Notification

Notification

Field	Type	Description
level	Level
scope	Scope
group	Group
title	string
content	string
timestamp	google.protobuf.Timestamp
subject	google.protobuf.Any
id	string	Unique identifier of the notification in UUIDv7 format.

Subjects

BomConsumedOrProcessedSubject

Field	Type	Description
project	Project
bom	Bom
token	string

BomProcessingFailedSubject

Field	Type	Description
project	Project
bom	Bom
cause	string
token	string

BomValidationFailedSubject

Field	Type	Description
project	Project
bom	Bom
errors	string[]

ComponentVulnAnalysisCompleteSubject

Field	Type	Description
component	Component
vulnerabilities	Vulnerability[]

NewPolicyViolationsSummarySubject

Subject for GROUP_NEW_POLICY_VIOLATIONS_SUMMARY notifications.

Field	Type	Description
overview	NewPolicyViolationsSummarySubject.Overview
project_summaries	NewPolicyViolationsSummarySubject.ProjectSummaryEntry[]
violations_by_project	NewPolicyViolationsSummarySubject.ProjectViolationsEntry[]
since	google.protobuf.Timestamp

NewVulnerabilitiesSummarySubject

Subject for GROUP_NEW_VULNERABILITIES_SUMMARY notifications.

Field	Type	Description
overview	NewVulnerabilitiesSummarySubject.Overview
project_summaries	NewVulnerabilitiesSummarySubject.ProjectSummaryEntry[]
findings_by_project	NewVulnerabilitiesSummarySubject.ProjectFindingsEntry[]
since	google.protobuf.Timestamp

NewVulnerabilitySubject

Field	Type	Description
component	Component
project	Project
vulnerability	Vulnerability
affected_projects_reference	BackReference
vulnerability_analysis_level	string
affected_projects	Project[]	List of projects affected by the vulnerability. DEPRECATED: This list only holds one item, and it is identical to the one in the project field. The field is kept for backward compatibility of JSON notifications, but consumers should not expect multiple projects here. Transmitting all affected projects in one notification is not feasible for large portfolios, see https://github.com/DependencyTrack/hyades/issues/467 for details.
analysis_trigger	AnalysisTrigger	The trigger of the analysis that identified the vulnerability.

NewVulnerableDependencySubject

Field	Type	Description
component	Component
project	Project
vulnerabilities	Vulnerability[]

PolicyViolationAnalysisDecisionChangeSubject

Field	Type	Description
component	Component
project	Project
policy_violation	PolicyViolation
analysis	PolicyViolationAnalysis

PolicyViolationSubject

Field	Type	Description
component	Component
project	Project
policy_violation	PolicyViolation

ProjectVulnAnalysisCompleteSubject

Field	Type	Description
project	Project
findings	ComponentVulnAnalysisCompleteSubject[]
status	ProjectVulnAnalysisStatus
token	string

UserSubject

Field	Type	Description
username	string
email	string

VexConsumedOrProcessedSubject

Field	Type	Description
project	Project
vex	bytes
format	string
spec_version	string

VulnerabilityAnalysisDecisionChangeSubject

Field	Type	Description
component	Component
project	Project
vulnerability	Vulnerability
analysis	VulnerabilityAnalysis

VulnerabilityRetractedSubject

Field	Type	Description
component	Component	The component for which the vulnerability was previously reported.
project	Project	The project for which the vulnerability was previously reported.
vulnerability	Vulnerability	The previously reported vulnerability.

Messages

BackReference

Field	Type	Description
api_uri	string	URI to the API endpoint from which additional information can be fetched.
frontend_uri	string	URI to the frontend where additional information can be seen.

Bom

Field	Type	Description
content	string
format	string
spec_version	string

Component

Field	Type	Description
uuid	string
group	string
name	string
version	string
purl	string
md5	string
sha1	string
sha256	string
sha512	string

NewPolicyViolationsSummarySubject.Overview

Field	Type	Description
affected_projects_count	int32
affected_components_count	int32
new_violations_count	int32
new_violations_count_by_type	NewPolicyViolationsSummarySubject.Overview.NewViolationsCountByTypeEntry[]
suppressed_new_violations_count	int32
total_new_violations_count	int32

NewPolicyViolationsSummarySubject.Overview.NewViolationsCountByTypeEntry

Field	Type	Description
key	string
value	int32

NewPolicyViolationsSummarySubject.ProjectSummaryEntry

Field	Type	Description
project	Project
new_violations_count_by_type	NewPolicyViolationsSummarySubject.ProjectSummaryEntry.NewViolationsCountByTypeEntry[]
suppressed_new_violations_count_by_type	NewPolicyViolationsSummarySubject.ProjectSummaryEntry.SuppressedNewViolationsCountByTypeEntry[]
total_new_violations_count_by_type	NewPolicyViolationsSummarySubject.ProjectSummaryEntry.TotalNewViolationsCountByTypeEntry[]

NewPolicyViolationsSummarySubject.ProjectSummaryEntry.NewViolationsCountByTypeEntry

Field	Type	Description
key	string
value	int32

NewPolicyViolationsSummarySubject.ProjectSummaryEntry.SuppressedNewViolationsCountByTypeEntry

Field	Type	Description
key	string
value	int32

NewPolicyViolationsSummarySubject.ProjectSummaryEntry.TotalNewViolationsCountByTypeEntry

Field	Type	Description
key	string
value	int32

NewPolicyViolationsSummarySubject.ProjectViolationsEntry

Field	Type	Description
project	Project
violations	NewPolicyViolationsSummarySubject.Violation[]

NewPolicyViolationsSummarySubject.Violation

Field	Type	Description
uuid	string
component	Component
policy_condition	PolicyCondition
type	string
timestamp	google.protobuf.Timestamp
analysis_state	string
suppressed	bool

NewVulnerabilitiesSummarySubject.Finding

Field	Type	Description
component	Component
vulnerability	Vulnerability
analyzer_identity	string
attributed_on	google.protobuf.Timestamp
reference_url	string
analysis_state	string
suppressed	bool

NewVulnerabilitiesSummarySubject.Overview

Field	Type	Description
affected_projects_count	int32
affected_components_count	int32
new_vulnerabilities_count	int32
new_vulnerabilities_count_by_severity	NewVulnerabilitiesSummarySubject.Overview.NewVulnerabilitiesCountBySeverityEntry[]
suppressed_new_vulnerabilities_count	int32
total_new_vulnerabilities_count	int32

NewVulnerabilitiesSummarySubject.Overview.NewVulnerabilitiesCountBySeverityEntry

Field	Type	Description
key	string
value	int32

NewVulnerabilitiesSummarySubject.ProjectFindingsEntry

Field	Type	Description
project	Project
findings	NewVulnerabilitiesSummarySubject.Finding[]

NewVulnerabilitiesSummarySubject.ProjectSummaryEntry

Field	Type	Description
project	Project
new_vulnerabilities_count_by_severity	NewVulnerabilitiesSummarySubject.ProjectSummaryEntry.NewVulnerabilitiesCountBySeverityEntry[]
suppressed_new_vulnerabilities_count_by_severity	NewVulnerabilitiesSummarySubject.ProjectSummaryEntry.SuppressedNewVulnerabilitiesCountBySeverityEntry[]
total_new_vulnerabilities_count_by_severity	NewVulnerabilitiesSummarySubject.ProjectSummaryEntry.TotalNewVulnerabilitiesCountBySeverityEntry[]

NewVulnerabilitiesSummarySubject.ProjectSummaryEntry.NewVulnerabilitiesCountBySeverityEntry

Field	Type	Description
key	string
value	int32

NewVulnerabilitiesSummarySubject.ProjectSummaryEntry.SuppressedNewVulnerabilitiesCountBySeverityEntry

Field	Type	Description
key	string
value	int32

NewVulnerabilitiesSummarySubject.ProjectSummaryEntry.TotalNewVulnerabilitiesCountBySeverityEntry

Field	Type	Description
key	string
value	int32

Policy

Field	Type	Description
uuid	string
name	string
violation_state	string

PolicyCondition

Field	Type	Description
uuid	string
subject	string
operator	string
value	string
policy	Policy

PolicyViolation

Field	Type	Description
uuid	string
type	string
timestamp	google.protobuf.Timestamp
condition	PolicyCondition

PolicyViolationAnalysis

Field	Type	Description
component	Component
project	Project
policy_violation	PolicyViolation
state	string
suppressed	bool

Project

Field	Type	Description
uuid	string
name	string
version	string
description	string
purl	string
tags	string[]
is_active	bool

Vulnerability

Field	Type	Description
uuid	string
vuln_id	string
source	string
aliases	Vulnerability.Alias[]
title	string
sub_title	string
description	string
recommendation	string
cvss_v2	double
cvss_v3	double
owasp_rr_likelihood	double
owasp_rr_technical_impact	double
owasp_rr_business_impact	double
severity	string
cwes	Vulnerability.Cwe[]
cvss_v2_vector	string
cvss_v3_vector	string
owasp_rr_vector	string
cvss_v4	double
cvss_v4_vector	string

Vulnerability.Alias

Field	Type	Description
id	string
source	string

Vulnerability.Cwe

Field	Type	Description
cwe_id	int32
name	string

VulnerabilityAnalysis

Field	Type	Description
component	Component
project	Project
vulnerability	Vulnerability
state	string
suppressed	bool

Enums

AnalysisTrigger

Name	Description
ANALYSIS_TRIGGER_UNSPECIFIED	No trigger specified.
ANALYSIS_TRIGGER_BOM_UPLOAD	The analysis was triggered by a BOM upload.
ANALYSIS_TRIGGER_SCHEDULE	The analysis was triggered by a schedule.
ANALYSIS_TRIGGER_MANUAL	The analysis was triggered manually.

Group

Name	Description
GROUP_UNSPECIFIED
GROUP_CONFIGURATION
GROUP_DATASOURCE_MIRRORING
GROUP_REPOSITORY
GROUP_INTEGRATION
GROUP_FILE_SYSTEM
GROUP_ANALYZER
GROUP_NEW_VULNERABILITY
GROUP_NEW_VULNERABLE_DEPENDENCY
GROUP_PROJECT_AUDIT_CHANGE
GROUP_BOM_CONSUMED
GROUP_BOM_PROCESSED
GROUP_VEX_CONSUMED
GROUP_VEX_PROCESSED
GROUP_POLICY_VIOLATION
GROUP_PROJECT_CREATED
GROUP_BOM_PROCESSING_FAILED
GROUP_PROJECT_VULN_ANALYSIS_COMPLETE
GROUP_USER_CREATED
GROUP_USER_DELETED
GROUP_BOM_VALIDATION_FAILED
GROUP_VULNERABILITY_RETRACTED	A previously identified vulnerability is no longer applicable,
e.g. due to upstream sources correcting their data.
GROUP_NEW_VULNERABILITIES_SUMMARY	Scheduled summary of new vulnerabilities across projects.
GROUP_NEW_POLICY_VIOLATIONS_SUMMARY	Scheduled summary of new policy violations across projects.

Level

Name	Description
LEVEL_UNSPECIFIED
LEVEL_INFORMATIONAL
LEVEL_WARNING
LEVEL_ERROR

ProjectVulnAnalysisStatus

Name	Description
PROJECT_VULN_ANALYSIS_STATUS_UNSPECIFIED
PROJECT_VULN_ANALYSIS_STATUS_FAILED
PROJECT_VULN_ANALYSIS_STATUS_COMPLETED

Scope

Name	Description
SCOPE_UNSPECIFIED
SCOPE_PORTFOLIO
SCOPE_SYSTEM