Querying the Vulnerability List
Function
This API is used to query the list of detected vulnerabilities.
URI
GET /v5/{project_id}/vulnerability/vulnerabilities
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
project_id |
Yes |
String |
Project ID |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
enterprise_project_id |
No |
String |
Enterprise project ID. The value 0 indicates the default enterprise project. To query all enterprise projects, set this parameter to all_granted_eps. |
|
type |
No |
String |
Vulnerability type. Its value can be: -linux_vul -windows_vul -web_cms |
|
vul_id |
No |
String |
Vulnerability ID |
|
vul_name |
No |
String |
Vulnerability name |
|
limit |
No |
Integer |
Number of records displayed on each page |
|
offset |
No |
Integer |
Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
X-Auth-Token |
Yes |
String |
IAM token. It can be obtained by calling the IAM API used to obtain an IAM token. The value of X-Subject-Token in the response header is a token. |
Response Parameters
Status code: 200
|
Parameter |
Type |
Description |
|---|---|---|
|
total_num |
Long |
Total number of vulnerabilities |
|
data_list |
Array of VulInfo objects |
Software vulnerability list |
|
Parameter |
Type |
Description |
|---|---|---|
|
vul_name |
String |
Vulnerability name |
|
vul_id |
String |
Vulnerability ID |
|
label_list |
Array of strings |
Vulnerability tag |
|
repair_necessity |
String |
Repair necessity
|
|
severity_level |
String |
Severity
|
|
host_num |
Integer |
Number of affected servers |
|
unhandle_host_num |
Integer |
Number of unprocessed servers, excluding ignored and fixed servers. |
|
scan_time |
Long |
Last scanned, in ms. |
|
solution_detail |
String |
Vulnerability fixing guide |
|
url |
String |
Vulnerability URL |
|
description |
String |
Vulnerability description |
|
type |
String |
Vulnerability type. Its value can be: -linux_vul -windows_vul -web_cms |
|
host_id_list |
Array of strings |
List of servers that can handle the vulnerability |
|
hosts_num |
VulnerabilityHostNumberInfo object |
Affected server |
Example Requests
Query the first 10 records in the vulnerability list whose project_id is 2b31ed520xxxxxxebedb6e57xxxxxxxx.
GET https://{endpoint}/v5/2b31ed520xxxxxxebedb6e57xxxxxxxx/vulnerability/vulnerabilities?offset=0&limit=10
Example Responses
Status code: 200
vulnerability list
{
"total_num" : 1,
"data_list" : [ {
"description" : "It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, or possibly execute arbitrary code.",
"host_id_list" : [ "caa958ad-a481-4d46-b51e-6861b8864515" ],
"host_num" : 1,
"scan_time" : 1661752185836,
"severity_level" : "Critical",
"repair_necessity" : "Critical",
"solution_detail" : "To upgrade the affected software",
"type" : "linux_vul",
"unhandle_host_num" : 0,
"url" : "https://ubuntu.com/security/CVE-2022-27405",
"vul_id" : "USN-5528-1",
"vul_name" : "USN-5528-1: FreeType vulnerabilities"
} ]
}
Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
vulnerability list |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
