Mark Vulnerability as Contested - API

/rest/{version}/vulnerabilities/{vulnId}/setContested

Descriptor	Value
HTTP Method	POST
Description	Update the specified vulnerability's Contested status
Required Permission	Update Vulnerability Contested Status
Version Introduced	2.7.2
Changes in 2.7.9	Added a parameter 'contested' to control if you set the Contested status to True or False.
Changes in 2.8	Added vulnerabilityIds parameter to allow for changing of multiple vulnerabilities at once.

Request Header Parameters

Parameter	Value	Required	Description
Accept	String	Yes	A value of ‘application/json’ must be provided.

Request POST Data Parameters

Parameter

Value

Required

Description

contested

Boolean

No

Provide 'true' to mark the vulnerability as Contested. Provide 'false' to mark the vulnerability as Not Contested.

Defaults to 'true' if not provided.

vulnerabilityIds

Integer

Yes*

*When used in ThreadFix 2.8 and above.
Provide a vulnerability ID to change the status for that vulnerability. Adding multiple vulnerabilityIds parameters allows
for changing of multiple vulnerabilities at once.

Sample Calls:

Version 2.7.2 to 2.7.9

curl --insecure -H 'Accept: application/json' -H "Authorization: APIKEY {apiKey}" -X POST --data 'contested=true' http://localhost:8080/threadfix/rest/latest/vulnerabilities/{vulnerabilityId}/setContested

Version 2.8 and higher

curl --insecure -H 'content-type: application/x-www-form-urlencoded' -H 'accept: application/json' -H 'Authorization: APIKEY {API KEY}' -X POST --data 'contested=true&vulnerabilityIds=16&vulnerabilityIds=17' http://localhost:8080/threadfix/rest/latest/vulnerabilities/setContested

Sample Output:

{
    "message": "The vulnerability has been successfully set as contested.",
    "success": true,
    "responseCode": -1,
    "object": 241
}