Vigiles API Manual
Cves module¶
-
Route:/v1/vigiles/cves/<cve_id>
Methods:
"GET"
¶ Prime Search CVE info by CVE id
Parameters: - cve_id (
str
) – ID of the cve to search for - request_data (JSON object) –
Data sent with request with keys:
"email"
- Email of user sending the request
"fields"
- Fields to return in search results. Valid fields: “affected_configurations”, “assigner”, “description”, “identifier”, “impact”, “modified”, “problem_types”, “published”, “references”, “nvd_status”, “cisa”
Returns: search_results – Results of search with keys: “affected_configurations”, “assigner”, “description”, “identifier”, “impact”, “modified”, “problem_types”, “published”, “references”, “nvd_status”, “cisa”
Return type: JSON object
- cve_id (
-
Route:/v1/vigiles/cves
Methods:
"GET"
¶ Prime Search for CVEs with a product name and version
Parameters: request_data ( JSON object ['str', 'str']
) –Data sent with request with keys:
"email"
- Email of user sending the request
"product"
- CPE Product (package name) to get CVEs for
"version"
- Version of package to get CVEs for
"ids_only"
- If True, an array of CVE ids will be returned
Returns: cves – An array of CVE ids is returned if “ids_only” is true. Otherwise, a dictionary with CVE information will be returned Return type: array(object)
Folders module¶
-
Route:/v1/vigiles/folders
Methods:
"GET"
¶ Prime SBOM Manager Get an array of folder information that can be filtered by product token
If no product token is given, all folders that the user owns will be returned.
Parameters: request_data (JSON object) – Data sent with request with keys:
"email"
- Email of user sending the request
"product_token"
, optional- Token of the product to get folders from
Returns: folder_tokens – Array of folder information objects with keys: “folder_token”, “folder_name”, “folder_description”, “creation_date”, “product_token” Return type: array(object)
Manifests module¶
-
Route:/v1/vigiles/manifests/<token>
Methods:
"DELETE"
¶ Prime SBOM Manager Delete a manifest with a given token
Parameters: - token (
str
) – The token of the manifest to delete - request_data (
"JSON object"
) –Data sent with request with keys:
"email"
- Email of user sending the request
Returns: response – Results with keys:
"success"
True if successful, False otherwise
"message"
Message describing response
Return type: JSON object
- token (
-
Route:/v1/vigiles/manifests/<token>/reports/latest
Methods:
"GET"
¶ Prime Get the latest CVE report results from a given manifest token
Parameters: - token (
str
) – The token of the manifest to get the latest scan results from - request_data (
"JSON object"
) –Data sent with request with keys:
"email"
- Email of user sending the request
"filtered"
- True to apply all configured filters to scan results, False to apply only kernel and uboot config filters. Default: False
"with_field"
- Optionally extend CVE data included in report with one of the
following fields (parameter can be repeated):”assigner”, “description”, “impact”, “modified”, “problem_types”, “published”, “references”, “nvd_status”, “cisa”
Returns: scan_results – Results of scan with keys:
"manifest_token"
Token of the manifest
"product_token"
Token of the product that the manifest belongs to
"folder_token"
Token of the folder that the manifest is in
"cves"
Array of objects containing information about CVEs found in the scan
"counts"
Object containing counts with keys: fixed, kernel, toolchain, unapplied, unfixed, upgradable, whitelisted
"date"
Date of the scan
"report_path"
URL where the report can be viewed
Return type: JSON object
- token (
-
Route:/v1/vigiles/manifests/<token>
Methods:
"GET"
¶ Prime SBOM Manager Get information about a manifest with a given token
Parameters: request_data (JSON object) – Data sent with request with keys:
"email"
- Email of the user sending the request
"send_file"
- If true, a manifest file will be sent
"sbom_format"
- convert manifest to this format before returning.
acceptable formats are:”spdx”, “spdx-lite”, “cyclonedx”
"file_format"
- file type to use in spdx/cyclonedx conversion. acceptable values are dependent on sbom_format.
"sbom_version"
- version to use in spdx/cyclonedx conversion. acceptable values are dependent on sbom_format.
Returns: - manifest_info (
array(object)
orfile
) - Array of manifest information objects with keys – “manifest_token”, “manifest_name”, “folder_token”, “product_token”, “upload_date”, “manifest_data”
-
Route:/v1/vigiles/manifests
Methods:
"GET"
¶ Prime SBOM Manager Get an array of manifests information from a product or folder.
Only either a product token or folder token should be given. If neither are given, all manifests that the user owns will be returned including manifests in shared products
Parameters: request_data ( JSON object ['str', 'str']
) –Data sent with request with keys:
"email"
- Email of user sending the request
"product_token"
, optional- Token of the product to get manifests from
"folder_token"
, optional- Token of the folder to get manifests from
Returns: manifests – Array of product information objects with keys: “manifest_name”, “manifest_token”, “product_token”, “folder_token”, “upload_date” Return type: array(object)
-
Route:/v1/vigiles/manifests/<token>/reports
Methods:
"GET"
¶ Prime Get an array of CVE Reports available for a given manifest
Parameters: - token (
str
) – The token of the manifest to list reports for - request_data –
Query parameters sent with the request:
"email"
- Email of user sending the request
Returns: result – Object containing the manifest info and array of available reports
"manifest_name"
The name of the manifest for which these reports were requested
"manifest_token"
Token of the manifest for which these reports were requested
"product_token"
Token for the Product this manifest belongs to
"folder_token"
Token for the Folder this manifest belongs to, if any
"upload_date"
Date of upload for the manifest these reports are for
"reports"
:array(object)
Array of report information objects, sorted by “created_date”, with keys:
"created_date"
Date this scan was performed
"report_token"
Token for this report
"manifest_token"
Token of the specific version of the manifest for which this report was genereated”
"manifest_version"
Version of the manifest for which this report was generated
Return type: object
- token (
-
Route:/v1/vigiles/manifests/<token>/reports
Methods:
"POST"
¶ Prime Rescan a manifest with a given token
Parameters: - token (
str
) – The token of the manifest to get the latest scan results from - request_data (
JSON object ['str', 'str']
) –Data sent with request with keys:
"email"
- Email of user sending the request
"filtered"
- True to apply all configured filters to scan results, False to apply only kernel and uboot config filters. Default: False
"rescan_only"
- Anything other than “false” or “f” to only rescan the manifest
"with_field"
- Optionally extend CVE data included in returned report with one of the
following fields (parameter can be repeated):”assigner”, “description”, “impact”, “modified”, “problem_types”, “published”, “references”, “nvd_status”, “cisa”
Returns: scan_results – Results of scan with keys:
"cves"
Array of objects containing information about CVEs found in the scan
"counts"
Object containing counts with keys: fixed, kernel, toolchain, unapplied, unfixed, upgradable, whitelisted
"date"
Date of the scan
"product_name"
Name of the product that the manifest belongs to
"product_path"
URL where the product can be viewed
"report_path"
URL where the report can be viewed
Return type: JSON object
- token (
-
Routes:/v1/vigiles/manifests
Methods:
"POST"
¶ Upload manifest and return scan results
Parameters: request_data (JSON object) – post data with keys:
"manifest"
- Manifest data to scan
"email"
- Email of user sending the request
"kernel_config"
- Kernel config data
"uboot_config"
- Uboot config data
"manifest_name"
- Name to give the new manifest
"product_token"
- Token of the product the manifest should belong to
"folder_token"
- Token of the folder where the manifest should be stored
"subfolder_name"
- Name of subfolder to upload manifest to
"filter_results"
- True to apply all configured filters to scan results, False to apply only kernel and uboot config filters. Default: False
"with_field"
- Optionally extend CVE data included in report with one of the
following fields (parameter can be repeated):”assigner”, “description”, “impact”, “modified”, “problem_types”, “published”, “references”, “nvd_status”, “cisa”
"include_sbom"
- Type of exported manifest that should be included in response Default: spdx
Returns: scan_results – Results of scan with keys: "manifest_token"
- Token of the manifest
"product_token"
- Token of the product that the manifest belongs to
"folder_token"
- Token of the folder that the manifest is in
"cves"
- Array of dictionaries containing information about CVEs found in the scan
"counts"
- Dictionary containing counts with keys: fixed, kernel, toolchain, unapplied, unfixed, upgradable, whitelisted
"date"
- Date of the scan
"report_path"
- URL where the report can be viewed
"exported_manifest"
- Exported manifest data
Return type: JSON object
/v1/vigiles/manifests/demo
Methods:
"POST"
¶-
Route:/v1/vigiles/manifests/demo
Methods:
"POST"
¶ Upload manifest in demo mode and return scan results
Parameters: request_data (JSON object) – post data with keys:
"manifest"
- Manifest data to scan
"kernel_config"
- Kernel config data
"uboot_config"
- Uboot config data
Returns: Results of scan with keys: "cves"
- dict containing counts of unfixed, fixed and un-applied CVEs found in the scan
"date"
- Date of the scan
"report_path"
- URL where the report can be viewed
"demo"
- Is manifest uploaded in demo mode
"subscribed"
- Is user subscribed
Return type: JSON object
Products module¶
-
Route:/v1/vigiles/products
Methods:
"POST"
¶ Prime SBOM Manager Create a new product for a user
Parameters: - product_token (
str
) – the token of a product - request_data (JSON object) –
Data sent with request with keys:
"email"
- Email of the user sending the request
"name"
- Name for the new product
"desc"
, optional- Description for the new product
Returns: product_info – Results of comparison with keys:
"name"
Name of product
"description"
Description of product
"token"
Token for the product
Return type: JSON object
- product_token (
-
Route:/v1/vigiles/products/<product_token>
Methods:
"GET"
¶ Prime SBOM Manager Get information about a product from a given token
Parameters: - product_token (
str
) – Token of the product - request_data (JSON object) –
Data sent with request with keys:
"email"
- Email of user sending the request
Returns: product_info – Results of comparison with keys:
"name"
Name of product
"description"
Description of product
"token"
Token for the product
"is_default"
True if product is default product for user, otherwise False
"created"
Date that the product was created
Return type: JSON object
- product_token (
-
Route:/v1/vigiles/products
Methods:
"GET"
¶ Prime SBOM Manager Get information about all products for a user
Parameters: request_data (JSON object) – Data sent with request with keys:
"email"
- Email of the user sending the request
Returns: product_info – Array of product information objects with keys: “name”, “description”, “token” Return type: list(object)
Reports module¶
-
Route:/v1/vigiles/reports/compare
Methods:
"GET"
¶ Prime Compare two CVE reports with given tokens
Parameters: request_data (JSON object) – Data sent with request with keys:
"token_one"
- Token for the first CVE report to compare
"token_two"
- Token for the second CVE report to compare
"filtered"
- True to apply all configured filters to both reports, False to apply only kernel and uboot config filters. Default: False
Returns: compare_results – Results of comparison with keys: "resolved"
- List of CVEs resolved between the reports
"new"
- List new CVEs between the reports
Return type: JSON object
-
Route:/v1/vigiles/reports/<token>
Methods:
"GET"
¶ Prime Get a CVE report with the given token
Parameters: - token (
str
) – The token of the CVE report to get - request_data –
Query parameters sent with the request:
"email"
- Email of user sending the request
"format"
- What file format to return from the following:
- ”pdf”, “pdfsummary”, “xlsx”, “csv”
"filtered"
- True to apply all configured filters to scan results, False to apply only kernel and uboot config filters. Default: False
Returns: scan_results – CVE Report data as the requested file type
Return type: file
- token (
Stats module¶
-
Route:/v1/heartbeat
Methods:
"GET", "POST"
¶ This function makes a simple GET request to the LinuxLink server to ensure that the server is available, and that HMAC authentication is working properly.
Returns: "ok"
- True if successful, False otherwise.
Return type: JSON object ['str', 'bool']