API to get all Waivers (Application & Repository)


i have seen in the new Version the possibility, to show all waiver in the new dashboard and to export these waivers as CSV.

Our Security-Team want to load this data over an API with a nightly batch.
Is there a API to get the same data as we get out of the export?

When not, can you create something like this in a future release?
I think everything needed should be there :slightly_smiling_face:


I think you can get what you need with multiple API calls. See the GET for Policy Waiver REST API - v2. You may need to make a call per ownerType.


we have a 4-digit number of projects, which would make querying the waivers of each application very time consuming.
Is there a hard link to the export that would be called from the UI?

1 Like

You don’t have to query per application. The policy waiver rest API allows querying by organization, repository, and repository_container as well.


Perhaps i understand something not right, but the Waivers where made on Application Level. When i try to get the waivers from the API for an organization (ROOT or the specific organization where the appliaction lives) i dont get any entries. Only when i call the API for the specific application i get the entries. But this is not what i want to do. I will call the API once and get every Waiver who was made.

i just started the IQ and saw that he prints out the REST APIs and found the following:

POST /rest/dashboard/export/policyWaivers (com.sonatype.insight.brain.dashboard.DashboardResource)

It seems that there is a API for my need. Is there more information for that API? I saw that it is also possible to set the filter over API.

Greets, Marcus


I misunderstood and thought the organization level queries were recursive. They are not. You would need to make API calls for all of your applications – time consuming indeed for thousands of applications.

A Sonatyper will need to respond to your query about the policy waivers export API you mentioned as I don’t see any documentation for it.

I digging a bit deeper…


When i call this API and put the CSRF Token in header, i get the following reponse:

"Entity is empty."

Do i have to set some filter criterion first?