Notification
Notification
| Field | Type | Description |
|---|---|---|
level |
Level |
|
scope |
Scope |
|
group |
Group |
|
title |
string |
|
content |
string |
|
timestamp |
google.protobuf.Timestamp |
|
subject |
google.protobuf.Any |
Subjects
BomConsumedOrProcessedSubject
| Field | Type | Description |
|---|---|---|
project |
Project |
|
bom |
Bom |
|
token |
string |
BomProcessingFailedSubject
| Field | Type | Description |
|---|---|---|
project |
Project |
|
bom |
Bom |
|
cause |
string |
|
token |
string |
ComponentVulnAnalysisCompleteSubject
| Field | Type | Description |
|---|---|---|
component |
Component |
|
vulnerabilities |
Vulnerability[] |
NewVulnerabilitySubject
| Field | Type | Description |
|---|---|---|
component |
Component |
|
project |
Project |
|
vulnerability |
Vulnerability |
|
affected_projects_reference |
BackReference |
|
vulnerability_analysis_level |
string |
|
affected_projects |
Project[] |
List of projects affected by the vulnerability. DEPRECATED: This list only holds one item, and it is identical to the one in the project field. The field is kept for backward compatibility of JSON notifications, but consumers should not expect multiple projects here. Transmitting all affected projects in one notification is not feasible for large portfolios, see https://github.com/DependencyTrack/hyades/issues/467 for details. |
NewVulnerableDependencySubject
| Field | Type | Description |
|---|---|---|
component |
Component |
|
project |
Project |
|
vulnerabilities |
Vulnerability[] |
PolicyViolationAnalysisDecisionChangeSubject
| Field | Type | Description |
|---|---|---|
component |
Component |
|
project |
Project |
|
policy_violation |
PolicyViolation |
|
analysis |
PolicyViolationAnalysis |
PolicyViolationSubject
| Field | Type | Description |
|---|---|---|
component |
Component |
|
project |
Project |
|
policy_violation |
PolicyViolation |
ProjectVulnAnalysisCompleteSubject
| Field | Type | Description |
|---|---|---|
project |
Project |
|
findings |
ComponentVulnAnalysisCompleteSubject[] |
|
status |
ProjectVulnAnalysisStatus |
|
token |
string |
UserSubject
| Field | Type | Description |
|---|---|---|
username |
string |
|
email |
string |
VexConsumedOrProcessedSubject
| Field | Type | Description |
|---|---|---|
project |
Project |
|
vex |
bytes |
|
format |
string |
|
spec_version |
string |
VulnerabilityAnalysisDecisionChangeSubject
| Field | Type | Description |
|---|---|---|
component |
Component |
|
project |
Project |
|
vulnerability |
Vulnerability |
|
analysis |
VulnerabilityAnalysis |
Messages
BackReference
| Field | Type | Description |
|---|---|---|
api_uri |
string |
URI to the API endpoint from which additional information can be fetched. |
frontend_uri |
string |
URI to the frontend where additional information can be seen. |
Bom
| Field | Type | Description |
|---|---|---|
content |
string |
|
format |
string |
|
spec_version |
string |
Component
| Field | Type | Description |
|---|---|---|
uuid |
string |
|
group |
string |
|
name |
string |
|
version |
string |
|
purl |
string |
|
md5 |
string |
|
sha1 |
string |
|
sha256 |
string |
|
sha512 |
string |
Policy
| Field | Type | Description |
|---|---|---|
uuid |
string |
|
name |
string |
|
violation_state |
string |
PolicyCondition
| Field | Type | Description |
|---|---|---|
uuid |
string |
|
subject |
string |
|
operator |
string |
|
value |
string |
|
policy |
Policy |
PolicyViolation
| Field | Type | Description |
|---|---|---|
uuid |
string |
|
type |
string |
|
timestamp |
google.protobuf.Timestamp |
|
condition |
PolicyCondition |
PolicyViolationAnalysis
| Field | Type | Description |
|---|---|---|
component |
Component |
|
project |
Project |
|
policy_violation |
PolicyViolation |
|
state |
string |
|
suppressed |
bool |
Project
| Field | Type | Description |
|---|---|---|
uuid |
string |
|
name |
string |
|
version |
string |
|
description |
string |
|
purl |
string |
|
tags |
string[] |
Vulnerability
| Field | Type | Description |
|---|---|---|
uuid |
string |
|
vuln_id |
string |
|
source |
string |
|
aliases |
Vulnerability.Alias[] |
|
title |
string |
|
sub_title |
string |
|
description |
string |
|
recommendation |
string |
|
cvss_v2 |
double |
|
cvss_v3 |
double |
|
owasp_rr_likelihood |
double |
|
owasp_rr_technical_impact |
double |
|
owasp_rr_business_impact |
double |
|
severity |
string |
|
cwes |
Vulnerability.Cwe[] |
|
cvss_v2_vector |
string |
|
cvss_v3_vector |
string |
|
owasp_rr_vector |
string |
Vulnerability.Alias
| Field | Type | Description |
|---|---|---|
id |
string |
|
source |
string |
Vulnerability.Cwe
| Field | Type | Description |
|---|---|---|
cwe_id |
int32 |
|
name |
string |
VulnerabilityAnalysis
| Field | Type | Description |
|---|---|---|
component |
Component |
|
project |
Project |
|
vulnerability |
Vulnerability |
|
state |
string |
|
suppressed |
bool |
Enums
Group
| Name | Description |
|---|---|
GROUP_UNSPECIFIED |
|
GROUP_CONFIGURATION |
|
GROUP_DATASOURCE_MIRRORING |
|
GROUP_REPOSITORY |
|
GROUP_INTEGRATION |
|
GROUP_FILE_SYSTEM |
|
GROUP_ANALYZER |
|
GROUP_NEW_VULNERABILITY |
|
GROUP_NEW_VULNERABLE_DEPENDENCY |
|
GROUP_PROJECT_AUDIT_CHANGE |
|
GROUP_BOM_CONSUMED |
|
GROUP_BOM_PROCESSED |
|
GROUP_VEX_CONSUMED |
|
GROUP_VEX_PROCESSED |
|
GROUP_POLICY_VIOLATION |
|
GROUP_PROJECT_CREATED |
|
GROUP_BOM_PROCESSING_FAILED |
|
GROUP_PROJECT_VULN_ANALYSIS_COMPLETE |
|
GROUP_USER_CREATED |
|
GROUP_USER_DELETED |
Level
| Name | Description |
|---|---|
LEVEL_UNSPECIFIED |
|
LEVEL_INFORMATIONAL |
|
LEVEL_WARNING |
|
LEVEL_ERROR |
ProjectVulnAnalysisStatus
| Name | Description |
|---|---|
PROJECT_VULN_ANALYSIS_STATUS_UNSPECIFIED |
|
PROJECT_VULN_ANALYSIS_STATUS_FAILED |
|
PROJECT_VULN_ANALYSIS_STATUS_COMPLETED |
Scope
| Name | Description |
|---|---|
SCOPE_UNSPECIFIED |
|
SCOPE_PORTFOLIO |
|
SCOPE_SYSTEM |