As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.
Mark Vulnerability as False Positive - API
/rest/{version}/vulnerabilities/{vulnId}/setFalsePositive
Descriptor | Value |
---|---|
HTTP Method | POST |
Description | Update the specified vulnerability's False Positive status |
Required Permission | Update Vulnerability False Positive Status |
Version Introduced | 2.6 |
Changes in 2.7.2 | Changed required permission from Modify Vulnerabilities to Update Vulnerability False Positive Status |
Changes in 2.7.9 | Added a parameter 'falsePositive' to control if you set the False Positive status to True or False. |
Changes in 2.8 | Added vulnerabilityIds parameter to allow for changing of multiple vulnerabilities at once. |
Request Header Parameters
Parameter | Value | Required | Description |
---|---|---|---|
Accept | String | Yes | A value of ‘application/json’ must be provided. |
Request POST Data Parameters
Parameter | Value | Required | Description |
---|---|---|---|
falsePositive | Boolean | No | Provide 'true' to mark the vulnerability as False Positive. Provide 'false' to mark the vulnerability as Not False Positive. Defaults to 'true' if not provided. |
vulnerabilityIds | Integer | Yes* | *When used in ThreadFix 2.8 and above. Provide a vulnerability ID to change the status for that vulnerability. Adding multiple vulnerabilityIds parameters allows for changing of multiple vulnerabilities at once. |
Sample Calls:
Version 2.6 to 2.7.9
curl --insecure -H 'Accept: application/json' -H "Authorization: APIKEY {apiKey}" -X POST --data 'falsePositive=true' http://localhost:8080/threadfix/rest/latest/vulnerabilities/{vulnerabilityId}/setFalsePositive
Version 2.8 and higher
curl --insecure -H 'content-type: application/x-www-form-urlencoded' -H 'accept: application/json' -H 'Authorization: APIKEY {apiKey}' -X POST --data 'falsePositive = true&vulnerabilityIds=16&vulnerabilityIds=17' http://localhost:8080/threadfix/rest/latest/vulnerabilities/setFalsePositive
Sample Output:
{ "message": "The vulnerability has been successfully set as False Positive.", "success": true, "responseCode": -1, "object": 241 }
www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.
This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.