Vulnerabilities API
Vulnerabilities API
Introduced in GitLab Ultimate 12.6.
注意:以前的 Vulnerabilities API 已重命名为 Vulnerability Findings API,其文档已移至其他位置 . 现在,本文描述了新的漏洞 API,该 API 提供对独立漏洞的访问.警告:此 API 处于 alpha 阶段,被认为是不稳定的. 响应有效载荷可能会在 GitLab 版本之间发生更改或损坏.
每个对漏洞的 API 调用都必须经过身份验证 .
漏洞权限从其项目继承权限. 如果项目是私有项目,并且用户不是该漏洞所属项目的成员,则对该项目的请求将返回404 Not Found状态代码.
Single vulnerability
获得一个漏洞
GET /vulnerabilities/:id | Attribute | Type | Required | Description |
|---|---|---|---|
id |
整数或字符串 | yes | 要获取的漏洞的 ID |
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/vulnerabilities/1" 响应示例:
{ "id": 1, "title": "Predictable pseudorandom number generator", "description": null, "state": "opened", "severity": "medium", "confidence": "medium", "report_type": "sast", "project": { "id": 32, "name": "security-reports", "full_path": "/gitlab-examples/security/security-reports", "full_name": "gitlab-examples / security / security-reports" }, "author_id": 1, "updated_by_id": null, "last_edited_by_id": null, "closed_by_id": null, "start_date": null, "due_date": null, "created_at": "2019-10-13T15:08:40.219Z", "updated_at": "2019-10-13T15:09:40.382Z", "last_edited_at": null, "closed_at": null } Confirm vulnerability
确认给定漏洞. 如果已经确认该漏洞,则返回状态码304 .
如果经过身份验证的用户无权确认漏洞 ,则此请求将导致403状态代码.
POST /vulnerabilities/:id/confirm | Attribute | Type | Required | Description |
|---|---|---|---|
id |
整数或字符串 | yes | 确认漏洞的 ID |
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/vulnerabilities/5/confirm" 响应示例:
{ "id": 2, "title": "Predictable pseudorandom number generator", "description": null, "state": "confirmed", "severity": "medium", "confidence": "medium", "report_type": "sast", "project": { "id": 32, "name": "security-reports", "full_path": "/gitlab-examples/security/security-reports", "full_name": "gitlab-examples / security / security-reports" }, "author_id": 1, "updated_by_id": null, "last_edited_by_id": null, "closed_by_id": null, "start_date": null, "due_date": null, "created_at": "2019-10-13T15:08:40.219Z", "updated_at": "2019-10-13T15:09:40.382Z", "last_edited_at": null, "closed_at": null } Resolve vulnerability
解决给定漏洞. 如果漏洞已解决,则返回状态码304 .
如果经过身份验证的用户无权解决漏洞 ,则此请求将导致403状态代码.
POST /vulnerabilities/:id/resolve | Attribute | Type | Required | Description |
|---|---|---|---|
id |
整数或字符串 | yes | 解决的漏洞的 ID |
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/vulnerabilities/5/resolve" 响应示例:
{ "id": 2, "title": "Predictable pseudorandom number generator", "description": null, "state": "resolved", "severity": "medium", "confidence": "medium", "report_type": "sast", "project": { "id": 32, "name": "security-reports", "full_path": "/gitlab-examples/security/security-reports", "full_name": "gitlab-examples / security / security-reports" }, "author_id": 1, "updated_by_id": null, "last_edited_by_id": null, "closed_by_id": null, "start_date": null, "due_date": null, "created_at": "2019-10-13T15:08:40.219Z", "updated_at": "2019-10-13T15:09:40.382Z", "last_edited_at": null, "closed_at": null } Dismiss vulnerability
消除给定的漏洞. 如果漏洞已被304则返回状态码304 .
If an authenticated user does not have permission to dismiss vulnerabilities, this request will result in a 403 status code.
POST /vulnerabilities/:id/dismiss | Attribute | Type | Required | Description |
|---|---|---|---|
id |
整数或字符串 | yes | 消除漏洞的 ID |
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/vulnerabilities/5/dismiss" 响应示例:
{ "id": 2, "title": "Predictable pseudorandom number generator", "description": null, "state": "closed", "severity": "medium", "confidence": "medium", "report_type": "sast", "project": { "id": 32, "name": "security-reports", "full_path": "/gitlab-examples/security/security-reports", "full_name": "gitlab-examples / security / security-reports" }, "author_id": 1, "updated_by_id": null, "last_edited_by_id": null, "closed_by_id": null, "start_date": null, "due_date": null, "created_at": "2019-10-13T15:08:40.219Z", "updated_at": "2019-10-13T15:09:40.382Z", "last_edited_at": null, "closed_at": null }