debian-mirror-gitlab/doc/api/vulnerabilities.md

275 lines
7.6 KiB
Markdown
Raw Normal View History

2020-11-24 15:15:51 +05:30
---
stage: Secure
group: Threat Insights
2021-02-22 17:27:13 +05:30
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
2020-11-24 15:15:51 +05:30
---
2019-09-30 21:07:59 +05:30
# Vulnerabilities API **(ULTIMATE)**
2019-09-04 21:01:54 +05:30
2021-11-11 11:23:49 +05:30
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/10242) in GitLab 12.6.
2020-04-22 19:07:51 +05:30
2021-02-22 17:27:13 +05:30
NOTE:
2020-04-22 19:07:51 +05:30
The former Vulnerabilities API was renamed to Vulnerability Findings API
and its documentation was moved to [a different location](vulnerability_findings.md).
This document now describes the new Vulnerabilities API that provides access to
2020-10-24 23:57:45 +05:30
[Vulnerabilities](https://gitlab.com/groups/gitlab-org/-/epics/634).
2020-04-22 19:07:51 +05:30
2021-02-22 17:27:13 +05:30
WARNING:
2021-04-29 21:17:54 +05:30
This API is in the process of being deprecated and considered unstable.
2020-04-22 19:07:51 +05:30
The response payload may be subject to change or breakage
2021-04-29 21:17:54 +05:30
across GitLab releases. Please use the
2021-06-08 01:23:25 +05:30
[GraphQL API](graphql/reference/index.md#queryvulnerabilities)
2021-04-29 21:17:54 +05:30
instead.
2020-04-22 19:07:51 +05:30
2021-09-30 23:02:18 +05:30
Every API call to vulnerabilities must be [authenticated](index.md#authentication).
2020-04-22 19:07:51 +05:30
Vulnerability permissions inherit permissions from their project. If a project is
private, and a user isn't a member of the project to which the vulnerability
2021-02-22 17:27:13 +05:30
belongs, requests to that project returns a `404 Not Found` status code.
2020-04-22 19:07:51 +05:30
## Single vulnerability
Gets a single vulnerability
```plaintext
GET /vulnerabilities/:id
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer or string | yes | The ID of a Vulnerability to get |
```shell
2020-06-23 00:09:42 +05:30
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/vulnerabilities/1"
2020-04-22 19:07:51 +05:30
```
Example response:
```json
{
"id": 1,
"title": "Predictable pseudorandom number generator",
"description": null,
"state": "opened",
"severity": "medium",
"confidence": "medium",
"report_type": "sast",
"project": {
"id": 32,
"name": "security-reports",
"full_path": "/gitlab-examples/security/security-reports",
"full_name": "gitlab-examples / security / security-reports"
},
"author_id": 1,
"updated_by_id": null,
"last_edited_by_id": null,
"closed_by_id": null,
"start_date": null,
"due_date": null,
"created_at": "2019-10-13T15:08:40.219Z",
"updated_at": "2019-10-13T15:09:40.382Z",
"last_edited_at": null,
"closed_at": null
}
```
## Confirm vulnerability
Confirms a given vulnerability. Returns status code `304` if the vulnerability is already confirmed.
If an authenticated user does not have permission to
[confirm vulnerabilities](../user/permissions.md#project-members-permissions),
2021-02-22 17:27:13 +05:30
this request results in a `403` status code.
2020-04-22 19:07:51 +05:30
```plaintext
POST /vulnerabilities/:id/confirm
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer or string | yes | The ID of a vulnerability to confirm |
```shell
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/vulnerabilities/5/confirm"
```
Example response:
```json
{
"id": 2,
"title": "Predictable pseudorandom number generator",
"description": null,
"state": "confirmed",
"severity": "medium",
"confidence": "medium",
"report_type": "sast",
"project": {
"id": 32,
"name": "security-reports",
"full_path": "/gitlab-examples/security/security-reports",
"full_name": "gitlab-examples / security / security-reports"
},
"author_id": 1,
"updated_by_id": null,
"last_edited_by_id": null,
"closed_by_id": null,
"start_date": null,
"due_date": null,
"created_at": "2019-10-13T15:08:40.219Z",
"updated_at": "2019-10-13T15:09:40.382Z",
"last_edited_at": null,
"closed_at": null
}
```
## Resolve vulnerability
Resolves a given vulnerability. Returns status code `304` if the vulnerability is already resolved.
If an authenticated user does not have permission to
[resolve vulnerabilities](../user/permissions.md#project-members-permissions),
2021-02-22 17:27:13 +05:30
this request results in a `403` status code.
2020-04-22 19:07:51 +05:30
```plaintext
POST /vulnerabilities/:id/resolve
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer or string | yes | The ID of a Vulnerability to resolve |
```shell
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/vulnerabilities/5/resolve"
```
Example response:
```json
{
"id": 2,
"title": "Predictable pseudorandom number generator",
"description": null,
"state": "resolved",
"severity": "medium",
"confidence": "medium",
"report_type": "sast",
"project": {
"id": 32,
"name": "security-reports",
"full_path": "/gitlab-examples/security/security-reports",
"full_name": "gitlab-examples / security / security-reports"
},
"author_id": 1,
"updated_by_id": null,
"last_edited_by_id": null,
"closed_by_id": null,
"start_date": null,
"due_date": null,
"created_at": "2019-10-13T15:08:40.219Z",
"updated_at": "2019-10-13T15:09:40.382Z",
"last_edited_at": null,
"closed_at": null
}
```
## Dismiss vulnerability
Dismisses a given vulnerability. Returns status code `304` if the vulnerability is already dismissed.
If an authenticated user does not have permission to
[dismiss vulnerabilities](../user/permissions.md#project-members-permissions),
2021-02-22 17:27:13 +05:30
this request results in a `403` status code.
2020-04-22 19:07:51 +05:30
```plaintext
POST /vulnerabilities/:id/dismiss
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer or string | yes | The ID of a vulnerability to dismiss |
```shell
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/vulnerabilities/5/dismiss"
```
Example response:
```json
{
"id": 2,
"title": "Predictable pseudorandom number generator",
"description": null,
"state": "closed",
"severity": "medium",
"confidence": "medium",
"report_type": "sast",
"project": {
"id": 32,
"name": "security-reports",
"full_path": "/gitlab-examples/security/security-reports",
"full_name": "gitlab-examples / security / security-reports"
},
"author_id": 1,
"updated_by_id": null,
"last_edited_by_id": null,
"closed_by_id": null,
"start_date": null,
"due_date": null,
"created_at": "2019-10-13T15:08:40.219Z",
"updated_at": "2019-10-13T15:09:40.382Z",
"last_edited_at": null,
"closed_at": null
}
```
2021-01-03 14:25:43 +05:30
## Revert vulnerability to detected state
Reverts a given vulnerability to detected state. Returns status code `304` if the vulnerability is already in detected state.
If an authenticated user does not have permission to
[revert vulnerability to detected state](../user/permissions.md#project-members-permissions),
2021-02-22 17:27:13 +05:30
this request results in a `403` status code.
2021-01-03 14:25:43 +05:30
```plaintext
POST /vulnerabilities/:id/revert
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer or string | yes | The ID of a vulnerability to revert to detected state |
```shell
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/vulnerabilities/5/dismiss"
```
Example response:
```json
{
"id": 2,
"title": "Predictable pseudorandom number generator",
"description": null,
"state": "detected",
"severity": "medium",
"confidence": "medium",
"report_type": "sast",
"project": {
"id": 32,
"name": "security-reports",
"full_path": "/gitlab-examples/security/security-reports",
"full_name": "gitlab-examples / security / security-reports"
},
"author_id": 1,
"updated_by_id": null,
"last_edited_by_id": null,
"closed_by_id": null,
"start_date": null,
"due_date": null,
"created_at": "2019-10-13T15:08:40.219Z",
"updated_at": "2019-10-13T15:09:40.382Z",
"last_edited_at": null,
"closed_at": null
}
```