有人可以帮助通过rest api为工件生成漏洞报告吗?也许示例示例会有所帮助。查看了以下文档,但我不清楚 https://www.jfrog.com/confluence/display/JFROG/Xray+REST+API#XrayRESTAPI-GenerateVulnerabilitiesReport
问问题
101 次
1 回答
0
我假设你的 Xray 版本是 3.x,请按照下面的 curl 命令操作,它应该会给你报告,
curl -u<username>:<password> http://artifactory_URL/xray/api/v1/reports/vulnerabilities -H 'Content-Type: application/json' -d @report.json
在 report.json 文件中,添加生成报告所需的信息。例如:
猫报告.json {
"name": "report1",
"resources": {
"repositories": [
{
"name": "libs-release-local"
}
],
"builds": {
"names": [
"art-docker-test",
"art-docker-prod"
]
}
},
"filters": {
"vulnerable_component": "*vulnerable:component*",
"impacted_artifact": "some://impacted*artifact",
"has_remediation": false,
"cve": "CVE-1234-1234",
"issue_id": "XRAY-1234",
"severities": [
"High",
"Medium"
],
"cvss_score": {
"min_score": 6.3,
"max_score": 9
},
"published": {
"start": "2020-06-29T12:22:16Z",
"end": "2020-06-29T12:22:16Z"
},
"scan_date": {
"start": "2020-06-29T12:22:16Z",
"end": "2020-06-29T12:22:16Z"}
}
}
我正在为存储库“libs-release-local”生成报告,并使用您可以理解的过滤器构建名称“art-docker-test”和“art-docker-prod”。
于 2022-01-10T16:02:17.643 回答