{"activeVersionTag":"latest","latestAvailableVersionTag":"latest","collection":{"info":{"_postman_id":"13dd02af-9871-4f95-a5d1-d715dd0afd28","name":"SecurityLab-API","description":"<img src=\"https://content.pstmn.io/45b2d6d1-bc41-49b8-a3f4-3ac6ec713d8e/c2VjbGFiX2Jhbm5lci5QTkc=\">\n\n> Author: Daniele Bertocchi \\[[daniele.bertocchi@faactechnologies.com](https://mailto:daniele.bertocchi@faactechnologies.com)\\]  \nAuthor: Patrick Montanari \\[[patrick.montanari@faactecnologies.com](https://mailto:patrick.montanari@faactecnologies.com)\\] \n  \n\n# SBOM API Endpoints Reference\n\nThis document lists all the API endpoints related to the **products-sbom-vulnerability-scanner** service, including component management, vulnerability scanning, AI enrichment, and reporting.\n\n## Base URL\n\nAll endpoints are relative to: `http://:/` (e.g., `http://127.0.0.1:2999/`)\n\n## Authentication\n\nAll endpoints require a valid **Bearer Token** in the `Authorization` header.  \nAuthorized roles vary depending on the endpoint (typically `admin`, `secops`, `user`).\n\n---\n\n## 1\\. SBOM and Component Management (Parking)\n\nThese endpoints manage the registry of components extracted from the original SBOM files for the Parking sector.\n\n### Import SBOM Data\n\nStarts the process of importing components from the configured SBOM files into the database.\n\n- **URL**: `/sbom/parking/import`\n    \n- **Method**: `POST`\n    \n- **Roles**: `admin`, `supervisor`, `applicationServices`, `secOps`\n    \n\n### Get Component Count\n\nReturns the total number of components imported for a specific product or globally.\n\n- **URL**: `/sbom/parking/stats/count/{productName}`\n    \n- **Method**: `GET`\n    \n- **Path Parameters**: `productName` (optional: `jbl`, `jms`, or `janus-aggregator`)\n    \n\n### Get Build Version\n\nReturns the build version specified in the product's SBOM.\n\n- **URL**: `/sbom/parking/stats/version/{productName}`\n    \n- **Method**: `GET`\n    \n\n### Get CycloneDx Tool Info\n\nReturns information about the format and tool (CycloneDx) used to generate the SBOM.\n\n- **URL**: `/sbom/parking/stats/tool/{productName}`\n    \n- **Method**: `GET`\n    \n\n### Get Aggregated Stats\n\nReturns an aggregated object containing count, version, and tool information in a single call.\n\n- **URL**: `/sbom/parking/stats/{productName}`\n    \n- **Method**: `GET`\n    \n\n### Get All Components\n\nReturns the full list of registered components with their metadata (group, version, type, description).\n\n- **URL**: `/sbom/parking/components/{productName}`\n    \n- **Method**: `GET`\n    \n\n---\n\n## 2\\. Vulnerability Scanner (Analysis and Enrichment)\n\n### Run SBOM Scan\n\nStarts the vulnerability scan for one or more SBOM profiles. The service queries internal databases to find CVEs associated with component CPEs.\n\n- **URL**: `/sbom-scanner`\n    \n- **Method**: `POST`\n    \n- **Body**: Single configuration object or an Array of configurations (for batch scans).\n    \n- **Main Parameters**: `name` (e.g., \"jbl\"), `enrichment` (\"internal\", \"complete\", \"none\"), `saveToDatabase` (boolean).\n    \n\n### AI Enrichment\n\nPerforms intelligent enrichment of discovered vulnerabilities using Artificial Intelligence (LLM) models.\n\n- **URL**: `/sbom-scanner/enrichment`\n    \n- **Method**: `POST`\n    \n- **Body**: Requires `reportId` (to enrich an entire report) or `cveIds` (for a specific list of CVEs). You can override the `llm` configuration (provider, model, apiKey).\n    \n\n---\n\n## 3\\. Scan Reports (SBOM Reports)\n\n### List Reports\n\nRetrieves the chronological list of saved scan reports, with support for pagination and filters.\n\n- **URL**: `/sbom-reports`\n    \n- **Method**: `GET`\n    \n- **Query Params**: `page`, `pageSize`, `productName`, `enrichmentMode`, `fromDate`.\n    \n\n### Get Report Details\n\nRetrieves the complete detail of a scan report, including the list of all vulnerabilities and enrichment data (EPSS, CISA KEV, EUVD, AI).\n\n- **URL**: `/sbom-reports/{id}`\n    \n- **Method**: `GET`\n    \n- **Path Parameters**: `id` (Unique ID of the report).\n    \n\n### Dashboard Aggregate Stats\n\nReturns aggregate statistics on SBOM reports for dashboard visualization (total scans, average vulnerabilities, etc.).\n\n- **URL**: `/sbom-reports/stats/dashboard`\n    \n- **Method**: `GET`\n    \n- **Query Params**: `productName` (optional), `days` (default 30).\n    \n\n---\n\n## 4\\. Vulnerability Statistics (Dashboard UI)\n\nThese endpoints provide aggregated data ready to be displayed in dashboard charts and tables. They support filtering via the `productName` query parameter.\n\n### Total Vulnerabilities Count\n\n- **URL**: `/sbom/parking/vulnerabilities/total`\n    \n- **Method**: `GET`\n    \n\n### Vulnerabilities by Severity\n\nCount of vulnerabilities broken down by severity (Critical, High, Medium, Low, Unknown).\n\n- **URL**: `/sbom/parking/vulnerabilities/severity`\n    \n- **Method**: `GET`\n    \n\n### Components Scanned Count\n\nNumber of components actually analyzed during the scanning process.\n\n- **URL**: `/sbom/parking/vulnerabilities/components-scanned`\n    \n- **Method**: `GET`\n    \n\n### Severity Distribution (Histogram)\n\nDistribution of vulnerabilities grouped by CVSS score with intervals of 0.5 points.\n\n- **URL**: `/sbom/parking/vulnerabilities/distribution`\n    \n- **Method**: `GET`\n    \n\n### Vulnerability Matrix\n\nAverage CVSS scores and total number of CVEs for each component of the product.\n\n- **URL**: `/sbom/parking/vulnerabilities/matrix`\n    \n- **Method**: `GET`\n    \n\n### Detailed Scores\n\nExact count of vulnerabilities for each specific CVSS score (e.g., 9.8, 7.5).\n\n- **URL**: `/sbom/parking/vulnerabilities/score-detailed`\n    \n- **Method**: `GET`\n    \n\n---\n\n## 5\\. Network Graph Visualization\n\n### Graph Nodes\n\nReturns all unique nodes (Components and CVEs) for the graph representation.\n\n- **URL**: `/sbom/parking/network-graph/nodes`\n    \n- **Method**: `GET`\n    \n\n### Graph Links\n\nReturns the relationships (links) between components and their related vulnerabilities, including severity and score.\n\n- **URL**: `/sbom/parking/network-graph/links`\n    \n- **Method**: `GET`\n    \n- **Query Params**: `productName` (optional).","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","isPublicCollection":false,"owner":"9809022","team":2851263,"collectionId":"13dd02af-9871-4f95-a5d1-d715dd0afd28","publishedId":"2sAXxV5pNQ","public":true,"publicUrl":"https://securitylab.api.faactechnologies.com","privateUrl":"https://go.postman.co/documentation/9809022-13dd02af-9871-4f95-a5d1-d715dd0afd28","customColor":{"top-bar":"222e3c","right-sidebar":"303030","highlight":"00bfb4"},"documentationLayout":"classic-single-column","customisation":{"metaTags":[{"name":"description","value":""},{"name":"title","value":"Security Lab Api Documentation"}],"appearance":{"default":"dark","themes":[{"name":"dark","logo":null,"colors":{"top-bar":"222e3c","right-sidebar":"303030","highlight":"00bfb4"}},{"name":"light","logo":null,"colors":{"top-bar":"222e3c","right-sidebar":"303030","highlight":"00bfb4"}}]}},"version":"8.10.1","publishDate":"2025-07-07T11:17:42.000Z","activeVersionTag":"latest","documentationTheme":"light","metaTags":{"title":"Security Lab Api Documentation","description":""},"logos":{"logoLight":null,"logoDark":null}},"statusCode":200},"environments":[],"user":{"authenticated":false,"permissions":{"publish":false}},"run":{"button":{"js":"https://run.pstmn.io/button.js","css":"https://run.pstmn.io/button.css"}},"web":"https://www.getpostman.com/","team":{"logo":"https://res.cloudinary.com/postman/image/upload/t_team_logo_pubdoc/v1/team/fef58b548b49880d84e640a7bf8ddef0b86ef1c7082dea4b8622a5354dedafbb","favicon":"https://res.cloudinary.com/postman/image/upload/v1638537919/team/gvtquqgu9ydokmkqxe5d.ico"},"isEnvFetchError":false,"languages":"[{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"HttpClient\"},{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"RestSharp\"},{\"key\":\"curl\",\"label\":\"cURL\",\"variant\":\"cURL\"},{\"key\":\"dart\",\"label\":\"Dart\",\"variant\":\"http\"},{\"key\":\"go\",\"label\":\"Go\",\"variant\":\"Native\"},{\"key\":\"http\",\"label\":\"HTTP\",\"variant\":\"HTTP\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"OkHttp\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"Unirest\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"Fetch\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"jQuery\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"XHR\"},{\"key\":\"c\",\"label\":\"C\",\"variant\":\"libcurl\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Axios\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Native\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Request\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Unirest\"},{\"key\":\"objective-c\",\"label\":\"Objective-C\",\"variant\":\"NSURLSession\"},{\"key\":\"ocaml\",\"label\":\"OCaml\",\"variant\":\"Cohttp\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"cURL\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"Guzzle\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"HTTP_Request2\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"pecl_http\"},{\"key\":\"powershell\",\"label\":\"PowerShell\",\"variant\":\"RestMethod\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"http.client\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"Requests\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"httr\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"RCurl\"},{\"key\":\"ruby\",\"label\":\"Ruby\",\"variant\":\"Net::HTTP\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"Httpie\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"wget\"},{\"key\":\"swift\",\"label\":\"Swift\",\"variant\":\"URLSession\"}]","languageSettings":[{"key":"csharp","label":"C#","variant":"HttpClient"},{"key":"csharp","label":"C#","variant":"RestSharp"},{"key":"curl","label":"cURL","variant":"cURL"},{"key":"dart","label":"Dart","variant":"http"},{"key":"go","label":"Go","variant":"Native"},{"key":"http","label":"HTTP","variant":"HTTP"},{"key":"java","label":"Java","variant":"OkHttp"},{"key":"java","label":"Java","variant":"Unirest"},{"key":"javascript","label":"JavaScript","variant":"Fetch"},{"key":"javascript","label":"JavaScript","variant":"jQuery"},{"key":"javascript","label":"JavaScript","variant":"XHR"},{"key":"c","label":"C","variant":"libcurl"},{"key":"nodejs","label":"NodeJs","variant":"Axios"},{"key":"nodejs","label":"NodeJs","variant":"Native"},{"key":"nodejs","label":"NodeJs","variant":"Request"},{"key":"nodejs","label":"NodeJs","variant":"Unirest"},{"key":"objective-c","label":"Objective-C","variant":"NSURLSession"},{"key":"ocaml","label":"OCaml","variant":"Cohttp"},{"key":"php","label":"PHP","variant":"cURL"},{"key":"php","label":"PHP","variant":"Guzzle"},{"key":"php","label":"PHP","variant":"HTTP_Request2"},{"key":"php","label":"PHP","variant":"pecl_http"},{"key":"powershell","label":"PowerShell","variant":"RestMethod"},{"key":"python","label":"Python","variant":"http.client"},{"key":"python","label":"Python","variant":"Requests"},{"key":"r","label":"R","variant":"httr"},{"key":"r","label":"R","variant":"RCurl"},{"key":"ruby","label":"Ruby","variant":"Net::HTTP"},{"key":"shell","label":"Shell","variant":"Httpie"},{"key":"shell","label":"Shell","variant":"wget"},{"key":"swift","label":"Swift","variant":"URLSession"}],"languageOptions":[{"label":"C# - HttpClient","value":"csharp - HttpClient - C#"},{"label":"C# - RestSharp","value":"csharp - RestSharp - C#"},{"label":"cURL - cURL","value":"curl - cURL - cURL"},{"label":"Dart - http","value":"dart - http - Dart"},{"label":"Go - Native","value":"go - Native - Go"},{"label":"HTTP - HTTP","value":"http - HTTP - HTTP"},{"label":"Java - OkHttp","value":"java - OkHttp - Java"},{"label":"Java - Unirest","value":"java - Unirest - Java"},{"label":"JavaScript - Fetch","value":"javascript - Fetch - JavaScript"},{"label":"JavaScript - jQuery","value":"javascript - jQuery - JavaScript"},{"label":"JavaScript - XHR","value":"javascript - XHR - JavaScript"},{"label":"C - libcurl","value":"c - libcurl - C"},{"label":"NodeJs - Axios","value":"nodejs - Axios - NodeJs"},{"label":"NodeJs - Native","value":"nodejs - Native - NodeJs"},{"label":"NodeJs - Request","value":"nodejs - Request - NodeJs"},{"label":"NodeJs - Unirest","value":"nodejs - Unirest - NodeJs"},{"label":"Objective-C - NSURLSession","value":"objective-c - NSURLSession - Objective-C"},{"label":"OCaml - Cohttp","value":"ocaml - Cohttp - OCaml"},{"label":"PHP - cURL","value":"php - cURL - PHP"},{"label":"PHP - Guzzle","value":"php - Guzzle - PHP"},{"label":"PHP - HTTP_Request2","value":"php - HTTP_Request2 - PHP"},{"label":"PHP - pecl_http","value":"php - pecl_http - PHP"},{"label":"PowerShell - RestMethod","value":"powershell - RestMethod - PowerShell"},{"label":"Python - http.client","value":"python - http.client - Python"},{"label":"Python - Requests","value":"python - Requests - Python"},{"label":"R - httr","value":"r - httr - R"},{"label":"R - RCurl","value":"r - RCurl - R"},{"label":"Ruby - Net::HTTP","value":"ruby - Net::HTTP - Ruby"},{"label":"Shell - Httpie","value":"shell - Httpie - Shell"},{"label":"Shell - wget","value":"shell - wget - Shell"},{"label":"Swift - URLSession","value":"swift - URLSession - Swift"}],"layoutOptions":[{"value":"classic-single-column","label":"Single Column"},{"value":"classic-double-column","label":"Double Column"}],"versionOptions":[],"environmentOptions":[{"value":"0","label":"No Environment"}],"canonicalUrl":"https://securitylab.api.faactechnologies.com/view/metadata/2sAXxV5pNQ"}