OpenShift docs are moving and will soon only be available at docs.redhat.com, the home of all Red Hat product documentation. Explore the new docs experience today.
  1. Documentation
    2. history bug_report picture_as_pdf
×

ApproveVulnerabilityException

POST /v2/vulnerability-exceptions/{id}/approve

ApproveVulnerabilityException approves a vulnerability exception. Once approved, the exception is enforced. The associated vulnerabilities are excluded from policy evaluation and risk evaluation, and the vulnerabilities may not appear in certain APIs responses by default.

Description

Parameters

Path Parameters

Name Description Required Default Pattern

id

REQUIRED. The ID of vulnerability exception to be approved.

X

null

Body Parameter

Name Description Required Default Pattern

body

VulnerabilityExceptionServiceApproveVulnerabilityExceptionBody

X

Return Type

V2ApproveVulnerabilityExceptionResponse

Content Type

  • application/json

Responses

Table 1. HTTP Response Codes
Code Message Datatype

200

A successful response.

V2ApproveVulnerabilityExceptionResponse

0

An unexpected error response.

RpcStatus

Samples

Common object reference

ExceptionExpiryExpiryType

Enum Values

TIME

ALL_CVE_FIXABLE

ANY_CVE_FIXABLE

ProtobufAny

Field Name Required Nullable Type Description Format

@type

String

RpcStatus

Field Name Required Nullable Type Description Format

code

Integer

int32

message

String

details

List of ProtobufAny

ScopeImage

Field Name Required Nullable Type Description Format

registry

String

remote

String

tag

String

V2ApproveVulnerabilityExceptionResponse

Field Name Required Nullable Type Description Format

exception

V2VulnerabilityException

V2Comment

Field Name Required Nullable Type Description Format

id

String

message

String

user

V2SlimUser

createdAt

Date

date-time

V2DeferralRequest

Field Name Required Nullable Type Description Format

expiry

V2ExceptionExpiry

V2DeferralUpdate

Field Name Required Nullable Type Description Format

cves

List of string

Use this field to update the CVEs of a deferral exception.

expiry

V2ExceptionExpiry

V2ExceptionExpiry

Field Name Required Nullable Type Description Format

expiryType

ExceptionExpiryExpiryType

TIME, ALL_CVE_FIXABLE, ANY_CVE_FIXABLE,

expiresOn

Date

Indicates the timestamp when the exception expires. This field is REQUIRED only if the expiry type is set to TIME.

date-time

V2ExceptionStatus

Indicates the status of a request.

  • PENDING: Default request state. It indicates that the request has not been fulfilled and that an action (approve/deny) is required.

  • APPROVED: Indicates that the request has been approved by the approver.

  • DENIED: Indicates that the request has been denied by the approver.

  • APPROVED_PENDING_UPDATE: Indicates that the original request was approved, but an update is still pending an approval or denial.

Enum Values

PENDING

APPROVED

DENIED

APPROVED_PENDING_UPDATE

V2FalsePositiveUpdate

Field Name Required Nullable Type Description Format

cves

List of string

Use this field to update the CVEs of a false-positive exception.

V2SlimUser

Field Name Required Nullable Type Description Format

id

String

name

String

V2VulnerabilityException

Next available tag: 16 VulnerabilityException represents a vulnerability exception such as deferral and false-positive.

Field Name Required Nullable Type Description Format

id

String

name

String

Auto-generated display name of the exception.

targetState

V2VulnerabilityState

OBSERVED, DEFERRED, FALSE_POSITIVE,

status

V2ExceptionStatus

PENDING, APPROVED, DENIED, APPROVED_PENDING_UPDATE,

expired

Boolean

If set to true, this field indicates that the exception is no longer enforced.

requester

V2SlimUser

approvers

List of V2SlimUser

createdAt

Date

date-time

lastUpdated

Date

date-time

comments

List of V2Comment

scope

VulnerabilityExceptionScope

deferralRequest

V2DeferralRequest

falsePositiveRequest

Object

cves

List of string

Indicates the CVEs to which the exception applies.

deferralUpdate

V2DeferralUpdate

falsePositiveUpdate

V2FalsePositiveUpdate

V2VulnerabilityState

VulnerabilityState are the possible applicable to CVE. By default all vulnerabilities are in observed state.

  • OBSERVED: This is the default state and indicates that the CVE is not excluded from policy evaluation and risk evaluation.

  • DEFERRED: Indicates that the vulnerability is deferred. A deferred CVE is excluded from policy evaluation and risk evaluation.

  • FALSE_POSITIVE: Indicates that the vulnerability is a false-positive. A false-positive CVE is excluded from policy evaluation and risk evaluation.

Enum Values

OBSERVED

DEFERRED

FALSE_POSITIVE

VulnerabilityExceptionScope

Field Name Required Nullable Type Description Format

imageScope

ScopeImage

VulnerabilityExceptionServiceApproveVulnerabilityExceptionBody

Field Name Required Nullable Type Description Format

comment

String

REQUIRED. The rationale for approving the exception.