components automatically released from quarantine. Refer to ??? for more details on the JSON structure. |
componentIdentifier | The format and coordinates for the claimed component. |
pathname | The component path in the repository. |
hash | The component hash. |
matchState | Verify if the comparison of a component to known components is or is not a match in one of the following ways: Exact, Similar, or Unknown. |
repositoryId | The repository ID where the component is installed. |
quarantined | Whether the component is quarantined or not. |
Components in Quarantine
Request a list of the quarantine components. Use the filters to find specific components.
GET /api/v2/firewall/components/quarantined?{parmeter1}={value1}&{parmeter2}={value2}curl -u admin:admin123 \ http://localhost:8070/api/v2/firewall/components/quarantined?page=1&pageSize=10&policyId=384b7857d9b5424d91e00a0b945e3ec8&componentName=add&sortBy=quarantineTime&asc=true
{
"total": 1,
"page": 1,
"pageSize": 10,
"pageCount": 1,
"results": [
{
"displayName": "add-fedops : 0.0.0",
"repository": "npm_proxy",
"quarantineDate": "2021-03-29T14:43:51.477+0000",
"dateCleared": null,
"quarantinePolicyViolations": [
{
"policyId": "384b7857d9b5424d91e00a0b945e3ec8",
"policyName": "Integrity-Rating",
"policyViolationId": "974d9e6cd7924ecdb622f9f7cef47510",
"threatLevel": 9,
"constraintViolations": [
{
"constraintId": "f03a3a2abdf94703a019e37b8c5cdc16",
"constraintName": "Suspicious integrity rating",
"reasons": [
{
"reason": "Integrity Rating was Suspicious",
"reference": null
}
]
}
]
}
],
"componentIdentifier": {
"format": "npm",
"coordinates": {
"packageId": "add-fedops",
"version": "0.0.0"
}
},
"pathname": "add-fedops/-/add-fedops-0.0.0.tgz",
"hash": "b1b6ea3b7e4aa4f49250",
"matchState": "exact",
"repositoryId": "298bf707fd4f4323b7a0200b8dddd201",
"quarantined": true
}
]
}Configure Anonymous Access
Set the anonymous access for the Quarantined Component View. This configuration is enabled by default
PUT /api/v2/firewall/quarantinedComponentView/configuration/anonymousAccess/false
curl -X PUT -u admin:admin123 \ http://localhost:8070/api/v2/firewall/quarantinedComponentView/configuration/anonymousAccess/false
Repository Manager Configuration
List the configuration for configured repository managers in Firewall.
GET /api/v2/firewall/repositoryManagers
curl -u admin:admin123 "http://localhost:8070/api/v2/firewall/repositoryManagers"
{
"repositoryManagers": [
{
"id": "02bafbc10b3545eeb949db5b248df2a8",
"name": null,
"instanceId": "060BCE87-FF88120D-15BE693B-15B5880C-C5B80470",
"productName": "Nexus",
"productVersion": "3.60.0"
}
]
}Update Repository Manager Configuration
Request to add a repository manager container to the Firewall configuration.
POST /api/v2/firewall/repositoryManagers
{
"name": "My Repository Manager",
"instanceId": "060BCE87-FF88120D-15BE693B-15B5880C-C5B80477",
"productName": "Nexus",
"productVersion": "3.60.0"
}curl -X POST -u admin:admin123 -H "Content-Type: application/json" \
-d "{\"name\": \"My Repository Manager\", \"instanceId\": \"060BCE87-FF88120D-15BE693B-15B5880C-C5B80477\", \"productName\": \"Nexus\", \"productVersion\": \"3.60.0\"}" \
"http://localhost:8070/api/v2/firewall/repositoryManagers"The command returns the configuration of the newly created repository manager, including its ID.
{
"id":"0160d7c72c9946c3bece12bc8441dc7e",
"name": "My Repository Manager",
"instanceId": "060BCE87-FF88120D-15BE693B-15B5880C-C5B80477",
"productName": "Nexus",
"productVersion": "3.60.0"
}Configuration for a Repository Manager in Firewall
Request the configuration for a specific repository manager. Returns an array of proxy and hosted repositories configured in the repository manager container.
The <repositoryManagerId> can be found using the 'Get repository managers configurations' endpoint.
GET /api/v2/firewall/repositories/configuration/<repositoryManagerId>
Example
curl -u admin:admin123 "http://localhost:8070/api/v2/firewall/repositories/configuration/2d093cc49e0b4146ba67d529eb57e663"
{
"repositories": [
{
"repositoryId": "e24c0dc8e24a4b53b949c49faa14da0b",
"publicId": "maven-remote",
"format": "maven2",
"type": "proxy",
"auditEnabled": true,
"quarantineEnabled": true,
"policyCompliantComponentSelectionEnabled": false,
"namespaceConfusionProtectionEnabled": false
}
]
}Update Repository Configurations for a Repository Manager
Request to update the repository configuration for a repository manager. Used to add new proxy repositories to the repository manager container
POST /api/v2/firewall/repositories/configuration/<repositoryManagerId>
Request body to send repository details.
{
"repositories":
[
{
"format": "maven2",
"publicId": "my-repo-1",
"type": "proxy",
"auditEnabled": true,
"quarantineEnabled": true,
"namespaceConfusionProtectionEnabled": false,
"policyCompliantComponentSelectionEnabled": false
}
]
}curl -X POST -u admin:admin123 -H "Content-Type: application/json" \
-d "{\"repositories\":[{\"publicId\":\"my-repo-1\", \"format\":\"maven2\", \"type\":\"proxy\", \"auditEnabled\":true, \"quarantineEnabled\":true, \"policyCompliantComponentSelectionEnabled\":false, \"namespaceConfusionProtectionEnabled\":false}]}" \
"http://localhost:8070/api/v2/firewall/repositories/configuration/2d093cc49e0b4146ba67d529eb57e663"