VulnerabilityRequestService | API reference | Red Hat Advanced Cluster Security for Kubernetes 4.5

ApproveVulnerabilityRequest

POST /v1/cve/requests/{id}/approve

ApproveVulnRequest approve a vulnerability request. If it is an unwatch vulnerability request then the associated vulnerabilities are not watched in workflows such as policy detection, risk, etc.

Description

Parameters

Path Parameters

Name	Description	Required	Default	Pattern
id		X	null

Name

Description

Required

Default

Pattern

null

Body Parameter

Name	Description	Required	Default	Pattern
body	V1ApproveVulnRequest	X

Name

Description

Required

Default

Pattern

body

V1ApproveVulnRequest

Return Type

V1ApproveVulnRequestResponse

Content Type

application/json

Responses

Table 1. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	V1ApproveVulnRequestResponse
0	An unexpected error response.	RuntimeError

Samples

DeferVulnerability

POST /v1/cve/requests/defer

DeferVulnerability starts the deferral process for the specified vulnerability.

Description

Parameters

Body Parameter

Name	Description	Required	Default	Pattern
body	V1DeferVulnRequest	X

Name

Description

Required

Default

Pattern

body

V1DeferVulnRequest

Return Type

V1DeferVulnResponse

Content Type

application/json

Responses

Table 2. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	V1DeferVulnResponse
0	An unexpected error response.	RuntimeError

Samples

DeleteVulnerabilityRequest

DELETE /v1/cve/requests/{id}

DeleteVulnerabilityRequest deletes a vulnerability request.

Description

Parameters

Path Parameters

Name	Description	Required	Default	Pattern
id		X	null

Name

Description

Required

Default

Pattern

null

Return Type

Object

Content Type

application/json

Responses

Table 3. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	`Object`
0	An unexpected error response.	RuntimeError

Samples

DenyVulnerabilityRequest

POST /v1/cve/requests/{id}/deny

DenyVulnRequest denies a vulnerability request.

Description

Parameters

Path Parameters

Name	Description	Required	Default	Pattern
id		X	null

Name

Description

Required

Default

Pattern

null

Body Parameter

Name	Description	Required	Default	Pattern
body	V1DenyVulnRequest	X

Name

Description

Required

Default

Pattern

body

V1DenyVulnRequest

Return Type

V1DenyVulnRequestResponse

Content Type

application/json

Responses

Table 4. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	V1DenyVulnRequestResponse
0	An unexpected error response.	RuntimeError

Samples

FalsePositiveVulnerability

POST /v1/cve/requests/false-positive

FalsePositiveVulnerability starts the process to mark the specified vulnerability as false-positive.

Description

Parameters

Body Parameter

Name	Description	Required	Default	Pattern
body	V1FalsePositiveVulnRequest	X

Name

Description

Required

Default

Pattern

body

V1FalsePositiveVulnRequest

Return Type

V1FalsePositiveVulnResponse

Content Type

application/json

Responses

Table 5. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	V1FalsePositiveVulnResponse
0	An unexpected error response.	RuntimeError

Samples

GetVulnerabilityRequest

GET /v1/cve/requests/{id}

GetVulnerabilityRequest returns the requested vulnerability request by ID.

Description

Parameters

Path Parameters

Name	Description	Required	Default	Pattern
id		X	null

Name

Description

Required

Default

Pattern

null

Return Type

V1GetVulnerabilityRequestResponse

Content Type

application/json

Responses

Table 6. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	V1GetVulnerabilityRequestResponse
0	An unexpected error response.	RuntimeError

Samples

ListVulnerabilityRequests

GET /v1/cve/requests

ListVulnerabilityRequests returns the list of vulnerability requests.

Description

Parameters

Query Parameters

Name	Required	Default
query	-	null
pagination.limit	-	null
pagination.offset	-	null
pagination.sortOption.field	-	null
pagination.sortOption.reversed	-	null
pagination.sortOption.aggregateBy.aggrFunc	-	UNSET
pagination.sortOption.aggregateBy.distinct	-	null

Name

Description

Required

Default

Pattern

query

null

pagination.limit

null

pagination.offset

null

pagination.sortOption.field

null

pagination.sortOption.reversed

null

pagination.sortOption.aggregateBy.aggrFunc

UNSET

pagination.sortOption.aggregateBy.distinct

null

Return Type

V1ListVulnerabilityRequestsResponse

Content Type

application/json

Responses

Table 7. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	V1ListVulnerabilityRequestsResponse
0	An unexpected error response.	RuntimeError

Samples

UndoVulnerabilityRequest

POST /v1/cve/requests/{id}/undo

UndoVulnerabilityRequest undoes a vulnerability request.

Description

Parameters

Path Parameters

Name	Description	Required	Default	Pattern
id		X	null

Name

Description

Required

Default

Pattern

null

Return Type

V1UndoVulnRequestResponse

Content Type

application/json

Responses

Table 8. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	V1UndoVulnRequestResponse
0	An unexpected error response.	RuntimeError

Samples

UpdateVulnerabilityRequest

POST /v1/cve/requests/{id}/update

UpdateVulnerabilityRequest updates an existing vulnerability request. Currently only deferral expiration time can be updated.

Description

Parameters

Path Parameters

Name	Description	Required	Default	Pattern
id		X	null

Name

Description

Required

Default

Pattern

null

Body Parameter

Name	Description	Required	Default	Pattern
body	V1UpdateVulnRequest	X

Name

Description

Required

Default

Pattern

body

V1UpdateVulnRequest

Return Type

V1UpdateVulnRequestResponse

Content Type

application/json

Responses

Table 9. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	V1UpdateVulnRequestResponse
0	An unexpected error response.	RuntimeError

Samples

Common object reference

ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}

Example 3: Pack and unpack a message in Python.

foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...

Example 4: Pack and unpack a message in Go

foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}

{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}

Field Name Required Nullable Type Description Format

Field Name	Required	Nullable	Type	Description	Format
typeUrl			String	A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics.
value			byte[]	Must be a valid serialized protocol buffer of the above specified type.	byte

typeUrl

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

value

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

RequestExpiryExpiryType

Enum Values
TIME
ALL_CVE_FIXABLE
ANY_CVE_FIXABLE

Enum Values

TIME

ALL_CVE_FIXABLE

ANY_CVE_FIXABLE

RuntimeError

Field Name

Required

Nullable

Type

Description

Format

error

String

code

Integer

int32

message

String

details

List of ProtobufAny

StorageApprover

Field Name

Required

Nullable

Type

Description

Format

String

name

String

StorageDeferralRequest

Field Name

Required

Nullable

Type

Description

Format

expiry

StorageRequestExpiry

StorageDeferralUpdate

Field Name Required Nullable Type Description Format

CVEs

List of string

expiry

StorageRequestExpiry

StorageFalsePositiveUpdate

Field Name Required Nullable Type Description Format

CVEs

List of string

StorageRequestComment

Field Name

Required

Nullable

Type

Description

Format

String

message

String

user

StorageSlimUser

createdAt

Date

date-time

StorageRequestExpiry

Field Name	Type	Description	Format
expiresWhenFixed	Boolean	Indicates that this request expires when the associated vulnerability is fixed.
expiresOn	Date	Indicates the timestamp when this request expires.	date-time
expiryType	RequestExpiryExpiryType		TIME, ALL_CVE_FIXABLE, ANY_CVE_FIXABLE,

Field Name

Required

Nullable

Type

Description

Format

expiresWhenFixed

Boolean

Indicates that this request expires when the associated vulnerability is fixed.

expiresOn

Date

Indicates the timestamp when this request expires.

date-time

expiryType

RequestExpiryExpiryType

TIME, ALL_CVE_FIXABLE, ANY_CVE_FIXABLE,

StorageRequestStatus

Indicates the status of a request. Requests canceled by the user before they are acted upon by the approver are not tracked/persisted (with the exception of audit logs if it is turned on).

PENDING: Default request state. It indicates that the request has not been fulfilled and that an action (approve/deny) is required.
APPROVED: Indicates that the request has been approved by the approver.
DENIED: Indicates that the request has been denied by the approver.
APPROVED_PENDING_UPDATE: Indicates that the original request was approved, but an update is still pending an approval or denial.

Enum Values
PENDING
APPROVED
DENIED
APPROVED_PENDING_UPDATE

Enum Values

PENDING

APPROVED

DENIED

APPROVED_PENDING_UPDATE

StorageRequester

Field Name

Required

Nullable

Type

Description

Format

String

name

String

StorageSlimUser

Field Name

Required

Nullable

Type

Description

Format

String

name

String

StorageVulnerabilityRequest

Next available tag: 30 VulnerabilityRequest encapsulates a request such as deferral request and false-positive request.

Field Name

Required

Nullable

Type

Description

Format

String

name

String

targetState

StorageVulnerabilityState

OBSERVED, DEFERRED, FALSE_POSITIVE,

status

StorageRequestStatus

PENDING, APPROVED, DENIED, APPROVED_PENDING_UPDATE,

expired

Boolean

Indicates if this request is a historical request that is no longer in effect due to deferral expiry, cancellation, or restarting cve observation.

requestor

StorageSlimUser

approvers

List of StorageSlimUser

createdAt

Date

date-time

lastUpdated

Date

date-time

comments

List of StorageRequestComment

scope

StorageVulnerabilityRequestScope

requesterV2

StorageRequester

approversV2

List of StorageApprover

deferralReq

StorageDeferralRequest

fpRequest

Object

cves

VulnerabilityRequestCVEs

updatedDeferralReq

StorageDeferralRequest

deferralUpdate

StorageDeferralUpdate

falsePositiveUpdate

StorageFalsePositiveUpdate

StorageVulnerabilityRequestScope

Field Name

Required

Nullable

Type

Description

Format

imageScope

VulnerabilityRequestScopeImage

globalScope

Object

StorageVulnerabilityState

VulnerabilityState indicates if vulnerability is being observed or deferred(/suppressed). By default, it vulnerabilities are observed.

Enum Values
OBSERVED
DEFERRED
FALSE_POSITIVE

Enum Values

OBSERVED

DEFERRED

FALSE_POSITIVE

V1ApproveVulnRequest

Field Name

Required

Nullable

Type

Description

Format

String

comment

String

V1ApproveVulnRequestResponse

Field Name

Required

Nullable

Type

Description

Format

requestInfo

StorageVulnerabilityRequest

V1DeferVulnRequest

next available tag: 6

Field Name

Required

Nullable

Type

Description

Format

cve

String

This field indicates the CVEs requested to be deferred.

comment

String

scope

StorageVulnerabilityRequestScope

expiresWhenFixed

Boolean

expiresOn

Date

date-time

V1DeferVulnResponse

Field Name

Required

Nullable

Type

Description

Format

requestInfo

StorageVulnerabilityRequest

V1DenyVulnRequest

Field Name

Required

Nullable

Type

Description

Format

String

comment

String

V1DenyVulnRequestResponse

Field Name

Required

Nullable

Type

Description

Format

requestInfo

StorageVulnerabilityRequest

V1FalsePositiveVulnRequest

Field Name

Required

Nullable

Type

Description

Format

cve

String

This field indicates the CVE requested to be marked as false-positive.

scope

StorageVulnerabilityRequestScope

comment

String

V1FalsePositiveVulnResponse

Field Name

Required

Nullable

Type

Description

Format

requestInfo

StorageVulnerabilityRequest

V1GetVulnerabilityRequestResponse

Field Name

Required

Nullable

Type

Description

Format

requestInfo

StorageVulnerabilityRequest

V1ListVulnerabilityRequestsResponse

Field Name

Required

Nullable

Type

Description

Format

requestInfos

List of StorageVulnerabilityRequest

V1UndoVulnRequestResponse

Field Name

Required

Nullable

Type

Description

Format

requestInfo

StorageVulnerabilityRequest

V1UpdateVulnRequest

Field Name

Required

Nullable

Type

Description

Format

String

comment

String

expiry

StorageRequestExpiry

V1UpdateVulnRequestResponse

Field Name

Required

Nullable

Type

Description

Format

requestInfo

StorageVulnerabilityRequest

VulnerabilityRequestCVEs

Field Name Required Nullable Type Description Format

Field Name	Required	Nullable	Type	Description	Format
cves			List of `string`	These are (NVD) vulnerability identifiers, `cve` field of `storage.CVE`, and not the `id` field. For example, CVE-2021-44832.

cves

List of string

These are (NVD) vulnerability identifiers, cve field of storage.CVE, and not the id field. For example, CVE-2021-44832.

VulnerabilityRequestScopeImage

Field Name

Required

Nullable

Type

Description

Format

registry

String

remote

String

tag

String