REST API v1
Note
Functions of FOSSLight can be called with REST API.
REST API V1 will be supported until the end of March. Please use REST API V2 starting in April.
How to start
Create a TOKEN
TOKEN must be issued to call REST API.
- Sign in as Admin account.
- You can issue tokens for each user in the System > User Management tab.
Test REST API
REST API List
1. Check OSS & License information
| API | Response format | Description |
|---|---|---|
| /api/v1/downloadlocation_search | JSON | Search OSS information by download location. |
| /api/v1/license_search | JSON | Search license information by license name. |
| /api/v1/oss_search | JSON | Search OSS information by OSS Name and Version. |
2. Check 3rd Party information
| API | Response format | Description |
|---|---|---|
| /api/v1/partner_search | JSON | Get 3rd party information. |
| /api/v1/partner_watcher_add | - | Add watcher of 3rd Party project. |
3. Check project information, upload FOSSLight Report/Packaging, export/comparison of BOM.
| API | Response format | Description |
|---|---|---|
| /api/v1/create_project | JSON | Create a Project and the generated project's ID is returned. |
| /api/v1/model_search | JOSN | Get the Model List for the Project. (Maximum number of Return Items: 1000) - Project ID, Category, Model, Name, Release Date |
| /api/v1/model_update | JSON | Update model information in Project's Basic Information and Distribution tab with model information string list. - Model information String list (format . MODEL_NAME|Category|Release Date) - ex) MODEL_NAME|ETC > Etc|20220428 |
| /api/v1/model_update_upload_file | JSON | Update model information in Project's Basic Information and Distribution tab with excel file of model list. - Excel file of model list : Project > Basic Information tab > Click Download button. |
| /api/v1/oss_report_bin | - | Upload FOSSLight Report to BIN Tab. If data already exists in the OSS Table, the FOSSLight Report uploaded after reset. (Loaded Sheet Name : "BIN") |
| /api/v1/oss_report_src | - | Upload FOSSLight Report to SRC Tab. If data already exists in the OSS Table, the FOSSLight Report uploaded after reset. (Loaded Sheet Name : "SRC") |
| /api/v1/package_upload | - | Upload the Packaging file to the Packaging tab. If packaging files have already been uploaded, an additional packaging file is uploaded. Packaging file upload result will be sent by mail. |
| /api/v1/prj_bom_compare | JSON | Compare the OSS Name, OSS Version, and License of the two projects' BOM. |
| /api/v1/prj_bom_export | File | Download the result file exported from the BOM of the project. |
| /api/v1/prj_bom_export_json | JSON | Returns the result exported from the project's BOM in json format. |
| /api/v1/prj_search | JSON | Get project information. |
| /api/v1/prj_watcher_add | - | Add watcher of project. |
4. Check Vulnerability information
| API | Response format | Description |
|---|---|---|
| /api/v1/vulnerability_data | JSON | Search OSS Name, CVE-ID for each version, CVSS Score, and NVD Link. |
| /api/v1/vulnerability_max_data | JSON | Search max score and the NVD link by OSS Name and Version. |
5. Create Self-Check and register FOSSLight Report
| API | Response format | Description |
|---|---|---|
| /api/v1/create_selfcheck | JSON | Create a Self-Check Project and the generated Self-Check's ID is returned. |
| /api/v1/oss_report_selfcheck | - | Upload FOSSLight Report to Self-Check. If data already exists in the OSS Table, the FOSSLight Report uploaded after reset. (Loaded Sheet Name : "Self-Check") |
| /api/v1/export_selfcheck | File | Download the result file exported from the Self-Check project. |
| /api/v1/selfcheck_watcher_add | - | Add watcher of Self-Check project. |
6. Check the value of the code used when using API
| API | Response format | Description |
|---|---|---|
| /api/v1/code_search | JSON | Search the list of values of the parameters to be used when searching for Project, 3rd Party, and creating a project. |
7. Error Code
| Return Code | Description | Error Message |
|---|---|---|
| 200 | User does not exist. | User does not exist. |
| 210 | There is an error in the TOKEN value. | There is an error in the TOKEN value. |
| 310 | The parameter is invalid. | The parameter is invalid. |
| 320 | The number of project and self-check creations has been exceeded. (Up to 3 creations per day using API) | The number of projects and self-checks that can be created has been exceeded. (Up to 3 per day) |
| 330 | When registering files such as OSS Report, an error occurred during validation check for the created data. | There is an error in the data written in the file. |
| 400 | Files to upload (ex-OSS Report, NOTICE, result.txt, Packaging files) are missing. | The file to upload is missing. |
| 410 | It is the case that the size of OSS Report and Packaging file is exceeded. (Maximum Size: OSS Report -5MB, Packaging file- 4GB) | File size exceeded. (Max size: 5MB for oss report, 4GB for packaging file) |
| 420 | The registered files are extensions that are not supported. | The registered files are extensions that are not supported. |
| 430 | The tab you are trying to upload is not active. Please check the Distribution type and the tab to upload. | The tab you are trying to upload is not active. |
| 440 | When there is no Sheet name to load | The [Sheet_name] sheet name cannot be found |
| 440 | When there are no rows to load in the uploaded file | There is no data to load. |
| 500 | You do not have permission. (ex: When a non-public project is viewed by a user other than a Watcher or Creator) | You do not have permission. |
| 999 | Unknown Error. | Unknown error. |
REST API Sample
Example of searching project information of user and admin accounts using prj_search
# SPDX-FileCopyrightText: Copyright 2023 LG Electronics Inc.
# SPDX-License-Identifier: Apache-2.0
import csv
import requests
from datetime import datetime
from collections import OrderedDict
header_list = ['prjId', 'prjName', 'prjVersion', 'createDate', 'updateDate', 'identificationStatus', 'verificationStatus', 'distributionStatus', 'status', 'vulnerabilityScore', 'distributionType', 'notice', 'networkService', 'priority', 'noticePlatform']
def get_data(period, user):
url = "https://demo.fosslight.org/api/v1/prj_search"
querystring = {"createDate":period,"creator":user}
payload = ""
headers = {"_token": "abCDe...."}
response = requests.request("GET", url, data=payload, headers=headers, params=querystring, verify=False)
# print(response.text)
data = response.json()['data']
content_list = data['content']
data_list = []
for content in content_list:
data = OrderedDict()
for header in header_list:
if header in content.keys():
data[header] = content[header]
else:
data[header] = ''
data_list.append(data)
return data_list
if __name__ == "__main__":
current_year = datetime.now().year
content_list = []
content_list.extend(get_data('20220101-{0}1231'.format(current_year), "user"))
content_list.extend(get_data('20220101-{0}1231'.format(current_year), "admin"))
content_list.sort(key=lambda x:x['prjId'],reverse=True)
with open('api_data.csv','w',encoding='utf-8',newline='') as f:
wr = csv.writer(f)
wr.writerow(header_list)
for content in content_list:
wr.writerow(list(content.values()))