GraphQL Schema documentation
API Endpoints
https://app.eu.onekey.com/api/graphqlQueries
allAnalysisConfigurations
Response
Returns [AnalysisConfiguration!]!
Example
Query
query allAnalysisConfigurations {
allAnalysisConfigurations {
id
name
binaryAnalysis
rtosAnalysis
}
}
Response
{
"data": {
"allAnalysisConfigurations": [
{
"id": "4",
"name": "xyz789",
"binaryAnalysis": true,
"rtosAnalysis": true
}
]
}
}
allApiTokens
Response
Returns [ApiToken!]!
Example
Query
query allApiTokens {
allApiTokens {
id
name
description
createdBy
createdAt
expireAt
lastUsedAt
permissions {
...ApiTokenPermissionFragment
}
}
}
Response
{
"data": {
"allApiTokens": [
{
"id": 4,
"name": "xyz789",
"description": "xyz789",
"createdBy": "xyz789",
"createdAt": Datetime,
"expireAt": Datetime,
"lastUsedAt": Datetime,
"permissions": [ApiTokenPermission]
}
]
}
}
allFirmwares
Response
Returns [Firmware!]!
Arguments
| Name | Description |
|---|---|
filter - FirmwareFilter
|
|
query - String
|
|
count - Int
|
Example
Query
query allFirmwares(
$filter: FirmwareFilter,
$query: String,
$count: Int
) {
allFirmwares(
filter: $filter,
query: $query,
count: $count
) {
id
name
uploadTime
version
notes
totalSize
binary {
...FirmwareBinaryFragment
}
sbom {
...FirmwareSBOMFragment
}
analysisConfiguration {
...AnalysisConfigurationFragment
}
analyses {
...AnalysisFragment
}
latestAnalysisTime
latestAnalysis {
...AnalysisFragment
}
fileCount
files {
...FileFragment
}
blobs {
...BlobFragment
}
processing {
... on ProcessingInProgress {
...ProcessingInProgressFragment
}
... on ProcessingFailed {
...ProcessingFailedFragment
}
... on ProcessingFinished {
...ProcessingFinishedFragment
}
}
monitoring
uploader
componentCount
components {
...ComponentFragment
}
certificates {
...CertificateFragment
}
privateKeys {
...PrivateKeyFragment
}
latestIssues {
...IssueFragment
}
fileContent {
...FileContentResultFragment
}
releaseDate
product {
...ProductFragment
}
complianceItems {
...ComplianceItemFragment
}
complianceExtraItems {
...ComplianceExtraItemFragment
}
elfDetails {
...ELFDetailsFragment
}
managementProtocols {
...ManagementProtocolFragment
}
downloadUrl
spriteSheets {
...SpriteSheetFragment
}
cveMatches {
...CVEMatchFragment
}
compareAnalyses {
...AnalysesComparisonFragment
}
extractionProblems {
...ExtractionProblemFragment
}
labels
properties {
...PropertyFragment
}
supportingFiles {
...SupportingFileFragment
}
complianceBundles {
...ComplianceBundleFragment
}
auditTrail {
...AuditRecordFragment
}
uris {
...URIFragment
}
uriCount
linkedLibraries {
...LinkedLibraryFragment
}
componentDependencies {
...ComponentDependencyFragment
}
}
}
Variables
{
"filter": FirmwareFilter,
"query": "xyz789",
"count": 987
}
Response
{
"data": {
"allFirmwares": [
{
"id": "4",
"name": "abc123",
"uploadTime": Datetime,
"version": "xyz789",
"notes": "xyz789",
"totalSize": {},
"binary": FirmwareBinary,
"sbom": FirmwareSBOM,
"analysisConfiguration": AnalysisConfiguration,
"analyses": [Analysis],
"latestAnalysisTime": Datetime,
"latestAnalysis": Analysis,
"fileCount": 123,
"files": [File],
"blobs": [Blob],
"processing": ProcessingInProgress,
"monitoring": false,
"uploader": "xyz789",
"componentCount": 987,
"components": [Component],
"certificates": [Certificate],
"privateKeys": [PrivateKey],
"latestIssues": [Issue],
"fileContent": [FileContentResult],
"releaseDate": "2007-12-03",
"product": Product,
"complianceItems": [ComplianceItem],
"complianceExtraItems": [ComplianceExtraItem],
"elfDetails": ELFDetails,
"managementProtocols": [ManagementProtocol],
"downloadUrl": "abc123",
"spriteSheets": [SpriteSheet],
"cveMatches": [CVEMatch],
"compareAnalyses": AnalysesComparison,
"extractionProblems": [ExtractionProblem],
"labels": ["abc123"],
"properties": [Property],
"supportingFiles": [SupportingFile],
"complianceBundles": [ComplianceBundle],
"auditTrail": [AuditRecord],
"uris": [URI],
"uriCount": 123,
"linkedLibraries": [LinkedLibrary],
"componentDependencies": [ComponentDependency]
}
]
}
}
allGuidelines
Response
Returns [ComplianceGuideline!]!
Example
Query
query allGuidelines {
allGuidelines {
id
title
publisherName
publisherType
publicationDate
url
auxiliaryProperties {
...ComplianceAuxiliaryPropertyFragment
}
summary
chapters {
...ComplianceChapterFragment
}
}
}
Response
{
"data": {
"allGuidelines": [
{
"id": "4",
"title": "abc123",
"publisherName": "xyz789",
"publisherType": "GOVERNMENT_ORGANISATION",
"publicationDate": "2007-12-03",
"url": "abc123",
"auxiliaryProperties": [
ComplianceAuxiliaryProperty
],
"summary": "abc123",
"chapters": [ComplianceChapter]
}
]
}
}
allIssueDocs
Response
Returns [IssueDoc!]!
Example
Query
query allIssueDocs {
allIssueDocs {
type
summary
description
mitigation
cwes {
...CWEFragment
}
references {
...ReferenceFragment
}
}
}
Response
{
"data": {
"allIssueDocs": [
{
"type": "abc123",
"summary": "abc123",
"description": "xyz789",
"mitigation": "xyz789",
"cwes": [CWE],
"references": [Reference]
}
]
}
}
allProductGroups
Response
Returns [ProductGroup!]!
Example
Query
query allProductGroups {
allProductGroups {
id
name
description
products {
...ProductFragment
}
}
}
Response
{
"data": {
"allProductGroups": [
{
"id": 4,
"name": "xyz789",
"description": "abc123",
"products": [Product]
}
]
}
}
allProducts
Response
Returns [Product!]!
Example
Query
query allProducts {
allProducts {
id
name
vendor
category
firmwareTimeline {
...FirmwareTimelineItemFragment
}
productGroups {
...ProductGroupFragment
}
}
}
Response
{
"data": {
"allProducts": [
{
"id": 4,
"name": "abc123",
"vendor": "abc123",
"category": "xyz789",
"firmwareTimeline": [FirmwareTimelineItem],
"productGroups": [ProductGroup]
}
]
}
}
allReportConfigurations
Response
Returns [ReportConfiguration!]!
Example
Query
query allReportConfigurations {
allReportConfigurations {
id
name
issueSeverities
analysisTechniqueDetails
complianceGuidelines {
...ComplianceGuidelineFragment
}
includeComments
includedStatuses
excludedStatuses
}
}
Response
{
"data": {
"allReportConfigurations": [
{
"id": 4,
"name": "xyz789",
"issueSeverities": ["CRITICAL"],
"analysisTechniqueDetails": false,
"complianceGuidelines": [ComplianceGuideline],
"includeComments": true,
"includedStatuses": ["NONE"],
"excludedStatuses": ["NONE"]
}
]
}
}
allReports
Response
Returns [Report!]!
Arguments
| Name | Description |
|---|---|
filter - ReportFilter
|
Example
Query
query allReports($filter: ReportFilter) {
allReports(filter: $filter) {
id
title
classification
generatedTime
reportConfiguration {
...ReportConfigurationFragment
}
firmwares {
...FirmwareFragment
}
downloadUrl
size
state
links {
...ReportLinkFragment
}
}
}
Variables
{"filter": ReportFilter}
Response
{
"data": {
"allReports": [
{
"id": "4",
"title": "abc123",
"classification": "xyz789",
"generatedTime": Datetime,
"reportConfiguration": ReportConfiguration,
"firmwares": [Firmware],
"downloadUrl": "xyz789",
"size": 987,
"state": "GENERATING",
"links": [ReportLink]
}
]
}
}
allUserGroups
Response
Returns [UserGroup!]!
Example
Query
query allUserGroups {
allUserGroups {
id
name
description
productGroups {
...ProductGroupFragment
}
roles
users {
...UserFragment
}
}
}
Response
{
"data": {
"allUserGroups": [
{
"id": "4",
"name": "xyz789",
"description": "xyz789",
"productGroups": [ProductGroup],
"roles": ["ADMIN"],
"users": [User]
}
]
}
}
allUsers
Response
Returns [User!]!
Example
Query
query allUsers {
allUsers {
email
created
userGroups {
...UserGroupFragment
}
roles
}
}
Response
{
"data": {
"allUsers": [
{
"email": "abc123",
"created": Datetime,
"userGroups": [UserGroup],
"roles": ["ADMIN"]
}
]
}
}
compareFirmwareAnalyses
Description
Compare the latest analyses of two firmware
Response
Returns an AnalysesComparison
Example
Query
query compareFirmwareAnalyses(
$base: ID!,
$other: ID!
) {
compareFirmwareAnalyses(
base: $base,
other: $other
) {
base {
...AnalysisFragment
}
other {
...AnalysisFragment
}
issues {
...IssuesComparisonFragment
}
cveEntries {
...CVEEntriesComparisonFragment
}
cveMatches {
...CVEMatchesComparisonFragment
}
components {
...ComponentsComparisonFragment
}
}
}
Variables
{"base": 4, "other": 4}
Response
{
"data": {
"compareFirmwareAnalyses": {
"base": Analysis,
"other": Analysis,
"issues": IssuesComparison,
"cveEntries": CVEEntriesComparison,
"cveMatches": CVEMatchesComparison,
"components": ComponentsComparison
}
}
}
customIssueDefinitions
Response
Returns [CustomIssueDefinition!]!
Example
Query
query customIssueDefinitions {
customIssueDefinitions {
id
name
cvss3Vector
cvss4Vector
confidence
description
query
}
}
Response
{
"data": {
"customIssueDefinitions": [
{
"id": 4,
"name": "abc123",
"cvss3Vector": "xyz789",
"cvss4Vector": "abc123",
"confidence": "HIGH",
"description": "xyz789",
"query": "xyz789"
}
]
}
}
firmware
Example
Query
query firmware($id: ID!) {
firmware(id: $id) {
id
name
uploadTime
version
notes
totalSize
binary {
...FirmwareBinaryFragment
}
sbom {
...FirmwareSBOMFragment
}
analysisConfiguration {
...AnalysisConfigurationFragment
}
analyses {
...AnalysisFragment
}
latestAnalysisTime
latestAnalysis {
...AnalysisFragment
}
fileCount
files {
...FileFragment
}
blobs {
...BlobFragment
}
processing {
... on ProcessingInProgress {
...ProcessingInProgressFragment
}
... on ProcessingFailed {
...ProcessingFailedFragment
}
... on ProcessingFinished {
...ProcessingFinishedFragment
}
}
monitoring
uploader
componentCount
components {
...ComponentFragment
}
certificates {
...CertificateFragment
}
privateKeys {
...PrivateKeyFragment
}
latestIssues {
...IssueFragment
}
fileContent {
...FileContentResultFragment
}
releaseDate
product {
...ProductFragment
}
complianceItems {
...ComplianceItemFragment
}
complianceExtraItems {
...ComplianceExtraItemFragment
}
elfDetails {
...ELFDetailsFragment
}
managementProtocols {
...ManagementProtocolFragment
}
downloadUrl
spriteSheets {
...SpriteSheetFragment
}
cveMatches {
...CVEMatchFragment
}
compareAnalyses {
...AnalysesComparisonFragment
}
extractionProblems {
...ExtractionProblemFragment
}
labels
properties {
...PropertyFragment
}
supportingFiles {
...SupportingFileFragment
}
complianceBundles {
...ComplianceBundleFragment
}
auditTrail {
...AuditRecordFragment
}
uris {
...URIFragment
}
uriCount
linkedLibraries {
...LinkedLibraryFragment
}
componentDependencies {
...ComponentDependencyFragment
}
}
}
Variables
{"id": 4}
Response
{
"data": {
"firmware": {
"id": 4,
"name": "abc123",
"uploadTime": Datetime,
"version": "abc123",
"notes": "xyz789",
"totalSize": {},
"binary": FirmwareBinary,
"sbom": FirmwareSBOM,
"analysisConfiguration": AnalysisConfiguration,
"analyses": [Analysis],
"latestAnalysisTime": Datetime,
"latestAnalysis": Analysis,
"fileCount": 123,
"files": [File],
"blobs": [Blob],
"processing": ProcessingInProgress,
"monitoring": false,
"uploader": "abc123",
"componentCount": 123,
"components": [Component],
"certificates": [Certificate],
"privateKeys": [PrivateKey],
"latestIssues": [Issue],
"fileContent": [FileContentResult],
"releaseDate": "2007-12-03",
"product": Product,
"complianceItems": [ComplianceItem],
"complianceExtraItems": [ComplianceExtraItem],
"elfDetails": ELFDetails,
"managementProtocols": [ManagementProtocol],
"downloadUrl": "abc123",
"spriteSheets": [SpriteSheet],
"cveMatches": [CVEMatch],
"compareAnalyses": AnalysesComparison,
"extractionProblems": [ExtractionProblem],
"labels": ["xyz789"],
"properties": [Property],
"supportingFiles": [SupportingFile],
"complianceBundles": [ComplianceBundle],
"auditTrail": [AuditRecord],
"uris": [URI],
"uriCount": 123,
"linkedLibraries": [LinkedLibrary],
"componentDependencies": [ComponentDependency]
}
}
}
globalAnalysisProfile
Response
Returns an AnalysisProfile!
Example
Query
query globalAnalysisProfile {
globalAnalysisProfile {
issueRules {
...AnalysisProfileRuleFragment
}
cveRules {
...AnalysisProfileRuleFragment
}
}
}
Response
{
"data": {
"globalAnalysisProfile": {
"issueRules": [AnalysisProfileRule],
"cveRules": [AnalysisProfileRule]
}
}
}
tenant
Response
Returns a Tenant!
Example
Query
query tenant {
tenant {
name
activationDate
supportContacts
}
}
Response
{
"data": {
"tenant": {
"name": "abc123",
"activationDate": "2007-12-03",
"supportContacts": ["xyz789"]
}
}
}
user
Response
Returns a User!
Example
Query
query user {
user {
email
created
userGroups {
...UserGroupFragment
}
roles
}
}
Response
{
"data": {
"user": {
"email": "xyz789",
"created": Datetime,
"userGroups": [UserGroup],
"roles": ["ADMIN"]
}
}
}
Mutations
addFirmwareComponent
Response
Returns a FirmwareComponentEditResult
Arguments
| Name | Description |
|---|---|
input - FirmwareAddComponentInput!
|
Example
Query
mutation addFirmwareComponent($input: FirmwareAddComponentInput!) {
addFirmwareComponent(input: $input) {
... on Component {
...ComponentFragment
}
... on MutationError {
...MutationErrorFragment
}
}
}
Variables
{"input": FirmwareAddComponentInput}
Response
{"data": {"addFirmwareComponent": Component}}
applyGlobalAnalysisProfile
Response
Returns a MutationError
Arguments
| Name | Description |
|---|---|
input - IDInput!
|
Example
Query
mutation applyGlobalAnalysisProfile($input: IDInput!) {
applyGlobalAnalysisProfile(input: $input) {
count
errors {
...ErrorFragment
}
}
}
Variables
{"input": IDInput}
Response
{
"data": {
"applyGlobalAnalysisProfile": {
"count": 123,
"errors": [Error]
}
}
}
bulkUpdateCVEStatus
Response
Returns an UpdateCVEStatusResult
Arguments
| Name | Description |
|---|---|
input - BulkUpdateCVEStatusInput
|
Example
Query
mutation bulkUpdateCVEStatus($input: BulkUpdateCVEStatusInput) {
bulkUpdateCVEStatus(input: $input) {
... on CVEMatchesWithUpdatedStatus {
...CVEMatchesWithUpdatedStatusFragment
}
... on MutationError {
...MutationErrorFragment
}
}
}
Variables
{"input": BulkUpdateCVEStatusInput}
Response
{
"data": {
"bulkUpdateCVEStatus": CVEMatchesWithUpdatedStatus
}
}
bulkUpdateIssueStatus
Response
Returns an UpdateIssueStatusResult
Arguments
| Name | Description |
|---|---|
input - BulkUpdateIssueStatusInput
|
Example
Query
mutation bulkUpdateIssueStatus($input: BulkUpdateIssueStatusInput) {
bulkUpdateIssueStatus(input: $input) {
... on IssuesWithUpdatedStatus {
...IssuesWithUpdatedStatusFragment
}
... on MutationError {
...MutationErrorFragment
}
}
}
Variables
{"input": BulkUpdateIssueStatusInput}
Response
{
"data": {
"bulkUpdateIssueStatus": IssuesWithUpdatedStatus
}
}
createAnalysisConfiguration
Response
Returns an AnalysisConfigurationResult!
Arguments
| Name | Description |
|---|---|
input - AnalysisConfigurationCreateInput!
|
Example
Query
mutation createAnalysisConfiguration($input: AnalysisConfigurationCreateInput!) {
createAnalysisConfiguration(input: $input) {
... on AnalysisConfiguration {
...AnalysisConfigurationFragment
}
... on MutationError {
...MutationErrorFragment
}
}
}
Variables
{"input": AnalysisConfigurationCreateInput}
Response
{
"data": {
"createAnalysisConfiguration": AnalysisConfiguration
}
}
createApiToken
Response
Returns an ApiTokenCreateResult!
Arguments
| Name | Description |
|---|---|
input - ApiTokenCreateInput!
|
Example
Query
mutation createApiToken($input: ApiTokenCreateInput!) {
createApiToken(input: $input) {
... on CreatedApiToken {
...CreatedApiTokenFragment
}
... on MutationError {
...MutationErrorFragment
}
}
}
Variables
{"input": ApiTokenCreateInput}
Response
{"data": {"createApiToken": CreatedApiToken}}
createComplianceBundle
Response
Returns a ComplianceBundleCreateResult!
Arguments
| Name | Description |
|---|---|
input - ComplianceBundleCreateInput!
|
Example
Query
mutation createComplianceBundle($input: ComplianceBundleCreateInput!) {
createComplianceBundle(input: $input) {
... on ComplianceBundle {
...ComplianceBundleFragment
}
... on MutationError {
...MutationErrorFragment
}
}
}
Variables
{"input": ComplianceBundleCreateInput}
Response
{"data": {"createComplianceBundle": ComplianceBundle}}
createCustomIssueDefinition
Response
Returns a CustomIssueDefinitionsResult
Arguments
| Name | Description |
|---|---|
input - CustomIssueDefinitionCreateInput!
|
Example
Query
mutation createCustomIssueDefinition($input: CustomIssueDefinitionCreateInput!) {
createCustomIssueDefinition(input: $input) {
... on CustomIssueDefinition {
...CustomIssueDefinitionFragment
}
... on MutationError {
...MutationErrorFragment
}
}
}
Variables
{"input": CustomIssueDefinitionCreateInput}
Response
{
"data": {
"createCustomIssueDefinition": CustomIssueDefinition
}
}
createFirmwareUpload
Description
Creates the metadata for the firmware, and the result will have the uploadUrl field, where the actual firmware file should be posted with a Content-Type: multipart/form-data.
Response
Returns a FirmwareUploadResult!
Arguments
| Name | Description |
|---|---|
input - FirmwareUploadInput!
|
Example
Query
mutation createFirmwareUpload($input: FirmwareUploadInput!) {
createFirmwareUpload(input: $input) {
... on FirmwareUploadMetadata {
...FirmwareUploadMetadataFragment
}
... on MutationError {
...MutationErrorFragment
}
}
}
Variables
{"input": FirmwareUploadInput}
Response
{"data": {"createFirmwareUpload": FirmwareUploadMetadata}}
createProductGroup
Response
Returns a ProductGroupResult!
Arguments
| Name | Description |
|---|---|
input - ProductGroupCreateInput!
|
Example
Query
mutation createProductGroup($input: ProductGroupCreateInput!) {
createProductGroup(input: $input) {
... on ProductGroup {
...ProductGroupFragment
}
... on MutationError {
...MutationErrorFragment
}
}
}
Variables
{"input": ProductGroupCreateInput}
Response
{"data": {"createProductGroup": ProductGroup}}
createReportConfiguration
Response
Returns a ReportConfigurationResult!
Arguments
| Name | Description |
|---|---|
input - ReportConfigurationCreateInput
|
Example
Query
mutation createReportConfiguration($input: ReportConfigurationCreateInput) {
createReportConfiguration(input: $input) {
... on ReportConfiguration {
...ReportConfigurationFragment
}
... on MutationError {
...MutationErrorFragment
}
}
}
Variables
{"input": ReportConfigurationCreateInput}
Response
{
"data": {
"createReportConfiguration": ReportConfiguration
}
}
createReportLink
Response
Returns a ReportLinkResult!
Arguments
| Name | Description |
|---|---|
input - CreateReportLinkInput!
|
Example
Query
mutation createReportLink($input: CreateReportLinkInput!) {
createReportLink(input: $input) {
... on CreatedReportLink {
...CreatedReportLinkFragment
}
... on MutationError {
...MutationErrorFragment
}
}
}
Variables
{"input": CreateReportLinkInput}
Response
{"data": {"createReportLink": CreatedReportLink}}
createUser
Response
Returns a UserResult!
Arguments
| Name | Description |
|---|---|
input - UserCreateInput!
|
Example
Query
mutation createUser($input: UserCreateInput!) {
createUser(input: $input) {
... on User {
...UserFragment
}
... on MutationError {
...MutationErrorFragment
}
}
}
Variables
{"input": UserCreateInput}
Response
{"data": {"createUser": User}}
createUserGroup
Response
Returns a UserGroupResult!
Arguments
| Name | Description |
|---|---|
input - UserGroupCreateInput!
|
Example
Query
mutation createUserGroup($input: UserGroupCreateInput!) {
createUserGroup(input: $input) {
... on UserGroup {
...UserGroupFragment
}
... on MutationError {
...MutationErrorFragment
}
}
}
Variables
{"input": UserGroupCreateInput}
Response
{"data": {"createUserGroup": UserGroup}}
deleteAnalysisConfiguration
Response
Returns a MutationError
Arguments
| Name | Description |
|---|---|
input - IDInput!
|
Example
Query
mutation deleteAnalysisConfiguration($input: IDInput!) {
deleteAnalysisConfiguration(input: $input) {
count
errors {
...ErrorFragment
}
}
}
Variables
{"input": IDInput}
Response
{
"data": {
"deleteAnalysisConfiguration": {
"count": 987,
"errors": [Error]
}
}
}
deleteApiToken
Response
Returns a MutationError
Arguments
| Name | Description |
|---|---|
input - IDInput!
|
Example
Query
mutation deleteApiToken($input: IDInput!) {
deleteApiToken(input: $input) {
count
errors {
...ErrorFragment
}
}
}
Variables
{"input": IDInput}
Response
{
"data": {
"deleteApiToken": {"count": 123, "errors": [Error]}
}
}
deleteCustomIssueDefinition
Response
Returns a MutationError
Arguments
| Name | Description |
|---|---|
input - IDInput!
|
Example
Query
mutation deleteCustomIssueDefinition($input: IDInput!) {
deleteCustomIssueDefinition(input: $input) {
count
errors {
...ErrorFragment
}
}
}
Variables
{"input": IDInput}
Response
{
"data": {
"deleteCustomIssueDefinition": {
"count": 987,
"errors": [Error]
}
}
}
deleteFirmware
Response
Returns a MutationError
Arguments
| Name | Description |
|---|---|
input - IDInput!
|
Example
Query
mutation deleteFirmware($input: IDInput!) {
deleteFirmware(input: $input) {
count
errors {
...ErrorFragment
}
}
}
Variables
{"input": IDInput}
Response
{
"data": {
"deleteFirmware": {"count": 987, "errors": [Error]}
}
}
deleteFirmwareComponent
Response
Returns a MutationError
Arguments
| Name | Description |
|---|---|
input - FirmwareDeleteComponentInput!
|
Example
Query
mutation deleteFirmwareComponent($input: FirmwareDeleteComponentInput!) {
deleteFirmwareComponent(input: $input) {
count
errors {
...ErrorFragment
}
}
}
Variables
{"input": FirmwareDeleteComponentInput}
Response
{
"data": {
"deleteFirmwareComponent": {
"count": 123,
"errors": [Error]
}
}
}
deleteFirmwareSupportingFile
Response
Returns a MutationError
Arguments
| Name | Description |
|---|---|
input - FirmwareSupportingFileDeleteInput!
|
Example
Query
mutation deleteFirmwareSupportingFile($input: FirmwareSupportingFileDeleteInput!) {
deleteFirmwareSupportingFile(input: $input) {
count
errors {
...ErrorFragment
}
}
}
Variables
{"input": FirmwareSupportingFileDeleteInput}
Response
{
"data": {
"deleteFirmwareSupportingFile": {
"count": 987,
"errors": [Error]
}
}
}
deleteProductGroup
Response
Returns a MutationError
Arguments
| Name | Description |
|---|---|
input - ProductGroupDeleteInput!
|
Example
Query
mutation deleteProductGroup($input: ProductGroupDeleteInput!) {
deleteProductGroup(input: $input) {
count
errors {
...ErrorFragment
}
}
}
Variables
{"input": ProductGroupDeleteInput}
Response
{
"data": {
"deleteProductGroup": {
"count": 987,
"errors": [Error]
}
}
}
deleteReport
Response
Returns a MutationError
Arguments
| Name | Description |
|---|---|
input - IDInput!
|
Example
Query
mutation deleteReport($input: IDInput!) {
deleteReport(input: $input) {
count
errors {
...ErrorFragment
}
}
}
Variables
{"input": IDInput}
Response
{
"data": {
"deleteReport": {"count": 987, "errors": [Error]}
}
}
deleteReportConfiguration
Response
Returns a MutationError
Arguments
| Name | Description |
|---|---|
input - ReportConfigurationDeleteInput
|
Example
Query
mutation deleteReportConfiguration($input: ReportConfigurationDeleteInput) {
deleteReportConfiguration(input: $input) {
count
errors {
...ErrorFragment
}
}
}
Variables
{"input": ReportConfigurationDeleteInput}
Response
{
"data": {
"deleteReportConfiguration": {
"count": 123,
"errors": [Error]
}
}
}
deleteUser
Response
Returns a MutationError
Arguments
| Name | Description |
|---|---|
input - UserDeleteInput!
|
Example
Query
mutation deleteUser($input: UserDeleteInput!) {
deleteUser(input: $input) {
count
errors {
...ErrorFragment
}
}
}
Variables
{"input": UserDeleteInput}
Response
{
"data": {
"deleteUser": {"count": 987, "errors": [Error]}
}
}
deleteUserGroup
Response
Returns a MutationError
Arguments
| Name | Description |
|---|---|
input - IDInput!
|
Example
Query
mutation deleteUserGroup($input: IDInput!) {
deleteUserGroup(input: $input) {
count
errors {
...ErrorFragment
}
}
}
Variables
{"input": IDInput}
Response
{
"data": {
"deleteUserGroup": {"count": 123, "errors": [Error]}
}
}
disableMonitoring
Response
Returns a MutationError
Arguments
| Name | Description |
|---|---|
input - IDInput!
|
Example
Query
mutation disableMonitoring($input: IDInput!) {
disableMonitoring(input: $input) {
count
errors {
...ErrorFragment
}
}
}
Variables
{"input": IDInput}
Response
{
"data": {
"disableMonitoring": {"count": 123, "errors": [Error]}
}
}
enableMonitoring
Response
Returns a MutationError
Arguments
| Name | Description |
|---|---|
input - IDInput!
|
Example
Query
mutation enableMonitoring($input: IDInput!) {
enableMonitoring(input: $input) {
count
errors {
...ErrorFragment
}
}
}
Variables
{"input": IDInput}
Response
{
"data": {
"enableMonitoring": {"count": 987, "errors": [Error]}
}
}
generateReport
Response
Returns a GenerateReportResult!
Arguments
| Name | Description |
|---|---|
input - GenerateReportInput
|
Example
Query
mutation generateReport($input: GenerateReportInput) {
generateReport(input: $input) {
... on Report {
...ReportFragment
}
... on MutationError {
...MutationErrorFragment
}
}
}
Variables
{"input": GenerateReportInput}
Response
{"data": {"generateReport": Report}}
requestFirmwareReview
Response
Returns a MutationError
Arguments
| Name | Description |
|---|---|
input - FirmwareReviewInput
|
Example
Query
mutation requestFirmwareReview($input: FirmwareReviewInput) {
requestFirmwareReview(input: $input) {
count
errors {
...ErrorFragment
}
}
}
Variables
{"input": FirmwareReviewInput}
Response
{
"data": {
"requestFirmwareReview": {
"count": 123,
"errors": [Error]
}
}
}
triggerAnalysis
Description
Triggers a new analysis on the given firmware
Response
Returns a TriggerAnalysisResult!
Arguments
| Name | Description |
|---|---|
input - IDInput!
|
Example
Query
mutation triggerAnalysis($input: IDInput!) {
triggerAnalysis(input: $input) {
... on TriggeredAnalysis {
...TriggeredAnalysisFragment
}
... on MutationError {
...MutationErrorFragment
}
}
}
Variables
{"input": IDInput}
Response
{"data": {"triggerAnalysis": TriggeredAnalysis}}
updateAnalysisConfiguration
Response
Returns an AnalysisConfigurationResult!
Arguments
| Name | Description |
|---|---|
input - AnalysisConfigurationUpdateInput!
|
Example
Query
mutation updateAnalysisConfiguration($input: AnalysisConfigurationUpdateInput!) {
updateAnalysisConfiguration(input: $input) {
... on AnalysisConfiguration {
...AnalysisConfigurationFragment
}
... on MutationError {
...MutationErrorFragment
}
}
}
Variables
{"input": AnalysisConfigurationUpdateInput}
Response
{
"data": {
"updateAnalysisConfiguration": AnalysisConfiguration
}
}
updateCVEStatus
Response
Returns an UpdateCVEStatusResult
Arguments
| Name | Description |
|---|---|
input - UpdateCVEStatusInput
|
Example
Query
mutation updateCVEStatus($input: UpdateCVEStatusInput) {
updateCVEStatus(input: $input) {
... on CVEMatchesWithUpdatedStatus {
...CVEMatchesWithUpdatedStatusFragment
}
... on MutationError {
...MutationErrorFragment
}
}
}
Variables
{"input": UpdateCVEStatusInput}
Response
{"data": {"updateCVEStatus": CVEMatchesWithUpdatedStatus}}
updateComplianceExtraItem
Response
Returns a ComplianceExtraItemUpdateResult!
Arguments
| Name | Description |
|---|---|
input - ComplianceExtraItemUpdateInput
|
Example
Query
mutation updateComplianceExtraItem($input: ComplianceExtraItemUpdateInput) {
updateComplianceExtraItem(input: $input) {
... on ComplianceExtraItem {
...ComplianceExtraItemFragment
}
... on MutationError {
...MutationErrorFragment
}
}
}
Variables
{"input": ComplianceExtraItemUpdateInput}
Response
{
"data": {
"updateComplianceExtraItem": ComplianceExtraItem
}
}
updateComplianceItem
Response
Returns a ComplianceItemUpdateResult!
Arguments
| Name | Description |
|---|---|
input - ComplianceItemUpdateInput
|
Example
Query
mutation updateComplianceItem($input: ComplianceItemUpdateInput) {
updateComplianceItem(input: $input) {
... on ComplianceItemUpdateResults {
...ComplianceItemUpdateResultsFragment
}
... on MutationError {
...MutationErrorFragment
}
}
}
Variables
{"input": ComplianceItemUpdateInput}
Response
{
"data": {
"updateComplianceItem": ComplianceItemUpdateResults
}
}
updateCustomIssueDefinition
Response
Returns a CustomIssueDefinitionsResult
Arguments
| Name | Description |
|---|---|
input - CustomIssueDefinitionUpdateInput!
|
Example
Query
mutation updateCustomIssueDefinition($input: CustomIssueDefinitionUpdateInput!) {
updateCustomIssueDefinition(input: $input) {
... on CustomIssueDefinition {
...CustomIssueDefinitionFragment
}
... on MutationError {
...MutationErrorFragment
}
}
}
Variables
{"input": CustomIssueDefinitionUpdateInput}
Response
{
"data": {
"updateCustomIssueDefinition": CustomIssueDefinition
}
}
updateFirmware
Description
Update any part of the uploaded firmware metadata.
Response
Returns a FirmwareUpdateResult!
Arguments
| Name | Description |
|---|---|
input - FirmwareUpdateInput
|
Example
Query
mutation updateFirmware($input: FirmwareUpdateInput) {
updateFirmware(input: $input) {
... on Firmware {
...FirmwareFragment
}
... on MutationError {
...MutationErrorFragment
}
}
}
Variables
{"input": FirmwareUpdateInput}
Response
{"data": {"updateFirmware": Firmware}}
updateFirmwareComponent
Response
Returns a FirmwareComponentEditResult
Arguments
| Name | Description |
|---|---|
input - FirmwareUpdateComponentInput!
|
Example
Query
mutation updateFirmwareComponent($input: FirmwareUpdateComponentInput!) {
updateFirmwareComponent(input: $input) {
... on Component {
...ComponentFragment
}
... on MutationError {
...MutationErrorFragment
}
}
}
Variables
{"input": FirmwareUpdateComponentInput}
Response
{"data": {"updateFirmwareComponent": Component}}
updateGlobalAnalysisProfile
Response
Returns an UpdateGlobalAnalysisProfileResult
Arguments
| Name | Description |
|---|---|
input - AnalysisProfileUpdateInput
|
Example
Query
mutation updateGlobalAnalysisProfile($input: AnalysisProfileUpdateInput) {
updateGlobalAnalysisProfile(input: $input) {
... on AnalysisProfile {
...AnalysisProfileFragment
}
... on MutationError {
...MutationErrorFragment
}
}
}
Variables
{"input": AnalysisProfileUpdateInput}
Response
{"data": {"updateGlobalAnalysisProfile": AnalysisProfile}}
updateIssueStatus
Response
Returns an UpdateIssueStatusResult
Arguments
| Name | Description |
|---|---|
input - UpdateIssueStatusInput
|
Example
Query
mutation updateIssueStatus($input: UpdateIssueStatusInput) {
updateIssueStatus(input: $input) {
... on IssuesWithUpdatedStatus {
...IssuesWithUpdatedStatusFragment
}
... on MutationError {
...MutationErrorFragment
}
}
}
Variables
{"input": UpdateIssueStatusInput}
Response
{"data": {"updateIssueStatus": IssuesWithUpdatedStatus}}
updateProductGroup
Response
Returns a ProductGroupResult!
Arguments
| Name | Description |
|---|---|
input - ProductGroupUpdateInput!
|
Example
Query
mutation updateProductGroup($input: ProductGroupUpdateInput!) {
updateProductGroup(input: $input) {
... on ProductGroup {
...ProductGroupFragment
}
... on MutationError {
...MutationErrorFragment
}
}
}
Variables
{"input": ProductGroupUpdateInput}
Response
{"data": {"updateProductGroup": ProductGroup}}
updateReportConfiguration
Response
Returns a ReportConfigurationResult!
Arguments
| Name | Description |
|---|---|
input - ReportConfigurationUpdateInput
|
Example
Query
mutation updateReportConfiguration($input: ReportConfigurationUpdateInput) {
updateReportConfiguration(input: $input) {
... on ReportConfiguration {
...ReportConfigurationFragment
}
... on MutationError {
...MutationErrorFragment
}
}
}
Variables
{"input": ReportConfigurationUpdateInput}
Response
{
"data": {
"updateReportConfiguration": ReportConfiguration
}
}
updateUser
Response
Returns a UserResult!
Arguments
| Name | Description |
|---|---|
input - UserUpdateInput!
|
Example
Query
mutation updateUser($input: UserUpdateInput!) {
updateUser(input: $input) {
... on User {
...UserFragment
}
... on MutationError {
...MutationErrorFragment
}
}
}
Variables
{"input": UserUpdateInput}
Response
{"data": {"updateUser": User}}
updateUserGroup
Response
Returns a UserGroupResult!
Arguments
| Name | Description |
|---|---|
input - UserGroupUpdateInput!
|
Example
Query
mutation updateUserGroup($input: UserGroupUpdateInput!) {
updateUserGroup(input: $input) {
... on UserGroup {
...UserGroupFragment
}
... on MutationError {
...MutationErrorFragment
}
}
}
Variables
{"input": UserGroupUpdateInput}
Response
{"data": {"updateUserGroup": UserGroup}}
Subscriptions
complianceBundleGenerationUpdate
Response
Returns a ComplianceBundle
Arguments
| Name | Description |
|---|---|
complianceBundleId - ID!
|
Example
Query
subscription complianceBundleGenerationUpdate($complianceBundleId: ID!) {
complianceBundleGenerationUpdate(complianceBundleId: $complianceBundleId) {
id
guideline {
...ComplianceGuidelineFragment
}
createdBy
createdAt
description
state
size
sha256
downloadUrl
}
}
Variables
{"complianceBundleId": 4}
Response
{
"data": {
"complianceBundleGenerationUpdate": {
"id": 4,
"guideline": ComplianceGuideline,
"createdBy": "abc123",
"createdAt": Datetime,
"description": "xyz789",
"state": "GENERATING",
"size": {},
"sha256": "xyz789",
"downloadUrl": "xyz789"
}
}
}
firmwareProcessingUpdates
Response
Returns [FirmwareProcessingUpdate!]!
Example
Query
subscription firmwareProcessingUpdates {
firmwareProcessingUpdates {
firmwareID
name
processing {
... on ProcessingInProgress {
...ProcessingInProgressFragment
}
... on ProcessingFailed {
...ProcessingFailedFragment
}
... on ProcessingFinished {
...ProcessingFinishedFragment
}
}
}
}
Response
{
"data": {
"firmwareProcessingUpdates": [
{
"firmwareID": 4,
"name": "abc123",
"processing": ProcessingInProgress
}
]
}
}
reportGenerationUpdate
Example
Query
subscription reportGenerationUpdate($reportId: ID!) {
reportGenerationUpdate(reportId: $reportId) {
id
title
classification
generatedTime
reportConfiguration {
...ReportConfigurationFragment
}
firmwares {
...FirmwareFragment
}
downloadUrl
size
state
links {
...ReportLinkFragment
}
}
}
Variables
{"reportId": 4}
Response
{
"data": {
"reportGenerationUpdate": {
"id": 4,
"title": "xyz789",
"classification": "abc123",
"generatedTime": Datetime,
"reportConfiguration": ReportConfiguration,
"firmwares": [Firmware],
"downloadUrl": "abc123",
"size": 987,
"state": "GENERATING",
"links": [ReportLink]
}
}
}
Types
AnalysesComparison
Fields
| Field Name | Description |
|---|---|
base - Analysis!
|
|
other - Analysis!
|
|
issues - IssuesComparison!
|
|
cveEntries - CVEEntriesComparison!
|
|
cveMatches - CVEMatchesComparison!
|
|
components - ComponentsComparison!
|
Example
{
"base": Analysis,
"other": Analysis,
"issues": IssuesComparison,
"cveEntries": CVEEntriesComparison,
"cveMatches": CVEMatchesComparison,
"components": ComponentsComparison
}
AnalysesComparisonSummary
Fields
| Field Name | Description |
|---|---|
base - Analysis!
|
|
issues - ComparisonCount!
|
|
cveEntries - ComparisonCount!
|
|
components - ComparisonCount!
|
Example
{
"base": Analysis,
"issues": ComparisonCount,
"cveEntries": ComparisonCount,
"components": ComparisonCount
}
AnalysesFilter
Fields
| Input Field | Description |
|---|---|
state - AnalysisState
|
When both are specified it means "finished AND failed". |
result - AnalysisResult
|
|
timeRange - DatetimeRange
|
Start time of the analysis |
type - AnalysisType
|
|
id - ID
|
Example
{
"state": "WAITING",
"result": "COMPLETE",
"timeRange": DatetimeRange,
"type": "INITIAL",
"id": 4
}
Analysis
Description
Represents a complete analysis of a firmware
Fields
| Field Name | Description |
|---|---|
id - ID!
|
UUID of the analysis |
issues - [Issue!]!
|
|
Arguments
|
|
firmware - Firmware!
|
|
state - AnalysisState!
|
|
result - AnalysisResult
|
|
resultErrors - [AnalysisResultError!]!
|
|
startTime - Datetime!
|
|
endTime - Datetime
|
|
type - AnalysisType!
|
|
issueCount - SeverityCounts
|
|
Arguments
|
|
cveMatchCount - SeverityCounts
|
|
Arguments
|
|
cveMatches - [CVEMatch!]!
|
Filter, query with OQL or search the list of CVEs for this Analysis. The parameters are mutually exclusive |
Arguments |
|
previousComparisonSummary - AnalysesComparisonSummary
|
Changed issue and CVE information compared to the previous successful analysis. The previous analysis is the one finished just before the current one and is not affected by the filter used. This information is available from the second finished analysis. |
isOutdated - Boolean!
|
Components have been changed (edited) since the analysis was run, CVE list and other data is outdated |
Example
{
"id": 4,
"issues": [Issue],
"firmware": Firmware,
"state": "WAITING",
"result": "COMPLETE",
"resultErrors": [AnalysisResultError],
"startTime": Datetime,
"endTime": Datetime,
"type": "INITIAL",
"issueCount": SeverityCounts,
"cveMatchCount": SeverityCounts,
"cveMatches": [CVEMatch],
"previousComparisonSummary": AnalysesComparisonSummary,
"isOutdated": true
}
AnalysisConfiguration
AnalysisConfigurationCreateInput
AnalysisConfigurationResult
Types
| Union Types |
|---|
Example
AnalysisConfiguration
AnalysisConfigurationUpdateInput
AnalysisProfile
Fields
| Field Name | Description |
|---|---|
issueRules - [AnalysisProfileRule!]!
|
|
cveRules - [AnalysisProfileRule!]!
|
Example
{
"issueRules": [AnalysisProfileRule],
"cveRules": [AnalysisProfileRule]
}
AnalysisProfileRule
Example
{
"enabled": true,
"firmwareSelector": "abc123",
"query": "abc123",
"status": "NONE",
"comment": "abc123"
}
AnalysisProfileRuleInput
Example
{
"enabled": false,
"firmwareSelector": "abc123",
"query": "xyz789",
"status": "NONE",
"comment": "xyz789"
}
AnalysisProfileUpdateInput
Fields
| Input Field | Description |
|---|---|
issueRules - [AnalysisProfileRuleInput!]
|
|
cveRules - [AnalysisProfileRuleInput!]
|
Example
{
"issueRules": [AnalysisProfileRuleInput],
"cveRules": [AnalysisProfileRuleInput]
}
AnalysisResult
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"COMPLETE"
AnalysisResultError
Fields
| Field Name | Description |
|---|---|
missing - [String!]!
|
|
reason - String!
|
Example
{
"missing": ["abc123"],
"reason": "abc123"
}
AnalysisState
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"WAITING"
AnalysisType
Values
| Enum Value | Description |
|---|---|
|
|
Initial analysis after firmware upload |
|
|
Automatic daily monitoring analysis |
|
|
Manually triggered analysis |
Example
"INITIAL"
AndroidConfigurationPropertyIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
line - String!
|
|
name - String!
|
Example
{
"id": "4",
"stableKey": "xyz789",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "xyz789",
"summary": "xyz789",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": false,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "abc123",
"line": "abc123",
"name": "xyz789"
}
ApiToken
Example
{
"id": 4,
"name": "xyz789",
"description": "abc123",
"createdBy": "abc123",
"createdAt": Datetime,
"expireAt": Datetime,
"lastUsedAt": Datetime,
"permissions": [ApiTokenPermission]
}
ApiTokenCreateInput
Fields
| Input Field | Description |
|---|---|
name - String!
|
|
description - String
|
|
permissions - [ApiTokenPermissionInput!]!
|
|
expire - Datetime!
|
Example
{
"name": "xyz789",
"description": "xyz789",
"permissions": [ApiTokenPermissionInput],
"expire": Datetime
}
ApiTokenCreateResult
Types
| Union Types |
|---|
Example
CreatedApiToken
ApiTokenPermission
Fields
| Field Name | Description |
|---|---|
roles - [Role!]!
|
|
productGroup - ProductGroup
|
Example
{"roles": ["ADMIN"], "productGroup": ProductGroup}
ApiTokenPermissionInput
AuditRecord
Example
{
"timestamp": Datetime,
"firmwareId": "xyz789",
"userEmail": "xyz789",
"comment": "abc123",
"status": "NONE",
"stableKey": "xyz789",
"type": "ISSUE",
"objectSummary": "xyz789"
}
AuditTrailFilter
Fields
| Input Field | Description |
|---|---|
timestamp - DatetimeRange
|
Example
{"timestamp": DatetimeRange}
AuthorizedKeyIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
line - String!
|
|
keyType - String!
|
|
fingerprintMd5 - String!
|
|
fingerprintSha256 - String!
|
Example
{
"id": "4",
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "abc123",
"summary": "xyz789",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": true,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "abc123",
"line": "xyz789",
"keyType": "xyz789",
"fingerprintMd5": "abc123",
"fingerprintSha256": "xyz789"
}
BigInt
Description
Integer with value possibly bigger than the Int maximum defined in GraphQL
Example
{}
BinaryStartDangerousServiceIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
problem - Statement!
|
Example
{
"id": 4,
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "xyz789",
"summary": "abc123",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": true,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "xyz789",
"problem": Statement
}
BitLength
Example
BitLength
Blob
Example
{
"stableKey": "abc123",
"extractedRoot": Directory,
"size": {},
"extractedSize": {},
"extractedRootPath": "xyz789",
"extractionProblems": [BlobExtractionProblem]
}
BlobExtractionProblem
BlobFilter
Boolean
Description
The Boolean scalar type represents true or false.
Example
true
BulkUpdateCVEStatusInput
Fields
| Input Field | Description |
|---|---|
analysisId - ID!
|
|
items - [CVEStatusUpdateItem!]!
|
Example
{
"analysisId": "4",
"items": [CVEStatusUpdateItem]
}
BulkUpdateIssueStatusInput
Fields
| Input Field | Description |
|---|---|
analysisId - ID!
|
|
items - [IssueStatusUpdateItem!]!
|
Example
{"analysisId": 4, "items": [IssueStatusUpdateItem]}
CVEEntriesComparison
Fields
| Field Name | Description |
|---|---|
new - [CVEEntry!]!
|
|
dropped - [CVEEntry!]!
|
|
newCount - Int!
|
|
droppedCount - Int!
|
Example
{
"new": [CVEEntry],
"dropped": [CVEEntry],
"newCount": 123,
"droppedCount": 987
}
CVEEntry
Fields
| Field Name | Description |
|---|---|
id - CVEID!
|
|
description - String
|
|
name - String
|
|
publicationDate - Datetime!
|
|
modificationDate - Datetime!
|
|
severity - Severity!
|
|
cvss2 - CVSS2
|
|
cvss3 - CVSS3
|
|
references - [CVEReference!]!
|
|
cwes - [CWE!]!
|
|
exploitMaturity - CVEExploitMaturity!
|
|
epssProbability - Float
|
|
epssPercentile - Float
|
Example
{
"id": CVEID,
"description": "xyz789",
"name": "xyz789",
"publicationDate": Datetime,
"modificationDate": Datetime,
"severity": "CRITICAL",
"cvss2": CVSS2,
"cvss3": CVSS3,
"references": [CVEReference],
"cwes": [CWE],
"exploitMaturity": "NOT_DEFINED",
"epssProbability": 987.65,
"epssPercentile": 987.65
}
CVEExploitMaturity
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"NOT_DEFINED"
CVEFix
CVEID
Example
CVEID
CVEMatch
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
component - Component!
|
|
cve - CVEEntry!
|
|
score - Int!
|
|
evidences - [CVEMatchEvidence!]!
|
|
fixes - [CVEFix!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
auditTrail - [AuditRecord!]!
|
Example
{
"id": "4",
"stableKey": "abc123",
"component": Component,
"cve": CVEEntry,
"score": 987,
"evidences": [CVEMatchEvidence],
"fixes": [CVEFix],
"status": "NONE",
"isManualStatus": false,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "abc123",
"auditTrail": [AuditRecord]
}
CVEMatchEvidence
Fields
| Field Name | Description |
|---|---|
name - String!
|
|
match - Boolean!
|
|
score - Int!
|
|
description - String!
|
|
files - [String!]!
|
Example
{
"name": "abc123",
"match": false,
"score": 987,
"description": "abc123",
"files": ["xyz789"]
}
CVEMatchFilter
Fields
| Input Field | Description |
|---|---|
id - ID
|
|
status - StatusFilter
|
|
comment - String
|
Any of the audit trail comments contain the specified string, case insensitive |
score - IntFilter
|
|
isManualStatus - Boolean
|
|
cveEntryId - StringFilter
|
|
component - ComponentFilter
|
Example
{
"id": 4,
"status": StatusFilter,
"comment": "abc123",
"score": IntFilter,
"isManualStatus": true,
"cveEntryId": StringFilter,
"component": ComponentFilter
}
CVEMatchesComparison
Fields
| Field Name | Description |
|---|---|
new - [CVEMatch!]!
|
|
dropped - [CVEMatch!]!
|
|
newCount - Int!
|
|
droppedCount - Int!
|
Example
{
"new": [CVEMatch],
"dropped": [CVEMatch],
"newCount": 987,
"droppedCount": 123
}
CVEMatchesWithUpdatedStatus
Fields
| Field Name | Description |
|---|---|
cveMatches - [CVEMatch!]!
|
Example
{"cveMatches": [CVEMatch]}
CVEReference
Fields
| Field Name | Description |
|---|---|
name - String
|
|
url - String
|
|
source - String
|
|
tags - [String!]!
|
Example
{
"name": "xyz789",
"url": "abc123",
"source": "xyz789",
"tags": ["abc123"]
}
CVEStatusUpdateItem
CVSS2
Fields
| Field Name | Description |
|---|---|
vector - String!
|
|
score - Float!
|
|
baseScore - Float!
|
|
accessVector - CVSS2AccessVector!
|
|
accessComplexity - CVSS2AccessComplexity!
|
|
authentication - CVSS2Authentication!
|
|
confidentialityImpact - CVSS2Impact!
|
|
integrityImpact - CVSS2Impact!
|
|
availabilityImpact - CVSS2Impact!
|
Example
{
"vector": "xyz789",
"score": 123.45,
"baseScore": 123.45,
"accessVector": "LOCAL",
"accessComplexity": "HIGH",
"authentication": "MULTIPLE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
}
CVSS2AccessComplexity
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"HIGH"
CVSS2AccessVector
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"LOCAL"
CVSS2Authentication
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"MULTIPLE"
CVSS2Impact
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"NONE"
CVSS3
Fields
| Field Name | Description |
|---|---|
vector - String!
|
|
baseScore - Float!
|
|
temporalScore - Float
|
|
environmentalScore - Float
|
|
overallScore - Float!
|
|
attackVector - CVSSAttackVector!
|
|
attackComplexity - CVSSAttackComplexity!
|
|
privilegesRequired - CVSSPrivilegesRequired!
|
|
userInteraction - CVSS3UserInteraction!
|
|
scope - CVSS3Scope!
|
|
confidentialityImpact - CVSSImpact!
|
|
integrityImpact - CVSSImpact!
|
|
availabilityImpact - CVSSImpact!
|
|
modifiedAttackVector - CVSSModifiedAttackVector
|
|
modifiedAttackComplexity - CVSSModifiedAttackComplexity
|
|
modifiedPrivilegesRequired - CVSSModifiedPrivilegesRequired
|
|
modifiedUserInteraction - CVSS3ModifiedUserInteraction
|
|
modifiedScope - CVSS3ModifiedScope
|
|
modifiedConfidentialityImpact - CVSSModifiedImpact
|
|
modifiedIntegrityImpact - CVSSModifiedImpact
|
|
modifiedAvailabilityImpact - CVSSModifiedImpact
|
|
confidentialityRequirement - CVSSModifiedRequirement
|
|
integrityRequirement - CVSSModifiedRequirement
|
|
availabilityRequirement - CVSSModifiedRequirement
|
Example
{
"vector": "abc123",
"baseScore": 123.45,
"temporalScore": 987.65,
"environmentalScore": 987.65,
"overallScore": 987.65,
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedScope": "NOT_DEFINED",
"modifiedConfidentialityImpact": "NOT_DEFINED",
"modifiedIntegrityImpact": "NOT_DEFINED",
"modifiedAvailabilityImpact": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED"
}
CVSS3ModifiedScope
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"NOT_DEFINED"
CVSS3ModifiedUserInteraction
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"NOT_DEFINED"
CVSS3Scope
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"UNCHANGED"
CVSS3UserInteraction
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"NONE"
CVSS4
Fields
| Field Name | Description |
|---|---|
vector - String!
|
|
baseScore - Float!
|
|
attackVector - CVSSAttackVector!
|
|
attackComplexity - CVSSAttackComplexity!
|
|
attackRequirements - CVSS4AttackRequirements!
|
|
privilegesRequired - CVSSPrivilegesRequired!
|
|
userInteraction - CVSS4UserInteraction!
|
|
confidentialityImpact - CVSSImpact!
|
|
integrityImpact - CVSSImpact!
|
|
availabilityImpact - CVSSImpact!
|
|
subsequentConfidentialityImpact - CVSSImpact!
|
|
subsequentIntegrityImpact - CVSSImpact!
|
|
subsequentAvailabilityImpact - CVSSImpact!
|
Example
{
"vector": "xyz789",
"baseScore": 987.65,
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"subsequentConfidentialityImpact": "NONE",
"subsequentIntegrityImpact": "NONE",
"subsequentAvailabilityImpact": "NONE"
}
CVSS4AttackRequirements
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"NONE"
CVSS4UserInteraction
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"NONE"
CVSSAttackComplexity
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"LOW"
CVSSAttackVector
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"NETWORK"
CVSSImpact
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"NONE"
CVSSModifiedAttackComplexity
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"NOT_DEFINED"
CVSSModifiedAttackVector
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"NOT_DEFINED"
CVSSModifiedImpact
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"NOT_DEFINED"
CVSSModifiedPrivilegesRequired
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"NOT_DEFINED"
CVSSModifiedRequirement
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"NOT_DEFINED"
CVSSPrivilegesRequired
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"NONE"
CWE
CWEID
Example
CWEID
Certificate
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
fingerprintSha1 - String!
|
|
fingerprintSha256 - String!
|
|
details - String!
|
OpenSSL text output of the certificate |
issuer - String!
|
|
subject - String!
|
|
pem - String!
|
PEM encoded certificate |
notBefore - Datetime!
|
|
notAfter - Datetime!
|
|
signatureAlgorithmOid - String!
|
|
file - RegularFile!
|
|
privateKeys - [PrivateKey!]!
|
Example
{
"id": "4",
"fingerprintSha1": "xyz789",
"fingerprintSha256": "xyz789",
"details": "abc123",
"issuer": "xyz789",
"subject": "abc123",
"pem": "xyz789",
"notBefore": Datetime,
"notAfter": Datetime,
"signatureAlgorithmOid": "xyz789",
"file": RegularFile,
"privateKeys": [PrivateKey]
}
CertificateCAVerificationFailedIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
certificate - Certificate!
|
|
verificationError - CertificateVerificationError!
|
Example
{
"id": "4",
"stableKey": "xyz789",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "xyz789",
"summary": "abc123",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": false,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "xyz789",
"certificate": Certificate,
"verificationError": "SELF_SIGNED"
}
CertificateExpiredIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
certificate - Certificate!
|
Example
{
"id": "4",
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "abc123",
"summary": "abc123",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": false,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "abc123",
"certificate": Certificate
}
CertificateKeyLengthIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
certificate - Certificate!
|
|
keyType - String!
|
|
keyLength - Int!
|
Example
{
"id": "4",
"stableKey": "xyz789",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "xyz789",
"summary": "xyz789",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": false,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "abc123",
"certificate": Certificate,
"keyType": "abc123",
"keyLength": 123
}
CertificateRSAPublicExponentIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
certificate - Certificate!
|
|
exponent - Int!
|
Example
{
"id": 4,
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "abc123",
"summary": "xyz789",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": true,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "xyz789",
"certificate": Certificate,
"exponent": 987
}
CertificateSignatureIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
certificate - Certificate!
|
|
signatureOid - String!
|
|
signatureName - String!
|
Example
{
"id": 4,
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "abc123",
"summary": "abc123",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": false,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "xyz789",
"certificate": Certificate,
"signatureOid": "abc123",
"signatureName": "abc123"
}
CertificateTrustedCAMissmatchIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
certificate - Certificate!
|
|
missmatchType - TrustedCAMissmatch!
|
Example
{
"id": 4,
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "xyz789",
"summary": "abc123",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": true,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "xyz789",
"certificate": Certificate,
"missmatchType": "RENEWED"
}
CertificateVerificationError
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"SELF_SIGNED"
CertificateVerificationFailedIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
certificate - Certificate!
|
|
verificationError - CertificateVerificationError!
|
Example
{
"id": 4,
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "abc123",
"summary": "abc123",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": false,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "xyz789",
"certificate": Certificate,
"verificationError": "SELF_SIGNED"
}
CertificateVersionIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
certificate - Certificate!
|
|
version - String!
|
Example
{
"id": 4,
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "xyz789",
"summary": "abc123",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": true,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "abc123",
"certificate": Certificate,
"version": "abc123"
}
Chunk
Fields
| Field Name | Description |
|---|---|
parentFile - RegularFile!
|
|
index - Int!
|
|
startOffset - BigInt!
|
|
endOffset - BigInt!
|
|
size - BigInt!
|
|
extractedRoot - Directory
|
|
type - String!
|
|
stableKey - String!
|
|
meanEntropy - Float
|
|
entropy - Entropy
|
|
extractedSize - BigInt!
|
|
extractedRootPath - String
|
|
extractionProblems - [BlobExtractionProblem!]!
|
Example
{
"parentFile": RegularFile,
"index": 987,
"startOffset": {},
"endOffset": {},
"size": {},
"extractedRoot": Directory,
"type": "xyz789",
"stableKey": "abc123",
"meanEntropy": 987.65,
"entropy": Entropy,
"extractedSize": {},
"extractedRootPath": "abc123",
"extractionProblems": [BlobExtractionProblem]
}
CodeInjectionIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
problem - Statement!
|
|
source - Statement!
|
|
propagators - [Statement!]!
|
Example
{
"id": 4,
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "xyz789",
"summary": "xyz789",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": false,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "abc123",
"problem": Statement,
"source": Statement,
"propagators": [Statement]
}
CommandInjectionIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
problem - Statement!
|
|
source - Statement!
|
|
propagators - [Statement!]!
|
Example
{
"id": 4,
"stableKey": "xyz789",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "abc123",
"summary": "xyz789",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": true,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "abc123",
"problem": Statement,
"source": Statement,
"propagators": [Statement]
}
ComparisonCount
CompiledUnit
ComplianceAllowedClaim
Fields
| Field Name | Description |
|---|---|
claim - ComplianceItemClaim!
|
|
label - String!
|
|
type - ComplianceClaimType!
|
Example
{
"claim": "NOT_APPLICABLE",
"label": "xyz789",
"type": "POSITIVE"
}
ComplianceAnalysisFindingRule
Fields
| Field Name | Description |
|---|---|
suggestion - ComplianceItemSuggestion!
|
|
cveQuery - String
|
|
issueQuery - String
|
|
argument - String
|
Example
{
"suggestion": "YES",
"cveQuery": "abc123",
"issueQuery": "xyz789",
"argument": "xyz789"
}
ComplianceAuxiliaryProperty
ComplianceBundle
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
guideline - ComplianceGuideline!
|
|
createdBy - String!
|
|
createdAt - Datetime!
|
|
description - String
|
|
state - GenerationState!
|
|
size - BigInt
|
|
sha256 - String
|
|
downloadUrl - String
|
Example
{
"id": "4",
"guideline": ComplianceGuideline,
"createdBy": "xyz789",
"createdAt": Datetime,
"description": "abc123",
"state": "GENERATING",
"size": {},
"sha256": "abc123",
"downloadUrl": "xyz789"
}
ComplianceBundleCreateInput
ComplianceBundleCreateResult
Types
| Union Types |
|---|
Example
ComplianceBundle
ComplianceBundleFilter
Fields
| Input Field | Description |
|---|---|
guidelineId - ID
|
Example
{"guidelineId": "4"}
ComplianceChapter
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
type - ComplianceChapterType!
|
|
sections - [ComplianceGuidelineSection!]!
|
|
extras - [ComplianceExtra!]!
|
|
title - String!
|
|
allowedClaims - [ComplianceAllowedClaim!]!
|
Example
{
"id": "4",
"type": "REQUIREMENTS",
"sections": [ComplianceGuidelineSection],
"extras": [ComplianceExtra],
"title": "xyz789",
"allowedClaims": [ComplianceAllowedClaim]
}
ComplianceChapterType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"REQUIREMENTS"
ComplianceClaimType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"POSITIVE"
ComplianceDefaultSuggestionRule
Fields
| Field Name | Description |
|---|---|
suggestion - ComplianceItemSuggestion!
|
Example
{"suggestion": "YES"}
ComplianceExtra
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
title - String!
|
|
description - String
|
|
columns - [ComplianceAuxiliaryProperty!]!
|
|
relatedProvisions - [ComplianceProvision!]!
|
Example
{
"id": "4",
"title": "abc123",
"description": "abc123",
"columns": [ComplianceAuxiliaryProperty],
"relatedProvisions": [ComplianceProvision]
}
ComplianceExtraItem
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
guideline - ComplianceGuideline!
|
|
chapter - ComplianceChapter!
|
|
extra - ComplianceExtra!
|
|
data - DataTable!
|
Example
{
"id": 4,
"guideline": ComplianceGuideline,
"chapter": ComplianceChapter,
"extra": ComplianceExtra,
"data": DataTable
}
ComplianceExtraItemFilter
ComplianceExtraItemUpdateInput
Fields
| Input Field | Description |
|---|---|
firmwareId - ID!
|
|
extraId - ID!
|
|
data - DataTableInput!
|
NOTE: Already stored data will be overridden |
Example
{
"firmwareId": 4,
"extraId": "4",
"data": DataTableInput
}
ComplianceExtraItemUpdateResult
Types
| Union Types |
|---|
Example
ComplianceExtraItem
ComplianceGuideline
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
title - String!
|
|
publisherName - String!
|
|
publisherType - ComplianceGuidelinePublisherType!
|
|
publicationDate - Date!
|
|
url - String!
|
|
auxiliaryProperties - [ComplianceAuxiliaryProperty!]!
|
|
summary - String!
|
|
chapters - [ComplianceChapter!]!
|
Example
{
"id": "4",
"title": "abc123",
"publisherName": "abc123",
"publisherType": "GOVERNMENT_ORGANISATION",
"publicationDate": "2007-12-03",
"url": "xyz789",
"auxiliaryProperties": [ComplianceAuxiliaryProperty],
"summary": "xyz789",
"chapters": [ComplianceChapter]
}
ComplianceGuidelinePublisherType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"GOVERNMENT_ORGANISATION"
ComplianceGuidelineSection
Description
A section or chapter of a compliance guideline, which groups similar guideline provisions.
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
title - String!
|
|
provisions - [ComplianceProvision!]!
|
Example
{
"id": 4,
"title": "xyz789",
"provisions": [ComplianceProvision]
}
ComplianceItem
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
guideline - ComplianceGuideline!
|
|
chapter - ComplianceChapter!
|
|
section - ComplianceGuidelineSection!
|
|
provision - ComplianceProvision!
|
|
currentData - ComplianceItemData!
|
|
latestData - ComplianceItemData!
|
|
claim - ComplianceItemClaim
|
|
argument - String
|
|
status - ComplianceItemStatus!
|
Example
{
"id": "4",
"guideline": ComplianceGuideline,
"chapter": ComplianceChapter,
"section": ComplianceGuidelineSection,
"provision": ComplianceProvision,
"currentData": ComplianceItemData,
"latestData": ComplianceItemData,
"claim": "NOT_APPLICABLE",
"argument": "xyz789",
"status": "UP_TO_DATE"
}
ComplianceItemClaim
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"NOT_APPLICABLE"
ComplianceItemData
Fields
| Field Name | Description |
|---|---|
createdAt - Datetime!
|
|
revision - String!
|
|
analysis - Analysis!
|
|
issues - [Issue!]!
|
|
cveMatches - [CVEMatch!]!
|
|
suggestion - ComplianceItemSuggestion!
|
|
argument - String
|
Example
{
"createdAt": Datetime,
"revision": "abc123",
"analysis": Analysis,
"issues": [Issue],
"cveMatches": [CVEMatch],
"suggestion": "YES",
"argument": "xyz789"
}
ComplianceItemFilter
ComplianceItemStatus
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"UP_TO_DATE"
ComplianceItemSuggestion
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"YES"
ComplianceItemUpdateInput
Fields
| Input Field | Description |
|---|---|
id - ID!
|
|
claim - ComplianceItemClaim!
|
|
argument - String!
|
|
latestRevision - String!
|
latestRevision is a data integrity guard: it must match with latestData.revision on the backend for the request to succeed. If the revisions match, latestData copied over to currentData and the |
Example
{
"id": "4",
"claim": "NOT_APPLICABLE",
"argument": "xyz789",
"latestRevision": "abc123"
}
ComplianceItemUpdateResult
Types
| Union Types |
|---|
Example
ComplianceItemUpdateResults
ComplianceItemUpdateResults
Description
We return all compliance items that are changed as a result of the mutation (eg: the one that was changed, plus all the ones that depend directly or indirectly on this.)
Fields
| Field Name | Description |
|---|---|
items - [ComplianceItem!]!
|
Example
{"items": [ComplianceItem]}
ComplianceProvision
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
title - String!
|
|
requirement - String
|
|
problemBackground - String
|
|
solution - String
|
|
rules - [ComplianceRule!]!
|
|
relatedExtras - [ComplianceExtra!]!
|
Example
{
"id": 4,
"title": "xyz789",
"requirement": "xyz789",
"problemBackground": "abc123",
"solution": "xyz789",
"rules": [ComplianceRule],
"relatedExtras": [ComplianceExtra]
}
ComplianceProvisionRule
Fields
| Field Name | Description |
|---|---|
suggestion - ComplianceItemSuggestion!
|
|
provision - ComplianceProvision!
|
|
provisionResult - ComplianceItemSuggestion!
|
|
argument - String
|
|
inheritEvidences - Boolean!
|
Example
{
"suggestion": "YES",
"provision": ComplianceProvision,
"provisionResult": "YES",
"argument": "abc123",
"inheritEvidences": true
}
ComplianceRule
Fields
| Field Name | Description |
|---|---|
suggestion - ComplianceItemSuggestion!
|
Possible Types
| ComplianceRule Types |
|---|
Example
{"suggestion": "YES"}
Component
Description
A software component with version information (package, library, module, application, kernel etc.)
Fields
| Field Name | Description |
|---|---|
key - String!
|
Uniquely identifies the component across analyses |
name - String!
|
|
version - String!
|
|
update - String!
|
|
files - [RegularFile!]!
|
|
fileCount - Int!
|
|
cpes - [String!]!
|
List of CPEs (Common Platform Enumeration) |
licenses - [String!]!
|
|
license_explanation - String
|
|
tags - [ComponentTag!]!
|
|
cveMatches - [CVEMatch!]!
|
|
Arguments
|
|
cveMatchCount - SeverityCounts!
|
|
Arguments
|
|
possibleVersions - [String!]!
|
|
evidences - [ComponentEvidence!]!
|
|
dependsOn - [Component!]!
|
|
dependedBy - [Component!]!
|
|
Example
{
"key": "abc123",
"name": "abc123",
"version": "abc123",
"update": "xyz789",
"files": [RegularFile],
"fileCount": 987,
"cpes": ["xyz789"],
"licenses": ["xyz789"],
"license_explanation": "abc123",
"tags": ["ANDROID"],
"cveMatches": [CVEMatch],
"cveMatchCount": SeverityCounts,
"possibleVersions": ["xyz789"],
"evidences": [ComponentEvidence],
"dependsOn": [Component],
"dependedBy": [Component]
}
ComponentDependency
Fields
| Field Name | Description |
|---|---|
source - Component!
|
|
target - Component!
|
Example
{
"source": Component,
"target": Component
}
ComponentEvidence
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
type - ComponentEvidenceType!
|
|
name - String!
|
Uniquely identifies the component across analyses |
version - String!
|
|
possibleVersions - [String!]!
|
|
update - String!
|
|
files - [RegularFile!]!
|
|
cpes - [String!]!
|
List of CPEs (Common Platform Enumeration) |
licenses - [String!]!
|
|
license_explanation - String
|
|
tags - [ComponentTag!]!
|
Example
{
"id": "4",
"type": "BINARY_COMPILED_UNIT",
"name": "abc123",
"version": "xyz789",
"possibleVersions": ["abc123"],
"update": "abc123",
"files": [RegularFile],
"cpes": ["abc123"],
"licenses": ["xyz789"],
"license_explanation": "abc123",
"tags": ["ANDROID"]
}
ComponentEvidenceType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"BINARY_COMPILED_UNIT"
ComponentFilter
ComponentTag
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"ANDROID"
ComponentsComparison
Fields
| Field Name | Description |
|---|---|
new - [Component!]!
|
|
dropped - [Component!]!
|
|
newCount - Int!
|
|
droppedCount - Int!
|
Example
{
"new": [Component],
"dropped": [Component],
"newCount": 987,
"droppedCount": 123
}
Confidence
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"HIGH"
ContentFilter
Description
Only one of these can be specified at the same time
Fields
| Input Field | Description |
|---|---|
string - StringFilter
|
To search by string, at least 4 characters need to be specified |
importedFunction - StringFilter
|
|
exportedFunction - StringFilter
|
|
symbol - StringFilter
|
Example
{
"string": StringFilter,
"importedFunction": StringFilter,
"exportedFunction": StringFilter,
"symbol": StringFilter
}
CreateReportLinkInput
CreatedApiToken
CreatedReportLink
CustomIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
name - String!
|
|
description - String
|
Example
{
"id": 4,
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "abc123",
"summary": "abc123",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": false,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "abc123",
"name": "xyz789",
"description": "xyz789"
}
CustomIssueDefinition
Example
{
"id": 4,
"name": "abc123",
"cvss3Vector": "xyz789",
"cvss4Vector": "xyz789",
"confidence": "HIGH",
"description": "abc123",
"query": "xyz789"
}
CustomIssueDefinitionCreateInput
Example
{
"name": "abc123",
"cvss3Vector": "abc123",
"cvss4Vector": "xyz789",
"confidence": "HIGH",
"description": "xyz789",
"query": "xyz789"
}
CustomIssueDefinitionUpdateInput
Example
{
"id": 4,
"name": "abc123",
"cvss3Vector": "abc123",
"cvss4Vector": "abc123",
"confidence": "HIGH",
"description": "xyz789",
"query": "abc123"
}
CustomIssueDefinitionsResult
Types
| Union Types |
|---|
Example
CustomIssueDefinition
DataTable
Fields
| Field Name | Description |
|---|---|
rows - [DataTableRow!]!
|
Example
{"rows": [DataTableRow]}
DataTableInput
Fields
| Input Field | Description |
|---|---|
rows - [DataTableRowInput!]!
|
Example
{"rows": [DataTableRowInput]}
DataTableRow
Fields
| Field Name | Description |
|---|---|
columns - [Property!]!
|
Example
{"columns": [Property]}
DataTableRowInput
Fields
| Input Field | Description |
|---|---|
columns - [PropertyInput]!
|
Example
{"columns": [PropertyInput]}
Date
Example
"2007-12-03"
Datetime
Description
ISO 8601 formatted time
Example
Datetime
DatetimeRange
Directory
Example
{
"path": "xyz789",
"name": "abc123",
"firmware": Firmware,
"parentBlob": Blob,
"stableKey": "abc123",
"blobRelativePath": "abc123",
"multiFile": MultiFile
}
DropbearCLIArgumentIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
name - String!
|
|
line - String!
|
Example
{
"id": "4",
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "abc123",
"summary": "abc123",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": true,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "xyz789",
"name": "abc123",
"line": "abc123"
}
ELFCategory
Values
| Enum Value | Description |
|---|---|
|
|
General crypto |
|
|
DSA related crypto |
|
|
SSL/TLS communication related |
|
|
RSA related crypto |
|
|
Diffie-Hellman related |
|
|
AES related crypto, may indicate hard-coded keys |
|
|
DES related crypto, may indicate hard-coded keys. |
|
|
Low-level ASN1 manipulation |
|
|
BASE64 encoding/decoding |
|
|
X509 certificate related |
|
|
Operation on PEM files |
|
|
Elliptic curve crypto |
|
|
PKCS related |
|
|
HASH function |
|
|
Blowfish related crypto, may indicate hard-coded keys |
|
|
Pluggable Authentication Module (PAM) related authentication. See 'man 3 pam' |
|
|
General networking |
|
|
Command execution, usually safe, but unsafe when a specific argument passed to the command is controlled by a user. Lower-risk than UNSAFE_COMMAND_EXEC |
|
|
Unsafe string manipulation, without bounds checking. Source string - and therefore length - is controlled by a user. The bounds of the destination buffer may be overflowed. |
|
|
Unsafe string manipulation with bounds checking. Unsafe when the length field is controlled by user input. |
|
|
Unsafe command execution when any part of the buffer passed to the command execution string is controlled by a user |
Example
"CRYPTO"
ELFDetails
Fields
| Field Name | Description |
|---|---|
symbols - [ELFSymbol!]!
|
|
libraries - [LinkedLibrary!]!
|
|
linkedBy - [LinkedLibrary!]!
|
Example
{
"symbols": [ELFSymbol],
"libraries": [LinkedLibrary],
"linkedBy": [LinkedLibrary]
}
ELFInfo
Description
ELF specific file information.
Fields
| Field Name | Description |
|---|---|
machine - String!
|
Machine information |
bits - BitLength!
|
Bits of the architecture 8/16/32/64 |
canary - Boolean!
|
Stack canary compile time flag |
compiler - String
|
Compiler used |
endian - Endian!
|
Endianness of the file |
interpreter - String
|
Interpreter for the binary |
nx - Boolean!
|
Non-executable stack |
pic - Boolean!
|
Position-independent code (PIC) or position-independent executable (PIE), enables Address space layout randomization (ASLR) |
immediateBinding - Boolean!
|
Immediate binding |
fortify - Boolean!
|
Fortify |
relro - ELFRelRO!
|
Relocation Read-Only |
rpath - String
|
Run-time search path (Rpath) |
static - Boolean!
|
Statically linked |
stripped - Boolean!
|
Debug symbols are stripped |
cpuFamily - String
|
Determines the processor architecture together with machine, endian and bits (like ARM version or presence of hardware float support) |
loadAddress - BigInt
|
The address, where the binary is loaded at run-time |
categories - [ELFCategory!]!
|
ELF category based on imported functions |
neededLibraries - [String!]!
|
|
librariesCount - Int!
|
|
linkedByCount - Int!
|
Example
{
"machine": "xyz789",
"bits": BitLength,
"canary": false,
"compiler": "abc123",
"endian": "LITTLE",
"interpreter": "abc123",
"nx": true,
"pic": true,
"immediateBinding": true,
"fortify": false,
"relro": "FULL",
"rpath": "abc123",
"static": false,
"stripped": true,
"cpuFamily": "abc123",
"loadAddress": {},
"categories": ["CRYPTO"],
"neededLibraries": ["xyz789"],
"librariesCount": 987,
"linkedByCount": 987
}
ELFMissingCanaryIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
Example
{
"id": "4",
"stableKey": "xyz789",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "abc123",
"summary": "xyz789",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": true,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "abc123"
}
ELFMissingFortifyIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
Example
{
"id": "4",
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "xyz789",
"summary": "abc123",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": false,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "abc123"
}
ELFMissingFullRelROIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
Example
{
"id": "4",
"stableKey": "xyz789",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "abc123",
"summary": "abc123",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": false,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "abc123"
}
ELFMissingImmediateBindingIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
Example
{
"id": "4",
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "xyz789",
"summary": "xyz789",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": false,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "xyz789"
}
ELFMissingNXIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
Example
{
"id": 4,
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "xyz789",
"summary": "abc123",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": true,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "xyz789"
}
ELFNonPICIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
Example
{
"id": "4",
"stableKey": "xyz789",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "xyz789",
"summary": "abc123",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": true,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "abc123"
}
ELFNonStrippedIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
Example
{
"id": "4",
"stableKey": "xyz789",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "abc123",
"summary": "abc123",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": false,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "abc123"
}
ELFRelRO
Values
| Enum Value | Description |
|---|---|
|
|
Full Relocation Read-Only (RELRO), Global Offset Table (GOT) is read-only |
|
|
Partial Relocation Read-Only (RELRO), non Procedure Linkage Table (PLT) part of Global Offset Table (GOT) is read-only. PLT part is writeable. |
|
|
No Relocation Read-Only (RELRO), Global Offset Table (GOT) is writeable. |
Example
"FULL"
ELFSymbol
Example
{
"name": "abc123",
"exported": false,
"imported": false,
"function": true,
"static": true,
"variable": true,
"compiledUnits": [CompiledUnit],
"offset": {},
"size": {}
}
Endian
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"LITTLE"
Entropy
Error
ExtractionProblem
Possible Types
| ExtractionProblem Types |
|---|
Example
{"critical": true, "description": "abc123"}
File
Fields
| Field Name | Description |
|---|---|
path - String!
|
|
name - String!
|
|
firmware - Firmware!
|
|
parentBlob - Blob
|
|
stableKey - String!
|
|
blobRelativePath - String!
|
|
multiFile - MultiFile
|
Possible Types
| File Types |
|---|
Example
{
"path": "xyz789",
"name": "abc123",
"firmware": Firmware,
"parentBlob": Blob,
"stableKey": "xyz789",
"blobRelativePath": "xyz789",
"multiFile": MultiFile
}
FileAnalysisError
Fields
| Field Name | Description |
|---|---|
step - String!
|
|
type - FileAnalysisErrorType!
|
|
description - String
|
Example
{
"step": "xyz789",
"type": "PROCESSING_FAILED",
"description": "xyz789"
}
FileAnalysisErrorType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"PROCESSING_FAILED"
FileContentResult
Fields
| Field Name | Description |
|---|---|
match - String!
|
The full content that was matched by the query |
file - RegularFile!
|
Example
{
"match": "abc123",
"file": RegularFile
}
FileExtractionProblem
FileInclusionIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
problem - Statement!
|
|
source - Statement!
|
|
propagators - [Statement!]!
|
Example
{
"id": "4",
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "abc123",
"summary": "xyz789",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": false,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "abc123",
"problem": Statement,
"source": Statement,
"propagators": [Statement]
}
FileTag
Values
| Enum Value | Description |
|---|---|
|
|
Flags the file if it contains dangerous function call that could lead to a vulnerability if not used properly. The analysis checks these function calls to identify issues. |
|
|
Example
"POTENTIALLY_VULNERABLE"
FileTagFilter
Fields
| Input Field | Description |
|---|---|
include - [FileTag!]
|
Include files with any of these tags set |
Example
{"include": ["POTENTIALLY_VULNERABLE"]}
FilesFilter
Fields
| Input Field | Description |
|---|---|
name - StringFilter
|
When both are specified name AND path will also match. |
path - PathFilter
|
|
category - StringFilter
|
|
parentBlob - BlobFilter
|
|
size - IntFilter
|
|
tag - FileTagFilter
|
Example
{
"name": StringFilter,
"path": PathFilter,
"category": StringFilter,
"parentBlob": BlobFilter,
"size": IntFilter,
"tag": FileTagFilter
}
FindingType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"ISSUE"
Firmware
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
name - String!
|
|
uploadTime - Datetime!
|
|
version - String
|
|
notes - String
|
|
totalSize - BigInt
|
|
binary - FirmwareBinary
|
|
sbom - FirmwareSBOM
|
|
analysisConfiguration - AnalysisConfiguration!
|
|
analyses - [Analysis!]!
|
|
Arguments
|
|
latestAnalysisTime - Datetime
|
|
latestAnalysis - Analysis
|
|
fileCount - Int
|
|
Arguments
|
|
files - [File!]!
|
|
Arguments
|
|
blobs - [Blob!]!
|
|
Arguments
|
|
processing - Processing!
|
|
monitoring - Boolean!
|
|
uploader - String!
|
|
componentCount - Int
|
|
Arguments
|
|
components - [Component!]!
|
|
Arguments
|
|
certificates - [Certificate!]!
|
|
privateKeys - [PrivateKey!]!
|
|
latestIssues - [Issue!]!
|
|
Arguments
|
|
fileContent - [FileContentResult!]!
|
Search in the content of the files. Result is limited to 100 matches |
Arguments
|
|
releaseDate - Date
|
|
product - Product!
|
|
complianceItems - [ComplianceItem!]!
|
|
Arguments
|
|
complianceExtraItems - [ComplianceExtraItem!]!
|
|
Arguments
|
|
elfDetails - ELFDetails
|
|
Arguments
|
|
managementProtocols - [ManagementProtocol!]!
|
|
downloadUrl - String!
|
|
spriteSheets - [SpriteSheet!]!
|
|
cveMatches - [CVEMatch!]!
|
Filter, query with OQL or search the list of CVEs for this Firmware. The parameters are mutually exclusive |
Arguments |
|
compareAnalyses - AnalysesComparison!
|
Compare two analyses (by ID) on a given firmware |
extractionProblems - [ExtractionProblem!]!
|
|
labels - [String!]!
|
|
properties - [Property!]!
|
|
supportingFiles - [SupportingFile!]!
|
|
complianceBundles - [ComplianceBundle!]!
|
|
Arguments
|
|
auditTrail - [AuditRecord!]!
|
|
Arguments
|
|
uris - [URI!]!
|
|
uriCount - Int
|
|
linkedLibraries - [LinkedLibrary!]!
|
|
componentDependencies - [ComponentDependency!]!
|
|
Example
{
"id": "4",
"name": "xyz789",
"uploadTime": Datetime,
"version": "abc123",
"notes": "xyz789",
"totalSize": {},
"binary": FirmwareBinary,
"sbom": FirmwareSBOM,
"analysisConfiguration": AnalysisConfiguration,
"analyses": [Analysis],
"latestAnalysisTime": Datetime,
"latestAnalysis": Analysis,
"fileCount": 123,
"files": [File],
"blobs": [Blob],
"processing": ProcessingInProgress,
"monitoring": true,
"uploader": "abc123",
"componentCount": 123,
"components": [Component],
"certificates": [Certificate],
"privateKeys": [PrivateKey],
"latestIssues": [Issue],
"fileContent": [FileContentResult],
"releaseDate": "2007-12-03",
"product": Product,
"complianceItems": [ComplianceItem],
"complianceExtraItems": [ComplianceExtraItem],
"elfDetails": ELFDetails,
"managementProtocols": [ManagementProtocol],
"downloadUrl": "xyz789",
"spriteSheets": [SpriteSheet],
"cveMatches": [CVEMatch],
"compareAnalyses": AnalysesComparison,
"extractionProblems": [ExtractionProblem],
"labels": ["abc123"],
"properties": [Property],
"supportingFiles": [SupportingFile],
"complianceBundles": [ComplianceBundle],
"auditTrail": [AuditRecord],
"uris": [URI],
"uriCount": 987,
"linkedLibraries": [LinkedLibrary],
"componentDependencies": [ComponentDependency]
}
FirmwareAddComponentInput
Example
{
"firmwareId": "4",
"name": "xyz789",
"version": "abc123",
"update": "xyz789",
"vendor": "abc123",
"product": "abc123",
"licenses": ["xyz789"],
"licenseExplanation": "abc123",
"tags": ["ANDROID"]
}
FirmwareBinary
FirmwareComponentEditResult
Types
| Union Types |
|---|
Example
Component
FirmwareDeleteComponentInput
FirmwareFilter
Fields
| Input Field | Description |
|---|---|
uploadTime - DatetimeRange
|
Example
{"uploadTime": DatetimeRange}
FirmwareProcessingUpdate
Fields
| Field Name | Description |
|---|---|
firmwareID - ID!
|
|
name - String!
|
|
processing - Processing!
|
Example
{
"firmwareID": 4,
"name": "xyz789",
"processing": ProcessingInProgress
}
FirmwareReviewInput
FirmwareSBOM
FirmwareSupportingFileDeleteInput
FirmwareTimelineItem
Fields
| Field Name | Description |
|---|---|
firmware - Firmware!
|
|
previousComparison - AnalysesComparison
|
Example
{
"firmware": Firmware,
"previousComparison": AnalysesComparison
}
FirmwareUpdateComponentInput
Fields
| Input Field | Description |
|---|---|
firmwareId - ID!
|
|
componentKey - String!
|
|
name - String
|
|
version - String
|
|
update - String
|
|
vendor - String
|
Fields "vendor" and "product" are interdependent and must be updated together |
product - String
|
|
licenses - [String!]
|
Must be valid SPDX identifier or "proprietary" |
licenseExplanation - String
|
|
tags - [ComponentTag!]
|
Example
{
"firmwareId": 4,
"componentKey": "xyz789",
"name": "abc123",
"version": "xyz789",
"update": "abc123",
"vendor": "xyz789",
"product": "abc123",
"licenses": ["abc123"],
"licenseExplanation": "xyz789",
"tags": ["ANDROID"]
}
FirmwareUpdateInput
Fields
| Input Field | Description |
|---|---|
id - ID!
|
|
firmware - FirmwareUpdateMetadataInput
|
|
product - ProductUpdateInput
|
Example
{
"id": 4,
"firmware": FirmwareUpdateMetadataInput,
"product": ProductUpdateInput
}
FirmwareUpdateMetadataInput
Example
{
"name": "abc123",
"version": "xyz789",
"releaseDate": "2007-12-03",
"notes": "abc123",
"labels": ["abc123"],
"properties": [PropertyInput],
"analysisConfigurationId": 4
}
FirmwareUpdateResult
Types
| Union Types |
|---|
Example
Firmware
FirmwareUploadInput
Fields
| Input Field | Description |
|---|---|
firmware - FirmwareUploadMetadataInput!
|
|
product - ProductInput!
|
|
productGroup - IDInput!
|
Example
{
"firmware": FirmwareUploadMetadataInput,
"product": ProductInput,
"productGroup": IDInput
}
FirmwareUploadMetadata
FirmwareUploadMetadataInput
Fields
| Input Field | Description |
|---|---|
name - String!
|
Human Readable name of the Firmware |
version - String
|
|
releaseDate - Date
|
|
notes - String
|
Any kind of free-text notes for the uploaded firmware |
enableMonitoring - Boolean
|
Enable regular (daily) monitoring of this firmware |
labels - [String!]
|
|
properties - [PropertyInput!]
|
|
analysisConfigurationId - ID
|
When set omitted (or set to null), the Default analysis configuration will be used |
Example
{
"name": "xyz789",
"version": "abc123",
"releaseDate": "2007-12-03",
"notes": "abc123",
"enableMonitoring": true,
"labels": ["abc123"],
"properties": [PropertyInput],
"analysisConfigurationId": "4"
}
FirmwareUploadResult
Types
| Union Types |
|---|
Example
FirmwareUploadMetadata
Float
Description
The Float scalar type represents signed double-precision fractional values as specified by IEEE 754.
Example
987.65
FormatStringIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
problem - Statement!
|
|
source - Statement!
|
|
propagators - [Statement!]!
|
Example
{
"id": "4",
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "xyz789",
"summary": "abc123",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": false,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "abc123",
"problem": Statement,
"source": Statement,
"propagators": [Statement]
}
GenerateReportInput
Example
{
"reportConfigurationId": 4,
"firmwareIds": [4],
"title": "abc123",
"classification": "abc123",
"project": "abc123"
}
GenerateReportResult
Types
| Union Types |
|---|
Example
Report
GenerationState
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"GENERATING"
HardcodedAccountPassword
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"EMPTY_PASSWORD"
HardcodedAccountPasswordIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
line - String!
|
|
user - String
|
|
password - String
|
|
hash - String
|
|
hashType - HardcodedHashType
|
|
passwordType - HardcodedAccountPassword!
|
Example
{
"id": "4",
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "xyz789",
"summary": "abc123",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": true,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "abc123",
"line": "abc123",
"user": "xyz789",
"password": "xyz789",
"hash": "abc123",
"hashType": "DES_CRYPT",
"passwordType": "EMPTY_PASSWORD"
}
HardcodedCredentialIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
user - String
|
|
password - String!
|
|
line - String!
|
|
credentialType - HardcodedCredentialType!
|
Example
{
"id": 4,
"stableKey": "xyz789",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "abc123",
"summary": "abc123",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": false,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "xyz789",
"user": "abc123",
"password": "abc123",
"line": "xyz789",
"credentialType": "AWS_CREDENTIALS"
}
HardcodedCredentialType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"AWS_CREDENTIALS"
HardcodedHashType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"DES_CRYPT"
HardcodedPrivateKeyCertificateIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
certificate - Certificate!
|
|
privateKey - PrivateKey!
|
Example
{
"id": "4",
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "abc123",
"summary": "xyz789",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": true,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "abc123",
"certificate": Certificate,
"privateKey": PrivateKey
}
HardcodedSSHHostKeyIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
privateKey - PrivateKey!
|
Example
{
"id": "4",
"stableKey": "xyz789",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "xyz789",
"summary": "abc123",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": true,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "xyz789",
"privateKey": PrivateKey
}
Hash
HeaderInjectionIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
problem - Statement!
|
|
source - Statement!
|
|
propagators - [Statement!]!
|
Example
{
"id": 4,
"stableKey": "xyz789",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "xyz789",
"summary": "xyz789",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": false,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "abc123",
"problem": Statement,
"source": Statement,
"propagators": [Statement]
}
ID
Description
The ID scalar type represents a unique identifier, often used to refetch an object or as key for a cache. The ID type appears in a JSON response as a String; however, it is not intended to be human-readable. When expected as an input type, any string (such as "4") or integer (such as 4) input value will be accepted as an ID.
Example
"4"
IDInput
Fields
| Input Field | Description |
|---|---|
id - ID!
|
Example
{"id": 4}
InformationLeakageDSStoreIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
entries - [String!]!
|
Example
{
"id": "4",
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "abc123",
"summary": "abc123",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": true,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "abc123",
"entries": ["xyz789"]
}
InformationLeakagePHPInfoIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
problem - Statement!
|
Example
{
"id": 4,
"stableKey": "xyz789",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "abc123",
"summary": "abc123",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": true,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "xyz789",
"problem": Statement
}
InformationLeakageSVNIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
info - String!
|
Example
{
"id": 4,
"stableKey": "xyz789",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "xyz789",
"summary": "abc123",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": true,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "abc123",
"info": "xyz789"
}
InformationLeakageVIMSwapIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
user - String!
|
|
host - String!
|
|
originalFilename - String!
|
|
vimVersion - String!
|
Example
{
"id": "4",
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "xyz789",
"summary": "xyz789",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": false,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "abc123",
"user": "abc123",
"host": "abc123",
"originalFilename": "abc123",
"vimVersion": "xyz789"
}
InsecureDeserializationIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
problem - Statement!
|
|
source - Statement!
|
|
propagators - [Statement!]!
|
Example
{
"id": 4,
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "abc123",
"summary": "abc123",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": false,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "abc123",
"problem": Statement,
"source": Statement,
"propagators": [Statement]
}
InsecureManagementProtocolIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
name - String!
|
Example
{
"id": "4",
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "xyz789",
"summary": "abc123",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": false,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "xyz789",
"name": "abc123"
}
Int
Description
The Int scalar type represents non-fractional signed whole numeric values. Int can represent values between -(2^31) and 2^31 - 1.
Example
123
IntFilter
InternalError
InvalidCertificateIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
certificate - Certificate!
|
|
error - String!
|
Example
{
"id": 4,
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "xyz789",
"summary": "xyz789",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": true,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "xyz789",
"certificate": Certificate,
"error": "abc123"
}
Issue
Description
The base for any issues
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
Possible Types
| Issue Types |
|---|
Example
{
"id": "4",
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "abc123",
"summary": "abc123",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": false,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "xyz789"
}
IssueDoc
Example
{
"type": "xyz789",
"summary": "xyz789",
"description": "xyz789",
"mitigation": "abc123",
"cwes": [CWE],
"references": [Reference]
}
IssueStatusUpdateItem
IssuesComparison
IssuesFilter
Fields
| Input Field | Description |
|---|---|
severity - Severity
|
When multiple criteria are specified, it means AND logic. |
confidence - Confidence
|
|
id - ID
|
|
typename - String
|
|
elf - Boolean
|
Limit to (true) or exclude (false) ELF related issues |
status - StatusFilter
|
|
isManualStatus - Boolean
|
|
comment - String
|
Any of the audit trail comments contain the specified string, case insensitive |
Example
{
"severity": "CRITICAL",
"confidence": "HIGH",
"id": "4",
"typename": "xyz789",
"elf": true,
"status": StatusFilter,
"isManualStatus": false,
"comment": "xyz789"
}
IssuesWithUpdatedStatus
Fields
| Field Name | Description |
|---|---|
issues - [Issue!]!
|
Example
{"issues": [Issue]}
Justification
Values
| Enum Value | Description |
|---|---|
|
|
The code has been removed or tree-shaked. |
|
|
The vulnerable code is not invoked at runtime. |
|
|
Exploitability requires a configurable option to be set/unset. |
|
|
Exploitability requires a dependency that is not present. |
|
|
Exploitability requires a certain environment which is not present. |
|
|
Exploitability requires a compiler flag to be set/unset. |
|
|
Exploits are prevented at runtime. |
|
|
Attacks are blocked at physical, logical, or network perimeter. |
|
|
Preventative measures have been implemented that reduce the likelihood and/or impact of the vulnerability. |
Example
"CODE_NOT_PRESENT"
LinkedLibrary
Fields
| Field Name | Description |
|---|---|
file - RegularFile!
|
|
name - String!
|
|
libraryFiles - [RegularFile!]!
|
Example
{
"file": RegularFile,
"name": "abc123",
"libraryFiles": [RegularFile]
}
LooseEqualityIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
problem - Statement!
|
Example
{
"id": 4,
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "abc123",
"summary": "abc123",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": true,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "xyz789",
"problem": Statement
}
MaliciousSoftwareIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
name - String!
|
Example
{
"id": "4",
"stableKey": "xyz789",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "abc123",
"summary": "xyz789",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": true,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "xyz789",
"name": "abc123"
}
ManagementProtocol
Fields
| Field Name | Description |
|---|---|
protocol - String!
|
|
file - RegularFile!
|
|
references - [Reference!]!
|
|
description - String!
|
Example
{
"protocol": "xyz789",
"file": RegularFile,
"references": [Reference],
"description": "xyz789"
}
MissingPeerVerificationIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
line - String!
|
Example
{
"id": 4,
"stableKey": "xyz789",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "abc123",
"summary": "abc123",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": true,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "xyz789",
"line": "xyz789"
}
MultiFile
Example
{
"stableKey": "abc123",
"extractedRoot": Directory,
"type": "abc123",
"parentFiles": [File],
"size": {},
"extractedSize": {},
"extractedRootPath": "xyz789",
"extractionProblems": [BlobExtractionProblem]
}
MutationError
NotFoundError
ObjectInstantiationIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
problem - Statement!
|
|
source - Statement!
|
|
propagators - [Statement!]!
|
Example
{
"id": 4,
"stableKey": "xyz789",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "xyz789",
"summary": "abc123",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": false,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "xyz789",
"problem": Statement,
"source": Statement,
"propagators": [Statement]
}
ObsoleteProtocolIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
line - String!
|
Example
{
"id": 4,
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "abc123",
"summary": "abc123",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": false,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "xyz789",
"line": "abc123"
}
OpenSSHDaemonOptionIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
name - String!
|
|
line - String!
|
Example
{
"id": "4",
"stableKey": "xyz789",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "abc123",
"summary": "abc123",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": false,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "xyz789",
"name": "xyz789",
"line": "xyz789"
}
OtherFile
Example
{
"path": "xyz789",
"name": "xyz789",
"firmware": Firmware,
"parentBlob": Blob,
"stableKey": "abc123",
"blobRelativePath": "xyz789",
"multiFile": MultiFile
}
PathFilter
Example
{
"equals": "abc123",
"contains": "abc123",
"startsWith": "abc123",
"parentDirectory": "xyz789",
"caseSensitive": true
}
PathTraversalIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
problem - Statement!
|
|
source - Statement!
|
|
propagators - [Statement!]!
|
Example
{
"id": 4,
"stableKey": "xyz789",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "abc123",
"summary": "xyz789",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": true,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "xyz789",
"problem": Statement,
"source": Statement,
"propagators": [Statement]
}
Permission
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"VIEW_TENANT"
PlaintextCommunicationIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
line - String!
|
Example
{
"id": 4,
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "xyz789",
"summary": "abc123",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": true,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "abc123",
"line": "abc123"
}
PrivateKey
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
key - String!
|
PEM encoded private key |
keySize - Int
|
|
keyType - String
|
|
publicKey - String
|
|
fingerprintMd5 - String
|
|
fingerprintSha256 - String
|
|
file - RegularFile!
|
|
shodanSsHostKeyCount - Int
|
|
certificates - [Certificate!]!
|
Example
{
"id": "4",
"key": "abc123",
"keySize": 987,
"keyType": "abc123",
"publicKey": "abc123",
"fingerprintMd5": "abc123",
"fingerprintSha256": "abc123",
"file": RegularFile,
"shodanSsHostKeyCount": 987,
"certificates": [Certificate]
}
PrivateKeyIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
privateKey - PrivateKey!
|
Example
{
"id": 4,
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "abc123",
"summary": "xyz789",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": false,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "abc123",
"privateKey": PrivateKey
}
PrivilegeEscalationIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
users - [String!]!
|
|
target_users - [String!]!
|
|
hosts - [String!]!
|
|
commands - [String!]!
|
Example
{
"id": 4,
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "xyz789",
"summary": "abc123",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": true,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "abc123",
"users": ["abc123"],
"target_users": ["xyz789"],
"hosts": ["xyz789"],
"commands": ["xyz789"]
}
Processing
Types
| Union Types |
|---|
Example
ProcessingInProgress
ProcessingFailed
ProcessingFinished
Fields
| Field Name | Description |
|---|---|
finishTime - Datetime!
|
Example
{"finishTime": Datetime}
ProcessingInProgress
Fields
| Field Name | Description |
|---|---|
state - State!
|
Example
{"state": "WAITING"}
Product
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
name - String!
|
|
vendor - String!
|
|
category - String
|
|
firmwareTimeline - [FirmwareTimelineItem!]
|
Firmwares ordered by upload time |
Arguments
|
|
productGroups - [ProductGroup!]!
|
|
Example
{
"id": "4",
"name": "xyz789",
"vendor": "abc123",
"category": "abc123",
"firmwareTimeline": [FirmwareTimelineItem],
"productGroups": [ProductGroup]
}
ProductGroup
Description
Users with access to the ProductGroup can add new products to the group.
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
name - String!
|
|
description - String
|
|
products - [Product!]!
|
Example
{
"id": "4",
"name": "abc123",
"description": "abc123",
"products": [Product]
}
ProductGroupCreateInput
ProductGroupDeleteInput
Fields
| Input Field | Description |
|---|---|
id - ID!
|
Example
{"id": 4}
ProductGroupResult
Types
| Union Types |
|---|
Example
ProductGroup
ProductGroupUpdateInput
ProductInput
ProductUpdateInput
Property
PropertyInput
Reference
RegularFile
Description
A file object in a firmware
Fields
| Field Name | Description |
|---|---|
path - String!
|
|
name - String!
|
|
firmware - Firmware!
|
|
parentBlob - Blob
|
|
stableKey - String!
|
|
blobRelativePath - String!
|
|
multiFile - MultiFile
|
|
chunks - [Chunk!]!
|
|
elf - ELFInfo
|
|
category - String!
|
|
magic - String!
|
|
magicMime - String!
|
|
size - BigInt!
|
|
hash - Hash!
|
|
downloadUrl - String!
|
|
downloadDecompiledSourcesUrl - String
|
|
meanEntropy - Float
|
|
entropy - Entropy
|
|
extractionProblems - [FileExtractionProblem!]!
|
|
certificates - [Certificate!]!
|
|
privateKeys - [PrivateKey!]!
|
|
uris - [URI!]!
|
|
uriCount - Int!
|
|
analysisErrors - [FileAnalysisError!]!
|
|
tags - [FileTag!]!
|
Example
{
"path": "xyz789",
"name": "xyz789",
"firmware": Firmware,
"parentBlob": Blob,
"stableKey": "xyz789",
"blobRelativePath": "abc123",
"multiFile": MultiFile,
"chunks": [Chunk],
"elf": ELFInfo,
"category": "abc123",
"magic": "abc123",
"magicMime": "abc123",
"size": {},
"hash": Hash,
"downloadUrl": "xyz789",
"downloadDecompiledSourcesUrl": "abc123",
"meanEntropy": 987.65,
"entropy": Entropy,
"extractionProblems": [FileExtractionProblem],
"certificates": [Certificate],
"privateKeys": [PrivateKey],
"uris": [URI],
"uriCount": 123,
"analysisErrors": [FileAnalysisError],
"tags": ["POTENTIALLY_VULNERABLE"]
}
Report
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
title - String!
|
|
classification - String!
|
|
generatedTime - Datetime!
|
|
reportConfiguration - ReportConfiguration
|
|
firmwares - [Firmware!]!
|
|
downloadUrl - String
|
URL where the report can be donwloaded from, when null report generation is still in progress |
size - Int
|
when null report generation is still in progress |
state - ReportGenerationState!
|
|
links - [ReportLink!]!
|
Example
{
"id": 4,
"title": "abc123",
"classification": "xyz789",
"generatedTime": Datetime,
"reportConfiguration": ReportConfiguration,
"firmwares": [Firmware],
"downloadUrl": "abc123",
"size": 123,
"state": "GENERATING",
"links": [ReportLink]
}
ReportConfiguration
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
name - String!
|
|
issueSeverities - [Severity!]!
|
|
analysisTechniqueDetails - Boolean!
|
Include description on the analysis techniques in the report |
complianceGuidelines - [ComplianceGuideline!]!
|
|
includeComments - Boolean!
|
|
includedStatuses - [Status!]!
|
Include issues/cves with any of these status set |
excludedStatuses - [Status!]!
|
Exclude issues/cves with any of these status set |
Example
{
"id": "4",
"name": "abc123",
"issueSeverities": ["CRITICAL"],
"analysisTechniqueDetails": false,
"complianceGuidelines": [ComplianceGuideline],
"includeComments": true,
"includedStatuses": ["NONE"],
"excludedStatuses": ["NONE"]
}
ReportConfigurationCreateInput
Fields
| Input Field | Description |
|---|---|
name - String!
|
|
issueSeverities - [Severity!]
|
|
analysisTechniqueDetails - Boolean!
|
Include description on the analysis techniques in the report |
complianceGuidelineIds - [ID!]
|
|
includeComments - Boolean!
|
|
status - StatusFilter
|
Example
{
"name": "abc123",
"issueSeverities": ["CRITICAL"],
"analysisTechniqueDetails": true,
"complianceGuidelineIds": [4],
"includeComments": true,
"status": StatusFilter
}
ReportConfigurationDeleteInput
Fields
| Input Field | Description |
|---|---|
id - ID!
|
Example
{"id": "4"}
ReportConfigurationResult
Types
| Union Types |
|---|
Example
ReportConfiguration
ReportConfigurationUpdateInput
Fields
| Input Field | Description |
|---|---|
id - ID!
|
|
name - String
|
|
issueSeverities - [Severity!]
|
|
analysisTechniqueDetails - Boolean
|
Include description on the analysis techniques in the report |
complianceGuidelineIds - [ID!]
|
|
includeComments - Boolean
|
|
status - StatusFilter
|
Example
{
"id": 4,
"name": "xyz789",
"issueSeverities": ["CRITICAL"],
"analysisTechniqueDetails": true,
"complianceGuidelineIds": [4],
"includeComments": true,
"status": StatusFilter
}
ReportFilter
Fields
| Input Field | Description |
|---|---|
state - ReportGenerationState
|
Example
{"state": "GENERATING"}
ReportGenerationState
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"GENERATING"
ReportLink
ReportLinkResult
Types
| Union Types |
|---|
Example
CreatedReportLink
Role
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"ADMIN"
SQLInjectionIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
problem - Statement!
|
|
source - Statement!
|
|
propagators - [Statement!]!
|
Example
{
"id": 4,
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "xyz789",
"summary": "abc123",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": false,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "abc123",
"problem": Statement,
"source": Statement,
"propagators": [Statement]
}
SSVC
Fields
| Field Name | Description |
|---|---|
exploitation - SSVCExploitation!
|
|
automatable - SSVCAutomatable!
|
|
technicalImpact - SSVCTechnicalImpact!
|
|
missionPrevalence - SSVCMissionPrevalence!
|
|
wellBeingImpact - SSVCWellBeingImpact!
|
|
decision - SSVCDecision!
|
This is a calculated field from all of the above |
Example
{
"exploitation": "NONE",
"automatable": "YES",
"technicalImpact": "PARTIAL",
"missionPrevalence": "MINIMAL",
"wellBeingImpact": "MINIMAL",
"decision": "TRACK"
}
SSVCAutomatable
Values
| Enum Value | Description |
|---|---|
|
|
Steps 1-4 of the of the kill chain can be reliably automated. If the vulnerability allows unauthenticated remote code execution (RCE) or command injection, the response is likely yes. |
|
|
Steps 1-4 of the kill chain cannot be reliably automated for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation. Example reasons for why a step may not be reliably automatable include (1) the vulnerable component is not searchable or enumerable on the network, (2) weaponization may require human direction for each target, (3) delivery may require channels that widely deployed network security configurations block (4) exploitation may be frustrated by adequate exploit-prevention techniques enabled by default; ASLR is an example of an exploit-prevention tool. |
Example
"YES"
SSVCDecision
Values
| Enum Value | Description |
|---|---|
|
|
The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines. |
|
|
The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines. |
|
|
The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions include requesting assistance or information about the vulnerability, and may involve publishing a notification either internally and/or externally. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines. |
|
|
The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible. |
Example
"TRACK"
SSVCExploitation
Values
| Enum Value | Description |
|---|---|
|
|
There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability. |
|
|
One of the following cases is true: (1) private evidence of exploitation is attested but not shared; (2) widespread hearsay attests to exploitation; (3) typical public PoC in places such as Metasploit or ExploitDB; or (4) the vulnerability has a well-known method of exploitation. Some examples of condition (4) are open-source web proxies serve as the PoC code for how to exploit any vulnerability in the vein of improper validation of TLS certificates. As another example, Wireshark serves as a PoC for packet replay attacks on ethernet or WiFi networks. |
|
|
Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting |
Example
"NONE"
SSVCMissionPrevalence
Values
| Enum Value | Description |
|---|---|
|
|
Neither support nor essential apply. The vulnerable component may be used within the entities, but it is not used as a mission-essential component nor does it support (enough) mission essential functions. |
|
|
The operation of the vulnerable component merely supports mission essential functions for two or more entities. |
|
|
The vulnerable component directly provides capabilities that constitute at least one Mission Essential Failure (MEF) for at least one entity, and failure may (but need not) lead to overall mission failure. |
Example
"MINIMAL"
SSVCTechnicalImpact
Values
| Enum Value | Description |
|---|---|
|
|
The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control. In this context, "low" means that the attacker cannot reasona-bly make enough attempts to overcome the low chance of each attempt not working. Denial of service is a form of limited control over the behavior of the vulnerable component. |
|
|
The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability. |
Example
"PARTIAL"
SSVCWellBeingImpact
Values
| Enum Value | Description |
|---|---|
|
|
The effect is below the threshold for all aspects described in material. |
|
|
Any one or more of the conditions (Physical, Environmental, Financial, Psychological) hold. "Physical harm" means "Physical distress or injuries for users of the system OR introduces occupational safety hazards OR reduction and/or failure of cyber-physical system's safety margins." "Environment" means "Major externalities (property damage, environmental damage, etc.) imposed on other parties." "Financial" means "Financial losses that likely lead to bankruptcy of multiple persons." "Psychological" means "Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." |
|
|
Any one or more of the following conditions hold. "Physical harm" means "Multiple fatalities likely OR loss or destruction of cyber-physical system of which the vulnerable component is a part." "Environment" means "Extreme or serious externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties." "Financial" means "Social systems (elections, financial grid, etc.) supported by the software are destabilized and potentially collapse." |
Example
"MINIMAL"
ScriptMissingPeerVerificationIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
problem - Statement!
|
Example
{
"id": 4,
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "xyz789",
"summary": "abc123",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": false,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "xyz789",
"problem": Statement
}
ScriptPlaintextCommunicationIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
problem - Statement!
|
Example
{
"id": "4",
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "xyz789",
"summary": "xyz789",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": true,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "xyz789",
"problem": Statement
}
Severity
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"CRITICAL"
SeverityCounts
Sprite
SpriteSheet
Fields
| Field Name | Description |
|---|---|
imageUrl - String!
|
|
sprites - [Sprite!]!
|
Example
{
"imageUrl": "abc123",
"sprites": [Sprite]
}
StackBufferOverflowIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
problem - Statement!
|
|
source - Statement!
|
|
propagators - [Statement!]!
|
Example
{
"id": 4,
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "xyz789",
"summary": "xyz789",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": true,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "xyz789",
"problem": Statement,
"source": Statement,
"propagators": [Statement]
}
StartDangerousServiceIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
name - String!
|
|
line - String!
|
Example
{
"id": 4,
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "xyz789",
"summary": "abc123",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": false,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "xyz789",
"name": "abc123",
"line": "xyz789"
}
State
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"WAITING"
Statement
Status
Values
| Enum Value | Description |
|---|---|
|
|
represents unset status |
|
|
The vulnerability is not specific to the component or service and was falsely identified or associated. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The component or service is not affected by the vulnerability. Justification should be specified for all not_affected cases. |
|
|
The vulnerability is being investigated |
Example
"NONE"
StatusFilter
String
Description
The String scalar type represents textual data, represented as UTF-8 character sequences. The String type is most often used by GraphQL to represent free-form human-readable text.
Example
"abc123"
StringFilter
Example
{
"equals": "xyz789",
"contains": "xyz789",
"startsWith": "abc123",
"caseSensitive": false
}
SupportingFile
Example
{
"id": "4",
"originalFilename": "xyz789",
"mimeType": "abc123",
"size": {},
"sha256": "xyz789",
"downloadUrl": "abc123",
"uploader": "xyz789",
"uploadTime": Datetime
}
Symlink
Example
{
"path": "abc123",
"name": "xyz789",
"firmware": Firmware,
"parentBlob": Blob,
"stableKey": "xyz789",
"blobRelativePath": "abc123",
"multiFile": MultiFile,
"target": "abc123"
}
Tenant
Fields
| Field Name | Description |
|---|---|
name - String!
|
|
activationDate - Date!
|
|
supportContacts - [String!]!
|
Example
{
"name": "xyz789",
"activationDate": "2007-12-03",
"supportContacts": ["xyz789"]
}
TriggerAnalysisResult
Types
| Union Types |
|---|
Example
TriggeredAnalysis
TriggeredAnalysis
Fields
| Field Name | Description |
|---|---|
id - ID!
|
Example
{"id": "4"}
TrustedCAMissmatch
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"RENEWED"
URI
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
uri - String!
|
|
scheme - String!
|
|
hostname - String!
|
|
username - String
|
|
password - String
|
|
ipAddresses - [String!]!
|
|
file - RegularFile!
|
Example
{
"id": 4,
"uri": "abc123",
"scheme": "abc123",
"hostname": "xyz789",
"username": "abc123",
"password": "xyz789",
"ipAddresses": ["xyz789"],
"file": RegularFile
}
UnwantedSoftwareIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
name - String!
|
|
references - [Reference!]!
|
|
description - String!
|
Example
{
"id": "4",
"stableKey": "xyz789",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "abc123",
"summary": "xyz789",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": false,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "xyz789",
"name": "abc123",
"references": [Reference],
"description": "abc123"
}
UpdateCVEStatusInput
UpdateCVEStatusResult
Types
| Union Types |
|---|
Example
CVEMatchesWithUpdatedStatus
UpdateGlobalAnalysisProfileResult
Types
| Union Types |
|---|
Example
AnalysisProfile
UpdateIssueStatusInput
UpdateIssueStatusResult
Types
| Union Types |
|---|
Example
IssuesWithUpdatedStatus
User
Fields
| Field Name | Description |
|---|---|
email - String!
|
|
created - Datetime!
|
|
userGroups - [UserGroup!]!
|
|
roles - [Role!]!
|
Example
{
"email": "abc123",
"created": Datetime,
"userGroups": [UserGroup],
"roles": ["ADMIN"]
}
UserCreateInput
UserDeleteInput
Fields
| Input Field | Description |
|---|---|
email - String!
|
Example
{"email": "xyz789"}
UserGroup
UserGroupCreateInput
UserGroupResult
Types
| Union Types |
|---|
Example
UserGroup
UserGroupUpdateInput
UserResult
Types
| Union Types |
|---|
Example
User
UserUpdateInput
ValidationError
VendorResponse
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Update to a different revision or release. |
|
|
Revert to a previous revision or release. |
|
|
Example
"CAN_NOT_FIX"
VulnerabilityPatternIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
name - String!
|
|
references - [Reference!]!
|
Example
{
"id": 4,
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "xyz789",
"summary": "abc123",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": false,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "abc123",
"name": "abc123",
"references": [Reference]
}
WeakCipherIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
line - String!
|
Example
{
"id": 4,
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "xyz789",
"summary": "xyz789",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": false,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "abc123",
"line": "xyz789"
}
WeakCryptoIssue
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
stableKey - String!
|
|
severity - Severity!
|
|
cvss3 - CVSS3!
|
|
cvss4 - CVSS4!
|
|
confidence - Confidence!
|
|
type - String!
|
Human readable identifier of the issue. |
summary - String!
|
Human readable summary of the issue. |
file - File!
|
|
doc - IssueDoc!
|
|
auditTrail - [AuditRecord!]!
|
|
status - Status!
|
|
isManualStatus - Boolean
|
|
justification - Justification
|
|
vendorResponse - VendorResponse
|
|
ssvc - SSVC
|
|
notes - String
|
|
problem - Statement!
|
Example
{
"id": 4,
"stableKey": "abc123",
"severity": "CRITICAL",
"cvss3": CVSS3,
"cvss4": CVSS4,
"confidence": "HIGH",
"type": "abc123",
"summary": "xyz789",
"file": File,
"doc": IssueDoc,
"auditTrail": [AuditRecord],
"status": "NONE",
"isManualStatus": true,
"justification": "CODE_NOT_PRESENT",
"vendorResponse": "CAN_NOT_FIX",
"ssvc": SSVC,
"notes": "abc123",
"problem": Statement
}