The Component Search API allows you to find a particular component, as well as get information back about that component. Using GET requests it allows you to retrieve component information such as application ID, application name, report URL, component hash, component coordinates, and the highest threat level of the policy violations (for the found component).
Below, we’ve provided an example of the GET request. We’ve done this using the HTTP client cURL. Of course, you could use any HTTP client tool. Additionally, to help demonstrate use of the API, we’ve broken out the various pieces for this request and provided an example of data that is retrieved.
Compared to the other APIs, Component Search is fairly simple. However, you should have some basic information about the component coordinates, as well as the stage (e.g. Build) where the component was analyzed. |
Searching for Components. First, make sure your IQ Server is started. Also, as we mentioned, you will need to have evaluated at least one application. With those two things completed, let’s take a look at the GET API.
GET /api/v2/search/component
Now, in addition to this, you will need to set the stage, and then add your search parameters. Let’s take a look at stage first.
Typically the stage represents the development lifecycle of your product. There are four stages that are currently supported. These include:
build
stage
stage-release
operate
Entering any of these for the stage ID will pull from that specific stage’s evaluation data.
Next up, you need to set the component search parameters using any combination of these options:
Now, let’s look at an example. Consider a case where we wanted to find all components within the group ID "tomcat", for any applications evaluated during the Build stage. Using the information above, as well as cURL and an encoded URL, here is what we would have…
curl -u admin:admin123 -X GET "http://localhost:8070/api/v2/search/component?stageId= build&componentIdentifier=%7B%22format%22%3A%22maven%22%2C% 22coordinates%22%3A%7B%22groupId%22%3A%22tomcat%22%7D%7D"
Of course the above is an encoded URL, so just for a bit of help, here is what a non-encoded URL would look like. This should help you identify the JSON in the example above.
"http://localhost:8070/api/v2/search/component?stageId= build&componentIdentifier={"format":"maven","coordinates" :{"groupId":"tomcat"}}"
Alright, so in our case, the API above produced the following results. If you have any tomcat components, you could expect something similar…
{ "criteria":{ "stageId":"build", "hash":null, "componentIdentifier":{ "format":"maven", "coordinates":{ "groupId":"tomcat" } } }, "results":[ { "applicationId":"MyApp-1234", "applicationName":"My Application 2", "reportUrl":"http://localhost:8070/ui/links/appl ication/MyApp-1234/report/c81991938f304f30bc139e a13cf93cd5", "hash":"1249e25aebb15358bedd", "componentIdentifier":{ "format":"maven", "coordinates":{ "artifactId":"tomcat-util", "classifier":"", "extension":"jar", "groupId":"tomcat", "version":"5.5.23" } }
The data above was formatted to make it a bit more readable. |
Using Wildcards. Of course, you may come across instances where you want to produce more results with less specific component details. If this is the case, the Component Search API does support the use of wildcards when searching using the GAV (coordinates).
If you are familiar with the coordinates policy condition, it follows the exact same logic. You can read more on the Coordinates condition in Step Five in the Policy Management chapter.
Terms of Service Privacy Policy
Copyright ©
2008-present, Sonatype Inc. All rights reserved. Includes the
third-party code listed here. Sonatype and Sonatype Nexus are trademarks
of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache
Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation.
All other trademarks are the property of their respective owners.
Sonatype Headquarters - 8161
Maple Lawn Blvd #250, Fulton, MD 20759
Tysons Office - 8251 Greensboro Drive #610, McLean, VA
22102
Australia Office - 5 Martin Place, Level 14, Sydney 2000, NSW, Australia