JSON response

Source code:

  • If the "Enable dependency check for source code" option is not enabled, please ignore all "dependencies" attributes

{ "final_verdict":{//the aggregated section for both direct and dependent libs "blocked": <boolean> //true: found CVEs that have severities are higher than the configured threshold, otherwise it is false "verdict": <string> <"No Vulnerabilities Found" | "Vulnerabilities Found"> //explaination "vulnerable_package_count": <int> //total direct and dependent vulnerable libs "total_package_count": <int>, //total direct and dependent libs "vulnerability_counts":{ // total unique direct and dependent vulnerabilities "critical": <int>, //total critical CVE "high": <int>, //total high CVE "medium": <int>, //total medium CVE "low": <int>, //total low CVE "unknown": <int> //total unknown CVE, do not know the severity }, "severity": <string> //highest CVE severity from direct and dependent libs "dependencies_severity": <string>, //show if enable dependency detection }, "overview_report": { "scan_mode": "source_code", //source code or container "severity": <string>, //the highest CVE severity from the direct libs "is_partial_report": <boolean>, //if yes, please download the full SBOM report to see all packages info, by default, this JSON only returns 100 package info "package_count": <int>, //total direct libs "vulnerable_package_count": <int>, //total direct vulnerable libs "vulnerability_count": <number> //total direct vulnerabilities "vulnerability_counts":{ //direct vulnerabilities "critical": <int> "high": <int> "medium": <int> "low": <int> "unknown": <int> }, "dependencies_vulnerability_count": <int> //total vulnerabilities from the dependent libs "dependencies_package_count": <int> //total dependent libs "vulnerable_dependencies_package_count": <int> //total vulnerability in the dependent libs "dependencies_severity": <string>, //highest CVE severity from the dependent libs "dependencies_vulnerability_counts":{ "critical": <int> "high": <int> "medium": <int> "low": <int> "unknown": <int> }, "packages": [//package details //the below JSON is the info of one package, including the dependencies info of the package { "ecosystem": <string>, "group": <string> ["lang_pkg"], "package_name": <string>, "package_version": <string>, "target": <string>,//in case of source code, it is the input file name such as pom.xml, requirement.txt "vulnerabilities": [ { "id": <string>, "severity": <string>, "source": <string>, "cwes": [<string>], "fixed_versions": <string> //all fixed version > installed version, "type": <string>, ["vuln", "potential_vuln"] //potential_vuln is returned when the libs in the input is not clearly defined, i.e: http-client: >2.0 } ], "vulnerability_counts": { "critical": <int>, "high": <int>, "low": <int>, "medium": <int>, "unknown": <int> }, "dependencies_package_count": <int>// all detected dependencies for this package "dependencies": [ //empty if disable { "package_name": <string>, // only show if there is a vulnerability "package_version": <string>, "ecosystem": <string>, "vulnerabilities": [ { "id": <string>, "severity": <string>, "cwes": [<string>], "source": <string>, "fixed_versions": <string> "type": <string>, ["vuln", "potential_vuln"] } ], "vulnerability_counts": { "critical": <int>, "high": <int>, "medium": <int>, "low": <int>, "unknown": <int> } } ], "dependencies_severity": <string>, "dependencies_vulnerability_counts": { // the aggregated result of the vulnerable libs, empty if disable or no dependencies detection "critical": <int>, "high": <int>, "low": <int>, "medium": <int>, "unknown": <int> } } ] } }

Container:

{ "final_verdict":{ "blocked": <boolean> "verdict": <string> ["No Vulnerabilities Found" | "Found Vulnerabilities"] "vulnerable_package_count": <int> "total_package_count": <int> "vulnerability_counts":{ "critical": <int> "high": <int> "medium": <int> "low": <int> "unknown": <int> }, "severity": <string> } "scan_mode": "container", "os_info": { "os_name": <string>, "os_version": <string> }, "steps": [ { "step": <int>, "command": <string>, "sha256": <string>, "severity": <string> "vulnerability_count": <number> "packages": [ { "arch": <string>, "ecosystem": <string>, "group": <string> ["os_pkg"], "os_name": <string>, "os_version": <string>, "package_name": <string>, "package_version": <string>, "vulnerabilities": [ { "id": <string>, "severity": <string>, "source": <string>, "fixed_versions": <string> } ], "vulnerability_counts": { "critical": <number>, "high": <number>, "low": <number>, "medium": <number>, "unknown": <number> } }, { "ecosystem": <string>, "group": <string> ["lang_pkg"], "package_name": <string>, "package_version": <string>, } ] } ] }


On This Page
JSON response