Querying the Vulnerability List¶
Function¶
This API is used to query the list of detected vulnerabilities.
URI¶
GET /v5/{project_id}/vulnerability/vulnerabilities
Parameter | Mandatory | Type | Description |
|---|---|---|---|
project_id | Yes | String | Project ID Minimum: 1 Maximum: 256 |
Parameter | Mandatory | Type | Description |
|---|---|---|---|
enterprise_project_id | No | String | Enterprise project ID. The value 0 indicates the default enterprise project. To query all enterprise projects, set this parameter to all_granted_eps. Default: 0 Minimum: 0 Maximum: 256 |
type | No | String | Vulnerability type. Its value can be: -linux_vul -windows_vul -web_cms Minimum: 0 Maximum: 32 |
vul_id | No | String | Vulnerability ID Minimum: 0 Maximum: 256 |
vul_name | No | String | Vulnerability name Minimum: 0 Maximum: 256 |
limit | No | Integer | Number of records displayed on each page Minimum: 0 Maximum: 200 Default: 10 |
offset | No | Integer | Offset, which specifies the start position of the record to be returned. Minimum: 0 Maximum: 2000000 Default: 0 |
Request Parameters¶
Parameter | Mandatory | Type | Description |
|---|---|---|---|
X-Auth-Token | Yes | String | User token. Minimum: 1 Maximum: 32768 |
Response Parameters¶
Status code: 200
Parameter | Type | Description |
|---|---|---|
total_num | Long | Total number of vulnerabilities Minimum: 0 Maximum: 2147483647 |
data_list | Array of VulInfo objects | Software vulnerability list Array Length: 0 - 2147483647 |
Parameter | Type | Description |
|---|---|---|
vul_name | String | Vulnerability name Minimum: 0 Maximum: 256 |
vul_id | String | Vulnerability ID Minimum: 0 Maximum: 64 |
label_list | Array of strings | Vulnerability tag Minimum: 0 Maximum: 65534 Array Length: 0 - 2147483647 |
repair_necessity | String | Repair necessity
|
severity_level | String | Severity
|
host_num | Integer | Number of affected servers Minimum: 0 Maximum: 2147483647 |
unhandle_host_num | Integer | Number of unprocessed servers, excluding ignored and fixed servers. Minimum: 0 Maximum: 2147483647 |
scan_time | Long | Last scanned, in ms. Minimum: 0 Maximum: 9223372036854775807 |
solution_detail | String | Vulnerability fixing guide Minimum: 0 Maximum: 65534 |
url | String | Vulnerability URL Minimum: 0 Maximum: 2083 |
description | String | Vulnerability description Minimum: 0 Maximum: 65534 |
type | String | Vulnerability type. Its value can be:-linux_vul -windows_vul -web_cms |
host_id_list | Array of strings | List of servers that can handle the vulnerability Minimum: 0 Maximum: 128 Array Length: 0 - 2147483647 |
hosts_num | VulnerabilityHostNumberInfo object | Number of affected servers |
Parameter | Type | Description |
|---|---|---|
important | Integer | Number of important servers Minimum: 0 Maximum: 10000 |
common | Integer | Number of common servers Minimum: 0 Maximum: 10000 |
test | Integer | Number of test servers Minimum: 0 Maximum: 10000 |
Example Requests¶
Query the first 10 records in the vulnerability list whose project_id is 2b31ed520xxxxxxebedb6e57xxxxxxxx.
GET https://{endpoint}/v5/2b31ed520xxxxxxebedb6e57xxxxxxxx/vulnerability/vulnerabilities?offset=0&limit=10
Example Responses¶
Status code: 200
vulnerability list
{
"total_num" : 1,
"data_list" : [ {
"description" : "It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, or possibly execute arbitrary code.",
"host_id_list" : [ "caa958ad-a481-4d46-b51e-6861b8864515" ],
"host_num" : 1,
"scan_time" : 1661752185836,
"severity_level" : "Critical",
"repair_necessity" : "Critical",
"solution_detail" : "To upgrade the affected software",
"type" : "linux_vul",
"unhandle_host_num" : 0,
"url" : "https://ubuntu.com/security/CVE-2022-27405",
"vul_id" : "USN-5528-1",
"vul_name" : "USN-5528-1: FreeType vulnerabilities"
} ]
}
Status Codes¶
Status Code | Description |
|---|---|
200 | vulnerability list |
Error Codes¶
See Error Codes.