Vulnerabilities API
Vulnerabilities API
Introduced in 12.6.
注意:以前的 Vulnerabilities API 已重命名为 Vulnerability Findings API,其文档已移至其他位置 . 现在,本文描述了新的漏洞 API,该 API 提供对访问.警告:此 API 处于 alpha 阶段,被认为是不稳定的. 响应有效载荷可能会在 GitLab 版本之间发生更改或损坏.
每个对漏洞的 API 调用都必须经过身份验证 .
漏洞权限从其项目继承权限. 如果项目是私有项目,并且用户不是该漏洞所属项目的成员,则对该项目的请求将返回状态代码.
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/vulnerabilities/1"
响应示例:
{ "id": 1, "title": "Predictable pseudorandom number generator", "description": null, "state": "opened", "severity": "medium", "confidence": "medium", "report_type": "sast", "project": { "id": 32, "name": "security-reports", "full_path": "/gitlab-examples/security/security-reports", "full_name": "gitlab-examples / security / security-reports" }, "author_id": 1, "updated_by_id": null, "last_edited_by_id": null, "closed_by_id": null, "start_date": null, "due_date": null, "created_at": "2019-10-13T15:08:40.219Z", "updated_at": "2019-10-13T15:09:40.382Z", "last_edited_at": null, "closed_at": null }
确认给定漏洞. 如果已经确认该漏洞,则返回状态码304
.
如果经过身份验证的用户无权 ,则此请求将导致403
状态代码.
响应示例:
{ "id": 2, "title": "Predictable pseudorandom number generator", "description": null, "state": "confirmed", "severity": "medium", "confidence": "medium", "report_type": "sast", "project": { "id": 32, "name": "security-reports", "full_path": "/gitlab-examples/security/security-reports", "full_name": "gitlab-examples / security / security-reports" }, "author_id": 1, "updated_by_id": null, "last_edited_by_id": null, "closed_by_id": null, "start_date": null, "due_date": null, "created_at": "2019-10-13T15:08:40.219Z", "updated_at": "2019-10-13T15:09:40.382Z", "last_edited_at": null, "closed_at": null }
如果经过身份验证的用户无权解决漏洞 ,则此请求将导致403
状态代码.
POST /vulnerabilities/:id/resolve
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/vulnerabilities/5/resolve"
响应示例:
消除给定的漏洞. 如果漏洞已被则返回状态码304
.
If an authenticated user does not have permission to , this request will result in a 403
status code.
POST /vulnerabilities/:id/dismiss
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/vulnerabilities/5/dismiss"