Updates to Existing APIs

The following section describes updates that have occurred to existing APIs in this release.

Updates to Existing APIs

Resource

API Name/Endpoint

Method

Function Change Description

Component

Get Component

/components/{componentId}

GET

The response now includes the externalId property for a given license of a component version. This property shows the ID to which the license is mapped in an external system (such as your site’s license-tracking system).

For more information, see License Mapping to External IDs.

Inventory

Get details of an inventory

/inventories/{inventoryId}

GET

The response now includes the externalId property for a given inventory license (selected or possible). This property shows the ID to which the license is mapped in an external system (such as your site’s license-tracking system).

For more information, see License Mapping to External IDs.

Jobs

Get job details based on filters

/jobs

GET

The jobType filter in the request now supports the new Export to SBOM Insights and Update Notices job types, enabling you to filter the response to these jobs.

License

Create a custom license

/licenses

POST

The request now includes the externalId property, enabling you to map the license being created to a corresponding ID in an external system (such as your site’s own license-tracking system). The externalId property requires a string value.

For more information, see License Mapping to External IDs.

License Lookup

/license/lookup

GET

The response now includes the externalId property for a given license. This property shows the ID to which the license is mapped in an external system (such as your site’s license-tracking system).

For more information, see License Mapping to External IDs.

License lookup based on a short name

/licenses/{shortName}

Project API

Get Project Inventory

/project/inventory/{projectId}

GET

The request includes a new filter includeFiles, which, when set to false, can improve the performance of this API when a large number of files are associated with project inventory.

Note:This option can improve the performance of custom reports that call this API, such as the custom Project Vulnerability report available with Code Insight. For more information, see Performance Improvement for the Project Vulnerability Report.

Also, the response now includes the externalId property for a given inventory license. This property shows the ID to which the license is mapped in an external system (such as your site’s license-tracking system). For more information, see License Mapping to External IDs.

Rules

Create Rule

/rules

Post

These APIs have been updated to support the option of using file or folder paths instead of MD5 values as criteria for detecting components based on the files associated with them. The fileInfo section (for the MD5 criteria) and the ruleInfo section (for file-path criteria) are mutually exclusive. For more information, see Custom Detection Rules Based on File Paths.

Update Rule

/rules

Put

Get Rule by Id

/rules/{ruleId}

Get Rule by ID

sourceCode
Management

scminstances

/scminstances

GET

As in previous releases, the response shows the properties used to connect to the different codebase repositories (across one or all SCM instances) to synchronize them to the Scan Server. The set of connection properties for each repository URL is listed in a separate “property block” (which includes the instanceID for the SCM instance in which the repository’s connection properties are configured).

The slight difference in the response is that now repository URLs whose connection properties are configured within the same SCM Git instance will each have the same the instanceID value. This change supports the new feature Support for Multiple Repository URLs in a Single Git Instance.

Additionally, if any URL in a Git SCM instance is defined with more than one delimiter (branch, tag, or commit ID), an error message similar to the following is displayed with status code 400. The message lists the URLs with the multiple delimited elements:

{

"errors": [

{

"param": "[scmType: GIT; instanceId: 0; URL:
https://github.com/sbnl/TestPublicRepo.git
~~master>>commit123, scmType: GIT;
instanceId: 0; URL: https://github.com/
test/newtest^^tag123~~branchname]",
"message": "Branch, Tag, Commit ID are
mutually exclusive."

}

]

}

 

scminstances

/scminstances

POST

The following revised or new error messages are displayed when a connection test for an SCM instance is unsuccessful.

Testing Connections in an SCM Git Instance

Previously, when the connection test for a given SCM Git instance was unsuccessful, an error message (with the status code 400) was displayed, stating that an error occurred connecting to the repository and that the connection properties needed to be checked. Now the following message (with the same status code) is displayed, identifying the one or more repository URLs to which Code Insight cannot connect. Multiple repositories are separated with commas. (The id value is the SCM instance ID.)

{

"errors": [

{

"id": 0,

"message": "Test connection failed for the
following URLs: https://github.com/sbansal/
TestPublicRepo.git, https://github.com/
test/newtest"

}

]

}

Testing the Connection in an SCM TFS Instance

If users attempt to test a TFS instance connection when no TFS client is installed, the following error message is now displayed:

{

"errors": [

{

"id": 0,

"message":"com.palamida.plugin.prescan.api.
PrescanPluginException: TFS client is not
configured on scan server. Cannot run program
\"tf\" (in directory \".\"):error=2, No such
file or directory"

}

]

}

 

Git scmInstances

/scminstances/Git

POST

The url property in the request to create an SCM Git instance now allows up to 50 comma-separated URLs. Additionally, you can add a single delimiter to the end of individual URLs to indicate a specific part of the repository with which to synchronize:

To synchronize with a branch of the repository, add the branch name, using ~~ before the name.
To synchronize with a commit version of the repository, add the commit ID, using >> before the ID.
To synchronize with a tagged part of the repository, add the tag name, using ^^ before the name.

The following URL example specifies a specific branch of the repository with which to synchronize:

https://github.com/scaqaadmin/testgit_fnci.git~~dev-branch1

If only one URL is specified in the url field, you can alternatively specify the delimiter for the branch, commitID, or tag property in the request body. If multiple URLs are listed, a value specified for any of these properties is ignored.

Validation of the URLs (including proper use of any delimiters) is performed during the connection test (POST scmInstances) or during synchronization.

PUT

The update process of an SCM Git instance includes the same enhancements described previously for the POST Git scmInstances API. Ensure that you include the entire instance definition in the request body when making the updates. If the url property in the original instance definition includes multiple URLs, the url property in request body for the update must include all these URLs (except for those you are removing), even if you have not updated them.