Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
Api-Call to get vulnerabilties by package and version
-
Hi folks.
Is there a way to get the vulnerabilities via an api call using a nuget packet and its version?
I would like the information as in the picture:
THX Paddy
-
Hi @itadmin_9894 ,
It doesn't seem to be documented, but we do have a
pgutil packages audit
command:$> pgutil packages audit --help Description: Analyzes a package for compliance issues Usage: pgutil packages audit [options] Options: --package=<package> (REQUIRED) Name (and group where applicable) of package --version=<version> (REQUIRED) Version of package Common Options (packages): --api-key=<api-key> ProGet API key used to authorize access --feed=<feed> Name of feed in ProGet --no-connectors Only include local (non-connector) package data in results --password=<password> ProGet user password used to authorize access --source=<source> Named source or URL of ProGet --username=<username> ProGet user name used to authorize access -?, --help Show help and usage information Examples: $> pgutil packages audit --feed=approved-nuget --package=Newtonsoft.Json --version=12.0.3 $> pgutil packages audit --feed=public-npm --package=@babel/runtime --version=7.25.0 $> pgutil packages audit --feed=private-pypi --package=Django --version=5.0.6 --filename=Django-5.0.6.tar.gz
Cheers,
Alana
-
Hi @atripp ,
THX for your feedback. It looks like that's not what I want. https://docs.inedo.com/docs/proget/api/vulnerabilities/audit
This method does not provide for the vulnerabilities of the package.
Any other ideas?Best regards
Paddy
-
It looks like you're trying to do a
GET
request, which is why it's not working.You need to
POST
an array of package identifiers like this:POST /api/sca/audit-package-vulns [ { "name": "NuGet.CommandLine" "version": "6.8.0" "type": "nuget" } ]
Cheers,
Alana
-
Good morning @atripp .
It looks like this method is not working as I expect it to. As you can see from the following printscreens, the result is different between WebUi and API.
Am I using the API call incorrectly?
Best regards
Paddy
-
Hi @itadmin_9894,
Would you be able to share the entire JSON response and exactly what information is missing that you are expecting to see?
Thanks,
Dan
-
Hi Dan.
I have now built a parser that fetches the desired information from the WebApp.
Thank you very much for your help.
Paddy