The Component Details API provides all available (to Sonatype) security vulnerability, license data, age, and popularity information for a specified component. What is not included, is any information related to policy violations for an evaluated application.
If you are looking for component information for a component that has been evaluated as part of an application, please see the Component Details by Report API. |
This API uses POST REST resource
Below, we have provided a step-by-step example using the HTTP client cURL, though any HTTP client could be used.
Step 1 - Get the component HASH or component identifier. Depending on the type of component, and the information you have, the API allows you to specify the component hash, the component identifier, or both. In our example we’ll be searching using Maven coordinates.
If desired you can specify more than one component. |
Step 2 - Submit the specified component to retrieve details. First let’s take a look at the POST resource:
POST api/v2/components/details
You will also need to include JSON data specifying the component information you are providing.
{ "components":{ "hash":null, "componentIdentifier":{ "format":"maven", "coordinates":{ "artifactId":"tomcat-util", "extension":"jar", "groupId":"tomcat", "version":"5.5.23" } } }
Putting this together with the cURL command, as well as including the IQ Server URL for the POST resource path, you should have something that looks like this:
curl -u admin:admin123 -X POST -H "Content-Type: application/json" -d'{"components":[{"hash": null,"componentIdentifier": {"format":"maven","coordinates": {"artifactId":"tomcat-util","extension":"jar","groupId":"tomcat","version":"5.5.23"}}}]}' 'http://localhost:8070/api/v2/components/details'
The IQ Server will then respond with the component details. An example is provided below.
{ "componentDetails":[ { "component":{ "hash":"1249e25aebb15358bedd", "componentIdentifier":{ "format":"maven", "coordinates":{ "artifactId":"tomcat-util", "classifier":"", "extension":"jar", "groupId":"tomcat", "version":"5.5.23" } } }, "matchState":"exact", "catalogDate":"2008-01-29T01:45:22.000-05:00", "relativePopularity":100, "licenseData":{ "declaredLicenses":[ { "licenseId":"Apache-2.0", "licenseName":"Apache-2.0" } ], "observedLicenses":[ { "licenseId":"No-Sources", "licenseName":"No Sources" } ] }, "securityData":{ "securityIssues":[ { "source":"cve", "reference":"CVE-2007-3385", "severity":4.3, "url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385", "threatCategory":"severe" }, { "source":"cve", "reference":"CVE-2007-5333", "severity":5.0, "url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333", "threatCategory":"severe" }, { "source":"cve", "reference":"CVE-2011-2526", "severity":4.4, "url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526", "threatCategory":"severe" }, { "source":"cve", "reference":"CVE-2012-0022", "severity":5.0, "url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022", "threatCategory":"severe" }, { "source":"osvdb", "reference":"37071", "severity":4.3, "url":"http://osvdb.org/37071", "threatCategory":"severe" }, { "source":"osvdb", "reference":"41435", "severity":5.0, "url":"http://osvdb.org/41435", "threatCategory":"severe" }, { "source":"osvdb", "reference":"73797", "severity":4.4, "url":"http://osvdb.org/73797", "threatCategory":"severe" }, { "source":"osvdb", "reference":"73798", "severity":4.4, "url":"http://osvdb.org/73798", "threatCategory":"severe" }, { "source":"osvdb", "reference":"78573", "severity":5.0, "url":"http://osvdb.org/78573", "threatCategory":"severe" } ] } } ] }
Terms of Service Privacy Policy
Copyright ©
2008-present, Sonatype Inc. All rights reserved. Includes the
third-party code listed here. Sonatype and Sonatype Nexus are trademarks
of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache
Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation.
All other trademarks are the property of their respective owners.
Sonatype Headquarters - 8161
Maple Lawn Blvd #250, Fulton, MD 20759
Tysons Office - 8251 Greensboro Drive #610, McLean, VA
22102
Australia Office - 5 Martin Place, Level 14, Sydney 2000, NSW, Australia