Vulnerabilities API

Vulnerabilities API
Vulnerabilities API

Vulnerabilities API

原文：https://docs.gitlab.com/ee/api/vulnerabilities.html

Single vulnerability
Confirm vulnerability
Resolve vulnerability
Dismiss vulnerability

Vulnerabilities API

注意：以前的 Vulnerabilities API 已重命名为 Vulnerability Findings API，其文档已移至其他位置 . 现在，本文描述了新的漏洞 API，该 API 提供对独立漏洞的访问.警告：此 API 处于 alpha 阶段，被认为是不稳定的. 响应有效载荷可能会在 GitLab 版本之间发生更改或损坏.

每个对漏洞的 API 调用都必须经过身份验证 .

漏洞权限从其项目继承权限. 如果项目是私有项目，并且用户不是该漏洞所属项目的成员，则对该项目的请求将返回404 Not Found状态代码.

Single vulnerability

获得一个漏洞

GET /vulnerabilities/:id

Attribute	Type	Required	Description
`id`	整数或字符串	yes	要获取的漏洞的 ID

curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/vulnerabilities/1"

响应示例：

{  "id":  1,  "title":  "Predictable pseudorandom number generator",  "description":  null,  "state":  "opened",  "severity":  "medium",  "confidence":  "medium",  "report_type":  "sast",  "project":  {  "id":  32,  "name":  "security-reports",  "full_path":  "/gitlab-examples/security/security-reports",  "full_name":  "gitlab-examples / security / security-reports"  },  "author_id":  1,  "updated_by_id":  null,  "last_edited_by_id":  null,  "closed_by_id":  null,  "start_date":  null,  "due_date":  null,  "created_at":  "2019-10-13T15:08:40.219Z",  "updated_at":  "2019-10-13T15:09:40.382Z",  "last_edited_at":  null,  "closed_at":  null  }

Confirm vulnerability

确认给定漏洞. 如果已经确认该漏洞，则返回状态码304 .

如果经过身份验证的用户无权确认漏洞，则此请求将导致403状态代码.

POST /vulnerabilities/:id/confirm

Attribute	Type	Required	Description
`id`	整数或字符串	yes	确认漏洞的 ID

curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/vulnerabilities/5/confirm"

响应示例：

{  "id":  2,  "title":  "Predictable pseudorandom number generator",  "description":  null,  "state":  "confirmed",  "severity":  "medium",  "confidence":  "medium",  "report_type":  "sast",  "project":  {  "id":  32,  "name":  "security-reports",  "full_path":  "/gitlab-examples/security/security-reports",  "full_name":  "gitlab-examples / security / security-reports"  },  "author_id":  1,  "updated_by_id":  null,  "last_edited_by_id":  null,  "closed_by_id":  null,  "start_date":  null,  "due_date":  null,  "created_at":  "2019-10-13T15:08:40.219Z",  "updated_at":  "2019-10-13T15:09:40.382Z",  "last_edited_at":  null,  "closed_at":  null  }

Resolve vulnerability

解决给定漏洞. 如果漏洞已解决，则返回状态码304 .

如果经过身份验证的用户无权解决漏洞，则此请求将导致403状态代码.

POST /vulnerabilities/:id/resolve

Attribute	Type	Required	Description
`id`	整数或字符串	yes	解决的漏洞的 ID

curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/vulnerabilities/5/resolve"

响应示例：

{  "id":  2,  "title":  "Predictable pseudorandom number generator",  "description":  null,  "state":  "resolved",  "severity":  "medium",  "confidence":  "medium",  "report_type":  "sast",  "project":  {  "id":  32,  "name":  "security-reports",  "full_path":  "/gitlab-examples/security/security-reports",  "full_name":  "gitlab-examples / security / security-reports"  },  "author_id":  1,  "updated_by_id":  null,  "last_edited_by_id":  null,  "closed_by_id":  null,  "start_date":  null,  "due_date":  null,  "created_at":  "2019-10-13T15:08:40.219Z",  "updated_at":  "2019-10-13T15:09:40.382Z",  "last_edited_at":  null,  "closed_at":  null  }

Dismiss vulnerability

消除给定的漏洞. 如果漏洞已被304则返回状态码304 .

If an authenticated user does not have permission to dismiss vulnerabilities, this request will result in a 403 status code.

POST /vulnerabilities/:id/dismiss

Attribute	Type	Required	Description
`id`	整数或字符串	yes	消除漏洞的 ID

curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/vulnerabilities/5/dismiss"

响应示例：

{  "id":  2,  "title":  "Predictable pseudorandom number generator",  "description":  null,  "state":  "closed",  "severity":  "medium",  "confidence":  "medium",  "report_type":  "sast",  "project":  {  "id":  32,  "name":  "security-reports",  "full_path":  "/gitlab-examples/security/security-reports",  "full_name":  "gitlab-examples / security / security-reports"  },  "author_id":  1,  "updated_by_id":  null,  "last_edited_by_id":  null,  "closed_by_id":  null,  "start_date":  null,  "due_date":  null,  "created_at":  "2019-10-13T15:08:40.219Z",  "updated_at":  "2019-10-13T15:09:40.382Z",  "last_edited_at":  null,  "closed_at":  null  }