API to get all Waivers (Application & Repository)

m588 · January 20, 2023, 1:18pm

Hi,

i have seen in the new Version the possibility, to show all waiver in the new dashboard and to export these waivers as CSV.

Our Security-Team want to load this data over an API with a nightly batch.
Is there a API to get the same data as we get out of the export?

When not, can you create something like this in a future release?
I think everything needed should be there

Greets,
Marcus

jeff.wise · January 20, 2023, 5:07pm

I think you can get what you need with multiple API calls. See the GET for Policy Waiver REST API - v2. You may need to make a call per ownerType.

m588 · January 23, 2023, 10:18am

Hi,

we have a 4-digit number of projects, which would make querying the waivers of each application very time consuming.
Is there a hard link to the export that would be called from the UI?

jeff.wise · January 23, 2023, 3:35pm

You don’t have to query per application. The policy waiver rest API allows querying by organization, repository, and repository_container as well.

m588 · February 3, 2023, 12:30pm

Perhaps i understand something not right, but the Waivers where made on Application Level. When i try to get the waivers from the API for an organization (ROOT or the specific organization where the appliaction lives) i dont get any entries. Only when i call the API for the specific application i get the entries. But this is not what i want to do. I will call the API once and get every Waiver who was made.

EDIT:
i just started the IQ and saw that he prints out the REST APIs and found the following:

POST /rest/dashboard/export/policyWaivers (com.sonatype.insight.brain.dashboard.DashboardResource)

It seems that there is a API for my need. Is there more information for that API? I saw that it is also possible to set the filter over API.

Greets, Marcus

jeff.wise · February 6, 2023, 4:15pm

@m588,

I misunderstood and thought the organization level queries were recursive. They are not. You would need to make API calls for all of your applications – time consuming indeed for thousands of applications.

A Sonatyper will need to respond to your query about the policy waivers export API you mentioned as I don’t see any documentation for it.

m588 · February 7, 2023, 11:47am

I digging a bit deeper…

https://{HOST}/iq/rest/dashboard/export/policyWaivers

When i call this API and put the CSRF Token in header, i get the following reponse:

"Entity is empty."

Do i have to set some filter criterion first?