Vigiles API

Cves module


Route: /api/v1/vigiles/cves/<cve_id> Methods: "GET"

Search CVE info by CVE id

Parameters:

• cve_id (str) – ID of the cve to search for

• request_data (JSON object) –

  Data sent with request with keys:

  "email"

  Email of user sending the request

  "fields"

  Fields to return in search results. Valid fields:

  (“affected_configurations”, “assigner”, “description”, “identifier”, “impact”, “modified”, “problem_types”, “published”, “references”, “nvd_status”, “cisa”, “epss”)

Returns:

search_results – Results of search with keys:

(“affected_configurations”, “assigner”, “description”, “identifier”, “impact”, “modified”, “problem_types”, “published”, “references”, “nvd_status”, “cisa”, “epss”)

Return type:

JSON object


Route: /api/v1/vigiles/cves Methods: "GET"

Search for CVEs with a product name and version

Parameters:

request_data (JSON object ['str', 'str']) –

Data sent with request with keys:

"email"

Email of user sending the request

"product"

CPE Product (package name) to get CVEs for

"version"

Version of package to get CVEs for

"ids_only"

If True, an array of CVE ids will be returned

Returns:

cves – An array of CVE ids is returned if “ids_only” is true. Otherwise, a dictionary with CVE information will be returned

Return type:

array(object)


Route: /api/v1/vigiles/cves/<cve_id>/vuln-status Methods: "POST"

Update the vulnerability status of a CVE

Parameters:

• cve_id (str) – ID of the cve to search for

• request_data (JSON object) –

  Data sent with request with keys:

  "email"

  Email of user sending the request

  "scope"

  Scope of the vulnerability update

  ”manifest”, “group”, “all”

  "manifest_tokens"

  If the scope is “manifest”, the list of manifest tokens to update

  "group_tokens"

  If the scope is “group”, the list of group tokens to update

  "package"

  Name of package for which status is to be set

  "package_version", optional

  Version of package for which status is to be set

  "status"

  Status to be set

  ”resolved”, “resolved_with_pedigree”, “exploitable”, “in_triage”, “false_positive”, “not_affected”

  "justification", optional

  Justification for the status to be set

  ”code_not_present”, “code_not_reachable”, “requires_configuration”, “requires_dependency”, “requires_environment”, “protected_by_compiler”, “protected_at_runtime”, “protected_at_perimeter”, “protected_by_mitigating_control”

  "justification_detail", optional

  Detailed justification for the status to be set

Returns:

updated_manifests – Returns JSON object containing:

"updated_manifests"array(string)

Array of tokens for all updated SBOMs

Return type:

JSON object

Folders module


Route: /api/v1/vigiles/folders Methods: "GET"

Get an array of folder information that can be filtered by group token

If no group token is given, all folders that the user has access to will be returned.

Parameters:

request_data (JSON object ['str', 'str']) –

Data sent with request with keys:

"email"

Email of user sending the request

"group_token", optional

Token of the group to get folders from

"folder_token", optional

Token of the folder to get folders from

"product_token", optional

Token of the group/product to get folders from

Returns:

folder_tokens – Array of folder information objects with keys: “folder_token”, “folder_name”, “folder_description”, “creation_date”, “group_token”, “parent_folder_token”

Return type:

array(object)


Route: /api/v1/vigiles/folders Methods: "POST"

Create a new folder in the specified group or subgroup

Parameters:

request_data (JSON object ['str', 'str', 'str']) –

Data sent with request with keys:

"email"

Email of user sending the request

"group_token"

Token of the group or subgroup to create the folder in

"folder_name"

Name of the folder to be created

"description", optional

Description of the folder

"folder_token", optional

Token of the parent folder to create the new folder in (if any)

Returns:

folder_data – Folder information object with keys: “folder_token”, “folder_name”, “description”, “creation_date”, “group_token”, “parent_folder_token”

Return type:

object

Groups module


Routes: /api/v1/vigiles/groups Methods: "GET"

Routes: /api/v1/vigiles/products Methods: "GET"

Lists all user groups that are not archived

Parameters:

request_data (JSON object ['str', 'str']) –

Data sent with request with keys:

"email"

Email of user sending the request

Returns:

results – Returns Array of JSON objects containing:

"group_name"str

Group name

"description"str

Group description

"token"str

Group token

"group_type"str

Group type (Group or Subgroup)

"organization_token"str

Parent organization token

Return type:

JSON object


Routes: /api/v1/vigiles/groups/archived Methods: "GET"

Routes: /api/v1/vigiles/products/archived Methods: "GET"

Lists all archived user groups

Parameters:

request_data (JSON object ['str', 'str']) –

Data sent with request with keys:

"email"

Email of user sending the request

Returns:

results – Returns Array of JSON objects containing:

"group_name"str

Group name

"description"str

Group description

"token"str

Group token

"group_type"str

Group type (Group or Subgroup)

"organization_token"str

Parent organization token

Return type:

JSON object


Routes: /api/v1/vigiles/groups Methods: "POST"

Routes: /api/v1/vigiles/products Methods: "POST"

API to create new group

Parameters:

request_data (JSON object ['str', 'str']) –

Data sent with request with keys:

"email"

Email of user sending the request

"group_name"str

Name of new group

"description": str, optional

Group description

"group_token": str, optional

If provided, the newly created group will be a subgroup of this group

"product_token": str, optional

If provided, the newly created group/product will be a subgroup of this group

Returns:

results – Returns JSON object containing:

"group_name"str

Name of the new group

"description"str

Group description

"token"str

Group token

Return type:

JSON object


Routes: /api/v1/vigiles/groups/<token> Methods: "GET"

Routes: /api/v1/vigiles/products/<token> Methods: "GET"

Gets information about a group

Parameters:

• token (str) – Group token

• request_data (JSON object ['str', 'str']) –

  Data sent with request with keys:

  "email"

  Email of user sending the request

  "subgroups"str

  True to show subgroups

Returns:

results – Returns JSON object containing:

"group_name"str

Group name

"description"str

Group description

"token"str

Group token

"group_type"str

Group type (Group or Subgroup)

"organization_token"str

Parent organization token

"hierarchy"str

A string describing the location of the group in relation to its parent groups

"subgroups"array(object)

An array of objects containing information about subgroups

Return type:

JSON object


Routes: /api/v1/vigiles/groups/<token> Methods: "DELETE"

Routes: /api/v1/vigiles/products/<token> Methods: "DELETE"

Remove group/subgroup information about a group

Parameters:

• token (str) – Group token

• request_data (JSON object ['str', 'str']) –

  Data sent with request with keys:

  "email"

  Email of user sending the request

Returns:

results – Returns JSON object containing:

"message"str

Success Message on group deletion

Return type:

JSON object


Routes: /api/v1/vigiles/groups/archive Methods: "PATCH"

Routes: /api/v1/vigiles/products/archive Methods: "PATCH"

Mark group as archived, which will make it read only

Parameters:

request_data (JSON object ['str', 'str']) –

Data sent with request with keys:

"token"

list of group tokens to be marked as archived

Returns:

results – Returns JSON object containing:

"message"str

Success Message on group archive

Return type:

JSON object


Routes: /api/v1/vigiles/groups/unarchive Methods: "PATCH"

Routes: /api/v1/vigiles/products/unarchive Methods: "PATCH"

Unarchive group

Parameters:

request_data (JSON object ['str', 'str']) –

Data sent with request with keys:

"token"

list of group tokens to be marked as archived

Returns:

results – Returns JSON object containing:

"message"str

Success Message on group archive

Return type:

JSON object


Routes: /api/v1/vigiles/groups/<token>/members Methods: "GET"

Routes: /api/v1/vigiles/products/<token>/members Methods: "GET"

Gets info on the members of the group

Parameters:

• token (str) – Group token

• request_data (JSON object ['str', 'str']) –

  Data sent with request with keys:

  "email"

  Email of user sending the request

Returns:

results – Returns JSON object containing:

"group_name": str

Name of the Group

"description": str

Description of the group

"token": str

Group Token

"group_type": str

Type of the group

"group_members": array(object)

An array of objects containing group members info

Return type:

JSON object


Routes: /api/v1/vigiles/groups/<token>/members Methods: "POST"

Routes: /api/v1/vigiles/products/<token>/members Methods: "POST"

Add a user to the group/subgroup

Parameters:

• token (str) – Token of the group to which the user is to be added

• request_data (JSON object ['str', 'str']) –

  Data sent with request with keys:

  "email"

  Email of user sending the request

  "member_email"

  Email address of the member to be added

  "role"

  Role to assign to the new member

  "allow_access_to_subgroups"

  If True, user will be allowed access to all the subgroups of the specified group

Returns:

results – Returns JSON object containing:

"message"str

Success Message on updating user’s role in the group

Return type:

JSON object


Routes: /api/v1/vigiles/groups/<token>/members/<member_email> Methods: "PUT"

Routes: /api/v1/vigiles/products/<token>/members/<member_email> Methods: "PUT"

Updates the user’s role in the group

Parameters:

• token (str) – Group token

• member_email (str) – Email of the group member to be updated

• request_data (JSON object ['str', 'str']) –

  Data sent with request with keys:

  "email"

  Email of user sending the request

  "new_role": str

  New role to be assigend to the group user

Returns:

results – Returns JSON object containing:

"message"str

Success Message on updating user’s role in the group

Return type:

JSON object


Routes: /api/v1/vigiles/groups/<token>/members/<member_email> Methods: "DELETE"

Routes: /api/v1/vigiles/products/<token>/members/<member_email> Methods: "DELETE"

Removes a user from the group

Parameters:

• token (str) – Token of the group from which the user is to be removed

• member_email (str) – Email address of the user to be removed from the group

Returns:

results – Returns JSON object containing:

"message"str

Success Message on updating user’s role in the group

Return type:

JSON object


Routes: /api/v1/vigiles/groups/<token>/settings Methods: "PATCH"

Routes: /api/v1/vigiles/products/<token>/settings Methods: "PATCH"

Updates Group settings

Parameters:

• token (str) – Token of the group for updating group settings

• vuln_identifiers (List, Optional) – Array of vuln_identifiers Acceptable options [“PURL”, “CPE”, “CVE Product”, “Package Name”]

• vuln_strict_match (str, Optional) – Match package name and vendor to match vulnerabilities Acceptable options [“on”, “off”]

Returns:

results – Returns JSON object containing:

"message"str

Success Message on updating the match settings

Return type:

JSON object


Routes: /api/v1/vigiles/groups/<token>/settings Methods: "GET"

Routes: /api/v1/vigiles/products/<token>/settings Methods: "GET"

Gets group settings

Parameters:

token (str) – Token of the group for getting group settings

Returns:

results – Returns JSON object containing:

"group_name": str

Name of the Group

"token": str

Group Token

"vuln_identifiers": List

List of identifiers used to match the vulnerabilities

"vuln_strict_match": str

”on” if vuln_strict_match is enabled else “off”

Return type:

JSON object


Routes: /api/v1/vigiles/groups/<token>/activity_log Methods: "GET"

Routes: /api/v1/vigiles/products/<token>/activity_log Methods: "GET"

Search the activity log

Parameters:

• token (str) – Token of the group to search

• folder_token (str, optional) – Token of the folder to filter by

• manifest_token (str, optional) – Token of the SBOM to filter by

• report_token (str, optional) – Token of the report to filter by

• user_email (str, optional) – Email of the user to filter by

• log_type (str, optional) –

  Type of log to filter by. Acceptable values are:

  ”create_note”, “delete_note”, “import_note”, “update_vuln_status”, “import_vuln_status”, “update_custom_score”, “import_custom_score”, “create_jira_issue”, “delete_jira_issue”

• log_method (str, optional) –

  Method of log to filter by. Acceptable values are:

  ”api”, “ui”

• package_name (str, optional) – Package name to filter by

• package_version (str, optional) – Package version to filter by

• vuln_id (str, optional) – Vulnerability ID to filter by

Returns:

results – Array of activity log objects with keys: “date”, “log_type”, “method”, “description”, “group”, “folder”, “report”, “manifest”, “user”, “vuln_id”, “package”, “package_version”

Return type:

array(object)

Manifests module


Route: /api/v1/vigiles/manifests Methods: "POST"

Upload manifest and return scan results

Parameters:

request_data (JSON object ['str', 'str']) –

post data with keys:

"manifest"

Manifest data to scan

"email"

Email of user sending the request

"kernel_config"

Kernel config data

"uboot_config"

Uboot config data

"manifest_name"

Name to give the new manifest

"group_token"

Token of the group the manifest should belong to

"folder_token"

Token of the folder where the manifest should be stored

"subfolder_name"

Name of subfolder for dynamic folder creation

"subscribe"

Subscription notification frequency (“none”, “daily”, “weekly”, “monthly”)

"filter_results"

True to apply all configured filters to scan results, False to apply only kernel and uboot config filters. Default: False

"with_field"

Optionally extend CVE data included in returned report with one of the following fields (parameter can be repeated):

”assigner”, “description”, “impact”, “modified”, “problem_types”, “published”, “references”

"export_format", optional

Optionally include the scan results in one of the following report formats:

”pdf”, “pdfsummary”, “xlsx”, “csv”, “cyclonedx-vex”, “cyclonedx-sbom-vex”

"cyclonedx_format", optional

Optionally include the scan results in one of the following cyclonedx formats:

”json”, “xml”

"cyclonedx_version", optional

Optionally include the scan results in one of the following cyclonedx version:

”1.4”, “1.5”, “1.6”

Returns:

scan_results – Results of scan with keys:

"manifest_token"

Token of the manifest

"group_token"

Token of the group that the manifest belongs to

"folder_token"

Token of the folder that the manifest is in

"cves"

Array of dictionaries containing information about CVEs found in the scan

"counts"

Dictionary containing counts with keys: fixed, kernel, toolchain, unapplied, unfixed, upgradable, whitelisted, not_affected

"date"

Date of the scan

"report_path"

URL where the report can be viewed

Return type:

JSON object


Route: /api/v1/vigiles/manifests Methods: "GET"

Get an array of manifests information from a group or folder.

Only either a group token or folder token should be given. If neither are given, all manifests that the user has access to will be returned.

Parameters:

request_data (JSON object ['str', 'str']) –

Data sent with request with keys:

"email"

Email of user sending the request

"group_token", optional

Token of the group to get manifests from

"folder_token", optional

Token of the folder to get manifests from

Returns:

manifests – Array of group information objects with keys: “manifest_name”, “manifest_token”, “group_token”, “folder_token”, “upload_date”

Return type:

array(object)


Route: /api/v1/vigiles/manifests/<token> Methods: "GET"

Get information about a manifest with a given token

Parameters:

request_data (JSON object ['str', 'str']) –

Data sent with request with keys:

"email"

Email of the user sending the request

"send_file"

If true, a manifest file will be sent

"sbom_format"

convert manifest to this format before returning. acceptable formats are:

”spdx”, “spdx-lite”, “cyclonedx”

"file_format"

file type to use in spdx/cyclonedx conversion. acceptable values are dependent on sbom_format.

"sbom_version"

version to use in spdx/cyclonedx conversion. acceptable values are dependent on sbom_format.

Returns:

• manifest_info (array(object) or file)

• Array of manifest information objects with keys – “manifest_token”, “manifest_name”, “folder_token”, “group_token”, “upload_date”, “manifest_data”


Route: /api/v1/vigiles/manifests/<token>/reports/latest Methods: "GET"

Get the latest CVE report results from a given manifest token

Parameters:

• token (str) – The token of the manifest to get the latest scan results from

• request_data (JSON object ['str', 'str']) –

  Data sent with request with keys:

  "email"

  Email of user sending the request

  "with_field"

  Optionally extend CVE data included in returned report with one of the following fields (parameter can be repeated):

  ”assigner”, “description”, “impact”, “modified”, “problem_types”, “published”, “references”, “nvd_status”, “cisa”

Returns:

scan_results – Results of scan with keys:

"manifest_token"

Token of the manifest

"group_token"

Token of the group that the manifest belongs to

"folder_token"

Token of the folder that the manifest is in

"cves"

Array of objects containing information about CVEs found in the scan

"counts"

Object containing counts with keys: fixed, kernel, toolchain, unapplied, unfixed, upgradable, whitelisted, not_affected

"date"

Date of the scan

"report_path"

URL where the report can be viewed

Return type:

JSON object


Route: /api/v1/vigiles/manifests/<token>/reports Methods: "POST"

Rescan a manifest with a given token

Parameters:

• token (str) – The token of the manifest to get the latest scan results from

• request_data (JSON object ['str', 'str']) –

  Data sent with request with keys:

  "email"

  Email of user sending the request

  "filtered"

  True to apply all configured filters to scan results.

  False to apply only kernel and uboot config filters.

  Default: False

  "rescan_only"

  Anything other than “false” or “f” to only rescan the manifest

  "with_field"

  Optionally extend CVE data included in returned report with one of the following fields (parameter can be repeated):

  ”assigner”, “description”, “impact”, “moified”, “problem_types”, “published”, “references”, “nvd_status”, “cisa”

Returns:

scan_results – Results of scan with keys:

"cves"

Array of objects containing information about CVEs found in the scan

"counts"

Object containing counts with keys: fixed, kernel, toolchain, unapplied, unfixed, upgradable, whitelisted, not_affected

"date"

Date of the scan

"group_name"

Name of the group that the manifest belongs to

"group_path"

URL where the group can be viewed

"report_path"

URL where the report can be viewed

Return type:

JSON object


Route: /api/v1/vigiles/manifests/<token>/reports Methods: "GET"

Get an array of CVE Reports available for a given manifest

Parameters:

• token (str) – The token of the manifest to list reports for

• request_data (JSON object ['str', 'str']) –

  Query parameters sent with the request:

  "email"

  Email of user sending the request

Returns:

result – Object containing the manifest info and array of available reports

"manifest_name"

The name of the manifest for which these reports were requested

"manifest_token"

Token of the manifest for which these reports were requested

"group_token"

Token for the group that this manifest belongs to

"folder_token"

Token for the folder that this manifest belongs to, if any

"upload_date"

Date of upload for the manifest these reports are for

"reports"array(object)

Array of report information objects, sorted by “created_date”, with keys:

"created_date"

Date this scan was performed

"report_token"

Token for this report

"manifest_token"

Token of the specific version of the manifest for which this report was genereated”

"manifest_version"

Version of the manifest for which this report was generated

Return type:

JSON object


Route: /api/v1/vigiles/manifests/<token> Methods: "DELETE"

Delete a manifest with a given token

Parameters:

• token (str) – The token of the manifest to delete

• request_data (JSON object ['str', 'str']) –

  Data sent with request with keys:

  "email"

  Email of user sending the request

  "confirmed"

  ”true” to delete manifest along with jira issues

Returns:

response – Results with keys:

"success"

True if successful, False otherwise

"message"

Message describing response

Return type:

JSON object


Route: /api/v1/vigiles/manifests/<sbom_token>/custom_scores Methods: "POST"

API to set custom cve scores

Parameters:

• sbom_token (str) – SBOM Token

• user (User) – User instance

• request_data (JSON object) –

  Data sent with request with keys: "email"

  Email of user sending the request

  "cve_id"

  CVE ID

  "package_name"

  Package name

  "package_version"

  Package version (Optional)

  "custom_score"

  Custom Score to be set

Returns:

message_info – Results of comparison with keys: "message"

Message informing the success or failure of the request

Return type:

JSON object


Route: /api/v1/vigiles/manifests/bulk-options/move Methods: "POST"

Move multiple sboms to a target folder/group

Parameters:

• user (User) – User instance

• request_data (JSON object) –

  Data sent with request with keys: "email"

  Email of user sending the request

  "sbom_tokens"

  Array of sbom_tokens to be moved

  "target_group_token"

  Target group token to which the sboms are to be moved

  "target_folder_token"

  Target folder token to which the sboms are to be moved

  "copy"

  Copy SBOMs instead of moving

  "include_history"

  Include previous versions of the SBOM

Reports module


Route: /api/v1/vigiles/reports/compare Methods: "GET"

Compare two CVE reports with given tokens

Parameters:

request_data (JSON object ['str', 'str']) –

Data sent with request with keys:

"email"

Email of the user sending the request

"token_one"

Token for the first CVE report to compare

"token_two"

Token for the second CVE report to compare

"filtered"

True to apply all configured filters to both reports,

False to apply only kernel and uboot config filters.

Default: False

Returns:

compare_results – Results of comparison with keys:

"resolved"

List of CVEs resolved between the reports

"new"

List new CVEs between the reports

Return type:

JSON object


Route: /api/v1/vigiles/reports/<token> Methods: "GET"

Get a CVE report with the given token

Parameters:

• token (str) – The token of the CVE report to get

• request_data (JSON object ['str', 'str']) –

  Query parameters sent with the request:

  "email"

  Email of user sending the request

  "format"

  What file format to return from the following:

  ”pdf”, “pdfsummary”, “xlsx”, “csv”, “cyclonedx-vex”, “cyclonedx-sbom-vex”

  "filtered"

  True to apply all configured filters to scan results,

  False to apply only kernel and uboot config filters.

  Default: False

Returns:

scan_results – CVE Report data as the requested file type

Return type:

file

Stats module


Route: /api/v1/vigiles/heartbeat Methods: "GET", "POST"

This function makes a simple GET request to the LinuxLink server to ensure that the server is available, and that HMAC authentication is working properly.

Returns:

"ok"

True if successful, False otherwise.

Return type:

JSON object ['str', 'bool']

©2025, Timesys. | Powered by Sphinx 7.1.2 & Alabaster 0.7.12