GET Vulnerabilities for Virtual Host.
const url = 'https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/ml/data/namespaces/example/virtual_hosts/example/vulnerabilities';const options = { method: 'POST', headers: {Authorization: '<Authorization>', 'Content-Type': 'application/json'}, body: '{"api_endpoint":{"collapsed_url":"example","method":"example"},"domains":["example"],"name":"example","namespace":"example"}'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request POST \ --url https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/ml/data/namespaces/example/virtual_hosts/example/vulnerabilities \ --header 'Authorization: <Authorization>' \ --header 'Content-Type: application/json' \ --data '{ "api_endpoint": { "collapsed_url": "example", "method": "example" }, "domains": [ "example" ], "name": "example", "namespace": "example" }'GET vulnerabilities for the given Virtual Host.
Authorizations
Section titled “Authorizations”Parameters
Section titled “Parameters”Path Parameters
Section titled “Path Parameters”Namespace Namespace of the virtual host for current request.
Virtual Host Name Virtual Host name for current request.
Request Bodyrequired
Section titled “Request Bodyrequired”Request model for GetVulnerabilitiesReq API.
object
object
Requested API endPoint for API URL.
Requested API endPoint for method.
List of domains for which vulnerabilities should be returned. Optional filter by domains. If absent, vulnerabilities for all domains are considered.
Virtual Host name for current request.
Namespace of the virtual host for current request.
Examplegenerated
{ "api_endpoint": { "collapsed_url": "example", "method": "example" }, "domains": [ "example" ], "name": "example", "namespace": "example"}Responses
Section titled “Responses”A successful response.
Response model for GetVulnerabilitiesRsp API.
object
List of vulnerabilities found in context.
Vulnerability object.
object
Category of the vulnerability found.
Creation_time is the time when the vulnerability was created by the discovery mechanism. It is the UTC time and represented in RFC3339 form.
Description of the vulnerability found.
Domain of the vulnerability found.
object
End_time is the time when vulnerability evidence appeared last. It is the UTC time and represented in RFC3339 form.
Samples due to which vulnerability was found.
Vulnerability evidence sample due to which vulnerability was found.
object
List of details due to which vulnerability was found.
Request ID where vulnerability was found.
Start_time is the time when vulnerability evidence appeared first. It is the UTC time and represented in RFC3339 form.
Last_observed_time is the time when the vulnerability was last observed by the discovery mechanism. It is the UTC time and represented in RFC3339 form.
Remediation of the vulnerability found.
object
Risk score of the vulnerability found.
Status_change_time is the time when the vulnerability status was updated by the discovery mechanism. It is the UTC time and represented in RFC3339 form.
object
Fully resolvable hyperlink w/ FQDN to the ticket. This will be the ticket tracking system organization subdomain + external ID.
object
object
The description of the ticket in Atlassian Document Format JSON.
object
object
External ID of the avatar.
Externally accessible URL for the avatar of the issue type.
External ID of the Jira issue type.
Name (human readable) of the Jira issue type.
object
External ID of the project.
Returns available issue types for the project.
Issue (ticket) type information that’s specific to Jira - modeled after the JIRA REST API response format.
object
External ID of the avatar.
Externally accessible URL for the avatar of the issue type.
External ID of the Jira issue type.
Name (human readable) of the Jira issue type.
Key of the status.
Human readable name as it would appear in the external ticket tracking system’s UI.
object
Externally accessible URL for the avatar of the status.
External ID of the status.
Human readable status as it would appear in the external ticket tracking system’s UI.
object
Color of the status category.
External ID of the status color.
The summary (title) of the JIRA issue.
External ID of the Jira issue.
Cryptographic key material
Title of the vulnerability found.
Vulnerability ID.
Categories of the vulnerability as per the OWASP API Top 10.
Represents a category of vulnerability as defined in the OWASP API Top 10.
object
Link to the OWASP documentation for this category.
The name of the OWASP API security category.
Example
{ "vulnerabilities": [ { "context": "CONTEXT_API_ENDPOINT", "evidence": { "evidence_type": "EVIDENCE_TYPE_REQUESTS" }, "risk": { "level": "RISK_LEVEL_NONE" }, "source": "VULNERABILITY_SOURCE_UNSPECIFIED", "status": "STATUS_NONE", "ticket": { "ticket_tracking_system_type": "TYPE_UNKNOWN" } } ]}Returned when operation is not authorized.
Examplegenerated
exampleReturned when there is no permission to access resource.
Examplegenerated
exampleReturned when resource is not found.
Examplegenerated
exampleReturned when operation on resource is conflicting with current value.
Examplegenerated
exampleReturned when operation has been rejected as it is happening too frequently.
Examplegenerated
exampleReturned when server encountered an error in processing API.
Examplegenerated
exampleReturned when service is unavailable temporarily.
Examplegenerated
exampleReturned when server timed out processing request.
Examplegenerated
example