Vulnerabilities API

原文:https://docs.gitlab.com/ee/api/vulnerabilities.html

Vulnerabilities API

Introduced in GitLab Ultimate 12.6.

注意:以前的 Vulnerabilities API 已重命名为 Vulnerability Findings API,其文档已移至其他位置 . 现在,本文描述了新的漏洞 API,该 API 提供对独立漏洞的访问.警告:此 API 处于 alpha 阶段,被认为是不稳定的. 响应有效载荷可能会在 GitLab 版本之间发生更改或损坏.

每个对漏洞的 API 调用都必须经过身份验证 .

漏洞权限从其项目继承权限. 如果项目是私有项目,并且用户不是该漏洞所属项目的成员,则对该项目的请求将返回404 Not Found状态代码.

Single vulnerability

获得一个漏洞

  1. GET /vulnerabilities/:id
Attribute Type Required Description
id 整数或字符串 yes 要获取的漏洞的 ID
  1. curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/vulnerabilities/1"

响应示例:

  1. { "id": 1, "title": "Predictable pseudorandom number generator", "description": null, "state": "opened", "severity": "medium", "confidence": "medium", "report_type": "sast", "project": { "id": 32, "name": "security-reports", "full_path": "/gitlab-examples/security/security-reports", "full_name": "gitlab-examples / security / security-reports" }, "author_id": 1, "updated_by_id": null, "last_edited_by_id": null, "closed_by_id": null, "start_date": null, "due_date": null, "created_at": "2019-10-13T15:08:40.219Z", "updated_at": "2019-10-13T15:09:40.382Z", "last_edited_at": null, "closed_at": null }

Confirm vulnerability

确认给定漏洞. 如果已经确认该漏洞,则返回状态码304 .

如果经过身份验证的用户无权确认漏洞 ,则此请求将导致403状态代码.

  1. POST /vulnerabilities/:id/confirm
Attribute Type Required Description
id 整数或字符串 yes 确认漏洞的 ID
  1. curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/vulnerabilities/5/confirm"

响应示例:

  1. { "id": 2, "title": "Predictable pseudorandom number generator", "description": null, "state": "confirmed", "severity": "medium", "confidence": "medium", "report_type": "sast", "project": { "id": 32, "name": "security-reports", "full_path": "/gitlab-examples/security/security-reports", "full_name": "gitlab-examples / security / security-reports" }, "author_id": 1, "updated_by_id": null, "last_edited_by_id": null, "closed_by_id": null, "start_date": null, "due_date": null, "created_at": "2019-10-13T15:08:40.219Z", "updated_at": "2019-10-13T15:09:40.382Z", "last_edited_at": null, "closed_at": null }

Resolve vulnerability

解决给定漏洞. 如果漏洞已解决,则返回状态码304 .

如果经过身份验证的用户无权解决漏洞 ,则此请求将导致403状态代码.

  1. POST /vulnerabilities/:id/resolve
Attribute Type Required Description
id 整数或字符串 yes 解决的漏洞的 ID
  1. curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/vulnerabilities/5/resolve"

响应示例:

  1. { "id": 2, "title": "Predictable pseudorandom number generator", "description": null, "state": "resolved", "severity": "medium", "confidence": "medium", "report_type": "sast", "project": { "id": 32, "name": "security-reports", "full_path": "/gitlab-examples/security/security-reports", "full_name": "gitlab-examples / security / security-reports" }, "author_id": 1, "updated_by_id": null, "last_edited_by_id": null, "closed_by_id": null, "start_date": null, "due_date": null, "created_at": "2019-10-13T15:08:40.219Z", "updated_at": "2019-10-13T15:09:40.382Z", "last_edited_at": null, "closed_at": null }

Dismiss vulnerability

消除给定的漏洞. 如果漏洞已被304则返回状态码304 .

If an authenticated user does not have permission to dismiss vulnerabilities, this request will result in a 403 status code.

  1. POST /vulnerabilities/:id/dismiss
Attribute Type Required Description
id 整数或字符串 yes 消除漏洞的 ID
  1. curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/vulnerabilities/5/dismiss"

响应示例:

  1. { "id": 2, "title": "Predictable pseudorandom number generator", "description": null, "state": "closed", "severity": "medium", "confidence": "medium", "report_type": "sast", "project": { "id": 32, "name": "security-reports", "full_path": "/gitlab-examples/security/security-reports", "full_name": "gitlab-examples / security / security-reports" }, "author_id": 1, "updated_by_id": null, "last_edited_by_id": null, "closed_by_id": null, "start_date": null, "due_date": null, "created_at": "2019-10-13T15:08:40.219Z", "updated_at": "2019-10-13T15:09:40.382Z", "last_edited_at": null, "closed_at": null }