Vigiles API Manual
Cves module¶
-
Route:/v1/vigiles/cves/<cve_id>
Methods:
"GET"
¶ Prime Search CVE info by CVE id
Parameters: - cve_id (
str
) – ID of the cve to search for - request_data (JSON object) –
Data sent with request with keys:
"email"
- Email of user sending the request
"fields"
- Fields to return in search results. Valid fields: “affected_configurations”, “assigner”, “description”, “identifier”, “impact”, “modified”, “problem_types”, “published”, “references”
Returns: search_results – Results of search with keys: “affected_configurations”, “assigner”, “description”, “identifier”, “impact”, “modified”, “problem_types”, “published”, “references”
Return type: JSON object
- cve_id (
-
Route:/v1/vigiles/cves
Methods:
"GET"
¶ Prime Search for CVEs with a product name and version
Parameters: request_data ( JSON object ['str', 'str']
) –Data sent with request with keys:
"email"
- Email of user sending the request
"product"
- CPE Product (package name) to get CVEs for
"version"
- Version of package to get CVEs for
"ids_only"
- If True, an array of CVE ids will be returned
Returns: cves – An array of CVE ids is returned if “ids_only” is true. Otherwise, a dictionary with CVE information will be returned Return type: array(object)
Folders module¶
-
Route:/v1/vigiles/folders
Methods:
"GET"
¶ Prime Get an array of folder information that can be filtered by product token
If no product token is given, all folders that the user owns will be returned.
Parameters: request_data (JSON object) – Data sent with request with keys:
"email"
- Email of user sending the request
"product_token"
, optional- Token of the product to get folders from
Returns: folder_tokens – Array of folder information objects with keys: “folder_token”, “folder_name”, “folder_description”, “creation_date”, “product_token” Return type: array(object)
Manifests module¶
-
Route:/v1/vigiles/manifests/<token>
Methods:
"DELETE"
¶ Prime Delete a manifest with a given token
Parameters: - token (
str
) – The token of the manifest to delete - request_data (
"JSON object"
) –Data sent with request with keys:
"email"
- Email of user sending the request
Returns: response – Results with keys:
"success"
True if successful, False otherwise
"message"
Message describing response
Return type: JSON object
- token (
-
Route:/v1/vigiles/manifests/<token>/reports/latest
Methods:
"GET"
¶ Prime Get the latest CVE report results from a given manifest token
Parameters: - token (
str
) – The token of the manifest to get the latest scan results from - request_data (
"JSON object"
) –Data sent with request with keys:
"email"
- Email of user sending the request
"filtered"
- True to apply all configured filters to scan results, False to apply only kernel and uboot config filters. Default: False
"with_field"
- Optionally extend CVE data included in report with one of the
following fields (parameter can be repeated):”assigner”, “description”, “impact”, “modified”, “problem_types”, “published”, “references”
Returns: scan_results – Results of scan with keys:
"manifest_token"
Token of the manifest
"product_token"
Token of the product that the manifest belongs to
"folder_token"
Token of the folder that the manifest is in
"cves"
Array of objects containing information about CVEs found in the scan
"counts"
Object containing counts with keys: fixed, kernel, toolchain, unapplied, unfixed, upgradable, whitelisted
"date"
Date of the scan
"report_path"
URL where the report can be viewed
Return type: JSON object
- token (
-
Route:/v1/vigiles/manifests/<token>
Methods:
"GET"
¶ Prime Get information about a manifest with a given token
Parameters: request_data (JSON object) – Data sent with request with keys:
"email"
- Email of the user sending the request
"send_file"
- If true, a manifest file will be sent
"sbom_format"
- convert manifest to this format before returning.
acceptable formats are:”spdx”
Returns: - manifest_info (
array(object)
orfile
) - Array of manifest information objects with keys – “manifest_token”, “manifest_name”, “folder_token”, “product_token”, “upload_date”, “manifest_data”
-
Route:/v1/vigiles/manifests
Methods:
"GET"
¶ Prime Get an array of manifests information from a product or folder.
Only either a product token or folder token should be given. If neither are given, all manifests that the user owns will be returned including manifests in shared products
Parameters: request_data ( JSON object ['str', 'str']
) –Data sent with request with keys:
"email"
- Email of user sending the request
"product_token"
, optional- Token of the product to get manifests from
"folder_token"
, optional- Token of the folder to get manifests from
Returns: manifests – Array of product information objects with keys: “manifest_name”, “manifest_token”, “product_token”, “folder_token”, “upload_date” Return type: array(object)
-
Route:/v1/vigiles/manifests/<token>/reports
Methods:
"GET"
¶ Prime Get an array of CVE Reports available for a given manifest
Parameters: - token (
str
) – The token of the manifest to list reports for - request_data –
Query parameters sent with the request:
"email"
- Email of user sending the request
Returns: result – Object containing the manifest info and array of available reports
"manifest_name"
The name of the manifest for which these reports were requested
"manifest_token"
Token of the manifest for which these reports were requested
"product_token"
Token for the Product this manifest belongs to
"folder_token"
Token for the Folder this manifest belongs to, if any
"upload_date"
Date of upload for the manifest these reports are for
"reports"
:array(object)
Array of report information objects, sorted by “created_date”, with keys:
"created_date"
Date this scan was performed
"report_token"
Token for this report
"manifest_token"
Token of the specific version of the manifest for which this report was genereated”
"manifest_version"
Version of the manifest for which this report was generated
Return type: object
- token (
-
Route:/v1/vigiles/manifests/<token>/reports
Methods:
"POST"
¶ Prime Rescan a manifest with a given token
Parameters: - token (
str
) – The token of the manifest to get the latest scan results from - request_data (
JSON object ['str', 'str']
) –Data sent with request with keys:
"email"
- Email of user sending the request
"filtered"
- True to apply all configured filters to scan results, False to apply only kernel and uboot config filters. Default: False
"rescan_only"
- Anything other than “false” or “f” to only rescan the manifest
"with_field"
- Optionally extend CVE data included in returned report with one of the
following fields (parameter can be repeated):”assigner”, “description”, “impact”, “modified”, “problem_types”, “published”, “references”
Returns: scan_results – Results of scan with keys:
"cves"
Array of objects containing information about CVEs found in the scan
"counts"
Object containing counts with keys: fixed, kernel, toolchain, unapplied, unfixed, upgradable, whitelisted
"date"
Date of the scan
"product_name"
Name of the product that the manifest belongs to
"product_path"
URL where the product can be viewed
"report_path"
URL where the report can be viewed
Return type: JSON object
- token (
-
Routes:/v1/vigiles/manifests
Methods:
"POST"
¶ Upload manifest and return scan results
Parameters: request_data (JSON object) – post data with keys:
"manifest"
- Manifest data to scan
"email"
- Email of user sending the request
"kernel_config"
- Kernel config data
"uboot_config"
- Uboot config data
"manifest_name"
- Name to give the new manifest
"product_token"
- Token of the product the manifest should belong to
"folder_token"
- Token of the folder where the manifest should be stored
"subfolder_name"
- Name of subfolder to upload manifest to
"filter_results"
- True to apply all configured filters to scan results, False to apply only kernel and uboot config filters. Default: False
"with_field"
- Optionally extend CVE data included in report with one of the
following fields (parameter can be repeated):”assigner”, “description”, “impact”, “modified”, “problem_types”, “published”, “references”
"include_sbom"
- Type of exported manifest that should be included in response Default: spdx
Returns: scan_results – Results of scan with keys: "manifest_token"
- Token of the manifest
"product_token"
- Token of the product that the manifest belongs to
"folder_token"
- Token of the folder that the manifest is in
"cves"
- Array of dictionaries containing information about CVEs found in the scan
"counts"
- Dictionary containing counts with keys: fixed, kernel, toolchain, unapplied, unfixed, upgradable, whitelisted
"date"
- Date of the scan
"report_path"
- URL where the report can be viewed
"exported_manifest"
- Exported manifest data
Return type: JSON object
/v1/vigiles/manifests/demo
Methods:
"POST"
¶-
Route:/v1/vigiles/manifests/demo
Methods:
"POST"
¶ Upload manifest in demo mode and return scan results
Parameters: request_data (JSON object) – post data with keys:
"manifest"
- Manifest data to scan
"kernel_config"
- Kernel config data
"uboot_config"
- Uboot config data
Returns: Results of scan with keys: "cves"
- dict containing counts of unfixed, fixed and un-applied CVEs found in the scan
"date"
- Date of the scan
"report_path"
- URL where the report can be viewed
"demo"
- Is manifest uploaded in demo mode
"subscribed"
- Is user subscribed
Return type: JSON object
Products module¶
-
Route:/v1/vigiles/products
Methods:
"POST"
¶ Prime Create a new product for a user
Parameters: - product_token (
str
) – the token of a product - request_data (JSON object) –
Data sent with request with keys:
"email"
- Email of the user sending the request
"name"
- Name for the new product
"desc"
, optional- Description for the new product
Returns: product_info – Results of comparison with keys:
"name"
Name of product
"description"
Description of product
"token"
Token for the product
Return type: JSON object
- product_token (
-
Route:/v1/vigiles/products/<product_token>
Methods:
"GET"
¶ Prime Get information about a product from a given token
Parameters: - product_token (
str
) – Token of the product - request_data (JSON object) –
Data sent with request with keys:
"email"
- Email of user sending the request
Returns: product_info – Results of comparison with keys:
"name"
Name of product
"description"
Description of product
"token"
Token for the product
"is_default"
True if product is default product for user, otherwise False
"created"
Date that the product was created
Return type: JSON object
- product_token (
-
Route:/v1/vigiles/products
Methods:
"GET"
¶ Prime Get information about all products for a user
Parameters: request_data (JSON object) – Data sent with request with keys:
"email"
- Email of the user sending the request
Returns: product_info – Array of product information objects with keys: “name”, “description”, “token” Return type: list(object)
Reports module¶
-
Route:/v1/vigiles/reports/compare
Methods:
"GET"
¶ Prime Compare two CVE reports with given tokens
Parameters: request_data (JSON object) – Data sent with request with keys:
"token_one"
- Token for the first CVE report to compare
"token_two"
- Token for the second CVE report to compare
"filtered"
- True to apply all configured filters to both reports, False to apply only kernel and uboot config filters. Default: False
Returns: compare_results – Results of comparison with keys: "resolved"
- List of CVEs resolved between the reports
"new"
- List new CVEs between the reports
Return type: JSON object
-
Route:/v1/vigiles/reports/<token>
Methods:
"GET"
¶ Prime Get a CVE report with the given token
Parameters: - token (
str
) – The token of the CVE report to get - request_data –
Query parameters sent with the request:
"email"
- Email of user sending the request
"format"
- What file format to return from the following:
- ”pdf”, “pdfsummary”, “xlsx”, “csv”
"filtered"
- True to apply all configured filters to scan results, False to apply only kernel and uboot config filters. Default: False
Returns: scan_results – CVE Report data as the requested file type
Return type: file
- token (
Stats module¶
-
Route:/v1/heartbeat
Methods:
"GET", "POST"
¶ This function makes a simple GET request to the LinuxLink server to ensure that the server is available, and that HMAC authentication is working properly.
Returns: "ok"
- True if successful, False otherwise.
Return type: JSON object ['str', 'bool']