Open chris-sansone-angi opened 4 years ago
This seems to be the inverse of the findings API https://docs.dependencytrack.org/integrations/file-formats/
Instead of taking a project centric approach and listing out all the finding data (component, vulns, analysis), this enhancement may take the same data from the findings API and take a component centric approach.
Slack conversation: https://owasp.slack.com/archives/C6R3R32H4/p1565357983074900
Current Behavior:
Right now there is no easy way to get listing of vulnerable components and the projects they are used by. It would likely involve lots of queries made to the /project, /finding, /dependency, /component, and /vulnerability APIs.
This is a typical use case where a new vulnerability is announced on component/library and an organization wants to quickly analyze which projects (that use the component) need to be remediated.
Proposed Behavior:
Add a new endpoint (or modify an existing endpoint) so that way the relevant data could be retrieved.