Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 68. Vulnerability Exception Service

68.1. Vulnerability Exception Service
Copy link

68.1.1. ApproveVulnerabilityException
Copy link

POST /v2/vulnerability-exceptions/{id}/approve

ApproveVulnerabilityException approves a vulnerability exception. Once approved, the exception is enforced. The associated vulnerabilities are excluded from policy evaluation and risk evaluation, and the vulnerabilities may not appear in certain APIs responses by default.

68.1.1.1. Description
Copy link

68.1.1.2. Parameters
Copy link

68.1.1.2.1. Path Parameters
Copy link
Expand
NameDescriptionRequiredDefaultPattern

id

REQUIRED. The ID of vulnerability exception to be approved.

X

null

 
68.1.1.2.2. Body Parameter
Copy link
Expand
NameDescriptionRequiredDefaultPattern

body

VulnerabilityExceptionServiceApproveVulnerabilityExceptionBody

X

  

68.1.1.3. Return Type
Copy link

V2ApproveVulnerabilityExceptionResponse

68.1.1.4. Content Type
Copy link

  • application/json

68.1.1.5. Responses
Copy link

Expand
Table 68.1. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V2ApproveVulnerabilityExceptionResponse

0

An unexpected error response.

RpcStatus

68.1.1.6. Samples
Copy link

68.1.2. CancelVulnerabilityException
Copy link

POST /v2/vulnerability-exceptions/{id}/cancel

CancelVulnerabilityException cancels a vulnerability exception. Once cancelled, an approved exception is no longer enforced. Cancelled exceptions are garbage collected as per the retention configuration .expiredVulnReqRetentionDurationDays (GET /v1/config/).

68.1.2.1. Description
Copy link

68.1.2.2. Parameters
Copy link

68.1.2.2.1. Path Parameters
Copy link
Expand
NameDescriptionRequiredDefaultPattern

id

 

X

null

 

68.1.2.3. Return Type
Copy link

V2CancelVulnerabilityExceptionResponse

68.1.2.4. Content Type
Copy link

  • application/json

68.1.2.5. Responses
Copy link

Expand
Table 68.2. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V2CancelVulnerabilityExceptionResponse

0

An unexpected error response.

RpcStatus

68.1.2.6. Samples
Copy link

68.1.3. CreateDeferVulnerabilityException
Copy link

POST /v2/vulnerability-exceptions/deferral

CreateDeferVulnerabilityException creates an exception request to defer specified vulnerabilities. Once an exception is created, it remains in the PENDING state until the approval. The exception is enforced only after it is approved. Once the exception expires, it is garbage collected as per the retention configuration .expiredVulnReqRetentionDurationDays (GET`/v1/config/`)

68.1.3.1. Description
Copy link

68.1.3.2. Parameters
Copy link

68.1.3.2.1. Body Parameter
Copy link
Expand
NameDescriptionRequiredDefaultPattern

body

V2CreateDeferVulnerabilityExceptionRequest

X

  

68.1.3.3. Return Type
Copy link

V2CreateDeferVulnerabilityExceptionResponse

68.1.3.4. Content Type
Copy link

  • application/json

68.1.3.5. Responses
Copy link

Expand
Table 68.3. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V2CreateDeferVulnerabilityExceptionResponse

0

An unexpected error response.

RpcStatus

68.1.3.6. Samples
Copy link

68.1.4. CreateFalsePositiveVulnerabilityException
Copy link

POST /v2/vulnerability-exceptions/false-positive

CreateFalsePositiveVulnerabilityException creates an exception request to mark specified vulnerabilities as false positive. Once an exception is created, it remains in the PENDING state until the approval. The exception is enforced only after it is approved.

68.1.4.1. Description
Copy link

68.1.4.2. Parameters
Copy link

68.1.4.2.1. Body Parameter
Copy link
Expand
NameDescriptionRequiredDefaultPattern

body

V2CreateFalsePositiveVulnerabilityExceptionRequest

X

  

68.1.4.3. Return Type
Copy link

V2CreateFalsePositiveVulnerabilityExceptionResponse

68.1.4.4. Content Type
Copy link

  • application/json

68.1.4.5. Responses
Copy link

Expand
Table 68.4. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V2CreateFalsePositiveVulnerabilityExceptionResponse

0

An unexpected error response.

RpcStatus

68.1.4.6. Samples
Copy link

68.1.5. DeleteVulnerabilityException
Copy link

DELETE /v2/vulnerability-exceptions/{id}

DeleteVulnerabilityException deletes a vulnerability exception. Only pending exceptions and pending updates to an enforced exception can be deleted. To revert an exception use cancel API. All exceptions are retained in the system according to the retention configuration.

68.1.5.1. Description
Copy link

68.1.5.2. Parameters
Copy link

68.1.5.2.1. Path Parameters
Copy link
Expand
NameDescriptionRequiredDefaultPattern

id

 

X

null

 

68.1.5.3. Return Type
Copy link

Object

68.1.5.4. Content Type
Copy link

  • application/json

68.1.5.5. Responses
Copy link

Expand
Table 68.5. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

Object

0

An unexpected error response.

RpcStatus

68.1.5.6. Samples
Copy link

68.1.6. DenyVulnerabilityException
Copy link

POST /v2/vulnerability-exceptions/{id}/deny

DenyVulnerabilityException denies a vulnerability exception. Denied exceptions are inactive and are garbage collected as per the retention configuration .expiredVulnReqRetentionDurationDays (GET`/v1/config/`)

68.1.6.1. Description
Copy link

68.1.6.2. Parameters
Copy link

68.1.6.2.1. Path Parameters
Copy link
Expand
NameDescriptionRequiredDefaultPattern

id

REQUIRED. The ID of vulnerability exception to be denied.

X

null

 
68.1.6.2.2. Body Parameter
Copy link
Expand
NameDescriptionRequiredDefaultPattern

body

VulnerabilityExceptionServiceDenyVulnerabilityExceptionBody

X

  

68.1.6.3. Return Type
Copy link

V2DenyVulnerabilityExceptionResponse

68.1.6.4. Content Type
Copy link

  • application/json

68.1.6.5. Responses
Copy link

Expand
Table 68.6. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V2DenyVulnerabilityExceptionResponse

0

An unexpected error response.

RpcStatus

68.1.6.6. Samples
Copy link

68.1.7. GetVulnerabilityException
Copy link

GET /v2/vulnerability-exceptions/{id}

GetVulnerabilityException returns the vulnerability exception with specified ID.

68.1.7.1. Description
Copy link

68.1.7.2. Parameters
Copy link

68.1.7.2.1. Path Parameters
Copy link
Expand
NameDescriptionRequiredDefaultPattern

id

 

X

null

 

68.1.7.3. Return Type
Copy link

V2GetVulnerabilityExceptionResponse

68.1.7.4. Content Type
Copy link

  • application/json

68.1.7.5. Responses
Copy link

Expand
Table 68.7. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V2GetVulnerabilityExceptionResponse

0

An unexpected error response.

RpcStatus

68.1.7.6. Samples
Copy link

68.1.8. ListVulnerabilityExceptions
Copy link

GET /v2/vulnerability-exceptions

ListVulnerabilityExceptions returns a list of vulnerability exceptions.

68.1.8.1. Description
Copy link

68.1.8.2. Parameters
Copy link

68.1.8.2.1. Query Parameters
Copy link
Expand
NameDescriptionRequiredDefaultPattern

query

 

-

null

 

pagination.limit

 

-

null

 

pagination.offset

 

-

null

 

pagination.sortOption.field

 

-

null

 

pagination.sortOption.reversed

 

-

null

 

pagination.sortOption.aggregateBy.aggrFunc

 

-

UNSET

 

pagination.sortOption.aggregateBy.distinct

 

-

null

 

68.1.8.3. Return Type
Copy link

V2ListVulnerabilityExceptionsResponse

68.1.8.4. Content Type
Copy link

  • application/json

68.1.8.5. Responses
Copy link

Expand
Table 68.8. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V2ListVulnerabilityExceptionsResponse

0

An unexpected error response.

RpcStatus

68.1.8.6. Samples
Copy link

68.1.9. UpdateVulnerabilityException
Copy link

PATCH /v2/vulnerability-exceptions/{id}

UpdateVulnerabilityException updates an existing vulnerability exception. The update is enforced only once it is approved. Currently only the following can be updated: - CVEs and expiry of the deferral exceptions - CVEs of the false positive exception

68.1.9.1. Description
Copy link

68.1.9.2. Parameters
Copy link

68.1.9.2.1. Path Parameters
Copy link
Expand
NameDescriptionRequiredDefaultPattern

id

REQUIRED. The ID of vulnerability exception to be updated.

X

null

 
68.1.9.2.2. Body Parameter
Copy link
Expand
NameDescriptionRequiredDefaultPattern

body

VulnerabilityExceptionServiceUpdateVulnerabilityExceptionBody

X

  

68.1.9.3. Return Type
Copy link

V2UpdateVulnerabilityExceptionResponse

68.1.9.4. Content Type
Copy link

  • application/json

68.1.9.5. Responses
Copy link

Expand
Table 68.9. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V2UpdateVulnerabilityExceptionResponse

0

An unexpected error response.

RpcStatus

68.1.9.6. Samples
Copy link

Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2026 Red HatBack to top