Documentation Index
Fetch the complete documentation index at: https://docs.scanoss.com/llms.txt
Use this file to discover all available pages before exploring further.
ComponentCpes
Get CPE identifiers for a software component identified by Package URL.
HTTP Request Example
curl -X GET 'https://api.scanoss.com/v2/vulnerabilities/cpes/component?purl=pkg:github/scanoss/engine&requirement=>=5.0.0' \
-H "X-Api-Key: $SC_API_KEY" | jq
Response Example
{
"component": {
"purl": "pkg:github/scanoss/engine",
"requirement": ">=5.0.0",
"version": "5.0.0",
"cpes": ["cpe:2.3:a:scanoss:engine:1.0.0:*:*:*:*:*:*:*"]
},
"status": {
"status": "SUCCESS",
"message": "CPEs Successfully retrieved"
}
}
ComponentsCpes
Get CPE identifiers for multiple software components in a single request.
HTTP Request Example
curl -X POST 'https://api.scanoss.com/v2/vulnerabilities/cpes/components' \
-H 'Content-Type: application/json' \
-H "X-Api-Key: $SC_API_KEY" \
-d '{
"components": [
{"purl": "pkg:github/scanoss/engine", "requirement": ">=5.0.0"},
{"purl": "pkg:github/scanoss/scanoss.py", "requirement": "~1.30.0"}
]
}' | jq
ComponentVulnerabilities
Get known vulnerabilities for a software component, including CVE details, severity, and scoring data.
HTTP Request Example
curl -X GET 'https://api.scanoss.com/v2/vulnerabilities/component?purl=pkg:github/scanoss/engine&requirement=>=5.0.0' \
-H "X-Api-Key: $SC_API_KEY" | jq
purl: the requested componentvulnerabilities: List of known vulnerabilities affecting the componentversion: Shows the specific version that was analyzedrequirement: Echoes the client’s version constraint from the request
Each vulnerability object contains:
- CVE identifier and reference URL
- Severity classification and CVSS information
- Publication and modification dates
- Summary description
- Source database information
- CVSS array with detailed scoring information (vector, score, and severity)
- Exploit Prediction Scoring System (EPSS) data (probability, percentile)
The cvss field is an array of CVSS (Common Vulnerability Scoring System) objects, allowing for multiple CVSS versions or sources. Each CVSS object contains:
cvss: The CVSS vector string (e.g., “CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H”)cvss_score: The numerical CVSS score (0.0 to 10.0)cvss_severity: The severity rating based on the score (“None”, “Low”, “Medium”, “High”, “Critical”)
Response Examples
Component with Vulnerabilities
{
"component": {
"purl": "pkg:github/scanoss/engine",
"requirement": ">=5.0.0",
"version": "5.0.0",
"vulnerabilities": [
{
"id": "CVE-2024-12345",
"cve": "CVE-2024-12345",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12345",
"summary": "Buffer overflow vulnerability in input processing",
"severity": "High",
"published": "2024-01-15T10:30:00Z",
"modified": "2024-01-16T14:20:00Z",
"source": "NVD",
"cvss": [
{
"cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cvss_score": 7.5,
"cvss_severity": "High"
}
],
"epss": {
"probability": 0.00053,
"percentile": 0.16477
}
}
]
},
"status": {
"status": "SUCCESS",
"message": "Vulnerabilities Successfully retrieved"
}
}
Component with No Known Vulnerabilities
{
"component": {
"purl": "pkg:github/scanoss/scanoss.py",
"requirement": ">1.30.0",
"version": "1.31.0",
"vulnerabilities": []
},
"status": {
"status": "SUCCESS",
"message": "Vulnerabilities Successfully retrieved"
}
}
ComponentsVulnerabilities
Get known vulnerabilities for multiple software components in a single request.
HTTP Request Example
curl -X POST 'https://api.scanoss.com/v2/vulnerabilities/components' \
-H 'Content-Type: application/json' \
-H "X-Api-Key: $SC_API_KEY" \
-d '{
"components": [
{"purl": "pkg:github/scanoss/engine", "requirement": ">=5.0.0"},
{"purl": "pkg:github/scanoss/scanoss.py", "requirement": "~1.30.0"}
]
}' | jq
