# Get project security findings (Dependencies - SCA) Returns all security findings for a given project Endpoint: GET /api/v3.0/projects/{projectUuid}/dependencies/findings/security Version: 3.0 Security: bearer-key ## Query parameters: - `limit` (string) Specifies the maximum number of items to be returned in the response. - `cursor` (string) Parameter indicates the starting point for retrieving results, the first call doesn't include a cursor parameter in the request, the API response includes the first set of results along with a cursor pointing to the last item retrieved. ## Path parameters: - `projectUuid` (string, required) UUID of the project ## Response 200 fields (application/json): - `additionalData` (object) + totalItems: The total count of data points returned in an API response. Example: {"totalItems":"422","next":"http://someUrl?cursor=3","cursor":3} - `supportToken` (string) Example: "1171c60d" - `response` (array) - `response.uuid` (string) Example: "123e4567-e89b-12d3-a456-426655440000" - `response.name` (string) Identifier of the finding, changes based on finding type Example: "CVE-2021-42392" - `response.type` (string) Enum: "SECURITY_VULNERABILITY" - `response.findingInfo` (object) - `response.findingInfo.findingStatus` (string) Enum: "UNREVIEWED", "IN_REVIEW", "SUPPRESSED", "ISSUE_CREATED", "REMEDIATED" - `response.findingInfo.comment` (object) - `response.findingInfo.comment.comment` (string) Example: "a comment" - `response.findingInfo.comment.date` (string) - `response.findingInfo.comment.userEmail` (string) Example: "jon.smith@mail.com" - `response.findingInfo.comment.username` (string) Example: "jon" - `response.findingInfo.detectedAt` (string) - `response.findingInfo.modifiedAt` (string) - `response.findingInfo.status` (string) Enum: "ACTIVE", "IGNORED", "LIBRARY_REMOVED", "LIBRARY_IN_HOUSE", "LIBRARY_WHITELIST" - `response.project` (object) Project information - `response.project.uuid` (string) Example: "123e4567-e89b-12d3-a456-426655440000" - `response.project.name` (string) Example: "My Project" - `response.project.path` (string) Example: "My Application" - `response.project.applicationName` (string) Example: "My Application" - `response.project.applicationUuid` (string) Example: "123e4567-e89b-12d3-a456-426655440000" - `response.application` (object) - `response.application.uuid` (string) Example: "123e4567-e89b-12d3-a456-426655440000" - `response.application.name` (string) Example: "Application A" - `response.component` (object) - `response.component.uuid` (string) Example: "123e4567-e89b-12d3-a456-426655440000" - `response.component.name` (string) Example: "dbus-1.10.24-13.el7_6.x86_64.rpm" - `response.component.description` (string) Example: "Component description" - `response.component.componentType` (string) - `response.component.language` (string) Example: "REDHAT_PACKAGE_MODULE" - `response.component.directDependency` (boolean) - `response.component.rootLibrary` (boolean) - `response.component.references` (object) - `response.component.references.url` (string) Example: "https://www.gnupg.org/related_software/pinentry/98" - `response.component.references.homePage` (string) Example: "https://www.gnupg.org/related_software/pinentry/89" - `response.component.references.downloadLink` (string) Example: "https://www.gnupg.org/related_software/pinentry/09" - `response.component.references.issueUrl` (string) Example: "https://www.gnupg.org/related_software/pinentry/87" - `response.component.references.pomUrl` (string) Example: "https://www.gnupg.org/related_software/pinentry/76" - `response.component.references.scmUrl` (string) Example: "https://www.gnupg.org/related_software/pinentry/65" - `response.component.references.genericPackageIndex` (string) Example: "5" - `response.component.references.nugetGallery` (string) - `response.component.references.tags` (string) Example: "Important" - `response.component.references.copyright` (string) Example: "Copyright 2002-2015 g10 Code GmbH" - `response.component.references.hasNotice` (boolean) - `response.component.groupId` (string) Example: "org.springframework.boot" - `response.component.artifactId` (string) Example: "spring-boot" - `response.component.version` (string) Example: "3.0.5" - `response.component.path` (string) Example: "pom.xml" - `response.component.dependencyFile` (string) - `response.component.localPath` (string) - `response.component.dependencyType` (string) Example: "Direct / Transitive" - `response.component.libraryLocations` (array) - `response.component.libraryLocations.localPath` (string) Example: "C:\\\\Users\\\\user\\\\.m2\\\\repository\\\\commons-io-1.4.jar" - `response.component.libraryLocations.dependencyFile` (string) Example: "C:\\\\GitHubRepos\\\\Pipline\\\\EUA\\\\plugins-automation\\\\fsa\\\\tests\\\\EUA\\\\Java\\\\bigProjectsMaven\\\\WST_417\\\\Data\\\\ksa\\\\ksa-web-core\\\\pom.xml" - `response.component.libraryType` (string) Example: "REDHAT_PACKAGE_MODULE" - `response.vulnerability` (object) - `response.vulnerability.name` (string) Example: "CVE-2021-42392" - `response.vulnerability.type` (string) Enum: "CVE", "WS" - `response.vulnerability.description` (string) Example: "Security vulnerability found in plexus-utils before 3.0.24. XML injection found in XmlWriterUtil.java" - `response.vulnerability.score` (number) Example: 5 - `response.vulnerability.severity` (string) Enum: "HIGH", "MEDIUM", "LOW" - `response.vulnerability.publishDate` (string) - `response.vulnerability.modifiedDate` (string) - `response.vulnerability.vulnerabilityScoring` (array) - `response.vulnerability.vulnerabilityScoring.score` (number) Example: 5 - `response.vulnerability.vulnerabilityScoring.severity` (string) Enum: "LOW", "HIGH", "MEDIUM" - `response.vulnerability.vulnerabilityScoring.type` (string) Enum: "CVSS_2", "CVSS_3" - `response.vulnerability.vulnerabilityScoring.scoreMetadataVector` (string) Example: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" - `response.vulnerability.vulnerabilityScoring.extraData` (object) - `response.vulnerability.references` (array) - `response.vulnerability.references.value` (string) Example: "https://github.com/codehaus-plexus/plexus-utils/commit/f933e5e78dc2637e485447ed821fe14904f110de" - `response.vulnerability.references.source` (string) Example: "CERT" - `response.vulnerability.references.url` (string) Example: "https://github.com/codehaus-plexus/plexus-utils/commit/f933e5e78dc2637e485447ed821fe14904f110de" - `response.vulnerability.references.signature` (boolean) - `response.vulnerability.references.advisory` (boolean) - `response.vulnerability.references.patch` (boolean) - `response.vulnerability.effectiveInfo` (object) - `response.vulnerability.effectiveInfo.referenceCount` (integer) - `response.vulnerability.effectiveInfo.shieldValue` (integer) RED(15), YELLOW(10), GREY(8), NO_SHIELD(6), GREEN(5) - `response.vulnerability.threatAssessment` (object) - `response.vulnerability.threatAssessment.exploitCodeMaturity` (string) Enum: "UNPROVEN", "POC_CODE", "FUNCTIONAL", "HIGH", "NOT_DEFINED" - `response.vulnerability.threatAssessment.epssPercentage` (number) Example: 0.8 - `response.topFix` (object) - `response.topFix.id` (integer) Example: 49422 - `response.topFix.vulnerability` (string) Example: "CVE-2021-42392" - `response.topFix.type` (string) Enum: "CHANGE_FILES", "PATCH", "UPGRADE_VERSION" - `response.topFix.origin` (string) Example: "WHITESOURCE_EXPERT" - `response.topFix.url` (string) Example: "https://github.com/codehaus-plexus/plexus-utils/commit/f933e5e78dc2637e485447ed821fe14904f110de" - `response.topFix.fixResolution` (string) Example: "3.0.24" - `response.topFix.date` (string) - `response.topFix.message` (string) Example: "Upgrade to version" - `response.topFix.extraData` (string) - `response.topFix.minimalFixVersionFromExtraData` (string) - `response.topFix.minimalAffectedVersionFromExtraData` (string) - `response.reachability` (string) Enum: "REACHABLE", "POTENTIALLY_REACHABLE", "UNREACHABLE", "REACHABILITY_UNAVAILABLE" - `response.findingIntegration` (object) - `response.findingIntegration.status` (string) Enum: "SUCCESS", "FAILURE", "PROCESSING" - `response.findingIntegration.issues` (array) - `response.findingIntegration.issues.issueStatus` (string) Example: "Open" - `response.findingIntegration.issues.url` (string) Example: "www.jira.com/projectA-22" - `response.findingIntegration.issues.issueTrackerType` (string) Example: "Jira-cloud" - `response.findingIntegration.issues.issueIdentifier` (string) Example: "projectA-22" - `response.threatAssessment` (object) - `response.threatAssessment.exploitCodeMaturity` (string) Enum: "UNPROVEN", "POC_CODE", "FUNCTIONAL", "HIGH", "NOT_DEFINED" - `response.threatAssessment.epssPercentage` (number) Example: 0.8 - `response.exploitable` (boolean) Example: true - `response.malicious` (boolean) Example: true - `response.scoreMetadataVector` (string) - `response.violations` (integer) Example: 22 - `response.workflowUuids` (array) - `response.dependencyContexts` (array) - `response.dependencyContexts.dependencyType` (string) Enum: "DIRECT", "TRANSITIVE" - `response.dependencyContexts.isDirect` (boolean) Example: true - `response.dependencyContexts.isTransitive` (boolean) - `response.dependencyContexts.directRoots` (array) - `response.dependencyContexts.directRoots.rootLibraryUuid` (string) - `response.dependencyContexts.directRoots.rootLibraryName` (string) Example: "com.google.guava:guava" - `response.dependencyContexts.directRoots.rootLibraryVersion` (string) Example: "30.1-jre" ## Response 400 fields (*/*): - `supportToken` (string) Example: "1171c60d" ## Response 403 fields (*/*): - `supportToken` (string) Example: "1171c60d"