componentIdentifier null in policyViolation api
I have been requesting data from the above api with success, but the reason I am trying to use this api is to get application name and component name from the response of this api call to simulate the manual work I have been doing with the spreadsheet you get when you click the “Export Violations Data” on the upper right of the dashboard of nexus iq gui interface. That spreadsheet has a component name (artifactId) column that seems to correspond to the maven coordinates (groupId, artifactId, version) you get from the componentIdentifier which is part of the response when using the policyViolations api.
HOWEVER in the api response I see some of the data has a null value for componentIdentifier value. So there are rows in the spreadsheet with a component name that seem to correspond to a record in the response of the api where componentName is not null in the spreadsheet and where componentIdentifier is null in api.
I am studying the response to make sure I am not mis-matching the api data with the rows in the spreadsheet. I have also tried using the componentDetails api () to get more information. The details api does not show anything corresponding to componentName either.
Has anyone had any problem similar to this?

Hi this is the forum for the repository manager, you’d need to ask in the IQ forum.

1 Like

Moving to the IQ category for visibility!

1 Like

I am new to this forum…do I need to do anything or look anywhere new now that you have moved this topic?

You are right where you need to be! From the main page of this forum, you can click on this category to find your post.

1 Like

thank you for your help Maura!! :slight_smile:

1 Like

OK. I have learned several things about the data returned by the policy violation api in sonatype:

  1. although the package url and the component identifier are null, there is always a hash.
  2. This hash is the first 20 characters of the sha1 hash you would find in nexus maven repo for the jar in question.
  3. jar’s, poms, source jars, etc, are all called components which are stored in a maven repo.

There are other apis besides the component details api in sonatype that use this truncated hash as a key…they are:

  • Component Evaluation REST APIs
  • Component Claim REST API
  • Component Search REST APIs
  • Component Remediation REST API

I am going to see if any of these already contains this name. Otherwise I guess might need to do a query against the nexus maven repo to initially get the 20-character prefix that we are searching for. Man I really hope one of these apis shows the name of the component.