Skip to main content
The vulnerabilities endpoints expose CVE scan results from InfraAudit’s Trivy and NVD integrations. You can trigger scans, filter findings by severity and status, and retrieve full vulnerability details including NVD descriptions and fix versions. Base path: /api/v1/vulnerabilities

POST /vulnerabilities/scan — trigger a scan

Starts a vulnerability scan. You can scope it to a specific provider or resource, or run it across all providers. 
POST /api/v1/vulnerabilities/scan
Authorization: Bearer <token>
Content-Type: application/json

Request body (optional)

provider_id
integer
Scope the scan to a specific provider.
resource_id
integer
Scope the scan to a specific resource.
{
  "provider_id": 1,
  "resource_id": 42
}

Response 202

{
  "job_id": 55,
  "status": "running"
}

GET /vulnerabilities — list vulnerability findings

Returns a paginated list of vulnerability findings. 
GET /api/v1/vulnerabilities
Authorization: Bearer <token>

Query parameters

provider_id
integer
Filter by provider.
resource_id
integer
Filter by resource.
severity
string
Filter by severity: critical, high, medium, or low.
status
string
Filter by status: open, fixed, or ignored.
cve_id
string
Filter by a specific CVE ID, for example CVE-2024-12345.
page
integer
default:"1"
Page number.
per_page
integer
default:"20"
Results per page. Maximum is 100.

Response

{
  "data": [
    {
      "id": 1,
      "cve_id": "CVE-2024-12345",
      "severity": "critical",
      "cvss_score": 9.8,
      "package_name": "openssl",
      "installed_version": "1.1.1t",
      "fix_version": "1.1.1u",
      "resource_id": 42,
      "resource_name": "api-pod",
      "status": "open",
      "detected_at": "2024-01-15T02:00:00Z"
    }
  ],
  "meta": { "total": 8, "page": 1, "per_page": 20 }
}
cvss_score
number
CVSS v3 base score (0.0–10.0).
fix_version
string
The earliest package version that patches this vulnerability. May be null if no fix is available.

GET /vulnerabilities/ — get finding details

Returns full vulnerability details including the NVD description and reference links. 
GET /api/v1/vulnerabilities/{id}
Authorization: Bearer <token>

PATCH /vulnerabilities/ — update status

Update the status of a vulnerability finding, for example to mark it as ignored. 
PATCH /api/v1/vulnerabilities/{id}
Authorization: Bearer <token>
Content-Type: application/json

Request body

status
string
required
New status: open, fixed, or ignored.
reason
string
Reason for the status change. Required when setting ignored.
{
  "status": "ignored",
  "reason": "Not exploitable in this deployment"
}

GET /vulnerabilities/summary — get summary

Returns aggregate counts by severity and status. 
GET /api/v1/vulnerabilities/summary
Authorization: Bearer <token>