Skip to content

帮助文档
帮助文档

梦想橡皮擦 / 帮助文档
与 Fork 源项目一致

Fork自 GitCode / 帮助文档

通知 1
Star 0
Fork 0
帮助文档
帮助文档
切换分支/标签
查找文件 普通视图历史永久链接Permalink
381.md 6.0 KB
Newer Older
Lab机器人's avatar
readme  
Lab机器人 已提交
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 
# Vulnerabilities API

> 原文:[https://docs.gitlab.com/ee/api/vulnerabilities.html](https://docs.gitlab.com/ee/api/vulnerabilities.html)

*   [Single vulnerability](#single-vulnerability)
*   [Confirm vulnerability](#confirm-vulnerability)
*   [Resolve vulnerability](#resolve-vulnerability)
*   [Dismiss vulnerability](#dismiss-vulnerability)

# Vulnerabilities API[](#vulnerabilities-api-ultimate "Permalink")

[Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/10242) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.6.

**注意:**以前的 Vulnerabilities API 已重命名为 Vulnerability Findings API,其文档已移至[其他位置](vulnerability_findings.html) . 现在,本文描述了新的漏洞 API,该 API 提供对[独立漏洞的](https://gitlab.com/groups/gitlab-org/-/epics/634)访问.**警告:**此 API 处于 alpha 阶段,被认为是不稳定的. 响应有效载荷可能会在 GitLab 版本之间发生更改或损坏.

每个对漏洞的 API 调用都必须经过[身份验证](README.html#authentication) .

漏洞权限从其项目继承权限. 如果项目是私有项目,并且用户不是该漏洞所属项目的成员,则对该项目的请求将返回`404 Not Found`状态代码.

## Single vulnerability[](#single-vulnerability "Permalink")

获得一个漏洞

```
GET /vulnerabilities/:id 
```

| Attribute | Type | Required | Description |
| --- | --- | --- | --- |
| `id` | 整数或字符串 | yes | 要获取的漏洞的 ID |

```
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/vulnerabilities/1" 
```

响应示例:

```
{  "id":  1,  "title":  "Predictable pseudorandom number generator",  "description":  null,  "state":  "opened",  "severity":  "medium",  "confidence":  "medium",  "report_type":  "sast",  "project":  {  "id":  32,  "name":  "security-reports",  "full_path":  "/gitlab-examples/security/security-reports",  "full_name":  "gitlab-examples / security / security-reports"  },  "author_id":  1,  "updated_by_id":  null,  "last_edited_by_id":  null,  "closed_by_id":  null,  "start_date":  null,  "due_date":  null,  "created_at":  "2019-10-13T15:08:40.219Z",  "updated_at":  "2019-10-13T15:09:40.382Z",  "last_edited_at":  null,  "closed_at":  null  } 
```

## Confirm vulnerability[](#confirm-vulnerability "Permalink")

确认给定漏洞. 如果已经确认该漏洞,则返回状态码`304` .

如果经过身份验证的用户无权[确认漏洞](../user/permissions.html#project-members-permissions) ,则此请求将导致`403`状态代码.

```
POST /vulnerabilities/:id/confirm 
```

| Attribute | Type | Required | Description |
| --- | --- | --- | --- |
| `id` | 整数或字符串 | yes | 确认漏洞的 ID |

```
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/vulnerabilities/5/confirm" 
```

响应示例:

```
{  "id":  2,  "title":  "Predictable pseudorandom number generator",  "description":  null,  "state":  "confirmed",  "severity":  "medium",  "confidence":  "medium",  "report_type":  "sast",  "project":  {  "id":  32,  "name":  "security-reports",  "full_path":  "/gitlab-examples/security/security-reports",  "full_name":  "gitlab-examples / security / security-reports"  },  "author_id":  1,  "updated_by_id":  null,  "last_edited_by_id":  null,  "closed_by_id":  null,  "start_date":  null,  "due_date":  null,  "created_at":  "2019-10-13T15:08:40.219Z",  "updated_at":  "2019-10-13T15:09:40.382Z",  "last_edited_at":  null,  "closed_at":  null  } 
```

## Resolve vulnerability[](#resolve-vulnerability "Permalink")

解决给定漏洞. 如果漏洞已解决,则返回状态码`304` .

如果经过身份验证的用户无权[解决漏洞](../user/permissions.html#project-members-permissions) ,则此请求将导致`403`状态代码.

```
POST /vulnerabilities/:id/resolve 
```

| Attribute | Type | Required | Description |
| --- | --- | --- | --- |
| `id` | 整数或字符串 | yes | 解决的漏洞的 ID |

```
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/vulnerabilities/5/resolve" 
```

响应示例:

```
{  "id":  2,  "title":  "Predictable pseudorandom number generator",  "description":  null,  "state":  "resolved",  "severity":  "medium",  "confidence":  "medium",  "report_type":  "sast",  "project":  {  "id":  32,  "name":  "security-reports",  "full_path":  "/gitlab-examples/security/security-reports",  "full_name":  "gitlab-examples / security / security-reports"  },  "author_id":  1,  "updated_by_id":  null,  "last_edited_by_id":  null,  "closed_by_id":  null,  "start_date":  null,  "due_date":  null,  "created_at":  "2019-10-13T15:08:40.219Z",  "updated_at":  "2019-10-13T15:09:40.382Z",  "last_edited_at":  null,  "closed_at":  null  } 
```

## Dismiss vulnerability[](#dismiss-vulnerability "Permalink")

消除给定的漏洞. 如果漏洞已被`304`则返回状态码`304` .

If an authenticated user does not have permission to [dismiss vulnerabilities](../user/permissions.html#project-members-permissions), this request will result in a `403` status code.

```
POST /vulnerabilities/:id/dismiss 
```

| Attribute | Type | Required | Description |
| --- | --- | --- | --- |
| `id` | 整数或字符串 | yes | 消除漏洞的 ID |

```
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/vulnerabilities/5/dismiss" 
```

响应示例:

```
{  "id":  2,  "title":  "Predictable pseudorandom number generator",  "description":  null,  "state":  "closed",  "severity":  "medium",  "confidence":  "medium",  "report_type":  "sast",  "project":  {  "id":  32,  "name":  "security-reports",  "full_path":  "/gitlab-examples/security/security-reports",  "full_name":  "gitlab-examples / security / security-reports"  },  "author_id":  1,  "updated_by_id":  null,  "last_edited_by_id":  null,  "closed_by_id":  null,  "start_date":  null,  "due_date":  null,  "created_at":  "2019-10-13T15:08:40.219Z",  "updated_at":  "2019-10-13T15:09:40.382Z",  "last_edited_at":  null,  "closed_at":  null  } 
```