240830

Vulnerability Database
Total CVEs Records

5370646

More than Components/Packages analyzed & stored in database

100878

Malicous Packages recognized

81

Technologies & Languages, tested on a large number of third-party libraries


API Documentation

Intégrez SDepender dans votre écosystème de sécurité

Teams & Members Management

PUT /api/v1/teams/{teamId}/members

Affecte massivement des utilisateurs à une équipe. Remplace l'ancienne liste des membres.

Propriété Type Description
userIds* string[] Liste des UUID des utilisateurs à affecter.
role string Rôle (Admin, Member, Viewer).
REQUEST BODY (JSON) UTF-8 
{
                    "userIds": [
                      "uuid-user-123",
                      "uuid-user-456"
                    ],
                    "role": "Member",
                    "sendNotification": true
                  }
DELETE /api/v1/teams/{teamId}

Suppression d'une équipe avec nettoyage des relations.

Note importante : Les utilisateurs sont détachés de l'équipe mais ne perdent pas leurs droits globaux d'accès au portail.
RESPONSE (204 No Content) 
{
                "success": true,
                "timestamp": "2026-02-13T10:25:00Z",
                "data": {
                  "teamId": "uuid-99",
                  "unassignedUsersCount": 14
                }
              }

Authentication & Service Accounts

POST /api/v1/auth/token

Generate a short-lived access token using OAuth2 Client Credentials flow. Designed for CI/CD pipelines, automation systems, and CLI integrations.

Property Type Description
grant_type string Must be set to client_credentials.
client_id string Unique identifier of the Service Account.
client_secret string Secret associated with the Service Account.
scope string Optional space-separated scopes (e.g. scan:execute project:read).
REQUEST application/x-www-form-urlencoded 
            grant_type=client_credentials&
            client_id=sd_ci_cd_123&
            client_secret=**************&
            scope=scan:execute project:read
RESPONSE (200 OK) JSON 
{
              "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
              "token_type": "Bearer",
              "expires_in": 3600,
              "scope": "scan:execute project:read"
            }
GET Authorization Header

All API requests must include the generated Bearer token in the Authorization header.

Header Type Description
Authorization string Format: Bearer <access_token>
REQUEST HEADER HTTP 
              Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...
RESPONSE (401 Unauthorized) JSON 
{
                "error": "invalid_token",
                "error_description": "The access token is expired or invalid."
              }
GET /api/v1/auth/scopes

Retrieve the list of available scopes for Service Accounts.

Scope Description
scan:execute Execute security scans.
project:read Read project configuration and results.
project:write Modify project configuration.
admin:teams Manage teams and members.
RESPONSE (200 OK) JSON 
[
  "scan:execute",
  "project:read",
  "project:write",
  "admin:teams"
]
POST /api/v1/auth/tokens

Génère un jeton d'accès (Access Token) à courte durée de vie ou une API Key permanente pour l'automatisation CI/CD.

ChampTypeDescription
token_namestringNom descriptif pour identifier l'usage (ex: "Jenkins-Build-Server").
expires_inintegerExpiration en secondes (0 pour permanent).
REQUEST BODYJSON
{
  "token_name": "CI-Automation-Token",
  "scope": "applied-permissions/user",
  "expires_in": 3600,
  "refreshable": true
}

Governance & Security Policies

POST /api/v1/policies

Définit des règles de conformité automatiques. Permet de bloquer des builds si des vulnérabilités critiques ou des licences interdites sont détectées.

PropriétéTypeDescription
policy_typeenum"security", "license", ou "operational".
fail_buildbooleanSi vrai, renvoie un code d'erreur à la CI en cas de violation.
REQUEST BODYJSON
{
  "name": "Strict-Production-Policy",
  "description": "Block Critical CVEs and AGPL Licenses",
  "type": "security",
  "rules": [
    {
      "name": "No-Critical-Vulnerabilities",
      "criteria": {
        "min_severity": "Critical",
        "fix_available": true
      },
      "actions": {
        "fail_build": true,
        "notify_emails": ["security-ops@company.com"]
      }
    }
  ]
}

Advanced Component Analysis

GET /api/v1/component/details

Analyse profonde d'un composant spécifique (ex: une librairie npm ou maven) pour obtenir l'arbre de dépendances complet et l'analyse de risque opérationnel.

RESPONSE (200 OK)JSON
{
      "component_id": "pkg:npm/lodash@4.17.21",
      "package_type": "npm",
      "violation_count": 1,
      "vulnerabilities": [
        {
          "cve": "CVE-2021-23337",
          "cvss_score": 7.5,
          "severity": "High",
          "summary": "Command Injection vulnerability in lodash..."
        }
      ],
      "license_analysis": {
        "declared": "MIT",
        "observed": "MIT",
        "copyleft": false
      }
    }

Manifest Scan

POST /api/v1/projects/{project_uuid}/scan/manifest

Perform a dependency analysis using a supported manifest file. The project must already exist within an application. If the project does not exist, the API will return an error.

Property Type Description
project_uuid UUID (path) Unique identifier of the existing project.
file multipart/form-data Manifest file (pom.xml, package.json, etc.).
REQUEST multipart/form-data 
POST /api/v1/projects/123e4567-e89b-12d3-a456-426614174000/scan/manifest
Authorization: Bearer eyJhbGciOi...

file=@pom.xml
RESPONSE (202 Accepted) JSON 
{
  "scan_id": "scan_789456",
  "project_uuid": "123e4567-e89b-12d3-a456-426614174000",
  "status": "queued"
}
RESPONSE (404 Not Found) JSON 
{
  "error": "project_not_found",
  "message": "The specified project does not exist."
}

Source Code Scan

POST /api/v1/projects/{project_uuid}/scan/source

Perform deep dependency and usage analysis by uploading the full project archive. Includes dependency resolution, transitive graph analysis, and vulnerability usage detection.

Property Type Description
project_uuid UUID (path) Unique identifier of the existing project.
archive multipart/form-data Zipped source code archive (.zip).
REQUEST multipart/form-data 
POST /api/v1/projects/{project_uuid}/scan/source
Authorization: Bearer eyJhbGciOi...

archive=@project.zip
RESPONSE (202 Accepted) JSON 
{
  "scan_id": "scan_998877",
  "analysis_type": "deep",
  "status": "queued"
}

Binary Scan

POST /api/v1/projects/{project_uuid}/scan/binary

Analyze compiled artifacts such as JAR, WAR, DLL, EXE, or production bundles. Intended for artifact validation and supply chain security verification.

Property Type Description
project_uuid UUID (path) Unique identifier of the existing project.
artifact multipart/form-data Compiled binary file or archive.
REQUEST multipart/form-data 
POST /api/v1/projects/{project_uuid}/scan/binary
Authorization: Bearer eyJhbGciOi...

artifact=@application.jar
RESPONSE (202 Accepted) JSON 
{
  "scan_id": "scan_554433",
  "status": "queued"
}

Light Artifact Scan

POST /api/v1/scan/light

Effectue un scan rapide sur un ensemble d'artefacts ou packages pour détecter les vulnérabilités connues et fournir des détails techniques.

PropriétéTypeDescription
groupIdstringPour Maven uniquement : identifiant du groupe (ex: "org.springframework").
artifactIdstringPour Maven uniquement : nom de l'artefact (ex: "spring-core").
namestringPour NPM, PIP, etc. : nom du package (ex: "express").
versionstringVersion du package ou artefact.
managerenumType de gestionnaire : "maven", "npm", "pip", etc.
REQUEST BODYJSON
[
  {"groupId": "org.springframework", "artifactId": "spring-core", "version": "5.3.27", "manager": "maven"},
  {"name": "express", "version": "4.18.2", "manager": "npm"}
]
RESPONSE (200 OK)

Retourne la liste des vulnérabilités détectées pour chaque artefact, avec CVE, description, sévérité, impact CIA, et recommandations.

RESPONSE BODYJSON
[
  {
    "manager": "maven",
    "groupId": "org.springframework",
    "artifactId": "spring-core",
    "version": "5.3.27",
    "vulnerabilities": [
      {
        "cve": "CVE-2022-22965",
        "internalId": "XRAY-12345",
        "description": "Remote Code Execution due to incorrect request binding.",
        "severity": "Critical",
        "ciaImpact": {"confidentiality":"High","integrity":"High","availability":"Medium"},
        "affectedVersions": "<5.3.28",
        "recommendation": "Upgrade to 5.3.28 or later",
        "source": "JFrog Xray"
      }
    ]
  },
  {
    "manager": "npm",
    "name": "express",
    "version": "4.18.2",
    "vulnerabilities": [
      {
        "cve": "CVE-2021-33503",
        "internalId": "CHECKMARX-6789",
        "description": "Prototype pollution vulnerability in Express.",
        "severity": "High",
        "ciaImpact": {"confidentiality":"Medium","integrity":"High","availability":"Low"},
        "affectedVersions": "<4.18.3",
        "recommendation": "Upgrade to 4.18.3 or later",
        "source": "Checkmarx SCA"
      }
    ]
  }
]

CVE Impact Query

POST /api/v1/cves/projects

Permet de rechercher toutes les applications et projets affectés par une ou plusieurs CVE, avec information sur l'utilisation effective dans le code source.

PropriétéTypeDescription
cve_idsarray[string]Liste des identifiants CVE à rechercher (ex: ["CVE-2022-22965", "CVE-2021-33503"]).
REQUEST BODYJSON
{
  "cve_ids": ["CVE-2022-22965", "CVE-2021-33503"]
}
RESPONSE (200 OK)

Retourne pour chaque CVE la liste des applications et projets impactés, le nombre d’occurrences, et les fichiers/lignes où la dépendance vulnérable est utilisée.

RESPONSE BODYJSON
[
  {
    "cve_id": "CVE-2022-22965",
    "description": "Remote Code Execution due to incorrect request binding in Spring Core.",
    "applications": [
      {
        "application_name": "FinTrack",
        "projects": [
          {
            "project_name": "FinTrack-Backend",
            "occurrences": 2,
            "usage_in_code": {
              "used": true,
              "locations": [
                {"file": "src/main/java/com/fintrack/service/TransactionService.java", "lines": [50, 102]},
                {"file": "src/main/java/com/fintrack/util/SecurityUtils.java", "lines": [15]}
              ]
            }
          },
          {
            "project_name": "FinTrack-UI",
            "occurrences": 1,
            "usage_in_code": {
              "used": false,
              "locations": []
            }
          }
        ]
      },
      {
        "application_name": "HealthPortal",
        "projects": [
          {
            "project_name": "HealthPortal-API",
            "occurrences": 1,
            "usage_in_code": {
              "used": true,
              "locations": [
                {"file": "src/main/java/com/healthportal/controller/PatientController.java", "lines": [30, 45]}
              ]
            }
          }
        ]
      }
    ]
  },
  {
    "cve_id": "CVE-2021-33503",
    "description": "Prototype pollution vulnerability in Express.",
    "applications": [
      {
        "application_name": "ShopEase",
        "projects": [
          {
            "project_name": "ShopEase-API",
            "occurrences": 3,
            "usage_in_code": {
              "used": true,
              "locations": [
                {"file": "src/server.js", "lines": [12, 58]},
                {"file": "src/routes/product.js", "lines": [22]}
              ]
            }
          },
          {
            "project_name": "ShopEase-Web",
            "occurrences": 2,
            "usage_in_code": {
              "used": false,
              "locations": []
            }
          }
        ]
      },
      {
        "application_name": "EduLearn",
        "projects": [
          {
            "project_name": "EduLearn-Frontend",
            "occurrences": 1,
            "usage_in_code": {
              "used": false,
              "locations": []
            }
          }
        ]
      }
    ]
  }
]

CVE Impact Query

POST /api/v1/cves/projects

Permet de rechercher toutes les applications et projets affectés par une ou plusieurs CVE, avec information sur l'utilisation effective dans le code source.

PropriétéTypeDescription
cve_idsarray[string]Liste des identifiants CVE à rechercher (ex: ["CVE-2022-22965", "CVE-2021-33503"]).
REQUEST BODYJSON
{
  "cve_ids": ["CVE-2022-22965", "CVE-2021-33503"]
}
RESPONSE (200 OK)

Retourne pour chaque CVE la liste des applications et projets impactés, le nombre d’occurrences, et les fichiers/lignes où la dépendance vulnérable est utilisée.

RESPONSE BODYJSON
[
  {
    "cve_id": "CVE-2022-22965",
    "description": "Remote Code Execution due to incorrect request binding in Spring Core.",
    "applications": [
      {
        "application_name": "FinTrack",
        "projects": [
          {
            "project_name": "FinTrack-Backend",
            "occurrences": 2,
            "usage_in_code": {
              "used": true,
              "locations": [
                {"file": "src/main/java/com/fintrack/service/TransactionService.java", "lines": [50, 102]},
                {"file": "src/main/java/com/fintrack/util/SecurityUtils.java", "lines": [15]}
              ]
            }
          },
          {
            "project_name": "FinTrack-UI",
            "occurrences": 1,
            "usage_in_code": {
              "used": false,
              "locations": []
            }
          }
        ]
      },
      {
        "application_name": "HealthPortal",
        "projects": [
          {
            "project_name": "HealthPortal-API",
            "occurrences": 1,
            "usage_in_code": {
              "used": true,
              "locations": [
                {"file": "src/main/java/com/healthportal/controller/PatientController.java", "lines": [30, 45]}
              ]
            }
          }
        ]
      }
    ]
  },
  {
    "cve_id": "CVE-2021-33503",
    "description": "Prototype pollution vulnerability in Express.",
    "applications": [
      {
        "application_name": "ShopEase",
        "projects": [
          {
            "project_name": "ShopEase-API",
            "occurrences": 3,
            "usage_in_code": {
              "used": true,
              "locations": [
                {"file": "src/server.js", "lines": [12, 58]},
                {"file": "src/routes/product.js", "lines": [22]}
              ]
            }
          },
          {
            "project_name": "ShopEase-Web",
            "occurrences": 2,
            "usage_in_code": {
              "used": false,
              "locations": []
            }
          }
        ]
      },
      {
        "application_name": "EduLearn",
        "projects": [
          {
            "project_name": "EduLearn-Frontend",
            "occurrences": 1,
            "usage_in_code": {
              "used": false,
              "locations": []
            }
          }
        ]
      }
    ]
  }
]

Schedule a meeting to discover our full API catalog and advanced integration capabilities.

Book a Technical Demo

Contact Us

Global Support - Available 24/7 for Enterprise Partners

contact@sdepend.com

Secure Your Supply Chain

Search vulnerabilities by package, version, and ecosystem. Understand risk. Prioritize faster. Analyze real impact.

Resources
Stay Protected

© 2026 SDepender. All Rights Reserved.