Sonatype · Capability

Sonatype Lifecycle Public REST API — Policy Violation Details

Sonatype Lifecycle Public REST API — Policy Violation Details. 9 operations. Lead operation: Policy Violation Details. Self-contained Naftiko capability covering one Sonatype business surface.

Run with Naftiko SonatypePolicy Violation Details

What You Can Do

GET

Getpolicyviolations — Use this method to retrieve policy violation details for a policy/policies. You will need the policyId(s) to retrieve the policy violations details. policyId is available as the response field of the Policies REST API.

/v1/api/v2/policyviolations

GET

Getcrossstagepolicyviolationbyconstituentid — A cross-stage policy violation represents an aggregate of all violations of a policy occurring across multiple stages of an application. Cross-stage policy violations are helpful in performance analysis by determining the time taken to rem

/v1/api/v2/policyviolations/crossstage

GET

Getcrossstagepolicyviolationbyid — A cross-stage policy violation represents an aggregate of all violations of the same policy, occurring at multiple stages for an application. Cross-stage policy violations are helpful in performance analysis by determining the time taken to

/v1/api/v2/policyviolations/crossstage/{violationid}

GET

Gettransitivepolicyviolationsbyownerstagecomponent — Use this method to obtain all transitive policy violations for a given component in a specific stage. Transitive policy violations are violations caused by transitive dependencies.

/v1/api/v2/policyviolations/transitive/{ownertype}/{ownerid}/stages/{stageid}

GET

Gettransitivepolicyviolationsbyappscancomponent — Use this method to retrieve transitive policy violations for a given component in a specific scan.

/v1/api/v2/policyviolations/transitive/{ownertype}/{ownerid}/{scanid}

GET

Getapplicableautowaiver — Use this method to obtain the existing auto waiver applicable to a policy violationviolation.

/v1/api/v2/policyviolations/{violationid}/applicableautowaiver

GET

Getapplicablewaiverrequests — Use this method to obtain all existing waiver requests that are applicable to a policy violation. A waiver request is considered as 'applicable' if it matches the following conditions:

The policyId for the policy violation matches th
/v1/api/v2/policyviolations/{violationid}/applicablewaiverrequests

GET

Getapplicablewaivers — Use this method to obtain all existing waivers that are applicable to a policy violation. A waiver is considered as 'applicable' if it matches the following conditions:

The policyId for the policy violation matches the policyId assoc
/v1/api/v2/policyviolations/{violationid}/applicablewaivers

GET

Getsimilarwaivers — Use this method to retrieve similar policy waivers for the given policy violation id.

/v1/api/v2/policyviolations/{violationid}/similarwaivers

MCP Tools

use-this-method-retrieve-policy

Use this method to retrieve policy violation details for a policy/policies. You will need the policyId(s) to retrieve the policy violations details. policyId is available as the response field of the Policies REST API.

read-only idempotent

cross-stage-policy-violation-represents

A cross-stage policy violation represents an aggregate of all violations of a policy occurring across multiple stages of an application. Cross-stage policy violations are helpful in performance analysis by determining the time taken to rem

read-only idempotent

cross-stage-policy-violation-represents-2

A cross-stage policy violation represents an aggregate of all violations of the same policy, occurring at multiple stages for an application. Cross-stage policy violations are helpful in performance analysis by determining the time taken to

read-only idempotent

use-this-method-obtain-all

Use this method to obtain all transitive policy violations for a given component in a specific stage. Transitive policy violations are violations caused by transitive dependencies.

read-only idempotent

use-this-method-retrieve-transitive

Use this method to retrieve transitive policy violations for a given component in a specific scan.

read-only idempotent

use-this-method-obtain-existing

Use this method to obtain the existing auto waiver applicable to a policy violationviolation.

read-only idempotent

use-this-method-obtain-all-2

Use this method to obtain all existing waiver requests that are applicable to a policy violation. A waiver request is considered as 'applicable' if it matches the following conditions:

The policyId for the policy violation matches th

read-only idempotent

use-this-method-obtain-all-3

Use this method to obtain all existing waivers that are applicable to a policy violation. A waiver is considered as 'applicable' if it matches the following conditions:

The policyId for the policy violation matches the policyId assoc

read-only idempotent

use-this-method-retrieve-similar

Use this method to retrieve similar policy waivers for the given policy violation id.

read-only idempotent

Capability Spec

naftiko: 1.0.0-alpha2
info:
  label: Sonatype Lifecycle Public REST API — Policy Violation Details
  description: 'Sonatype Lifecycle Public REST API — Policy Violation Details. 9 operations. Lead operation: Policy Violation
    Details. Self-contained Naftiko capability covering one Sonatype business surface.'
  tags:
  - Sonatype
  - Policy Violation Details
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    SONATYPE_API_KEY: SONATYPE_API_KEY
capability:
  consumes:
  - type: http
    namespace: lifecycle-policy-violation-details
    baseUri: ''
    description: Sonatype Lifecycle Public REST API — Policy Violation Details business capability. Self-contained, no shared
      references.
    resources:
    - name: api-v2-policyViolations
      path: /api/v2/policyViolations
      operations:
      - name: getpolicyviolations
        method: GET
        description: Use this method to retrieve policy violation details for a policy/policies. You will need the policyId(s)
          to retrieve the policy violations details. policyId is available as the response field of the Policies REST API.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: p
          in: query
          type: array
          description: Enter the policyIds to obtain the corresponding violation details
          required: true
        - name: openTimeAfter
          in: query
          type: string
          description: Enter the date (format YYYY-MM-DD) from which you want to retrieve the violation details
        - name: openTimeBefore
          in: query
          type: string
          description: Enter the date (format YYYY-MM-DD) until which you want to retrieve the violation details
        - name: type
          in: query
          type: array
          description: Set one or more policy violation type (active, legacy, waived) to include
    - name: api-v2-policyViolations-crossStage
      path: /api/v2/policyViolations/crossStage
      operations:
      - name: getcrossstagepolicyviolationbyconstituentid
        method: GET
        description: A cross-stage policy violation represents an aggregate of all violations of a policy  occurring across
          multiple stages of an application. Cross-stage policy violations are helpful in performance analysis by determining
          the time taken to rem
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: constituentId
          in: query
          type: string
          description: Enter the violationId. Use the GET method described for the endpoint /api/v2/policyViolations to obtain
            the policy violationId.
          required: true
    - name: api-v2-policyViolations-crossStage-violationId
      path: /api/v2/policyViolations/crossStage/{violationId}
      operations:
      - name: getcrossstagepolicyviolationbyid
        method: GET
        description: A cross-stage policy violation represents an aggregate of all violations of the same policy, occurring
          at multiple stages for an application. Cross-stage policy violations are helpful in performance analysis by determining
          the time taken to
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: violationId
          in: path
          type: string
          description: Enter the policy `violationId`. Use the GET method described for the endpoint /api/v2/policyViolations
            to obtain the policy violationId.
          required: true
    - name: api-v2-policyViolations-transitive-ownerType-ownerId-stages-stageId
      path: /api/v2/policyViolations/transitive/{ownerType}/{ownerId}/stages/{stageId}
      operations:
      - name: gettransitivepolicyviolationsbyownerstagecomponent
        method: GET
        description: Use this method to obtain all transitive policy violations for a given component in  a specific stage.
          Transitive policy violations are violations caused by transitive dependencies.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: ownerType
          in: path
          type: string
          description: Possible values are 'application' or 'organization'
          required: true
        - name: ownerId
          in: path
          type: string
          description: Possible values are applicationId, organizationId
          required: true
        - name: stageId
          in: path
          type: string
          description: Possible values are 'develop', 'source', 'build', 'stage-release', 'release', and, 'operate'.
          required: true
        - name: componentIdentifier
          in: query
          type: string
          description: Enter the component identifier and the coordinates of the component for which you want to obtain the
            transitive violations. This is optional, not required if pa
        - name: packageUrl
          in: query
          type: string
          description: Enter the package URL of the component. This is optional, not required if component identifier or hash
            value is provided.
        - name: hash
          in: query
          type: string
          description: Enter the hash value of the component. This is optional, not required if component identifier or package
            URL is provided.
    - name: api-v2-policyViolations-transitive-ownerType-ownerId-scanId
      path: /api/v2/policyViolations/transitive/{ownerType}/{ownerId}/{scanId}
      operations:
      - name: gettransitivepolicyviolationsbyappscancomponent
        method: GET
        description: Use this method to retrieve transitive policy violations for a given component in a specific scan.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: ownerType
          in: path
          type: string
          description: Enter the scope for this violation. Possible values are 'application'
          required: true
        - name: ownerId
          in: path
          type: string
          description: Enter the identifier for the scope specified above. E.g. applicationId
          required: true
        - name: scanId
          in: path
          type: string
          description: Enter the scanId/reportId corresponding to the scan.
          required: true
        - name: componentIdentifier
          in: query
          type: string
          description: Enter the component identifier and the coordinates of the component for which you want to retrieve
            the transitive policy violations. This is optional, not requi
        - name: packageUrl
          in: query
          type: string
          description: Enter the package URL for the component for which you want to retrieve the transitive policy violations
            in the specific scan.
        - name: hash
          in: query
          type: string
          description: Enter the hash value for the component for which you want to retrieve the transitive policy violations
            in the specific scan.
    - name: api-v2-policyViolations-violationId-applicableAutoWaiver
      path: /api/v2/policyViolations/{violationId}/applicableAutoWaiver
      operations:
      - name: getapplicableautowaiver
        method: GET
        description: Use this method to obtain the existing auto waiver applicable to a policy violationviolation.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: violationId
          in: path
          type: string
          description: Enter the policy violationId for which you want to obtain the applicable auto policy waiver
          required: true
    - name: api-v2-policyViolations-violationId-applicableWaiverRequests
      path: /api/v2/policyViolations/{violationId}/applicableWaiverRequests
      operations:
      - name: getapplicablewaiverrequests
        method: GET
        description: Use this method to obtain all existing waiver requests that are applicable to a policy violation. A waiver
          request is considered as 'applicable' if it matches the following conditions:<ul><li>The policyId for the policy
          violation matches th
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: violationId
          in: path
          type: string
          description: Enter the policy violationId for which you want to obtain the applicable waiver requests.
          required: true
    - name: api-v2-policyViolations-violationId-applicableWaivers
      path: /api/v2/policyViolations/{violationId}/applicableWaivers
      operations:
      - name: getapplicablewaivers
        method: GET
        description: Use this method to obtain all existing waivers that are applicable to a policy violation. A waiver is
          considered as 'applicable' if it matches the following conditions:<ul><li>The policyId for the policy violation
          matches the policyId assoc
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: violationId
          in: path
          type: string
          description: Enter the policy violationId for which you want to obtain the applicable waivers.
          required: true
    - name: api-v2-policyViolations-violationId-similarWaivers
      path: /api/v2/policyViolations/{violationId}/similarWaivers
      operations:
      - name: getsimilarwaivers
        method: GET
        description: Use this method to retrieve similar policy waivers for the given policy violation id.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: violationId
          in: path
          type: string
          description: Policy violation id to find similar waivers for.
          required: true
    authentication:
      type: bearer
      token: '{{env.SONATYPE_API_KEY}}'
  exposes:
  - type: rest
    namespace: lifecycle-policy-violation-details-rest
    port: 8080
    description: REST adapter for Sonatype Lifecycle Public REST API — Policy Violation Details. One Spectral-compliant resource
      per consumed operation, prefixed with /v1.
    resources:
    - path: /v1/api/v2/policyviolations
      name: api-v2-policyviolations
      description: REST surface for api-v2-policyViolations.
      operations:
      - method: GET
        name: getpolicyviolations
        description: Use this method to retrieve policy violation details for a policy/policies. You will need the policyId(s)
          to retrieve the policy violations details. policyId is available as the response field of the Policies REST API.
        call: lifecycle-policy-violation-details.getpolicyviolations
        with:
          p: rest.p
          openTimeAfter: rest.openTimeAfter
          openTimeBefore: rest.openTimeBefore
          type: rest.type
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v2/policyviolations/crossstage
      name: api-v2-policyviolations-crossstage
      description: REST surface for api-v2-policyViolations-crossStage.
      operations:
      - method: GET
        name: getcrossstagepolicyviolationbyconstituentid
        description: A cross-stage policy violation represents an aggregate of all violations of a policy  occurring across
          multiple stages of an application. Cross-stage policy violations are helpful in performance analysis by determining
          the time taken to rem
        call: lifecycle-policy-violation-details.getcrossstagepolicyviolationbyconstituentid
        with:
          constituentId: rest.constituentId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v2/policyviolations/crossstage/{violationid}
      name: api-v2-policyviolations-crossstage-violationid
      description: REST surface for api-v2-policyViolations-crossStage-violationId.
      operations:
      - method: GET
        name: getcrossstagepolicyviolationbyid
        description: A cross-stage policy violation represents an aggregate of all violations of the same policy, occurring
          at multiple stages for an application. Cross-stage policy violations are helpful in performance analysis by determining
          the time taken to
        call: lifecycle-policy-violation-details.getcrossstagepolicyviolationbyid
        with:
          violationId: rest.violationId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v2/policyviolations/transitive/{ownertype}/{ownerid}/stages/{stageid}
      name: api-v2-policyviolations-transitive-ownertype-ownerid-stages-stageid
      description: REST surface for api-v2-policyViolations-transitive-ownerType-ownerId-stages-stageId.
      operations:
      - method: GET
        name: gettransitivepolicyviolationsbyownerstagecomponent
        description: Use this method to obtain all transitive policy violations for a given component in  a specific stage.
          Transitive policy violations are violations caused by transitive dependencies.
        call: lifecycle-policy-violation-details.gettransitivepolicyviolationsbyownerstagecomponent
        with:
          ownerType: rest.ownerType
          ownerId: rest.ownerId
          stageId: rest.stageId
          componentIdentifier: rest.componentIdentifier
          packageUrl: rest.packageUrl
          hash: rest.hash
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v2/policyviolations/transitive/{ownertype}/{ownerid}/{scanid}
      name: api-v2-policyviolations-transitive-ownertype-ownerid-scanid
      description: REST surface for api-v2-policyViolations-transitive-ownerType-ownerId-scanId.
      operations:
      - method: GET
        name: gettransitivepolicyviolationsbyappscancomponent
        description: Use this method to retrieve transitive policy violations for a given component in a specific scan.
        call: lifecycle-policy-violation-details.gettransitivepolicyviolationsbyappscancomponent
        with:
          ownerType: rest.ownerType
          ownerId: rest.ownerId
          scanId: rest.scanId
          componentIdentifier: rest.componentIdentifier
          packageUrl: rest.packageUrl
          hash: rest.hash
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v2/policyviolations/{violationid}/applicableautowaiver
      name: api-v2-policyviolations-violationid-applicableautowaiver
      description: REST surface for api-v2-policyViolations-violationId-applicableAutoWaiver.
      operations:
      - method: GET
        name: getapplicableautowaiver
        description: Use this method to obtain the existing auto waiver applicable to a policy violationviolation.
        call: lifecycle-policy-violation-details.getapplicableautowaiver
        with:
          violationId: rest.violationId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v2/policyviolations/{violationid}/applicablewaiverrequests
      name: api-v2-policyviolations-violationid-applicablewaiverrequests
      description: REST surface for api-v2-policyViolations-violationId-applicableWaiverRequests.
      operations:
      - method: GET
        name: getapplicablewaiverrequests
        description: Use this method to obtain all existing waiver requests that are applicable to a policy violation. A waiver
          request is considered as 'applicable' if it matches the following conditions:<ul><li>The policyId for the policy
          violation matches th
        call: lifecycle-policy-violation-details.getapplicablewaiverrequests
        with:
          violationId: rest.violationId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v2/policyviolations/{violationid}/applicablewaivers
      name: api-v2-policyviolations-violationid-applicablewaivers
      description: REST surface for api-v2-policyViolations-violationId-applicableWaivers.
      operations:
      - method: GET
        name: getapplicablewaivers
        description: Use this method to obtain all existing waivers that are applicable to a policy violation. A waiver is
          considered as 'applicable' if it matches the following conditions:<ul><li>The policyId for the policy violation
          matches the policyId assoc
        call: lifecycle-policy-violation-details.getapplicablewaivers
        with:
          violationId: rest.violationId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v2/policyviolations/{violationid}/similarwaivers
      name: api-v2-policyviolations-violationid-similarwaivers
      description: REST surface for api-v2-policyViolations-violationId-similarWaivers.
      operations:
      - method: GET
        name: getsimilarwaivers
        description: Use this method to retrieve similar policy waivers for the given policy violation id.
        call: lifecycle-policy-violation-details.getsimilarwaivers
        with:
          violationId: rest.violationId
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: lifecycle-policy-violation-details-mcp
    port: 9090
    transport: http
    description: MCP adapter for Sonatype Lifecycle Public REST API — Policy Violation Details. One tool per consumed operation,
      routed inline through this capability's consumes block.
    tools:
    - name: use-this-method-retrieve-policy
      description: Use this method to retrieve policy violation details for a policy/policies. You will need the policyId(s)
        to retrieve the policy violations details. policyId is available as the response field of the Policies REST API.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: lifecycle-policy-violation-details.getpolicyviolations
      with:
        p: tools.p
        openTimeAfter: tools.openTimeAfter
        openTimeBefore: tools.openTimeBefore
        type: tools.type
      outputParameters:
      - type: object
        mapping: $.
    - name: cross-stage-policy-violation-represents
      description: A cross-stage policy violation represents an aggregate of all violations of a policy  occurring across
        multiple stages of an application. Cross-stage policy violations are helpful in performance analysis by determining
        the time taken to rem
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: lifecycle-policy-violation-details.getcrossstagepolicyviolationbyconstituentid
      with:
        constituentId: tools.constituentId
      outputParameters:
      - type: object
        mapping: $.
    - name: cross-stage-policy-violation-represents-2
      description: A cross-stage policy violation represents an aggregate of all violations of the same policy, occurring
        at multiple stages for an application. Cross-stage policy violations are helpful in performance analysis by determining
        the time taken to
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: lifecycle-policy-violation-details.getcrossstagepolicyviolationbyid
      with:
        violationId: tools.violationId
      outputParameters:
      - type: object
        mapping: $.
    - name: use-this-method-obtain-all
      description: Use this method to obtain all transitive policy violations for a given component in  a specific stage.
        Transitive policy violations are violations caused by transitive dependencies.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: lifecycle-policy-violation-details.gettransitivepolicyviolationsbyownerstagecomponent
      with:
        ownerType: tools.ownerType
        ownerId: tools.ownerId
        stageId: tools.stageId
        componentIdentifier: tools.componentIdentifier
        packageUrl: tools.packageUrl
        hash: tools.hash
      outputParameters:
      - type: object
        mapping: $.
    - name: use-this-method-retrieve-transitive
      description: Use this method to retrieve transitive policy violations for a given component in a specific scan.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: lifecycle-policy-violation-details.gettransitivepolicyviolationsbyappscancomponent
      with:
        ownerType: tools.ownerType
        ownerId: tools.ownerId
        scanId: tools.scanId
        componentIdentifier: tools.componentIdentifier
        packageUrl: tools.packageUrl
        hash: tools.hash
      outputParameters:
      - type: object
        mapping: $.
    - name: use-this-method-obtain-existing
      description: Use this method to obtain the existing auto waiver applicable to a policy violationviolation.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: lifecycle-policy-violation-details.getapplicableautowaiver
      with:
        violationId: tools.violationId
      outputParameters:
      - type: object
        mapping: $.
    - name: use-this-method-obtain-all-2
      description: Use this method to obtain all existing waiver requests that are applicable to a policy violation. A waiver
        request is considered as 'applicable' if it matches the following conditions:<ul><li>The policyId for the policy violation
        matches th
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: lifecycle-policy-violation-details.getapplicablewaiverrequests
      with:
        violationId: tools.violationId
      outputParameters:
      - type: object
        mapping: $.
    - name: use-this-method-obtain-all-3
      description: Use this method to obtain all existing waivers that are applicable to a policy violation. A waiver is considered
        as 'applicable' if it matches the following conditions:<ul><li>The policyId for the policy violation matches the policyId
        assoc
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: lifecycle-policy-violation-details.getapplicablewaivers
      with:
        violationId: tools.violationId
      outputParameters:
      - type: object
        mapping: $.
    - name: use-this-method-retrieve-similar
      description: Use this method to retrieve similar policy waivers for the given policy violation id.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: lifecycle-policy-violation-details.getsimilarwaivers
      with:
        violationId: tools.violationId
      outputParameters:
      - type: object
        mapping: $.