Cves module


Route: /api/v1/cves/<cve_id> Methods: "GET"

Search CVE info by CVE id

Parameters:

  • cve_id (str) – ID of the cve to search for

  • request_data (JSON object) –

    Data sent with request with keys:

    "email"

    Email of user sending the request

    "fields"

    Fields to return in search results. Valid fields:

    (“affected_configurations”, “assigner”, “description”, “identifier”, “impact”, “modified”, “problem_types”, “published”, “references”, “nvd_status”, “cisa”)

Returns:

search_results – Results of search with keys:

(“affected_configurations”, “assigner”, “description”, “identifier”, “impact”, “modified”, “problem_types”, “published”, “references”, “nvd_status”, “cisa”)

Return type:

JSON object


Route: /api/v1/cves Methods: "GET"

Search for CVEs with a product name and version

Parameters:

request_data (JSON object ['str', 'str']) –

Data sent with request with keys:

"email"

Email of user sending the request

"product"

CPE Product (package name) to get CVEs for

"version"

Version of package to get CVEs for

"ids_only"

If True, an array of CVE ids will be returned

Returns:

cves – An array of CVE ids is returned if “ids_only” is true. Otherwise, a dictionary with CVE information will be returned

Return type:

array(object)

Folders module


Route: /api/v1/folders Methods: "POST"

Create a new folder in the specified group or subgroup

Parameters:

request_data (JSON object ['str', 'str', 'str']) –

Data sent with request with keys:

"email"

Email of user sending the request

"group_token"

Token of the group or subgroup to create the folder in

"folder_name"

Name of the folder to be created

"description", optional

Description of the folder

"folder_token", optional

Token of the parent folder to create the new folder in (if any)

Returns:

folder_data – Folder information object with keys: “folder_token”, “folder_name”, “description”, “creation_date”, “group_token”

Return type:

object


Route: /api/v1/folders Methods: "GET"

Get an array of folder information that can be filtered by group token

If no group token is given, all folders that the user has access to will be returned.

Parameters:

request_data (JSON object ['str', 'str']) –

Data sent with request with keys:

"email"

Email of user sending the request

"group_token", optional

Token of the group to get folders from

"folder_token", optional

Token of the folder to get folders from

Returns:

folder_tokens – Array of folder information objects with keys: “folder_token”, “folder_name”, “folder_description”, “creation_date”, “group_token”

Return type:

array(object)

Groups module


Route: /api/v1/groups/<token>/members Methods: "POST"

Add a user to the group/subgroup

Parameters:

  • token (str) – Token of the group to which the user is to be added

  • request_data (JSON object ['str', 'str']) –

    Data sent with request with keys:

    "email"

    Email of user sending the request

    "member_email"

    Email address of the member to be added

    "role"

    Role to assign to the new member

    "allow_access_to_subgroups"

    If True, user will be allowed access to all the subgroups of the specified group

Returns:

results – Returns JSON object containing:

"message"str

Success Message on updating user’s role in the group

Return type:

JSON object


Route: /api/v1/groups Methods: "POST"

API to create new group

Parameters:

request_data (JSON object ['str', 'str']) –

Data sent with request with keys:

"email"

Email of user sending the request

"group_name"str

Name of new group

"description": str, optional

Group description

"group_token": str, optional

If provided, the newly created group will be a subgroup of this group

Returns:

results – Returns JSON object containing:

"group_name"str

Name of the new group

"description"str

Group description

"token"str

Group token

Return type:

JSON object


Route: /api/v1/groups/<token> Methods: "DELETE"

Remove group/subgroup information about a group

Parameters:

  • token (str) – Group token

  • request_data (JSON object ['str', 'str']) –

    Data sent with request with keys:

    "email"

    Email of user sending the request

Returns:

results – Returns JSON object containing:

"message"str

Success Message on group deletion

Return type:

JSON object


Route: /api/v1/groups/<token> Methods: "GET"

Gets information about a group

Parameters:

  • token (str) – Group token

  • request_data (JSON object ['str', 'str']) –

    Data sent with request with keys:

    "email"

    Email of user sending the request

    "subgroups"str

    True to show subgroups

Returns:

results – Returns JSON object containing:

"group_name"str

Group name

"description"str

Group description

"token"str

Group token

"group_type"str

Group type (Group or Subgroup)

"organization_token"str

Parent organization token

"hierarchy"str

A string describing the location of the group in relation to its parent groups

"subgroups"array(object)

An array of objects containing information about subgroups

Return type:

JSON object


Route: /api/v1/groups/<token>/members Methods: "GET"

Gets info on the members of the group

Parameters:

  • token (str) – Group token

  • request_data (JSON object ['str', 'str']) –

    Data sent with request with keys:

    "email"

    Email of user sending the request

Returns:

results – Returns JSON object containing:

"group_name": str

Name of the Group

"description": str

Description of the group

"token": str

Group Token

"group_type": str

Type of the group

"group_members": array(object)

An array of objects containing group members info

Return type:

JSON object


Route: /api/v1/groups Methods: "GET"

Lists all user groups

Parameters:

request_data (JSON object ['str', 'str']) –

Data sent with request with keys:

"email"

Email of user sending the request

Returns:

results – Returns Array of JSON objects containing:

"group_name"str

Group name

"description"str

Group description

"token"str

Group token

"group_type"str

Group type (Group or Subgroup)

"organization_token"str

Parent organization token

Return type:

JSON object


Route: /api/v1/groups/<token>/members/<member_email> Methods: "DELETE"

Removes a user from the group

Parameters:

  • token (str) – Token of the group from which the user is to be removed

  • member_email (str) – Email address of the user to be removed from the group

Returns:

results – Returns JSON object containing:

"message"str

Success Message on updating user’s role in the group

Return type:

JSON object


Route: /api/v1/groups/<token>/members/<member_email> Methods: "PUT"

Updates the user’s role in the group

Parameters:

  • token (str) – Group token

  • member_email (str) – Email of the group member to be updated

  • request_data (JSON object ['str', 'str']) –

    Data sent with request with keys:

    "email"

    Email of user sending the request

    "new_role": str

    New role to be assigend to the group user

Returns:

results – Returns JSON object containing:

"message"str

Success Message on updating user’s role in the group

Return type:

JSON object

Manifests module


Route: /api/v1/manifests/<token> Methods: "DELETE"

Delete a manifest with a given token

Parameters:

  • token (str) – The token of the manifest to delete

  • request_data (JSON object ['str', 'str']) –

    Data sent with request with keys:

    "email"

    Email of user sending the request

    "confirmed"

    ”true” to delete manifest along with jira issues

Returns:

response – Results with keys:

"success"

True if successful, False otherwise

"message"

Message describing response

Return type:

JSON object


Route: /api/v1/manifests/<token>/reports/latest Methods: "GET"

Get the latest CVE report results from a given manifest token

Parameters:

  • token (str) – The token of the manifest to get the latest scan results from

  • request_data (JSON object ['str', 'str']) –

    Data sent with request with keys:

    "email"

    Email of user sending the request

    "with_field"

    Optionally extend CVE data included in returned report with one of the following fields (parameter can be repeated):

    ”assigner”, “description”, “impact”, “modified”, “problem_types”, “published”, “references”, “nvd_status”, “cisa”

Returns:

scan_results – Results of scan with keys:

"manifest_token"

Token of the manifest

"group_token"

Token of the group that the manifest belongs to

"folder_token"

Token of the folder that the manifest is in

"cves"

Array of objects containing information about CVEs found in the scan

"counts"

Object containing counts with keys: fixed, kernel, toolchain, unapplied, unfixed, upgradable, whitelisted

"date"

Date of the scan

"report_path"

URL where the report can be viewed

Return type:

JSON object


Route: /api/v1/manifests/<token> Methods: "GET"

Get information about a manifest with a given token

Parameters:

request_data (JSON object ['str', 'str']) –

Data sent with request with keys:

"email"

Email of the user sending the request

"send_file"

If true, a manifest file will be sent

Returns:

  • manifest_info (array(object) or file)

  • Array of manifest information objects with keys – “manifest_token”, “manifest_name”, “folder_token”, “group_token”, “upload_date”, “manifest_data”


Route: /api/v1/manifests Methods: "GET"

Get an array of manifests information from a group or folder.

Only either a group token or folder token should be given. If neither are given, all manifests that the user has access to will be returned.

Parameters:

request_data (JSON object ['str', 'str']) –

Data sent with request with keys:

"email"

Email of user sending the request

"group_token", optional

Token of the group to get manifests from

"folder_token", optional

Token of the folder to get manifests from

Returns:

manifests – Array of group information objects with keys: “manifest_name”, “manifest_token”, “group_token”, “folder_token”, “upload_date”

Return type:

array(object)


Route: /api/v1/manifests/<token>/reports Methods: "GET"

Get an array of CVE Reports available for a given manifest

Parameters:

  • token (str) – The token of the manifest to list reports for

  • request_data (JSON object ['str', 'str']) –

    Query parameters sent with the request:

    "email"

    Email of user sending the request

Returns:

result – Object containing the manifest info and array of available reports

"manifest_name"

The name of the manifest for which these reports were requested

"manifest_token"

Token of the manifest for which these reports were requested

"group_token"

Token for the group that this manifest belongs to

"folder_token"

Token for the folder that this manifest belongs to, if any

"upload_date"

Date of upload for the manifest these reports are for

"reports"array(object)

Array of report information objects, sorted by “created_date”, with keys:

"created_date"

Date this scan was performed

"report_token"

Token for this report

"manifest_token"

Token of the specific version of the manifest for which this report was genereated”

"manifest_version"

Version of the manifest for which this report was generated

Return type:

JSON object


Route: /api/v1/manifests/<token>/reports Methods: "POST"

Rescan a manifest with a given token

Parameters:

  • token (str) – The token of the manifest to get the latest scan results from

  • request_data (JSON object ['str', 'str']) –

    Data sent with request with keys:

    "email"

    Email of user sending the request

    "filtered"

    True to apply all configured filters to scan results.

    False to apply only kernel and uboot config filters.

    Default: False

    "rescan_only"

    Anything other than “false” or “f” to only rescan the manifest

    "with_field"

    Optionally extend CVE data included in returned report with one of the following fields (parameter can be repeated):

    ”assigner”, “description”, “impact”, “moified”, “problem_types”, “published”, “references”, “nvd_status”, “cisa”

Returns:

scan_results – Results of scan with keys:

"cves"

Array of objects containing information about CVEs found in the scan

"counts"

Object containing counts with keys: fixed, kernel, toolchain, unapplied, unfixed, upgradable, whitelisted

"date"

Date of the scan

"group_name"

Name of the group that the manifest belongs to

"group_path"

URL where the group can be viewed

"report_path"

URL where the report can be viewed

Return type:

JSON object


Route: /api/v1/manifests/<sbom_token>/custom_scores Methods: "POST"

API to set custom cve scores

Parameters:

  • sbom_token (str) – SBOM Token

  • user (User) – User instance

  • request_data (JSON object) –

    Data sent with request with keys: "email"

    Email of user sending the request

    "cve_id"

    CVE ID

    "package_name"

    Package name

    "package_version"

    Package version (Optional)

    "custom_score"

    Custom Score to be set

Returns:

message_info – Results of comparison with keys: "message"

Message informing the success or failure of the request

Return type:

JSON object


Route: /api/v1/manifests Methods: "POST"

Upload manifest and return scan results

Parameters:

request_data (JSON object ['str', 'str']) –

post data with keys:

"manifest"

Manifest data to scan

"email"

Email of user sending the request

"kernel_config"

Kernel config data

"uboot_config"

Uboot config data

"manifest_name"

Name to give the new manifest

"group_token"

Token of the group the manifest should belong to

"folder_token"

Token of the folder where the manifest should be stored

"subfolder_name"

Name of subfolder for dynamic folder creation

"filter_results"

True to apply all configured filters to scan results, False to apply only kernel and uboot config filters. Default: False

"with_field"

Optionally extend CVE data included in returned report with one of the following fields (parameter can be repeated):

”assigner”, “description”, “impact”, “modified”, “problem_types”, “published”, “references”

"ecosystems"

Comma separated string of ecosystems that should be used for generating reports

Returns:

scan_results – Results of scan with keys:

"manifest_token"

Token of the manifest

"group_token"

Token of the group that the manifest belongs to

"folder_token"

Token of the folder that the manifest is in

"cves"

Array of dictionaries containing information about CVEs found in the scan

"counts"

Dictionary containing counts with keys: fixed, kernel, toolchain, unapplied, unfixed, upgradable, whitelisted

"date"

Date of the scan

"report_path"

URL where the report can be viewed

Return type:

JSON object

Reports module


Route: /api/v1/reports/compare Methods: "GET"

Compare two CVE reports with given tokens

Parameters:

request_data (JSON object ['str', 'str']) –

Data sent with request with keys:

"email"

Email of the user sending the request

"token_one"

Token for the first CVE report to compare

"token_two"

Token for the second CVE report to compare

"filtered"

True to apply all configured filters to both reports,

False to apply only kernel and uboot config filters.

Default: False

Returns:

compare_results – Results of comparison with keys:

"resolved"

List of CVEs resolved between the reports

"new"

List new CVEs between the reports

Return type:

JSON object


Route: /api/v1/reports/<token> Methods: "GET"

Get a CVE report with the given token

Parameters:

  • token (str) – The token of the CVE report to get

  • request_data (JSON object ['str', 'str']) –

    Query parameters sent with the request:

    "email"

    Email of user sending the request

    "format"

    What file format to return from the following:

    ”pdf”, “pdfsummary”, “xlsx”, “csv”, “cyclonedx-vex”, “cyclonedx-sbom-vex”

    "filtered"

    True to apply all configured filters to scan results,

    False to apply only kernel and uboot config filters.

    Default: False

Returns:

scan_results – CVE Report data as the requested file type

Return type:

file

Stats module


Route: /api/v1/heartbeat Methods: "GET", "POST"

This function makes a simple GET request to the LinuxLink server to ensure that the server is available, and that HMAC authentication is working properly.

Returns:

"ok"

True if successful, False otherwise.

Return type:

JSON object ['str', 'bool']