Vulnerabilities API - GET remediation items

Lists the remediation tracking process groups of a third-party vulnerability (or, in the case of Kubernetes vulnerabilities, the remediation tracking Kubernetes nodes).

The request produces an application/json payload.

GET	ManagedDynatrace for Government	`https://{your-domain}/e/{your-environment-id}/api/v2/securityProblems/{id}/remediationItems`
	SaaS	`https://{your-environment-id}.live.dynatrace.com/api/v2/securityProblems/{id}/remediationItems`
	Environment ActiveGate	`https://{your-activegate-domain}/e/{your-environment-id}/api/v2/securityProblems/{id}/remediationItems`

Authentication

To execute this request, you need an access token with securityProblems.read scope.

To learn how to obtain and use it, see Tokens and authentication.

Parameters

Parameter Type Description In Required

string

Parameter	Type	Description	In	Required
id	string	The ID of the required third-party security problem.	path	required
remediationItemSelector	string	Defines the scope of the query. Only remediable entities matching the specified criteria are included in the response. You can add one or more of the following criteria. Values are not case-sensitive and the `EQUALS` operator is used unless otherwise specified. Vulnerability state: `vulnerabilityState("value")`. Find the possible values in the description of the vulnerabilityState field of the response. If not set, all entities are returned. Muted: `muted("value")`. Possible values are `TRUE` or `FALSE`. Reachable data asset assessment: `assessment.dataAssets("value")` Possible values are `REACHABLE`, and `NOT_DETECTED`. Network exposure assessment: `assessment.exposure("value")` Possible values are `PUBLIC_NETWORK`, and `NOT_DETECTED`. Vulnerable function usage assessment: `assessment.vulnerableFunctionUsage("value")` Possible values are `IN_USE`, and `NOT_IN_USE`. Vulnerable function in use contains: `assessment.vulnerableFunctionInUseContains("value")`. Possible values are `class::function`, `class::` and `function`. The `CONTAINS` operator is used. Only vulnerable functions in use are considered. Assessment accuracy: `assessment.accuracy("value")` Possible values are `FULL` and `REDUCED`. Entity name contains: `entityNameContains("value-1")`. The `CONTAINS` operator is used. To set several criteria, separate them with a comma (`,`). Only results matching all criteria are included in the response. Specify the value of a criterion as a quoted string. The following special characters must be escaped with a tilde (`~`) inside quotes: Tilde `~` Quote `"`	query	optional

The ID of the required third-party security problem.

path

required

remediationItemSelector

string

Defines the scope of the query. Only remediable entities matching the specified criteria are included in the response.

You can add one or more of the following criteria. Values are not case-sensitive and the EQUALS operator is used unless otherwise specified.

Vulnerability state: vulnerabilityState("value"). Find the possible values in the description of the vulnerabilityState field of the response. If not set, all entities are returned.
Muted: muted("value"). Possible values are TRUE or FALSE.
Reachable data asset assessment: assessment.dataAssets("value") Possible values are REACHABLE, and NOT_DETECTED.
Network exposure assessment: assessment.exposure("value") Possible values are PUBLIC_NETWORK, and NOT_DETECTED.
Vulnerable function usage assessment: assessment.vulnerableFunctionUsage("value") Possible values are IN_USE, and NOT_IN_USE.
Vulnerable function in use contains: assessment.vulnerableFunctionInUseContains("value"). Possible values are class::function, class:: and function. The CONTAINS operator is used. Only vulnerable functions in use are considered.
Assessment accuracy: assessment.accuracy("value") Possible values are FULL and REDUCED.
Entity name contains: entityNameContains("value-1"). The CONTAINS operator is used.

To set several criteria, separate them with a comma (,). Only results matching all criteria are included in the response.

Specify the value of a criterion as a quoted string. The following special characters must be escaped with a tilde (~) inside quotes:

Tilde ~
Quote "

query

optional

Response

Response codes

Code	Type	Description
200	RemediationItemList	Success. The response contains the list of remediation items of a problem.

Response body objects

The `RemediationItemList` object

A list of remediation items.

Element	Type	Description
remediationItems	RemediationItem[]	A list of remediation items.

The `RemediationItem` object

A possible remediation for a security problem.

Element	Type	Description
assessment	RemediationAssessment	Assessment of the remediation item.
entityIds	string[]	-
firstAffectedTimestamp	integer	-
id	string	-
muteState	RemediationItemMuteState	The mute state of a remediation item of a security problem.
name	string	-
remediationProgress	RemediationProgress	The progress of this remediation item. It contains affected and unaffected entities.
resolvedTimestamp	integer	-
vulnerabilityState	string	- The element can hold these values `RESOLVED` `VULNERABLE`
vulnerableComponents	VulnerableComponent[]	A list of vulnerable components of the remediation item. A vulnerable component is what causes the security problem.

The `RemediationAssessment` object

Assessment of the remediation item.

Element	Type	Description
dataAssets	string	The reachability of related data assets by affected entities. The element can hold these values `NOT_AVAILABLE` `NOT_DETECTED` `REACHABLE`
exposure	string	The level of exposure of affected entities. The element can hold these values `NOT_AVAILABLE` `NOT_DETECTED` `PUBLIC_NETWORK`
numberOfDataAssets	integer	The number of related data assets.
vulnerableFunctionUsage	string	The usage of vulnerable functions The element can hold these values `IN_USE` `NOT_AVAILABLE` `NOT_IN_USE`
vulnerableFunctionsInUse	VulnerableFunction[]	A list of vulnerable functions that are in use.
vulnerableFunctionsNotAvailable	VulnerableFunction[]	A list of vulnerable functions that are not available.
vulnerableFunctionsNotInUse	VulnerableFunction[]	A list of vulnerable functions that are not in use.

The `VulnerableFunction` object

Defines an vulnerable function.

Element	Type	Description
className	string	The class name of the vulnerable function.
filePath	string	The file path of the vulnerable function.
functionName	string	The function name of the vulnerable function.

The `RemediationItemMuteState` object

The mute state of a remediation item of a security problem.

Element	Type	Description
comment	string	A short comment about the most recent mute state change.
lastUpdatedTimestamp	integer	The timestamp (UTC milliseconds) of the last update of the mute state.
muted	boolean	The remediation is (`true`) or is not (`false`) muted.
reason	string	The reason for the most recent mute state change. The element can hold these values `AFFECTED` `CONFIGURATION_NOT_AFFECTED` `FALSE_POSITIVE` `IGNORE` `INITIAL_STATE` `OTHER` `VULNERABLE_CODE_NOT_IN_USE`
user	string	The user who last changed the mute state.

The `RemediationProgress` object

The progress of this remediation item. It contains affected and unaffected entities.

Element	Type	Description
affectedEntities	string[]	A list of related entities that are affected by the security problem.
unaffectedEntities	string[]	A list of related entities that are affected by the security problem.

The `VulnerableComponent` object

Vulnerable component of a security problem.

Element	Type	Description
affectedEntities	string[]	A list of affected entities.
displayName	string	The display name of the vulnerable component.
fileName	string	The file name of the vulnerable component.
id	string	The Dynatrace entity ID of the vulnerable component.
numberOfAffectedEntities	integer	The number of affected entities.
shortName	string	The short, component-only name of the vulnerable component.

Response body JSON model

json
{
  "remediationItems": [
    {
      "assessment": {
        "dataAssets": "NOT_AVAILABLE",
        "exposure": "NOT_AVAILABLE",
        "numberOfDataAssets": 1,
        "vulnerableFunctionUsage": "IN_USE",
        "vulnerableFunctionsInUse": [
          {
            "className": "string",
            "filePath": "string",
            "functionName": "string"
          }
        ],
        "vulnerableFunctionsNotAvailable": [
          {}
        ],
        "vulnerableFunctionsNotInUse": [
          {}
        ]
      },
      "entityIds": [
        "string"
      ],
      "firstAffectedTimestamp": 1,
      "id": "string",
      "muteState": {
        "comment": "string",
        "lastUpdatedTimestamp": 1,
        "muted": true,
        "reason": "AFFECTED",
        "user": "string"
      },
      "name": "string",
      "remediationProgress": {
        "affectedEntities": [
          "string"
        ],
        "unaffectedEntities": [
          "string"
        ]
      },
      "resolvedTimestamp": 1,
      "vulnerabilityState": "RESOLVED",
      "vulnerableComponents": [
        {
          "affectedEntities": [
            "string"
          ],
          "displayName": "string",
          "fileName": "string",
          "id": "string",
          "numberOfAffectedEntities": 1,
          "shortName": "string"
        }
      ]
    }
  ]
}

Example

In this example, the request lists remediation items of the security problem with the ID of 3_SNYK-JAVA-IONETTY-1042268. The response is truncated to two entries.

The API token is passed in the Authorization header.

Curl

bash
curl --request GET \
  --url https://mySampleEnv.live.dynatrace.com/api/v2/securityProblems/3_SNYK-JAVA-IONETTY-1042268/remediationItems \
  --header 'Authorization: Api-Token dt0c01.abc123.abcdefjhij1234567890'

Request URL

plaintext
https://mySampleEnv.live.dynatrace.com/api/v2/securityProblems/3_SNYK-JAVA-IONETTY-1042268/remediationItems

Response body

json
{
  "remediationItems": [
    {
      "id": "PROCESS_GROUP-70DF2C1374244F5A",
      "entityIds": [
        "PROCESS_GROUP-70DF2C1374244F5A"
      ],
      "name": "KpiTomcatBackEnd-CWS-1-IG-144-HG",
      "firstAffectedTimestamp": 1633531037359,
      "assessment": {
        "exposure": "NOT_DETECTED",
        "dataAssets": "REACHABLE"
      },
      "vulnerabilityState": "VULNERABLE",
      "muteState": {
        "muted": false,
        "user": "unknown",
        "reason": "INITIAL_STATE"
      },
      "vulnerableComponents": [
        {
          "id": "SOFTWARE_COMPONENT-2559CD116033C217",
          "displayName": "io.software.component.1.1",
          "fileName": "io.software.component.1.1.jar",
          "numberOfAffectedEntities": 2,
          "affectedEntities": [
            "PROCESS_GROUP_INSTANCE-3684888745E180D5",
            "PROCESS_GROUP_INSTANCE-8F100796B9296962"
          ]
        },
        {
          "id": "SOFTWARE_COMPONENT-0A679AA673B2B525",
          "displayName": "io.software.component.loader.2.0.Final",
          "fileName": "io.software.component.loader.2.0.jar",
          "numberOfAffectedEntities": 4,
          "affectedEntities": [
            "PROCESS_GROUP_INSTANCE-0D133F13A28B477A",
            "PROCESS_GROUP_INSTANCE-258962DC804FEDBC",
            "PROCESS_GROUP_INSTANCE-3684888745E180D5",
            "PROCESS_GROUP_INSTANCE-B79C2594071FBF6C"
          ]
        }
      ],
      "remediationProgress": {
        "affectedEntities": [
          "PROCESS_GROUP_INSTANCE-0D133F13A28B477A",
          "PROCESS_GROUP_INSTANCE-258962DC804FEDBC",
          "PROCESS_GROUP_INSTANCE-3684888745E180D5",
          "PROCESS_GROUP_INSTANCE-8F100796B9296962",
          "PROCESS_GROUP_INSTANCE-B79C2594071FBF6C"
        ],
        "unaffectedEntities": [
          "PROCESS_GROUP_INSTANCE-63AD33941D667CAC",
          "PROCESS_GROUP_INSTANCE-E20A5DDF167AF3B8",
          "PROCESS_GROUP_INSTANCE-F1166B3AB1F4312D",
          "PROCESS_GROUP_INSTANCE-F9D0250A7432521D",
          "PROCESS_GROUP_INSTANCE-FF1B355E4E252FA1"
        ]
      }
    },
    {
      "id": "PROCESS_GROUP-18407614632D87A6",
      "entityIds": [
        "PROCESS_GROUP-18407614632D87A6"
      ],
      "name": "KpiTomcatFrontEnd-CWS-1-IG-67-HG",
      "firstAffectedTimestamp": 1633531037359,
      "assessment": {
        "exposure": "PUBLIC_NETWORK",
        "dataAssets": "NOT_DETECTED"
      },
      "resolvedTimestamp": 1636096094323,
      "vulnerabilityState": "RESOLVED",
      "muteState": {
        "muted": false,
        "user": "unknown",
        "reason": "INITIAL_STATE"
      },
      "vulnerableComponents": [
        {
          "id": "SOFTWARE_COMPONENT-2559CD116033C217",
          "displayName": "io.software.component.1.1.Final",
          "fileName": "io.software.component.1.1.jar",
          "numberOfAffectedEntities": 1,
          "affectedEntities": [
            "PROCESS_GROUP_INSTANCE-41115D4B6F8BFEEC"
          ]
        }
      ],
      "remediationProgress": {
        "affectedEntities": [
          "PROCESS_GROUP_INSTANCE-41115D4B6F8BFEEC"
        ],
        "unaffectedEntities": [
          "PROCESS_GROUP_INSTANCE-0189CF4780B4B872",
          "PROCESS_GROUP_INSTANCE-2D54D85C45C0BA57",
          "PROCESS_GROUP_INSTANCE-3E6373ACEA9DE722",
          "PROCESS_GROUP_INSTANCE-47BCF72F93FF9528",
          "PROCESS_GROUP_INSTANCE-6B5EF5C1A5ED42D0",
          "PROCESS_GROUP_INSTANCE-BA18DB16A7A28A04",
          "PROCESS_GROUP_INSTANCE-BCAECCB29AB12462",
          "PROCESS_GROUP_INSTANCE-DD3CD2024A06BB5B",
          "PROCESS_GROUP_INSTANCE-DE5B280889AC6569"
        ]
      }
    }
  ]
}

Response code

200