Firewall REST API - v2

Requirements

  • Only applicable with the Firewall license

GET Auto-Released from Quarantine Summary

NEXT-GEN FIREWALL

Issue a GET request for a summary of auto-released from quarantine components.

GET /api/v2/firewall/releaseQuarantine/summary

Example command

curl -u admin:admin123 http://localhost:8070/api/v2/firewall/releaseQuarantine/summary

Example JSON response

{
    "autoReleaseQuarantineCountMTD": 3,
    "autoReleaseQuarantineCountYTD": 120
}
ItemDescription
autoReleaseQuarantineCountMTDThe number of auto-released from quarantine components from the start of the current month to the current date
autoReleaseQuarantineCountYTDThe number of auto-released from quarantine components from the start of the current year to the current date

GET Quarantined Components Summary

Issue a GET request for a summary of quarantined components.

GET /api/v2/firewall/quarantine/summary

Example command

curl -u admin:admin123 http://localhost:8070/api/v2/firewall/quarantine/summary

Example JSON response

{
    "repositoryCount": 2,
    "quarantineEnabledRepositoryCount": 2,
    "quarantineEnabled": true,
    "totalComponentCount": 25,
    "quarantinedComponentCount": 0
}

Item

Description

repositoryCountThe total number of repositories
quarantineEnabledRepositoryCountThe total number of repositories with the quarantine capability enabled
quarantineEnabledThe true if any repository has the quarantine capability enabled, false otherwise
totalComponentCountThe total number of components across all repositories
quarantinedComponentCountThe total number of quarantined components

GET Auto-Released from Quarantine Config

NEXT-GEN FIREWALL

Issue a GET request for a list of policy condition types that are configurable for auto-release from quarantine and whether they have auto-release from quarantine capability turned on or not.

GET /api/v2/firewall/releaseQuarantine/configuration

Example command

curl -u admin:admin123 http://localhost:8070/api/v2/firewall/releaseQuarantine/configuration

Example JSON response

[
    {
        "id": "IntegrityRating",
        "name": "Integrity Rating",
        "autoReleaseQuarantineEnabled": true
    },
    {
        "id": "License",
        "name": "License",
        "autoReleaseQuarantineEnabled": true
    },
    {
        "id": "License Threat Group",
        "name": "License Threat Group",
        "autoReleaseQuarantineEnabled": true
    },
    {
        "id": "SecurityVulnerabilitySeverity",
        "name": "Security Vulnerability Severity",
        "autoReleaseQuarantineEnabled": true
    },
    {
        "id": "SecurityVulnerabilityCategory",
        "name": "Security Vulnerability Category",
        "autoReleaseQuarantineEnabled": true
    }
]

PUT to Update Auto-Released from Quarantine Config

NEXT-GEN FIREWALL

You can enable or disable the auto-release from quarantine capability on some or all of the policy condition types that are configurable for auto-release from quarantine by issuing the PUT request:

PUT /api/v2/firewall/releaseQuarantine/configuration

You will also need to include JSON data specifying the policy condition types that need to be updated. For example:

[
    {
        "id": "IntegrityRating",
        "autoReleaseQuarantineEnabled": true
    },
    {
        "id": "License",
        "autoReleaseQuarantineEnabled": false
    }
]

The above request only enables auto-release from quarantine capability on the Integrity Rating policy condition type and disables it for the License policy condition type. Other policy condition types not part of the JSON body are not updated.

Example command

curl -u admin:admin123 -X PUT -H "Content-Type: application/json" -d '[{"id":"IntegrityRating","name":"Integrity Rating","autoReleaseQuarantineEnabled":true},{"id":"License","name":"License","autoReleaseQuarantineEnabled":false}]' http://localhost:8070/api/v2/firewall/releaseQuarantine/configuration

Example JSON response

[
    {
        "id": "IntegrityRating",
        "name": "Integrity Rating",
        "autoReleaseQuarantineEnabled": true
    },
    {
        "id": "License",
        "name": "License",
        "autoReleaseQuarantineEnabled": false
    },
    {
        "id": "License Threat Group",
        "name": "License Threat Group",
        "autoReleaseQuarantineEnabled": true
    },
    {
        "id": "SecurityVulnerabilitySeverity",
        "name": "Security Vulnerability Severity",
        "autoReleaseQuarantineEnabled": true
    },
    {
        "id": "SecurityVulnerabilityCategory",
        "name": "Security Vulnerability Category",
        "autoReleaseQuarantineEnabled": true
    }
]

GET List of Auto-Released from Quarantine Components

NEXT-GEN FIREWALL

Issue a GET request to get a summary of auto-released from quarantine components.

GET /api/v2/firewall/components/autoReleasedFromQuarantine?page=1&pageSize=10&policyId=384b7857d9b5424d91e00a0b945e3ec8&componentName=t&sortBy=releaseQuarantineTime&asc=true


Query ParameterDescriptionOptionalDefault Value
pageThe pagination page number. The minimum allowed page number is 1.Yes1
pageSizeThe maximum number of records to return per page. The value should be between 1 and 10000.Yes10
policyIdWhen provided, the API returns only the components that have a policy violation that causes quarantine (fail action) against the policy with this ID.Yes

componentName

RELEASE 160 When provided, the API returns only the components with display names that contain (case-insensitively) the value of this parameter.

Yes
sortBy

The field the records to be sorted by. For now, the API only supports sorting by releaseQuarantineTime and quarantineTime.

Quarantined components can only be sorted by quarantineTime

Yes

Auto-Released from Quarantine Components: releaseQuarantineTime

Quarantined Components: quarantineTime

asc

A boolean value indicates the order of sorting.

true indicates that the records will be sorted in ascending order, false indicates they will be sorted in descending order.

Yestrue

Example command

curl -u admin:admin123 http://localhost:8070/api/v2/firewall/components/autoReleasedFromQuarantine?page=1&pageSize=10&policyId=384b7857d9b5424d91e00a0b945e3ec8&componentName=t&sortBy=releaseQuarantineTime&asc=true

Example JSON response

{
    "total": 2,
    "page": 1,
    "pageSize": 10,
    "pageCount": 1,
    "results": [
        {
            "displayName": "1_test : 0.0.0",
            "repository": "npm_proxy",
            "quarantineDate": "2021-03-24T17:36:34.612+0000",
            "dateCleared": "2021-03-24T18:53:45.588+0000",
            "quarantinePolicyViolations": [],
			"componentIdentifier": {
                "format": "npm",
                "coordinates": {
                    "packageId": "1_test",
                    "version": "0.0.0"
                }
            },
			"pathname": "1_test/-/1_test-0.0.0.tgz",
            "hash": "2cfd634fae225311e3b6",
            "matchState": "exact",
            "repositoryId": "298bf707fd4f4323b7a0200b8dddd201",
            "quarantined": false
        },
        {
            "displayName": "rc-util : 5.9.5",
            "repository": "npm_proxy",
            "quarantineDate": "2021-03-24T14:45:02.567+0000",
            "dateCleared": "2021-03-24T18:53:46.115+0000",
            "quarantinePolicyViolations": [],
			"componentIdentifier": {
                "format": "npm",
                "coordinates": {
                    "packageId": "rc-util",
                    "version": "1.2.0"
                }
            },
			"pathname": "rc-util/-/rc-util-5.9.5.tgz",
            "hash": "b3e3c46f8a404334a2b3a5633d4f0be7",
            "matchState": "exact",
            "repositoryId": "298bf707fd4f4323b7a0200b8dddd201",
            "quarantined": false
        }
    ]
}
ItemDescription
totalTotal number of records this query can return across all pages
pagePage number specified on the query
pageSizePage size specified on the query
pageCountTotal number of pages this query can return
displayNameName of the component and version
repositoryRepository where the component is installed
quarantineDateThe date and time when the component was quarantined
dateClearedThe date and time when the component was released from quarantine.
quarantinePolicyViolations

Policy violations that caused this component to be quarantined. This will be empty for components automatically released from quarantine.

Refer to Policy Violation REST API - v2 for more details on the JSON structure.

componentIdentifierThe format and coordinates for the claimed component.
pathnameThe component path in the repository.
hashThe component hash.
matchStateVerify if the comparison of a component to known components is or is not a match in one of the following ways: Exact, Similar, or Unknown.
repositoryIdThe repository ID where the component is installed.
quarantinedWhether the component is quarantined or not.

GET List of Quarantined Components

Issue a GET request to get a summary of auto-released from quarantine components

GET /api/v2/firewall/components/quarantined?page=1&pageSize=10&policyId=384b7857d9b5424d91e00a0b945e3ec8&componentName=add&sortBy=releaseQuarantineTime&asc=true

Example command

curl -u admin:admin123 http://localhost:8070/api/v2/firewall/components/quarantined?page=1&pageSize=10&policyId=384b7857d9b5424d91e00a0b945e3ec8&componentName=add&sortBy=quarantineTime&asc=true

Example JSON response

{
    "total": 1,
    "page": 1,
    "pageSize": 10,
    "pageCount": 1,
    "results": [
        {
            "displayName": "add-fedops : 0.0.0",
            "repository": "npm_proxy",
            "quarantineDate": "2021-03-29T14:43:51.477+0000",
            "dateCleared": null,
            "quarantinePolicyViolations": [
                {
                    "policyId": "384b7857d9b5424d91e00a0b945e3ec8",
                    "policyName": "Integrity-Rating",
                    "policyViolationId": "974d9e6cd7924ecdb622f9f7cef47510",
                    "threatLevel": 9,
                    "constraintViolations": [
                        {
                            "constraintId": "f03a3a2abdf94703a019e37b8c5cdc16",
                            "constraintName": "Suspicious integrity rating",
                            "reasons": [
                                {
                                    "reason": "Integrity Rating was Suspicious",
                                    "reference": null
                                }
                            ]
                        }
                    ]
                }
            ],
			"componentIdentifier": {
                "format": "npm",
                "coordinates": {
                    "packageId": "add-fedops",
                    "version": "0.0.0"
                }
            },
			"pathname": "add-fedops/-/add-fedops-0.0.0.tgz",
            "hash": "b1b6ea3b7e4aa4f49250",
            "matchState": "exact",
            "repositoryId": "298bf707fd4f4323b7a0200b8dddd201",
            "quarantined": true
        }
    ]
}

PUT Configure Anonymous Access for the Quarantined Component View

Issue a PUT request to enable or disable anonymous access for the Quarantined Component View

  • Anonymous access to the Quarantined Component View is enabled by default

PUT /api/v2/firewall/quarantinedComponentView/configuration/anonymousAccess/false

Example command

curl -u admin:admin123 -X PUT http://localhost:8070/api/v2/firewall/quarantinedComponentView/configuration/anonymousAccess/false

GET Repository Manager Configurations

RELEASE 168

Issue a GET request to get the configuration for all configured repository managers. 

  • A 200 response is returned when successful

GET /api/v2/firewall/repositoryManagers

Example command

curl -u admin:admin123 -X GET "http://localhost:8070/api/v2/firewall/repositoryManagers"

Example JSON response

{
	"repositoryManagers": [
	    {
			"id": "02bafbc10b3545eeb949db5b248df2a8",
			"name": null,
			"instanceId": "060BCE87-FF88120D-15BE693B-15B5880C-C5B80470",
			"productName": "Nexus",
			"productVersion": "3.60.0"
		}
	]
}

Add Repository Manager Configuration

RELEASE 169

Issue a POST request to add a repository manager:

POST /api/v2/firewall/repositoryManagers

and include the json data specifiying the repository manager to be added:

{
	"name": "My Repository Manager",
	"instanceId": "060BCE87-FF88120D-15BE693B-15B5880C-C5B80477",
	"productName": "Nexus",
	"productVersion": "3.60.0"
}

The command returns the configuration of the newly created repository manager, including its ID. A 200 response is returned when successful.

Example command:

curl -u admin:admin123 -X POST -H "Content-Type: application/json" -d '{"name": "My Repository Manager", "instanceId": "060BCE87-FF88120D-15BE693B-15B5880C-C5B80477", "productName": "Nexus", "productVersion": "3.60.0"}' "http://localhost:8070/api/v2/firewall/repositoryManagers"

Example JSON response:

{
 	"id":"0160d7c72c9946c3bece12bc8441dc7e",
	"name": "My Repository Manager",
	"instanceId": "060BCE87-FF88120D-15BE693B-15B5880C-C5B80477",
	"productName": "Nexus",
	"productVersion": "3.60.0"
}

GET Repository Configurations for a Repository Manager

RELEASE 168

Issue a GET request to get the configuration for a specific repository manager.  The <repositoryManagerId> can be found using the 'Get repository managers configurations' endpoint.

  • A 200 response is returned when successful

GET /api/v2/firewall/repositories/configuration/<repositoryManagerId>

Example command

curl -u admin:admin123 -X GET "http://localhost:8070/api/v2/firewall/repositories/configuration/2d093cc49e0b4146ba67d529eb57e663"

Example JSON response

{
	"repositories": [
		{
			"repositoryId": "e24c0dc8e24a4b53b949c49faa14da0b",
			"publicId": "maven-remote",
			"format": "maven2",
			"type": "proxy",
			"auditEnabled": true,
			"quarantineEnabled": true,
			"policyCompliantComponentSelectionEnabled": false,
			"namespaceConfusionProtectionEnabled": false
		}
	]
}

Add/Update Repository Configurations for a Repository Manager

RELEASE 168

Issue a POST request to add/update repository configurations for a repository manager.  The <repositoryManagerId> is found using the 'Get repository managers configurations' endpoint.

  • A 204 response is returned when successful

POST /api/v2/firewall/repositories/configuration/<repositoryManagerId>

Example command

curl -u admin:admin123 -X POST -H "Content-Type: application/json" "http://localhost:8070/api/v2/firewall/repositories/configuration/2d093cc49e0b4146ba67d529eb57e663" -d '{"repositories":[{"publicId":"my-repo-1", "format":"maven2", "type":"proxy", "auditEnabled":true, "quarantineEnabled":true, "policyCompliantComponentSelectionEnabled":false, "namespaceConfusionProtectionEnabled":false}]}'