CreateFalsePositiveVulnerabilityException - Version v2 | API reference | Red Hat Advanced Cluster Security for Kubernetes 4.6

POST /v2/vulnerability-exceptions/false-positive

CreateFalsePositiveVulnerabilityException creates an exception request to mark specified vulnerabilities as false positive. Once an exception is created, it remains in the PENDING state until the approval. The exception is enforced only after it is approved.

Description

Parameters

Body Parameter

Name	Description	Required	Default	Pattern
body	V2CreateFalsePositiveVulnerabilityExceptionRequest	X

Name

Description

Required

Default

Pattern

body

V2CreateFalsePositiveVulnerabilityExceptionRequest

Return Type

V2CreateFalsePositiveVulnerabilityExceptionResponse

Content Type

application/json

Responses

Table 1. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	V2CreateFalsePositiveVulnerabilityExceptionResponse
0	An unexpected error response.	RpcStatus

Samples

Common object reference

ExceptionExpiryExpiryType

Enum Values
TIME
ALL_CVE_FIXABLE
ANY_CVE_FIXABLE

Enum Values

TIME

ALL_CVE_FIXABLE

ANY_CVE_FIXABLE

ProtobufAny

Field Name

Required

Nullable

Type

Description

Format

@type

String

RpcStatus

Field Name

Required

Nullable

Type

Description

Format

code

Integer

int32

message

String

details

List of ProtobufAny

ScopeImage

Field Name

Required

Nullable

Type

Description

Format

registry

String

remote

String

tag

String

V2Comment

Field Name

Required

Nullable

Type

Description

Format

String

message

String

user

V2SlimUser

createdAt

Date

date-time

V2CreateFalsePositiveVulnerabilityExceptionRequest

Field Name Required Nullable Type Description Format

cves

List of string

REQUIRED. The CVEs to which the exception should be applied.

scope

VulnerabilityExceptionScope

comment

String

REQUIRED. The rationale for creating the exception.

V2CreateFalsePositiveVulnerabilityExceptionResponse

Field Name

Required

Nullable

Type

Description

Format

exception

V2VulnerabilityException

V2DeferralRequest

Field Name

Required

Nullable

Type

Description

Format

expiry

V2ExceptionExpiry

V2DeferralUpdate

Field Name Required Nullable Type Description Format

cves

List of string

Use this field to update the CVEs of a deferral exception.

expiry

V2ExceptionExpiry

Field Name	Required	Nullable	Type	Description	Format
expiryType			ExceptionExpiryExpiryType		TIME, ALL_CVE_FIXABLE, ANY_CVE_FIXABLE,
expiresOn			Date	Indicates the timestamp when the exception expires. This field is REQUIRED only if the expiry type is set to TIME.	date-time

Field Name

Required

Nullable

Type

Description

Format

expiryType

ExceptionExpiryExpiryType

TIME, ALL_CVE_FIXABLE, ANY_CVE_FIXABLE,

expiresOn

Date

Indicates the timestamp when the exception expires. This field is REQUIRED only if the expiry type is set to TIME.

date-time

V2ExceptionStatus

Indicates the status of a request.

PENDING: Default request state. It indicates that the request has not been fulfilled and that an action (approve/deny) is required.
APPROVED: Indicates that the request has been approved by the approver.
DENIED: Indicates that the request has been denied by the approver.
APPROVED_PENDING_UPDATE: Indicates that the original request was approved, but an update is still pending an approval or denial.

Enum Values
PENDING
APPROVED
DENIED
APPROVED_PENDING_UPDATE

Enum Values

PENDING

APPROVED

DENIED

APPROVED_PENDING_UPDATE

V2FalsePositiveUpdate

Field Name Required Nullable Type Description Format

Field Name	Required	Nullable	Type	Description	Format
cves			List of `string`	Use this field to update the CVEs of a false-positive exception.

cves

List of string

Use this field to update the CVEs of a false-positive exception.

V2SlimUser

Field Name

Required

Nullable

Type

Description

Format

String

name

String

V2VulnerabilityException

Next available tag: 16 VulnerabilityException represents a vulnerability exception such as deferral and false-positive.

Field Name Required Nullable Type Description Format

String

name

String

Auto-generated display name of the exception.

targetState

V2VulnerabilityState

OBSERVED, DEFERRED, FALSE_POSITIVE,

status

V2ExceptionStatus

PENDING, APPROVED, DENIED, APPROVED_PENDING_UPDATE,

expired

Boolean

If set to true, this field indicates that the exception is no longer enforced.

requester

V2SlimUser

approvers

List of V2SlimUser

createdAt

Date

date-time

lastUpdated

Date

date-time

comments

List of V2Comment

scope

VulnerabilityExceptionScope

deferralRequest

V2DeferralRequest

falsePositiveRequest

Object

cves

List of string

Indicates the CVEs to which the exception applies.

deferralUpdate

V2DeferralUpdate

falsePositiveUpdate

V2FalsePositiveUpdate

V2VulnerabilityState

VulnerabilityState are the possible applicable to CVE. By default all vulnerabilities are in observed state.

OBSERVED: This is the default state and indicates that the CVE is not excluded from policy evaluation and risk evaluation.

DEFERRED: Indicates that the vulnerability is deferred. A deferred CVE is excluded from policy evaluation and risk evaluation.
FALSE_POSITIVE: Indicates that the vulnerability is a false-positive. A false-positive CVE is excluded from policy evaluation and risk evaluation.

Enum Values
OBSERVED
DEFERRED
FALSE_POSITIVE

Enum Values

OBSERVED

DEFERRED

FALSE_POSITIVE

VulnerabilityExceptionScope

Field Name

Required

Nullable

Type

Description

Format

imageScope

ScopeImage