List IaC Vulnerabilities by scanId

List Vulnerabilities

curl --request GET \
  --url https://{region}.api.plerion.com/v1/tenant/shiftleft/iac/scans/{scanId}/vulnerabilities \
  --header 'Authorization: Bearer <token>'

{
  "data": [
    {
      "id": "1",
      "createdAt": "2023-06-30T06:07:18.797Z",
      "updatedAt": "2023-06-30T06:07:18.797Z",
      "tenantId": "tenant-123",
      "organizationId": "org-456",
      "vulnerabilityId": "CVE-2023-12345",
      "description": "This is a sample vulnerability description.",
      "severityLevel": "HIGH",
      "title": "Sample Vulnerability Title",
      "primaryUrl": "https://example.com/cve/CVE-2023-12345",
      "packages": [
        {
          "name": "sample-package",
          "type": "npm",
          "fixedVersion": "1.0.1",
          "installedVersion": "1.0.0"
        }
      ],
      "publishedDate": "2023-06-15",
      "cwes": [
        {
          "id": "1",
          "name": "CWE-123",
          "cweId": "CWE-123",
          "source": "MITRE",
          "sourceUrl": "https://example.com/cwe/CWE-123",
          "description": "This is a sample CWE description."
        }
      ],
      "hasKev": true,
      "hasExploit": false,
      "knownExploit": {
        "cveID": "CVE-2022-22965",
        "notes": "",
        "dueDate": "2022-04-25",
        "product": "Spring Framework",
        "dateAdded": "2022-04-04",
        "vendorProject": "VMware",
        "requiredAction": "Apply updates per vendor instructions.",
        "shortDescription": "Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.",
        "vulnerabilityName": "Spring Framework JDK 9+ Remote Code Execution Vulnerability"
      },
      "exploits": [
        {
          "id": "1",
          "title": "Sample Exploit Title",
          "description": "This is a sample exploit description.",
          "source": "MITRE",
          "sourceUrl": "https://example.com/exploit/CVE-2023-12345"
        }
      ],
      "severityLevelValue": 4,
      "file": "/node/CVE-2023-12345/package-lock.json"
    }
  ],
  "meta": {
    "page": 123,
    "perPage": 123,
    "total": 123,
    "hasNextPage": true,
    "hasPreviousPage": true
  }
}

GET

tenant

shiftleft

iac

scans

{scanId}

vulnerabilities

List Vulnerabilities

curl --request GET \
  --url https://{region}.api.plerion.com/v1/tenant/shiftleft/iac/scans/{scanId}/vulnerabilities \
  --header 'Authorization: Bearer <token>'

{
  "data": [
    {
      "id": "1",
      "createdAt": "2023-06-30T06:07:18.797Z",
      "updatedAt": "2023-06-30T06:07:18.797Z",
      "tenantId": "tenant-123",
      "organizationId": "org-456",
      "vulnerabilityId": "CVE-2023-12345",
      "description": "This is a sample vulnerability description.",
      "severityLevel": "HIGH",
      "title": "Sample Vulnerability Title",
      "primaryUrl": "https://example.com/cve/CVE-2023-12345",
      "packages": [
        {
          "name": "sample-package",
          "type": "npm",
          "fixedVersion": "1.0.1",
          "installedVersion": "1.0.0"
        }
      ],
      "publishedDate": "2023-06-15",
      "cwes": [
        {
          "id": "1",
          "name": "CWE-123",
          "cweId": "CWE-123",
          "source": "MITRE",
          "sourceUrl": "https://example.com/cwe/CWE-123",
          "description": "This is a sample CWE description."
        }
      ],
      "hasKev": true,
      "hasExploit": false,
      "knownExploit": {
        "cveID": "CVE-2022-22965",
        "notes": "",
        "dueDate": "2022-04-25",
        "product": "Spring Framework",
        "dateAdded": "2022-04-04",
        "vendorProject": "VMware",
        "requiredAction": "Apply updates per vendor instructions.",
        "shortDescription": "Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.",
        "vulnerabilityName": "Spring Framework JDK 9+ Remote Code Execution Vulnerability"
      },
      "exploits": [
        {
          "id": "1",
          "title": "Sample Exploit Title",
          "description": "This is a sample exploit description.",
          "source": "MITRE",
          "sourceUrl": "https://example.com/exploit/CVE-2023-12345"
        }
      ],
      "severityLevelValue": 4,
      "file": "/node/CVE-2023-12345/package-lock.json"
    }
  ],
  "meta": {
    "page": 123,
    "perPage": 123,
    "total": 123,
    "hasNextPage": true,
    "hasPreviousPage": true
  }
}

Authorizations

Authorization

string

header

required

Bearer API Key. For example, "Bearer {Tenant API Key}"

Headers

Authorization

string

required

Bearer API Key. For example, "Bearer {Tenant API Key}"

Content-Type

string

application/json

Path Parameters

scanId

string

required

Scan ID

Query Parameters

ids

string

Filter vulnerabilities based on ids. Accepts a comma-separated list of ids.

Example:

["uuid1,uuid2,uuid3"]

vulnerabilityIds

string

Filter vulnerabilities based on vulnerability id. Accepts a comma-separated list of vulnerability id.

Example:

"CVE-2022-22965,CVE-2022-22966,CVE-2022-22967"

severitySources

string

Filter vulnerabilities based on severitySource. Accepts a comma-separated list of severitySource.

Example:

"nvd,github,debian"

files

string

Filter vulnerabilities based on file. Accepts a comma-separated list of file.

Example:

"file1,file2"

hasKevs

boolean

Filter vulnerabilities based on hasKev. Accepts a comma-separated list of boolean value.

Example:

"true,false"

hasExploits

boolean

Filter vulnerabilities based on hasExploit. Accepts a comma-separated list of boolean value.

Example:

"true,false"

severityLevels

enum<string>

Filter vulnerabilities based on severity. Accepts a comma-separated list of severity.

Available options:

CRITICAL,

HIGH,

MEDIUM,

LOW

Example:

"CRITICAL,HIGH"

sortBy

enum<string>

Sort results by the specified field.

Available options:

id,

vulnerabilityId,

severityLevel,

severitySource,

hasKev,

hasExploit,

file,

createdAt,

updatedAt

Example:

"createdAt"

sortOrder

enum<string>

Sort order for the results.

Available options:

asc,

desc

Example:

"asc"

page

integer

Page number for the results. Accepts a positive integer.

Example:

1

perPage

integer

Number of results per page. Accepts a positive integer.

Example:

10

Response

Successful response with the list of vulnerabilities

data

object[]

Show child attributes

Overview

API documentation

Authorizations

Headers

Path Parameters

Query Parameters

Response