The Compiler tile provides information on the language of the compiler(s) detected in a repository. On the tile itself, the language's name will be displayed if only one compiler is detected. If more than one compiler is detected, the number of compilers will be displayed. Selecting the tile will provide additional data, including the compiler version. Compiler Detection Currently, Ion Channel can detect compilers for repositories configured for Travis CI. The compilers are detected within the .travis.yaml using the  language key. Languages currently supported include: Go Ruby Governance: No rules govern the Compilers scan results. Tile Statuses: Not Evaluated: The project has been analyzed and compiler results have been obtained. . Error:   An error occurred during the scan or analysis. Selecting the tile will provide information on the cause of the error.

The Vulnerability Remediation page provides detailed information on the vulnerabilities that are affecting your projects. It can be accessed by clicking the Remediations link from the hamburger menu  in the upper-right corner or by clicking any vulnerability on the Portfolio page. Vulnerability List On the left-hand side of the page is a list of all of the vulnerabilities found in any of your project's most recent analyses. This data includes the vulnerability base score, vulnerability name, what software is affected, and the number of projects in which this vulnerability is present. The vulnerability list can be sorted by impact (the number of projects affected by a vulnerability), severity (the severity score of a vulnerability, or the vulnerability name alphabetically. The search box allows you to search for a vulnerability name. Vulnerability Details The information to the right of the list of vulnerabilities will change based on

These endpoints provide the ability to search for products and get information about those products. Get Products - Returns detailed information about the specified product(s). Get Latest Version for Dependency - Returns the latest version of a specified dependency. Search - Perform a search for products, packages, and GitHub repositories. Get Products The v1/vulnerabilities/getProducts endpoint returns information about a given CPE or product name. Endpoint v1/vulnerabilities/getProducts Request Method GET Parameter Description external_id The CPE of a product. Required if product  parameter is not used. product A product name. This will return the top 10 results matching that product. Required if external_id parameter is not used. Request Example: curl -H "Authorization: Bearer TOKEN" \ https://api.ionchannel.io/v1/vulnerability/getProducts?external_id=cpe:/a:nokogiri:nokogiri:1.8.0::~~~ruby~~ Response Example: { "data": [ { "id": 0, "name": "nokogiri", "org": "nokogiri", "version": "1.8.0", "up": "", "edition": "", "aliases

These endpoints provide the ability to retrieve the results of analyses and perform new analyses. Analyze Project - Initiates a new analysis of a single project. Analyze Projects - Initiates new analyses of one or more projects. Get Analysis - Retrieve the analysis results of a single analysis. Get Analysis Status - Retrieve the status of an analysis and a summary of each of the scans. Get Project History - Retrieve a summary of all the analyses of a project that occurred in the past year. Analyze Project The /v1/scanner/analyzeProject endpoint allows you to initiate an analysis of a single project. Endpoint v1/scanner/analyzeProject Request Method POST Parameter Description team_id Your team ID . project_id The project ID . branch (optional) A branch other than the project's existing branch may be applied to this analysis. A branch may only be specified in a Git project. Request Example: curl -X POST

Ion Channel provides the ability to search for any software product that is affected by a known vulnerability. This allows you to perform a quick check on a product to see if it has any direct vulnerabilities without creating a project and running an analysis first. From these results, you can quickly create a Git project using the default branch to allow you to continue analyzing the project on an ongoing basis and get the full analysis details against that particular product and all of its dependencies. Using the Product Search A search for a software product can be performed from the search box at the top of any page. The search results will include the name of the product, the count of any identified vulnerabilities, the organization, and the product's CPE. Clicking anywhere other than the Add button will direct you to the Product Details page. Selecting

To help ensure that your project is free from viruses, malware, trojans, and other malicious threats, Ion Channel will scan all of the project's files using the ClamAV antivirus engine. When the scan is completed, the Viruses tile displays a total count of any detected threats. Note:   If delivery has been enabled for the project, it will always be canceled if a virus is detected regardless of whether the ruleset has the Virus rule enabled or not. Governance: The Virus rule governs the pass/fail status of the Viruses scan. When this rule is enabled in the governing ruleset, the analysis will only pass if no virus is found to exist in the project. Tile Statuses: Passing:  No viruses were detected and the governing ruleset is configured to fail the project if any viruses are found. Failing: One or more viruses were detected and the governing ruleset is

Ion-Connect is a CLI (Command-Line Interface) tool that allows you to interact with the Ion Channel API. Installation Email support@exiger.com with a request to be provided the tool. Run the executable from the folder matching your operating system. Supported operating systems include Windows, Linux, and Darwin (includes macOS). Running Ion Connect To run Ion Connect, you will need to provide an API token to obtain access. Steps to obtain a token can be found here . To prevent the need to provide the API token each time you run Ion Connect, it is recommended to run the configure command. ion-connect configure Alternatively, the API token can be provided via an environment variable: IONCHANNEL_SECRET_KEY= ion-connect [command] Usage All Ion Connect commands use the following format. See the section below for each command's flags and arguments. ion-connect [global flags] [command flags] [arguments

The Total Vulnerabilities tile provides a count of all detected vulnerabilities within a project regardless of severity. The total count of vulnerabilities may include the same vulnerability more than once if more than one product is affected. Selecting the Total Vulnerabilities tile will bring up a window with detailed information about the vulnerability scan. Within this window, there are three tabs: Data, Details, and Tree. The Data tab presents the raw scan data in JSON format. The Details tab will provide a list of the vulnerabilities detected and a description and the software products that are affected by the vulnerability. The Tree tab will display the Dependency Tree containing all dependencies affected by a vulnerability along with the path taken to introduce those dependencies. Governance: No rules govern the Total Vulnerabilities scan results. Vulnerability Details: By selecting the Total Vulnerabilities tile and viewing the Details tab, you will find

Older, outdated versions of dependencies are more likely to be affected by security issues. Oftentimes, updating your dependencies to the most recent version will resolve these issues. Outdated dependencies are the direct and transitive dependencies within your project that are not the most current version published. For more information on how dependencies are identified, please see Dependency Detection . Ion Channel will determine whether the versions of all detected dependencies are outdated for all supported languages except for Go. Governance: The Major Versions Behind  rule governs the pass/fail status of the scan results. When this rule is enabled in the governing ruleset, the analysis will only pass if the major version of all direct dependencies is not further behind the most recent version than the rule dictates. Dependencies Outdated Details: By selecting the Dependencies Outdated tile, you will find detailed information on each of the direct outdated dependencies and

The Product Details page provides detailed information for a software product and all known vulnerabilities that affect the product. A product's details can be accessed by clicking the results of a search . Product Information The information for each software product is obtained from the National Vulnerability Database (NVD) and includes: Name - The name of the software assigned by NVD to the product. Org - The name of the organization that created the software. Version - The specific version of this software. Created At - The date and time (UTC) that the product was added to Ion Channel. Updated At - The date and time (UTC) that the product was last updated in Ion Channel. Updates often occur when there has been a change in vulnerabilities assigned to a product. ID  - The CPE (Common Platform Enumeration) assigned to the product by NVD. Number of Vulnerabilities - The total count of vulnerabilities known to affect

56", "ruleset_id": "bcde1234-ab12-ab12-ab12-abcde234567", "name": "Project Name", "aliases": [ { "name": "ionize", "org": "ion-channel", "version": "1.0" } ], "type": "git", "source": "https:\/\/github.com/ion-channel\/ionize.git", "branch": "master", "description": "Project description here", "username": "", "password": "", "active": true, "should_monitor": false, "poc_name": "Jane Doe", "poc_email": "user@email.com" }' \ "https://api.ionchannel.io/v1/project/updateProject" Response Example See Create Project . Update Projects The v1/project/updateProjects endpoint allows you to enable/disable monitoring or archive/activate one or more projects. Endpoint v1/project/updateProjects Request Method PUT Parameter Description monitor Updates the monitor status of the project(s). Setting it to true will cause all projects to be analyzed daily. Setting it to false will halt all regular monitoring. archive Updates the status of the project(s). Setting it to true will archive all of the active projects. Setting it to false will activate any of

At times you may find that you have a project that you no longer want to continue to analyze and have present on the Project List screen. Rather than deleting the project, Ion Channel provides the ability to archive it. This allows you to preserve the analysis history. A project can be archived from the Project List page or the Project Settings page using these steps: From the Project List page: Check the box for the project(s) which you would like to archive. From the Actions dropdown menu, select Archive . Confirm the action. From the Project Settings page: From the Project List page, click on the project which you would like to archive. On the Project Analysis Dashboard , hover your mouse cursor over the wrench icon and select Settings . On the Project Settings page, uncheck the box labeled Active and Save the changes. These steps will result in

{ "total_count": 0, "offset": 0 } } Get Entity Overview For Entity The v1/score/getEntityOverviewForEntity endpoint takes one or more associated purl and returns the overview of that entity. Endpoint v1/score/getEntityOverviewForEntity Request Method POST Parameter Description package_id (optional) The purl of the package (e.g., pkg:github.com/lodash/lodash) product_id (optional) The purl of the product (CPE). (e.g., cpe:/a:lodash:lodash:4.17.19::~~~node.js~~) repo_id (optional) The purl of the repository (e.g., pkg:npm/lodash/lodash@4.17.19) Request Example: curl --location 'https://api.ionchannel.io/v1/score/getEntityOverviewForEntity' \ --header 'Authorization: Bearer TOKEN' \ --header 'Content-Type: application/json' \ --data-raw '{ "repo_id": "pkg:github.com/lodash/lodash", "package_id": "pkg:npm/lodash/lodash@4.17.19", "product_id": "cpe:/a:lodash:lodash:4.17.19::~~~node.js~~" }' Response Example: { "data": { "id": "pkg:github.com/lodash/lodash", "name": "lodash

existing projects that have this ruleset applied to a new ruleset first. Filtering Rulesets By default, only active rulesets are displayed on the Rulesets page. Select the filter dropdown near the upper right-hand corner to view any archived rulesets that may exist.

The Ion Channel REST API provides full access to almost all of the features that exist within the user interface. This allows you to create your own applications, integrate your build tools, and obtain information or make changes directly from the command line with tools such as curl. Authentication Most of the Ion Channel API endpoints require that you provide a bearer token that grants you access to all of the teams and projects that you are a member of. Tokens can be created on the User Settings page. If the user who generated the token is ever removed from a team, their token will no longer have access to that team's data. Below is an example of providing your API token via the curl command. curl -H "Authorization: Bearer TOKEN" If you have installed the Ion Connect CLI tool and have run the configure command, you will

The Project List page is the first page you will see when you log in to the Ion Channel console. This is where you will find all of your projects along with the high-level analysis data for each project. At a glance, this page will quickly inform you of any projects that are failing their most recent analysis and allow you to select each project to get the detailed information that is presented on the Project Analysis Dashboard . By default, all active projects are displayed and ordered with projects in a Failing status first. The types of projects that are displayed and the order in which they appear can be adjusted with the filter, sort, and search functions. Project List Navigation: Team Selector: This is the current team's projects that you are viewing. If you are a member of more than one team, you may switch to

A completed analysis will show results similar to the following: { "data": { "id": "abcd1234-ab12-ab12-ab12-abcde123456", "team_id": "bcde1234-ab12-ab12-ab12-abcde234567", "project_id": "cdef1234-ab12-ab12-ab12-abcde345678", "message": "Completed compliance analysis", "branch": "master", "status": "finished", "unreachable_error": false, "analysis_event_src": "", "created_at": "2021-10-28T18:45:14.467274Z", "updated_at": "2021-10-28T18:46:44.896402Z", "scan_status": [ { "id": "abcd1234-34de-e53d-14e9-bcdef4567891", "analysis_status_id": "abcd1234-ab12-ab12-ab12-abcde123456", "project_id": "cdef1234-ab12-ab12-ab12-abcde345678", "team_id": "bcde1234-ab12-ab12-ab12-abcde234567", "message": "Finished community scan for Ion-Connect, community data was not detected.", "name": "community", "read": "false", "status": "finished", "created_at": "2021-10-28T18:45:34.175292Z", "updated_at": "2021-10-28T18:46:35.03248Z" }, { "id": "abcd1234-8035-5b4c-2c4d-bcdef4567892", "analysis_status_id": "abcd1234-ab12-ab12-ab12-abcde123456", "project_id": "cdef1234-ab12-ab12-ab12-abcde345678", "team_id": "bcde1234

The Unique Vulnerabilities tile provides the number of unique vulnerabilities within a project regardless of severity. This is different from the related Critical and High Vulnerabilities tiles, which emphasize only High or Critical vulnerabilities and may count the same vulnerability multiple times if it affects more than one product. Governance: No rules govern the Unique Vulnerabilities scan results. Possible Statuses: Warning: The vulnerability scan has been completed, and one or more vulnerabilities were detected. Not Evaluated:  The vulnerability scan has been completed, and no vulnerabilities were detected. Error:   An error occurred during the scan or analysis. Selecting the tile will provide information on the cause of the error.

The Total Files Scanned tile displays a total count of all files within the top-level project that were found when the analysis was performed. For Git, SVN, and S3 projects, the file count will include all files within the repository. For Artifact projects, only the source file will be scanned (file count will be 1) unless that source file is an archived file of a type listed below. For these archived filetypes, each individual file will be included in the total scanned file count and scanned for viruses. Other scans will not be performed on these files, however. Supported Archived Filetypes: .tar .tar.Z .tar.bz2 .tar.gz .tar.lzma .tar.xz .tbz2 .tgz .tlz .txz .txz.tar.gz .jar .war .zip .zipx Governance: No rules govern the scanned files results. Tile Statuses: Not Evaluated:  The file scan has been completed, and the number of detected files is

The following provides step-by-step instructions for searching for a product, determining its latest version, and checking for any vulnerabilities that affect that product. The results shown in these steps will reflect the data at the point in time of this writing. The results will likely have changed at the time of your viewing, but the general steps will remain the same. If you are new to using the API, it is recommended that you read the API Overview or try the steps here first. Getting Started To start, you will need an API token. You can find information on generating an API token here . In all of the following API command examples, you will replace TOKEN with your API token. Step 1: Search for a Product The Search endpoint allows you to search for software products, package repositories, and GitHub repositories. In this case, we are going