From f0f083876f3679e56c812691bbef2c07e2dfeaba Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Thu, 11 Dec 2025 07:35:55 +0000 Subject: [PATCH] fix(openapi): sync with openapi definition --- openapi.json | 400 +++++++++++++++++++++++++++++++++++++++++++++++++ types/api.d.ts | 178 ++++++++++++++++++++++ 2 files changed, 578 insertions(+) diff --git a/openapi.json b/openapi.json index 7487c568..764a2eca 100644 --- a/openapi.json +++ b/openapi.json @@ -1004,6 +1004,67 @@ "version" ] }, + "OpenVEXDocumentSchema": { + "type": "object", + "additionalProperties": false, + "properties": { + "@context": { + "type": "string", + "description": "", + "default": "https://openvex.dev/ns/v0.2.0" + }, + "@id": { + "type": "string", + "description": "", + "default": "" + }, + "author": { + "type": "string", + "description": "", + "default": "Socket Security" + }, + "timestamp": { + "type": "string", + "description": "", + "default": "" + }, + "version": { + "type": "number", + "description": "", + "default": 1 + }, + "statements": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OpenVEXStatementSchema" + }, + "description": "" + }, + "role": { + "type": "string", + "description": "", + "default": "VEX Generator" + }, + "last_updated": { + "type": "string", + "description": "", + "default": "" + }, + "tooling": { + "type": "string", + "description": "", + "default": "Socket Security VEX Generator" + } + }, + "required": [ + "@context", + "@id", + "author", + "statements", + "timestamp", + "version" + ] + }, "SPDXManifestSchema": { "type": "object", "additionalProperties": false, @@ -2562,6 +2623,82 @@ "version" ] }, + "OpenVEXStatementSchema": { + "type": "object", + "additionalProperties": false, + "properties": { + "vulnerability": { + "$ref": "#/components/schemas/OpenVEXVulnerabilitySchema" + }, + "products": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OpenVEXProductSchema" + }, + "description": "" + }, + "status": { + "type": "string", + "description": "", + "default": "affected" + }, + "@id": { + "type": "string", + "description": "", + "default": "" + }, + "version": { + "type": "number", + "description": "", + "default": 0 + }, + "timestamp": { + "type": "string", + "description": "", + "default": "" + }, + "last_updated": { + "type": "string", + "description": "", + "default": "" + }, + "supplier": { + "type": "string", + "description": "", + "default": "" + }, + "status_notes": { + "type": "string", + "description": "", + "default": "" + }, + "justification": { + "type": "string", + "description": "", + "default": "" + }, + "impact_statement": { + "type": "string", + "description": "", + "default": "" + }, + "action_statement": { + "type": "string", + "description": "", + "default": "" + }, + "action_statement_timestamp": { + "type": "string", + "description": "", + "default": "" + } + }, + "required": [ + "products", + "status", + "vulnerability" + ] + }, "LicenseAllowListElabbed": { "type": "object", "additionalProperties": false, @@ -9896,6 +10033,66 @@ "type" ] }, + "OpenVEXVulnerabilitySchema": { + "type": "object", + "additionalProperties": false, + "properties": { + "name": { + "type": "string", + "description": "", + "default": "" + }, + "@id": { + "type": "string", + "description": "", + "default": "" + }, + "description": { + "type": "string", + "description": "", + "default": "" + }, + "aliases": { + "type": "array", + "items": { + "type": "string", + "description": "", + "default": "" + }, + "description": "" + } + }, + "required": [ + "name" + ] + }, + "OpenVEXProductSchema": { + "type": "object", + "additionalProperties": false, + "properties": { + "@id": { + "type": "string", + "description": "", + "default": "" + }, + "identifiers": { + "$ref": "#/components/schemas/OpenVEXIdentifiersSchema" + }, + "hashes": { + "$ref": "#/components/schemas/OpenVEXHashesSchema" + }, + "subcomponents": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OpenVEXComponentSchema" + }, + "description": "" + } + }, + "required": [ + "@id" + ] + }, "SocketIssueBasics": { "type": "object", "additionalProperties": false, @@ -10055,6 +10252,112 @@ "type" ] }, + "OpenVEXIdentifiersSchema": { + "type": "object", + "additionalProperties": false, + "properties": { + "purl": { + "type": "string", + "description": "", + "default": "" + }, + "cpe23": { + "type": "string", + "description": "", + "default": "" + }, + "cpe22": { + "type": "string", + "description": "", + "default": "" + } + }, + "description": "" + }, + "OpenVEXHashesSchema": { + "type": "object", + "additionalProperties": false, + "properties": { + "md5": { + "type": "string", + "description": "", + "default": "" + }, + "sha1": { + "type": "string", + "description": "", + "default": "" + }, + "sha-256": { + "type": "string", + "description": "", + "default": "" + }, + "sha-384": { + "type": "string", + "description": "", + "default": "" + }, + "sha-512": { + "type": "string", + "description": "", + "default": "" + }, + "sha3-224": { + "type": "string", + "description": "", + "default": "" + }, + "sha3-256": { + "type": "string", + "description": "", + "default": "" + }, + "sha3-384": { + "type": "string", + "description": "", + "default": "" + }, + "sha3-512": { + "type": "string", + "description": "", + "default": "" + }, + "blake2s-256": { + "type": "string", + "description": "", + "default": "" + }, + "blake2b-256": { + "type": "string", + "description": "", + "default": "" + }, + "blake2b-512": { + "type": "string", + "description": "", + "default": "" + } + }, + "description": "" + }, + "OpenVEXComponentSchema": { + "type": "object", + "additionalProperties": false, + "properties": { + "@id": { + "type": "string", + "description": "", + "default": "" + }, + "identifiers": { + "$ref": "#/components/schemas/OpenVEXIdentifiersSchema" + }, + "hashes": { + "$ref": "#/components/schemas/OpenVEXHashesSchema" + } + } + }, "SocketRefList": { "type": "array", "items": { @@ -13347,6 +13650,103 @@ "x-readme": {} } }, + "/orgs/{org_slug}/export/openvex/{id}": { + "get": { + "tags": [ + "Full Scans" + ], + "summary": "Export OpenVEX Document (Beta)", + "operationId": "exportOpenVEX", + "parameters": [ + { + "name": "org_slug", + "in": "path", + "required": true, + "description": "The slug of the organization", + "schema": { + "type": "string" + } + }, + { + "name": "id", + "in": "path", + "required": true, + "description": "The full scan OR sbom report ID", + "schema": { + "type": "string" + } + }, + { + "name": "author", + "in": "query", + "required": false, + "description": "The author of the VEX document. Should be an individual or organization.", + "schema": { + "type": "string", + "default": "Socket Security" + } + }, + { + "name": "role", + "in": "query", + "required": false, + "description": "The role of the document author (e.g., \"VEX Generator\", \"Security Team\").", + "schema": { + "type": "string", + "default": "VEX Generator" + } + }, + { + "name": "document_id", + "in": "query", + "required": false, + "description": "Custom IRI for the VEX document. If not provided, a default IRI will be generated.", + "schema": { + "type": "string", + "default": "" + } + } + ], + "security": [ + { + "bearerAuth": [ + "report:read" + ] + }, + { + "basicAuth": [ + "report:read" + ] + } + ], + "description": "Export vulnerability exploitability data as an OpenVEX v0.2.0 document.\n\nOpenVEX (Vulnerability Exploitability eXchange) documents communicate the\nexploitability status of vulnerabilities in software products. This export\nincludes:\n\n- **Patch data**: Vulnerabilities fixed by applied Socket patches are marked as \"fixed\"\n- **Reachability analysis**: Code reachability determines if vulnerable code is exploitable:\n- Unreachable code → \"not_affected\" with justification\n- Reachable code → \"affected\"\n- Unknown/pending → \"under_investigation\"\n\nEach statement in the document represents a single artifact-vulnerability pair\nfor granular reachability information.\n\nThis endpoint consumes 1 unit of your quota.\n\nThis endpoint requires the following org token scopes:\n- report:read", + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OpenVEXDocumentSchema" + } + } + }, + "description": "OpenVEX v0.2.0 document" + }, + "400": { + "$ref": "#/components/responses/SocketBadRequest" + }, + "401": { + "$ref": "#/components/responses/SocketUnauthorized" + }, + "403": { + "$ref": "#/components/responses/SocketForbidden" + }, + "429": { + "$ref": "#/components/responses/SocketTooManyRequestsResponse" + } + }, + "x-readme": {} + } + }, "/orgs/{org_slug}/export/spdx/{id}": { "get": { "tags": [ diff --git a/types/api.d.ts b/types/api.d.ts index 52449cea..dd80d956 100644 --- a/types/api.d.ts +++ b/types/api.d.ts @@ -268,6 +268,31 @@ export interface paths { */ get: operations['exportCDX'] } + '/orgs/{org_slug}/export/openvex/{id}': { + /** + * Export OpenVEX Document (Beta) + * @description Export vulnerability exploitability data as an OpenVEX v0.2.0 document. + * + * OpenVEX (Vulnerability Exploitability eXchange) documents communicate the + * exploitability status of vulnerabilities in software products. This export + * includes: + * + * - **Patch data**: Vulnerabilities fixed by applied Socket patches are marked as "fixed" + * - **Reachability analysis**: Code reachability determines if vulnerable code is exploitable: + * - Unreachable code → "not_affected" with justification + * - Reachable code → "affected" + * - Unknown/pending → "under_investigation" + * + * Each statement in the document represents a single artifact-vulnerability pair + * for granular reachability information. + * + * This endpoint consumes 1 unit of your quota. + * + * This endpoint requires the following org token scopes: + * - report:read + */ + get: operations['exportOpenVEX'] + } '/orgs/{org_slug}/export/spdx/{id}': { /** * Export SPDX SBOM (Beta) @@ -1815,6 +1840,25 @@ export interface components { } }> } + OpenVEXDocumentSchema: { + /** @default https://openvex.dev/ns/v0.2.0 */ + '@context': string + /** @default */ + '@id': string + /** @default Socket Security */ + author: string + /** @default */ + timestamp: string + /** @default 1 */ + version: number + statements: Array + /** @default VEX Generator */ + role?: string + /** @default */ + last_updated?: string + /** @default Socket Security VEX Generator */ + tooling?: string + } SPDXManifestSchema: { /** @default SPDX-2.3 */ spdxVersion: string @@ -2429,6 +2473,32 @@ export interface components { }> components?: Array } + OpenVEXStatementSchema: { + vulnerability: components['schemas']['OpenVEXVulnerabilitySchema'] + products: Array + /** @default affected */ + status: string + /** @default */ + '@id'?: string + /** @default 0 */ + version?: number + /** @default */ + timestamp?: string + /** @default */ + last_updated?: string + /** @default */ + supplier?: string + /** @default */ + status_notes?: string + /** @default */ + justification?: string + /** @default */ + impact_statement?: string + /** @default */ + action_statement?: string + /** @default */ + action_statement_timestamp?: string + } LicenseAllowListElabbed: { strings: string[] classes: string[] @@ -4453,6 +4523,22 @@ export interface components { /** @description Reachability analysis results for each vulnerability */ results: Array } + OpenVEXVulnerabilitySchema: { + /** @default */ + name: string + /** @default */ + '@id'?: string + /** @default */ + description?: string + aliases?: string[] + } + OpenVEXProductSchema: { + /** @default */ + '@id': string + identifiers?: components['schemas']['OpenVEXIdentifiersSchema'] + hashes?: components['schemas']['OpenVEXHashesSchema'] + subcomponents?: Array + } SocketIssueBasics: { severity: components['schemas']['SocketIssueSeverity'] category: components['schemas']['SocketCategory'] @@ -4508,6 +4594,46 @@ export interface components { */ subprojectPath?: string } + OpenVEXIdentifiersSchema: { + /** @default */ + purl?: string + /** @default */ + cpe23?: string + /** @default */ + cpe22?: string + } + OpenVEXHashesSchema: { + /** @default */ + md5?: string + /** @default */ + sha1?: string + /** @default */ + 'sha-256'?: string + /** @default */ + 'sha-384'?: string + /** @default */ + 'sha-512'?: string + /** @default */ + 'sha3-224'?: string + /** @default */ + 'sha3-256'?: string + /** @default */ + 'sha3-384'?: string + /** @default */ + 'sha3-512'?: string + /** @default */ + 'blake2s-256'?: string + /** @default */ + 'blake2b-256'?: string + /** @default */ + 'blake2b-512'?: string + } + OpenVEXComponentSchema: { + /** @default */ + '@id'?: string + identifiers?: components['schemas']['OpenVEXIdentifiersSchema'] + hashes?: components['schemas']['OpenVEXHashesSchema'] + } SocketRefList: Array SocketRefFile: { /** @default */ @@ -5884,6 +6010,58 @@ export interface operations { 429: components['responses']['SocketTooManyRequestsResponse'] } } + /** + * Export OpenVEX Document (Beta) + * @description Export vulnerability exploitability data as an OpenVEX v0.2.0 document. + * + * OpenVEX (Vulnerability Exploitability eXchange) documents communicate the + * exploitability status of vulnerabilities in software products. This export + * includes: + * + * - **Patch data**: Vulnerabilities fixed by applied Socket patches are marked as "fixed" + * - **Reachability analysis**: Code reachability determines if vulnerable code is exploitable: + * - Unreachable code → "not_affected" with justification + * - Reachable code → "affected" + * - Unknown/pending → "under_investigation" + * + * Each statement in the document represents a single artifact-vulnerability pair + * for granular reachability information. + * + * This endpoint consumes 1 unit of your quota. + * + * This endpoint requires the following org token scopes: + * - report:read + */ + exportOpenVEX: { + parameters: { + query?: { + /** @description The author of the VEX document. Should be an individual or organization. */ + author?: string + /** @description The role of the document author (e.g., "VEX Generator", "Security Team"). */ + role?: string + /** @description Custom IRI for the VEX document. If not provided, a default IRI will be generated. */ + document_id?: string + } + path: { + /** @description The slug of the organization */ + org_slug: string + /** @description The full scan OR sbom report ID */ + id: string + } + } + responses: { + /** @description OpenVEX v0.2.0 document */ + 200: { + content: { + 'application/json': components['schemas']['OpenVEXDocumentSchema'] + } + } + 400: components['responses']['SocketBadRequest'] + 401: components['responses']['SocketUnauthorized'] + 403: components['responses']['SocketForbidden'] + 429: components['responses']['SocketTooManyRequestsResponse'] + } + } /** * Export SPDX SBOM (Beta) * @description Export a Socket SBOM as a SPDX SBOM