Applicable Waivers REST API - v2
NEW IN RELEASE 98
This API provides a way to obtain all waivers that are applicable to a particular policy violation. A waiver is considered applicable to a given violation if the following conditions apply:
- PolicyId matches
- Violated Policy Conditions match
- If the waiver was scoped to a particular component then the component hash should also match
The API can be accessed via the following endpoint as a GET request, relative to IQ Server's base URL.
GET /api/v2/policyViolations/{policyViolationId}/applicableWaivers
Getting the policy violation id
The Policy Violation ID can be obtained by Policy Violation REST API or Report Related REST API .
Assuming a local installation of IQ Server with its default configuration, the following example using cURL
lists waivers that apply to a policy violation:
curl -u admin:admin123 -X GET -H "Content-Type: application/json" 'http://localhost:8070/api/v2/policyViolations/{policyViolationId}/applicableWaivers'
The response returned by this API contains two sets of waivers, one set containing active waivers and another containing expired waivers, that are applicable to the provided violation. Each of the waiver items contain several details regarding the waivers as described in the table below.
Item | Description |
---|---|
policyWaiverId | A unique identifier that identifies this policy waiver. |
policyViolationId | NEW IN RELEASE 105The id of the policy violation on which the waiver is acting. |
comment | Comment text that was entered during waiver creation. |
createTime | The waiver creation time. |
expiryTime | NEW IN RELEASE 100The time after which the policy waiver is considered expired. |
scopeOwnerType | The scope at which the waiver was applied. This can be one of three values:
|
scopeOwnerId | A unique identifier that identifies the scope. |
scopeOwnerName | The descriptive name of the scope. |
hash | If the waiver was applied to a specific component, this will contain the uniquely identifying hash of that component. If the waiver was applied to all components, the value for this property will be null. |
policyId | The unique id of the policy for which the waiver is applied. |
creatorId | NEW IN RELEASE 131the id (username) of the user that created the waiver |
creatorName | NEW IN RELEASE 131the full name of the user that created the waiver |
matcherStrategy | NEW IN RELEASE 140Enumeration field with 3 possible values EXACT_COMPONENT, ALL_COMPONENTS, ALL_VERSIONS. |
associatedPackageUrl | NEW IN RELEASE 140Package URL of the component, only present if the waiver is of type ALL_VERSIONS or EXACT_COMPONENT and is not an unknown component. |
componentIdentifier | NEW IN RELEASE 147Component Identifier, only present if the waiver is of type ALL_VERSIONS or EXACT_COMPONENT and is not an unknown component. |
displayName | NEW IN RELEASE 147Display Name, only present if the waiver is of type ALL_VERSIONS or EXACT_COMPONENT and is not an unknown component. |
Sample response
Here is a sample response that is returned by this API.
NEW IN RELEASE 100 The response now also returns the list of expired waivers in the expiredWaivers property.
NEW IN RELEASE 105 The response now includes the policyViolationId for each waiver, in both activeWaivers and expiredWaivers.
NEW IN RELEASE 140 The response now includes the type of waiver and the PURL if conditions are met, in both matcherStrategy and associatedPackageUrl.
NEW IN RELEASE 147 The response now includes the componentIdentifier and the displayName if conditions are met.
{ "activeWaivers": [ { "policyWaiverId": "9fc1ee3f2761458380d2135ef01135f4", "policyViolationId": "5e02da4a230049feb08da590eceb3258", "comment": "", "createTime": "2022-10-07T21:49:00.051+0000", "expiryTime": "2022-10-22T04:59:59.999+0000", "scopeOwnerType": "organization", "scopeOwnerId": "e40aed6067cc431491d42154c1257ed6", "scopeOwnerName": "MyOrg", "hash": "686ef3410bcf4ab8ce7f", "policyId": "d378f2c0bb2d404bbec04cd5f894188b", "vulnerabilityId": "CVE-2014-0114", "creatorId": "admin", "creatorName": "Admin BuiltIn", "matcherStrategy": "EXACT_COMPONENT", "associatedPackageUrl": "pkg:maven/commons-beanutils/commons-beanutils@1.8.3?type=jar", "componentIdentifier": { "format": "maven", "coordinates": { "artifactId": "commons-beanutils", "extension": "jar", "groupId": "commons-beanutils", "version": "1.8.3" } }, "displayName": { "parts": [ { "field": "Group", "value": "commons-beanutils" }, { "value": " : " }, { "field": "Artifact", "value": "commons-beanutils" }, { "value": " : " }, { "field": "Version", "value": "1.8.3" } ], "name": "commons-beanutils" } } ], "expiredWaivers": [ { "policyWaiverId": "d2a933564cdc426785d7309992b66ff2", "policyViolationId": "5e02da4a230049feb08da590eceb3258", "comment": "", "createTime": "2022-10-07T21:41:23.106+0000", "expiryTime": "2022-10-15T04:59:59.999+0000", "scopeOwnerType": "application", "scopeOwnerId": "0d3fa305cb8d4ff4b9442d29816cf24c", "scopeOwnerName": "Application - TestApp", "hash": "686ef3410bcf4ab8ce7f", "policyId": "d378f2c0bb2d404bbec04cd5f894188b", "vulnerabilityId": "CVE-2014-0114", "creatorId": "admin", "creatorName": "Admin BuiltIn", "matcherStrategy": "EXACT_COMPONENT", "associatedPackageUrl": "pkg:maven/commons-beanutils/commons-beanutils@1.8.3?type=jar", "componentIdentifier": { "format": "maven", "coordinates": { "artifactId": "commons-beanutils", "extension": "jar", "groupId": "commons-beanutils", "version": "1.8.3" } }, "displayName": { "parts": [ { "field": "Group", "value": "commons-beanutils" }, { "value": " : " }, { "field": "Artifact", "value": "commons-beanutils" }, { "value": " : " }, { "field": "Version", "value": "1.8.3" } ], "name": "commons-beanutils" } } ] }