- BuildMaster
- Getting Started with BuildMaster
- Builds and Continuous Integration
- What is a "Build" in BuildMaster?
- Git and Source Control
- Git Pipelines and Workflows
- Build Scripts & Templates
- Packages & Dependencies
- Build Artifacts
- Automated Testing & Verification
- Deployment & Continuous Delivery
- What is a “Pipeline” in BuildMaster?
- CI Server (Jenkins, TeamCity, etc.) Integration
- Deployment Scripts & Templates
- Automatic Checks & Approval Gates
- Manual Deployment Steps and Tasks
- Databases
- Configuration Files
- Rollbacks
- Advanced CD Patterns
- Applications & Releases
- Connecting to your Servers with BuildMaster
- Scripting in BuildMaster
- Configuring for Your Team
- Docker/Containers
- Development Platforms
- Deployment Targets
- Tools & Service Integrations
- Reference
- BuildMaster API Endpoints & Methods
- Extending BuildMaster
- Built-in Functions & Variables
- Applications
- Builds
- Configuration Files
- Containers
- Credentials
- Databases
- Deployables
- Environments
- Executions
- Files
- General
- JSON
- Linux
- Lists
- Maps
- Math
- Nuget
- Packages
- Pipelines
- PowerShell
- Python
- Releases
- Servers
- Strings
- XML
- Built-in Operations
- Batch
- BuildMaster
- Configuration Files
- Databases
- DotNet
- Files
- Firewall
- General
- Apply-Template
- Attach Package
- Build
- Checkout-Code
- Close-Issue
- Concatenate-Files
- Copy-Files
- Create-Directory
- Create-File
- Create-Issue
- Create-Issue
- Create-IssueComment
- Create-Package
- Create-ZipFile
- Delete-Files
- Download-Asset
- Download-Http
- Ensure-Directory
- Ensure-File
- Ensure-HostsEntry
- Ensure-Metadata
- Ensure-Milestone
- Ensure-Package
- Ensure-Release
- Ensure-Tag
- Exec
- Execute Python Script
- Execute VSTest Tests
- Get-Http
- Install-Package
- OSCall
- OSExec
- Post-Http
- Push-PackageFile
- PYCall
- PYEnsure
- Query-Package
- Remediate-Drift
- Rename-File
- Repackage
- Replace-Text
- Send-Email
- Set-FileAttributes
- Set-Variable
- SHEnsure
- Sleep
- Transfer-Files
- Transition-Issues
- Upload-Assets
- Upload-Http
- Upload-ReleaseAssets
- Git
- IIS
- Nuget
- PowerShell
- ProGet
- Python
- Registry
- Servers
- Services
- Shell
- Windows
- Administration
- Installation & Upgrading
- ProGet
- Getting Started with ProGet
- Packages: Managing & Tracking
- Feeds Types & Third-Party Packages
- What is a "Feed" in ProGet?
- What is a "Connector" in ProGet?
- NuGet (.NET)
- Universal Feeds & Packages
- PowerShell
- Chocolatey (Windows/Machine)
- RubyGems (ruby)
- Visual Studio Extension (.vsix)
- Maven (Java)
- npm (Node.js)
- Bower (JavaScript)
- Debian (Apt)
- Helm (Kubernetes)
- PyPI (Python)
- Conda (Python)
- RPM (Yum)
- Alpine (APK)
- CRAN (R)
- pub (Dart/Flutter)
- Cargo (Rust)
- Terraform Modules
- Conan (C++)
- Other Feed Types
- Asset Directories & File Storage
- Docker and Containers
- Replication & Feed Mirroring
- Software Composition Analysis (SCA)
- Security and Access Controls
- Cloud Storage (Amazon S3, Azure Blob)
- Administration
- Installation & Upgrading
- API Endpoints & Methods
- Otter
- Getting Started with Otter
- Orchestration & Server Automation
- Connecting to your Servers with Otter
- Collecting & Verifying Configuration
- Drift Remediation / Configuration as Code
- Scripting in Otter
- Configuring for Your Team
- Installation & Upgrading
- Administration & Maintenance
- Reference
- Otter API Reference
- OtterScript Reference
- Built-in Functions & Variables
- Executions
- Files
- General
- JSON
- Linux
- Lists
- Maps
- Math
- PowerShell
- Python
- Servers
- Strings
- XML
- Built-in Operations
- Batch
- Docker
- DotNet
- Files
- Firewall
- General
- Apply-Template
- Collect Debian Packages
- Collect RPM Packages
- Collect-InstalledPackages
- Concatenate-Files
- Copy-Files
- Create-Directory
- Create-File
- Create-Package
- Create-ZipFile
- Delete-Files
- Download-Asset
- Download-Http
- Ensure-Directory
- Ensure-File
- Ensure-HostsEntry
- Ensure-Metadata
- Ensure-Package
- Exec
- Execute Python Script
- Get-Http
- Install-Package
- OSCall
- OSExec
- Post-Http
- Push-PackageFile
- PYCall
- PYEnsure
- Query-Package
- Remediate-Drift
- Rename-File
- Repackage
- Replace-Text
- Send-Email
- Set-FileAttributes
- Set-Variable
- SHEnsure
- Sleep
- Transfer-Files
- Upload-Assets
- Upload-Http
- IIS
- Otter
- PowerShell
- ProGet
- Python
- Registry
- Servers
- Services
- Shell
- Windows
- Installation & Maintenance
- Windows (Inedo Hub)
- What is the Inedo Hub?
- Configuring & Maintaining Inedo Products
- Offline Installation (no Internet access)
- HOWTO: Install on Windows
- HOWTO: Upgrade or Downgrade with the Inedo Hub
- HOWTO: Install Pre-release Product Versions
- HOWTO: Configure Your Inedo Product to Run As a Windows Domain Account
- Silent/Automated Installation Guide
- Legacy (Traditional) Installer
- Linux (Docker)
- Manual Installation
- High Availability & Load Balancing
- LDAP/AD Integration
- IIS & Web Hosting on Windows
- Logging & Analytics
- SAML Authentication
- Upgrading your Inedo Product
- Managing Agents and Servers
- Backing Up & Restoring
- Installation Configuration Files
- SQL Server & Inedo Products
- Windows (Inedo Hub)
- Inedo Agent
- What is the Inedo Agent?
- Installation & Upgrading
- Downloads & Release Notes
- Maintenance & Configuration
- Internal Architecture
- MyInedo
- OtterScript (Execution Engine)
- Reference
- OtterScript
- Inedo Execution Engine
- Operations & Functions
- Text Templating
- Resource Pools
- Runtime Variables
- Advanced Scenarios & Features
- Statements and Blocks
- Romp (Discontinued)
- Using Romp
- Installing, Configuring, and Maintaining
- Romp CLI Reference
- Package Layout
- Downloads & Source Code
- Extensibility
- Inedo SDK
Assess Vulnerabilities
Assess Vulnerabilities is available as both a pgutil
command and an HTTP Request, and will assess a vulnerability according to the specified query arguments.
This example will assess the vulnerability PGV-1234567
as blocked
:
pgutil vulns assess --id=PGV-1234567 --type=blocked
Command Specification (CLI)
The vulns assess
command is used to assess a vulnerability.
The --id
, and --type
options are always required.
Assessing a vulnerability requires the vulnerability id (e.g. PGV-1234567
) and assessment type (e.g. blocked
):
pgutil vulns assess --id=PGV-1234567 --type=blocked --comment="Package non-compliant" --policy=myPolicy
HTTP Request Specification
If you disallow anonymous access to your feed, you will need to create an API Key that grants access to the Feed API. You will need to include that key as a header named X-ApiKey
and set its value to that API key.
For example, to authenticate with the API key abc12345
to this endpoint, you could specify the API key as follows:
curl -X POST -H "X-ApiKey: abc12345" https://proget.corp.local/api/sca/assess
To assess a vulnerability, simply POST
to the URL with a vulnerability id
, assessment type
, comment
and policy
parameters, and an appropriate API Key.
POST api/sca/assess[?id=«vulnerability-id»][&type=«assessment-type»][&comment=«comment»][&policy=«policy-name»]
Note that the comment
and policy
parameters are optional.
HTTP Response Specification
Response | Details |
---|---|
200 (Success) | the vulnerability was assessed |
400 (Invalid Input) | indicates invalid or missing properties in the request; the body will provide some details as text |
403 (Unauthorized API Key) | indicates a missing, unknown, or unauthorized API Key; the body will be empty |