Exemptions

Access and modify Exemptions to Security Issues

Exemptions#ListExemptions

List a collection of Exemptions

Security
Request
query Parameters
accountId
required
string^[a-zA-Z0-9_-]{22}$

Harness Account ID

Example: accountId=abcdef1234567890ghijkl
page
integer <int64> >= 0
Default: 0

Page number to fetch (starting from 0)

Example: page=4
pageSize
integer <int64> [ 1 .. 100 ]
Default: 30

Number of results per page

Example: pageSize=50
header Parameters
X-Api-Key
string

Harness personal or service access token

Example: Aut corporis itaque modi dolorem.
Responses
200

OK response.

400

BadRequest: Bad Request response.

401

Unauthorized: Unauthorized response.

403

Forbidden: Forbidden response.

404

NotFound: Not Found response.

429

TooManyRequests: Too Many Requests response.

500

InternalServerError: Internal Server Error response.

get/sto/api/v2/exemptions
Request samples
Response samples
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

Exemptions#CreateExemption

Create a new Exemption

Security
Request
query Parameters
accountId
required
string^[a-zA-Z0-9_-]{22}$

Harness Account ID

Example: accountId=abcdef1234567890ghijkl
orgId
string <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$

ID of the Harness Organization to which the exemption applies. Cannot be specified alongside "targetId".

Examples:
orgId=your_project
projectId
string <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$

ID of the Harness Project to which the exemption applies. You must also specify "orgId". Cannot be specified alongside "targetId".

Examples:
projectId=your_project
header Parameters
X-Api-Key
string

Harness personal or service access token

Example: Nemo dolor ex ut.
Request Body schema: application/json
required
expiration
integer <int64>

Unix timestamp at which this Exemption will expire

issueId
required
string^[a-zA-Z0-9_-]{22}$

Issue ID associated with the Exemption

link
string <= 1024 characters

Link to a related ticket

required
object (PendingChanges)
pipelineId
string <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$

ID of the Harness Pipeline to which the exemption applies. You must also specify "projectId" and "orgId". Cannot be specified alongside "targetId".

reason
required
string <= 1024 characters

Text describing why this Exemption is necessary

requesterId
required
string^[a-zA-Z0-9_-]{22}$

User ID of user who requested this exemptions

targetId
string^[a-zA-Z0-9_-]{22}$

ID of the Target to which the exemption applies. Cannot be specified alongside "projectId" or "pipelineId".

type
required
string

Type of Exemption (Compensating Controls / Acceptable Use / Acceptable Risk / False Positive / Fix Unavailable / Other)

Enum: "Compensating Controls" "Acceptable Use" "Acceptable Risk" "False Positive" "Fix Unavailable" "Other"
Responses
200

OK response.

400

BadRequest: Bad Request response.

401

Unauthorized: Unauthorized response.

403

Forbidden: Forbidden response.

429

TooManyRequests: Too Many Requests response.

500

InternalServerError: Internal Server Error response.

post/sto/api/v2/exemptions
Request samples
application/json
{
  • "expiration": 1651578240,
  • "issueId": "abcdef1234567890ghijkl",
  • "pendingChanges": {
    },
  • "pipelineId": "your_pipeline",
  • "reason": "Waiting on upstream bug fix",
  • "requesterId": "user111111111111111111",
  • "targetId": "abcdef1234567890ghijkl",
  • "type": "Other"
}
Response samples
application/json
{
  • "id": "abcdef1234567890ghijkl"
}

Exemptions#FindExemptionById

Find Exemption by ID

Security
Request
path Parameters
id
required
string^[a-zA-Z0-9_-]{22}$

The ID of the Exemption to retrieve

Example: abcdef1234567890ghijkl
query Parameters
accountId
required
string^[a-zA-Z0-9_-]{22}$

Harness Account ID

Example: accountId=abcdef1234567890ghijkl
header Parameters
X-Api-Key
string

Harness personal or service access token

Example: Reprehenderit voluptatem tempora recusandae quo.
Responses
200

OK response.

400

BadRequest: Bad Request response.

401

Unauthorized: Unauthorized response.

403

Forbidden: Forbidden response.

404

NotFound: Not Found response.

429

TooManyRequests: Too Many Requests response.

500

InternalServerError: Internal Server Error response.

get/sto/api/v2/exemptions/{id}
Request samples
Response samples
application/json
{
  • "approverId": "user111111111111111111",
  • "created": 1651578240,
  • "expiration": 1651578240,
  • "id": "abcdef1234567890ghijkl",
  • "issueId": "abcdef1234567890ghijkl",
  • "lastModified": 1651578240,
  • "orgId": "your_project",
  • "pendingChanges": {
    },
  • "pipelineId": "your_pipeline",
  • "projectId": "your_project",
  • "reason": "Waiting on upstream bug fix",
  • "requesterId": "user111111111111111111",
  • "status": "Expired",
  • "targetId": "abcdef1234567890ghijkl",
  • "type": "Other"
}

Exemptions#UpdateExemption

Update an existing Exemption

Security
Request
path Parameters
id
required
string^[a-zA-Z0-9_-]{22}$

The ID of the Exemption to update

Example: abcdef1234567890ghijkl
query Parameters
accountId
required
string^[a-zA-Z0-9_-]{22}$

Harness Account ID

Example: accountId=abcdef1234567890ghijkl
orgId
string <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$

ID of the Harness Organization to which the exemption applies. Cannot be specified alongside "targetId".

Examples:
orgId=your_project
projectId
string <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$

ID of the Harness Project to which the exemption applies. You must also specify "orgId". Cannot be specified alongside "targetId".

Examples:
projectId=your_project
header Parameters
X-Api-Key
string

Harness personal or service access token

Example: Vero tempore eligendi temporibus aut nam.
Request Body schema: application/json
required
expiration
integer <int64>

Unix timestamp at which this Exemption will expire

link
string <= 1024 characters

Link to a related ticket

required
object (PendingChanges)
pipelineId
string <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$

ID of the Harness Pipeline to which the exemption applies. You must also specify "projectId" and "orgId". Cannot be specified alongside "targetId".

reason
required
string <= 1024 characters

Text describing why this Exemption is necessary

requesterId
required
string^[a-zA-Z0-9_-]{22}$

User ID of user who requested this exemptions

targetId
string^[a-zA-Z0-9_-]{22}$

ID of the Target to which the exemption applies. Cannot be specified alongside "projectId" or "pipelineId".

type
required
string

Type of Exemption (Compensating Controls / Acceptable Use / Acceptable Risk / False Positive / Fix Unavailable / Other)

Enum: "Compensating Controls" "Acceptable Use" "Acceptable Risk" "False Positive" "Fix Unavailable" "Other"
Responses
200

OK response.

400

BadRequest: Bad Request response.

401

Unauthorized: Unauthorized response.

403

Forbidden: Forbidden response.

404

NotFound: Not Found response.

429

TooManyRequests: Too Many Requests response.

500

InternalServerError: Internal Server Error response.

put/sto/api/v2/exemptions/{id}
Request samples
application/json
{
  • "expiration": 1651578240,
  • "pendingChanges": {
    },
  • "pipelineId": "your_pipeline",
  • "reason": "Waiting on upstream bug fix",
  • "requesterId": "user111111111111111111",
  • "targetId": "abcdef1234567890ghijkl",
  • "type": "Other"
}
Response samples
application/json
{
  • "approverId": "user111111111111111111",
  • "created": 1651578240,
  • "expiration": 1651578240,
  • "id": "abcdef1234567890ghijkl",
  • "issueId": "abcdef1234567890ghijkl",
  • "lastModified": 1651578240,
  • "orgId": "your_project",
  • "pendingChanges": {
    },
  • "pipelineId": "your_pipeline",
  • "projectId": "your_project",
  • "reason": "Waiting on upstream bug fix",
  • "requesterId": "user111111111111111111",
  • "status": "Expired",
  • "targetId": "abcdef1234567890ghijkl",
  • "type": "Other"
}

Exemptions#ApproveExemption

Approve/reject an existing Exemption

Security
Request
path Parameters
id
required
string^[a-zA-Z0-9_-]{22}$

The ID of the Exemption to update

Example: abcdef1234567890ghijkl
action
required
string

The approval action to take on the Exemption

Enum: "approve" "reject"
Example: approve
query Parameters
accountId
required
string^[a-zA-Z0-9_-]{22}$

Harness Account ID

Example: accountId=abcdef1234567890ghijkl
orgId
string <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$

Harness Organization ID

Examples:
orgId=example_org
projectId
string <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$

Harness Project ID

Examples:
projectId=example_project
header Parameters
X-Api-Key
string

Harness personal or service access token

Example: Voluptas voluptatum vel error laudantium tempore.
Request Body schema: application/json
required
approverId
required
string^[a-zA-Z0-9_-]{22}$

User ID the user who approved or rejected this exemptions

Responses
200

OK response.

400

BadRequest: Bad Request response.

401

Unauthorized: Unauthorized response.

403

Forbidden: Forbidden response.

404

NotFound: Not Found response.

429

TooManyRequests: Too Many Requests response.

500

InternalServerError: Internal Server Error response.

put/sto/api/v2/exemptions/{id}/{action}
Request samples
application/json
{
  • "approverId": "user111111111111111111"
}
Response samples
application/json
{
  • "approverId": "user111111111111111111",
  • "created": 1651578240,
  • "expiration": 1651578240,
  • "id": "abcdef1234567890ghijkl",
  • "issueId": "abcdef1234567890ghijkl",
  • "lastModified": 1651578240,
  • "orgId": "your_project",
  • "pendingChanges": {
    },
  • "pipelineId": "your_pipeline",
  • "projectId": "your_project",
  • "reason": "Waiting on upstream bug fix",
  • "requesterId": "user111111111111111111",
  • "status": "Expired",
  • "targetId": "abcdef1234567890ghijkl",
  • "type": "Other"
}