Mark Vulnerability as False Positive - API

/rest/{version}/vulnerabilities/{vulnId}/setFalsePositive

Descriptor	Value
HTTP Method	POST
Description	Update the specified vulnerability's False Positive status
Required Permission	Update Vulnerability False Positive Status
Version Introduced	2.6
Changes in 2.7.2	Changed required permission from Modify Vulnerabilities to Update Vulnerability False Positive Status
Changes in 2.7.9	Added a parameter 'falsePositive' to control if you set the False Positive status to True or False.
Changes in 2.8	Added vulnerabilityIds parameter to allow for changing of multiple vulnerabilities at once.

Request Header Parameters

Parameter	Value	Required	Description
Accept	String	Yes	A value of ‘application/json’ must be provided.

Request POST Data Parameters

Parameter

Value

Required

Description

falsePositive

Boolean

No

Provide 'true' to mark the vulnerability as False Positive. Provide 'false' to mark the vulnerability as Not False Positive.

Defaults to 'true' if not provided.

vulnerabilityIds

Integer

Yes*

*When used in ThreadFix 2.8 and above.
Provide a vulnerability ID to change the status for that vulnerability. Adding multiple vulnerabilityIds parameters allows
for changing of multiple vulnerabilities at once.

Sample Calls:

Version 2.6 to 2.7.9

curl --insecure -H 'Accept: application/json' -H "Authorization: APIKEY {apiKey}" -X POST --data 'falsePositive=true' http://localhost:8080/threadfix/rest/latest/vulnerabilities/{vulnerabilityId}/setFalsePositive

Version 2.8 and higher

curl --insecure -H 'content-type: application/x-www-form-urlencoded' -H 'accept: application/json' -H 'Authorization: APIKEY {apiKey}' -X POST --data 'falsePositive = true&vulnerabilityIds=16&vulnerabilityIds=17' http://localhost:8080/threadfix/rest/latest/vulnerabilities/setFalsePositive

Sample Output:

{
    "message": "The vulnerability has been successfully set as False Positive.",
    "success": true,
    "responseCode": -1,
    "object": 241
}