Checkmarx SCA (REST) API - PUT Risk Reports Ignore Vulnerability

Warning

The IgnoreVulnerability and UnignoreVulnerability APIs, which had been used for triaging SCA vulnerabilities, will be deprecated on July 7. They have been replaced by the new Management of Risk API, which supports applying any Checkmarx One state and adding comments. We recommend migrating to the new API well in advance of the July 7 deadline.

Description

Marks a specific vulnerability as “Ignore” (for a specific package and Project). Ignored vulnerabilities aren’t counted towards the number of vulnerabilities identified in the Project.

Method

PUT

Workflow

After creating a Project, running a scan and reviewing the results, if you identify a specific vulnerability that does not pose a risk to your Project, use this API to mark it as Ignored.

URL

US Environment - https://api-sca.checkmarx.net/risk-management/risk-reports/IgnoreVulnerability
EU Environment - https://eu.api-sca.checkmarx.net/risk-management/risk-reports/IgnoreVulnerability

Curl Sample

curl -X PUT " https://api-sca.checkmarx.net/risk-management/risk-reports/IgnoreVulnerability" -H "accept: application/json" -d "{ "ProjectId": "1a73fc26-b7aa-4ecd-1234-d3aebfc1da21", "VulnerabilityId": "CVE-2021-25329", "PackageId": "Yarn-org.apache.tomcat.embed:tomcat-embed-core-8.5.23"}”

Media Type (header)

Authorization: Bearer <access_token>

Accept: application/json

Parameters

Body Parameters - Required

Parameter	Type	Description
ProjectId	string	The unique identifier of the Project.
VulnerabilityId	string	The unique identifier of the vulnerability you would like to mark as “Ignore”.
PackageId	string	The unique identifier of the package where the vulnerability was identified.

Success Response

Code: 204 No Content

There is no body for the success response.

Error Response

In this section: