search

blackducksoftware / hub-rest-api-python

HUB REST API Python bindings
Apache License 2.0
89 stars 104 forks source link

List number of high, medium and low security risks with api. #211

Closed LaurensMignolet closed 2 years ago

LaurensMignolet commented 2 years ago

Hi, I would like to get the amount for high, medium and low security risks for all my projects on my latest scan. In the wiki and examples I only seem to find options to search for certain vulnarabilities. But not list all security risk. Is this possible with the api?

OffBy0x01 commented 2 years ago

Is there a specific endpoint to get total risk across all projects? To my knowledge no.

However you could write a quick script to get the total, something like this(untested) would get all totals across all project versions:

total = {'critical':0, 'high':0, 'medium': 0, 'low': 0, 'ok':0, 'unknown':0}
for project in bd.get_resource('projects'):
    for version in bd.get_resource('versions', project):
        for riskProfile in bd.get_resource('version-risk-profile', version, items=False):
            for severity, count in riskProfile["categories"]["VULNERABILITY"].items():
                total[severity.lower()] += count

print(total)

You could do something similar with only the latest version (of all project versions) to get a "current" view.