Mark Vulnerability as Verified - API

/rest/{version}/vulnerabilities/{vulnId}/setVerified

Descriptor	Value
HTTP Method	POST
Description	Update the specified vulnerability's Verified status
Required Permission	Update Vulnerability Verified Status
Version Introduced	2.7.2
Changes in 2.7.9	Added a parameter 'verified' to control if you set the Verified status to True or False.
Changes in 2.8	Added vulnerabilityIds parameter to allow for changing of multiple vulnerabilities at once.

Request Header Parameters

Parameter	Value	Required	Description
Accept	String	Yes	A value of ‘application/json’ must be provided.

Request POST Data Parameters

Parameter

Value

Required

Description

verified

Boolean

No

Provide 'true' to mark the vulnerability as Verified. Provide 'false' to mark the vulnerability as Not Verified.

Defaults to 'true' if not provided.

vulnerabilityIds

Integer

Yes*

*When used in ThreadFix 2.8 and above.
Provide a vulnerability ID to change the status for that vulnerability. Adding multiple vulnerabilityIds parameters allows
for changing of multiple vulnerabilities at once.

Sample Calls:

Version 2.7.2 to 2.7.9

curl --insecure -H 'Accept: application/json' -H "Authorization: APIKEY {apiKey}" -X POST --data 'verified=true' http://localhost:8080/threadfix/rest/latest/vulnerabilities/{vulnerabilityId}/setVerified

Version 2.8 and higher

curl --insecure -H 'content-type: application/x-www-form-urlencoded' -H 'accept: application/json' -H 'Authorization: APIKEY {apiKey}' -X POST --data 'verified=true&vulnerabilityIds=16&vulnerabilityIds=17' http://localhost:8080/threadfix/rest/latest/vulnerabilities/setVerified

Sample Output:

{
    "message": "The vulnerability has been successfully set as verified.",
    "success": true,
    "responseCode": -1,
    "object": 241
}