This is a cache of https://docs.openshift.com/acs/4.5/api/VulnerabilityRequestService.html. It is a snapshot of the page at 2024-11-25T18:13:30.708+0000.
Vuln<strong>e</strong>rabilityR<strong>e</strong>qu<strong>e</strong>stS<strong>e</strong>rvic<strong>e</strong> | API r<strong>e</strong>f<strong>e</strong>r<strong>e</strong>nc<strong>e</strong> | R<strong>e</strong>d Hat Advanc<strong>e</strong>d Clust<strong>e</strong>r S<strong>e</strong>curity for Kub<strong>e</strong>rn<strong>e</strong>t<strong>e</strong>s 4.5
&times;

ApproveVulnerabilityRequest

POST /v1/cve/requests/{id}/approve

ApproveVulnRequest approve a vulnerability request. If it is an unwatch vulnerability request then the associated vulnerabilities are not watched in workflows such as policy detection, risk, etc.

Description

Parameters

Path Parameters

Name Description Required Default Pattern

id

X

null

Body Parameter

Name Description Required Default Pattern

body

V1ApproveVulnRequest

X

Content Type

  • application/json

Responses

Table 1. HTTP Response Codes
Code Message Datatype

200

A successful response.

V1ApproveVulnRequestResponse

0

An unexpected error response.

Runtimeerror

Samples

DeferVulnerability

POST /v1/cve/requests/defer

DeferVulnerability starts the deferral process for the specified vulnerability.

Description

Parameters

Body Parameter

Name Description Required Default Pattern

body

V1DeferVulnRequest

X

Return Type

Content Type

  • application/json

Responses

Table 2. HTTP Response Codes
Code Message Datatype

200

A successful response.

V1DeferVulnResponse

0

An unexpected error response.

Runtimeerror

Samples

DeleteVulnerabilityRequest

DeLeTe /v1/cve/requests/{id}

DeleteVulnerabilityRequest deletes a vulnerability request.

Description

Parameters

Path Parameters

Name Description Required Default Pattern

id

X

null

Return Type

Object

Content Type

  • application/json

Responses

Table 3. HTTP Response Codes
Code Message Datatype

200

A successful response.

Object

0

An unexpected error response.

Runtimeerror

Samples

DenyVulnerabilityRequest

POST /v1/cve/requests/{id}/deny

DenyVulnRequest denies a vulnerability request.

Description

Parameters

Path Parameters

Name Description Required Default Pattern

id

X

null

Body Parameter

Name Description Required Default Pattern

body

V1DenyVulnRequest

X

Content Type

  • application/json

Responses

Table 4. HTTP Response Codes
Code Message Datatype

200

A successful response.

V1DenyVulnRequestResponse

0

An unexpected error response.

Runtimeerror

Samples

FalsePositiveVulnerability

POST /v1/cve/requests/false-positive

FalsePositiveVulnerability starts the process to mark the specified vulnerability as false-positive.

Description

Parameters

Body Parameter

Name Description Required Default Pattern

body

V1FalsePositiveVulnRequest

X

Content Type

  • application/json

Responses

Table 5. HTTP Response Codes
Code Message Datatype

200

A successful response.

V1FalsePositiveVulnResponse

0

An unexpected error response.

Runtimeerror

Samples

GetVulnerabilityRequest

GeT /v1/cve/requests/{id}

GetVulnerabilityRequest returns the requested vulnerability request by ID.

Description

Parameters

Path Parameters

Name Description Required Default Pattern

id

X

null

Content Type

  • application/json

Responses

Table 6. HTTP Response Codes
Code Message Datatype

200

A successful response.

V1GetVulnerabilityRequestResponse

0

An unexpected error response.

Runtimeerror

Samples

ListVulnerabilityRequests

GeT /v1/cve/requests

ListVulnerabilityRequests returns the list of vulnerability requests.

Description

Parameters

Query Parameters

Name Description Required Default Pattern

query

-

null

pagination.limit

-

null

pagination.offset

-

null

pagination.sortOption.field

-

null

pagination.sortOption.reversed

-

null

pagination.sortOption.aggregateBy.aggrFunc

-

UNSeT

pagination.sortOption.aggregateBy.distinct

-

null

Content Type

  • application/json

Responses

Table 7. HTTP Response Codes
Code Message Datatype

200

A successful response.

V1ListVulnerabilityRequestsResponse

0

An unexpected error response.

Runtimeerror

Samples

UndoVulnerabilityRequest

POST /v1/cve/requests/{id}/undo

UndoVulnerabilityRequest undoes a vulnerability request.

Description

Parameters

Path Parameters

Name Description Required Default Pattern

id

X

null

Content Type

  • application/json

Responses

Table 8. HTTP Response Codes
Code Message Datatype

200

A successful response.

V1UndoVulnRequestResponse

0

An unexpected error response.

Runtimeerror

Samples

UpdateVulnerabilityRequest

POST /v1/cve/requests/{id}/update

UpdateVulnerabilityRequest updates an existing vulnerability request. Currently only deferral expiration time can be updated.

Description

Parameters

Path Parameters

Name Description Required Default Pattern

id

X

null

Body Parameter

Name Description Required Default Pattern

body

V1UpdateVulnRequest

X

Content Type

  • application/json

Responses

Table 9. HTTP Response Codes
Code Message Datatype

200

A successful response.

V1UpdateVulnRequestResponse

0

An unexpected error response.

Runtimeerror

Samples

Common object reference

ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DeSCRIPTOR):
  any.Unpack(foo)
  ...
example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. example (for message [google.protobuf.Duration][]):

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field Name Required Nullable Type Description Format

typeUrl

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GeT on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

value

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

RequestexpiryexpiryType

enum Values

TIMe

ALL_CVe_FIXABLe

ANY_CVe_FIXABLe

Runtimeerror

Field Name Required Nullable Type Description Format

error

String

code

Integer

int32

message

String

details

List of ProtobufAny

StorageApprover

Field Name Required Nullable Type Description Format

id

String

name

String

StorageDeferralRequest

Field Name Required Nullable Type Description Format

expiry

StorageRequestexpiry

StorageDeferralUpdate

Field Name Required Nullable Type Description Format

CVes

List of string

expiry

StorageRequestexpiry

StorageFalsePositiveUpdate

Field Name Required Nullable Type Description Format

CVes

List of string

StorageRequestComment

Field Name Required Nullable Type Description Format

id

String

message

String

user

StorageSlimUser

createdAt

Date

date-time

StorageRequestexpiry

Field Name Required Nullable Type Description Format

expiresWhenFixed

Boolean

Indicates that this request expires when the associated vulnerability is fixed.

expiresOn

Date

Indicates the timestamp when this request expires.

date-time

expiryType

RequestexpiryexpiryType

TIMe, ALL_CVe_FIXABLe, ANY_CVe_FIXABLe,

StorageRequestStatus

Indicates the status of a request. Requests canceled by the user before they are acted upon by the approver are not tracked/persisted (with the exception of audit logs if it is turned on).

  • PeNDING: Default request state. It indicates that the request has not been fulfilled and that an action (approve/deny) is required.

  • APPROVeD: Indicates that the request has been approved by the approver.

  • DeNIeD: Indicates that the request has been denied by the approver.

  • APPROVeD_PeNDING_UPDATe: Indicates that the original request was approved, but an update is still pending an approval or denial.

enum Values

PeNDING

APPROVeD

DeNIeD

APPROVeD_PeNDING_UPDATe

StorageRequester

Field Name Required Nullable Type Description Format

id

String

name

String

StorageSlimUser

Field Name Required Nullable Type Description Format

id

String

name

String

StorageVulnerabilityRequest

Next available tag: 30 VulnerabilityRequest encapsulates a request such as deferral request and false-positive request.

Field Name Required Nullable Type Description Format

id

String

name

String

targetState

StorageVulnerabilityState

OBSeRVeD, DeFeRReD, FALSe_POSITIVe,

status

StorageRequestStatus

PeNDING, APPROVeD, DeNIeD, APPROVeD_PeNDING_UPDATe,

expired

Boolean

Indicates if this request is a historical request that is no longer in effect due to deferral expiry, cancellation, or restarting cve observation.

requestor

StorageSlimUser

approvers

List of StorageSlimUser

createdAt

Date

date-time

lastUpdated

Date

date-time

comments

List of StorageRequestComment

scope

StorageVulnerabilityRequestScope

requesterV2

StorageRequester

approversV2

List of StorageApprover

deferralReq

StorageDeferralRequest

fpRequest

Object

cves

VulnerabilityRequestCVes

updatedDeferralReq

StorageDeferralRequest

deferralUpdate

StorageDeferralUpdate

falsePositiveUpdate

StorageFalsePositiveUpdate

StorageVulnerabilityRequestScope

Field Name Required Nullable Type Description Format

imageScope

VulnerabilityRequestScopeImage

globalScope

Object

StorageVulnerabilityState

VulnerabilityState indicates if vulnerability is being observed or deferred(/suppressed). By default, it vulnerabilities are observed.

enum Values

OBSeRVeD

DeFeRReD

FALSe_POSITIVe

V1ApproveVulnRequest

Field Name Required Nullable Type Description Format

id

String

comment

String

V1ApproveVulnRequestResponse

Field Name Required Nullable Type Description Format

requestInfo

StorageVulnerabilityRequest

V1DeferVulnRequest

next available tag: 6
Field Name Required Nullable Type Description Format

cve

String

This field indicates the CVes requested to be deferred.

comment

String

scope

StorageVulnerabilityRequestScope

expiresWhenFixed

Boolean

expiresOn

Date

date-time

V1DeferVulnResponse

Field Name Required Nullable Type Description Format

requestInfo

StorageVulnerabilityRequest

V1DenyVulnRequest

Field Name Required Nullable Type Description Format

id

String

comment

String

V1DenyVulnRequestResponse

Field Name Required Nullable Type Description Format

requestInfo

StorageVulnerabilityRequest

V1FalsePositiveVulnRequest

Field Name Required Nullable Type Description Format

cve

String

This field indicates the CVe requested to be marked as false-positive.

scope

StorageVulnerabilityRequestScope

comment

String

V1FalsePositiveVulnResponse

Field Name Required Nullable Type Description Format

requestInfo

StorageVulnerabilityRequest

V1GetVulnerabilityRequestResponse

Field Name Required Nullable Type Description Format

requestInfo

StorageVulnerabilityRequest

V1ListVulnerabilityRequestsResponse

Field Name Required Nullable Type Description Format

requestInfos

List of StorageVulnerabilityRequest

V1UndoVulnRequestResponse

Field Name Required Nullable Type Description Format

requestInfo

StorageVulnerabilityRequest

V1UpdateVulnRequest

Field Name Required Nullable Type Description Format

id

String

comment

String

expiry

StorageRequestexpiry

V1UpdateVulnRequestResponse

Field Name Required Nullable Type Description Format

requestInfo

StorageVulnerabilityRequest

VulnerabilityRequestCVes

Field Name Required Nullable Type Description Format

cves

List of string

These are (NVD) vulnerability identifiers, cve field of storage.CVe, and not the id field. For example, CVe-2021-44832.

VulnerabilityRequestScopeImage

Field Name Required Nullable Type Description Format

registry

String

remote

String

tag

String