Vulnerabilities API

Vulnerabilities API

Introduced in 12.6.

注意:以前的 Vulnerabilities API 已重命名为 Vulnerability Findings API,其文档已移至其他位置 . 现在,本文描述了新的漏洞 API,该 API 提供对访问.警告:此 API 处于 alpha 阶段,被认为是不稳定的. 响应有效载荷可能会在 GitLab 版本之间发生更改或损坏.

每个对漏洞的 API 调用都必须经过身份验证 .

漏洞权限从其项目继承权限. 如果项目是私有项目,并且用户不是该漏洞所属项目的成员,则对该项目的请求将返回状态代码.

  1. curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/vulnerabilities/1"

响应示例:

  1. {  "id":  1,  "title":  "Predictable pseudorandom number generator",  "description":  null,  "state":  "opened",  "severity":  "medium",  "confidence":  "medium",  "report_type":  "sast",  "project":  {  "id":  32,  "name":  "security-reports",  "full_path":  "/gitlab-examples/security/security-reports",  "full_name":  "gitlab-examples / security / security-reports"  },  "author_id":  1,  "updated_by_id":  null,  "last_edited_by_id":  null,  "closed_by_id":  null,  "start_date":  null,  "due_date":  null,  "created_at":  "2019-10-13T15:08:40.219Z",  "updated_at":  "2019-10-13T15:09:40.382Z",  "last_edited_at":  null,  "closed_at":  null  }

确认给定漏洞. 如果已经确认该漏洞,则返回状态码304 .

如果经过身份验证的用户无权 ,则此请求将导致403状态代码.

    响应示例:

    1. {  "id":  2,  "title":  "Predictable pseudorandom number generator",  "description":  null,  "state":  "confirmed",  "severity":  "medium",  "confidence":  "medium",  "report_type":  "sast",  "project":  {  "id":  32,  "name":  "security-reports",  "full_path":  "/gitlab-examples/security/security-reports",  "full_name":  "gitlab-examples / security / security-reports"  },  "author_id":  1,  "updated_by_id":  null,  "last_edited_by_id":  null,  "closed_by_id":  null,  "start_date":  null,  "due_date":  null,  "created_at":  "2019-10-13T15:08:40.219Z",  "updated_at":  "2019-10-13T15:09:40.382Z",  "last_edited_at":  null,  "closed_at":  null  }

    如果经过身份验证的用户无权解决漏洞 ,则此请求将导致403状态代码.

    1. POST /vulnerabilities/:id/resolve
    1. curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/vulnerabilities/5/resolve"

    响应示例:

    消除给定的漏洞. 如果漏洞已被则返回状态码304 .

    If an authenticated user does not have permission to , this request will result in a 403 status code.

    1. POST /vulnerabilities/:id/dismiss
    1. curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/vulnerabilities/5/dismiss"