Help us learn about your current experience with the documentation. Take the survey.
项目漏洞 API
- Tier: Ultimate
- Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated
此 API 正在弃用过程中,且被认为不稳定。 响应负载可能会在 GitLab 版本更新中发生变化或损坏。 请改用 GraphQL API。
对漏洞的每个 API 调用都必须经过 身份验证。
漏洞权限继承自其项目。如果项目是私有的,且用户不是漏洞所属项目的成员,对该项目的请求将返回 404 Not Found 状态码。
漏洞分页
API 结果是分页的,GET 请求默认每次返回 20 个结果。
阅读更多关于 分页 的信息。
列出项目漏洞
列出项目的所有漏洞。
如果认证用户没有 使用项目安全仪表板 的权限,对此项目漏洞的 GET 请求将返回 403 状态码。
GET /projects/:id/vulnerabilities| Attribute | Type | Required | Description |
|---|---|---|---|
id |
integer or string | yes | 项目的 ID 或 URL 编码路径。 |
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/4/vulnerabilities"示例响应:
[
{
"author_id": 1,
"confidence": "medium",
"created_at": "2020-04-07T14:01:04.655Z",
"description": null,
"dismissed_at": null,
"dismissed_by_id": null,
"finding": {
"confidence": "medium",
"created_at": "2020-04-07T14:01:04.630Z",
"id": 103,
"location_fingerprint": "228998b5db51d86d3b091939e2f5873ada0a14a1",
"metadata_version": "2.0",
"name": "Regular Expression Denial of Service in debug",
"primary_identifier_id": 135,
"project_id": 24,
"raw_metadata": "{\"category\":\"dependency_scanning\",\"name\":\"Regular Expression Denial of Service\",\"message\":\"Regular Expression Denial of Service in debug\",\"description\":\"The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the `o` formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.\",\"cve\":\"yarn.lock:debug:gemnasium:37283ed4-0380-40d7-ada7-2d994afcc62a\",\"severity\":\"Unknown\",\"solution\":\"Upgrade to latest versions.\",\"scanner\":{\"id\":\"gemnasium\",\"name\":\"Gemnasium\"},\"location\":{\"file\":\"yarn.lock\",\"dependency\":{\"package\":{\"name\":\"debug\"},\"version\":\"1.0.5\"}},\"identifiers\":[{\"type\":\"gemnasium\",\"name\":\"Gemnasium-37283ed4-0380-40d7-ada7-2d994afcc62a\",\"value\":\"37283ed4-0380-40d7-ada7-2d994afcc62a\",\"url\":\"https://deps.sec.gitlab.com/packages/npm/debug/versions/1.0.5/advisories\"}],\"links\":[{\"url\":\"https://nodesecurity.io/advisories/534\"},{\"url\":\"https://github.com/visionmedia/debug/issues/501\"},{\"url\":\"https://github.com/visionmedia/debug/pull/504\"}],\"remediations\":[null]}",
"report_type": "dependency_scanning",
"scanner_id": 63,
"severity": "low",
"updated_at": "2020-04-07T14:01:04.664Z",
"uuid": "f1d528ae-d0cc-47f6-a72f-936cec846ae7",
"vulnerability_id": 103
},
"id": 103,
"project": {
"created_at": "2020-04-07T13:54:25.634Z",
"description": "",
"id": 24,
"name": "security-reports",
"name_with_namespace": "gitlab-org / security-reports",
"path": "security-reports",
"path_with_namespace": "gitlab-org/security-reports"
},
"project_default_branch": "main",
"report_type": "dependency_scanning",
"resolved_at": null,
"resolved_by_id": null,
"resolved_on_default_branch": false,
"severity": "low",
"state": "detected",
"title": "Regular Expression Denial of Service in debug",
"updated_at": "2020-04-07T14:01:04.655Z"
}
]新建漏洞
创建新的漏洞。
如果认证用户没有 创建新漏洞 的权限,此请求将返回 403 状态码。
POST /projects/:id/vulnerabilities?finding_id=<your_finding_id>| Attribute | Type | Required | Description |
|---|---|---|---|
id |
integer or string | yes | 认证用户所属项目的 ID 或 URL 编码路径 |
finding_id |
integer or string | yes | 要创建新漏洞的漏洞发现的 ID |
新创建漏洞的其他属性从其源漏洞发现中填充,或使用以下默认值:
| Attribute | Value |
|---|---|
author |
认证用户 |
title |
漏洞发现的 name 属性 |
state |
opened |
severity |
漏洞发现的 severity 属性 |
confidence |
漏洞发现的 confidence 属性 |
curl --header POST "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/1/vulnerabilities?finding_id=1"示例响应:
{
"author_id": 1,
"confidence": "medium",
"created_at": "2020-04-07T14:01:04.655Z",
"description": null,
"dismissed_at": null,
"dismissed_by_id": null,
"finding": {
"confidence": "medium",
"created_at": "2020-04-07T14:01:04.630Z",
"id": 103,
"location_fingerprint": "228998b5db51d86d3b091939e2f5873ada0a14a1",
"metadata_version": "2.0",
"name": "Regular Expression Denial of Service in debug",
"primary_identifier_id": 135,
"project_id": 24,
"raw_metadata": "{\"category\":\"dependency_scanning\",\"name\":\"Regular Expression Denial of Service\",\"message\":\"Regular Expression Denial of Service in debug\",\"description\":\"The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the `o` formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.\",\"cve\":\"yarn.lock:debug:gemnasium:37283ed4-0380-40d7-ada7-2d994afcc62a\",\"severity\":\"Unknown\",\"solution\":\"Upgrade to latest versions.\",\"scanner\":{\"id\":\"gemnasium\",\"name\":\"Gemnasium\"},\"location\":{\"file\":\"yarn.lock\",\"dependency\":{\"package\":{\"name\":\"debug\"},\"version\":\"1.0.5\"}},\"identifiers\":[{\"type\":\"gemnasium\",\"name\":\"Gemnasium-37283ed4-0380-40d7-ada7-2d994afcc62a\",\"value\":\"37283ed4-0380-40d7-ada7-2d994afcc62a\",\"url\":\"https://deps.sec.gitlab.com/packages/npm/debug/versions/1.0.5/advisories\"}],\"links\":[{\"url\":\"https://nodesecurity.io/advisories/534\"},{\"url\":\"https://github.com/visionmedia/debug/issues/501\"},{\"url\":\"https://github.com/visionmedia/debug/pull/504\"}],\"remediations\":[null]}",
"report_type": "dependency_scanning",
"scanner_id": 63,
"severity": "low",
"updated_at": "2020-04-07T14:01:04.664Z",
"uuid": "f1d528ae-d0cc-47f6-a72f-936cec846ae7",
"vulnerability_id": 103
},
"id": 103,
"project": {
"created_at": "2020-04-07T13:54:25.634Z",
"description": "",
"id": 24,
"name": "security-reports",
"name_with_namespace": "gitlab-org / security-reports",
"path": "security-reports",
"path_with_namespace": "gitlab-org/security-reports"
},
"project_default_branch": "main",
"report_type": "dependency_scanning",
"resolved_at": null,
"resolved_by_id": null,
"resolved_on_default_branch": false,
"severity": "low",
"state": "detected",
"title": "Regular Expression Denial of Service in debug",
"updated_at": "2020-04-07T14:01:04.655Z"
}错误
当用于创建漏洞的发现未找到,或已关联到其他漏洞时,会发生此错误:
A Vulnerability Finding is not found or already attached to a different Vulnerability状态码:400
示例响应:
{
"message": {
"base": [
"finding is not found or is already attached to a vulnerability"
]
}
}