Querying the Vulnerability List
Function
This API is used to query the list of detected vulnerabilities.
URI
GET /v5/{project_id}/vulnerability/vulnerabilities
Parameter | Mandatory | Type | Description |
|---|---|---|---|
project_id | Yes | String | Project ID. |
Parameter | Mandatory | Type | Description |
|---|---|---|---|
enterprise_project_id | No | String | Enterprise project ID. The value 0 indicates the default enterprise project. To query all enterprise projects, set this parameter to all_granted_eps. |
type | No | String | Vulnerability type. The options are as follows: -linux_vul: Linux vulnerability -windows_vul: Windows vulnerability -web_cms: Web-CMS vulnerability -app_vul: application vulnerability |
vul_id | No | String | Vulnerability ID |
vul_name | No | String | Vulnerability name |
limit | No | Integer | Number of records displayed on each page |
offset | No | Integer | Offset, which specifies the start position of the record to be returned. |
repair_priority | No | String | Fix Priority Critical High Medium Low |
handle_status | No | String | description: |- Handling status. The options are as follows: - unhandled - handled |
cve_id | No | String | Vulnerability ID |
label_list | No | String | Vulnerability tag |
status | No | String | Vulnerability status |
asset_value | No | String | Asset importance important common test |
group_name | No | String | Server group name |
Request Parameters
Parameter | Mandatory | Type | Description |
|---|---|---|---|
X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. |
Response Parameters
Status code: 200
Parameter | Type | Description |
|---|---|---|
total_num | Long | Total number of vulnerabilities |
data_list | Array of VulInfo objects | Software vulnerability list |
Parameter | Type | Description |
|---|---|---|
vul_name | String | Vulnerability name |
vul_id | String | Vulnerability ID |
label_list | Array of strings | Vulnerability tag |
repair_necessity | String | Necessity of fixing a vulnerability.
|
severity_level | String | Vulnerability severity.
|
host_num | Integer | Number of affected servers |
unhandle_host_num | Integer | Number of unhandled servers, excluding ignored and fixed servers. |
scan_time | Long | Last scanned, in ms. |
solution_detail | String | Vulnerability fixing guide |
url | String | Vulnerability URL |
description | String | Vulnerability description |
type | String | Vulnerability type. The options are as follows: -linux_vul: Linux vulnerability -windows_vul: Windows vulnerability -web_cms: Web-CMS vulnerability -app_vul: application vulnerability |
host_id_list | Array of strings | List of servers where the vulnerability can be handled |
cve_list | Array of cve_list objects | CVE list |
patch_url | String | Patch address |
repair_priority | String | Fix Priority Critical High Medium Low |
hosts_num | VulnerabilityHostNumberInfo object | Affected server |
repair_success_num | Integer | Number of successful repairs |
fixed_num | Long | Number of repairs |
ignored_num | Long | Number of ignored items |
verify_num | Integer | Number of verifications |
repair_priority_list | Array of RepairPriorityListInfo objects | Fixing priority. The number of servers corresponding to each fixing priority. |
Parameter | Type | Description |
|---|---|---|
cve_id | String | CVE ID |
cvss | Float | CVSS score |
Parameter | Type | Description |
|---|---|---|
important | Integer | Number of important servers |
common | Integer | Number of common servers |
test | Integer | Number of test servers |
Parameter | Type | Description |
|---|---|---|
repair_priority | String | Priority Critical High Medium Low |
host_num | Integer | Number of servers corresponding to the fixing priority |
Example Requests
Query the first 10 records in the vulnerability list whose project_id is 2b31ed520xxxxxxebedb6e57xxxxxxxx.
GET https://{endpoint}/v5/2b31ed520xxxxxxebedb6e57xxxxxxxx/vulnerability/vulnerabilities?offset=0&limit=10
Example Responses
Status code: 200
Request succeeded.
{"total_num" : 1,"data_list" : [ {"description" : "It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, or possibly execute arbitrary code.","host_id_list" : [ "caa958ad-a481-4d46-b51e-6861b8864515" ],"host_num" : 1,"scan_time" : 1661752185836,"severity_level" : "Critical","repair_necessity" : "Critical","solution_detail" : "To upgrade the affected software","type" : "linux_vul","unhandle_host_num" : 0,"url" : "https://ubuntu.com/security/CVE-2022-27405","vul_id" : "USN-5528-1","vul_name" : "USN-5528-1: FreeType vulnerabilities","repair_priority_list" : [ {"repair_priority" : "Critical","host_num" : 0}, {"repair_priority" : "High","host_num" : 0}, {"repair_priority" : "Medium","host_num" : 1}, {"repair_priority" : "Low","host_num" : 0} ]} ]}
Status Codes
Status Code | Description |
|---|---|
200 | Request succeeded. |
Error Codes
See Error Codes.
- URI