Reports API - Synchronous
Overview
This resource represents reports.
This topic showcases the API requests and responses for getting the following types of reports:
Inventory report for an organization, product or project
Source File Inventory report for an organization, product or project
Due Diligence report for an organization, product or project
Attribution report for a product or project
Product Comparison report
Project Comparison report
Project level SBOM (Software Bill of Materials) using SPDX
Custom Attribute Values report for an organization, product or project
Library Location report for an organization or product
License Compatibility report for a product or project
Effective Licenses report for an organization or product
In-House report for an organization, product or project
Risk report in PDF format for an organization, product or project
Vulnerabilities report for an organization, product or project
Container Vulnerabilities report for an organization or cluster
Effective Usage Analysis report
Alerts report for an organization, product or project
Ignored Alerts report for an organization, product or project
Resolved Alerts report for an organization, product or project
Change Log History report
Request History report for an organization, product or project
Plugin Request History report
Members report for an organization, product or project
NOTE: The following APIs are not supported if Vulnerability-based Alerting (see Security Alerts: View By Vulnerability) is installed; they will be deprecated in January 2022:
getOrganizationAlertsReport, getProductAlertsReport, getProjectAlertsReport
getOrganizationIgnoredAlertsReport, getProductIgnoredAlertsReport, getProjectIgnoredAlertsReport
getOrganizationResolvedAlertsReport, getProductResolvedAlertsReport, getProjectResolvedAlertsReport
Get Inventory Report
The Inventory report provides a BOM (Bill Of Materials) of all open source libraries in the account. It can present libraries by organization as well as by product (application).
This API request enables you to export organization, product or project-level inventory reports in Excel (xlsx), XML (xml) or JSON (json) format. The default format is Excel (xlsx).
Get Inventory Report - Organization
Get Inventory report for an organization.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns an Inventory report for an organization. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
orgToken | API key which is a unique identifier of the organization. | string | Yes |
format | Requested format of the report. Options are: xlsx (default), xml, or json. | string | Yes |
extraLibraryFields | Date that the library was last released. | string | Yes |
search | Library name by which to filter the report. | string | No |
Request Example
CODE
|
Response in XML Format
<?xml version="1.0" encoding="UTF-8"?>
<inventory>
<library>
<name>json-schema-0.2.3.tgz</name>
<group>json-schema</group>
<artifact>json-schema-0.2.3.tgz</artifact>
<version>0.2.3</version>
<type>javascript/Node.js</type>
<sha1>b480c892e59a2f05954ce727bd3f2a4e882f9e13</sha1>
<description>JSON Schema validation and specifications</description>
<licenses>
<license>Academic 2.1</license>
<license>BSD 3</license>
</licenses>
<matchType>Filename Match</matchType>
<projects>
<project>tenantmetaserv (transitiveDependency)</project>
</projects>
<attribute name="att7"/>
</library>
.......Response in JSON Format
{
"libraries": [
{
"keyUuid": "36466e69-bda1-43d3-9962-6f3a341720b9",
"type": "javascript/Node.js",
"productName": "Platform_Develop",
"projectName": "tenantmetaserv",
"description": "JSON Schema validation and specifications",
"directDependency": false,
"matchType": "Filename Match",
"sha1": "b480c892e59a2f05954ce727bd3f2a4e882f9e13",
"name": "json-schema-0.2.3.tgz",
"artifactId": "json-schema-0.2.3.tgz",
"version": "0.2.3",
"groupId": "json-schema",
"licenses": [
{
"name": "Academic 2.1",
"references": []
},
{
"name": "BSD 3",
"references": []
}
]
}
]
}Get Inventory Report - Product
Get Inventory report for a product.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns an Inventory report for a specific product. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
productToken | Unique identifier of the product. | string | Yes |
format | Requested format of the report. Options are: xlsx (default), xml, or json. | string | Yes |
extraLibraryFields | Date that the library was last released. | string | Yes |
search | Library name by which to filter the report. | string | No |
Request Example
CODE
|
Response Example (JSON)
{
"libraries": [
{
"keyUuid": "a36b133a-3323-498a-9752-cea250ac27e1",
"type": "Source Library",
"productName": "git",
"projectName": "my-proj",
"description": "The core git plumbing",
"directDependency": true,
"matchType": "Best Match",
"sha1": "d0654dc308b0ba76dd8ed7bbb33c8d8f7aacd783",
"name": "git-v2.25.0",
"artifactId": "git",
"version": "v2.25.0",
"groupId": "Junio C. Hamano",
"licenses": [
{
"name": "GPL 3.0",
"references": []
},
{
"name": "LGPL 2.1",
"references": []
},
{
"name": "GPL 2.0",
"references": []
}
]
},
.....Get Inventory Report - Project
Get Inventory report for a project.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns an Inventory report for a specific project. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
projectToken | Unique identifier of the project. | string | Yes |
format | Requested format of the report. Options are: xlsx (default), xml, or json. | string | Yes |
extraLibraryFields | Date that the library was last released. | string | Yes |
search | Library name by which to filter the report. | string | No |
Request Example
CODE
|
Response Example (JSON)
{
"libraries": [
{
"keyUuid": "a70b1eea-b140-4d96-8eda-670efe697f7b",
"type": "Java",
"productName": "My Product",
"projectName": "WST_468",
"description": "Groovy: A powerful, dynamic language for the JVM",
"directDependency": true,
"matchType": "Exact Match",
"sha1": "5396699e9d96c5c75d75ae95aa49acd5af048aac",
"name": "groovy-all-1.8.9.jar",
"artifactId": "groovy-all",
"version": "1.8.9",
"groupId": "org.codehaus.groovy",
"licenses": [
{
"name": "Apache 2.0",
"references": []
}
]
},
{
"keyUuid": "8929e5db-a6cd-4c89-8e75-d1998cc5305f",
"type": "Java",
"productName": "My Product",
"projectName": "WST_468",
"description": "Guava is a suite of core and expanded libraries that include\n utility classes, google's collections, io classes, and much\n much more.\n\n Guava has only one code dependency - javax.annotation,\n per the JSR-305 spec.",
"directDependency": true,
"matchType": "Exact Match",
"sha1": "cce0823396aa693798f8882e64213b1772032b09",
"name": "guava-18.0.jar",
"artifactId": "guava",
"version": "18.0",
"groupId": "com.google.guava",
"licenses": [
{
"name": "Apache 2.0",
"references": []
}
]
},
......Get Source File Inventory Report
The Source File Inventory report enables you to view source files that are matched to a library in your inventory.
This API request enables you to get organization, product or project-level source file inventory reports in Excel (xlsx) or JSON (json) format.
Get Source File Inventory Report - Organization
Get Source File Inventory report for an organization.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a Source File Inventory report for an organization. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
orgToken | API key which is a unique identifier of the organization. | string | Yes |
format | Requested format of the report. Options are: xlsx (default) or json. | string | Yes |
Request Example
CODE
|
Response in JSON Format
{
"sourceFiles": [
{
"library": {
"artifactId": "git",
"version": "v2.25.0",
"licenses": [
{
"name": "GPL 3.0",
"references": []
},
{
"name": "GPL 2.0",
"references": []
},
{
"name": "LGPL 2.1",
"references": []
}
]
},
"filename": "abspath.c",
"sha1": "d6215949ebe7cc6ddfcb103e9657057bcb8fbaa1",
"path": "C:\\Users\\TaliaSela\\Projects\\git\\abspath.c",
"productName": "git",
"projectName": "my-proj",
"lastUpdatedDate": "2020-02-03 20:45:38",
"matchType": "AUTOMATIC"
}
]
}Response in Excel Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Get Source File Inventory Report - Product
Get Source File Inventory report for a product.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a Source File Inventory report for a product. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
productToken | Unique identifier of the product. | string | Yes |
format | Requested format of the report. Options are: xlsx (default) or json. | string | Yes |
Request Example
CODE
|
Response in JSON Format
{
"sourceFiles": [
{
"library": {
"artifactId": "portofino",
"version": "portofino-4.2.8-javadoc",
"licenses": [
{
"name": "LGPL 3.0",
"references": []
}
]
},
"filename": "script.js",
"sha1": "a6717beac050d49869c234af4e409404b5593260",
"path": "/RxJava/build/docs/javadoc/io/reactivex/rxjava3/functions/../../../../script.js",
"productName": "GH_1_RxJava",
"projectName": "GH_RxJava",
"lastUpdatedDate": "2016-09-11 21:52:01",
"matchType": "AUTOMATIC"
}
]
}Response in Excel Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Get Source File Inventory Report - Project
Get Source File Inventory report for a project.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a Source File Inventory report for a project. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
projectToken | Unique identifier of the project. | string | Yes |
format | Requested format of the report. Options are: xlsx (default) or json. | string | Yes |
Request Example
CODE
|
Response Example (JSON)
{
"sourceFiles": [
{
"library": {
"artifactId": "cloudify-cli",
"version": "20.01.05",
"licenses": [
{
"name": "Apache 2.0",
"references": []
}
]
},
"filename": "agents.py",
"sha1": "c463e1aeeb420afa0dfd4d25b9794a3b2bc0810a",
"path": "C:\\Users\\TaliaSela\\Projects\\cloudify-cli\\cloudify_cli\\commands\\agents.py",
"productName": "Cfy",
"projectName": "cloudify_cli",
"lastUpdatedDate": "2020-02-17 17:59:19",
"matchType": "AUTOMATIC"
},
{
"library": {
"artifactId": "cloudify-cli",
"version": "20.01.05",
"licenses": [
{
"name": "Apache 2.0",
"references": []
}
]
},
"filename": "blueprints.py",
"sha1": "cd0def3e5802cce428f54d141a8be9aec99ffc73",
"path": "C:\\Users\\TaliaSela\\Projects\\cloudify-cli\\cloudify_cli\\commands\\blueprints.py",
"productName": "Cfy",
"projectName": "cloudify_cli",
"lastUpdatedDate": "2020-02-17 17:59:19",
"matchType": "AUTOMATIC"
},
......Response Format (xlsx)
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Get Due Diligence Report
This report provides due diligence related information for each open-source library in order to comply with the relevant legal requirements. For details, see the Due Diligence Report.
The API request enables you to get organization, product, or project-level Due Diligence reports in Excel (xlsx), XML (xml), or JSON (json) format.
Get Due Diligence Report - Organization
Get Due Diligence report for an organization.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a Due Diligence report for an organization. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
orgToken | API key which is a unique identifier of the organization. | string | Yes |
format | Requested format of the report. Options are: xlsx (default) or json. | string | Yes |
Request Example
CODE
|
Response in Excel Format
The response to the above example in xlsx format will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Response in JSON Format
{
"licenses": [
{
"type": "Open Source",
"riskScore": 39,
"library": "commons-beanutils-1.8.0.jar",
"reference": "https://repo.maven.apache.org/maven2/commons-beanutils/commons-beanutils/1.8.0/commons-beanutils-1.8.0.pom",
"copyright": "2000-2008 Copyright 2000-2008 The Apache Software Foundation",
"homepage": "http://www.apache.org/",
"author": "The Apache Software Foundation",
"projectName": "Demo Data",
"productName": "Demo Product",
"reference_type": "POM file",
"name": "Apache 2.0"
},
{
"type": "Open Source",
"riskScore": 39,
"library": "commons-logging-1.1.1.jar",
"reference": "https://repo.maven.apache.org/maven2/commons-logging/commons-logging/1.1.1/commons-logging-1.1.1.pom",
"copyright": "2001-2007 Copyright 2001-2007 The Apache Software Foundation",
"homepage": "http://www.apache.org/",
"author": "The Apache Software Foundation",
"projectName": "Demo Data",
"productName": "Demo Product",
"reference_type": "POM file",
"name": "Apache 2.0"
}
]
}Get Due Diligence Report - Product
Get Due Diligence report for a product.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a Due Diligence report for a specific product. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
productToken | Unique identifier of the product. | string | Yes |
format | Requested format of the report. Options are: xlsx (default), xml, or json. | string | Yes |
Request Example
CODE
|
Response in JSON Format
{
"licenses": [
{
"type": "Open Source",
"riskScore": 39,
"library": "commons-beanutils-1.8.0.jar",
"reference": "https://repo.maven.apache.org/maven2/commons-beanutils/commons-beanutils/1.8.0/commons-beanutils-1.8.0.pom",
"copyright": "2000-2008 Copyright 2000-2008 The Apache Software Foundation",
"homepage": "http://www.apache.org/",
"author": "The Apache Software Foundation",
"projectName": "Demo Data",
"productName": "Demo Product",
"reference_type": "POM file",
"name": "Apache 2.0"
},
{
"type": "Open Source",
"riskScore": 39,
"library": "commons-logging-1.1.1.jar",
"reference": "https://repo.maven.apache.org/maven2/commons-logging/commons-logging/1.1.1/commons-logging-1.1.1.pom",
"copyright": "2001-2007 Copyright 2001-2007 The Apache Software Foundation",
"homepage": "http://www.apache.org/",
"author": "The Apache Software Foundation",
"projectName": "Demo Data",
"productName": "Demo Product",
"reference_type": "POM file",
"name": "Apache 2.0"
}
]
}
Response in Excel Format
The response to the above example in xlsx format will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Get Due Diligence Report - Project
Get Due Diligence report for a product.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a Due Diligence report for a specific project. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
projectToken | Unique identifier of the project. | string | Yes |
format | Requested format of the report. Options are: xlsx (default), xml, or json. | string | Yes |
Request Example
CODE
|
Response in JSON Format
{
"licenses": [
{
"type": "Closed Source",
"library": "wss-unified-agent.jar",
"reference": "http://whitesourcesoftware.com/",
"copyright": "Unspecified Copyright",
"projectName": "temp",
"productName": "Demo Product",
"reference_type": "Project home page",
"name": "Suspected Proprietary"
}
]
}Response in Excel Format
The response to the above request in xlsx format will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Get Attribution Report
The Attribution Report details compliance information on open source software components managed in Mend products and projects.
This API request allows users to get the exported version of the Attribution report, at the product or project-level scope, in HTML or text format.
Get Attribution Report - Product
Get Attribution Report for a product.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns an Attribution report with for a specific product. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
productToken | Unique identifier of the product. | string | Yes |
reportHeader | Report header - default value is Attribution Report. | string | No |
reportTitle | Text that you want to appear in the report title. | string | No |
reportFooter | Text that you want to appear in the footer of the report. | string | No |
reportingScope | Scope of the information to be included in the report. By default, the following:
| string | No |
reportingAggregationMode | How to group the information in the report - according to the library (i.e. BY_COMPONENT) or by project (BY_PROJECT). | string | Yes |
missingLicenseDisplayOption | What to write if the license is missing. Options are: “BLANK” (default) or “GENERIC_LICENSE”. | string | No |
exportFormat | Format of exported report: TXT, HTML, or JSON. Case insensitive. | string | No |
licenseReferenceTextPlacement | LICENSE_SECTION (default) or APPENDIX_SECTION. | string | No |
customAttribute | Name of custom attribute for the product. | string | No |
includeVersions | “true” (default) or “false”. If set to “false”, the report will not include the “version” field. | boolean | No |
Request Example
CODE
|
Response Format
The response is in text or HTML formats.
Get Attribution Report - Project
Get Attribution Report for a project.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns an Attribution report with for a specific project. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
projectToken | Unique identifier of the project. | string | Yes |
reportHeader | Report header - default value is Attribution Report. | string | No |
reportTitle | Text that you want to appear in the report title. | string | No |
reportFooter | Text that you want to appear in the footer of the report. | string | No |
reportingScope | Scope of the information to be included in the report. By default, the following:
| string | No |
reportingAggregationMode | How to group the information in the report - according to the library (i.e. BY_COMPONENT) or by project (BY_PROJECT). | string | Yes |
missingLicenseDisplayOption | What to write if the license is missing. Options are: “BLANK” (default) or “GENERIC_LICENSE”. | string | No |
exportFormat | Format of exported report: TXT, HTML, or JSON. Case insensitive. | string | No |
licenseReferenceTextPlacement | LICENSE_SECTION (default) or APPENDIX_SECTION. | string | No |
customAttribute | Name of custom attribute for the project. | string | No |
includeVersions | “true” (default) or “false”. If set to “false”, the report will not include the “version” field. | boolean | No |
Request Example
CODE
|
Response Format
The response is in text or HTML format.
Get Product Comparison Report
The Product Comparison report enables you to compare library and license information (such as, number of license occurrences) between two products.
This API request enables you to get a product comparison report in Excel format.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a product comparison report between two products. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
productToken | Unique identifier of the first product. | string | Yes |
productToken2 | Unique identifier of the second product. | string | Yes |
Request Example
CODE
|
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product>-<product2>-product-comparison.xlsx
Get Project Comparison Report
The Project Comparison report enables you to compare library and license information (such as, number of license occurrences) between two projects (in the same product or different products).
This API request enables you to get a project comparison report in Excel format.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a project comparison report between two projects. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
projectToken | Unique identifier of the first project. | string | Yes |
projectToken2 | Unique identifier of the second project. | string | Yes |
Request Example
CODE
|
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<project>-<project2>-project-comparison.xlsx
Get SBOM Report with SPDX
Note: While the getProjectSpdxReport API call is still supported, we recommend using our Asynchronous API SBOM reporting that offers several updated enhancements, including project and product-level results as well as additional formats.
SBOM is a Software Bill of Materials that provides a list of all the open source present in a codebase.
This API request enables you to get an SBOM report using the SPDX (Software Package Data Exchange) open standard for communicating SBOM information.
This request is available at the project level only.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns an SPDX SBOM report for a specific project. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in Mend. | string | Yes |
projectToken | Unique identifier of the project. | string | Yes |
sendEmailNotification | When “true”, this optional parameter enables an email notification to be sent to the user upon successful export of the report. By default, the value is “false”, meaning that an email notification will not be sent. | boolean | No |
format | Requested format of the report. | string | Yes |
Request Example
{
"requestType": "getProjectSpdxReport",
"userKey": "user_key",
"projectToken": "project_token",
"sendEmailNotification": true, //if not mentioned- default "false",
"format":"JSON"
}Response Example
{
"SPDXID": "SPDXRef-DOCUMENT",
"spdxVersion": "SPDX-2.2",
"creationInfo": {
"created": "2022-07-06T13:17:06Z",
"creators": [
"Tool: Mend Spdx Report Generator"
]
},
"name": "SPDX report for GH_ilan-stuff-0 project",
"dataLicense": "CC0-1.0",
"documentNamespace": "https://CreatorWebsite/spdx/doc/GH_ilan-stuff-0",
"documentDescribes": [
"SPDXRef-0-socket.io",
"SPDXRef-20-jquery",
"SPDXRef-21-ccoenraets",
"SPDXRef-22-express",
"SPDXRef-72-mongodb",
"SPDXRef-91-backbone.js",
"SPDXRef-92-underscore.js"
],
"packages": [
{
"SPDXID": "SPDXRef-25-safer-buffer",
"checksums": [
{
"algorithm": "SHA1",
"checksumValue": "44fa161b0187b9549dd84bb91802f9bd8385cd6a"
}Get Custom Attribute Values Report
Custom attributes provide the option for adding customized metadata on a library and then filtering according to custom attribute values in the Attributes Report.
This API request returns a list of all custom attributes along with their set values for each library. This request is available at the organization, product, or project-level.
Get Custom Attribute Values Report - Organization
Get all custom attributes with their values for an organization.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns custom attributes with their values for a specific organization. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
orgToken | API key which is a unique identifier of the organization. | string | Yes |
Request Example
CODE
|
Response Example
The response is a JSON collection of all the custom attributes in the organization with their values per library. For example:
{
"libraries": [
{
"keyUuid": "5c71b215-300f-49f4-99ab-98dad0a7727f",
"customAttributeValues": [
{
"attributeKey": "att4",
"attributeValue": "aaaaa",
"context": "Organizational",
"contextId": 546628,
"contextName": "Talia Playground",
"contextToken": "context_token"
},
{
"attributeKey": "description",
"attributeValue": "This is an org level attribute value",
"context": "Organizational",
"contextId": 546628,
"contextName": "Talia Playground",
"contextToken": "context_token"
},
{
"attributeKey": "att2",
"attributeValue": "att2att2",
"context": "Organizational",
"contextId": 546628,
"contextName": "Talia Playground",
"contextToken": "context_token"
}
]
}
]
} Get Custom Attribute Values Report - Product
Get all custom attributes with their values for a product.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns custom attributes with their values for a specific product. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
productToken | Unique identifier of the product. | string | Yes |
Request Example
CODE
|
Response Example
The response is a JSON collection of all the custom attributes with their values for the specific product. For example:
{
"libraries": [
{
"keyUuid": "541df6e9-a095-4ca1-9252-13696ae290dc",
"customAttributeValues": [
{
"attributeKey": "att9",
"attributeValue": "sdfsd",
"context": "Organizational",
"contextId": 546628,
"contextName": "Talia Playground",
"contextToken": "context_token"
},
{
"attributeKey": "descrpition",
"attributeValue": "This is an org level attribute value",
"context": "Organizational",
"contextId": 546628,
"contextName": "Talia Playground",
"contextToken": "context_token"
},
{
"attributeKey": "att2",
"attributeValue": "att2att2",
"context": "Organizational",
"contextId": 546628,
"contextName": "Talia Playground",
"contextToken": "context_token"
}
]
}
]
}Get Custom Attribute Values Report - Project
Get all custom attributes with their values for a project.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns custom attributes with their values for a specific project. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
projectToken | Unique identifier of the project. | string | Yes |
Request Example
CODE
|
Response Example
The response is a JSON collection of all the custom attributes with their values for the specific project. For example:
CODE
|
Get Library Location Report
The Library Location report enables you to view libraries according to the location of the filename match. For details, see Matching Libraries by Filename.
NOTE: Matching libraries by filename must first be enabled via the Admin Integration Page.
This API request enables you to get organization or product-level library location reports in Excel format.
Get Library Location Report - Organization
Get a report of all library locations for an organization in Excel format.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns all library locations for a specific organization. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
orgToken | API key which is a unique identifier of the organization. | string | Yes |
Request Example
CODE
|
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Get Library Location Report - Product
Get a report of all library locations for a specific product in Excel format.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns library locations for a specific product. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
productToken | Unique identifier of the product. | string | Yes |
Request Example
CODE
|
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Get License Compatibility Report
License compatibility is a legal framework that allows for libraries with different software licenses to be distributed together in the same product or project. The License Compatibility Report provides information on the incompatibility of library licenses in a project or product.
Get License Compatibility Report - Product
Get the compatibility of libraries with different software licenses distributed together in the same product, in Excel format.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a compatibility report of library licenses in a product. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
productToken | Unique identifier of the product. | string | Yes |
Request Example
CODE
|
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename*=UTF-8''<Product Name>-license-compatibility-report.xlsx
Get License Compatibility Report - Project
Get the compatibility of libraries with different software licenses distributed together in the same project, in Excel format.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a compatibility report of library licenses in a project. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
projectToken | Unique identifier of the project. | string | Yes |
Request Example
CODE
|
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename*=UTF-8''<Project Name>-license-compatibility-report.xlsx
Get Effective Licenses Report
The Effective Licenses report tracks the assignments of licenses to libraries in the inventory. Once a license is selected by a user, it will be considered that library's "effective" license from then on. This report shows information about actual library licensing and its original licenses.
This API request enables you to get organization or product-level Effective Licenses reports in Excel format.
Get Effective Licenses Report - Organization
Get a report of all Effective Licenses for an organization in Excel format.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns all Effective Licenses for a specific organization. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
orgToken | API key which is a unique identifier of the organization. | string | Yes |
Request Example
CODE
|
Response Format (Excel)
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
For example:
Get Effective Licenses Report - Product
Get a report of all Effective Licenses for a product in Excel format.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns all Effective Licenses for a specific product. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
productToken | Unique identifier of the product. | string | Yes |
Request Example
CODE
|
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Get In-House Report
The In-House report provides information on all the In-House libraries in the selected scope.
This API request enables you to get organization, product, and project level in-house report(s) in Excel format.
Get In-House Report - Organization
Get a report about all In-House libraries in an organization.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a report about all In-House libraries for a specific organization. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
orgToken | API key which is a unique identifier of the organization. | string | Yes |
Request Example
CODE
|
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>-in-house-report.xlsx
For example:
Get In-House Report - Product
Get a report about all In-House libraries in a product.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a report about all In-House libraries in a specific product. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
productToken | Unique identifier of the product. | string | Yes |
Request Example
CODE
|
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>-in-house-report.xlsx
Get In-House Report - Project
Get a report about all In-House libraries in a project.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a report about all In-House libraries in a specific project. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
projectToken | Unique identifier of the project. | string | Yes |
Request Example
CODE
|
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<project name>-in-house-report.xlsx
Get Risk Report
The Risk report provides a view of all aspects of the account's open-source libraries; security, quality and compliance. It can display libraries by organization, as well as by product (application). For details, see the Risk Report.
This API request enables you to export organization, product, or project-level risk reports in PDF format.
Get Risk Report - Organization
Get Risk report for an organization.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a report about risk in an organization. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
orgToken | API key which is a unique identifier of the organization. | string | Yes |
Request Example
CODE
|
Response Format
The response will have the following headers:
Content-Type = application/pdf
Content-Disposition: attachment; filename=<organization name>.pdf
PDF Example
Get Risk Report - Product
Get Risk report for a product.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a risk report for a specific product. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
productToken | Unique identifier of the product. | string | Yes |
Request Example
CODE
|
Response Format
The response will have the following headers:
Content-Type = application/pdf
Content-Disposition: attachment; filename=<product name>.pdf
Get Risk Report - Project
Get Risk report for a project.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a risk report for a specific project. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
projectToken | Unique identifier of the project. | string | Yes |
Request Example
CODE
|
Response Format
The response will have the following headers:
Content-Type = application/pdf
Content-Disposition: attachment; filename=<project name>.pdf
Get Vulnerabilities Report
The Vulnerabilities Report contains all relevant information about your vulnerabilities, such as, severity, number of occurrences, library which was found vulnerable, and so on.
This API request enables you to get organization, product or project-level reports in Excel or JSON format.
Get Vulnerabilities Report - Organization
Get Vulnerabilities report for an organization.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a Vulnerabilities report for an organization. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
orgToken | API key which is a unique identifier of the organization. | string | Yes |
format | Requested format of the report. Options are: xlsx (default) or json. | string | Yes |
Request Example
CODE
|
Response Example (JSON)
{
"vulnerabilities": [
{
"name": "CVE-2020-13949",
"type": "CVE",
"severity": "high",
"score": "5.0",
"cvss3_severity": "HIGH",
"cvss3_score": "7.5",
"publishDate": "2021-02-12",
"lastUpdatedDate": "2021-10-04",
"scoreMetadataVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"url": "https://vuln.whitesourcesoftware.com/vulnerability/CVE-2020-13949",
"description": "In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.",
"project": "ilanscana4c",
"product": "My Product",
"cvss3Attributes": {
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"userInteraction": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"library": {
"keyUuid": "d573f5fe-808c-49f7-8abb-41062203e3bb",
"filename": "github.com/apache/thrift-v0.13.0",
"type": "GO_PACKAGE",
"description": "Apache Thrift",
"sha1": "688b9a63daf3b038646ecedac2306c89262eccf0",
"name": "github.com/apache/thrift",
"artifactId": "github.com/apache/thrift",
"version": "v0.13.0",
"groupId": "github.com/apache/thrift",
"architecture": "",
"languageVersion": ""
},
"topFix": {
"vulnerability": "CVE-2020-13949",
"type": "UPGRADE_VERSION",
"origin": "mend_EXPERT",
"url": "https://lists.apache.org/thread.html/r43dc2b2e928e9d845b07ac075634cb759d91bb852421dc282f87a74a%40%3Cdev.thrift.apache.org%3E",
"fixResolution": "Upgrade to version v0.14.0",
"date": "2021-02-12 20:15:00",
"message": "Upgrade to version",
"extraData":"{\"packageLevelFix\":[{\"cveIdentifier\":\"CVE-2020-13949\",\"packageName\":\"thrift\",\"packageType\":\"ARCHLINUX\",\"affectedVersions\":\"(0.13.0-1)\",\"affectedRange\":\"\>\=0.13.0-1 \<0.14.0-1\",\"minFixVersion\":\"0.14.0-1\"}]}"
},
......Get Vulnerabilities Report - Product
Get Vulnerabilities report for a product.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a Vulnerabilities report for a specific product. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
productToken | Unique identifier of the product. | string | Yes |
format | Requested format of the report. Options are: xlsx (default) or json. | string | Yes |
Request Example
CODE
|
Response Example
{
"vulnerabilities": [
{
"name": "CVE-2021-3918",
"type": "CVE",
"severity": "high",
"score": "7.5",
"cvss3_severity": "HIGH",
"cvss3_score": "9.8",
"publishDate": "2021-11-13",
"lastUpdatedDate": "2021-11-16",
"scoreMetadataVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"url": "https://vuln.whitesourcesoftware.com/vulnerability/CVE-2021-3918",
"description": "json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')",
"project": "tenantmetaserv",
"product": "Platform_Develop",
"cvss3Attributes": {
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"userInteraction": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"library": {
"keyUuid": "36466e69-bda1-43d3-9962-6f3a341720b9",
"filename": "json-schema-0.2.3.tgz",
"type": "NODE_PACKAGED_MODULE",
"description": "JSON Schema validation and specifications",
"sha1": "b480c892e59a2f05954ce727bd3f2a4e882f9e13",
"name": "json-schema",
"artifactId": "json-schema-0.2.3.tgz",
"version": "0.2.3",
"groupId": "json-schema",
"architecture": "",
"languageVersion": ""
},
"topFix": {
"vulnerability": "CVE-2021-3918",
"type": "UPGRADE_VERSION",
"origin": "mend_EXPERT",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3918",
"fixResolution": "Upgrade to version json-schema - 0.4.0",
"date": "2021-11-13 09:15:00",
"message": "Upgrade to version",
"extraData":"{\"packageLevelFix\":[{\"cveIdentifier\":\"CVE-2021-3918\",\"packageName\":\"json-schema\",\"packageType\":\"NPM\",\"affectedVersions\":\"(0.2.0, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.3.0)\",\"affectedRange\":\"\>\=0.2.0 \<0.4.0\",\"minFixVersion\":\"0.4.0\"}]}"
},
"locations": [
{
"matchType": "Filename Match",
"path": "/var/lib/jenkins-slave/workspace/erf-test-from-separate-file-YECM26EQSNY6A7QYPYEUHXPUJZIMNDBB5D6TE6JUFO437GWBAEEQ/tenantmetaserv/node_modules/json-schema/package.json"
}
]
},
......Get Vulnerabilities Report - Project
Get Vulnerabilities report for a project.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a Vulnerabilities report for a specific project. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
projectToken | Unique identifier of the project. | string | Yes |
format | Requested format of the report. Options are: xlsx (default) or json. | string | Yes |
excludeExtraData | Control the inclusion of the
| boolean | No |
Request Example
CODE
|
Response Example
{
"vulnerabilities": [
{
"name": "CVE-2016-3092",
"type": "CVE",
"severity": "high",
"score": "7.8",
"cvss3_severity": "HIGH",
"cvss3_score": "7.5",
"publishDate": "2016-07-04",
"lastUpdatedDate": "2021-07-17",
"scoreMetadataVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"url": "https://vuln.whitesourcesoftware.com/vulnerability/CVE-2016-3092",
"description": "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.",
"project": "Demo Data",
"product": "Demo Product",
"cvss3Attributes": {
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"userInteraction": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"library": {
"keyUuid": "2d4e959e-602e-4f94-8c3e-d4c30e36ed7c",
"filename": "commons-fileupload-1.2.1-URBA2209RC1.jar",
"type": "MAVEN_ARTIFACT",
"description": "The FileUpload component provides a simple yet flexible means of adding support for multipart\n file upload functionality to servlets and web applications.",
"sha1": "384faa82e193d4e4b0546059ca09572654bc3970",
"name": "commons-fileupload",
"artifactId": "commons-fileupload",
"version": "1.2.1-URBA2209RC1",
"groupId": "commons-fileupload",
"architecture": "",
"languageVersion": ""
},
"topFix": {
"vulnerability": "CVE-2016-3092",
"type": "UPGRADE_VERSION",
"origin": "mend_EXPERT",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092",
"fixResolution": "Upgrade to version org.apache.tomcat.embed:tomcat-embed-core:9.0.0.M8,8.5.3,8.0.36,7.0.70,org.apache.tomcat:tomcat-coyote:9.0.0.M8,8.5.3,8.0.36,7.0.70,commons-fileupload:commons-fileupload:1.3.2",
"date": "2016-07-04 22:59:00",
"message": "Upgrade to version",
"extraData":"{\"packageLevelFix\":[{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"org.apache.tomcat.embed:tomcat-embed-core\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(7.0.0, 7.0.2, 7.0.4, 7.0.5, 7.0.6, 7.0.8, 7.0.11, 7.0.12, 7.0.14, 7.0.16, 7.0.19, 7.0.20, 7.0.21, 7.0.22, 7.0.23, 7.0.25, 7.0.26, 7.0.27, 7.0.28, 7.0.29, 7.0.30, 7.0.32, 7.0.33, 7.0.34, 7.0.35, 7.0.37, 7.0.39, 7.0.40, 7.0.41, 7.0.42, 7.0.47, 7.0.50, 7.0.52, 7.0.53, 7.0.54, 7.0.55, 7.0.56, 7.0.57, 7.0.59, 7.0.61, 7.0.62, 7.0.63, 7.0.64, 7.0.65, 7.0.67, 7.0.68, 7.0.69)\",\"affectedRange\":\"\>\=7.0.0 \<7.0.70\",\"minFixVersion\":\"7.0.70\"},{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"org.apache.tomcat.embed:tomcat-embed-core\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(9.0.0.M3, 9.0.0.M4, 9.0.0.M6)\",\"affectedRange\":\"\>\=9.0.0.M3 \<9.0.0.M8\",\"minFixVersion\":\"9.0.0.M8\"},{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"org.apache.tomcat.embed:tomcat-embed-core\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(8.0.1, 8.0.3, 8.0.5, 8.0.8, 8.0.9, 8.0.11, 8.0.12, 8.0.14, 8.0.15, 8.0.17, 8.0.18, 8.0.20, 8.0.21, 8.0.22, 8.0.23, 8.0.24, 8.0.26, 8.0.27, 8.0.28, 8.0.29, 8.0.30, 8.0.32, 8.0.33, 8.0.35)\",\"affectedRange\":\"\>\=8.0.1 \<8.0.36\",\"minFixVersion\":\"8.0.36\"},{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"org.apache.tomcat:tomcat-coyote\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(8.5.0, 8.5.2)\",\"affectedRange\":\"\>\=8.5.0 \<8.5.3\",\"minFixVersion\":\"8.5.3\"},{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"org.apache.tomcat.embed:tomcat-embed-core\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(9.0.0.M1)\",\"affectedRange\":\"\>\=9.0.0.M1 \<9.0.0.M10\",\"minFixVersion\":\"9.0.0.M10\"},{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"commons-fileupload:commons-fileupload\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(1.2.2, 1.3, 1.3.1)\",\"affectedRange\":\"\>\=1.2.2 \<1.3.1-jenkins-1\",\"minFixVersion\":\"1.3.1-jenkins-1\"},{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"org.apache.tomcat:tomcat-coyote\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(9.0.0.M3, 9.0.0.M4, 9.0.0.M6)\",\"affectedRange\":\"\>\=9.0.0.M3 \<9.0.0.M8\",\"minFixVersion\":\"9.0.0.M8\"},{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"commons-fileupload:commons-fileupload\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(1.0-beta-1, 1.0-rc1, 1.0, 1.1, 1.1.1, 1.2, 1.2.1)\",\"affectedRange\":\"\>\=1.0-beta-1 \<1.2.1-NODEP\",\"minFixVersion\":\"1.2.1-NODEP\"},{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"org.apache.tomcat.embed:tomcat-embed-core\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(8.5.0, 8.5.2)\",\"affectedRange\":\"\>\=8.5.0 \<8.5.3\",\"minFixVersion\":\"8.5.3\"},{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"org.apache.tomcat:tomcat-coyote\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(9.0.0.M1)\",\"affectedRange\":\"\>\=9.0.0.M1 \<9.0.0.M10\",\"minFixVersion\":\"9.0.0.M10\"},{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"org.apache.tomcat:tomcat-coyote\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(7.0.0, 7.0.2, 7.0.4, 7.0.5, 7.0.6, 7.0.8, 7.0.11, 7.0.12, 7.0.14, 7.0.16, 7.0.19, 7.0.20, 7.0.21, 7.0.22, 7.0.23, 7.0.25, 7.0.26, 7.0.27, 7.0.28, 7.0.29, 7.0.30, 7.0.32, 7.0.33, 7.0.34, 7.0.35, 7.0.37, 7.0.39, 7.0.40, 7.0.41, 7.0.42, 7.0.47, 7.0.50, 7.0.52, 7.0.53, 7.0.54, 7.0.55, 7.0.56, 7.0.57, 7.0.59, 7.0.61, 7.0.62, 7.0.63, 7.0.64, 7.0.65, 7.0.67, 7.0.68, 7.0.69)\",\"affectedRange\":\"\>\=7.0.0 \<7.0.70\",\"minFixVersion\":\"7.0.70\"},{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"org.apache.tomcat:tomcat-coyote\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(8.0.1, 8.0.3, 8.0.5, 8.0.8, 8.0.9, 8.0.11, 8.0.12, 8.0.14, 8.0.15, 8.0.17, 8.0.18, 8.0.20, 8.0.21, 8.0.22, 8.0.23, 8.0.24, 8.0.26, 8.0.27, 8.0.28, 8.0.29, 8.0.30, 8.0.32, 8.0.33, 8.0.35)\",\"affectedRange\":\"\>\=8.0.1 \<8.0.36\",\"minFixVersion\":\"8.0.36\"}]}"
},
.......Get Container Vulnerabilities Report
This report displays the vulnerabilities per pod, namespace, and cluster. Users can filter specific resources according to their context in the cluster.
This API request enables you to get Container Vulnerabilities reports at the organizational and cluster level, in Excel or JSON format.
Get Container Vulnerabilities Report - Organization
Get Container Vulnerabilities report for an organization.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a Container Vulnerabilities report for an organization. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
orgToken | API key which is a unique identifier of the organization. | string | Yes |
format | Requested format of the report. Options are: xlsx (default) or json. | string | Yes |
Request Example
CODE
|
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Get Container Vulnerabilities Report - Cluster
Get Container Vulnerabilities report for a cluster.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a Container Vulnerabilities report at the Cluster level. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
productToken | Unique identifier of the product. | string | Yes |
format | Requested format of the report. Options are: xlsx (default) or json. | string | Yes |
Request Example
CODE
|
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<cluster name>.xlsx
Get Alerts Report
The Alerts report presents you with valuable information about the libraries (components) in your products and organizations.
This API request enables you to export organization, product or project-level source file alert reports in Excel (xlsx), XML (xml) or JSON (json) format.
Get Alerts Report - Organization
Get Alerts report for an organization.
NOTE: For customers who have enabled Vulnerability-based Alerting (see Security Alerts: View By Vulnerability), this API will not be available.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a report for all the alerts in an organization. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
orgToken | API key which is a unique identifier of the organization. | string | Yes |
format | Requested format of the report. Options are: xlsx (default), xml, or json. | string | Yes |
Request Example
CODE
|
Response in Excel Format
The response to the above example in xlsx format will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Response in XML Format
<?xml version="1.0" encoding="UTF-8"?>
<alerts>
<alert>
<creationTime>15-12-2020</creationTime>
<level>Error</level>
<type>Policy Violation</type>
<library>json-1.8.3.gem</library>
<description>Reject effective high sev</description>
<occurrences>
<product>
<id>828898</id>
<name>GH_cloudify-cli</name>
<projects>
<project>
<id>2756788</id>
<name>GH_cloudify-cli</name>
</project>
</projects>
</product>
</occurrences>
<librarytype>Ruby</librarytype>
Response in JSON Format
{
"alerts": [
{
"type": "REJECTED_BY_POLICY_RESOURCE",
"level": "MAJOR",
"library": {
"keyUuid": "9b64843f-30f8-495f-be41-80601c190380",
"filename": "json-1.8.3.gem",
"type": "RUBY_GEM",
"description": "This is a JSON implementation as a Ruby extension in C.",
"sha1": "dcd00a477bbb8c0c722f68f9c28bc8460a7b1d6f",
"name": "json",
"artifactId": "json-1.8.3.gem",
"version": "1.8.3",
"groupId": "json",
"architecture": "",
"languageVersion": ""
},
"product": "GH_cloudify-cli",
"project": "GH_cloudify-cli",
"directDependency": false,
"description": "Reject effective high sev",
"creation_date": "2020-12-15 14:48:33",
"lastUpdatedDate": "2020-12-15 14:48:33"
}
]
}
Get Alerts Report - Product
Get Alerts report for a product.
NOTE: For customers who have enabled Vulnerability-based Alerting (see Security Alerts: View By Vulnerability), this API will not be available.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a report for all the alerts in a specific product. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
productToken | Unique identifier of the product. | string | Yes |
format | Requested format of the report. Options are: xlsx (default), xml, or json. | string | Yes |
Request Example
CODE
|
Response Format
The response to the above request example (xlsx format) will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Get Alerts Report - Project
Get Alerts report for a project.
NOTE: For customers who have enabled Vulnerability-based Alerting (see Security Alerts: View by Vulnerability), this API will not be available.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a report for all the alerts in a specific project. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
projectToken | Unique identifier of the project. | string | Yes |
format | Requested format of the report. Options are: xlsx (default), xml, or json. | string | Yes |
Request Example
CODE
|
Response Format
The response to the above request example (xlsx format) will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<project name>.xlsx
Get Ignored Alerts Report
This API request enables you to get an organization, product or project-level Ignored Alerts report, in Excel format.
Get Ignored Alerts Report - Organization
Get Ignored Alerts report for an organization.
NOTE: For customers who have enabled Vulnerability-based Alerting (see Security Alerts: View By Vulnerability), this API will not be available.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a report for all Ignored Alerts in an organization. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
orgToken | API key which is a unique identifier of the organization. | string | Yes |
format | Requested format of the report. Options are: xlsx (default) or xml. | string | Yes |
Request Example
CODE
|
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Get Ignored Alerts Report - Product
Get Ignored Alerts report for a product.
NOTE: For customers who have enabled Vulnerability-based Alerting (see Security Alerts: View By Vulnerability),), this API will not be available.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a report for all Ignored Alerts in a specific product. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
productToken | Unique identifier of the product. | string | Yes |
format | Requested format of the report. Options are: xlsx (default) or xml. | string | Yes |
Request Example
CODE
|
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Get Ignored Alerts Report - Project
Get Ignored Alerts report for a project.
NOTE: For customers who have enabled Vulnerability-based Alerting (see Security Alerts: View By Vulnerability), this API will not be available.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a report for all Ignored Alerts in a specific project. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
projectToken | Unique identifier of the project. | string | Yes |
format | Requested format of the report. Options are: xlsx (default) or xml. | string | Yes |
Request Example
CODE
|
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<project name>.xlsx
Get Alert Resolution Duration Report
NOTE: For customers who have enabled Vulnerability-based Alerting (see Security Alerts: View By Vulnerability), this API will not be available.
This API request enables you to get reports on alerts that were resolved, at the organization, product or project-level.
Get Alert Resolution Duration Report - Organization
Get Resolved Alerts report for an organization.
NOTE: For customers who have enabled Vulnerability-based Alerting (see Security Alerts: View By Vulnerability), this API will not be available.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a report for all Resolved Alerts in an organization. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
orgToken | API key which is a unique identifier of the organization. | string | Yes |
format | Requested format of the report. Options are: xlsx (default) or xml. | string | Yes |
Request Example
CODE
|
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Get Alert Resolution Duration Report - Product
Get Resolved Alerts report for a product.
NOTE: For customers who have enabled Vulnerability-based Alerting (see Security Alerts: View By Vulnerability), this API will not be available.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a report for all Resolved Alerts in a specific product. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
productToken | Unique identifier of the product. | string | Yes |
format | Requested format of the report. Options are: xlsx (default) or xml. | string | Yes |
Request Example
CODE
|
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Get Alert Resolution Duration Report - Project
Get Resolved Alerts report for a project.
NOTE: For customers who have enabled Vulnerability-based Alerting (see Security Alerts: View By Vulnerability), this API will not be available.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a report for all Resolved Alerts in a specific project. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
projectToken | Unique identifier of the project. | string | Yes |
format | Requested format of the report. Options are: xlsx (default) or xml. | string | Yes |
Request Example
CODE
|
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<project name>.xlsx
Get Change Log History Report
The Change Log History report provides up-to-date details on manual changes made by either Mend or its users. This report can only be accessed by the organization's administrator(s).
This API request enables you to get organization-level Change Log History in Excel format.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a Change Log History report for an organization. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
orgToken | API key which is a unique identifier of the organization. | string | Yes |
Request Example
CODE
|
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=response.xlsx
Get Logins History Report
The Logins History report lists the organization’s login events, to help administrators monitor login activities in the system.
NOTE: This report uses cursor-based pagination.
Request Example
{
"requestType":"getLoginsHistory",
"orgToken": "a1df652429bb40ee8124717a5f3d3e8a257fb69854f74c3cbcec6c3d85c453e9",
"userKey": "4eb0328dcb6c499e84dd4cd464b15c8e9f280ffd157b4276ad1bda2fa4b4df12",
"cursor": "1234",
"pageSize": "10"
}Response Example
{
"logins": [
{
"date": "07-Nov-2023 13:50",
"email": "test1@mend.io",
"name": "test1",
"ip": "35.35.35.35"
},
{
"date": "27-Sep-2023 17:14",
"email": "test2@mend.io",
"name": "test2",
"ip": "10.10.10.100"
}
],
"nextCursor": "12355"
}Get Request History Report
This report lists all the organization's requests in all statuses.
This API request enables you to get organization, product or project-level request history reports in Excel format.
Get Request History Report - Organization
Get Request History report for an organization.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a history report of all requests for an organization. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
orgToken | API key which is a unique identifier of the organization. | string | Yes |
Request Example
CODE
|
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Get Request History Report - Product
Get Request History report for a product.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a history report of all requests for a specific product. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
productToken | Unique identifier of the product. | string | Yes |
Request Example
CODE
|
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Get Request History Report - Project
Get Request History report for a project.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a history report of all requests for a specific project. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
projectToken | Unique identifier of the project. | string | Yes |
Request Example
CODE
|
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<project name>.xlsx
Get Plugin Request History Report
The Plugin Request History report shows the details of all plugin update requests for an organization, including whether or not there were policy violations.
This API request enables you to get a history report of an organization’s plugin update requests, in Excel format.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a history report of all plugin update requests for an organization. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
orgToken | API key which is a unique identifier of the organization. | string | Yes |
Request Example
CODE
|
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Get Members Report
This report provides information about the members in an organization, such as, email address and number of pending requests assigned to them.
This API request enables you to get Members reports at the organization, product or project-level, in Excel format.
Get Members Report - Organization
Get Members report for an organization.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a report of all members in an organization. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
orgToken | API key which is a unique identifier of the organization. | string | Yes |
Request Example
CODE
|
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>.xlsx
Get Members Report - Product
Get Members report for a product.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a report of all members in a product. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
productToken | Unique identifier of the product. | string | Yes |
Request Example
CODE
|
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>.xlsx
Get Members Report - Project
Get Members report for a project.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a report of all members in a project. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
projectToken | Unique identifier of the project. | string | Yes |
Request Example
CODE
|
Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<project name>.xlsx
Get Security Alerts by Vulnerability Report
NOTE: This API is only supported in organizations that have Vulnerability-based Alerting installed (see Security Alerts: View By Vulnerability).
This API request generates a security alerts report detailed by vulnerability, in the scope of the organization, a specific product or a specific project.
For details of the structure of the security vulnerability alert object, see Security Vulnerability Object.
Get Security Alerts by Vulnerability Report - Organization
Get a report on security alerts by vulnerability for an organization.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a report of all security alerts by vulnerability in an organization. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
orgToken | API key which is a unique identifier of the organization. | string | Yes |
status | Requested status of the alerts: Active, Ignored or Resolved. By default, all statuses are returned. | string | Yes |
format | Requested format of the report. Options are: xlsx (default), xml, or json. | string | Yes |
search | CVE name by which to filter the report. Note that the value must be in the format: | string | No |
Request Example
{
"requestType" : "getOrganizationSecurityAlertsByVulnerabilityReport",
"userKey": "user_key",
"orgToken" : "organization_api_key",
"status" : "active",
"format" : "json",
"search": "cve:EQUALS:CVE-2020-2111"
}Response Example
{
"alerts": [
{
"vulnerabilityId": "CVE-2014-3558",
"libraryName": "hibernate-validator-4.2.0.Final.jar",
"product": "Demo Product",
"project": "Demo Data",
"severity": "MEDIUM",
"cvssType": "CVSS_3",
"cvssScore": "5.3",
"status": "ACTIVE",
"libraryType": "Java",
"creationDate": "2020-03-09 15:28:47",
"modifiedDate": "2020-03-09 15:28:47",
"topFix": {
"vulnerability": "CVE-2014-3558",
"type": "UPGRADE_VERSION",
"origin": "mend_EXPERT",
"url": "https://hibernate.atlassian.net/browse/HV-912",
"fixResolution": "Upgrade to version Upgrade to version Upgrade to version Upgrade to version Upgrade to version org.hibernate:hibernate-validator:4.3.2.Final,5.1.2.Final",
"date": "2014-09-30 14:55:09",
"message": "Upgrade to version",
"extraData":"{\"packageLevelFix\":[{\"cveIdentifier\":\"CVE-2014-3558\",\"packageName\":\"org.hibernate:hibernate-validator\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(5.0.0.Alpha1, 5.0.0.Alpha2, 5.0.0.Beta1, 5.0.0.CR1, 5.0.0.CR2, 5.0.0.CR3, 5.0.0.CR4, 5.0.0.CR5, 5.0.0.Final, 5.0.1.Final, 5.0.2.Final, 5.0.3.Final, 5.1.0.Alpha1, 5.1.0.Beta1, 5.1.0.CR1, 5.1.0.Final, 5.1.1.Final)\",\"affectedRange\":\"\>\=5.0.0.Alpha1 \<5.1.2.Final\",\"minFixVersion\":\"5.1.2.Final\"},{\"cveIdentifier\":\"CVE-2014-3558\",\"packageName\":\"org.apache.servicemix.bundles:org.apache.servicemix.bundles.hibernate-validator\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(5.0.2.Final_1)\",\"affectedRange\":\"\>\=5.0.2.Final_1 \<5.4.2.Final_1\",\"minFixVersion\":\"5.4.2.Final_1\"},{\"cveIdentifier\":\"CVE-2014-3558\",\"packageName\":\"org.hibernate:hibernate-validator\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(4.2.0.Beta1, 4.2.0.Beta2, 4.2.0.CR1, 4.2.0.Final)\",\"affectedRange\":\"\>\=4.2.0.Beta1 \<4.2.0.Final-redhat-1\",\"minFixVersion\":\"4.2.0.Final-redhat-1\"},{\"cveIdentifier\":\"CVE-2014-3558\",\"packageName\":\"org.hibernate:hibernate-validator\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(4.3.0.Alpha1, 4.3.0.Beta1, 4.3.0.CR1, 4.3.0.Final, 4.3.1.Final)\",\"affectedRange\":\"\>\=4.3.0.Alpha1 \<4.3.1.Final-redhat-1\",\"minFixVersion\":\"4.3.1.Final-redhat-1\"}]}"
}
},
{
"vulnerabilityId": "CVE-2013-2186",
"libraryName": "commons-fileupload-1.2.1-URBA2209RC1.jar",
"product": "Demo Product",
"project": "Demo Data",
"severity": "HIGH",
"cvssType": "CVSS_3",
"cvssScore": "7.3",
"status": "ACTIVE",
"libraryType": "Java",
"creationDate": "2020-03-09 15:28:46",
"modifiedDate": "2020-03-09 15:28:46",
"topFix": {
"vulnerability": "CVE-2013-2186",
"type": "UPGRADE_VERSION",
"origin": "mend_EXPERT",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2186",
"fixResolution": "Upgrade to version Upgrade to version Upgrade to version Upgrade to version Upgrade to version 1.3.1",
"date": "2013-10-28 21:55:05",
"message": "Upgrade to version",
"extraData":"{\"packageLevelFix\":[{\"cveIdentifier\":\"CVE-2013-2186\",\"packageName\":\"commons-fileupload:commons-fileupload\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(1.0-beta-1, 1.0-rc1, 1.0, 1.1, 1.1.1, 1.2, 1.2.1)\",\"affectedRange\":\"\>\=1.0-beta-1 \<1.2.1-NODEP\",\"minFixVersion\":\"1.2.1-NODEP\"},{\"cveIdentifier\":\"CVE-2013-2186\",\"packageName\":\"commons-fileupload:commons-fileupload\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(1.2.2, 1.3)\",\"affectedRange\":\"\>\=1.2.2 \<1.3.1\",\"minFixVersion\":\"1.3.1\"}]}"
}
}
]
}Get Security Alerts by Vulnerability Report - Product
Get a report on security alerts by vulnerability for a product.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a report of all security alerts by vulnerability for a product. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
productToken | Unique identifier of the product. | string | Yes |
status | Requested status of the alerts: Active, Ignored or Resolved. By default, all statuses are returned. | string | Yes |
format | Requested format of the report. Options are: xlsx (default), xml, or json. | string | Yes |
search | CVE name by which to filter the report. Note that the value must be in the format: | string | No |
Request Example
{
"requestType" : "getProductSecurityAlertsByVulnerabilityReport",
"userKey": "user_key",
"productToken" : "product_token",
"status" : "ignored",
"format" : "json",
"search": "cve:EQUALS:CVE-2020-2111"
}Response Example
{
"alerts": [
{
"vulnerabilityId": "CVE-2016-10173",
"libraryName": "minitar-0.5.4.gem",
"product": "GH_cloudify-cli",
"project": "GH_cloudify-cli",
"severity": "HIGH",
"cvssType": "CVSS_3",
"cvssScore": "7.5",
"status": "ACTIVE",
"libraryType": "Ruby",
"creationDate": "2020-08-02 07:45:22",
"modifiedDate": "2020-08-02 07:45:22",
"topFix": {
"vulnerability": "CVE-2016-10173",
"type": "UPGRADE_VERSION",
"origin": "mend_EXPERT",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10173",
"fixResolution": "Upgrade to version 0.6",
"date": "2017-02-01 15:59:00",
"message": "Upgrade to version",
"extraData":"{\"packageLevelFix\":[{\"cveIdentifier\":\"CVE-2016-10173\",\"packageName\":\"minitar\",\"packageType\":\"RUBY\",\"affectedVersions\":\"(0.5.3, 0.5.4, 0.6)\",\"affectedRange\":\"\>\=0.5.3 \<0.6.1\",\"minFixVersion\":\"0.6.1\"},{\"cveIdentifier\":\"CVE-2016-10173\",\"packageName\":\"archive-tar-minitar\",\"packageType\":\"RUBY\",\"affectedVersions\":\"(0.5.1, 0.5.2, 0.6)\",\"affectedRange\":\"\>\=0.5.1 \<0.6.1\",\"minFixVersion\":\"0.6.1\"}]}"
}
},
{
"vulnerabilityId": "CVE-2017-5946",
"libraryName": "rubyzip-1.1.7.gem",
"product": "GH_cloudify-cli",
"project": "GH_cloudify-cli",
"severity": "HIGH",
"cvssType": "CVSS_3",
"cvssScore": "9.8",
"status": "ACTIVE",
"libraryType": "Ruby",
"creationDate": "2020-08-02 07:45:22",
"modifiedDate": "2020-08-02 07:45:22",
"topFix": {
"vulnerability": "CVE-2017-5946",
"type": "UPGRADE_VERSION",
"origin": "mend_EXPERT",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5946",
"fixResolution": "Upgrade to version 1.2.1",
"date": "2017-02-27 07:59:00",
"message": "Upgrade to version",
"extraData":"{\"packageLevelFix\":[{\"cveIdentifier\":\"CVE-2017-5946\",\"packageName\":\"rubyzip\",\"packageType\":\"RUBY\",\"affectedVersions\":\"(1.0.0, 1.0.0.beta1, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.2.0)\",\"affectedRange\":\"\>\=1.0.0 \<1.2.1\",\"minFixVersion\":\"1.2.1\"}]}"
}
}
]
}Get Security Alerts by Vulnerability Report - Project
Get a report on security alerts by vulnerability for a project.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a report of all security alerts by vulnerability for a project. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
projectToken | Unique identifier of the project. | string | Yes |
status | Requested status of the alerts: Active, Ignored or Resolved. By default, all statuses are returned. | string | Yes |
format | Requested format of the report. Options are: xlsx (default), xml, or json. | string | Yes |
search | CVE name by which to filter the report. Note that the value must be in the format: | string | No |
Request Example
{
"requestType" : "getProjectSecurityAlertsByVulnerabilityReport",
"userKey": "user_key",
"projectToken" : "project_token",
"status": "active"
"format" : "json",
"search": "cve:EQUALS:CVE-2020-2111"
}Response Example
{
"alerts": [
{
"vulnerabilityId": "CVE-2018-10237",
"libraryName": "guava-18.0.jar",
"product": "My Product",
"project": "WST_468",
"euaShield": "RED",
"severity": "MEDIUM",
"cvssType": "CVSS_3",
"cvssScore": "5.9",
"status": "ACTIVE",
"libraryType": "Java",
"creationDate": "2021-05-31 14:08:17",
"modifiedDate": "2021-05-31 14:08:17",
"topFix": {
"vulnerability": "CVE-2018-10237",
"type": "UPGRADE_VERSION",
"origin": "mend_EXPERT",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10237",
"fixResolution": "Upgrade to version 24.1.1-jre, 24.1.1-android",
"date": "2018-04-26 21:29:00",
"message": "Upgrade to version",
"extraData":"{\"packageLevelFix\":[{\"cveIdentifier\":\"CVE-2018-10237\",\"packageName\":\"com.google.guava:guava\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(11.0.2-redhat-1, 11.0.2-redhat-2, 12.0-rc1, 12.0-rc2, 12.0, 12.0.1, 13.0-rc1, 13.0-rc2, 13.0, 13.0-final, 13.0.1, 13.0.1-redhat-1, 13.0.1.redhat-2, 13.0.1.redhat-3, 14.0-rc1, 14.0-rc2, 14.0-rc3, 14.0, 14.0.1, 14.0.1.redhat-1, 15.0-rc1, 15.0, 16.0-rc1, 16.0, 16.0.1, 16.0.1.redhat-3, 17.0-rc1, 17.0-rc2, 17.0, 18.0-rc1, 18.0-rc2, 18.0, 18.0.0.redhat-1, 19.0-rc1, 19.0-rc2, 19.0-rc3, 19.0, 19.0.20150826, 19.0.0.jbossorg-1, 19.0.0.jbossorg-2, 19.0.0.redhat-1, 20.0-rc1, 20.0, 20.0-hal, 20.0.0.redhat-1, 21.0-rc1, 21.0-rc2, 21.0, 22.0-rc1, 22.0-rc1-android, 22.0, 22.0-android, 23.0-rc1, 23.0-rc1-android, 23.0, 23.0-android, 23.1-android, 23.1-jre, 23.2-android, 23.2-jre, 23.3-android, 23.3-jre, 23.4-android, 23.4-jre, 23.5-android, 23.5-jre, 23.6-android, 23.6-jre, 23.6.1-android, 23.6.1-jre, 24.0-android, 24.0-jre, 24.1-android, 24.1-jre)\",\"affectedRange\":\"\>\=11.0.2-redhat-1 \<24.1.1-android\",\"minFixVersion\":\"24.1.1-android\"},{\"cveIdentifier\":\"CVE-2018-10237\",\"packageName\":\"org.apache.servicemix.bundles:org.apache.servicemix.bundles.guava\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(11.0.2_1, 11.0.2_2)\",\"affectedRange\":\"\>\=11.0.2_1 \<11_1\",\"minFixVersion\":\"11_1\"},{\"cveIdentifier\":\"CVE-2018-10237\",\"packageName\":\"com.google.guava:guava\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(11.0, 11.0.1, 11.0.2)\",\"affectedRange\":\"\>\=11.0 \<11.0.2-atlassian-01\",\"minFixVersion\":\"11.0.2-atlassian-01\"}]}"
}
},
.......
]
}Get Security Alerts by Library Report
NOTE: This API is only supported in organizations that have Vulnerability-based Alerting installed (see Security Alerts: View By Library).
This API request generates a report of all Vulnerability-based alerts that are associated with a specific library, in the scope of the organization, a specific product or a specific project.
Get Security Alerts by Library Report - Organization
Get a report on security alerts by library for an organization.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a report of all security alerts by library in an organization. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
orgToken | API key which is a unique identifier of the organization. | string | Yes |
status | Requested status of the alerts: Active or Ignored. By default, all statuses are returned. A library that is marked as "active" has at least 1 active alert; a library that is marked as "ignored" has at least 1 ignored alert. | string | Yes |
format | Requested format of the report. Options are: xlsx (default), xml, or json. | string | Yes |
Request Example
{
"requestType" : "getOrganizationSecurityAlertsByLibraryReport",
"userKey": "user_key",
"orgToken" : "organization_api_key",
"status" : "active",
"format" : "json"
}Response in JSON Format
{
"alerts": [
{
"libraryName": "hibernate-validator-4.2.0.Final.jar",
"product": "Demo Product",
"project": "Demo Data",
"severity": {
"medium": 2
},
"totalAlerts": 2,
"libraryType": "Java",
"creationDate": "2020-03-09 15:28:47",
"modifiedDate": "2021-06-27 12:04:50"
},
{
"libraryName": "commons-fileupload-1.2.1-URBA2209RC1.jar",
"product": "Demo Product",
"project": "Demo Data",
"severity": {
"high": 5,
"medium": 1
},
"totalAlerts": 6,
"ignoredAlerts": 1,
"libraryType": "Java",
"creationDate": "2020-03-09 15:28:46",
"modifiedDate": "2021-05-30 15:24:44"
},
{
"libraryName": "commons-httpclient-3.1.jar",
"product": "Demo Product",
"project": "Demo Data",
"severity": {
"medium": 1
},
"totalAlerts": 1,
"libraryType": "Java",
"creationDate": "2020-03-09 15:28:46",
"modifiedDate": "2020-03-09 15:28:46"
},
.......
]
}Get Security Alerts by Library Report - Product
Get a report on security alerts by library for a product.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a report of all security alerts by library for a product. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
productToken | Unique identifier of the product. | string | Yes |
status | Requested status of the alerts: Active or Ignored. By default, all statuses are returned. A library that is marked as "active" has at least 1 active alert; a library that is marked as "ignored" has at least 1 ignored alert. | string | Yes |
format | Requested format of the report. Options are: xlsx (default), xml, or json. | string | Yes |
Request Example
{
"requestType" : "getProductSecurityAlertsByLibraryReport",
"userKey": "user_key",
"productToken" : "product_token",
"status" : "ignored",
"format" : "json"
}Response in JSON Format
{
"alerts": [
{
"libraryName": "Jinja2-2.10.3-py2.py3-none-any.whl",
"product": "GH_cloudify-cli",
"project": "GH_cloudify-cli",
"severity": {
"medium": 1
},
"totalAlerts": 1,
"ignoredAlerts": 1,
"libraryType": "Python",
"creationDate": "2021-02-02 12:16:51",
"modifiedDate": "2021-02-02 13:47:40"
}
]
}Get Security Alerts by Library Report - Project
Get a report on security alerts by library for a project.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a report of all security alerts by library for a project. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
projectToken | Unique identifier of the project. | string | Yes |
status | Requested status of the alerts: Active or Ignored. By default, all statuses are returned. A library that is marked as "active" has at least 1 active alert; a library that is marked as "ignored" has at least 1 ignored alert. | string | Yes |
format | Requested format of the report. Options are: xlsx (default), xml, or json. | string | Yes |
Request Example
{
"requestType" : "getProjectSecurityAlertsByLibraryReport",
"userKey": "user_key",
"projectToken" : "project_token",
"status" : "active",
"format" : "json"
}Response in JSON Format
{
"alerts": [
{
"libraryName": "spring-security-core-3.1.2.RELEASE.jar",
"libraryUUID": "7af27e75-88fb-4baf-840f-ac79468e6701",
"product": "Eggs",
"project": "Sunny Side Up",
"severity": {
"high": 1,
"medium": 1
},
"totalAlerts": 2,
"libraryType": "Java",
"creationDate": "2022-06-20 14:01:18",
"modifiedDate": "2022-06-20 14:01:18",
"dependency" : "Direct",
},
{
"libraryName": "log4j-core-2.6.1.jar",
"libraryUUID": "c2d53d2e-99f7-409a-a51e-970d81dcd1bb",
"product": "Eggs",
"project": "Sunny Side Up",
"severity": {
"high": 2,
"medium": 1,
"low": 1
},
"totalAlerts": 4,
"libraryType": "Java",
"creationDate": "2022-06-20 14:01:18",
"modifiedDate": "2022-06-20 14:01:18",
"dependency" : "Transitive",
},
{
"libraryName": "spring-web-2.5.6.jar",
"libraryUUID": "9ff8d917-f4be-49af-b091-a09389605f4c",
"product": "Eggs",
"project": "Sunny Side Up",
"severity": {
"high": 1,
"medium": 4
},
"totalAlerts": 5,
"libraryType": "Java",
"creationDate": "2022-06-20 14:01:18",
"modifiedDate": "2022-06-20 14:01:18",
"dependency" : "Direct",
}
]
}
Get License and Compliance Alerts Report
The Licensing and Compliance Alerts report enables you to review alert details for licensing and compliance/quality issues reported for an organization, product or project.
This API request generates a License and Compliance alerts report in the scope of the organization, a specific product or a specific project.
Get License and Compliance Alerts Report - Organization
Get Licensing and Compliance alerts for an organization.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a report of licensing and compliance alerts for an organization. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
orgToken | API key which is a unique identifier of the organization. | string | Yes |
status | Yes status of the alerts: Active, Ignored or Resolved. By default, all statuses are returned. | string | Yes |
format | Requested format of the report. Options are: xlsx (default), xml, or json. | string | Yes |
Request Example
{
"requestType" : "getOrganizationLicenseAndComplianceAlertReport",
"userKey": "user_key",
"orgToken" : "organization_api_key",
"status" : "active",
"format" : "xlsx"
}Response Format
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<organization name>-license-and-compliance-alert-report.xlsx
Get License and Compliance Alerts Report - Product
Get Licensing and Compliance alerts for a product.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a report of licensing and compliance alerts for a specific product. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
productToken | Unique identifier of the product. | string | Yes |
status | Yes status of the alerts: Active, Ignored or Resolved. By default, all statuses are returned. | string | Yes |
format | Requested format of the report. Options are: xlsx (default), xml, or json. | string | Yes |
Request Example
{
"requestType" : "getProductLicenseAndComplianceAlertReport",
"userKey": "user_key",
"productToken" : "product_token",
"status" : "ignored",
"format" : "xlsx"
}Response Format (xlsx)
The response will have the following headers:
Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Content-Disposition: attachment; filename=<product name>-license-and-compliance-alert-report.xlsx
Get License and Compliance Alerts Report - Project
Get Licensing and Compliance alerts for a project.
QUERY PARAMETERS
Parameter | Description | Type | Required |
|---|---|---|---|
requestType | API request type that returns a report of licensing and compliance alerts for a specific project. | string | Yes |
userKey | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes |
projectToken | Unique identifier of the project. | string | Yes |
status | Yes status of the alerts: Active, Ignored or Resolved. By default, all statuses are returned. | string | Yes |
format | Requested format of the report. Options are: xlsx (default), xml, or json. | string | Yes |
Request Example
{
"requestType" : "getProjectLicenseAndComplianceAlertReport",
"userKey": "user_key",
"projectToken" : "project_token",
"status" : "active"
"format" : "json"
}Response in JSON Format
{
"alerts": [
{
"type": "REJECTED_BY_POLICY_RESOURCE",
"library": {
"keyUuid": "b33c8590-5327-47dc-8de2-92ec8313453f",
"filename": "jcommander-1.72.jar",
"type": "MAVEN_ARTIFACT",
"description": "Command line parsing",
"sha1": "6375e521c1e11d6563d4f25a07ce124ccf8cd171",
"name": "jcommander",
"architecture": "",
"languageVersion": ""
},
"product": "GH_1_RxJava",
"project": "GH_RxJava",
"description": "Reject effective high sev",
"status": "OPEN",
"creation_date": "15-12-2020",
"lastUpdatedDate": "15-12-2020"
}
]
}