Nexus API: Finding Components With Vulnerabilities


I’m wondering about the API capabilities of finding components with vulnerabilities in Nexus OOS.

My use case is to create a Grafana dashboard which lists the number of components in each repository, and then the number of components with vulnerabilities ranging through “moderate”, “severe” and “critical”.

I want to build from there, but that will just be the starting point.

I can use the API to cycle through every component in a repo, however on examination of the single component response on the API, testing with one that shows as having an OSS vulnerability in the GUI, nothing shows that information or equivalency in the API response.

This is the same for both the Component API call and the Asset API call.

Does anyone know if there is a way around this? Or is this a know limitation on the Nexus free tier?

And if it is a limitation on Free Tier, would I be able to get that functionality in Nexus Pro?

Any help or advice would be greatly appreciated.

Kind Regards

Nexus Pro doesn’t provide an API for this either. What you really want is some form of Nexus Lifecycle or Nexus Firewall.