Vulnerability export API
DETAILS: Tier: Ultimate Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated
Every API call to vulnerability exports must be authenticated.
Create a project-level vulnerability export
Creates a new vulnerability export for a project.
If an authenticated user doesn't have permission to
create a new vulnerability,
this request returns a 403 Forbidden status code.
Vulnerability exports can be only accessed by the export's author.
POST /security/projects/:id/vulnerability_exports| Attribute | Type | Required | Description |
|---|---|---|---|
id |
integer or string | yes | The ID or URL-encoded path of the project which the authenticated user is a member of |
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/security/projects/1/vulnerability_exports"The created vulnerability export is automatically deleted after 1 hour.
Example response:
{
"id": 2,
"created_at": "2020-03-30T09:35:38.746Z",
"project_id": 1,
"group_id": null,
"format": "csv",
"status": "created",
"started_at": null,
"finished_at": null,
"_links": {
"self": "https://gitlab.example.com/api/v4/security/vulnerability_exports/2",
"download": "https://gitlab.example.com/api/v4/security/vulnerability_exports/2/download"
}
}Create a group-level vulnerability export
Creates a new vulnerability export for a group.
If an authenticated user doesn't have permission to
create a new vulnerability,
this request returns a 403 Forbidden status code.
Vulnerability exports can be only accessed by the export's author.
POST /security/groups/:id/vulnerability_exports| Attribute | Type | Required | Description |
|---|---|---|---|
id |
integer or string | yes | The ID or URL-encoded path of the group which the authenticated user is a member of |
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/security/groups/1/vulnerability_exports"The created vulnerability export is automatically deleted after 1 hour.
Example response:
{
"id": 2,
"created_at": "2020-03-30T09:35:38.746Z",
"project_id": null,
"group_id": 1,
"format": "csv",
"status": "created",
"started_at": null,
"finished_at": null,
"_links": {
"self": "https://gitlab.example.com/api/v4/security/vulnerability_exports/2",
"download": "https://gitlab.example.com/api/v4/security/vulnerability_exports/2/download"
}
}Create an instance-level vulnerability export
Creates a new vulnerability export for the projects of the user selected in the Security Dashboard.
POST /security/vulnerability_exportscurl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/security/vulnerability_exports"The created vulnerability export is automatically deleted after one hour.
Example response:
{
"id": 2,
"created_at": "2020-03-30T09:35:38.746Z",
"project_id": null,
"group_id": null,
"format": "csv",
"status": "created",
"started_at": null,
"finished_at": null,
"_links": {
"self": "https://gitlab.example.com/api/v4/security/vulnerability_exports/2",
"download": "https://gitlab.example.com/api/v4/security/vulnerability_exports/2/download"
}
}Get single vulnerability export
Gets a single vulnerability export.
GET /security/vulnerability_exports/:id| Attribute | Type | Required | Description |
|---|---|---|---|
id |
integer or string | yes | The vulnerability export's ID |
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/security/projects/1/vulnerability_exports"
```0
If the vulnerability export isn't finished, the response is `202 Accepted`.
Example response:
```shell
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/security/projects/1/vulnerability_exports"
```1
## Download vulnerability export
Downloads a single vulnerability export.
```shell
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/security/projects/1/vulnerability_exports"
```2
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer or string | yes | The vulnerability export's ID |
```shell
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/security/projects/1/vulnerability_exports"
```3
The response is `404 Not Found` if the vulnerability export is not finished yet or was not found.
Example response:
```shell
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/security/projects/1/vulnerability_exports"
```4