How to generate XRay Vulnerabilties report using rest api - rest

Could someone please help to generate Vulnerability report via REST API for artifacts?
Maybe a sample example will help.
Looked at the below documentation but not clear to me
https://www.jfrog.com/confluence/display/JFROG/Xray+REST+API#XrayRESTAPI-GenerateVulnerabilitiesReport

I assume your Xray version is 3.x, kindly follow the below curl command which should give you the report,
curl -u<username>:<password> http://artifactory_URL/xray/api/v1/reports/vulnerabilities -H 'Content-Type: application/json' -d #report.json
In the report.json file, add the information which you need to generate the report for.
For example:
cat report.json
{
"name": "report1",
"resources": {
"repositories": [
{
"name": "libs-release-local"
}
],
"builds": {
"names": [
"art-docker-test",
"art-docker-prod"
]
}
},
"filters": {
"vulnerable_component": "*vulnerable:component*",
"impacted_artifact": "some://impacted*artifact",
"has_remediation": false,
"cve": "CVE-1234-1234",
"issue_id": "XRAY-1234",
"severities": [
"High",
"Medium"
],
"cvss_score": {
"min_score": 6.3,
"max_score": 9
},
"published": {
"start": "2020-06-29T12:22:16Z",
"end": "2020-06-29T12:22:16Z"
},
"scan_date": {
"start": "2020-06-29T12:22:16Z",
"end": "2020-06-29T12:22:16Z"}
}
}
I'm generating a report for the repository "libs-release-local" and build name "art-docker-test" and "art-docker-prod" with filters as you can understand.

Related

FIWARE Orion: return subscription id

When creating a subscription, it would be nice to return the subscription ID.
For instance, the following code doesn't return anything :
curl localhost:1026/v2/subscriptions -s -S --header 'Content-Type: application/json' \
-d #- <<EOF
{
"description": "A subscription to get info about Room1",
"subject": {
"entities": [
{
"id": "Room1",
"type": "Room"
}
],
"condition": {
"attrs": [
"pressure"
]
}
},
"notification": {
"http": {
"url": "http://localhost:1028/accumulate"
},
"attrs": [
"temperature"
]
},
"expires": "2040-01-01T14:00:00.00Z",
"throttling": 5
}
EOF
In the subscription case, the resource id is generated server-side (with difference to the entities endpoint, where the id is decided client-side).
It would be nice to return it in the POST call, is there any way to do this?
Subscription ID is retrieved in Location header in the response to the subscription creation request, eg:
Location: /v2/subscriptions/5b991dfa12f473cee6651a1a
More details in the NGSIv2 API specification (check "Create Subscription" section).

How to create a pull request in a Bitbucket using api 1.0

I am trying to create an automation pipeline and in that, I want to create a pull request in bitbucket from my jenkins job. I found some document where I can create a pull request using rest api. But that is for api 2.0. I have old bitbucket and I am not sure which api version I have to use.
Thanks,
You can create a pull request in Bitbucket using the REST API 1.0 doing the following:
curl -s --user USER:PASS --request POST --data #- --header Content-Type:application/json https://BITBUCKET-SERVER/rest/api/1.0/projects/TO-PROJECT/repos/TO-REPOSITORY/pull-requests << EOF
{
"title": "SOME-TITTLE",
"description": "SOME-DESCRIPTION",
"state": "OPEN",
"open": true,
"closed": false,
"fromRef": {
"id": "refs/heads/FROM-BRANCH",
"repository": {
"slug": "FROM-REPO",
"name": null,
"project": {
"key": "FROM-PROJECT"
}
}
},
"toRef": {
"id": "refs/heads/TO-BRANCH",
"repository": {
"slug": "TO-REPO",
"name": null,
"project": {
"key": "TO-PROJECT"
}
}
},
"locked": false,
"reviewers": [
{
"user": {
"name": "REVIEWER"
}
}
]
}

How can I use the BigQuery REST API from the command line?

Attempting to make a plain GET request to one of the BigQuery REST APIs gives an error that looks like this:
curl https://www.googleapis.com/bigquery/v2/projects/$PROJECT_ID/jobs/$JOBID
Output:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Login Required",
"locationType": "header",
"location": "Authorization",
...
What is the correct way to invoke one of the REST APIs from the command-line, such as the query or insert APIs? The API reference has a "Try this API", but the examples don't translate directly to something you can run from the command-line.
As a disclaimer, when working from the command-line, using the bq tool will usually be sufficient, or for more complex use cases, the BigQuery client libraries enable programming with BigQuery from multiple languages. It can still be useful sometimes to make plain requests to the REST APIs to see how certain APIs work at a low level, however.
First, make sure that you have installed the Google Cloud SDK. This should include the gcloud and bq command-line tools. If you haven't already, authorize your account by running this command from your terminal:
gcloud auth login
This should prompt you to log in and then give you an access code that you can paste into your terminal. (The exact process may change over time).
Now let's try a query using the BigQuery REST API, calling the jobs.query method. Modify this script with your own project name, which you can find from the Google Cloud Console, then paste the script into your terminal:
PROJECT="YOUR_PROJECT_NAME"
QUERY="\"SELECT 1 AS x, 'foo' AS y;\""
REQUEST="{\"kind\":\"bigquery#queryRequest\",\"useLegacySql\":false,\"query\":$QUERY}"
echo $REQUEST | \
curl -X POST -d #- -H "Content-Type: application/json" \
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
https://www.googleapis.com/bigquery/v2/projects/$PROJECT/queries
If it worked, you should see output that looks like this:
{
"kind": "bigquery#queryResponse",
"schema": {
"fields": [
{
"name": "x",
"type": "INTEGER",
"mode": "NULLABLE"
},
{
"name": "y",
"type": "STRING",
"mode": "NULLABLE"
}
]
},
"jobReference": {
"projectId": "<your project ID>",
"jobId": "<your job ID>"
},
"totalRows": "1",
"rows": [
{
"f": [
{
"v": "1"
},
{
"v": "foo"
}
]
}
],
"totalBytesProcessed": "0",
"jobComplete": true,
"cacheHit": false
}
If you haven't set up the bq command-line tool, you can use bq init from your terminal to do so. Once you have, you can try running the same query using it:
bq query --use_legacy_sql=False "SELECT 1 AS x, 'foo' AS y;"
You can also see the REST API requests that the bq tool makes by passing the --apilog= option:
bq --apilog= query --use_legacy_sql=False "SELECT [1, 2, 3] AS x;"
Now let's try an example using the jobs.insert method instead of the query API. Run this script, replacing YOUR_PROJECT_NAME with your project name:
PROJECT="YOUR_PROJECT_NAME"
QUERY="\"SELECT 1 AS x, 'foo' AS y;\""
REQUEST="{\"configuration\":{\"query\":{\"useLegacySql\":false,\"query\":${QUERY}}}}"
echo $REQUEST | \
curl -X POST -d #- -H "Content-Type: application/json" \
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
https://www.googleapis.com/bigquery/v2/projects/$PROJECT/jobs
Unlike the query API, which returned a response immediately, you will see a result that looks similar to this:
{
"kind": "bigquery#job",
"etag": "\"<etag string>\"",
"id": "<project name>:<job ID>",
"selfLink": "https://www.googleapis.com/bigquery/v2/projects/<project name>/jobs/<job ID>",
"jobReference": {
"projectId": "<project name>",
"jobId": "<job ID>"
},
"configuration": {
"query": {
"query": "SELECT 1 AS x, 'foo' AS y;",
"destinationTable": {
"projectId": "<project name>",
"datasetId": "<anonymous dataset>",
"tableId": "<anonymous table>"
},
"createDisposition": "CREATE_IF_NEEDED",
"writeDisposition": "WRITE_TRUNCATE",
"useLegacySql": false
}
},
"status": {
"state": "RUNNING"
},
"statistics": {
"creationTime": "<timestamp millis>",
"startTime": "<timestamp millis>"
},
"user_email": "<your email address>"
}
Notice the status:
"status": {
"state": "RUNNING"
},
If you want to check on the job now, you can use the jobs.get method. Similar to before, run this from your terminal, using the job ID from the output in the previous step:
PROJECT="YOUR_PROJECT_NAME"
JOB_ID="YOUR_JOB_ID"
curl -H "Authorization: Bearer $(gcloud auth print-access-token)" \
https://www.googleapis.com/bigquery/v2/projects/$PROJECT/jobs/$JOB_ID
If the query is done, you'll get a response that indicates as much:
...
"status": {
"state": "DONE"
},
...
Finally, we can make a request to fetch the query results, also using the REST API.
curl -H "Authorization: Bearer $(gcloud auth print-access-token)" \
https://www.googleapis.com/bigquery/v2/projects/$PROJECT/queries/$JOB_ID
The output will look similar to when we used the jobs.query method above:
{
"kind": "bigquery#getQueryResultsResponse",
"etag": "\"<etag string>\"",
"schema": {
"fields": [
{
"name": "x",
"type": "INTEGER",
"mode": "NULLABLE"
},
{
"name": "y",
"type": "STRING",
"mode": "NULLABLE"
}
]
},
"jobReference": {
"projectId": "<project ID>",
"jobId": "<job ID>"
},
"totalRows": "1",
"rows": [
{
"f": [
{
"v": "1"
},
{
"v": "foo"
}
]
}
],
"totalBytesProcessed": "0",
"jobComplete": true,
"cacheHit": true
}

Jira Rest API: Requesting issue(s) of a specific user in one or more projects (Beginner)

For testing and practice purposes I want to create a specific request in Jira by using its REST api:
I want to list all issues from a specific user in one or more specific projects.
I tried it with SOAP UI but I was not able to create or get my results with easy GET-HTTP requests (I don't know how to combine more values and parameter together). The other way would be to use a script language but here I don't know what to use.
The documentation is somewhat confusing for a beginner like me and I would like to know how combine different values and paramter and how to start in an easy way.
Try to use advance rest client for chrome browsers to make your Rest requests.
The examples below (from official documentation) are for Curl usage but its simple to pass them to advance rest client. Dont forget the authentication.
Link to advance rest client
Example of create issue:
Request
curl -D- -u fred:fred -X POST --data {see below} -H "Content-Type: application/json" http://localhost:8090/rest/api/2/issue/
Data
{
"fields": {
"project":
{
"key": "TEST"
},
"summary": "REST ye merry gentlemen.",
"description": "Creating of an issue using project keys and issue type names using the REST API",
"issuetype": {
"name": "Bug"
}
}
}
Response
{
"id":"39000",
"key":"TEST-101",
"self":"http://localhost:8090/rest/api/2/issue/39000"
}
Example of making a query issue:
Request:
curl -D- -u fred:fred -X GET -H "Content-Type: application/json" http://kelpie9:8081/rest/api/2/search?jql=assignee=fred
Response:
{
"expand": "schema,names",
"startAt": 0,
"maxResults": 50,
"total": 6,
"issues": [
{
"expand": "html",
"id": "10230",
"self": "http://kelpie9:8081/rest/api/2/issue/BULK-62",
"key": "BULK-62",
"fields": {
"summary": "testing",
"timetracking": null,
"issuetype": {
"self": "http://kelpie9:8081/rest/api/2/issuetype/5",
"id": "5",
"description": "The sub-task of the issue",
"iconUrl": "http://kelpie9:8081/images/icons/issue_subtask.gif",
"name": "Sub-task",
"subtask": true
},
},
"customfield_10071": null
},
"transitions": "http://kelpie9:8081/rest/api/2/issue/BULK-62/transitions",
},
{
"expand": "html",
"id": "10004",
"self": "http://kelpie9:8081/rest/api/2/issue/BULK-47",
"key": "BULK-47",
"fields": {
"summary": "Cheese v1 2.0 issue",
"timetracking": null,
"issuetype": {
"self": "http://kelpie9:8081/rest/api/2/issuetype/3",
"id": "3",
"description": "A task that needs to be done.",
"iconUrl": "http://kelpie9:8081/images/icons/task.gif",
"name": "Task",
"subtask": false
},
"transitions": "http://kelpie9:8081/rest/api/2/issue/BULK-47/transitions",
}
]
}

Read facebook lead ads - only one lead in response

I test on https://developers.facebook.com/tools/explorer/
My query: /v2.8/11111111/leadgen_forms?fields=leads_count,leads
Response:
{ "data": [
{
"name": "My Form",
"leads_count": 37,
"leads": {
"data": [
{
"created_time": "2016-12-21T14:50:56+0000",
"id": "10000000000000",
"field_data": [
{
"name": "email",
"values": [
"hidden#gmail.com"
]
},
{
"name": "first_name",
"values": [
"Hidden"
]
},
{
"name": "last_name",
"values": [
"Hidden"
]
}
]
}
],
"paging": {
"cursors": {
"before": "MTc0ODU4Mjg2MjEyODQ1MgZDZD",
"after": "MTc0ODU4Mjg2MjEyODQ1MgZDZD"
}
}
},
"id": "10000000000000"
}
}
Why I get only one lead in data, when I have 37 in leads_count field?
I actually don't see the way you are accessing leads documented anywhere.
In your request, you are accessing the edge of a page, requesting the forms, and within that, requesting the leads.
You should probably be using the edge of the form ID instead to retrieve leads:
curl -G \
-d 'access_token=<ACCESS_TOKEN>' \
https://graph.facebook.com/v2.8/<FORM_ID>/leads
You can also filter them:
curl -G \
-d "filtering=[{'field':'time_created','operator':'GREATER_THAN','value':<TIMESTAMP>}]" \
-d "access_token=<ACCESS_TOKEN>" \
https://graph.facebook.com/<API_VERSION>/<AD_ID>/leads