Cves module


Route:
/v1/vigiles/cves/<cve_id> Methods: "GET"

Prime  Search CVE info by CVE id

Parameters:
  • cve_id (str) – ID of the cve to search for
  • request_data (JSON object) –

    Data sent with request with keys:

    "email"
    Email of user sending the request
    "fields"
    Fields to return in search results. Valid fields: “affected_configurations”, “assigner”, “description”, “identifier”, “impact”, “modified”, “problem_types”, “published”, “references”, “nvd_status”, “cisa”
Returns:

search_results – Results of search with keys: “affected_configurations”, “assigner”, “description”, “identifier”, “impact”, “modified”, “problem_types”, “published”, “references”, “nvd_status”, “cisa”

Return type:

JSON object


Route:
/v1/vigiles/cves Methods: "GET"

Prime  Search for CVEs with a product name and version

Parameters:request_data (JSON object ['str', 'str']) –

Data sent with request with keys:

"email"
Email of user sending the request
"product"
CPE Product (package name) to get CVEs for
"version"
Version of package to get CVEs for
"ids_only"
If True, an array of CVE ids will be returned
Returns:cves – An array of CVE ids is returned if “ids_only” is true. Otherwise, a dictionary with CVE information will be returned
Return type:array(object)

Folders module


Route:
/v1/vigiles/folders Methods: "GET"

Prime  SBOM Manager  Get an array of folder information that can be filtered by product token

If no product token is given, all folders that the user owns will be returned.

Parameters:request_data (JSON object) –

Data sent with request with keys:

"email"
Email of user sending the request
"product_token", optional
Token of the product to get folders from
Returns:folder_tokens – Array of folder information objects with keys: “folder_token”, “folder_name”, “folder_description”, “creation_date”, “product_token”
Return type:array(object)

Manifests module


Route:
/v1/vigiles/manifests/<token> Methods: "DELETE"

Prime  SBOM Manager  Delete a manifest with a given token

Parameters:
  • token (str) – The token of the manifest to delete
  • request_data ("JSON object") –

    Data sent with request with keys:

    "email"
    Email of user sending the request
Returns:

response – Results with keys:

"success"

True if successful, False otherwise

"message"

Message describing response

Return type:

JSON object


Route:
/v1/vigiles/manifests/<token>/reports/latest Methods: "GET"

Prime  Get the latest CVE report results from a given manifest token

Parameters:
  • token (str) – The token of the manifest to get the latest scan results from
  • request_data ("JSON object") –

    Data sent with request with keys:

    "email"
    Email of user sending the request
    "filtered"
    True to apply all configured filters to scan results, False to apply only kernel and uboot config filters. Default: False
    "with_field"
    Optionally extend CVE data included in report with one of the following fields (parameter can be repeated):
    ”assigner”, “description”, “impact”, “modified”, “problem_types”, “published”, “references”, “nvd_status”, “cisa”
Returns:

scan_results – Results of scan with keys:

"manifest_token"

Token of the manifest

"product_token"

Token of the product that the manifest belongs to

"folder_token"

Token of the folder that the manifest is in

"cves"

Array of objects containing information about CVEs found in the scan

"counts"

Object containing counts with keys: fixed, kernel, toolchain, unapplied, unfixed, upgradable, whitelisted

"date"

Date of the scan

"report_path"

URL where the report can be viewed

Return type:

JSON object


Route:
/v1/vigiles/manifests/<token> Methods: "GET"

Prime  SBOM Manager  Get information about a manifest with a given token

Parameters:request_data (JSON object) –

Data sent with request with keys:

"email"
Email of the user sending the request
"send_file"
If true, a manifest file will be sent
"sbom_format"
convert manifest to this format before returning. acceptable formats are:
”spdx”, “spdx-lite”, “cyclonedx”
"file_format"
file type to use in spdx/cyclonedx conversion. acceptable values are dependent on sbom_format.
"sbom_version"
version to use in spdx/cyclonedx conversion. acceptable values are dependent on sbom_format.
Returns:
  • manifest_info (array(object) or file)
  • Array of manifest information objects with keys – “manifest_token”, “manifest_name”, “folder_token”, “product_token”, “upload_date”, “manifest_data”

Route:
/v1/vigiles/manifests Methods: "GET"

Prime  SBOM Manager  Get an array of manifests information from a product or folder.

Only either a product token or folder token should be given. If neither are given, all manifests that the user owns will be returned including manifests in shared products

Parameters:request_data (JSON object ['str', 'str']) –

Data sent with request with keys:

"email"
Email of user sending the request
"product_token", optional
Token of the product to get manifests from
"folder_token", optional
Token of the folder to get manifests from
Returns:manifests – Array of product information objects with keys: “manifest_name”, “manifest_token”, “product_token”, “folder_token”, “upload_date”
Return type:array(object)

Route:
/v1/vigiles/manifests/<token>/reports Methods: "GET"

Prime  Get an array of CVE Reports available for a given manifest

Parameters:
  • token (str) – The token of the manifest to list reports for
  • request_data

    Query parameters sent with the request:

    "email"
    Email of user sending the request
Returns:

result – Object containing the manifest info and array of available reports "manifest_name"

The name of the manifest for which these reports were requested

"manifest_token"

Token of the manifest for which these reports were requested

"product_token"

Token for the Product this manifest belongs to

"folder_token"

Token for the Folder this manifest belongs to, if any

"upload_date"

Date of upload for the manifest these reports are for

"reports" : array(object)

Array of report information objects, sorted by “created_date”, with keys: "created_date"

Date this scan was performed

"report_token"

Token for this report

"manifest_token"

Token of the specific version of the manifest for which this report was genereated”

"manifest_version"

Version of the manifest for which this report was generated

Return type:

object


Route:
/v1/vigiles/manifests/<token>/reports Methods: "POST"

Prime  Rescan a manifest with a given token

Parameters:
  • token (str) – The token of the manifest to get the latest scan results from
  • request_data (JSON object ['str', 'str']) –

    Data sent with request with keys:

    "email"
    Email of user sending the request
    "filtered"
    True to apply all configured filters to scan results, False to apply only kernel and uboot config filters. Default: False
    "rescan_only"
    Anything other than “false” or “f” to only rescan the manifest
    "with_field"
    Optionally extend CVE data included in returned report with one of the following fields (parameter can be repeated):
    ”assigner”, “description”, “impact”, “modified”, “problem_types”, “published”, “references”, “nvd_status”, “cisa”
Returns:

scan_results – Results of scan with keys:

"cves"

Array of objects containing information about CVEs found in the scan

"counts"

Object containing counts with keys: fixed, kernel, toolchain, unapplied, unfixed, upgradable, whitelisted

"date"

Date of the scan

"product_name"

Name of the product that the manifest belongs to

"product_path"

URL where the product can be viewed

"report_path"

URL where the report can be viewed

Return type:

JSON object


Routes:
/v1/vigiles/manifests Methods: "POST"
/v1/vigiles/manifests/demo Methods: "POST"

Upload manifest and return scan results

Parameters:request_data (JSON object) –

post data with keys:

"manifest"
Manifest data to scan
"email"
Email of user sending the request
"kernel_config"
Kernel config data
"uboot_config"
Uboot config data
"manifest_name"
Name to give the new manifest
"product_token"
Token of the product the manifest should belong to
"folder_token"
Token of the folder where the manifest should be stored
"subfolder_name"
Name of subfolder to upload manifest to
"filter_results"
True to apply all configured filters to scan results, False to apply only kernel and uboot config filters. Default: False
"with_field"
Optionally extend CVE data included in report with one of the following fields (parameter can be repeated):
”assigner”, “description”, “impact”, “modified”, “problem_types”, “published”, “references”, “nvd_status”, “cisa”
"include_sbom"
Type of exported manifest that should be included in response Default: spdx
Returns:scan_results – Results of scan with keys:
"manifest_token"
Token of the manifest
"product_token"
Token of the product that the manifest belongs to
"folder_token"
Token of the folder that the manifest is in
"cves"
Array of dictionaries containing information about CVEs found in the scan
"counts"
Dictionary containing counts with keys: fixed, kernel, toolchain, unapplied, unfixed, upgradable, whitelisted
"date"
Date of the scan
"report_path"
URL where the report can be viewed
"exported_manifest"
Exported manifest data
Return type:JSON object

Route:
/v1/vigiles/manifests/demo Methods: "POST"

Upload manifest in demo mode and return scan results

Parameters:request_data (JSON object) –

post data with keys:

"manifest"
Manifest data to scan
"kernel_config"
Kernel config data
"uboot_config"
Uboot config data
Returns:Results of scan with keys:
"cves"
dict containing counts of unfixed, fixed and un-applied CVEs found in the scan
"date"
Date of the scan
"report_path"
URL where the report can be viewed
"demo"
Is manifest uploaded in demo mode
"subscribed"
Is user subscribed
Return type:JSON object

Products module


Route:
/v1/vigiles/products Methods: "POST"

Prime  SBOM Manager  Create a new product for a user

Parameters:
  • product_token (str) – the token of a product
  • request_data (JSON object) –

    Data sent with request with keys:

    "email"
    Email of the user sending the request
    "name"
    Name for the new product
    "desc", optional
    Description for the new product
Returns:

product_info – Results of comparison with keys:

"name"

Name of product

"description"

Description of product

"token"

Token for the product

Return type:

JSON object


Route:
/v1/vigiles/products/<product_token> Methods: "GET"

Prime  SBOM Manager  Get information about a product from a given token

Parameters:
  • product_token (str) – Token of the product
  • request_data (JSON object) –

    Data sent with request with keys:

    "email"
    Email of user sending the request
Returns:

product_info – Results of comparison with keys:

"name"

Name of product

"description"

Description of product

"token"

Token for the product

"is_default"

True if product is default product for user, otherwise False

"created"

Date that the product was created

Return type:

JSON object


Route:
/v1/vigiles/products Methods: "GET"

Prime  SBOM Manager  Get information about all products for a user

Parameters:request_data (JSON object) –

Data sent with request with keys:

"email"
Email of the user sending the request
Returns:product_info – Array of product information objects with keys: “name”, “description”, “token”
Return type:list(object)

Reports module


Route:
/v1/vigiles/reports/compare Methods: "GET"

Prime  Compare two CVE reports with given tokens

Parameters:request_data (JSON object) –

Data sent with request with keys:

"token_one"
Token for the first CVE report to compare
"token_two"
Token for the second CVE report to compare
"filtered"
True to apply all configured filters to both reports, False to apply only kernel and uboot config filters. Default: False
Returns:compare_results – Results of comparison with keys:
"resolved"
List of CVEs resolved between the reports
"new"
List new CVEs between the reports
Return type:JSON object

Route:
/v1/vigiles/reports/<token> Methods: "GET"

Prime  Get a CVE report with the given token

Parameters:
  • token (str) – The token of the CVE report to get
  • request_data

    Query parameters sent with the request:

    "email"
    Email of user sending the request
    "format"
    What file format to return from the following:
    ”pdf”, “pdfsummary”, “xlsx”, “csv”
    "filtered"
    True to apply all configured filters to scan results, False to apply only kernel and uboot config filters. Default: False
Returns:

scan_results – CVE Report data as the requested file type

Return type:

file

Stats module


Route:
/v1/heartbeat Methods: "GET", "POST"

This function makes a simple GET request to the LinuxLink server to ensure that the server is available, and that HMAC authentication is working properly.

Returns:
"ok"
True if successful, False otherwise.
Return type:JSON object ['str', 'bool']