API Enhancements to Support CPE Data

Starting in this release, the Code Insight data library (PDL) now stores the following Common Platform Enumeration (CPE) properties for OSS or third-party components. The PDL retrieves this information directly from the National Vulnerability Database via the Electronic Update.

cpeVendor— The name for the organization that developed the component.
cpeProduct—The product name for the component.

For any custom CPE name properly created in this release and later, Code Insight extracts these properties from the CPE name and stores them in the Vendor and Product columns in the appropriate PDL table.

The following describes enhancements made to the public Code Insight APIs to support this CPE information:

Updates to Existing REST APIs to Support CPE Data
New Java Methods to Support CPE Data
Updates to Existing Java Methods to Support CPE Data

Updates to Existing REST APIs to Support CPE Data

The following REST APIs have been updated to support the new CPE properties.

Resource

API Name

Method

Change

Component

/component/componentData

GET

In addition to the CPE name, the response now lists the CPE vendor and product names for each retrieved component.

Note:The response contains this CPE information whether the summaryOnly parameter is on or off.

/component/componentDataFiltered

GET

Updates include:

Optional filters available to retrieve only components whose CPE data matches a specific CPE vendor or product string (or matches both strings).
The response now lists the CPE name, the CPE vendor name, and the CPE product name for each retrieved component.

Inventory

/project/inventory

GET

Updates include:

Optional filters available to retrieve only inventory associated with components whose CPE data matches a specific CPE vendor or product string (or matches both strings).
The response now lists the CPE name, the CPE vendor name, and the CPE product name for the component associated with each retrieved inventory item.

New Java Methods to Support CPE Data

The following Java methods have been added to support the new CPE properties.

Resource

Method Name

Change

Reference
DataService
Cover

getComponentsByCPEValue

Retrieves only those components whose CPE data matches a specific CPE vendor or product string (or matches both strings).

ProjectData
Cover

getInventoryForProjectByCPE

For a given project, retrieves only inventory associated with components whose CPE data matches a specific CPE vendor or product string (or matches both strings).

Updates to Existing Java Methods to Support CPE Data

The following Java methods have been updated to support the new CPE properties.

Resource

Method Name

Change

Reference
DataServiceCover

getComponent(long componentid)

The response now lists CPE name, CPE vendor name, and CPE product name for the retrieved component.

ComponentResource

getComponentDataFiltered

Updates include:

Optional filters available to retrieve only components whose CPE data matches a specific CPE vendor or product string (or matches both strings).
The response now lists the CPE name, CPE vendor name, and CPE product name for each retrieved component.

ProjectDataCover

getInventoryForProject

The response now lists the CPE name, CPE vendor, and CPE product name for the component associated with each retrieved inventory item.