MetaDefender Software Supply Chain
Need Help?
Need Help?
Overview
Troubleshooting API Reference Release Notes
Search this version
DocsMetaDefender Software Supply ChainAPI Reference
DocsMetaDefender Software Supply ChainAPI Reference
MetaDefender Software Supply Chain API 3.3.1
Authentication
About this REST API
Useful links
Authentication
Manage Audit
GETList audit events
Manage Configuration
GETGet application configuration
Manage Cross Domain Transfers
POSTReceive a full file as a single framed binary stream with manifest in headers
GETGet global lowside configuration
PUTSet global lowside configuration
POSTDisable global lowside configuration
GETGet global highside configuration
PUTSet global highside configuration
POSTDisable global highside configuration
GETGet cross-domain operation logs
POSTReceive a lowside configuration change notification
GETGet all cross-domain notifications
GETGet a lowside configuration by storage ID
POSTAdd a lowside configuration
PUTUpdate a lowside configuration by ID
DELETEDelete a lowside configuration by ID
GETGet a highside storage configuration by storage ID
POSTAdd a highside configuration
PUTUpdate a highside configuration by ID
DELETEDelete a highside configuration by ID
Manage Export
GETExport a CycloneDX report for repository
GETExport a CycloneDX report for a specific file scan
GETExport an SPDX report for a specific scan
GETExport an SPDX report for a specific file scan
GETExport a PDF report for all scans
GETExport a PDF overview report for repository
GETExport a PDF SBOM report for repository
GETExport a PDF SBOM report for a specific batch of files
GETExport a CSV report for repository
GETExport a CSV report for a specific batch of files
GETExport a CSV report of all CVEs from latest scans
Manage External Loggers
GETGet all external loggers
POSTAdd an external logger
PUTUpdate an external logger
DELETEDelete an external logger
Manage Files
GETGet files uploaded and scanned directly in the system
Manage Global Label Keys
GETReturns all global label keys
POSTAdds a new global label key
PUTUpdates an global label key
DELETEDeletes an global label key
Manage Licenses
POSTActivate a license online
POSTActivate a license offline
DELETERemove licenses
GETGet licenses
GETGet current deployment Id for offline license activation
Manage Opswat Central Management Ocm
PUTUpdate an OCM instance
DELETEDelete an OCM instance
GETGet an OCM instance
Manage Onboarding
GETGet onboarding
POSTComplete onboarding
POSTAgree to onboarding EULA
Manage Packages
GETRetrieves a list of packages based on search criteria
GETRetrieves all versions of a specific package by its name and ecosystem
GETRetrieves a package by its internal database ID
GETRetrieves a package by its universal package UID
GETRetrieves CVEs associated with a specific package
GETRetrieves all labels for a specific package
POSTAdds a label to a package
PUTUpdates a label in a package
DELETEDeletes a label from a package
GETSearches for packages by label key and optionally value
Manage Projects
POSTCreate a project
GETList projects
GETGet a project by ID
PUTUpdate a project
DELETEDelete a project
POSTAttach workflows to a project
POSTDetach workflows from a project
POSTAttach connections (services) to a project
POSTDetach connections (services) from a project
Manage Real-time Protection
POSTEnable real-time protection for multiple repositories
PATCHDisable real-time protection for connection
PATCHDisable real-time protection for repository
GETList connections with real-time protection enabled
GETList ongoing real-time protection scans for connection
DELETEDelete real-time scan protection for connection
DELETEDelete real-time scan protection for repository
Manage Scan Configurations
POSTAdd a scan configuration
GETGet all scan configurations
PUTUpdate a scan configuration
DELETEDelete a scan configuration
GETGet a scan configuration by ID
GETGet all scan configurations by scan pool ID
Manage Scan Instances
POSTAdd a new scan instance
DELETEDelete a scan instance
GETGet a scan instance by ID
PUTUpdate a scan instance
Manage Scan Pools
POSTAdd a new scan pool
GETGet scan pools
DELETEDelete a scan pool
GETGet a scan pool by ID
PUTUpdate an existing scan pool
GETGet all rules from a scan pool
Manage Scans
POSTAdd or start a scan
GETEnumerate scan results
DELETEDelete multiple scans by their scan IDs
POSTUpload and scan a file immediately
POSTStop a scan
GETGet scan results by scan ID
GETEnumerate all latest scan results
GETEnumerate all latest scan results by service ID
GETGet scan overview by scan ID
GETEnumerate all scan results by repository ID
GETEnumerate all scan schedules
POSTClean up historical scan results older than the specified time frame
GETEnumerate files by scan ID
GETGet the core result of a file by its scan result ID
GETGet the core results of files in an archive by their scan result ID
GETGet vulnerability trends over configurable time periods
GETGet per-CVE new/fixed details for each trend period
Manage Services Connections
POSTAdd a service
GETGet all services
PUTUpdate a service by ID
GETGet a service by ID
DELETEDelete a service by ID
GETGet service references by service ID
GETGet service resources by service ID
GETGet service references by service ID and repository ID
POSTAdd service references
Manage Settings
POSTUpdate a SMTP configuration
GETGet a SMTP configuration
POSTAdd a Jira configuration
GETGet all Jira configurations
GETGet a Jira configuration by ID
PUTUpdate a Jira configuration by ID
DELETEDelete a Jira configuration by ID
GETGet Jira projects
POSTAdd a Teams configuration
GETGet all Teams configurations
GETGet a Teams configuration by ID
PUTUpdate a Teams configuration by ID
DELETEDelete a Teams configuration by ID
Manage Users
POSTAdd a new user
GETGet users
PUTUpdate a user
GETGet current user
DELETEDelete a user
POSTLogin user
DELETERemove all tokens for an user
PUTGet a new Access Token
POSTRequest a password reset
POSTReset a user password
Manage Versions
GETGet application version
GETGet application version
Manage Webhooks
POSTHandles a scan event triggered by a webhook. Requires a custom header and a body.
POSTHandles a scan event triggered by a webhook. Requires a custom body.
Manage Workflows
POSTCreate a workflow
GETList all workflows
PUTUpdate a workflow
GETGet a workflow by ID
DELETEDelete a workflow by ID
PUTUpdate a workflow scan source
GETList all workflows by repository ID

MetaDefender Software Supply Chain API 3.3.1 3.3.1

Authentication

This section of the user guide describes how you can programmatically interact with the MetaDefender Software Supply Chain REST API. Below are some common tasks that can be done using the available REST APIs:

  • Authenticate to obtain a JSON Web Token(JWT)
  • Start or stop a process(scan)
  • Add / remove service units

About this REST API

The exposed endpoint is located by default at http(s)://mdssc-server/api/ (for example, the authentication endpoint is available at http(s)://mdssc-server/api/user/authenticate). All requests are handled by the NGINX web server before being proxied to the backend API Gateway service.

All endpoints perform authentication and authorization checks. For these checks to succeed, a valid token should be presented in the Authorization header in the form of Bearer.

Please note that all issued tokens have a timestamp and signature associated in order to prevent long-term usage without re - authentication. The lifespan of the token is currently set to 60 minutes, meaning you will have to request a new token before it expires in order to avoid error responses.

Server
http://localhost:8001
Server Variables

Authentication

http Bearer

apiKey ApiKey

Fields
KeyIn
ApiKeyHeader

Manage Audit

List audit events

Auth
Query String
Startstring

pattern: ^[0-9]*$

Countstring

pattern: ^[0-9]*$

LogTypearray
CategoryTypestring

pattern: ^[0-9]*$

LogLevelstring

pattern: ^[0-9]*$

SearchTextstring

pattern: ^[0-9]*$

GET /api/v1/audit
Copy
Responses
200

OK

objectobject
entriesarray[object]
idstring
levelinteger
propertiesobject
logTypeinteger
categoryinteger
eventTimestampdate-time
userIdstring
userNamestring
renderedMessagestring
totalCountint64
resultinteger
responseKeystring
responseMessagestring
responseMessageParamsobject
*string
400

Bad Request

Response
Copy

Manage Configuration

Get application configuration

Auth
GET /api/v1
Copy
Responses
200

OK

objectobject
responseKeystring
responseMessagestring
Response
Copy

Receive a full file as a single framed binary stream with manifest in headers

Auth
Headers
receiveFileStreamDtoobject
transmissionIdstring
fileNamestring
fileSizeBytesint64
totalChunksint64
chunkSizeBytesint32
storageNamestring
repositoryNamestring
referencestring
organizationstring
POST /api/v1/cross-domain/file-stream
Copy
Responses
200

OK

objectobject
responseKeystring
responseMessagestring
400

Bad Request

500

Internal Server Error

Response
Copy

Get global lowside configuration

Auth
GET /api/v1/cross-domain/global-config/lowside
Responses
200

OK

objectobject
configurationobject
highsideAddressstring
enabledboolean
responseKeystring
responseMessagestring
404

Not Found

Response

Set global lowside configuration

Auth
Request Body
objectobject
highsideAddressstring
authorizationTokenstring
enabledboolean
PUT /api/v1/cross-domain/global-config/lowside
Responses
200

OK

objectobject
responseKeystring
responseMessagestring
400

Bad Request

Response

Disable global lowside configuration

Auth
POST /api/v1/cross-domain/global-config/lowside/disable
Responses
200

OK

objectobject
responseKeystring
responseMessagestring
404

Not Found

Response

Get global highside configuration

Auth
GET /api/v1/cross-domain/global-config/highside
Responses
200

OK

objectobject
configurationobject
pushBehaviourinteger
enabledboolean
responseKeystring
responseMessagestring
404

Not Found

Response

Set global highside configuration

Auth
Request Body
objectobject
pushBehaviourinteger
enabledboolean
PUT /api/v1/cross-domain/global-config/highside
Responses
200

OK

objectobject
responseKeystring
responseMessagestring
400

Bad Request

Response

Disable global highside configuration

Auth
POST /api/v1/cross-domain/global-config/highside/disable
Responses
200

OK

objectobject
responseKeystring
responseMessagestring
404

Not Found

Response

Get cross-domain operation logs

Auth
Query String
pageinteger

Default: null

pageSizeinteger

Default: null

sortBystring

pattern: ^[0-9]*$

Default: null

sortOrderstring

pattern: ^[0-9]*$

Default: null

filterstring

pattern: ^[0-9]*$

Default: null

searchstring

pattern: ^[0-9]*$

Default: null

GET /api/v1/cross-domain/logs
Responses
200

OK

objectobject
logsarray[object]
idstring
transmissionIdstring
storageIdstring
stepinteger
statusinteger
timestampdate-time
storageNamestring
storageobject
idstring
credentialsTypeint32
scanWorkflowIdstring
domainstring
realTimeStatusinteger
namestring
vendorTypeinteger
protocolTypeinteger
lowsideRepositoryNamestring
highsideRepositoryNamestring
referencestring
errorMessagestring
hasNextPageboolean
hasPreviousPageboolean
responseKeystring
responseMessagestring
Response

Receive a lowside configuration change notification

Auth
Request Body
objectobject
storageNamestring
protocolTypeinteger
changeTypeinteger
POST /api/v1/cross-domain/lowside-configuration-notifications
Responses
200

OK

objectobject
responseKeystring
responseMessagestring
400

Bad Request

Response

Get all cross-domain notifications

Auth
GET /api/v1/cross-domain/notifications
Responses
200

OK

objectobject
notificationsarray[object]
idstring
storageNamestring
protocolTypeinteger
changeTypeinteger
receivedAtdate-time
acknowledgedboolean
responseKeystring
responseMessagestring
Response

Get a lowside configuration by storage ID

Auth
GET /api/v1/cross-domain/storage-config/lowside
Responses
200

OK

objectobject
configurationsarray[object]
idstring
storageIdstring
storageNamestring
protocolTypeinteger
validboolean
responseKeystring
responseMessagestring
Response

Add a lowside configuration

Auth
Request Body
objectobject
storageIdstring
POST /api/v1/cross-domain/storage-config/lowside
Responses
200

OK

objectobject
configurationIdstring
responseKeystring
responseMessagestring
400

Bad Request

Response

Update a lowside configuration by ID

Auth
Path Params
idstring
Request Body
objectobject
storageIdstring
PUT /api/v1/cross-domain/storage-config/lowside/{id}
Responses
200

OK

objectobject
responseKeystring
responseMessagestring
404

Not Found

Response

Delete a lowside configuration by ID

Auth
Path Params
idstring
DELETE /api/v1/cross-domain/storage-config/lowside/{id}
Responses
200

OK

objectobject
responseKeystring
responseMessagestring
404

Not Found

Response

Get a highside storage configuration by storage ID

Auth
GET /api/v1/cross-domain/storage-config/highside
Responses
200

OK

objectobject
configurationsarray[object]
idstring
storageIdstring
storageNamestring
lowsideStorageNamestring
lowsideProtocolTypeinteger
validboolean
responseKeystring
responseMessagestring
Response

Add a highside configuration

Auth
Request Body
objectobject
storageIdstring
notificationIdstring
POST /api/v1/cross-domain/storage-config/highside
Responses
200

OK

objectobject
configurationIdstring
responseKeystring
responseMessagestring
400

Bad Request

Response

Update a highside configuration by ID

Auth
Path Params
idstring
Request Body
objectobject
storageIdstring
storageNamestring
lowsideStorageNamestring
PUT /api/v1/cross-domain/storage-config/highside/{id}
Responses
200

OK

objectobject
responseKeystring
responseMessagestring
404

Not Found

Response

Delete a highside configuration by ID

Auth
Path Params
idstring
DELETE /api/v1/cross-domain/storage-config/highside/{id}
Responses
200

OK

objectobject
responseKeystring
responseMessagestring
404

Not Found

Response

Export a CycloneDX report for repository

Auth
Path Params
repoIdstring
Query String
Referencestring

pattern: ^[0-9]*$

Default: null

GET /api/v1/export/cyclonedx/{repoId}
Responses
200

OK

objectobject
fileStreamfile
contentTypestring
fileDownloadNamestring
lastModifieddate-time
entityTagobject
tagobject
bufferstring
offsetint32
lengthint32
valuestring
hasValueboolean
isWeakboolean
enableRangeProcessingboolean
400

Bad Request

404

Not Found

Response

Export a CycloneDX report for a specific file scan

Auth
Path Params
fileIdstring
GET /api/v1/export/cyclonedx/file/{fileId}
Responses
200

OK

objectobject
fileStreamfile
contentTypestring
fileDownloadNamestring
lastModifieddate-time
entityTagobject
tagobject
bufferstring
offsetint32
lengthint32
valuestring
hasValueboolean
isWeakboolean
enableRangeProcessingboolean
400

Bad Request

404

Not Found

Response

Export an SPDX report for a specific scan

Auth
Path Params
scanIdstring
Query String
formatstring
versionstring
GET /api/v1/export/spdx/{scanId}
Responses
200

OK

objectobject
fileStreamfile
contentTypestring
fileDownloadNamestring
lastModifieddate-time
entityTagobject
tagobject
bufferstring
offsetint32
lengthint32
valuestring
hasValueboolean
isWeakboolean
enableRangeProcessingboolean
400

Bad Request

404

Not Found

Response

Export an SPDX report for a specific file scan

Auth
Path Params
fileIdstring
Query String
formatstring
versionstring
GET /api/v1/export/spdx/file/{fileId}
Responses
200

OK

objectobject
fileStreamfile
contentTypestring
fileDownloadNamestring
lastModifieddate-time
entityTagobject
tagobject
bufferstring
offsetint32
lengthint32
valuestring
hasValueboolean
isWeakboolean
enableRangeProcessingboolean
400

Bad Request

404

Not Found

Response

Export a PDF report for all scans

Auth
Query String
ProductAddressstring

pattern: ^[0-9]*$

Default: null

Typearray
TimeFramestring

pattern: ^[0-9]*$

Default: null

Vulnerabilitiesarray
LicenseRisksarray
Statusarray
TriggerEventarray
Workflowstring

pattern: ^[0-9]*$

Default: null

Connectionstring

pattern: ^[0-9]*$

Default: null

Secretsboolean
Threatsboolean
Searchstring

pattern: ^[0-9]*$

Default: null

ConnectionTypestring

pattern: ^[0-9]*$

Default: null

RepositoryIdstring

pattern: ^[0-9]*$

Default: null

Latestboolean
GET /api/v1/export/pdf/all-scans
Responses
200

OK

objectobject
fileStreamfile
contentTypestring
fileDownloadNamestring
lastModifieddate-time
entityTagobject
tagobject
bufferstring
offsetint32
lengthint32
valuestring
hasValueboolean
isWeakboolean
enableRangeProcessingboolean
400

Bad Request

404

Not Found

Response

Export a PDF overview report for repository

Auth
Path Params
scanIdstring
Query String
ProductAddressstring

pattern: ^[0-9]*$

Default: null

GET /api/v1/export/pdf/overview/{scanId}
Responses
200

OK

objectobject
fileStreamfile
contentTypestring
fileDownloadNamestring
lastModifieddate-time
entityTagobject
tagobject
bufferstring
offsetint32
lengthint32
valuestring
hasValueboolean
isWeakboolean
enableRangeProcessingboolean
400

Bad Request

404

Not Found

Response

Export a PDF SBOM report for repository

Auth
Path Params
scanIdstring
Query String
ProductAddressstring

pattern: ^[0-9]*$

Default: null

GET /api/v1/export/pdf/sbom/{scanId}
Responses
200

OK

objectobject
fileStreamfile
contentTypestring
fileDownloadNamestring
lastModifieddate-time
entityTagobject
tagobject
bufferstring
offsetint32
lengthint32
valuestring
hasValueboolean
isWeakboolean
enableRangeProcessingboolean
400

Bad Request

404

Not Found

Response

Export a PDF SBOM report for a specific batch of files

Auth
Path Params
fileIdstring
Query String
ProductAddressstring

pattern: ^[0-9]*$

Default: null

GET /api/v1/export/pdf/sbom/file/{fileId}
Responses
200

OK

objectobject
fileStreamfile
contentTypestring
fileDownloadNamestring
lastModifieddate-time
entityTagobject
tagobject
bufferstring
offsetint32
lengthint32
valuestring
hasValueboolean
isWeakboolean
enableRangeProcessingboolean
400

Bad Request

404

Not Found

Response

Export a CSV report for repository

Auth
Path Params
scanIdstring
GET /api/v1/export/csv/sbom/{scanId}
Responses
200

OK

objectobject
fileStreamfile
contentTypestring
fileDownloadNamestring
lastModifieddate-time
entityTagobject
tagobject
bufferstring
offsetint32
lengthint32
valuestring
hasValueboolean
isWeakboolean
enableRangeProcessingboolean
400

Bad Request

404

Not Found

Response

Export a CSV report for a specific batch of files

Auth
Path Params
fileIdstring
GET /api/v1/export/csv/sbom/file/{fileId}
Responses
200

OK

objectobject
fileStreamfile
contentTypestring
fileDownloadNamestring
lastModifieddate-time
entityTagobject
tagobject
bufferstring
offsetint32
lengthint32
valuestring
hasValueboolean
isWeakboolean
enableRangeProcessingboolean
400

Bad Request

404

Not Found

Response

Export a CSV report of all CVEs from latest scans

Auth
Query String
Severityarray
GET /api/v1/export/csv/cves
Responses
200

OK

objectobject
fileStreamfile
contentTypestring
fileDownloadNamestring
lastModifieddate-time
entityTagobject
tagobject
bufferstring
offsetint32
lengthint32
valuestring
hasValueboolean
isWeakboolean
enableRangeProcessingboolean
400

Bad Request

Response

Get all external loggers

Auth
GET /api/v1/externallogger
Responses
200

OK

No response body
Response

Add an external logger

Auth
Request Body
objectobject
connectionSettingsobject
serverAddressstring
portint32
facilityinteger
formatinteger
POST /api/v1/externallogger
Responses
200

OK

No response body
Response

Update an external logger

Auth
Path Params
idstring
Request Body
objectobject
connectionSettingsobject
serverAddressstring
portint32
facilityinteger
formatinteger
PUT /api/v1/externallogger/{id}
Responses
200

OK

No response body
Response

Delete an external logger

Auth
Path Params
idstring
DELETE /api/v1/externallogger/{id}
Responses
200

OK

No response body
Response

Manage Files

Get files uploaded and scanned directly in the system

Auth
Query String
pageinteger

Default: null

pageSizeinteger

Default: null

searchstring

Default: null

GET /api/v1/file/direct
Responses
200

OK

objectobject
countint32
blockedFilesint32
filesarray[object]
idstring
scanResultIdstring
fileNamestring
filePathstring
vulnerabilityIssuesobject
criticalint32
highint32
mediumint32
lowint32
unknownint32
dependencyVulnerabilityIssuesobject
criticalint32
highint32
mediumint32
lowint32
unknownint32
cvesarray[object]
idstring
fixedVersionsarray[string]
severityinteger
sourcestring
cwesarray[string]
aliasesarray[string]
epssobject
datestring
percentilenumber
scorenumber
ratingsarray[object]
methodstring
scorenumber
severitystring
sourceobject
namestring
stepsarray[object]
commandstring
packagesarray[object]
idstring
namestring
versionstring
ecosystemstring
archiveboolean
executableboolean
uidstring
packageTypestring
licensesobject
allowedarray[object]
idstring
urlstring
categorystring
usageRestrictionobject
permissionsarray[string]
conditionsarray[string]
limitationsarray[string]
blockedarray
repositoriesarray[object]
connectionstring
repositorystring
repositoryIdstring
referencestring
scanneddate-time
scanIdsarray[string]
stepSha256sarray[string]
directFilesarray[object]
fileNamestring
scanneddate-time
scanResultIdstring
hashesarray[object]
sha256string
fileNamestring
vulnerabilitiesarray
dependenciesarray[object]
ecosystemstring
groupstring
packageNamestring
packageVersionstring
vulnerabilitiesarray[object]
idstring
severitystring
sourcestring
fixedVersionsarray[string]
cwesarray[string]
typestring
aliasesarray[string]
epssobject
datestring
percentilenumber
scorenumber
ratingsarray
vulnerabilityCountsobject
criticalint32
highint32
mediumint32
lowint32
unknownint32
supplierNamestring
releaseDatedate-time
labelsarray[object]
keystring
valuestring
valueTypestring
createddate-time
updateddate-time
latestobject
versionstring
releaseDatestring
createdAtdate-time
lastUpdateddate-time
stepint32
vulnerabilityCountint32
vulnerabilityCountsobject
criticalint32
highint32
mediumint32
lowint32
unknownint32
hashstring
severityinteger
isMalwareboolean
hasSecretsboolean
blockedboolean
vulnerableboolean
licensesobject
allowedarray[object]
idstring
urlstring
categorystring
usageRestrictionobject
permissionsarray[string]
conditionsarray[string]
limitationsarray[string]
blockedarray
processingStateinteger
isArchiveboolean
sizeint64
hashstring
startTimedate-time
metadatastring
packagesarray[object]
packageIdstring
ecosystemstring
groupstring
packageNamestring
packageVersionstring
targetstring
licensesobject
allowedarray[object]
idstring
urlstring
categorystring
usageRestrictionobject
permissionsarray[string]
conditionsarray[string]
limitationsarray[string]
blockedarray
vulnerabilitiesarray
vulnerabilityCountsobject
criticalint32
highint32
mediumint32
lowint32
unknownint32
dependenciesarray
labelsarray
latestobject
versionstring
releaseDatestring
hasMoreItemsboolean
404

Not Found

Response

Returns all global label keys

Auth
GET /api/v1/global-label-keys
Responses
200

OK

objectobject
globalKeysarray[object]
idstring
namestring
descriptionstring
valueTypestring
optionsarray[string]
createddate-time
updateddate-time
tenantIdstring
createdAtdate-time
lastUpdateddate-time
responseKeystring
responseMessagestring
Response

Adds a new global label key

Auth
Request Body
objectobject
namestring
descriptionstring
valueTypestring
optionsarray[string]
POST /api/v1/global-label-keys
Responses
200

OK

objectobject
globalKeyobject
idstring
namestring
descriptionstring
valueTypestring
optionsarray[string]
createddate-time
updateddate-time
tenantIdstring
createdAtdate-time
lastUpdateddate-time
responseKeystring
responseMessagestring
Response

Updates an global label key

Auth
Path Params
idstring
Request Body
objectobject
namestring
descriptionstring
valueTypestring
optionsarray[string]
PUT /api/v1/global-label-keys/{id}
Responses
200

OK

objectobject
globalKeyobject
idstring
namestring
descriptionstring
valueTypestring
optionsarray[string]
createddate-time
updateddate-time
tenantIdstring
createdAtdate-time
lastUpdateddate-time
responseKeystring
responseMessagestring
Response

Deletes an global label key

Auth
Path Params
idstring
DELETE /api/v1/global-label-keys/{id}
Responses
200

OK

objectobject
responseKeystring
responseMessagestring
Response

Activate a license online

Auth
Request Body
objectobject
keystring
POST /api/v1/licenses/online
Responses
200

OK

objectobject
resultinteger
responseMessagestring
400

Bad Request

Response

Activate a license offline

Auth
Request Body
objectobject
LicenseContentfile
POST /api/v1/licenses/offline
Responses
200

OK

objectobject
resultinteger
responseMessagestring
400

Bad Request

Response

Remove licenses

Auth
DELETE /api/v1/licenses
Responses
200

OK

objectobject
resultinteger
responseMessagestring
400

Bad Request

404

Not Found

Response

Get licenses

Auth
GET /api/v1/licenses
Responses
200

OK

objectobject
resultinteger
licenseobject
productIdstring
productNamestring
expirationint64
deploymentIdstring
currentDeploymentIdstring
activationKeystring
licenseContentstring
maxDevelopersint32
responseMessagestring
400

Bad Request

404

Not Found

Response

Get current deployment Id for offline license activation

Auth
GET /api/v1/licenses/current-deployment-id
Responses
200

OK

objectobject
resultinteger
currentDeploymentIdstring
responseMessagestring
400

Bad Request

Response

Manage Opswat Central Management Ocm

Update an OCM instance

Auth
Request Body
objectobject
serverApistring
regCodestring
PUT /api/v1/ocm
Responses
200

OK

objectobject
responseKeystring
responseMessagestring
Response

Delete an OCM instance

Auth
DELETE /api/v1/ocm
Responses
200

OK

objectobject
responseKeystring
responseMessagestring
Response

Get an OCM instance

Auth
GET /api/v1/ocm
Responses
200

OK

objectobject
ocmInformationobject
idstring
apiKeystring
serverApistring
registrationCodestring
deploymentIdstring
cmVersionstring
scanConfigurationHashstring
storageConfigurationHashstring
retentionConfigurationHashstring
externalLoggerConfigurationHashstring
userConfigurationHashstring
licenseConfigurationHashstring
smtpConfigurationHashstring
notificationConfigurationHashstring
enrollStatusinteger
lastServerConnectionint64
lastConfigurationSyncint64
connectionStatusinteger
createdAtdate-time
lastUpdateddate-time
tenantIdstring
responseKeystring
responseMessagestring
Response

Get onboarding

Auth
GET /api/v1/onboarding
Responses
200

OK

objectobject
hasUserConfiguredboolean
hasLicenseConfiguredboolean
hasScanInstanceConfiguredboolean
hasConnectionConfiguredboolean
isCloudTypeboolean
isEulaAgreedboolean
isOnboardingDoneboolean
responseKeystring
responseMessagestring
Response

Complete onboarding

Auth
POST /api/v1/onboarding/complete
Responses
200

OK

No response body
Response

Agree to onboarding EULA

Auth
POST /api/v1/onboarding/accept-eula
Responses
200

OK

No response body
Response

Retrieves a list of packages based on search criteria

Auth
Query String
Namestring

pattern: ^[0-9]*$

Default: null

Ecosystemstring

pattern: ^[0-9]*$

Default: null

Versionstring

pattern: ^[0-9]*$

Default: null

Vulnerabilitiesarray
LicenseRisksarray
Connectionstring

pattern: ^[0-9]*$

Default: null

Repositorystring

pattern: ^[0-9]*$

Default: null

Referencestring

pattern: ^[0-9]*$

Default: null

ScanIdstring

pattern: ^[0-9]*$

Default: null

StepSha256string

pattern: ^[0-9]*$

Default: null

Searchstring

pattern: ^[0-9]*$

Default: null

IncludeDirectFilesboolean
GET /api/v1/packages
Responses
200

OK

objectobject
packagesarray[object]
idstring
namestring
versionstring
ecosystemstring
archiveboolean
executableboolean
uidstring
packageTypestring
licensesobject
allowedarray[object]
idstring
urlstring
categorystring
usageRestrictionobject
permissionsarray[string]
conditionsarray[string]
limitationsarray[string]
blockedarray
repositoriesarray[object]
connectionstring
repositorystring
repositoryIdstring
referencestring
scanneddate-time
scanIdsarray[string]
stepSha256sarray[string]
directFilesarray[object]
fileNamestring
scanneddate-time
scanResultIdstring
hashesarray[object]
sha256string
fileNamestring
vulnerabilitiesarray
dependenciesarray[object]
ecosystemstring
groupstring
packageNamestring
packageVersionstring
vulnerabilitiesarray[object]
idstring
severitystring
sourcestring
fixedVersionsarray[string]
cwesarray[string]
typestring
aliasesarray[string]
epssobject
datestring
percentilenumber
scorenumber
ratingsarray
vulnerabilityCountsobject
criticalint32
highint32
mediumint32
lowint32
unknownint32
supplierNamestring
releaseDatedate-time
labelsarray[object]
keystring
valuestring
valueTypestring
createddate-time
updateddate-time
latestobject
versionstring
releaseDatestring
createdAtdate-time
lastUpdateddate-time
responseKeystring
responseMessagestring
Response

Retrieves all versions of a specific package by its name and ecosystem

Auth
Query String
ecosystemstring
packageNamestring
GET /api/v1/packages/versions
Responses
200

OK

objectobject
packageNamestring
ecosystemstring
versionsarray[object]
versionstring
vulnerabilitiesarray[object]
idstring
fixedVersionsarray[string]
severityinteger
sourcestring
cwesarray[string]
aliasesarray[string]
epssobject
datestring
percentilenumber
scorenumber
ratingsarray[object]
methodstring
scorenumber
severitystring
sourceobject
namestring
supplierNamestring
releaseDatedate-time
dependenciesarray[object]
ecosystemstring
groupstring
packageNamestring
packageVersionstring
vulnerabilitiesarray[object]
idstring
severitystring
sourcestring
fixedVersionsarray[string]
cwesarray[string]
typestring
aliasesarray[string]
epssobject
datestring
percentilenumber
scorenumber
ratingsarray
vulnerabilityCountsobject
criticalint32
highint32
mediumint32
lowint32
unknownint32
licensesobject
allowedarray[object]
idstring
urlstring
categorystring
usageRestrictionobject
permissionsarray[string]
conditionsarray[string]
limitationsarray[string]
blockedarray
responseKeystring
responseMessagestring
Response

Retrieves a package by its internal database ID

Auth
Path Params
idstring
Query String
includeDirectFilesboolean

Default: false

GET /api/v1/packages/{id}
Responses
200

OK

objectobject
packageobject
idstring
namestring
versionstring
ecosystemstring
archiveboolean
executableboolean
uidstring
packageTypestring
licensesobject
allowedarray[object]
idstring
urlstring
categorystring
usageRestrictionobject
permissionsarray[string]
conditionsarray[string]
limitationsarray[string]
blockedarray
repositoriesarray[object]
connectionstring
repositorystring
repositoryIdstring
referencestring
scanneddate-time
scanIdsarray[string]
stepSha256sarray[string]
directFilesarray[object]
fileNamestring
scanneddate-time
scanResultIdstring
hashesarray[object]
sha256string
fileNamestring
vulnerabilitiesarray[object]
idstring
fixedVersionsarray[string]
severityinteger
sourcestring
cwesarray[string]
aliasesarray[string]
epssobject
datestring
percentilenumber
scorenumber
ratingsarray[object]
methodstring
scorenumber
severitystring
sourceobject
namestring
dependenciesarray[object]
ecosystemstring
groupstring
packageNamestring
packageVersionstring
vulnerabilitiesarray[object]
idstring
severitystring
sourcestring
fixedVersionsarray[string]
cwesarray[string]
typestring
aliasesarray[string]
epssobject
datestring
percentilenumber
scorenumber
ratingsarray
vulnerabilityCountsobject
criticalint32
highint32
mediumint32
lowint32
unknownint32
supplierNamestring
releaseDatedate-time
labelsarray[object]
keystring
valuestring
valueTypestring
createddate-time
updateddate-time
latestobject
versionstring
releaseDatestring
createdAtdate-time
lastUpdateddate-time
responseKeystring
responseMessagestring
Response

Retrieves a package by its universal package UID

Auth
Path Params
uidInB64string
GET /api/v1/packages/by-uid/{uidInB64}
Responses
200

OK

objectobject
packageobject
idstring
namestring
versionstring
ecosystemstring
archiveboolean
executableboolean
uidstring
packageTypestring
licensesobject
allowedarray[object]
idstring
urlstring
categorystring
usageRestrictionobject
permissionsarray[string]
conditionsarray[string]
limitationsarray[string]
blockedarray
repositoriesarray[object]
connectionstring
repositorystring
repositoryIdstring
referencestring
scanneddate-time
scanIdsarray[string]
stepSha256sarray[string]
directFilesarray[object]
fileNamestring
scanneddate-time
scanResultIdstring
hashesarray[object]
sha256string
fileNamestring
vulnerabilitiesarray[object]
idstring
fixedVersionsarray[string]
severityinteger
sourcestring
cwesarray[string]
aliasesarray[string]
epssobject
datestring
percentilenumber
scorenumber
ratingsarray[object]
methodstring
scorenumber
severitystring
sourceobject
namestring
dependenciesarray[object]
ecosystemstring
groupstring
packageNamestring
packageVersionstring
vulnerabilitiesarray[object]
idstring
severitystring
sourcestring
fixedVersionsarray[string]
cwesarray[string]
typestring
aliasesarray[string]
epssobject
datestring
percentilenumber
scorenumber
ratingsarray
vulnerabilityCountsobject
criticalint32
highint32
mediumint32
lowint32
unknownint32
supplierNamestring
releaseDatedate-time
labelsarray[object]
keystring
valuestring
valueTypestring
createddate-time
updateddate-time
latestobject
versionstring
releaseDatestring
createdAtdate-time
lastUpdateddate-time
responseKeystring
responseMessagestring
Response

Retrieves CVEs associated with a specific package

Auth
Path Params
idstring
GET /api/v1/packages/{id}/cves
Responses
200

OK

objectobject
cvesarray[object]
idstring
fixedVersionsarray[string]
severityinteger
sourcestring
cwesarray[string]
aliasesarray[string]
epssobject
datestring
percentilenumber
scorenumber
ratingsarray[object]
methodstring
scorenumber
severitystring
sourceobject
namestring
responseKeystring
responseMessagestring
Response

Retrieves all labels for a specific package

Auth
Path Params
idstring
GET /api/v1/packages/{id}/labels
Responses
200

OK

objectobject
labelsarray[object]
Keystring
Valuestring
ValueTypestring
Createddate-time
Updateddate-time
responseKeystring
responseMessagestring
Response

Adds a label to a package

Auth
Path Params
idstring
Request Body
objectobject
Keystring
Valuestring
ValueTypestring
Createddate-time
Updateddate-time
POST /api/v1/packages/{id}/labels
Responses
200

OK

objectobject
labelobject
Keystring
Valuestring
ValueTypestring
Createddate-time
Updateddate-time
responseKeystring
responseMessagestring
Response

Updates a label in a package

Auth
Path Params
idstring
keystring
Request Body
objectobject
valuestring
valueTypestring
PUT /api/v1/packages/{id}/labels/{key}
Responses
200

OK

objectobject
responseKeystring
responseMessagestring
Response

Deletes a label from a package

Auth
Path Params
idstring
keystring
DELETE /api/v1/packages/{id}/labels/{key}
Responses
200

OK

objectobject
responseKeystring
responseMessagestring
Response

Searches for packages by label key and optionally value

Auth
Query String
keystring
valuestring

Default: null

GET /api/v1/packages/search/labels
Responses
200

OK

objectobject
packagesarray[object]
idstring
namestring
versionstring
ecosystemstring
archiveboolean
executableboolean
uidstring
packageTypestring
licensesobject
allowedarray[object]
idstring
urlstring
categorystring
usageRestrictionobject
permissionsarray[string]
conditionsarray[string]
limitationsarray[string]
blockedarray
repositoriesarray[object]
connectionstring
repositorystring
repositoryIdstring
referencestring
scanneddate-time
scanIdsarray[string]
stepSha256sarray[string]
directFilesarray[object]
fileNamestring
scanneddate-time
scanResultIdstring
hashesarray[object]
sha256string
fileNamestring
vulnerabilitiesarray
dependenciesarray[object]
ecosystemstring
groupstring
packageNamestring
packageVersionstring
vulnerabilitiesarray[object]
idstring
severitystring
sourcestring
fixedVersionsarray[string]
cwesarray[string]
typestring
aliasesarray[string]
epssobject
datestring
percentilenumber
scorenumber
ratingsarray
vulnerabilityCountsobject
criticalint32
highint32
mediumint32
lowint32
unknownint32
supplierNamestring
releaseDatedate-time
labelsarray[object]
keystring
valuestring
valueTypestring
createddate-time
updateddate-time
latestobject
versionstring
releaseDatestring
createdAtdate-time
lastUpdateddate-time
responseKeystring
responseMessagestring
Response

Create a project

Auth
Request Body
objectobject
namestring

maxLength: 50

workflowIdsarray[string]
storageIdsarray[string]
POST /api/v1/projects
Responses
200

OK

objectobject
projectobject
idstring
namestring
workflowIdsarray[string]
storageIdsarray[string]
responseKeystring
responseMessagestring
400

Bad Request

Response

List projects

Auth
GET /api/v1/projects
Responses
200

OK

arrayarray[object]
idstring
namestring
workflowIdsarray[string]
storageIdsarray[string]
Response

Get a project by ID

Auth
Path Params
idstring
GET /api/v1/projects/{id}
Responses
200

OK

objectobject
idstring
namestring
workflowIdsarray[string]
storageIdsarray[string]
404

Not Found

Response

Update a project

Auth
Path Params
idstring
Request Body
objectobject
namestring

maxLength: 50

PUT /api/v1/projects/{id}
Responses
200

OK

objectobject
projectobject
idstring
namestring
workflowIdsarray[string]
storageIdsarray[string]
responseKeystring
responseMessagestring
404

Not Found

Response

Delete a project

Auth
Path Params
idstring
DELETE /api/v1/projects/{id}
Responses
200

OK

objectobject
projectobject
idstring
namestring
workflowIdsarray[string]
storageIdsarray[string]
responseKeystring
responseMessagestring
404

Not Found

Response

Attach workflows to a project

Auth
Path Params
idstring
Request Body
objectobject
idsarray[string]
POST /api/v1/projects/{id}/workflows/attach
Responses
200

OK

objectobject
projectobject
idstring
namestring
workflowIdsarray[string]
storageIdsarray[string]
responseKeystring
responseMessagestring
404

Not Found

Response

Detach workflows from a project

Auth
Path Params
idstring
Request Body
objectobject
idsarray[string]
POST /api/v1/projects/{id}/workflows/detach
Responses
200

OK

objectobject
projectobject
idstring
namestring
workflowIdsarray[string]
storageIdsarray[string]
responseKeystring
responseMessagestring
404

Not Found

Response

Attach connections (services) to a project

Auth
Path Params
idstring
Request Body
objectobject
idsarray[string]
POST /api/v1/projects/{id}/storages/attach
Responses
200

OK

objectobject
projectobject
idstring
namestring
workflowIdsarray[string]
storageIdsarray[string]
responseKeystring
responseMessagestring
404

Not Found

Response

Detach connections (services) from a project

Auth
Path Params
idstring
Request Body
objectobject
idsarray[string]
POST /api/v1/projects/{id}/storages/detach
Responses
200

OK

objectobject
projectobject
idstring
namestring
workflowIdsarray[string]
storageIdsarray[string]
responseKeystring
responseMessagestring
404

Not Found

Response

Enable real-time protection for multiple repositories

Auth
Path Params
storageIdstring
Request Body
objectobject
repositoriesarray[object]
repositoryIdstring
repositoryNamestring
connectionstring
workflowIdstring
POST /api/v1/realtime/{storageId}/enable
Responses
207

Multi-Status

objectobject
resultinteger
responseKeystring
responseMessagestring
responseMessageParamsobject
*string
400

Bad Request

409

Conflict

Response

Disable real-time protection for connection

Auth
Path Params
storageIdstring
PATCH /api/v1/realtime/{storageId}/disable
Responses
200

OK

No response body
Response

Disable real-time protection for repository

Auth
Path Params
storageIdstring
repositoryIdstring
PATCH /api/v1/realtime/{storageId}/{repositoryId}/disable
Responses
200

OK

No response body
Response

List connections with real-time protection enabled

Auth
GET /api/v1/realtime
Responses
200

OK

objectobject
storagesarray[object]
idstring
namestring
storageTypeobject
namestring
categoryTypeinteger
protocolTypeinteger
vendorTypeinteger
storageStatusobject
messagestring
statusTypeinteger
Response

List ongoing real-time protection scans for connection

Auth
Path Params
storageIdstring
GET /api/v1/realtime/{storageId}
Responses
200

OK

objectobject
storageIdstring
realTimeScansarray[object]
scanIdstring
repositoryIdstring
repositoryNamestring
scanningStateinteger
workflowIdstring
scanInformationobject
totalFilesint32
malwareint32
secretint32
blockedFilesint32
vulnerabilityIssuesobject
criticalint32
highint32
mediumint32
lowint32
unknownint32
licensesobject
blockedLicensesCountint32
allowedarray[object]
idstring
urlstring
categorystring
usageRestrictionobject
permissionsarray[string]
conditionsarray[string]
limitationsarray[string]
blockedarray
packageobject
totalPackagesint32
vulnerablePackagesint32
Response

Delete real-time scan protection for connection

Auth
Path Params
storageIdstring
Query String
forceDeleteboolean

Default: false

DELETE /api/v1/realtime/{storageId}
Responses
200

OK

No response body
Response

Delete real-time scan protection for repository

Auth
Path Params
storageIdstring
repositoryIdstring
Query String
forceDeleteboolean

Default: false

DELETE /api/v1/realtime/{storageId}/{repositoryId}
Responses
200

OK

No response body
Response

Add a scan configuration

Auth
Request Body
objectobject
namestring

maxLength: 50

minLength: 3

scanPoolIdstring
rulesarray[string]
userAgentstring
POST /api/v1/scan-configurations
Responses
200

OK

objectobject
idstring
scanPoolIdstring
rulesarray[string]
typeinteger
namestring
scanPoolobject
idstring
namestring
scanPoolTypeinteger
isDefaultboolean
scanInstancesarray[object]
idstring
scanPoolIdstring
urlstring
apiKeystring
timeoutstring

pattern: ^-?(\d+\.)?\d{2}:\d{2}:\d{2}(\.\d{1,7})?$

userAgentstring
filtersobject
idstring
minimumSizeint64
maximumSizeint64
minimumDateTimedate-time
maximumDateTimedate-time
400

Bad Request

502

Bad Gateway

Response

Get all scan configurations

Auth
GET /api/v1/scan-configurations
Responses
200

OK

objectobject
Workflowsarray[object]
idstring
scanPoolIdstring
rulesarray[string]
typeinteger
namestring
scanPoolobject
idstring
namestring
scanPoolTypeinteger
isDefaultboolean
scanInstancesarray[object]
idstring
scanPoolIdstring
urlstring
apiKeystring
timeoutstring

pattern: ^-?(\d+\.)?\d{2}:\d{2}:\d{2}(\.\d{1,7})?$

userAgentstring
filtersobject
idstring
minimumSizeint64
maximumSizeint64
minimumDateTimedate-time
maximumDateTimedate-time
resultinteger
responseKeystring
responseMessagestring
responseMessageParamsobject
*string
400

Bad Request

404

Not Found

Response

Update a scan configuration

Auth
Path Params
idstring
Request Body
objectobject
namestring

maxLength: 50

minLength: 3

scanPoolIdstring
rulesarray[string]
userAgentstring
PUT /api/v1/scan-configurations/{id}
Responses
200

OK

objectobject
resultinteger
responseKeystring
responseMessagestring
responseMessageParamsobject
*string
400

Bad Request

404

Not Found

Response

Delete a scan configuration

Auth
Path Params
idstring
DELETE /api/v1/scan-configurations/{id}
Responses
200

OK

objectobject
resultinteger
responseKeystring
responseMessagestring
responseMessageParamsobject
*string
400

Bad Request

404

Not Found

Response

Get a scan configuration by ID

Auth
Path Params
idstring
GET /api/v1/scan-configurations/{id}
Responses
200

OK

objectobject
Workflowobject
idstring
scanPoolIdstring
rulesarray[string]
typeinteger
namestring
scanPoolobject
idstring
namestring
scanPoolTypeinteger
isDefaultboolean
scanInstancesarray[object]
idstring
scanPoolIdstring
urlstring
apiKeystring
timeoutstring

pattern: ^-?(\d+\.)?\d{2}:\d{2}:\d{2}(\.\d{1,7})?$

userAgentstring
filtersobject
idstring
minimumSizeint64
maximumSizeint64
minimumDateTimedate-time
maximumDateTimedate-time
resultinteger
responseKeystring
responseMessagestring
responseMessageParamsobject
*string
400

Bad Request

404

Not Found

Response

Get all scan configurations by scan pool ID

Auth
Path Params
idstring
GET /api/v1/scan-configurations/scan-pools/{id}
Responses
200

OK

objectobject
Workflowsarray[object]
idstring
scanPoolIdstring
rulesarray[string]
typeinteger
namestring
scanPoolobject
idstring
namestring
scanPoolTypeinteger
isDefaultboolean
scanInstancesarray[object]
idstring
scanPoolIdstring
urlstring
apiKeystring
timeoutstring

pattern: ^-?(\d+\.)?\d{2}:\d{2}:\d{2}(\.\d{1,7})?$

userAgentstring
filtersobject
idstring
minimumSizeint64
maximumSizeint64
minimumDateTimedate-time
maximumDateTimedate-time
resultinteger
responseKeystring
responseMessagestring
responseMessageParamsobject
*string
400

Bad Request

Response

Add a new scan instance

Auth
Request Body
objectobject
scanPoolIdstring
urlstring
apiKeystring
timeoutstring

pattern: ^-?(\d+\.)?\d{2}:\d{2}:\d{2}(\.\d{1,7})?$

scanInstanceTypeinteger
POST /api/v1/scan-instances
Responses
200

OK

objectobject
scanInstanceIdstring
resultinteger
responseKeystring
responseMessagestring
responseMessageParamsobject
*string
400

Bad Request

404

Not Found

Response

Delete a scan instance

Auth
Path Params
idstring
DELETE /api/v1/scan-instances/{id}
Responses
200

OK

objectobject
resultinteger
responseKeystring
responseMessagestring
responseMessageParamsobject
*string
400

Bad Request

404

Not Found

Response

Get a scan instance by ID

Auth
Path Params
idstring
GET /api/v1/scan-instances/{id}
Responses
200

OK

objectobject
scanInstanceobject
idstring
scanPoolIdstring
urlstring
apiKeystring
timeoutstring

pattern: ^-?(\d+\.)?\d{2}:\d{2}:\d{2}(\.\d{1,7})?$

resultinteger
responseKeystring
responseMessagestring
responseMessageParamsobject
*string
400

Bad Request

404

Not Found

Response

Update a scan instance

Auth
Path Params
idstring
Request Body
objectobject
urlstring
apiKeystring
timeoutstring

pattern: ^-?(\d+\.)?\d{2}:\d{2}:\d{2}(\.\d{1,7})?$

PUT /api/v1/scan-instances/{id}
Responses
200

OK

objectobject
resultinteger
responseKeystring
responseMessagestring
responseMessageParamsobject
*string
400

Bad Request

404

Not Found

Response

Add a new scan pool

Auth
Request Body
objectobject
namestring
scanPoolTypeinteger
POST /api/v1/scan-pools
Responses
200

OK

objectobject
scanPoolIdstring
resultinteger
responseKeystring
responseMessagestring
responseMessageParamsobject
*string
400

Bad Request

404

Not Found

Response

Get scan pools

Auth
GET /api/v1/scan-pools
Responses
200

OK

objectobject
scanPoolsarray[object]
idstring
namestring
scanPoolTypeinteger
isDefaultboolean
scanInstancesarray[object]
idstring
scanPoolIdstring
urlstring
apiKeystring
timeoutstring

pattern: ^-?(\d+\.)?\d{2}:\d{2}:\d{2}(\.\d{1,7})?$

resultinteger
responseKeystring
responseMessagestring
responseMessageParamsobject
*string
400

Bad Request

404

Not Found

Response

Delete a scan pool

Auth
Path Params
idstring
DELETE /api/v1/scan-pools/{id}
Responses
200

OK

objectobject
resultinteger
responseKeystring
responseMessagestring
responseMessageParamsobject
*string
400

Bad Request

404

Not Found

Response

Get a scan pool by ID

Auth
Path Params
idstring
GET /api/v1/scan-pools/{id}
Responses
200

OK

objectobject
scanPoolobject
idstring
namestring
scanPoolTypeinteger
isDefaultboolean
scanInstancesarray[object]
idstring
scanPoolIdstring
urlstring
apiKeystring
timeoutstring

pattern: ^-?(\d+\.)?\d{2}:\d{2}:\d{2}(\.\d{1,7})?$

resultinteger
responseKeystring
responseMessagestring
responseMessageParamsobject
*string
400

Bad Request

404

Not Found

Response

Update an existing scan pool

Auth
Path Params
idstring
Request Body
objectobject
namestring
PUT /api/v1/scan-pools/{id}
Responses
200

OK

objectobject
resultinteger
responseKeystring
responseMessagestring
responseMessageParamsobject
*string
400

Bad Request

404

Not Found

Response

Get all rules from a scan pool

Auth
Path Params
idstring
GET /api/v1/scan-pools/{id}/rules
Responses
200

OK

arrayarray[object]
namestring
user_agentsarray[string]
400

Bad Request

Response

Add or start a scan

Auth
Request Body
objectobject
storageIdstring
storageNamestring
scanTypeinteger
workflowIdstring
repositoryIdstring
repositoryNamestring
protocolTypeinteger
repositoryReferencesarray[string]
organizationstring
connectionstring
packageTypestring
repositoryTypestring
POST /api/v1/scans
Responses
200

OK

objectobject
scanIdsarray[string]
referencesUsedForScanningarray[string]
protocolTypeinteger
repositoryIdstring
repositoryNamestring
serviceIdstring
storageNamestring
workflowIdstring
workflowNamestring
triggerEventstring
triggerBystring
responseKeystring
responseMessagestring
Response

Enumerate scan results

Auth
Query String
Typearray
TimeFramestring

pattern: ^[0-9]*$

Default: null

Vulnerabilitiesarray
LicenseRisksarray
Statusarray
TriggerEventarray
Workflowstring

pattern: ^[0-9]*$

Default: null

Connectionstring

pattern: ^[0-9]*$

Default: null

Secretsboolean
Threatsboolean
Searchstring

pattern: ^[0-9]*$

Default: null

ConnectionTypestring

pattern: ^[0-9]*$

Default: null

RepositoryIdstring

pattern: ^[0-9]*$

Default: null

Latestboolean
GET /api/v1/scans
Responses
200

OK

objectobject
responseKeystring
responseMessagestring
Response

Delete multiple scans by their scan IDs

Auth
Request Body
arrayarray[string]
DELETE /api/v1/scans
Responses
200

OK

No response body
400

Bad Request

500

Internal Server Error

Response

Upload and scan a file immediately

Auth
Request Body
objectobject
filesarray[string]
workflowIdstring
metadatastring
POST /api/v1/scans/direct
Responses
200

OK

objectobject
scanIdsarray[string]
referencesUsedForScanningarray[string]
protocolTypeinteger
repositoryIdstring
repositoryNamestring
serviceIdstring
storageNamestring
workflowIdstring
workflowNamestring
triggerEventstring
triggerBystring
responseKeystring
responseMessagestring
Response

Stop a scan

Auth
Path Params
idstring
POST /api/v1/scans/{id}
Responses
200

OK

objectobject
statusCodeint32
Response

Get scan results by scan ID

Auth
Path Params
idstring
GET /api/v1/scans/{id}
Responses
200

OK

objectobject
serviceIdstring
repositoryIdstring
repositoryNamestring
repositoryTypestring
referenceUsedForScanningstring
scanIdstring
protocolTypeinteger
connectionstring
packageTypestring
organizationstring
startTimedate-time
stopTimedate-time
durationstring

pattern: ^-?(\d+\.)?\d{2}:\d{2}:\d{2}(\.\d{1,7})?$

vulnerabilityIssuesobject
criticalint32
highint32
mediumint32
lowint32
unknownint32
scanStatusinteger
discoveryStatusinteger
errorsarray[string]
blockedLicensesCountint32
infectedFilesint32
filesWithSecretsint32
404

Not Found

Response

Enumerate all latest scan results

Auth
Query String
Typearray
TimeFramestring

pattern: ^[0-9]*$

Default: null

Vulnerabilitiesarray
LicenseRisksarray
Statusarray
TriggerEventarray
Workflowstring

pattern: ^[0-9]*$

Default: null

Connectionstring

pattern: ^[0-9]*$

Default: null

Secretsboolean
Threatsboolean
Searchstring

pattern: ^[0-9]*$

Default: null

ConnectionTypestring

pattern: ^[0-9]*$

Default: null

RepositoryIdstring

pattern: ^[0-9]*$

Default: null

Latestboolean
GET /api/v1/scans/latest
Responses
200

OK

arrayarray[object]
scanIdstring
repositoryobject
connectionIdstring
connectionNamestring
protocolTypeinteger
repositoryIdstring
repositoryNamestring
repositoryReferencestring
repositoryMetadatastring
scanInformationobject
malwareboolean
secretboolean
vulnerabilityIssuesobject
criticalint32
highint32
mediumint32
lowint32
unknownint32
licensesobject
blockedLicensesCountint32
allowedarray[object]
idstring
urlstring
categorystring
usageRestrictionobject
permissionsarray[string]
conditionsarray[string]
limitationsarray[string]
blockedarray
workflowobject
workflowIdstring
workflowNamestring
workflowTypestring
workflowIsDeletedboolean
remediationsarray[object]
isEnabledboolean
typestring
packageobject
totalPackagesint32
vulnerablePackagesint32
scannedOndate-time
stopTimedate-time
triggerEventstring
errorsarray[string]
scanStatusobject
scanningStatestring
uploadProgressint32
scanProgressint32
metadatastring
404

Not Found

Response

Enumerate all latest scan results by service ID

Auth
Path Params
serviceIdstring
Query String
Typearray
TimeFramestring

pattern: ^[0-9]*$

Default: null

Vulnerabilitiesarray
LicenseRisksarray
Statusarray
TriggerEventarray
Workflowstring

pattern: ^[0-9]*$

Default: null

Connectionstring

pattern: ^[0-9]*$

Default: null

Secretsboolean
Threatsboolean
Searchstring

pattern: ^[0-9]*$

Default: null

ConnectionTypestring

pattern: ^[0-9]*$

Default: null

RepositoryIdstring

pattern: ^[0-9]*$

Default: null

Latestboolean
GET /api/v1/scans/{serviceId}/latest
Responses
200

OK

objectobject
scanIdstring
repositoryobject
connectionIdstring
connectionNamestring
protocolTypeinteger
repositoryIdstring
repositoryNamestring
repositoryReferencestring
repositoryMetadatastring
scanInformationobject
malwareboolean
secretboolean
vulnerabilityIssuesobject
criticalint32
highint32
mediumint32
lowint32
unknownint32
licensesobject
blockedLicensesCountint32
allowedarray[object]
idstring
urlstring
categorystring
usageRestrictionobject
permissionsarray[string]
conditionsarray[string]
limitationsarray[string]
blockedarray
workflowobject
workflowIdstring
workflowNamestring
workflowTypestring
workflowIsDeletedboolean
remediationsarray[object]
isEnabledboolean
typestring
packageobject
totalPackagesint32
vulnerablePackagesint32
scannedOndate-time
stopTimedate-time
triggerEventstring
errorsarray[string]
scanStatusobject
scanningStatestring
uploadProgressint32
scanProgressint32
metadatastring
Response

Get scan overview by scan ID

Auth
Path Params
idstring
GET /api/v1/scans/{id}/overview
Responses
200

OK

arrayarray[object]
scanIdstring
repositoryobject
connectionIdstring
connectionNamestring
protocolTypeinteger
repositoryIdstring
repositoryNamestring
repositoryReferencestring
repositoryMetadatastring
scanInformationobject
malwareboolean
secretboolean
vulnerabilityIssuesobject
criticalint32
highint32
mediumint32
lowint32
unknownint32
licensesobject
blockedLicensesCountint32
allowedarray[object]
idstring
urlstring
categorystring
usageRestrictionobject
permissionsarray[string]
conditionsarray[string]
limitationsarray[string]
blockedarray
workflowobject
workflowIdstring
workflowNamestring
workflowTypestring
workflowIsDeletedboolean
remediationsarray[object]
isEnabledboolean
typestring
packageobject
totalPackagesint32
vulnerablePackagesint32
scannedOndate-time
stopTimedate-time
triggerEventstring
errorsarray[string]
scanStatusobject
scanningStatestring
uploadProgressint32
scanProgressint32
metadatastring
Response

Enumerate all scan results by repository ID

Auth
Path Params
serviceIdstring
repositoryIdstring
GET /api/v1/scans/{serviceId}/{repositoryId}
Responses
200

OK

arrayarray[object]
scanIdstring
repositoryobject
connectionIdstring
connectionNamestring
protocolTypeinteger
repositoryIdstring
repositoryNamestring
repositoryReferencestring
repositoryMetadatastring
scanInformationobject
malwareboolean
secretboolean
vulnerabilityIssuesobject
criticalint32
highint32
mediumint32
lowint32
unknownint32
licensesobject
blockedLicensesCountint32
allowedarray[object]
idstring
urlstring
categorystring
usageRestrictionobject
permissionsarray[string]
conditionsarray[string]
limitationsarray[string]
blockedarray
workflowobject
workflowIdstring
workflowNamestring
workflowTypestring
workflowIsDeletedboolean
remediationsarray[object]
isEnabledboolean
typestring
packageobject
totalPackagesint32
vulnerablePackagesint32
scannedOndate-time
stopTimedate-time
triggerEventstring
errorsarray[string]
scanStatusobject
scanningStatestring
uploadProgressint32
scanProgressint32
metadatastring
Response

Enumerate all scan schedules

Auth
GET /api/v1/scans/schedules
Responses
200

OK

arrayarray[object]
idstring
workflowIdstring
storageIdstring
userIdstring
namestring
priorityinteger
createdAtdate-time
lastUpdateddate-time
lastScanTimedate-time
nextScanTimedate-time
recurrenceTypeinteger
startDatedate-time
timeToStartdate-time
everyNumberOfHoursint32
everyNumberOfDaysint32
everyNumberOfWeeksint32
everyNumberOfMonthsint32
daysOfWeekarray[integer]
dayOfMonthint32
workflowobject
idstring
namestring
descriptionstring
userIdstring
scanConfigurationIdstring
deletedboolean
typeinteger
scanSourcesarray[object]
serviceIdstring
serviceNamestring
repositoriesarray[object]
repositoryIdstring
repositoryNamestring
typestring
connectionstring
packageTypestring
organizationstring
registrystring
referencesToScanarray[string]
remediations
_tstring

Enum: EmailRemediation

emailRecipientsarray[string]
isEnabledboolean
malwareboolean
secretboolean
allowRiskyPackagesboolean
recurrencePatternobject
typeinteger
hourlyRecurrenceobject
everyNumberOfHoursint32
dailyRecurrenceobject
everyNumberOfDaysint32
weeklyRecurrenceobject
daysOfWeekarray[integer]
everyNumberOfWeeksint32
monthlyRecurrenceobject
everyNumberOfMonthsint32
dayOfMonthint32
scanSchedulesarray
createdAtdate-time
lastUpdateddate-time
tenantIdstring
scansarray[object]
namestring
discoveryStateinteger
scanningStateinteger
scanTypeinteger
startTimedate-time
stopTimedate-time
executionIdstring
errorsarray[string]
priorityinteger
realTimeIsEnabledboolean
realTimeStartDatedate-time
realTimeHandlingTypeinteger
storageIdstring
scanScheduleIdstring
userIdstring
tenantIdstring
scanScheduleobject
repositoryIdstring
repositoryNamestring
repositoryReferencestring
repositoryRevisionstring
repositoryTypestring
packageTypestring
scanTargetPathstring
organizationstring
serviceNamestring
protocolTypestring
workflowIdstring
workflowNamestring
scanPartitionstring
scanStatisticsobject
totalFilesint32
infectedFilesint32
filesWithSecretsint32
totalVulnerabilitiesint32
criticalint32
highint32
mediumint32
lowint32
unknownint32
startTimedate-time
stopTimedate-time
durationstring

pattern: ^-?(\d+\.)?\d{2}:\d{2}:\d{2}(\.\d{1,7})?$

appliedRemediationsarray[string]
totalPackagesint32
packagesWithVulnerabilitiesint32
allowedLicensesarray[object]
idstring
urlstring
categorystring
usage_restrictionobject
permissionsarray[string]
conditionsarray[string]
limitationsarray[string]
blockedLicensesarray
scanobject
namestring
discoveryStateinteger
scanningStateinteger
scanTypeinteger
startTimedate-time
stopTimedate-time
executionIdstring
priorityinteger
realTimeIsEnabledboolean
realTimeStartDatedate-time
realTimeHandlingTypeinteger
storageIdstring
scanScheduleIdstring
userIdstring
tenantIdstring
repositoryIdstring
repositoryNamestring
repositoryReferencestring
repositoryRevisionstring
repositoryTypestring
packageTypestring
scanTargetPathstring
organizationstring
serviceNamestring
protocolTypestring
workflowIdstring
workflowNamestring
scanPartitionstring
idstring
rowVersionuint32
idstring
tenantIdstring
idstring
Response

Clean up historical scan results older than the specified time frame

Auth
Request Body
objectobject
timeFrameinteger
POST /api/v1/scans/cleanup
Responses
200

OK

objectobject
deletedScansCountint32
totalScansFoundint32
responseKeystring
responseMessagestring
207

Multi-Status

400

Bad Request

500

Internal Server Error

Response

Enumerate files by scan ID

Auth
Path Params
scanIdstring
Query String
pageinteger

Default: null

pageSizeinteger

Default: null

searchstring

Default: null

includeArchivesboolean

Default: null

GET /api/v1/scans/{scanId}/files
Responses
200

OK

arrayarray[object]
objectIdentityIdstring
objectIdentityHashstring
scanResultIdstring
progressUploadint16
progressScanint16
processingStateinteger
exceptionDetailsstring
createddate-time
discoveryStarteddate-time
discoveryStartedDaySecint64
streamingStartedTimedate-time
streamingCompletedTimedate-time
streamingTimeSpanMsint64
scanCompletedTimedate-time
processingTimeSpanMsint64
processingFailedTimedate-time
processingRetryCountint16
objectTriggeredActionsarray[object]
actionStatusinteger
triggeredActionTypeinteger
skippedScanboolean
hasAppliedRemediationboolean
hasAppliedSanitizationboolean
hasFailedSanitizationboolean
createdAtdate-time
lastUpdateddate-time
tenantIdstring
objectRemediationActionsarray[object]
idstring
objectActionTypeinteger
objectActionStateinteger
cdrObjectStateinteger
exceptionsarray[string]
fileIdstring
fileScanCompletedTimedate-time
remediationIdstring
createdAtdate-time
lastUpdateddate-time
tenantIdstring
fileobject
versionsarray[object]
urlstring
fileIdstring
fileScanCompletedTimedate-time
scanResultIdstring
objectIdentityIdstring
objectIdentityHashstring
progressScanint16
progressUploadint16
processingStateinteger
exceptionDetailsstring
createddate-time
discoveryStarteddate-time
discoveryStartedDaySecint64
streamingTimeSpanMsint64
scanCompletedTimedate-time
processingTimeSpanMsint64
streamingStartedTimedate-time
streamingCompletedTimedate-time
processingFailedTimedate-time
processingRetryCountint16
lastUpdateddate-time
createdAtdate-time
tenantIdstring
objectIdentityobject
idstring
storageIdstring
lastModifiedTimedate-time
storageObjectHashstring
pathstring
processingTypeinteger
typeinteger
objectIdentityHashstring
createdAtdate-time
lastUpdateddate-time
tenantIdstring
objectIdentityActionsarray[object]
scanResultobject
scanInstanceUrlstring
scanWorkflowSnapshotIdstring
coreEnginesHashstring
objectIdentityIdstring
objectIdentityHashstring
objectIdentityobject
idstring
storageIdstring
lastModifiedTimedate-time
storageObjectHashstring
pathstring
processingTypeinteger
typeinteger
objectIdentityHashstring
createdAtdate-time
lastUpdateddate-time
tenantIdstring
objectIdentityActionsarray[object]
idstring
coreScanResultstring
resultIinteger
scanAllResultIint16
totalDetectionsint16
vulnerabilitiesint16
dlpVerdictint16
hasVulnerabilityboolean
sandboxVerdictinteger
createdAtdate-time
lastUpdateddate-time
tenantIdstring
fileobject
idstring
scanIdstring
storageIdstring
scanWorkflowSnapshotIdstring
metaDefenderCoreUrlstring
namestring
pathstring
hashstring
objectStorageMetadatastring
sizeint64
lastModifieddate-time
storageLocationstring
fileTypeCategoryinteger
pathForDisplaystring
extensionstring
idstring
scanIdstring
storageIdstring
scanWorkflowSnapshotIdstring
metaDefenderCoreUrlstring
namestring
pathstring
hashstring
objectStorageMetadatastring
sizeint64
lastModifieddate-time
storageLocationstring
fileTypeCategoryinteger
pathForDisplaystring
extensionstring
404

Not Found

Response

Get the core result of a file by its scan result ID

Auth
Path Params
scanResultIdstring
GET /api/v1/scans/{scanResultId}/core-result
Responses
200

OK

objectobject
extracted_filesobject
data_idstring
scan_result_iint32
detected_byint32
files_in_archivearray[object]
display_namestring
data_idstring
file_typestring
file_type_descriptionstring
scan_result_iint32
scan_all_result_iint32
detected_byint32
scanned_withint32
progress_percentageint32
file_sizeint64
process_infoobject
post_processingobject
actions_ranstring
actions_failedstring
converted_tostring
copy_move_destinationstring
converted_destinationstring
sanitization_detailsobject
failure_categorystring
progress_percentageint32
user_agentstring
profilestring
resultstring
blocked_reasonstring
file_type_skipped_scanboolean
processing_timenumber
queue_timenumber
files_extracted_countint32
scan_resultsobject
scan_detailsobject
*object
threat_foundstring
scan_result_iint32
def_timestring
scan_timenumber
wait_timenumber
eng_idstring
data_idstring
scan_all_result_iint32
start_timestring
total_timenumber
total_avsint32
progress_percentageint32
scan_all_result_astring
file_infoobject
file_sizeint64
upload_timestampstring
md5string
sha1string
sha256string
file_typestring
file_type_categorystring
file_type_descriptionstring
file_type_idstring
file_type_extensionstring
display_namestring
original_file_pathstring
process_infoobject
post_processingobject
actions_ranstring
actions_failedstring
converted_tostring
copy_move_destinationstring
converted_destinationstring
sanitization_detailsobject
failure_categorystring
progress_percentageint32
user_agentstring
profilestring
resultstring
blocked_reasonstring
file_type_skipped_scanboolean
processing_timenumber
queue_timenumber
data_idstring
sourcestring
scanned_onstring
dlp_infoobject
verdictint64
sbom_infoobject
final_verdictobject
blockedboolean
licensing_package_countsobject
allowedint32
blockedint32
unknownint32
unsupportedint32
total_package_countint32
verdictstring
verdict_explanationarray[string]
vulnerability_countsobject
criticalint32
highint32
mediumint32
lowint32
unknownint32
vulnerable_package_countint32
overview_reportobject
is_partial_reportboolean
os_infoobject
os_namestring
os_versionstring
scan_modestring
stepsarray[object]
commandstring
license_statusstring
licensing_package_countsobject
allowedint32
blockedint32
unknownint32
unsupportedint32
packagesarray[object]
authorsstring
release_datestring
archstring
ecosystemstring
groupstring
archiveboolean
executableboolean
uidstring
licensesobject
allowedarray[object]
idstring
urlstring
categorystring
usage_restrictionobject
permissionsarray[string]
conditionsarray[string]
limitationsarray[string]
blockedarray
os_namestring
os_versionstring
package_namestring
latestobject
versionstring
release_datestring
hashesarray[object]
sha256string
file_namestring
package_versionstring
vulnerabilitiesarray[object]
idstring
sourcestring
fixed_versionsstring
cwesarray[string]
typestring
aliasesarray[string]
epssobject
datestring
percentilenumber
scorenumber
ratingsarray[object]
methodstring
scorenumber
severitystring
sourceobject
namestring
vulnerability_countsobject
criticalint32
highint32
mediumint32
lowint32
unknownint32
dependenciesarray[object]
uidstring
ecosystemstring
groupstring
package_namestring
package_versionstring
vulnerabilitiesarray
vulnerability_countsobject
criticalint32
highint32
mediumint32
lowint32
unknownint32
package_typestring
up_to_dateboolean
stepint32
vulnerability_countint32
vulnerability_countsobject
criticalint32
highint32
mediumint32
lowint32
unknownint32
dependencies_vulnerability_countint32
dependencies_vulnerability_countsobject
criticalint32
highint32
mediumint32
lowint32
unknownint32
sha256string
package_countint32
vulnerable_dependencies_package_countint32
vulnerable_package_countint32
packagesarray[object]
authorsstring
release_datestring
ecosystemstring
groupstring
archiveboolean
executableboolean
uidstring
licensesobject
allowedarray[object]
idstring
urlstring
categorystring
usage_restrictionobject
permissionsarray[string]
conditionsarray[string]
limitationsarray[string]
blockedarray
package_namestring
package_versionstring
targetstring
latestobject
versionstring
release_datestring
hashesarray
vulnerabilitiesarray
vulnerability_countsobject
criticalint32
highint32
mediumint32
lowint32
unknownint32
dependenciesarray
package_typestring
up_to_dateboolean
dependencies_package_countint32
dependencies_vulnerability_countint32
dependencies_vulnerability_countsobject
criticalint32
highint32
mediumint32
lowint32
unknownint32
vulnerability_countint32
vulnerability_countsobject
criticalint32
highint32
mediumint32
lowint32
unknownint32
has_pe_infoboolean
package_countint32
timestampstring
vulnerable_dependencies_package_countint32
vulnerable_package_countint32
result_template_hashstring
vulnerability_infoobject
resultobject
codeint64
hashstring
methodint64
timestampstring
timingint64
detected_productobject
has_vulnerabilityboolean
is_currentboolean
productobject
idint64
namestring
remediation_linkstring
severitystring
sig_namestring
signatureint64
vendorobject
idint64
namestring
versionstring
version_dataobject
count_behindint64
feed_idint64
versionstring
vulnerabilitiesarray[object]
descriptionstring
detailsobject
cpestring
cvestring
cvssobject
access-complexitystring
access-vectorstring
authenticationstring
availability-impactstring
confidentiality-impactstring
generated-on-epochstring
integrity-impactstring
scorestring
sourcestring
cvss_3_0object
attack_complexitystring
attack_vectorstring
availability_impactstring
base_scorestring
base_severitystring
confidentiality_impactstring
exploitability_scorestring
impact_scorestring
integrity_impactstring
privileges_requiredstring
scopestring
user_interactionstring
vector_stringstring
cwestring
last-modified-epochstring
published-epochstring
referencesarray[string]
severitystring
severity_indexint32
static_idint64
engine_statobject
*array[object]
abandonedboolean
activeboolean
def_timestring
download_progressint32
download_timedate-time
eng_idstring
eng_namestring
eng_typestring
eng_verstring
engine_typestring
pinnedboolean
statestring
typestring
db_verstring
sessionCookiestring
isFailedboolean
Response

Get the core results of files in an archive by their scan result ID

Auth
Path Params
scanResultIdstring
Query String
countinteger
offsetinteger
GET /api/v1/scans/{scanResultId}/archive
Responses
200

OK

objectobject
coreScanResultsarray[object]
extractedFilesobject
dataIdstring
scanResultIint32
detectedByint32
filesInArchivearray[object]
displayNamestring
dataIdstring
fileTypestring
fileTypeDescriptionstring
scanResultIint32
scanAllResultIint32
detectedByint32
scannedWithint32
progressPercentageint32
fileSizeint64
processInfoobject
postProcessingobject
actionsRanstring
actionsFailedstring
convertedTostring
copyMoveDestinationstring
convertedDestinationstring
sanitizationDetailsobject
failureCategorystring
progressPercentageint32
userAgentstring
profilestring
resultstring
blockedReasonstring
fileTypeSkippedScanboolean
processingTimenumber
queueTimenumber
filesExtractedCountint32
scanResultsobject
scanDetailsobject
*object
threatFoundstring
scanResultIint32
defTimestring
scanTimenumber
waitTimenumber
engIdstring
dataIdstring
scanAllResultIint32
startTimestring
totalTimenumber
totalAvsint32
progressPercentageint32
scanAllResultAstring
fileInfoobject
fileSizeint64
uploadTimestampstring
md5string
sha1string
sha256string
fileTypeCategorystring
fileTypeCategoryCloudstring
fileTypeDescriptionstring
fileTypeExtensionstring
fileTypeExtensionCloudstring
displayNamestring
originalFilePathstring
processInfoobject
postProcessingobject
actionsRanstring
actionsFailedstring
convertedTostring
copyMoveDestinationstring
convertedDestinationstring
sanitizationDetailsobject
failureCategorystring
progressPercentageint32
userAgentstring
profilestring
resultstring
blockedReasonstring
fileTypeSkippedScanboolean
processingTimenumber
queueTimenumber
dataIdstring
sourcestring
scannedOnstring
dlpInfoobject
hitsobject
displayNamestring
hitsarray[object]
afterstring
beforestring
hitstring
certaintystring
certaintyScoreint64
severityinteger
verdictint64
sbomInfoobject
finalVerdictobject
blockedboolean
severityinteger
verdictstring
overviewReportobject
stepsarray[object]
commandstring
packagesarray[object]
authorsstring
archstring
ecosystemstring
groupstring
archiveboolean
executableboolean
uidstring
licensesobject
allowedarray[object]
idstring
urlstring
categorystring
usageRestrictionobject
permissionsarray[string]
conditionsarray[string]
limitationsarray[string]
blockedarray
osNamestring
packageTypestring
latestobject
versionstring
hashesarray[object]
sha256string
vulnerabilitiesarray[object]
idstring
sourcestring
severityinteger
fixedVersionsstring
cwesarray[string]
typestring
aliasesarray[string]
epssobject
datestring
percentilenumber
scorenumber
ratingsarray[object]
methodstring
scorenumber
severitystring
sourceobject
namestring
vulnerabilityCountsobject
criticalint32
highint32
mediumint32
lowint32
unknownint32
dependenciesarray[object]
ecosystemstring
groupstring
vulnerabilityCountsobject
criticalint32
highint32
mediumint32
lowint32
unknownint32
upToDateboolean
stepint32
sha256string
severityinteger
packagesarray[object]
authorsstring
ecosystemstring
groupstring
archiveboolean
executableboolean
uidstring
licensesobject
allowedarray[object]
idstring
urlstring
categorystring
usageRestrictionobject
permissionsarray[string]
conditionsarray[string]
limitationsarray[string]
blockedarray
targetstring
packageTypestring
latestobject
versionstring
hashesarray
vulnerabilitiesarray
vulnerabilityCountsobject
criticalint32
highint32
mediumint32
lowint32
unknownint32
dependenciesarray
upToDateboolean
vulnerabilityCountint32
vulnerabilityCountsobject
criticalint32
highint32
mediumint32
lowint32
unknownint32
hasPeInfoboolean
timestampstring
vulnerabilityInfoobject
vulnerabilityInfoResultobject
codeint64
hashstring
methodint64
timeStampstring
timingint64
detectedProductobject
hasVulnerabilityboolean
isCurrentboolean
productobject
idint64
namestring
remediationLinkstring
severitystring
sigNamestring
signatureint64
vendorobject
idint64
namestring
versionstring
versionDataobject
countBehindint64
feedIdint64
versionstring
vulnerabilitiesarray[object]
descriptionstring
detailsobject
cpestring
cvestring
cvssobject
accessComplexitystring
accessVectorstring
authenticationstring
availabilityImpactstring
confidentialityImpactstring
generatedOnEpochstring
integrityImpactstring
scorestring
sourcestring
cvss3object
attackComplexitystring
attackVectorstring
availabilityImpactstring
baseScorestring
baseSeveritystring
confidentialityImpactstring
exploitabilityScorestring
impactScorestring
integrityImpactstring
privilegesRequiredstring
scopestring
userInteractionstring
vectorStringstring
cwestring
lastModifiedEpochstring
publishedEpochstring
referencesarray[string]
severitystring
severityIndexint32
staticIdint64
enginesobject
*array[object]
abandonedboolean
activeboolean
defTimestring
downloadProgressint32
engIdstring
engNamestring
engTypestring
engineVersionstring
engineTypestring
pinnedboolean
statestring
typestring
dbVerstring
sessionCookiestring
isFailedboolean
hasMoreboolean
Response

Get per-CVE new/fixed details for each trend period

Auth
Query String
intervalinteger

Default: 1

periodsinteger

Default: 4

GET /api/v1/scans/vulnerability-trends/details
Responses
200

OK

arrayarray[object]
periodStartdate
periodEnddate
newCvesarray[object]
cveIdstring
severityinteger
repositoryIdstring
repositoryNamestring
packageNamestring
packageVersionstring
fixedCvesarray
500

Internal Server Error

Response

Manage Services Connections

Add a service

Auth
Request Body
objectobject
credentialsstring
namestring
vendorTypeinteger
protocolTypeinteger
POST /api/v1/services
Responses
200

OK

objectobject
idstring
namestring
typeobject
namestring
categoryTypeinteger
protocolTypeinteger
vendorTypeinteger
resultinteger
responseKeystring
responseMessagestring
responseMessageParamsobject
*string
400

Bad Request

Response

Get all services

Auth
Query String
contentboolean
typearray
GET /api/v1/services
Responses
200

OK

objectobject
serviceDtosarray[object]
idstring
credentialsTypeint32
scanWorkflowIdstring
domainstring
realTimeStatusinteger
namestring
vendorTypeinteger
protocolTypeinteger
statusMessagestring
206

Partial Content

400

Bad Request

Response

Update a service by ID

Auth
Path Params
serviceIdstring
Request Body
objectobject
namestring
credentialsstring
hasNewCredentialsboolean
PUT /api/v1/services/{serviceId}
Responses
200

OK

objectobject
idstring
namestring
typeobject
namestring
categoryTypeinteger
protocolTypeinteger
vendorTypeinteger
resultinteger
responseKeystring
responseMessagestring
responseMessageParamsobject
*string
400

Bad Request

Response

Get a service by ID

Auth
Path Params
serviceIdstring
Query String
contentboolean
Searchstring

Default: null

Pageinteger

Default: null

PageSizeinteger

Default: null

FilterValuestring

pattern: ^[0-9]*$

Default: null

Cursorstring

pattern: ^[0-9]*$

Default: null

PrioritizedRepositoriesReferencestring

Default: null

GET /api/v1/services/{serviceId}
Responses
200

OK

objectobject
idstring
credentialsTypeint32
scanWorkflowIdstring
domainstring
realTimeStatusinteger
namestring
vendorTypeinteger
protocolTypeinteger
400

Bad Request

404

Not Found

Response

Delete a service by ID

Auth
Path Params
serviceIdstring
DELETE /api/v1/services/{serviceId}
Responses
200

OK

objectobject
resultinteger
responseKeystring
responseMessagestring
responseMessageParamsobject
*string
404

Not Found

Response

Get service references by service ID

Auth
Path Params
serviceIdstring
GET /api/v1/services/{serviceId}/references
Responses
200

OK

objectobject
serviceIdstring
serviceNamestring
repositoryReferenceInfoArrayarray[object]
repositoryIdstring
defaultReferencestring
referencesarray[string]
404

Not Found

Response

Get service resources by service ID

Auth
Path Params
serviceIdstring
GET /api/v1/services/{serviceId}/resources
Responses
200

OK

objectobject
resourcesarray[string]
404

Not Found

Response

Get service references by service ID and repository ID

Auth
Path Params
serviceIdstring
repositoryIdstring
Query String
Pageinteger

Default: null

PageSizeinteger

Default: null

FilterValuestring

pattern: ^[0-9]*$

Default: null

Cursorstring

pattern: ^[0-9]*$

Default: null

GET /api/v1/services/{serviceId}/{repositoryId}/references
Responses
200

OK

objectobject
referencesarray[string]
totalReferencesuint32
404

Not Found

Response

Add service references

Auth
Request Body
arrayarray[object]
serviceIdstring
repositoryIdsarray[string]
POST /api/v1/services/references
Responses
200

OK

arrayarray[object]
serviceIdstring
serviceNamestring
repositoryReferenceInfoArrayarray[object]
repositoryIdstring
defaultReferencestring
referencesarray[string]
204

No Content

404

Not Found

Response

Update a SMTP configuration

Auth
Request Body
objectobject
hoststring
baseUrlstring
portint32
senderAddressstring
senderNamestring
domainstring
usernamestring
passwordstring
secureSocketOptioninteger
ignoreCertWarningsboolean
isEnabledboolean
POST /api/v1/smtp
Responses
200

OK

objectobject
responseKeystring
responseMessagestring
400

Bad Request

Response

Get a SMTP configuration

Auth
GET /api/v1/smtp
Responses
200

OK

objectobject
smtpobject
idstring
hoststring
portint32
senderAddressstring
senderNamestring
domainstring
baseUrlstring
userNamestring
passwordstring
secureSocketOptioninteger
ignoreCertWarningsboolean
isEnabledboolean
tenantIdstring
createdAtdate-time
lastUpdateddate-time
responseKeystring
responseMessagestring
400

Bad Request

Response

Add a Jira configuration

Auth
Request Body
objectobject
namestring
apiKeystring
baseAddressstring
productAddressstring
usernamestring
POST /api/v1/jira
Responses
200

OK

objectobject
responseKeystring
responseMessagestring
400

Bad Request

Response

Get all Jira configurations

Auth
GET /api/v1/jira
Responses
200

OK

objectobject
jiraEntriesarray[object]
idstring
namestring
apiKeystring
baseAddressstring
productAddressstring
usernamestring
tenantIdstring
createdAtdate-time
lastUpdateddate-time
responseKeystring
responseMessagestring
400

Bad Request

Response

Get a Jira configuration by ID

Auth
Path Params
idstring
GET /api/v1/jira/{id}
Responses
200

OK

objectobject
jiraobject
idstring
namestring
apiKeystring
baseAddressstring
productAddressstring
usernamestring
tenantIdstring
createdAtdate-time
lastUpdateddate-time
responseKeystring
responseMessagestring
404

Not Found

Response

Update a Jira configuration by ID

Auth
Path Params
idstring
Request Body
objectobject
namestring
apiKeystring
baseAddressstring
productAddressstring
usernamestring
PUT /api/v1/jira/{id}
Responses
200

OK

objectobject
responseKeystring
responseMessagestring
404

Not Found

Response

Delete a Jira configuration by ID

Auth
Path Params
idstring
DELETE /api/v1/jira/{id}
Responses
200

OK

objectobject
jiraIdstring
responseKeystring
responseMessagestring
404

Not Found

Response

Get Jira projects

Auth
Path Params
idstring
GET /api/v1/jira/{id}/projects
Responses
200

OK

objectobject
projectsarray[object]
idstring
namestring
responseKeystring
responseMessagestring
404

Not Found

Response

Add a Teams configuration

Auth
Request Body
objectobject
namestring
apiKeystring
webhookUrlstring
productAddressstring
POST /api/v1/teams
Responses
201

Created

objectobject
responseKeystring
responseMessagestring
400

Bad Request

Response

Get all Teams configurations

Auth
GET /api/v1/teams
Responses
200

OK

objectobject
teamsConnectionsarray[object]
namestring
apiKeystring
webhookUrlstring
productAddressstring
createdAtdate-time
lastUpdateddate-time
idstring
tenantIdstring
responseKeystring
responseMessagestring
400

Bad Request

Response

Get a Teams configuration by ID

Auth
Path Params
idstring
GET /api/v1/teams/{id}
Responses
200

OK

objectobject
teamsobject
namestring
apiKeystring
webhookUrlstring
productAddressstring
createdAtdate-time
lastUpdateddate-time
idstring
tenantIdstring
responseKeystring
responseMessagestring
404

Not Found

Response

Update a Teams configuration by ID

Auth
Path Params
idstring
Request Body
objectobject
namestring
apiKeystring
webhookUrlstring
productAddressstring
PUT /api/v1/teams/{id}
Responses
200

OK

objectobject
responseKeystring
responseMessagestring
404

Not Found

Response

Delete a Teams configuration by ID

Auth
Path Params
idstring
DELETE /api/v1/teams/{id}
Responses
200

OK

objectobject
teamsIdstring
responseKeystring
responseMessagestring
404

Not Found

Response

Add a new user

Auth
Request Body
objectobject
roleinteger
fullNamestring
userNamestring
passwordstring
emailstring
POST /api/v1/users
Responses
200

OK

objectobject
createUserParametersobject
roleinteger
fullNamestring
userNamestring
passwordstring
emailstring
currentUserIdstring
400

Bad Request

Response

Get users

Auth
Query String
Typestring

pattern: ^[0-9]*$

Default: null

StartIndexinteger

Default: null

Countinteger

Default: null

SearchTermstring

pattern: ^[0-9]*$

Default: null

GET /api/v1/users
Responses
200

OK

objectobject
enumerateUsersDtoobject
entriesarray[object]
userIdstring
usernamestring
fullNamestring
emailstring
roleinteger
showTutorialboolean
totalCountint64
responseKeystring
responseMessagestring
400

Bad Request

Response

Update a user

Auth
Request Body
objectobject
userIdstring
roleinteger
userNamestring
fullNamestring
emailstring
currentPasswordstring
newPasswordstring
showTutorialboolean
PUT /api/v1/users
Responses
200

OK

objectobject
responseKeystring
responseMessagestring
400

Bad Request

Response

Get current user

Auth
GET /api/v1/user
Responses
200

OK

objectobject
userDtoobject
userIdstring
usernamestring
fullNamestring
emailstring
roleinteger
showTutorialboolean
responseKeystring
responseMessagestring
400

Bad Request

Response

Delete a user

Auth
Path Params
userIdstring
DELETE /api/v1/users/{userId}
Responses
200

OK

objectobject
responseKeystring
responseMessagestring
400

Bad Request

Response

Login user

Auth
Request Body
objectobject
usernamestring
passwordstring
POST /api/v1/user/login
Responses
200

OK

objectobject
jwtTokenobject
tokenstring
responseKeystring
responseMessagestring
400

Bad Request

Response

Remove all tokens for an user

Auth
Path Params
userIdstring
DELETE /api/v1/user/login/{userId}
Responses
200

OK

objectobject
responseKeystring
responseMessagestring
400

Bad Request

Response

Get a new Access Token

Auth
Request Body
objectobject
accessTokenstring
PUT /api/v1/user/token
Responses
200

OK

objectobject
jwtTokenobject
tokenstring
responseKeystring
responseMessagestring
400

Bad Request

Response

Request a password reset

Auth
Request Body
objectobject
emailInputstring
POST /api/v1/user/password/request-reset
Responses
200

OK

objectobject
responseKeystring
responseMessagestring
Response

Reset a user password

Auth
Request Body
objectobject
newPasswordstring

minLength: 12

newPasswordConfirmationstring

minLength: 12

secureTokenstring
userIdstring
POST /api/v1/user/password/new-password
Responses
200

OK

objectobject
userobject
userIdstring
usernamestring
fullNamestring
emailstring
roleinteger
showTutorialboolean
responseKeystring
responseMessagestring
Response

Manage Versions

Get application version

Auth
Query String
api-versionstring

pattern: ^[0-9]*$

Default: null

GET /api/version
Responses
200

OK

objectobject
versionstring
lastSupportedConfigVersionstring
responseKeystring
responseMessagestring
Response

Get application version

Auth
GET /api/v1/version
Responses
200

OK

objectobject
versionstring
lastSupportedConfigVersionstring
responseKeystring
responseMessagestring
Response

Handles a scan event triggered by a webhook. Requires a custom header and a body.

Auth
Path Params
routeParameterstring
Request Body
No request body
POST /api/v1/webhook/hmac/{routeParameter}
Responses
200

OK

No response body
400

Bad Request

500

Internal Server Error

Response

Handles a scan event triggered by a webhook. Requires a custom body.

Auth
Path Params
routeParameterstring
Request Body
No request body
POST /api/v1/webhook/{routeParameter}
Responses
200

OK

No response body
400

Bad Request

500

Internal Server Error

Response

Create a workflow

Auth
Request Body
objectobject
namestring
descriptionstring
scanConfigurationIdstring
typeinteger
recurrencePatternobject
typeinteger
hourlyRecurrenceobject
everyNumberOfHoursint32
dailyRecurrenceobject
everyNumberOfDaysint32
weeklyRecurrenceobject
daysOfWeekarray[integer]
everyNumberOfWeeksint32
monthlyRecurrenceobject
everyNumberOfMonthsint32
dayOfMonthint32
scanSourcesarray[object]
serviceIdstring
serviceNamestring
repositoriesarray[object]
repositoryIdstring
repositoryNamestring
typestring
connectionstring
packageTypestring
organizationstring
registrystring
referencesToScanarray[string]
remediationsarray[object]
isEnabledboolean
typestring
useDefaultReferencesboolean
POST /api/v1/workflows
Responses
200

OK

objectobject
resultinteger
responseKeystring
responseMessagestring
responseMessageParamsobject
*string
400

Bad Request

Response

List all workflows

Auth
Query String
includeDeletedboolean

Default: false

GET /api/v1/workflows
Responses
200

OK

arrayarray[object]
idstring
namestring
descriptionstring
userIdstring
scanConfigurationIdstring
deletedboolean
typeinteger
recurrencePatternobject
typeinteger
hourlyRecurrenceobject
everyNumberOfHoursint32
dailyRecurrenceobject
everyNumberOfDaysint32
weeklyRecurrenceobject
daysOfWeekarray[integer]
everyNumberOfWeeksint32
monthlyRecurrenceobject
everyNumberOfMonthsint32
dayOfMonthint32
scanSourcesarray[object]
serviceIdstring
serviceNamestring
repositoriesarray[object]
repositoryIdstring
repositoryNamestring
typestring
connectionstring
packageTypestring
organizationstring
registrystring
referencesToScanarray[string]
remediationsarray[object]
isEnabledboolean
typestring
Response

Update a workflow

Auth
Path Params
idstring
Request Body
objectobject
namestring
descriptionstring
scanConfigurationIdstring
recurrencePatternobject
typeinteger
hourlyRecurrenceobject
everyNumberOfHoursint32
dailyRecurrenceobject
everyNumberOfDaysint32
weeklyRecurrenceobject
daysOfWeekarray[integer]
everyNumberOfWeeksint32
monthlyRecurrenceobject
everyNumberOfMonthsint32
dayOfMonthint32
scanSourcesarray[object]
serviceIdstring
serviceNamestring
repositoriesarray[object]
repositoryIdstring
repositoryNamestring
typestring
connectionstring
packageTypestring
organizationstring
registrystring
referencesToScanarray[string]
remediationsarray[object]
isEnabledboolean
typestring
useDefaultReferencesboolean
PUT /api/v1/workflows/{id}
Responses
200

OK

objectobject
resultinteger
responseKeystring
responseMessagestring
responseMessageParamsobject
*string
400

Bad Request

Response

Get a workflow by ID

Auth
Path Params
idstring
GET /api/v1/workflows/{id}
Responses
200

OK

objectobject
idstring
namestring
descriptionstring
userIdstring
scanConfigurationIdstring
deletedboolean
typeinteger
recurrencePatternobject
typeinteger
hourlyRecurrenceobject
everyNumberOfHoursint32
dailyRecurrenceobject
everyNumberOfDaysint32
weeklyRecurrenceobject
daysOfWeekarray[integer]
everyNumberOfWeeksint32
monthlyRecurrenceobject
everyNumberOfMonthsint32
dayOfMonthint32
scanSourcesarray[object]
serviceIdstring
serviceNamestring
repositoriesarray[object]
repositoryIdstring
repositoryNamestring
typestring
connectionstring
packageTypestring
organizationstring
registrystring
referencesToScanarray[string]
remediationsarray[object]
isEnabledboolean
typestring
Response

Delete a workflow by ID

Auth
Path Params
idstring
DELETE /api/v1/workflows/{id}
Responses
200

OK

objectobject
resultinteger
responseKeystring
responseMessagestring
responseMessageParamsobject
*string
400

Bad Request

Response

Update a workflow scan source

Auth
Path Params
idstring
Request Body
objectobject
serviceIdstring
serviceNamestring
repositoriesarray[object]
repositoryIdstring
repositoryNamestring
typestring
connectionstring
packageTypestring
organizationstring
registrystring
referencesToScanarray[string]
PUT /api/v1/workflows/{id}/scan-source
Responses
200

OK

objectobject
resultinteger
responseKeystring
responseMessagestring
responseMessageParamsobject
*string
400

Bad Request

Response

List all workflows by repository ID

Auth
Path Params
repositoryIdstring
GET /api/v1/workflows/repositories/{repositoryId}
Responses
200

OK

arrayarray[object]
idstring
namestring
descriptionstring
userIdstring
scanConfigurationIdstring
deletedboolean
typeinteger
recurrencePatternobject
typeinteger
hourlyRecurrenceobject
everyNumberOfHoursint32
dailyRecurrenceobject
everyNumberOfDaysint32
weeklyRecurrenceobject
daysOfWeekarray[integer]
everyNumberOfWeeksint32
monthlyRecurrenceobject
everyNumberOfMonthsint32
dayOfMonthint32
scanSourcesarray[object]
serviceIdstring
serviceNamestring
repositoriesarray[object]
repositoryIdstring
repositoryNamestring
typestring
connectionstring
packageTypestring
organizationstring
registrystring
referencesToScanarray[string]
remediationsarray[object]
isEnabledboolean
typestring
Response