×

GET /v1/cve/requests

ListVulnerabilityRequests returns the list of vulnerability requests.

Description

Parameters

Query Parameters

Name Description Required Default Pattern

query

-

null

pagination.limit

-

null

pagination.offset

-

null

pagination.sortOption.field

-

null

pagination.sortOption.reversed

-

null

pagination.sortOption.aggregateBy.aggrFunc

-

UNSET

pagination.sortOption.aggregateBy.distinct

-

null

Content Type

  • application/json

Responses

Table 1. HTTP Response Codes
Code Message Datatype

200

A successful response.

V1ListVulnerabilityRequestsResponse

0

An unexpected error response.

GooglerpcStatus

Samples

Common object reference

GooglerpcStatus

Field Name Required Nullable Type Description Format

code

Integer

int32

message

String

details

List of ProtobufAny

ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field Name Required Nullable Type Description Format

@type

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

RequestExpiryExpiryType

Enum Values

TIME

ALL_CVE_FIXABLE

ANY_CVE_FIXABLE

StorageApprover

Field Name Required Nullable Type Description Format

id

String

name

String

StorageDeferralRequest

Field Name Required Nullable Type Description Format

expiry

StorageRequestExpiry

StorageDeferralUpdate

Field Name Required Nullable Type Description Format

CVEs

List of string

expiry

StorageRequestExpiry

StorageFalsePositiveUpdate

Field Name Required Nullable Type Description Format

CVEs

List of string

StorageRequestComment

Field Name Required Nullable Type Description Format

id

String

message

String

user

StorageSlimUser

createdAt

Date

date-time

StorageRequestExpiry

Field Name Required Nullable Type Description Format

expiresWhenFixed

Boolean

Indicates that this request expires when the associated vulnerability is fixed.

expiresOn

Date

Indicates the timestamp when this request expires.

date-time

expiryType

RequestExpiryExpiryType

TIME, ALL_CVE_FIXABLE, ANY_CVE_FIXABLE,

StorageRequestStatus

Indicates the status of a request. Requests canceled by the user before they are acted upon by the approver are not tracked/persisted (with the exception of audit logs if it is turned on).

  • PENDING: Default request state. It indicates that the request has not been fulfilled and that an action (approve/deny) is required.

  • APPROVED: Indicates that the request has been approved by the approver.

  • DENIED: Indicates that the request has been denied by the approver.

  • APPROVED_PENDING_UPDATE: Indicates that the original request was approved, but an update is still pending an approval or denial.

Enum Values

PENDING

APPROVED

DENIED

APPROVED_PENDING_UPDATE

StorageRequester

Field Name Required Nullable Type Description Format

id

String

name

String

StorageSlimUser

Field Name Required Nullable Type Description Format

id

String

name

String

StorageVulnerabilityRequest

Next available tag: 30 VulnerabilityRequest encapsulates a request such as deferral request and false-positive request.

Field Name Required Nullable Type Description Format

id

String

name

String

targetState

StorageVulnerabilityState

OBSERVED, DEFERRED, FALSE_POSITIVE,

status

StorageRequestStatus

PENDING, APPROVED, DENIED, APPROVED_PENDING_UPDATE,

expired

Boolean

Indicates if this request is a historical request that is no longer in effect due to deferral expiry, cancellation, or restarting cve observation.

requestor

StorageSlimUser

approvers

List of StorageSlimUser

createdAt

Date

date-time

lastUpdated

Date

date-time

comments

List of StorageRequestComment

scope

StorageVulnerabilityRequestScope

requesterV2

StorageRequester

approversV2

List of StorageApprover

deferralReq

StorageDeferralRequest

fpRequest

Object

cves

VulnerabilityRequestCVEs

updatedDeferralReq

StorageDeferralRequest

deferralUpdate

StorageDeferralUpdate

falsePositiveUpdate

StorageFalsePositiveUpdate

StorageVulnerabilityRequestScope

Field Name Required Nullable Type Description Format

imageScope

VulnerabilityRequestScopeImage

globalScope

Object

StorageVulnerabilityState

VulnerabilityState indicates if vulnerability is being observed or deferred(/suppressed). By default, it vulnerabilities are observed.

  • OBSERVED: [Default state]

Enum Values

OBSERVED

DEFERRED

FALSE_POSITIVE

V1ListVulnerabilityRequestsResponse

Field Name Required Nullable Type Description Format

requestInfos

List of StorageVulnerabilityRequest

VulnerabilityRequestCVEs

Field Name Required Nullable Type Description Format

cves

List of string

These are (NVD) vulnerability identifiers, cve field of storage.CVE, and not the id field. For example, CVE-2021-44832.

VulnerabilityRequestScopeImage

Field Name Required Nullable Type Description Format

registry

String

remote

String

tag

String