How to generate XRay Vulnerabilties report using rest api

Question

Could someone please help to generate Vulnerability report via REST API for artifacts? Maybe a sample example will help.

Looked at the below documentation but not clear to me https://www.jfrog.com/confluence/display/JFROG/Xray+REST+API#XrayRESTAPI-GenerateVulnerabilitiesReport

Answer 1

I assume your Xray version is 3.x, kindly follow the below curl command which should give you the report,

curl -u<username>:<password> http://artifactory_URL/xray/api/v1/reports/vulnerabilities -H 'Content-Type: application/json' -d @report.json

In the report.json file, add the information which you need to generate the report for. For example:

cat report.json {

"name": "report1",
"resources": {
    "repositories": [
        {
            "name": "libs-release-local"
        }
    ],
    "builds": {
        "names": [
            "art-docker-test",
            "art-docker-prod"
        ]
    }
},
"filters": {
    "vulnerable_component": "*vulnerable:component*",
    "impacted_artifact": "some://impacted*artifact",
    "has_remediation": false,
    "cve": "CVE-1234-1234",
    "issue_id": "XRAY-1234",
    "severities": [
        "High",
        "Medium"
    ],
    "cvss_score": {
        "min_score": 6.3,
        "max_score": 9
    },
    "published": {
        "start": "2020-06-29T12:22:16Z",
        "end": "2020-06-29T12:22:16Z"
    },
    "scan_date": {
        "start": "2020-06-29T12:22:16Z",
        "end": "2020-06-29T12:22:16Z"}

}

}

I'm generating a report for the repository "libs-release-local" and build name "art-docker-test" and "art-docker-prod" with filters as you can understand.