As we reach the end of September 2024, ThreadFix version 3.x on-premises has officially reached its End-of-Life. Therefore, there is no longer support or updates for this version of the product. We have fully transitioned our product and development teams to focus ThreadFix SaaS and migrating all customers over from the on-premises versions. Our Customer Success and Support teams are here to help you in migrating to ThreadFix SaaS and maximizing the value you see from this improved offering from Coalfire. This is the next phase of ThreadFix and our team is looking forward to continuing to support you on this journey.

Mark Vulnerability as False Positive 3.0 - API

Owned by Daniel Colon
Last updated: Sept 16, 2021
1 min read

/rest/{version}/vulnerabilities/{vulnId}/setFalsePositive

Descriptor

Value

Descriptor

Value

HTTP Method

POST

Description

Update the specified vulnerability's False Positive status

Required Permission

Update Vulnerability False Positive Status

Version Introduced

2.6

Changes in 2.7.2

Changed required permission from Modify Vulnerabilities to Update Vulnerability False Positive Status

Changes in 2.7.9

Added a parameter 'falsePositive' to control if the user set the False Positive status to True or False.

Changes in 2.8

Added vulnerabilityIds parameter to allow for changing of multiple vulnerabilities at once.

Request Header Parameters

Parameter

Value

Required

Description

Parameter

Value

Required

Description

Accept

String

Yes

A value of ‘application/json’ must be provided.

Request POST Data Parameters

Parameter

Value

Required

Description

Parameter

Value

Required

Description

falsePositive

Boolean

No

Provide 'true' to mark the vulnerability as False Positive. Provide 'false' to mark the vulnerability as Not False Positive.

Defaults to 'true' if not provided.

vulnerabilityIds

Integer

Yes*

*When used in ThreadFix 2.8 and above.
Provide a vulnerability ID to change the status for that vulnerability. Adding multiple vulnerabilityIds parameters allows for changing of multiple vulnerabilities at once. 

Sample Calls: 

Version 2.6 to 2.7.9

curl --insecure -H 'Accept: application/json' -H "Authorization: APIKEY {apiKey}" -X POST --data 'falsePositive=true' http://localhost:8080/threadfix/rest/latest/vulnerabilities/{vulnerabilityId}/setFalsePositive

Version 2.8 and higher

curl --insecure -H 'content-type: application/x-www-form-urlencoded' -H 'accept: application/json' -H 'Authorization: APIKEY {apiKey}' -X POST --data 'falsePositive = true&vulnerabilityIds=16&vulnerabilityIds=17' http://localhost:8080/threadfix/rest/latest/vulnerabilities/setFalsePositive

Sample Output:

{ "message": "The vulnerability has been successfully set as False Positive.", "success": true, "responseCode": -1, "object": 241 }



www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.