# Reports API - Synchronous # Overview This resource represents *reports*. This topic showcases the API requests and responses for getting the following types of reports: * Inventory report for an organization, product or project * Source File Inventory report for an organization, product or project * Due Diligence report for an organization, product or project * Attribution report for a product or project * Product Comparison report * Project Comparison report * Project level SBOM (Software Bill of Materials) using SPDX * Custom Attribute Values report for an organization, product or project * Library Location report for an organization or product * License Compatibility report for a product or project * Effective Licenses report for an organization or product * In-House report for an organization, product or project * Risk report in PDF format for an organization, product or project * Vulnerabilities report for an organization, product or project * Container Vulnerabilities report for an organization or cluster * Effective Usage Analysis report * Alerts report for an organization, product or project * Ignored Alerts report for an organization, product or project * Resolved Alerts report for an organization, product or project * Change Log History report * Request History report for an organization, product or project * Plugin Request History report * Members report for an organization, product or project **Note**: The following APIs are not supported if **Vulnerability-based Alerting** (see [Security Alerts: View By Vulnerability](https://docs.mend.io/legacy-sca/latest/security-alerts-view-by-vulnerability)) is installed; they will be deprecated in January 2022: * getOrganizationAlertsReport, getProductAlertsReport, getProjectAlertsReport * getOrganizationIgnoredAlertsReport, getProductIgnoredAlertsReport, getProjectIgnoredAlertsReport * getOrganizationResolvedAlertsReport, getProductResolvedAlertsReport, getProjectResolvedAlertsReport # Get Inventory Report The Inventory report provides a BOM (Bill Of Materials) of all open source libraries in the account. It can present libraries by organization as well as by product (application). This API request enables you to export organization, product or project-level inventory reports in Excel (xlsx), XML (xml) or JSON (json) format. The default format is Excel (xlsx). ## **Get Inventory Report - Organization** Get Inventory report for an organization. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns an Inventory report for an organization. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **orgToken** | API key which is a unique identifier of the organization. | string | Yes | | **format** | Requested format of the report. Options are: **xlsx** (default), **xml**, or **json**. | string | Yes | | **extraLibraryFields** | Date that the library was last released. | string | Yes | | **search** | Library name by which to filter the report. Note that REGEX is used for added search options; library:REGEX:LIBRARYNAME | string | No | #### **Request Example** ``` { "requestType" : "getOrganizationInventoryReport", "userKey": "user_key", "orgToken" : "organization_api_key", "format" : "xml", "extraLibraryFields": ["releaseDate"], "search": "library:REGEX:freemarker" } ``` **Response in XML Format** ``` json-schema-0.2.3.tgz json-schema json-schema-0.2.3.tgz 0.2.3 javascript/Node.js b480c892e59a2f05954ce727bd3f2a4e882f9e13 JSON Schema validation and specifications Academic 2.1 BSD 3 Filename Match tenantmetaserv (transitiveDependency) ....... ``` **Response in JSON Format** ``` { "libraries": [ { "keyUuid": "36466e69-bda1-43d3-9962-6f3a341720b9", "type": "javascript/Node.js", "productName": "Platform_Develop", "projectName": "tenantmetaserv", "description": "JSON Schema validation and specifications", "directDependency": false, "matchType": "Filename Match", "sha1": "b480c892e59a2f05954ce727bd3f2a4e882f9e13", "name": "json-schema-0.2.3.tgz", "artifactId": "json-schema-0.2.3.tgz", "version": "0.2.3", "groupId": "json-schema", "licenses": [ { "name": "Academic 2.1", "references": [] }, { "name": "BSD 3", "references": [] } ] } ] } ``` ## **Get Inventory Report - Product** Get Inventory report for a product. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns an Inventory report for a specific product. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **productToken** | Unique identifier of the product. | string | Yes | | **format** | Requested format of the report. Options are: **xlsx** (default), **xml**, or **json**. | string | Yes | | **extraLibraryFields** | Date that the library was last released. | string | Yes | | **search** | Library name by which to filter the report. Note that REGEX is used for added search options; library:REGEX:LIBRARYNAME | string | No | #### **Request Example** ``` { "requestType" : "getProductInventoryReport", "userKey": "user_key", "productToken" : "product_token", "format" : "json", "extraLibraryFields": ["releaseDate"], "search": "library:REGEX:freemarker" } ``` **Response Example (JSON)** ``` { "libraries": [ { "keyUuid": "a36b133a-3323-498a-9752-cea250ac27e1", "type": "Source Library", "productName": "git", "projectName": "my-proj", "description": "The core git plumbing", "directDependency": true, "matchType": "Best Match", "sha1": "d0654dc308b0ba76dd8ed7bbb33c8d8f7aacd783", "name": "git-v2.25.0", "artifactId": "git", "version": "v2.25.0", "groupId": "Junio C. Hamano", "licenses": [ { "name": "GPL 3.0", "references": [] }, { "name": "LGPL 2.1", "references": [] }, { "name": "GPL 2.0", "references": [] } ] }, ..... ``` ## **Get Inventory Report - Project** Get Inventory report for a project. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns an Inventory report for a specific project. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **projectToken** | Unique identifier of the project. | string | Yes | | **format** | Requested format of the report. Options are: **xlsx** (default), **xml**, or **json**. | string | Yes | | **extraLibraryFields** | Date that the library was last released. | string | Yes | | **search** | Library name by which to filter the report. Note that REGEX is used for added search options; library:REGEX:LIBRARYNAME | string | No | #### **Request Example** ``` { "requestType" : "getProjectInventoryReport", "userKey": "user_key", "projectToken" : "project_token", "format" : "json", "extraLibraryFields": ["releaseDate"], "search": "library:REGEX:freemarker" } ``` **Response Example (JSON)** ``` { "libraries": [ { "keyUuid": "a70b1eea-b140-4d96-8eda-670efe697f7b", "type": "Java", "productName": "My Product", "projectName": "WST_468", "description": "Groovy: A powerful, dynamic language for the JVM", "directDependency": true, "matchType": "Exact Match", "sha1": "5396699e9d96c5c75d75ae95aa49acd5af048aac", "name": "groovy-all-1.8.9.jar", "artifactId": "groovy-all", "version": "1.8.9", "groupId": "org.codehaus.groovy", "licenses": [ { "name": "Apache 2.0", "references": [] } ] }, { "keyUuid": "8929e5db-a6cd-4c89-8e75-d1998cc5305f", "type": "Java", "productName": "My Product", "projectName": "WST_468", "description": "Guava is a suite of core and expanded libraries that include\n utility classes, google's collections, io classes, and much\n much more.\n\n Guava has only one code dependency - javax.annotation,\n per the JSR-305 spec.", "directDependency": true, "matchType": "Exact Match", "sha1": "cce0823396aa693798f8882e64213b1772032b09", "name": "guava-18.0.jar", "artifactId": "guava", "version": "18.0", "groupId": "com.google.guava", "licenses": [ { "name": "Apache 2.0", "references": [] } ] }, ...... ``` # Get Source File Inventory Report The Source File Inventory report enables you to view source files that are matched to a library in your inventory. This API request enables you to get organization, product or project-level source file inventory reports in Excel (xlsx) or JSON (json) format. ## **Get Source File Inventory Report - Organization** Get Source File Inventory report for an organization. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a Source File Inventory report for an organization. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **orgToken** | API key which is a unique identifier of the organization. | string | Yes | | **format** | Requested format of the report. Options are: **xlsx** (default) or **json**. | string | Yes | #### **Request Example** ``` { "requestType" : "getOrganizationSourceFileInventoryReport", "userKey": "user_key", "orgToken" : "organization_api_key", "format" : "json" } ``` #### **Response in JSON Format** ``` { "sourceFiles": [ { "library": { "artifactId": "git", "version": "v2.25.0", "licenses": [ { "name": "GPL 3.0", "references": [] }, { "name": "GPL 2.0", "references": [] }, { "name": "LGPL 2.1", "references": [] } ] }, "filename": "abspath.c", "sha1": "d6215949ebe7cc6ddfcb103e9657057bcb8fbaa1", "path": "C:\\Users\\TaliaSela\\Projects\\git\\abspath.c", "productName": "git", "projectName": "my-proj", "lastUpdatedDate": "2020-02-03 20:45:38", "matchType": "AUTOMATIC" } ] } ``` #### **Response in Excel Format** The response will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=.xlsx ## **Get Source File Inventory Report - Product** Get Source File Inventory report for a product. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a Source File Inventory report for a product. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **productToken** | Unique identifier of the product. | string | Yes | | **format** | Requested format of the report. Options are: **xlsx** (default) or **json**. | string | Yes | #### **Request Example** ``` { "requestType" : "getProductSourceFileInventoryReport", "userKey": "user_key", "productToken" : "product_token", "format" : "json" } ``` #### **Response in JSON Format** ``` { "sourceFiles": [ { "library": { "artifactId": "portofino", "version": "portofino-4.2.8-javadoc", "licenses": [ { "name": "LGPL 3.0", "references": [] } ] }, "filename": "script.js", "sha1": "a6717beac050d49869c234af4e409404b5593260", "path": "/RxJava/build/docs/javadoc/io/reactivex/rxjava3/functions/../../../../script.js", "productName": "GH_1_RxJava", "projectName": "GH_RxJava", "lastUpdatedDate": "2016-09-11 21:52:01", "matchType": "AUTOMATIC" } ] } ``` #### **Response in Excel Format** The response will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=.xlsx ## **Get Source File Inventory Report - Project** Get Source File Inventory report for a project. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a Source File Inventory report for a project. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **projectToken** | Unique identifier of the project. | string | Yes | | **format** | Requested format of the report. Options are: **xlsx** (default) or **json**. | string | Yes | #### **Request Example** ``` { "requestType" : "getProjectSourceFileInventoryReport", "userKey": "user_key", "projectToken" : "project_token", "format" : "json" } ``` #### **Response Example (JSON)** ``` { "sourceFiles": [ { "library": { "artifactId": "cloudify-cli", "version": "20.01.05", "licenses": [ { "name": "Apache 2.0", "references": [] } ] }, "filename": "agents.py", "sha1": "c463e1aeeb420afa0dfd4d25b9794a3b2bc0810a", "path": "C:\\Users\\TaliaSela\\Projects\\cloudify-cli\\cloudify_cli\\commands\\agents.py", "productName": "Cfy", "projectName": "cloudify_cli", "lastUpdatedDate": "2020-02-17 17:59:19", "matchType": "AUTOMATIC" }, { "library": { "artifactId": "cloudify-cli", "version": "20.01.05", "licenses": [ { "name": "Apache 2.0", "references": [] } ] }, "filename": "blueprints.py", "sha1": "cd0def3e5802cce428f54d141a8be9aec99ffc73", "path": "C:\\Users\\TaliaSela\\Projects\\cloudify-cli\\cloudify_cli\\commands\\blueprints.py", "productName": "Cfy", "projectName": "cloudify_cli", "lastUpdatedDate": "2020-02-17 17:59:19", "matchType": "AUTOMATIC" }, ...... ``` #### **Response Format (xlsx)** The response will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=.xlsx # Get Due Diligence Report This report provides due diligence related information for each open-source library in order to comply with the relevant legal requirements. For details, see the [Due Diligence Report](https://docs.mend.io/legacy-sca/latest/the-due-diligence-report). The API request enables you to get organization, product, or project-level Due Diligence reports in Excel (xlsx), XML (xml), or JSON (json) format. ## **Get Due Diligence Report - Organization** Get Due Diligence report for an organization. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a Due Diligence report for an organization. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **orgToken** | API key which is a unique identifier of the organization. | string | Yes | | **format** | Requested format of the report. Options are: **xlsx** (default) or **json**. | string | Yes | #### **Request Example** ``` { "requestType" : "getOrganizationDueDiligenceReport", "userKey": "user_key", "orgToken" : "organization_api_key", "format" : "xlsx" } ``` #### **Response in Excel Format** The response to the above example in **xlsx** format will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=.xlsx #### **Response in JSON Format** ``` { "licenses": [ { "type": "Open Source", "riskScore": 39, "library": "commons-beanutils-1.8.0.jar", "reference": "https://repo.maven.apache.org/maven2/commons-beanutils/commons-beanutils/1.8.0/commons-beanutils-1.8.0.pom", "copyright": "2000-2008 Copyright 2000-2008 The Apache Software Foundation", "homepage": "http://www.apache.org/", "author": "The Apache Software Foundation", "projectName": "Demo Data", "productName": "Demo Product", "reference_type": "POM file", "name": "Apache 2.0" }, { "type": "Open Source", "riskScore": 39, "library": "commons-logging-1.1.1.jar", "reference": "https://repo.maven.apache.org/maven2/commons-logging/commons-logging/1.1.1/commons-logging-1.1.1.pom", "copyright": "2001-2007 Copyright 2001-2007 The Apache Software Foundation", "homepage": "http://www.apache.org/", "author": "The Apache Software Foundation", "projectName": "Demo Data", "productName": "Demo Product", "reference_type": "POM file", "name": "Apache 2.0" } ] } ``` ## **Get Due Diligence Report - Product** Get Due Diligence report for a product. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a Due Diligence report for a specific product. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **productToken** | Unique identifier of the product. | string | Yes | | **format** | Requested format of the report. Options are: **xlsx** (default), **xml**, or **json**. | string | Yes | #### **Request Example** ``` { "requestType" : "getProductDueDiligenceReport", "userKey": "user_key", "productToken" : "product_token", "format" : "json" } ``` #### **Response in JSON Format** ``` { "licenses": [ { "type": "Open Source", "riskScore": 39, "library": "commons-beanutils-1.8.0.jar", "reference": "https://repo.maven.apache.org/maven2/commons-beanutils/commons-beanutils/1.8.0/commons-beanutils-1.8.0.pom", "copyright": "2000-2008 Copyright 2000-2008 The Apache Software Foundation", "homepage": "http://www.apache.org/", "author": "The Apache Software Foundation", "projectName": "Demo Data", "productName": "Demo Product", "reference_type": "POM file", "name": "Apache 2.0" }, { "type": "Open Source", "riskScore": 39, "library": "commons-logging-1.1.1.jar", "reference": "https://repo.maven.apache.org/maven2/commons-logging/commons-logging/1.1.1/commons-logging-1.1.1.pom", "copyright": "2001-2007 Copyright 2001-2007 The Apache Software Foundation", "homepage": "http://www.apache.org/", "author": "The Apache Software Foundation", "projectName": "Demo Data", "productName": "Demo Product", "reference_type": "POM file", "name": "Apache 2.0" } ] } ``` #### **Response in Excel Format** The response to the above example in **xlsx** format will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=.xlsx ## **Get Due Diligence Report - Project** Get Due Diligence report for a product. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a Due Diligence report for a specific project. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **projectToken** | Unique identifier of the project. | string | Yes | | **format** | Requested format of the report. Options are: **xlsx** (default), **xml**, or **json**. | string | Yes | #### **Request Example** ``` { "requestType" : "getProjectDueDiligenceReport", "userKey": "user_key", "projectToken" : "project_token", "format" : "json" } ``` #### **Response in JSON Format** ``` { "licenses": [ { "type": "Closed Source", "library": "wss-unified-agent.jar", "reference": "http://whitesourcesoftware.com/", "copyright": "Unspecified Copyright", "projectName": "temp", "productName": "Demo Product", "reference_type": "Project home page", "name": "Suspected Proprietary" } ] } ``` **Response in Excel Format** The response to the above request in **xlsx** format will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=.xlsx # Get Attribution Report The **Attribution Report** details compliance information on open source software components managed in Mend products and projects. This API request allows users to get the exported version of the Attribution report, at the product or project-level scope, in HTML or text format. ## **Get Attribution Report - Product** Get Attribution Report for a product. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns an Attribution report with for a specific product. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **productToken** | Unique identifier of the product. | string | Yes | | **reportHeader** | Report header - default value is **Attribution Report**. | string | No | | **reportTitle** | Text that you want to appear in the report title. | string | No | | **reportFooter** | Text that you want to appear in the footer of the report. | string | No | | **reportingScope** | Scope of the information to be included in the report. By default, the following:* Summary * Licenses * Copyrights * Notices * Primary attributes | string | No | | **reportingAggregationMode** | How to group the information in the report - according to the library (i.e. BY_COMPONENT) or by project (BY_PROJECT). | string | Yes | | **missingLicenseDisplayOption** | What to write if the license is missing. Options are: “BLANK” (default) or “GENERIC_LICENSE”. | string | No | | **exportFormat** | Format of exported report: TXT, HTML, or JSON. Case insensitive. | string | No | | **licenseReferenceTextPlacement** | LICENSE_SECTION (default) or APPENDIX_SECTION. | string | No | | **customAttribute** | Name of custom attribute for the product. | string | No | | **includeVersions** | “true” (default) or “false”. If set to “false”, the report will not include the “version” field. | boolean | No | #### **Request Example** ``` { "requestType": "getProductAttributionReport", "productToken" : "product_token", "userKey": "user_key", "reportHeader": "header_text", // Default "Attribution Report" "reportTitle": "title_text", // Default "" "reportFooter": "footer_text", // Default "" "reportingScope": ( SUMMARY | LICENSES | COPYRIGHTS | NOTICES | PRIMARY_ATTRIBUTES), // Default all options (SUMMARY, LICENSES, COPYRIGHTS, NOTICES, PRIMARY_ATTRIBUTES) "reportingAggregationMode": ( BY_COMPONENT | BY_PROJECT ), // Mandatory "missingLicenseDisplayOption": ( BLANK | GENERIC_LICENSE ), // Default "BLANK" "exportFormat": ( TXT | HTML | JSON ), // Case insensitive "licenseReferenceTextPlacement": ( LICENSE_SECTION | APPENDIX_SECTION ), // Default "LICENSE_SECTION" "customAttribute": "custom_attribute_name", "includeVersions": "false" // Optional parameter, default value is "true". If set to "false", the attribution report will not include the field "version". } ``` **Response Format** The response is in text or HTML formats. ## **Get Attribution Report - Project** Get Attribution Report for a project. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns an Attribution report with for a specific project. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **projectToken** | Unique identifier of the project. | string | Yes | | **reportHeader** | Report header - default value is **Attribution Report**. | string | No | | **reportTitle** | Text that you want to appear in the report title. | string | No | | **reportFooter** | Text that you want to appear in the footer of the report. | string | No | | **reportingScope** | Scope of the information to be included in the report. By default, the following:* Summary * Licenses * Copyrights * Notices * Primary attributes | string | No | | **reportingAggregationMode** | How to group the information in the report - according to the library (i.e. BY_COMPONENT) or by project (BY_PROJECT). | string | Yes | | **missingLicenseDisplayOption** | What to write if the license is missing. Options are: “BLANK” (default) or “GENERIC_LICENSE”. | string | No | | **exportFormat** | Format of exported report: TXT, HTML, or JSON. Case insensitive. | string | No | | **licenseReferenceTextPlacement** | LICENSE_SECTION (default) or APPENDIX_SECTION. | string | No | | **customAttribute** | Name of custom attribute for the project. | string | No | | **includeVersions** | “true” (default) or “false”. If set to “false”, the report will not include the “version” field. | boolean | No | #### **Request Example** ``` { "requestType": "getProjectAttributionReport", "projectToken" : "project_token", "userKey": "user_key", "reportHeader": "header_text", // Default "Attribution Report" "reportTitle": "title_text", // Default "" "reportFooter": "footer_text", // Default "" "reportingScope": ( SUMMARY | LICENSES | COPYRIGHTS | NOTICES | PRIMARY_ATTRIBUTES ), // Default all options (SUMMARY, LICENSES, COPYRIGHTS, NOTICES, PRIMARY_ATTRIBUTES) "reportingAggregationMode": ( BY_COMPONENT | BY_PROJECT ), // Mandatory "missingLicenseDisplayOption": ( BLANK | GENERIC_LICENSE ), // Default "BLANK" "exportFormat": ( TXT | HTML | JSON ), // Case insensitive "licenseReferenceTextPlacement": ( LICENSE_SECTION | APPENDIX_SECTION ), // Default "LICENSE_SECTION" "customAttribute": "custom_attribute_name", "includeVersions": "true" // Optional parameter, default value is "true". If set to "false", the attribution report will not include the field "version". } ``` **Response Format** The response is in text or HTML format. # Get Product Comparison Report The Product Comparison report enables you to compare library and license information (such as, number of license occurrences) between two products. This API request enables you to get a product comparison report in Excel format. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a product comparison report between two products. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **productToken** | Unique identifier of the first product. | string | Yes | | **productToken2** | Unique identifier of the second product. | string | Yes | #### **Request Example** ``` { "requestType" : "getProductComparisonReport", "userKey": "user_key", "productToken" : "product_token", "productToken2" : "product_token2" } ``` **Response Format** The response will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=--product-comparison.xlsx # Get Project Comparison Report The Project Comparison report enables you to compare library and license information (such as, number of license occurrences) between two projects (in the same product or different products). This API request enables you to get a project comparison report in Excel format. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a project comparison report between two projects. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **projectToken** | Unique identifier of the first project. | string | Yes | | **projectToken2** | Unique identifier of the second project. | string | Yes | #### **Request Example** ``` { "requestType" : "getProjectComparisonReport", "userKey": "user_key", "projectToken" : "project_token", "projectToken2" : "project_token2" } ``` **Response Format** The response will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=--project-comparison.xlsx # Get SBOM Report with SPDX > **Note**: While the `getProjectSpdxReport` API call is still supported, we recommend using our [Asynchronous API SBOM reporting](https://api-docs.mend.io/1.4/reports-api-asynchronous#sbom-reporting) that offers several updated enhancements, including project and product-level results as well as additional formats. SBOM is a Software Bill of Materials that provides a list of all the open source present in a codebase. This API request enables you to get an SBOM report using the SPDX (Software Package Data Exchange) open standard for communicating SBOM information. This request is available at the project level only. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns an SPDX SBOM report for a specific project. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in Mend. | string | Yes | | **projectToken** | Unique identifier of the project. | string | Yes | | **sendEmailNotification** | When “true”, this optional parameter enables an email notification to be sent to the user upon successful export of the report.By default, the value is “false”, meaning that an email notification will not be sent. | boolean | No | | **format** | Requested format of the report. | string | Yes | #### **Request Example** ``` { "requestType": "getProjectSpdxReport", "userKey": "user_key", "projectToken": "project_token", "sendEmailNotification": true, //if not mentioned- default "false", "format":"JSON" } ``` #### **Response Example** ``` { "SPDXID": "SPDXRef-DOCUMENT", "spdxVersion": "SPDX-2.2", "creationInfo": { "created": "2022-07-06T13:17:06Z", "creators": [ "Tool: Mend Spdx Report Generator" ] }, "name": "SPDX report for GH_ilan-stuff-0 project", "dataLicense": "CC0-1.0", "documentNamespace": "https://CreatorWebsite/spdx/doc/GH_ilan-stuff-0", "documentDescribes": [ "SPDXRef-0-socket.io", "SPDXRef-20-jquery", "SPDXRef-21-ccoenraets", "SPDXRef-22-express", "SPDXRef-72-mongodb", "SPDXRef-91-backbone.js", "SPDXRef-92-underscore.js" ], "packages": [ { "SPDXID": "SPDXRef-25-safer-buffer", "checksums": [ { "algorithm": "SHA1", "checksumValue": "44fa161b0187b9549dd84bb91802f9bd8385cd6a" } ``` # Get Custom Attribute Values Report Custom attributes provide the option for adding customized metadata on a library and then filtering according to custom attribute values in the Attributes Report. This API request returns a list of all custom attributes along with their set values for each library. This request is available at the organization, product, or project-level. ## **Get Custom Attribute Values Report - Organization** Get all custom attributes with their values for an organization. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns custom attributes with their values for a specific organization. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **orgToken** | API key which is a unique identifier of the organization. | string | Yes | #### **Request Example** ``` { "requestType":"getOrganizationCustomAttributeValues", "userKey": "user_key", "orgToken": "organization_api_key" } ``` **Response Example** The response is a JSON collection of all the custom attributes in the organization with their values per library. For example: ``` { "libraries": [ { "keyUuid": "5c71b215-300f-49f4-99ab-98dad0a7727f", "customAttributeValues": [ { "attributeKey": "att4", "attributeValue": "aaaaa", "context": "Organizational", "contextId": 546628, "contextName": "Talia Playground", "contextToken": "context_token" }, { "attributeKey": "description", "attributeValue": "This is an org level attribute value", "context": "Organizational", "contextId": 546628, "contextName": "Talia Playground", "contextToken": "context_token" }, { "attributeKey": "att2", "attributeValue": "att2att2", "context": "Organizational", "contextId": 546628, "contextName": "Talia Playground", "contextToken": "context_token" } ] } ] } ``` ## **Get Custom Attribute Values Report - Product** Get all custom attributes with their values for a product. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns custom attributes with their values for a specific product. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **productToken** | Unique identifier of the product. | string | Yes | #### **Request Example** ``` { "requestType":"getProductCustomAttributeValues", "productToken": "product_key", "userKey": "user_Key" } ``` **Response Example** The response is a JSON collection of all the custom attributes with their values for the specific product. For example: ``` { "libraries": [ { "keyUuid": "541df6e9-a095-4ca1-9252-13696ae290dc", "customAttributeValues": [ { "attributeKey": "att9", "attributeValue": "sdfsd", "context": "Organizational", "contextId": 546628, "contextName": "Talia Playground", "contextToken": "context_token" }, { "attributeKey": "descrpition", "attributeValue": "This is an org level attribute value", "context": "Organizational", "contextId": 546628, "contextName": "Talia Playground", "contextToken": "context_token" }, { "attributeKey": "att2", "attributeValue": "att2att2", "context": "Organizational", "contextId": 546628, "contextName": "Talia Playground", "contextToken": "context_token" } ] } ] } ``` ## **Get Custom Attribute Values Report - Project** Get all custom attributes with their values for a project. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns custom attributes with their values for a specific project. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **projectToken** | Unique identifier of the project. | string | Yes | #### **Request Example** ``` { "requestType":"getProjectCustomAttributeValues", "userKey": "user_key", "projectToken": "project_token" } ``` **Response Example** The response is a JSON collection of all the custom attributes with their values for the specific project. For example: ``` { "libraries": [ { "keyUuid": "541df6e9-a095-4ca1-9252-13696ae290dc", "customAttributeValues": [ { "organizationAttr0": "valueX", "context": "Organizational", "contextId": 2133534, "contextToken": "context_token", "contextName": "ACME Corporation" }, { "productAttr1": "valueA", "context": "Product", "contextId": 989795, "contextToken": "context_token", "contextName": "Product A" }, { "projectAtt2": "value", "context": "Project", "contextId": 985743395, "contextToken": "context_token", "contextName": "Project A" } ] } ] ``` # Get Library Location Report The Library Location report enables you to view libraries according to the location of the filename match. For details, see [Matching Libraries by Filename](https://docs.mend.io/legacy-sca/latest/matching-libraries-by-filename). **NOTE**: Matching libraries by filename must first be enabled via the [Admin Integration Page](https://saas.whitesourcesoftware.com/Wss/WSS.html#!adminOrganization_integration). This API request enables you to get organization or product-level library location reports in Excel format. ## **Get Library Location Report - Organization** Get a report of all library locations for an organization in Excel format. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns all library locations for a specific organization. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **orgToken** | API key which is a unique identifier of the organization. | string | Yes | #### **Request Example** ``` { "requestType" : "getOrganizationLibraryLocationReport", "userKey": "user_key", "orgToken" : "organization_api_key" } ``` #### **Response Format** The response will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=.xlsx ## **Get Library Location Report - Product** Get a report of all library locations for a specific product in Excel format. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns library locations for a specific product. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **productToken** | Unique identifier of the product. | string | Yes | #### **Request Example** ``` { "requestType" : "getProductLibraryLocationReport", "userKey": "user_key", "productToken" : "product_token" } ``` #### **Response Format** The response will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=.xlsx # Get License Compatibility Report License compatibility is a legal framework that allows for libraries with different software licenses to be distributed together in the same product or project. The License Compatibility Report provides information on the incompatibility of library licenses in a project or product. ## **Get License Compatibility Report - Product** Get the compatibility of libraries with different software licenses distributed together in the same product, in Excel format. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a compatibility report of library licenses in a product. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **productToken** | Unique identifier of the product. | string | Yes | #### **Request Example** ``` { "requestType" : "getProductLicenseCompatibilityReport", "productToken" : "product_token", "userKey": "user_key" } ``` **Response Format** The response will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename*=UTF-8''-license-compatibility-report.xlsx ## **Get License Compatibility Report - Project** Get the compatibility of libraries with different software licenses distributed together in the same project, in Excel format. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a compatibility report of library licenses in a project. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **projectToken** | Unique identifier of the project. | string | Yes | #### **Request Example** ``` { "requestType" : "getProjectLicenseCompatibilityReport", "projectToken" : "project_token", "userKey": "user_key" } ``` **Response Format** The response will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename*=UTF-8''-license-compatibility-report.xlsx # Get Effective Licenses Report The Effective Licenses report tracks the assignments of licenses to libraries in the inventory. Once a license is selected by a user, it will be considered that library's "effective" license from then on. This report shows information about actual library licensing and its original licenses. This API request enables you to get organization or product-level Effective Licenses reports in Excel format. ## **Get Effective Licenses Report - Organization** Get a report of all Effective Licenses for an organization in Excel format. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns all Effective Licenses for a specific organization. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **orgToken** | API key which is a unique identifier of the organization. | string | Yes | #### **Request Example** ``` { "requestType" : "getOrganizationEffectiveLicensesReport", "userKey": "user_key", "orgToken" : "organization_api_key" } ``` **Response Format (Excel)** The response will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=.xlsx ## **Get Effective Licenses Report - Product** Get a report of all Effective Licenses for a product in Excel format. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns all Effective Licenses for a specific product. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **productToken** | Unique identifier of the product. | string | Yes | #### **Request Example** ``` { "requestType" : "getProductEffectiveLicensesReport", "userKey": "user_key", "productToken" : "product_token" } ``` **Response Format** The response will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=.xlsx # Get In-House Report The In-House report provides information on all the In-House libraries in the selected scope. This API request enables you to get organization, product, and project level in-house report(s) in Excel format. ## **Get In-House Report - Organization** Get a report about all In-House libraries in an organization. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a report about all In-House libraries for a specific organization. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **orgToken** | API key which is a unique identifier of the organization. | string | Yes | #### **Request Example** ``` { "requestType" : "getOrganizationInHouseReport", "orgToken" : "organization_api_key", "userKey": "user_key" } ``` **Response Format** The response will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=-in-house-report.xlsx ## **Get In-House Report - Product** Get a report about all In-House libraries in a product. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a report about all In-House libraries in a specific product. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **productToken** | Unique identifier of the product. | string | Yes | #### **Request Example** ``` { "requestType" : "getProductInHouseReport", "productToken" : "product_token", "userKey": "user_key" } ``` **Response Format** The response will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=-in-house-report.xlsx ## **Get In-House Report - Project** Get a report about all In-House libraries in a project. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a report about all In-House libraries in a specific project. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **projectToken** | Unique identifier of the project. | string | Yes | #### **Request Example** ``` { "requestType" : "getProjectInHouseReport", "projectToken" : "project_token", "userKey": "user_key" } ``` **Response Format** The response will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=-in-house-report.xlsx # Get Risk Report The Risk report provides a view of all aspects of the account's open-source libraries; security, quality and compliance. It can display libraries by organization, as well as by product (application). For details, see the [Risk Report](https://docs.mend.io/legacy-sca/latest/the-risk-report). This API request enables you to export organization, product, or project-level risk reports in PDF format. ## **Get Risk Report - Organization** Get Risk report for an organization. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a report about risk in an organization. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **orgToken** | API key which is a unique identifier of the organization. | string | Yes | #### **Request Example** ``` { "requestType" : "getOrganizationRiskReport", "userKey": "user_key", "orgToken" : "organization_api_key" } ``` **Response Format** The response will have the following headers: * Content-Type = application/pdf * Content-Disposition: attachment; filename=.pdf ## **Get Risk Report - Product** Get Risk report for a product. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a risk report for a specific product. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **productToken** | Unique identifier of the product. | string | Yes | #### **Request Example** ``` { "requestType" : "getProductRiskReport", "userKey": "user_key", "productToken" : "product_token" } ``` #### **Response Format** The response will have the following headers: * Content-Type = application/pdf * Content-Disposition: attachment; filename=.pdf ## **Get Risk Report - Project** Get Risk report for a project. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a risk report for a specific project. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **projectToken** | Unique identifier of the project. | string | Yes | #### **Request Example** ``` { "requestType" : "getProjectRiskReport", "userKey": "user_key", "projectToken" : "project_token" } ``` **Response Format** The response will have the following headers: * Content-Type = application/pdf * Content-Disposition: attachment; filename=.pdf # Get Vulnerabilities Report The Vulnerabilities Report contains all relevant information about your vulnerabilities, such as, severity, number of occurrences, library which was found vulnerable, and so on. This API request enables you to get organization, product or project-level reports in Excel or JSON format. ## **Get Vulnerabilities Report - Organization** Get Vulnerabilities report for an organization. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a Vulnerabilities report for an organization. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **orgToken** | API key which is a unique identifier of the organization. | string | Yes | | **format** | Requested format of the report. Options are: **xlsx** (default) or **json**. | string | Yes | #### **Request Example** ``` { "requestType" : "getOrganizationVulnerabilityReport", "userKey": "user_key", "orgToken" : "organization_api_key", "format" : "json" } ``` **Response Example (JSON)** ``` { "vulnerabilities": [ { "name": "CVE-2020-13949", "type": "CVE", "severity": "high", "score": "5.0", "cvss3_severity": "HIGH", "cvss3_score": "7.5", "publishDate": "2021-02-12", "lastUpdatedDate": "2021-10-04", "scoreMetadataVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "url": "https://vuln.whitesourcesoftware.com/vulnerability/CVE-2020-13949", "description": "In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.", "project": "ilanscana4c", "product": "My Product", "cvss3Attributes": { "attackVector": "NETWORK", "attackComplexity": "LOW", "userInteraction": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH" }, "library": { "keyUuid": "d573f5fe-808c-49f7-8abb-41062203e3bb", "filename": "github.com/apache/thrift-v0.13.0", "type": "GO_PACKAGE", "description": "Apache Thrift", "sha1": "688b9a63daf3b038646ecedac2306c89262eccf0", "name": "github.com/apache/thrift", "artifactId": "github.com/apache/thrift", "version": "v0.13.0", "groupId": "github.com/apache/thrift", "architecture": "", "languageVersion": "" }, "topFix": { "vulnerability": "CVE-2020-13949", "type": "UPGRADE_VERSION", "origin": "mend_EXPERT", "url": "https://lists.apache.org/thread.html/r43dc2b2e928e9d845b07ac075634cb759d91bb852421dc282f87a74a%40%3Cdev.thrift.apache.org%3E", "fixResolution": "Upgrade to version v0.14.0", "date": "2021-02-12 20:15:00", "message": "Upgrade to version", "extraData":"{\"packageLevelFix\":[{\"cveIdentifier\":\"CVE-2020-13949\",\"packageName\":\"thrift\",\"packageType\":\"ARCHLINUX\",\"affectedVersions\":\"(0.13.0-1)\",\"affectedRange\":\"\>=0.13.0-1 \<0.14.0-1\",\"minFixVersion\":\"0.14.0-1\"}]}" }, ...... ``` ## **Get Vulnerabilities Report - Product** Get Vulnerabilities report for a product. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a Vulnerabilities report for a specific product. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **productToken** | Unique identifier of the product. | string | Yes | | **format** | Requested format of the report. Options are: **xlsx** (default) or **json**. | string | Yes | #### **Request Example** ``` { "requestType" : "getProductVulnerabilityReport", "userKey": "user_key", "productToken" : "product_token", "format" : "json" } ``` #### **Response Example** ``` { "vulnerabilities": [ { "name": "CVE-2021-3918", "type": "CVE", "severity": "high", "score": "7.5", "cvss3_severity": "HIGH", "cvss3_score": "9.8", "publishDate": "2021-11-13", "lastUpdatedDate": "2021-11-16", "scoreMetadataVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "url": "https://vuln.whitesourcesoftware.com/vulnerability/CVE-2021-3918", "description": "json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", "project": "tenantmetaserv", "product": "Platform_Develop", "cvss3Attributes": { "attackVector": "NETWORK", "attackComplexity": "LOW", "userInteraction": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "library": { "keyUuid": "36466e69-bda1-43d3-9962-6f3a341720b9", "filename": "json-schema-0.2.3.tgz", "type": "NODE_PACKAGED_MODULE", "description": "JSON Schema validation and specifications", "sha1": "b480c892e59a2f05954ce727bd3f2a4e882f9e13", "name": "json-schema", "artifactId": "json-schema-0.2.3.tgz", "version": "0.2.3", "groupId": "json-schema", "architecture": "", "languageVersion": "" }, "topFix": { "vulnerability": "CVE-2021-3918", "type": "UPGRADE_VERSION", "origin": "mend_EXPERT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3918", "fixResolution": "Upgrade to version json-schema - 0.4.0", "date": "2021-11-13 09:15:00", "message": "Upgrade to version", "extraData":"{\"packageLevelFix\":[{\"cveIdentifier\":\"CVE-2021-3918\",\"packageName\":\"json-schema\",\"packageType\":\"NPM\",\"affectedVersions\":\"(0.2.0, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.3.0)\",\"affectedRange\":\"\>=0.2.0 \<0.4.0\",\"minFixVersion\":\"0.4.0\"}]}" }, "locations": [ { "matchType": "Filename Match", "path": "/var/lib/jenkins-slave/workspace/erf-test-from-separate-file-YECM26EQSNY6A7QYPYEUHXPUJZIMNDBB5D6TE6JUFO437GWBAEEQ/tenantmetaserv/node_modules/json-schema/package.json" } ] }, ...... ``` ## **Get Vulnerabilities Report - Project** Get Vulnerabilities report for a project. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a Vulnerabilities report for a specific project. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **projectToken** | Unique identifier of the project. | string | Yes | | **format** | Requested format of the report. Options are: **xlsx** (default) or **json**. | string | Yes | | **excludeExtraData** | Control the inclusion of the `extraData` field in the API response. The available values are:* `true` - The `extraData` field and its content are *excluded* from the API response. * `false` - (**Default**) The `extraData` field and its content are *included* in the API response. | boolean | No | #### **Request Example** ``` { "requestType" : "getProjectVulnerabilityReport", "userKey": "user_key", "projectToken" : "project_token", "format" : "json", "excludeExtraData": false } ``` #### **Response Example** ``` { "vulnerabilities": [ { "name": "CVE-2016-3092", "type": "CVE", "severity": "high", "score": "7.8", "cvss3_severity": "HIGH", "cvss3_score": "7.5", "publishDate": "2016-07-04", "lastUpdatedDate": "2021-07-17", "scoreMetadataVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "url": "https://vuln.whitesourcesoftware.com/vulnerability/CVE-2016-3092", "description": "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.", "project": "Demo Data", "product": "Demo Product", "cvss3Attributes": { "attackVector": "NETWORK", "attackComplexity": "LOW", "userInteraction": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH" }, "library": { "keyUuid": "2d4e959e-602e-4f94-8c3e-d4c30e36ed7c", "filename": "commons-fileupload-1.2.1-URBA2209RC1.jar", "type": "MAVEN_ARTIFACT", "description": "The FileUpload component provides a simple yet flexible means of adding support for multipart\n file upload functionality to servlets and web applications.", "sha1": "384faa82e193d4e4b0546059ca09572654bc3970", "name": "commons-fileupload", "artifactId": "commons-fileupload", "version": "1.2.1-URBA2209RC1", "groupId": "commons-fileupload", "architecture": "", "languageVersion": "" }, "topFix": { "vulnerability": "CVE-2016-3092", "type": "UPGRADE_VERSION", "origin": "mend_EXPERT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092", "fixResolution": "Upgrade to version org.apache.tomcat.embed:tomcat-embed-core:9.0.0.M8,8.5.3,8.0.36,7.0.70,org.apache.tomcat:tomcat-coyote:9.0.0.M8,8.5.3,8.0.36,7.0.70,commons-fileupload:commons-fileupload:1.3.2", "date": "2016-07-04 22:59:00", "message": "Upgrade to version", "extraData":"{\"packageLevelFix\":[{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"org.apache.tomcat.embed:tomcat-embed-core\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(7.0.0, 7.0.2, 7.0.4, 7.0.5, 7.0.6, 7.0.8, 7.0.11, 7.0.12, 7.0.14, 7.0.16, 7.0.19, 7.0.20, 7.0.21, 7.0.22, 7.0.23, 7.0.25, 7.0.26, 7.0.27, 7.0.28, 7.0.29, 7.0.30, 7.0.32, 7.0.33, 7.0.34, 7.0.35, 7.0.37, 7.0.39, 7.0.40, 7.0.41, 7.0.42, 7.0.47, 7.0.50, 7.0.52, 7.0.53, 7.0.54, 7.0.55, 7.0.56, 7.0.57, 7.0.59, 7.0.61, 7.0.62, 7.0.63, 7.0.64, 7.0.65, 7.0.67, 7.0.68, 7.0.69)\",\"affectedRange\":\"\>=7.0.0 \<7.0.70\",\"minFixVersion\":\"7.0.70\"},{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"org.apache.tomcat.embed:tomcat-embed-core\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(9.0.0.M3, 9.0.0.M4, 9.0.0.M6)\",\"affectedRange\":\"\>=9.0.0.M3 \<9.0.0.M8\",\"minFixVersion\":\"9.0.0.M8\"},{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"org.apache.tomcat.embed:tomcat-embed-core\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(8.0.1, 8.0.3, 8.0.5, 8.0.8, 8.0.9, 8.0.11, 8.0.12, 8.0.14, 8.0.15, 8.0.17, 8.0.18, 8.0.20, 8.0.21, 8.0.22, 8.0.23, 8.0.24, 8.0.26, 8.0.27, 8.0.28, 8.0.29, 8.0.30, 8.0.32, 8.0.33, 8.0.35)\",\"affectedRange\":\"\>=8.0.1 \<8.0.36\",\"minFixVersion\":\"8.0.36\"},{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"org.apache.tomcat:tomcat-coyote\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(8.5.0, 8.5.2)\",\"affectedRange\":\"\>=8.5.0 \<8.5.3\",\"minFixVersion\":\"8.5.3\"},{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"org.apache.tomcat.embed:tomcat-embed-core\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(9.0.0.M1)\",\"affectedRange\":\"\>=9.0.0.M1 \<9.0.0.M10\",\"minFixVersion\":\"9.0.0.M10\"},{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"commons-fileupload:commons-fileupload\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(1.2.2, 1.3, 1.3.1)\",\"affectedRange\":\"\>=1.2.2 \<1.3.1-jenkins-1\",\"minFixVersion\":\"1.3.1-jenkins-1\"},{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"org.apache.tomcat:tomcat-coyote\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(9.0.0.M3, 9.0.0.M4, 9.0.0.M6)\",\"affectedRange\":\"\>=9.0.0.M3 \<9.0.0.M8\",\"minFixVersion\":\"9.0.0.M8\"},{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"commons-fileupload:commons-fileupload\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(1.0-beta-1, 1.0-rc1, 1.0, 1.1, 1.1.1, 1.2, 1.2.1)\",\"affectedRange\":\"\>=1.0-beta-1 \<1.2.1-NODEP\",\"minFixVersion\":\"1.2.1-NODEP\"},{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"org.apache.tomcat.embed:tomcat-embed-core\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(8.5.0, 8.5.2)\",\"affectedRange\":\"\>=8.5.0 \<8.5.3\",\"minFixVersion\":\"8.5.3\"},{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"org.apache.tomcat:tomcat-coyote\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(9.0.0.M1)\",\"affectedRange\":\"\>=9.0.0.M1 \<9.0.0.M10\",\"minFixVersion\":\"9.0.0.M10\"},{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"org.apache.tomcat:tomcat-coyote\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(7.0.0, 7.0.2, 7.0.4, 7.0.5, 7.0.6, 7.0.8, 7.0.11, 7.0.12, 7.0.14, 7.0.16, 7.0.19, 7.0.20, 7.0.21, 7.0.22, 7.0.23, 7.0.25, 7.0.26, 7.0.27, 7.0.28, 7.0.29, 7.0.30, 7.0.32, 7.0.33, 7.0.34, 7.0.35, 7.0.37, 7.0.39, 7.0.40, 7.0.41, 7.0.42, 7.0.47, 7.0.50, 7.0.52, 7.0.53, 7.0.54, 7.0.55, 7.0.56, 7.0.57, 7.0.59, 7.0.61, 7.0.62, 7.0.63, 7.0.64, 7.0.65, 7.0.67, 7.0.68, 7.0.69)\",\"affectedRange\":\"\>=7.0.0 \<7.0.70\",\"minFixVersion\":\"7.0.70\"},{\"cveIdentifier\":\"CVE-2016-3092\",\"packageName\":\"org.apache.tomcat:tomcat-coyote\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(8.0.1, 8.0.3, 8.0.5, 8.0.8, 8.0.9, 8.0.11, 8.0.12, 8.0.14, 8.0.15, 8.0.17, 8.0.18, 8.0.20, 8.0.21, 8.0.22, 8.0.23, 8.0.24, 8.0.26, 8.0.27, 8.0.28, 8.0.29, 8.0.30, 8.0.32, 8.0.33, 8.0.35)\",\"affectedRange\":\"\>=8.0.1 \<8.0.36\",\"minFixVersion\":\"8.0.36\"}]}" }, ....... ``` # Get Container Vulnerabilities Report This report displays the vulnerabilities per pod, namespace, and cluster. Users can filter specific resources according to their context in the cluster. This API request enables you to get Container Vulnerabilities reports at the organizational and cluster level, in Excel or JSON format. ## Get Container Vulnerabilities Report - Organization Get Container Vulnerabilities report for an organization. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a Container Vulnerabilities report for an organization. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **orgToken** | API key which is a unique identifier of the organization. | string | Yes | | **format** | Requested format of the report. Options are: **xlsx** (default) or **json**. | string | Yes | #### **Request Example** ``` { "requestType" : "getOrganizationContainerVulnerabilityReportRequest", "userKey": "user_key", "orgToken" : "org_token", "format" : "xlsx" } ``` #### **Response Format** The response will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=.xlsx ## **Get Container Vulnerabilities Report - Cluster** Get Container Vulnerabilities report for a cluster. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a Container Vulnerabilities report at the Cluster level. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **productToken** | Unique identifier of the product. | string | Yes | | **format** | Requested format of the report. Options are: **xlsx** (default) or **json**. | string | Yes | #### **Request Example** ``` { "requestType" : "getClusterVulnerabilityReportRequest", "userKey": "user_key", "productToken" : "product_token", "format" : "xlsx" } ``` #### **Response Format** The response will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=.xlsx # Get Alerts Report The Alerts report presents you with valuable information about the libraries (components) in your products and organizations. This API request enables you to export organization, product or project-level source file alert reports in Excel (xlsx), XML (xml) or JSON (json) format. ## **Get Alerts Report - Organization** Get Alerts report for an organization. **NOTE:** For customers who have enabled Vulnerability-based Alerting (see [Security Alerts: View By Vulnerability)](https://docs.mend.io/legacy-sca/latest/security-alerts-view-by-vulnerability), this API will not be available. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a report for all the alerts in an organization. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **orgToken** | API key which is a unique identifier of the organization. | string | Yes | | **format** | Requested format of the report. Options are: **xlsx** (default), **xml**, or **json**. | string | Yes | #### **Request Example** ``` { "requestType" : "getOrganizationAlertsReport", "userKey": "user_key", "orgToken" : "organization_api_key", "format" : "xlsx" } ``` #### **Response in Excel Format** The response to the above example in **xlsx** format will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=.xlsx #### **Response in XML Format** ``` 15-12-2020 Error Policy Violation json-1.8.3.gem Reject effective high sev 828898 GH_cloudify-cli 2756788 GH_cloudify-cli Ruby ``` #### **Response in JSON Format** ``` { "alerts": [ { "type": "REJECTED_BY_POLICY_RESOURCE", "level": "MAJOR", "library": { "keyUuid": "9b64843f-30f8-495f-be41-80601c190380", "filename": "json-1.8.3.gem", "type": "RUBY_GEM", "description": "This is a JSON implementation as a Ruby extension in C.", "sha1": "dcd00a477bbb8c0c722f68f9c28bc8460a7b1d6f", "name": "json", "artifactId": "json-1.8.3.gem", "version": "1.8.3", "groupId": "json", "architecture": "", "languageVersion": "" }, "product": "GH_cloudify-cli", "project": "GH_cloudify-cli", "directDependency": false, "description": "Reject effective high sev", "creation_date": "2020-12-15 14:48:33", "lastUpdatedDate": "2020-12-15 14:48:33" } ] } ``` ## **Get Alerts Report - Product** Get Alerts report for a product. **NOTE:** For customers who have enabled Vulnerability-based Alerting (see [Security Alerts: View By Vulnerability](https://docs.mend.io/legacy-sca/latest/security-alerts-view-by-vulnerability)), this API will not be available. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a report for all the alerts in a specific product. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **productToken** | Unique identifier of the product. | string | Yes | | **format** | Requested format of the report. Options are: **xlsx** (default), **xml**, or **json**. | string | Yes | #### **Request Example** ``` { "requestType" : "getProductAlertsReport", "userKey": "user_key", "productToken" : "product_token", "format" : "xlsx" } ``` #### **Response Format** The response to the above request example (xlsx format) will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=.xlsx ## **Get Alerts Report - Project** Get Alerts report for a project. **NOTE:** For customers who have enabled Vulnerability-based Alerting (see [Security Alerts: View by Vulnerability](https://docs.mend.io/legacy-sca/latest/security-alerts-view-by-vulnerability)), this API will not be available. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a report for all the alerts in a specific project. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **projectToken** | Unique identifier of the project. | string | Yes | | **format** | Requested format of the report. Options are: **xlsx** (default), **xml**, or **json**. | string | Yes | #### **Request Example** ``` { "requestType" : "getProjectAlertsReport", "userKey": "user_key", "projectToken" : "project_token", "format" : "xlsx" } ``` #### **Response Format** The response to the above request example (xlsx format) will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=.xlsx # Get Ignored Alerts Report This API request enables you to get an organization, product or project-level Ignored Alerts report, in Excel format. ## **Get Ignored Alerts Report - Organization** Get Ignored Alerts report for an organization. **NOTE:** For customers who have enabled Vulnerability-based Alerting (see [Security Alerts: View By Vulnerability)](https://docs.mend.io/legacy-sca/latest/security-alerts-view-by-vulnerability), this API will not be available. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a report for all Ignored Alerts in an organization. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **orgToken** | API key which is a unique identifier of the organization. | string | Yes | | **format** | Requested format of the report. Options are: **xlsx** (default) or **xml**. | string | Yes | #### **Request Example** ``` { "requestType" : "getOrganizationIgnoredAlertsReport", "userKey": "user_key", "orgToken" : "organization_api_key", "format" : "xlsx" } ``` **Response Format** The response will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=.xlsx ## **Get Ignored Alerts Report - Product** Get Ignored Alerts report for a product. **NOTE:** For customers who have enabled Vulnerability-based Alerting (see [Security Alerts: View By Vulnerability)](https://docs.mend.io/legacy-sca/latest/security-alerts-view-by-vulnerability),), this API will not be available. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a report for all Ignored Alerts in a specific product. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **productToken** | Unique identifier of the product. | string | Yes | | **format** | Requested format of the report. Options are: **xlsx** (default) or **xml**. | string | Yes | #### **Request Example** ``` { "requestType" : "getProductIgnoredAlertsReport", "userKey": "user_key", "productToken" : "product_token", "format" : "xlsx" } ``` **Response Format** The response will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=.xlsx ## **Get Ignored Alerts Report - Project** Get Ignored Alerts report for a project. **NOTE:** For customers who have enabled Vulnerability-based Alerting (see [Security Alerts: View By Vulnerability)](https://docs.mend.io/legacy-sca/latest/security-alerts-view-by-vulnerability), this API will not be available. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a report for all Ignored Alerts in a specific project. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **projectToken** | Unique identifier of the project. | string | Yes | | **format** | Requested format of the report. Options are: **xlsx** (default) or **xml**. | string | Yes | #### **Request Example** ``` { "requestType" : "getProjectIgnoredAlertsReport", "userKey": "user_key", "projectToken" : "project_token", "format" : "xlsx" } ``` **Response Format** The response will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=.xlsx # Get Alert Resolution Duration Report **NOTE:** For customers who have enabled Vulnerability-based Alerting (see [Security Alerts: View By Vulnerability)](https://docs.mend.io/legacy-sca/latest/security-alerts-view-by-vulnerability), this API will not be available. This API request enables you to get reports on alerts that were resolved, at the organization, product or project-level. ## **Get Alert Resolution Duration Report - Organization** Get Resolved Alerts report for an organization. **NOTE:** For customers who have enabled Vulnerability-based Alerting (see Security Alerts: View By Vulnerability), this API will not be available. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a report for all Resolved Alerts in an organization. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **orgToken** | API key which is a unique identifier of the organization. | string | Yes | | **format** | Requested format of the report. Options are: **xlsx** (default) or **xml**. | string | Yes | #### **Request Example** ``` { "requestType" : "getOrganizationResolvedAlertsReport", "userKey": "user_key", "orgToken" : "organization_api_key", "format" : "xlsx" } ``` **Response Format** The response will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=.xlsx ## **Get Alert Resolution Duration Report - Product** Get Resolved Alerts report for a product. **NOTE:** For customers who have enabled Vulnerability-based Alerting (see [Security Alerts: View By Vulnerability)](https://docs.mend.io/legacy-sca/latest/security-alerts-view-by-vulnerability), this API will not be available. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a report for all Resolved Alerts in a specific product. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **productToken** | Unique identifier of the product. | string | Yes | | **format** | Requested format of the report. Options are: **xlsx** (default) or **xml**. | string | Yes | #### **Request Example** ``` { "requestType" : "getProductResolvedAlertsReport", "userKey": "user_key", "productToken" : "product_token", "format" : "xlsx" } ``` **Response Format** The response will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=.xlsx ## **Get Alert Resolution Duration Report - Project** Get Resolved Alerts report for a project. **NOTE:** For customers who have enabled Vulnerability-based Alerting (see [Security Alerts: View By Vulnerability)](https://docs.mend.io/legacy-sca/latest/security-alerts-view-by-vulnerability), this API will not be available. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a report for all Resolved Alerts in a specific project. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **projectToken** | Unique identifier of the project. | string | Yes | | **format** | Requested format of the report. Options are: **xlsx** (default) or **xml**. | string | Yes | #### **Request Example** ``` { "requestType" : "getProjectResolvedAlertsReport", "userKey": "user_key", "projectToken" : "project_token", "format" : "xlsx" } ``` **Response Format** The response will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=.xlsx # Get Change Log History Report The Change Log History report provides up-to-date details on manual changes made by either Mend or its users. This report can only be accessed by the organization's administrator(s). This API request enables you to get organization-level Change Log History in Excel format. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a Change Log History report for an organization. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **orgToken** | API key which is a unique identifier of the organization. | string | Yes | #### **Request Example** ``` { "requestType":"getChangeLogHistoryReport" "userKey": "user_key", "orgToken": "organization_api_key", } ``` **Response Format** The response will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=response.xlsx # Get Logins History Report The Logins History report lists the organization’s login events, to help administrators monitor login activities in the system. **NOTE:** This report uses cursor-based pagination. #### **Request Example** ``` { "requestType":"getLoginsHistory", "orgToken": "a1df652429bb40ee8124717a5f3d3e8a257fb69854f74c3cbcec6c3d85c453e9", "userKey": "4eb0328dcb6c499e84dd4cd464b15c8e9f280ffd157b4276ad1bda2fa4b4df12", "cursor": "1234", "pageSize": "10" } ``` **Response Example** ``` { "logins": [ { "date": "07-Nov-2023 13:50", "email": "test1@mend.io", "name": "test1", "ip": "35.35.35.35" }, { "date": "27-Sep-2023 17:14", "email": "test2@mend.io", "name": "test2", "ip": "10.10.10.100" } ], "nextCursor": "12355" } ``` # Get Request History Report This report lists all the organization's requests in all statuses. This API request enables you to get organization, product or project-level request history reports in Excel format. ## **Get Request History Report - Organization** Get Request History report for an organization. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a history report of all requests for an organization. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **orgToken** | API key which is a unique identifier of the organization. | string | Yes | #### **Request Example** ``` { "requestType" : "getOrganizationRequestHistoryReport", "userKey": "user_key", "orgToken" : "organization_api_key" } ``` **Response Format** The response will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=.xlsx ## **Get Request History Report - Product** Get Request History report for a product. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a history report of all requests for a specific product. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **productToken** | Unique identifier of the product. | string | Yes | #### **Request Example** ``` { "requestType" : "getProductRequestHistoryReport", "userKey": "user_key", "productToken" : "product_token" } ``` **Response Format** The response will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=.xlsx ## **Get Request History Report - Project** Get Request History report for a project. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a history report of all requests for a specific project. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **projectToken** | Unique identifier of the project. | string | Yes | #### **Request Example** ``` { "requestType" : "getProjectRequestHistoryReport", "userKey": "user_key", "projectToken" : "project_token" } ``` **Response Format** The response will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=.xlsx # Get Plugin Request History Report The Plugin Request History report shows the details of all plugin update requests for an organization, including whether or not there were policy violations. This API request enables you to get a history report of an organization’s plugin update requests, in Excel format. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a history report of all plugin update requests for an organization. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **orgToken** | API key which is a unique identifier of the organization. | string | Yes | #### **Request Example** ``` { "requestType" : "getPluginRequestHistoryReport", "userKey": "user_key", "orgToken" : "organization_api_key" } ``` #### **Response Format** The response will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=.xlsx # Get Members Report This report provides information about the members in an organization, such as, email address and number of pending requests assigned to them. This API request enables you to get Members reports at the organization, product or project-level, in Excel format. ## **Get Members Report - Organization** Get Members report for an organization. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a report of all members in an organization. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **orgToken** | API key which is a unique identifier of the organization. | string | Yes | #### **Request Example** ``` { "requestType" : "getOrganizationMembersReport", "userKey": "user_key", "orgToken" : "organization_api_key" } ``` **Response Format** The response will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=.xlsx ## **Get Members Report - Product** Get Members report for a product. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | #### API request type that returns a report of all members in a product. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **productToken** | Unique identifier of the product. | string | Yes | #### **Request Example** ``` { "requestType" : "getProductMembersReport", "userKey": "user_key", "productToken" : "product_token" } ``` #### **Response Format** The response will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=.xlsx ## **Get Members Report - Project** Get Members report for a project. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | #### API request type that returns a report of all members in a project. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **projectToken** | Unique identifier of the project. | string | Yes | #### **Request Example** ``` { "requestType" : "getProjectMembersReport", "userKey": "user_key", "projectToken" : "project_token" } ``` **Response Format** The response will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=.xlsx # Get Security Alerts by Vulnerability Report **NOTE**: This API is *only* supported in organizations that have **Vulnerability-based Alerting** installed (see [Security Alerts: View By Vulnerability](https://docs.mend.io/legacy-sca/latest/security-alerts-view-by-vulnerability)). This API request generates a security alerts report detailed by vulnerability, in the scope of the organization, a specific product or a specific project. For details of the structure of the security vulnerability alert object, see [Security Vulnerability Object](https://api-docs.mend.io/1.4/alerts-api#security-vulnerability-object). ## **Get Security Alerts by Vulnerability Report - Organization** Get a report on security alerts by vulnerability for an organization. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a report of all security alerts by vulnerability in an organization. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **orgToken** | API key which is a unique identifier of the organization. | string | Yes | | **status** | Requested status of the alerts: *Active, Ignored* or *Resolved*. By default, all statuses are returned. | string | Yes | | **format** | Requested format of the report. Options are: **xlsx** (default), **xml**, or **json**. | string | Yes | | **search** | CVE name by which to filter the report. Note that the value must be in the format: `CVE:EQUALS:CVE-YYYY-NNNN.` | string | No | #### **Request Example** ``` { "requestType" : "getOrganizationSecurityAlertsByVulnerabilityReport", "userKey": "user_key", "orgToken" : "organization_api_key", "status" : "active", "format" : "json", "search": "cve:EQUALS:CVE-2020-2111" } ``` #### **Response Example** ``` { "alerts": [ { "vulnerabilityId": "CVE-2014-3558", "libraryName": "hibernate-validator-4.2.0.Final.jar", "product": "Demo Product", "project": "Demo Data", "severity": "MEDIUM", "cvssType": "CVSS_3", "cvssScore": "5.3", "status": "ACTIVE", "libraryType": "Java", "creationDate": "2020-03-09 15:28:47", "modifiedDate": "2020-03-09 15:28:47", "topFix": { "vulnerability": "CVE-2014-3558", "type": "UPGRADE_VERSION", "origin": "mend_EXPERT", "url": "https://hibernate.atlassian.net/browse/HV-912", "fixResolution": "Upgrade to version Upgrade to version Upgrade to version Upgrade to version Upgrade to version org.hibernate:hibernate-validator:4.3.2.Final,5.1.2.Final", "date": "2014-09-30 14:55:09", "message": "Upgrade to version", "extraData":"{\"packageLevelFix\":[{\"cveIdentifier\":\"CVE-2014-3558\",\"packageName\":\"org.hibernate:hibernate-validator\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(5.0.0.Alpha1, 5.0.0.Alpha2, 5.0.0.Beta1, 5.0.0.CR1, 5.0.0.CR2, 5.0.0.CR3, 5.0.0.CR4, 5.0.0.CR5, 5.0.0.Final, 5.0.1.Final, 5.0.2.Final, 5.0.3.Final, 5.1.0.Alpha1, 5.1.0.Beta1, 5.1.0.CR1, 5.1.0.Final, 5.1.1.Final)\",\"affectedRange\":\"\>=5.0.0.Alpha1 \<5.1.2.Final\",\"minFixVersion\":\"5.1.2.Final\"},{\"cveIdentifier\":\"CVE-2014-3558\",\"packageName\":\"org.apache.servicemix.bundles:org.apache.servicemix.bundles.hibernate-validator\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(5.0.2.Final_1)\",\"affectedRange\":\"\>=5.0.2.Final_1 \<5.4.2.Final_1\",\"minFixVersion\":\"5.4.2.Final_1\"},{\"cveIdentifier\":\"CVE-2014-3558\",\"packageName\":\"org.hibernate:hibernate-validator\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(4.2.0.Beta1, 4.2.0.Beta2, 4.2.0.CR1, 4.2.0.Final)\",\"affectedRange\":\"\>=4.2.0.Beta1 \<4.2.0.Final-redhat-1\",\"minFixVersion\":\"4.2.0.Final-redhat-1\"},{\"cveIdentifier\":\"CVE-2014-3558\",\"packageName\":\"org.hibernate:hibernate-validator\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(4.3.0.Alpha1, 4.3.0.Beta1, 4.3.0.CR1, 4.3.0.Final, 4.3.1.Final)\",\"affectedRange\":\"\>=4.3.0.Alpha1 \<4.3.1.Final-redhat-1\",\"minFixVersion\":\"4.3.1.Final-redhat-1\"}]}" } }, { "vulnerabilityId": "CVE-2013-2186", "libraryName": "commons-fileupload-1.2.1-URBA2209RC1.jar", "product": "Demo Product", "project": "Demo Data", "severity": "HIGH", "cvssType": "CVSS_3", "cvssScore": "7.3", "status": "ACTIVE", "libraryType": "Java", "creationDate": "2020-03-09 15:28:46", "modifiedDate": "2020-03-09 15:28:46", "topFix": { "vulnerability": "CVE-2013-2186", "type": "UPGRADE_VERSION", "origin": "mend_EXPERT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2186", "fixResolution": "Upgrade to version Upgrade to version Upgrade to version Upgrade to version Upgrade to version 1.3.1", "date": "2013-10-28 21:55:05", "message": "Upgrade to version", "extraData":"{\"packageLevelFix\":[{\"cveIdentifier\":\"CVE-2013-2186\",\"packageName\":\"commons-fileupload:commons-fileupload\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(1.0-beta-1, 1.0-rc1, 1.0, 1.1, 1.1.1, 1.2, 1.2.1)\",\"affectedRange\":\"\>=1.0-beta-1 \<1.2.1-NODEP\",\"minFixVersion\":\"1.2.1-NODEP\"},{\"cveIdentifier\":\"CVE-2013-2186\",\"packageName\":\"commons-fileupload:commons-fileupload\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(1.2.2, 1.3)\",\"affectedRange\":\"\>=1.2.2 \<1.3.1\",\"minFixVersion\":\"1.3.1\"}]}" } } ] } ``` ## **Get Security Alerts by Vulnerability Report - Product** Get a report on security alerts by vulnerability for a product. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a report of all security alerts by vulnerability for a product. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **productToken** | Unique identifier of the product. | string | Yes | | **status** | Requested status of the alerts: *Active, Ignored* or *Resolved*. By default, all statuses are returned. | string | Yes | | **format** | Requested format of the report. Options are: **xlsx** (default), **xml**, or **json**. | string | Yes | | **search** | CVE name by which to filter the report. Note that the value must be in the format: `CVE:EQUALS:CVE-YYYY-NNNN`. | string | No | #### **Request Example** ``` { "requestType" : "getProductSecurityAlertsByVulnerabilityReport", "userKey": "user_key", "productToken" : "product_token", "status" : "ignored", "format" : "json", "search": "cve:EQUALS:CVE-2020-2111" } ``` #### **Response Example** ``` { "alerts": [ { "vulnerabilityId": "CVE-2016-10173", "libraryName": "minitar-0.5.4.gem", "product": "GH_cloudify-cli", "project": "GH_cloudify-cli", "severity": "HIGH", "cvssType": "CVSS_3", "cvssScore": "7.5", "status": "ACTIVE", "libraryType": "Ruby", "creationDate": "2020-08-02 07:45:22", "modifiedDate": "2020-08-02 07:45:22", "topFix": { "vulnerability": "CVE-2016-10173", "type": "UPGRADE_VERSION", "origin": "mend_EXPERT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10173", "fixResolution": "Upgrade to version 0.6", "date": "2017-02-01 15:59:00", "message": "Upgrade to version", "extraData":"{\"packageLevelFix\":[{\"cveIdentifier\":\"CVE-2016-10173\",\"packageName\":\"minitar\",\"packageType\":\"RUBY\",\"affectedVersions\":\"(0.5.3, 0.5.4, 0.6)\",\"affectedRange\":\"\>=0.5.3 \<0.6.1\",\"minFixVersion\":\"0.6.1\"},{\"cveIdentifier\":\"CVE-2016-10173\",\"packageName\":\"archive-tar-minitar\",\"packageType\":\"RUBY\",\"affectedVersions\":\"(0.5.1, 0.5.2, 0.6)\",\"affectedRange\":\"\>=0.5.1 \<0.6.1\",\"minFixVersion\":\"0.6.1\"}]}" } }, { "vulnerabilityId": "CVE-2017-5946", "libraryName": "rubyzip-1.1.7.gem", "product": "GH_cloudify-cli", "project": "GH_cloudify-cli", "severity": "HIGH", "cvssType": "CVSS_3", "cvssScore": "9.8", "status": "ACTIVE", "libraryType": "Ruby", "creationDate": "2020-08-02 07:45:22", "modifiedDate": "2020-08-02 07:45:22", "topFix": { "vulnerability": "CVE-2017-5946", "type": "UPGRADE_VERSION", "origin": "mend_EXPERT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5946", "fixResolution": "Upgrade to version 1.2.1", "date": "2017-02-27 07:59:00", "message": "Upgrade to version", "extraData":"{\"packageLevelFix\":[{\"cveIdentifier\":\"CVE-2017-5946\",\"packageName\":\"rubyzip\",\"packageType\":\"RUBY\",\"affectedVersions\":\"(1.0.0, 1.0.0.beta1, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.2.0)\",\"affectedRange\":\"\>=1.0.0 \<1.2.1\",\"minFixVersion\":\"1.2.1\"}]}" } } ] } ``` ## **Get Security Alerts by Vulnerability Report - Project** Get a report on security alerts by vulnerability for a project. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a report of all security alerts by vulnerability for a project. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **projectToken** | Unique identifier of the project. | string | Yes | | **status** | Requested status of the alerts: *Active, Ignored* or *Resolved*. By default, all statuses are returned. | string | Yes | | **format** | Requested format of the report. Options are: **xlsx** (default), **xml**, or **json**. | string | Yes | | **search** | CVE name by which to filter the report. Note that the value must be in the format: `CVE:EQUALS:CVE-YYYY-NNNN`. | string | No | #### **Request Example** ``` { "requestType" : "getProjectSecurityAlertsByVulnerabilityReport", "userKey": "user_key", "projectToken" : "project_token", "status": "active" "format" : "json", "search": "cve:EQUALS:CVE-2020-2111" } ``` #### **Response Example** ``` { "alerts": [ { "vulnerabilityId": "CVE-2018-10237", "libraryName": "guava-18.0.jar", "product": "My Product", "project": "WST_468", "euaShield": "RED", "severity": "MEDIUM", "cvssType": "CVSS_3", "cvssScore": "5.9", "status": "ACTIVE", "libraryType": "Java", "creationDate": "2021-05-31 14:08:17", "modifiedDate": "2021-05-31 14:08:17", "topFix": { "vulnerability": "CVE-2018-10237", "type": "UPGRADE_VERSION", "origin": "mend_EXPERT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10237", "fixResolution": "Upgrade to version 24.1.1-jre, 24.1.1-android", "date": "2018-04-26 21:29:00", "message": "Upgrade to version", "extraData":"{\"packageLevelFix\":[{\"cveIdentifier\":\"CVE-2018-10237\",\"packageName\":\"com.google.guava:guava\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(11.0.2-redhat-1, 11.0.2-redhat-2, 12.0-rc1, 12.0-rc2, 12.0, 12.0.1, 13.0-rc1, 13.0-rc2, 13.0, 13.0-final, 13.0.1, 13.0.1-redhat-1, 13.0.1.redhat-2, 13.0.1.redhat-3, 14.0-rc1, 14.0-rc2, 14.0-rc3, 14.0, 14.0.1, 14.0.1.redhat-1, 15.0-rc1, 15.0, 16.0-rc1, 16.0, 16.0.1, 16.0.1.redhat-3, 17.0-rc1, 17.0-rc2, 17.0, 18.0-rc1, 18.0-rc2, 18.0, 18.0.0.redhat-1, 19.0-rc1, 19.0-rc2, 19.0-rc3, 19.0, 19.0.20150826, 19.0.0.jbossorg-1, 19.0.0.jbossorg-2, 19.0.0.redhat-1, 20.0-rc1, 20.0, 20.0-hal, 20.0.0.redhat-1, 21.0-rc1, 21.0-rc2, 21.0, 22.0-rc1, 22.0-rc1-android, 22.0, 22.0-android, 23.0-rc1, 23.0-rc1-android, 23.0, 23.0-android, 23.1-android, 23.1-jre, 23.2-android, 23.2-jre, 23.3-android, 23.3-jre, 23.4-android, 23.4-jre, 23.5-android, 23.5-jre, 23.6-android, 23.6-jre, 23.6.1-android, 23.6.1-jre, 24.0-android, 24.0-jre, 24.1-android, 24.1-jre)\",\"affectedRange\":\"\>=11.0.2-redhat-1 \<24.1.1-android\",\"minFixVersion\":\"24.1.1-android\"},{\"cveIdentifier\":\"CVE-2018-10237\",\"packageName\":\"org.apache.servicemix.bundles:org.apache.servicemix.bundles.guava\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(11.0.2_1, 11.0.2_2)\",\"affectedRange\":\"\>=11.0.2_1 \<11_1\",\"minFixVersion\":\"11_1\"},{\"cveIdentifier\":\"CVE-2018-10237\",\"packageName\":\"com.google.guava:guava\",\"packageType\":\"JAVA\",\"affectedVersions\":\"(11.0, 11.0.1, 11.0.2)\",\"affectedRange\":\"\>=11.0 \<11.0.2-atlassian-01\",\"minFixVersion\":\"11.0.2-atlassian-01\"}]}" } }, ....... ] } ``` # Get Security Alerts by Library Report **NOTE**: This API is *only* supported in organizations that have Vulnerability-based Alerting installed (see [Security Alerts: View By Library](https://docs.mend.io/legacy-sca/latest/security-alerts-view-by-library)). This API request generates a report of all Vulnerability-based alerts that are associated with a specific library, in the scope of the organization, a specific product or a specific project. ## **Get Security Alerts by Library Report - Organization** Get a report on security alerts by library for an organization. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a report of all security alerts by library in an organization. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **orgToken** | API key which is a unique identifier of the organization. | string | Yes | | **status** | Requested status of the alerts: *Active* or *Ignored*. By default, all statuses are returned.A library that is marked as "active" has at least 1 active alert; a library that is marked as "ignored" has at least 1 ignored alert. | string | Yes | | **format** | Requested format of the report. Options are: **xlsx** (default), **xml**, or **json**. | string | Yes | #### **Request Example** ``` { "requestType" : "getOrganizationSecurityAlertsByLibraryReport", "userKey": "user_key", "orgToken" : "organization_api_key", "status" : "active", "format" : "json" } ``` #### **Response in JSON Format** ``` { "alerts": [ { "libraryName": "hibernate-validator-4.2.0.Final.jar", "product": "Demo Product", "project": "Demo Data", "severity": { "medium": 2 }, "totalAlerts": 2, "libraryType": "Java", "creationDate": "2020-03-09 15:28:47", "modifiedDate": "2021-06-27 12:04:50" }, { "libraryName": "commons-fileupload-1.2.1-URBA2209RC1.jar", "product": "Demo Product", "project": "Demo Data", "severity": { "high": 5, "medium": 1 }, "totalAlerts": 6, "ignoredAlerts": 1, "libraryType": "Java", "creationDate": "2020-03-09 15:28:46", "modifiedDate": "2021-05-30 15:24:44" }, { "libraryName": "commons-httpclient-3.1.jar", "product": "Demo Product", "project": "Demo Data", "severity": { "medium": 1 }, "totalAlerts": 1, "libraryType": "Java", "creationDate": "2020-03-09 15:28:46", "modifiedDate": "2020-03-09 15:28:46" }, ....... ] } ``` ## **Get Security Alerts by Library Report - Product** Get a report on security alerts by library for a product. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a report of all security alerts by library for a product. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **productToken** | Unique identifier of the product. | string | Yes | | **status** | Requested status of the alerts: *Active* or *Ignored*. By default, all statuses are returned.A library that is marked as "active" has at least 1 active alert; a library that is marked as "ignored" has at least 1 ignored alert. | string | Yes | | **format** | Requested format of the report. Options are: **xlsx** (default), **xml**, or **json**. | string | Yes | #### **Request Example** ``` { "requestType" : "getProductSecurityAlertsByLibraryReport", "userKey": "user_key", "productToken" : "product_token", "status" : "ignored", "format" : "json" } ``` #### **Response in JSON Format** ``` { "alerts": [ { "libraryName": "Jinja2-2.10.3-py2.py3-none-any.whl", "product": "GH_cloudify-cli", "project": "GH_cloudify-cli", "severity": { "medium": 1 }, "totalAlerts": 1, "ignoredAlerts": 1, "libraryType": "Python", "creationDate": "2021-02-02 12:16:51", "modifiedDate": "2021-02-02 13:47:40" } ] } ``` ## **Get Security Alerts by Library Report - Project** Get a report on security alerts by library for a project. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a report of all security alerts by library for a project. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **projectToken** | Unique identifier of the project. | string | Yes | | **status** | Requested status of the alerts: *Active* or *Ignored*. By default, all statuses are returned.A library that is marked as "active" has at least 1 active alert; a library that is marked as "ignored" has at least 1 ignored alert. | string | Yes | | **format** | Requested format of the report. Options are: **xlsx** (default), **xml**, or **json**. | string | Yes | #### **Request Example** ``` { "requestType" : "getProjectSecurityAlertsByLibraryReport", "userKey": "user_key", "projectToken" : "project_token", "status" : "active", "format" : "json" } ``` #### **Response in JSON Format** ``` { "alerts": [ { "libraryName": "spring-security-core-3.1.2.RELEASE.jar", "libraryUUID": "7af27e75-88fb-4baf-840f-ac79468e6701", "product": "Eggs", "project": "Sunny Side Up", "severity": { "high": 1, "medium": 1 }, "totalAlerts": 2, "libraryType": "Java", "creationDate": "2022-06-20 14:01:18", "modifiedDate": "2022-06-20 14:01:18", "dependency" : "Direct", }, { "libraryName": "log4j-core-2.6.1.jar", "libraryUUID": "c2d53d2e-99f7-409a-a51e-970d81dcd1bb", "product": "Eggs", "project": "Sunny Side Up", "severity": { "high": 2, "medium": 1, "low": 1 }, "totalAlerts": 4, "libraryType": "Java", "creationDate": "2022-06-20 14:01:18", "modifiedDate": "2022-06-20 14:01:18", "dependency" : "Transitive", }, { "libraryName": "spring-web-2.5.6.jar", "libraryUUID": "9ff8d917-f4be-49af-b091-a09389605f4c", "product": "Eggs", "project": "Sunny Side Up", "severity": { "high": 1, "medium": 4 }, "totalAlerts": 5, "libraryType": "Java", "creationDate": "2022-06-20 14:01:18", "modifiedDate": "2022-06-20 14:01:18", "dependency" : "Direct", } ] } ``` # Get License and Compliance Alerts Report The Licensing and Compliance Alerts report enables you to review alert details for licensing and compliance/quality issues reported for an organization, product or project. This API request generates a License and Compliance alerts report in the scope of the organization, a specific product or a specific project. ## **Get License and Compliance Alerts Report - Organization** Get Licensing and Compliance alerts for an organization. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a report of licensing and compliance alerts for an organization. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **orgToken** | API key which is a unique identifier of the organization. | string | Yes | | **status** | Yes status of the alerts: *Active,* *Ignored* or *Resolved*. By default, all statuses are returned. | string | Yes | | **format** | Requested format of the report. Options are: **xlsx** (default), **xml**, or **json**. | string | Yes | #### **Request Example** ``` { "requestType" : "getOrganizationLicenseAndComplianceAlertReport", "userKey": "user_key", "orgToken" : "organization_api_key", "status" : "active", "format" : "xlsx" } ``` #### **Response Format** The response will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=-license-and-compliance-alert-report.xlsx ## **Get License and Compliance Alerts Report - Product** Get Licensing and Compliance alerts for a product. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a report of licensing and compliance alerts for a specific product. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **productToken** | Unique identifier of the product. | string | Yes | | **status** | Yes status of the alerts: *Active,* *Ignored* or *Resolved*. By default, all statuses are returned. | string | Yes | | **format** | Requested format of the report. Options are: **xlsx** (default), **xml**, or **json**. | string | Yes | #### **Request Example** ``` { "requestType" : "getProductLicenseAndComplianceAlertReport", "userKey": "user_key", "productToken" : "product_token", "status" : "ignored", "format" : "xlsx" } ``` #### **Response Format (xlsx)** The response will have the following headers: * Content-Type = application/vnd.openxmlformats-officedocument.spreadsheetml.sheet * Content-Disposition: attachment; filename=-license-and-compliance-alert-report.xlsx ## **Get License and Compliance Alerts Report - Project** Get Licensing and Compliance alerts for a project. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a report of licensing and compliance alerts for a specific project. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in mend. | string | Yes | | **projectToken** | Unique identifier of the project. | string | Yes | | **status** | Yes status of the alerts: *Active,* *Ignored* or *Resolved*. By default, all statuses are returned. | string | Yes | | **format** | Requested format of the report. Options are: **xlsx** (default), **xml**, or **json**. | string | Yes | #### **Request Example** ``` { "requestType" : "getProjectLicenseAndComplianceAlertReport", "userKey": "user_key", "projectToken" : "project_token", "status" : "active" "format" : "json" } ``` #### **Response in JSON Format** ``` { "alerts": [ { "type": "REJECTED_BY_POLICY_RESOURCE", "library": { "keyUuid": "b33c8590-5327-47dc-8de2-92ec8313453f", "filename": "jcommander-1.72.jar", "type": "MAVEN_ARTIFACT", "description": "Command line parsing", "sha1": "6375e521c1e11d6563d4f25a07ce124ccf8cd171", "name": "jcommander", "architecture": "", "languageVersion": "" }, "product": "GH_1_RxJava", "project": "GH_RxJava", "description": "Reject effective high sev", "status": "OPEN", "creation_date": "15-12-2020", "lastUpdatedDate": "15-12-2020" } ] } ```