CVE Vulnerabilities Occurrences

Draft

Get the packages and impacted external objects for a Common Vulnerabilities and Exposures (CVE) reference.
The service returns the list of impacted packages, and for each package the list of external objects.
These insights come from CAST Highlight Scanner.

URI

GET /rest/applications/{name}/insights/cve/{id}/occurrences

Path Parameters

name (string):

This parameter identifies the analyzed application.
The application name must be properly encoded if it is required. Character back-quote is not allowed.
id (string):

The CVE reference.

Query Parameters

limit (integer), required:

The maximum number of packages to return
skip(integer), optional:

The number of packages to skip before including packages in the search limit.

Responses

application/json:

The response is the list of CVE packages.

Example:

[
    {
        "name": "org.drools:drools-core",
        "releaseDate": {
          "dateTime": "2024-04-22T08:41:34Z"
        },
        "releasesPerYear": 9,
        "saferClosestVersion": "7.39.0.CR1",
        "safestVersion": "7.39.0.CR1",
        "version": "7.32.0.Final"
        "objects": [
            {
            "id": "18097",
            "name": "StringUtils",
            "fullName": "org.drools.core.util.StringUtils",
            "mangling": "",
            "type": "Java Class",
            "typeId": "JV_CLASS"
          },
          {
            "id": "4846",
            "name": "isEmpty",
            "fullName": "org.drools.core.util.StringUtils.isEmpty",
            "mangling": "isEmpty(java.lang.CharSequence) return boolean",
            "type": "Java Method",
            "typeId": "JV_METHOD"
          }
        ]
    }
]

JSON Representation

Property Type Description

name string The package name. Note: A Maven package name is the concatenation of artifact ID with package ID.

version string The used package version.

releaseDate.dateTime string Release date of the package.

releasesPerYear integer Number of packages release per year on average.

saferClosestVersion string A safer closest package version minimizing code break changes.

safestVersion string The safest package version.

objects array The list of external objects of this package referred from the application

objects[].id string The external object ID.

objects[].name string The external object name.

objects[].fullName string The external object long name, usually locates the object in software architecture.

objects[].mangling string The external function signature or an empty string if not applicable.

objects[].type string The external object type for a display.

objects[].typeId string The external object type identifier is the type reference key.

Property	Type	Description
name	string	The package name. Note: A Maven package name is the concatenation of artifact ID with package ID.
version	string	The used package version.
releaseDate.dateTime	string	Release date of the package.
releasesPerYear	integer	Number of packages release per year on average.
saferClosestVersion	string	A safer closest package version minimizing code break changes.
safestVersion	string	The safest package version.
objects	array	The list of external objects of this package referred from the application
objects[].id	string	The external object ID.
objects[].name	string	The external object name.
objects[].fullName	string	The external object long name, usually locates the object in software architecture.
objects[].mangling	string	The external function signature or an empty string if not applicable.
objects[].type	string	The external object type for a display.
objects[].typeId	string	The external object type identifier is the type reference key.