CVE Vulnerabilities Occurrences


Overview

Get the packages and impacted external objects for a Common Vulnerabilities and Exposures (CVE) reference. The service returns the list of impacted packages, and for each package the list of external objects. These insights come from the com.castsoftware.highlight2mriexternal link scanner.

URI

GET /rest/applications/{name}/insights/cve/{id}/occurrences

Path parameters

name (string)

This parameter identifies the analyzed application. The application name must be properly encoded if it is required. Character back-quote is not allowed.

id (string)

The CVE reference.

Query parameters

limit (integer)

Required. The maximum number of packages to return.

skip (integer)

Optional. The number of packages to skip before including packages in the search limit.

Responses

application/json

The response is the list of CVE packages. Example:

[
    {
        "name": "org.drools:drools-core",
        "releaseDate": {
          "dateTime": "2024-04-22T08:41:34Z"
        },
        "releasesPerYear": 9,
        "saferClosestVersion": "7.39.0.CR1",
        "safestVersion": "7.39.0.CR1",
        "version": "7.32.0.Final"
        "objects": [
            {
            "id": "18097",
            "name": "StringUtils",
            "fullName": "org.drools.core.util.StringUtils",
            "mangling": "",
            "type": "Java Class",
            "typeId": "JV_CLASS"
          },
          {
            "id": "4846",
            "name": "isEmpty",
            "fullName": "org.drools.core.util.StringUtils.isEmpty",
            "mangling": "isEmpty(java.lang.CharSequence) return boolean",
            "type": "Java Method",
            "typeId": "JV_METHOD"
          }
        ]
    }
]

JSON representation

Property Type Description
name string The package name. Note: A Maven package name is the concatenation of artifact ID with package ID.
version string The used package version.
releaseDate.dateTime string Release date of the package.
releasesPerYear integer Number of packages release per year on average.
saferClosestVersion string A safer closest package version minimizing code break changes.
safestVersion string The safest package version.
objects array The list of external objects of this package referred from the application
objects[].id string The external object ID.
objects[].name string The external object name.
objects[].fullName string The external object long name, usually locates the object in software architecture.
objects[].mangling string The external function signature or an empty string if not applicable.
objects[].type string The external object type for a display.
objects[].typeId string The external object type identifier is the type reference key.