How to generate XRay Vulnerabilties report using rest api

Question

Could someone please help to generate Vulnerability report via rest api for artifacts? Maybe sample example will help. Looked at the below documentation but not clear to me https://www.jfrog.com/confluence/display/JFROG/Xray+REST+API#XrayRESTAPI-GenerateVulnerabilitiesReport

Answer 1

I assume your Xray version is 3.x, kindly follow the below curl command which should give you the report,

curl -u<username>:<password> http://artifactory_URL/xray/api/v1/reports/vulnerabilities -H 'Content-Type: application/json' -d @report.json

In the report.json file, add the information which you need to generate the report for. For example:

cat report.json {

"name": "report1",
"resources": {
    "repositories": [
        {
            "name": "libs-release-local"
        }
    ],
    "builds": {
        "names": [
            "art-docker-test",
            "art-docker-prod"
        ]
    }
},
"filters": {
    "vulnerable_component": "*vulnerable:component*",
    "impacted_artifact": "some://impacted*artifact",
    "has_remediation": false,
    "cve": "CVE-1234-1234",
    "issue_id": "XRAY-1234",
    "severities": [
        "High",
        "Medium"
    ],
    "cvss_score": {
        "min_score": 6.3,
        "max_score": 9
    },
    "published": {
        "start": "2020-06-29T12:22:16Z",
        "end": "2020-06-29T12:22:16Z"
    },
    "scan_date": {
        "start": "2020-06-29T12:22:16Z",
        "end": "2020-06-29T12:22:16Z"}

}

}

I'm generating a report for the repository "libs-release-local" and build name "art-docker-test" and "art-docker-prod" with filters as you can understand.