As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.

Mark Vulnerability as False Positive - API

/rest/{version}/vulnerabilities/{vulnId}/setFalsePositive

Descriptor

Value

HTTP Method

POST

Description

Update the specified vulnerability's False Positive status

Required Permission

Update Vulnerability False Positive Status

Version Introduced2.6
Changes in 2.7.2Changed required permission from Modify Vulnerabilities to Update Vulnerability False Positive Status
Changes in 2.7.9Added a parameter 'falsePositive' to control if you set the False Positive status to True or False.
Changes in 2.8Added vulnerabilityIds parameter to allow for changing of multiple vulnerabilities at once.


Request Header Parameters

Parameter

Value

Required

Description

Accept

String

Yes

A value of ‘application/json’ must be provided.

Request POST Data Parameters

Parameter

Value

Required

Description

falsePositive

Boolean

No

Provide 'true' to mark the vulnerability as False Positive.  Provide 'false' to mark the vulnerability as Not False Positive.

Defaults to 'true' if not provided.

vulnerabilityIdsIntegerYes**When used in ThreadFix 2.8 and above.
Provide a vulnerability ID to change the status for that vulnerability. Adding multiple vulnerabilityIds parameters allows
for changing of multiple vulnerabilities at once. 

Sample Calls: 

Version 2.6 to 2.7.9

curl --insecure -H 'Accept: application/json' -H "Authorization: APIKEY {apiKey}" -X POST --data 'falsePositive=true' http://localhost:8080/threadfix/rest/latest/vulnerabilities/{vulnerabilityId}/setFalsePositive

Version 2.8 and higher

curl --insecure -H 'content-type: application/x-www-form-urlencoded' -H 'accept: application/json' -H 'Authorization: APIKEY {apiKey}' -X POST --data 'falsePositive = true&vulnerabilityIds=16&vulnerabilityIds=17' http://localhost:8080/threadfix/rest/latest/vulnerabilities/setFalsePositive

Sample Output:


{
    "message": "The vulnerability has been successfully set as False Positive.",
    "success": true,
    "responseCode": -1,
    "object": 241
}

www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.