Security Vulnerability Override API - v2


API to obtain the status (Security Vulnerability Override) of security vulnerabilities in the system, when one has been applied at a point in time.

Available endpoints

Get security vulnerability overrides

This endpoint returns existing security vulnerability overrides, for applications and repositories the calling user has access to.

GET /api/v2/securityOverrides[?filter=filterValue]

Using the available filters is strongly recommended in order to reduce the response time and returned data of the API; however, these are optional and all the information can be queried if necesssary without using them.

The API supports the following filters:

  • purl: The component identifier in purl format (pkg:format/GroupCoord/ArtifactCoord@VersionCoord)
  • refId: The reference id of the security vulnerability (sonatype-2019-0115)
  • ownerId: The id of the owner of the security vulnerability

Using curl as an example on a typical local installation, you can use the following command to communicate with this endpoint (the following example uses filtering by ownerId)

curl -u admin:admin123 -X GET 'http://localhost:8070/api/v2/securityOverrides?ownerId=bef62081db3140b49274bb807bbbc60e'

Response Data

Here is the example of a response for a call to the endpoint described above

         "status":"Not Applicable",
         "comment":"This security vulnerability is not currently applicable",