openapi: 3.0.3 info: title: ARMO Platform API description: >- The ARMO Platform API exposes ARMO's cloud-native and Kubernetes security data over REST. ARMO is the company behind the open-source Kubescape project; ARMO Platform is a runtime-driven CNAPP covering Kubernetes Security Posture Management (KSPM), vulnerability and image scanning, compliance frameworks, network and seccomp policy generation, security-risk correlation, attack chains, and runtime Cloud Application Detection and Response (CADR). Authentication uses an account access key (Agent Access Key) generated in the ARMO Platform under Settings, sent in the `X-API-KEY` request header. Requests are made against the regional base URL - `https://api.armosec.io/api/v1` for the EU region or `https://api.us.armosec.io/api/v1` for the US region. This description is honestly modeled from ARMO's public API reference and OpenAPI/Swagger documentation. Paths and methods reflect the documented reference; request and response schemas are simplified and returned data requires a connected ARMO account with reporting clusters. Verify exact payloads against the live Swagger UI at https://api.armosec.io/openapi/v2/swaggerui. version: '1.0' contact: name: ARMO url: https://www.armosec.io license: name: ARMO Platform Terms url: https://www.armosec.io/terms-of-service/ servers: - url: https://api.armosec.io/api/v1 description: EU region - url: https://api.us.armosec.io/api/v1 description: US region security: - apiKeyAuth: [] tags: - name: Vulnerabilities description: Image and workload vulnerability scanning and results. - name: Posture description: KSPM posture and compliance framework results. - name: Clusters description: Connected clusters and workloads. - name: Runtime description: Runtime incidents (CADR), network and runtime policies. - name: Security Risks description: Correlated security risks and attack chains. - name: Registry description: Container registry scanning. - name: Integrations description: Jira and collaboration/notification integrations. - name: Access Keys description: Account API access key management. paths: /vulnerability/scan: post: operationId: issueVulnerabilityScan tags: - Vulnerabilities summary: Issue a vulnerability scan description: Issues a vulnerability scan for a specific context or workload. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ScanRequest' responses: '200': description: Scan accepted. content: application/json: schema: $ref: '#/components/schemas/GenericResponse' '401': $ref: '#/components/responses/Unauthorized' /vulnerability/scanResults/summary: post: operationId: getVulnerabilityScanSummary tags: - Vulnerabilities summary: Get vulnerability scan summary description: Returns a summary of a vulnerability scan. requestBody: $ref: '#/components/requestBodies/ListQuery' responses: '200': description: Scan summary. content: application/json: schema: $ref: '#/components/schemas/GenericResponse' '401': $ref: '#/components/responses/Unauthorized' /vulnerability/scanResults/details: post: operationId: getVulnerabilityScanDetails tags: - Vulnerabilities summary: Get vulnerability scan details description: Returns a detailed list of vulnerabilities from a scan. requestBody: $ref: '#/components/requestBodies/ListQuery' responses: '200': description: Detailed vulnerability list. content: application/json: schema: $ref: '#/components/schemas/ListResponse' '401': $ref: '#/components/responses/Unauthorized' /vulnerability/severity: post: operationId: getVulnerabilitySeverity tags: - Vulnerabilities summary: Get vulnerability severity roll-up description: Returns severity "big numbers" from the latest scan. requestBody: $ref: '#/components/requestBodies/ListQuery' responses: '200': description: Severity roll-up. content: application/json: schema: $ref: '#/components/schemas/GenericResponse' '401': $ref: '#/components/responses/Unauthorized' /vulnerability/topVulnerabilities: post: operationId: getTopVulnerabilities tags: - Vulnerabilities summary: Get top vulnerabilities description: Returns the list of top vulnerabilities. requestBody: $ref: '#/components/requestBodies/ListQuery' responses: '200': description: Top vulnerabilities. content: application/json: schema: $ref: '#/components/schemas/ListResponse' '401': $ref: '#/components/responses/Unauthorized' /vulnerabilities/list: post: operationId: listVulnerabilities tags: - Vulnerabilities summary: List vulnerabilities description: Retrieves a filtered, paginated list of vulnerabilities (CVEs). requestBody: $ref: '#/components/requestBodies/ListQuery' responses: '200': description: A list of vulnerabilities. content: application/json: schema: $ref: '#/components/schemas/ListResponse' '401': $ref: '#/components/responses/Unauthorized' /vulnerabilities/components/list: post: operationId: listVulnerabilitiesByComponent tags: - Vulnerabilities summary: List vulnerabilities by component description: Retrieves vulnerabilities scoped to software components/packages. requestBody: $ref: '#/components/requestBodies/ListQuery' responses: '200': description: A list of vulnerabilities by component. content: application/json: schema: $ref: '#/components/schemas/ListResponse' '401': $ref: '#/components/responses/Unauthorized' /vulnerabilities/images/list: post: operationId: listVulnerabilitiesByImage tags: - Vulnerabilities summary: List vulnerabilities by image description: Retrieves vulnerabilities scoped to container images. requestBody: $ref: '#/components/requestBodies/ListQuery' responses: '200': description: A list of vulnerabilities by image. content: application/json: schema: $ref: '#/components/schemas/ListResponse' '401': $ref: '#/components/responses/Unauthorized' /vulnerability/exception: get: operationId: listVulnerabilityExceptions tags: - Vulnerabilities summary: List vulnerability exceptions responses: '200': description: Vulnerability exceptions. content: application/json: schema: $ref: '#/components/schemas/ListResponse' '401': $ref: '#/components/responses/Unauthorized' post: operationId: createVulnerabilityException tags: - Vulnerabilities summary: Create a vulnerability exception requestBody: $ref: '#/components/requestBodies/GenericBody' responses: '200': description: Created. content: application/json: schema: $ref: '#/components/schemas/GenericResponse' '401': $ref: '#/components/responses/Unauthorized' put: operationId: updateVulnerabilityException tags: - Vulnerabilities summary: Update a vulnerability exception requestBody: $ref: '#/components/requestBodies/GenericBody' responses: '200': description: Updated. content: application/json: schema: $ref: '#/components/schemas/GenericResponse' '401': $ref: '#/components/responses/Unauthorized' delete: operationId: deleteVulnerabilityException tags: - Vulnerabilities summary: Delete a vulnerability exception responses: '200': description: Deleted. content: application/json: schema: $ref: '#/components/schemas/GenericResponse' '401': $ref: '#/components/responses/Unauthorized' /posture/frameworks: post: operationId: getPostureFrameworks tags: - Posture summary: Get posture scan summary per framework description: Returns the scan summary for each compliance framework. requestBody: $ref: '#/components/requestBodies/ListQuery' responses: '200': description: Per-framework summaries. content: application/json: schema: $ref: '#/components/schemas/ListResponse' '401': $ref: '#/components/responses/Unauthorized' /posture/controls: post: operationId: getPostureControls tags: - Posture summary: Get posture control results description: Returns the list of posture controls and their run results. requestBody: $ref: '#/components/requestBodies/ListQuery' responses: '200': description: Control results. content: application/json: schema: $ref: '#/components/schemas/ListResponse' '401': $ref: '#/components/responses/Unauthorized' /posture/controls/sections: post: operationId: getPostureControlSections tags: - Posture summary: Get framework sections requestBody: $ref: '#/components/requestBodies/ListQuery' responses: '200': description: Framework sections. content: application/json: schema: $ref: '#/components/schemas/ListResponse' '401': $ref: '#/components/responses/Unauthorized' /posture/resources: post: operationId: getPostureResources tags: - Posture summary: Get resources affected by posture issues requestBody: $ref: '#/components/requestBodies/ListQuery' responses: '200': description: Affected resources. content: application/json: schema: $ref: '#/components/schemas/ListResponse' '401': $ref: '#/components/responses/Unauthorized' /posture/exception: get: operationId: listPostureExceptions tags: - Posture summary: List posture exceptions responses: '200': description: Posture exceptions. content: application/json: schema: $ref: '#/components/schemas/ListResponse' '401': $ref: '#/components/responses/Unauthorized' post: operationId: createPostureException tags: - Posture summary: Create a posture exception requestBody: $ref: '#/components/requestBodies/GenericBody' responses: '200': description: Created. content: application/json: schema: $ref: '#/components/schemas/GenericResponse' '401': $ref: '#/components/responses/Unauthorized' put: operationId: updatePostureException tags: - Posture summary: Update a posture exception requestBody: $ref: '#/components/requestBodies/GenericBody' responses: '200': description: Updated. content: application/json: schema: $ref: '#/components/schemas/GenericResponse' '401': $ref: '#/components/responses/Unauthorized' delete: operationId: deletePostureException tags: - Posture summary: Delete a posture exception responses: '200': description: Deleted. content: application/json: schema: $ref: '#/components/schemas/GenericResponse' '401': $ref: '#/components/responses/Unauthorized' /repositoryPosture/repositories: post: operationId: getRepositoryPostureRepositories tags: - Posture summary: Get repository (IaC) posture summary by repository requestBody: $ref: '#/components/requestBodies/ListQuery' responses: '200': description: Repository posture summary. content: application/json: schema: $ref: '#/components/schemas/ListResponse' '401': $ref: '#/components/responses/Unauthorized' /repositoryPosture/failedControls: post: operationId: getRepositoryPostureFailedControls tags: - Posture summary: Get failed controls summary for repository posture requestBody: $ref: '#/components/requestBodies/ListQuery' responses: '200': description: Failed controls summary. content: application/json: schema: $ref: '#/components/schemas/ListResponse' '401': $ref: '#/components/responses/Unauthorized' /clusters/overtime: post: operationId: getClustersOvertime tags: - Clusters summary: Get clusters list with history description: Returns the list of connected clusters with historical posture over time. requestBody: $ref: '#/components/requestBodies/ListQuery' responses: '200': description: Clusters with history. content: application/json: schema: $ref: '#/components/schemas/ListResponse' '401': $ref: '#/components/responses/Unauthorized' /workload/list: post: operationId: listWorkloads tags: - Clusters summary: List workloads description: Retrieves workloads with their vulnerability and posture context. requestBody: $ref: '#/components/requestBodies/ListQuery' responses: '200': description: A list of workloads. content: application/json: schema: $ref: '#/components/schemas/ListResponse' '401': $ref: '#/components/responses/Unauthorized' /security/risks: get: operationId: listSecurityRisks tags: - Security Risks summary: List security risks description: Retrieves the list of correlated security risks. responses: '200': description: A list of security risks. content: application/json: schema: $ref: '#/components/schemas/ListResponse' '401': $ref: '#/components/responses/Unauthorized' /security/risks/resources: get: operationId: listSecurityRiskResources tags: - Security Risks summary: List security-risk resources description: Retrieves resources associated with security risks. responses: '200': description: A list of resources. content: application/json: schema: $ref: '#/components/schemas/ListResponse' '401': $ref: '#/components/responses/Unauthorized' /security/risks/severities: get: operationId: getSecurityRiskSeverities tags: - Security Risks summary: Get security-risk severity summary responses: '200': description: Severity summary. content: application/json: schema: $ref: '#/components/schemas/GenericResponse' '401': $ref: '#/components/responses/Unauthorized' /attack/chains: get: operationId: getAttackChains tags: - Security Risks summary: Get attack chains description: Retrieves attack chains matching the provided filters. responses: '200': description: Attack chains. content: application/json: schema: $ref: '#/components/schemas/ListResponse' '401': $ref: '#/components/responses/Unauthorized' /runtime/incidents: get: operationId: listRuntimeIncidents tags: - Runtime summary: List runtime incidents description: Retrieves all runtime incidents detected by ARMO's runtime sensor. responses: '200': description: A list of runtime incidents. content: application/json: schema: $ref: '#/components/schemas/ListResponse' '401': $ref: '#/components/responses/Unauthorized' /runtime/incidents/severity: get: operationId: getRuntimeIncidentsSeverity tags: - Runtime summary: Get runtime incidents grouped by severity responses: '200': description: Incidents grouped by severity. content: application/json: schema: $ref: '#/components/schemas/GenericResponse' '401': $ref: '#/components/responses/Unauthorized' /runtime/incidents/{incidentGUID}/alerts: parameters: - $ref: '#/components/parameters/IncidentGUID' get: operationId: getRuntimeIncidentAlerts tags: - Runtime summary: Get alerts for an incident responses: '200': description: Incident alerts. content: application/json: schema: $ref: '#/components/schemas/ListResponse' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' /runtime/incidents/{incidentGUID}/explain: parameters: - $ref: '#/components/parameters/IncidentGUID' post: operationId: explainRuntimeIncident tags: - Runtime summary: Explain a runtime incident description: Returns a detailed explanation for the specified incident. responses: '200': description: Incident explanation. content: application/json: schema: $ref: '#/components/schemas/GenericResponse' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' /runtime/incidents/{incidentGUID}/resolve: parameters: - $ref: '#/components/parameters/IncidentGUID' post: operationId: resolveRuntimeIncident tags: - Runtime summary: Resolve a runtime incident responses: '200': description: Resolved. content: application/json: schema: $ref: '#/components/schemas/GenericResponse' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' /runtime/incidents/{incidentGUID}/unresolve: parameters: - $ref: '#/components/parameters/IncidentGUID' post: operationId: unresolveRuntimeIncident tags: - Runtime summary: Unresolve a runtime incident responses: '200': description: Unresolved. content: application/json: schema: $ref: '#/components/schemas/GenericResponse' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' /network/policies: get: operationId: listNetworkPolicies tags: - Runtime summary: List network policies description: Retrieves generated Kubernetes network policies. responses: '200': description: Network policies. content: application/json: schema: $ref: '#/components/schemas/ListResponse' '401': $ref: '#/components/responses/Unauthorized' /network/policies/generate: post: operationId: generateNetworkPolicies tags: - Runtime summary: Generate network policies description: Generates Kubernetes network policies for the specified workloads from observed traffic. requestBody: $ref: '#/components/requestBodies/GenericBody' responses: '200': description: Generated network policies. content: application/json: schema: $ref: '#/components/schemas/GenericResponse' '401': $ref: '#/components/responses/Unauthorized' /runtime/seccomp/list: get: operationId: listSeccompProfiles tags: - Runtime summary: List seccomp resources responses: '200': description: Seccomp resources. content: application/json: schema: $ref: '#/components/schemas/ListResponse' '401': $ref: '#/components/responses/Unauthorized' /runtime/seccomp/generate: post: operationId: generateSeccompProfiles tags: - Runtime summary: Generate seccomp profiles requestBody: $ref: '#/components/requestBodies/GenericBody' responses: '200': description: Generated seccomp profiles. content: application/json: schema: $ref: '#/components/schemas/GenericResponse' '401': $ref: '#/components/responses/Unauthorized' /runtime/policy/create: post: operationId: createRuntimePolicy tags: - Runtime summary: Create a runtime policy requestBody: $ref: '#/components/requestBodies/GenericBody' responses: '200': description: Created. content: application/json: schema: $ref: '#/components/schemas/GenericResponse' '401': $ref: '#/components/responses/Unauthorized' /runtime/policy/exception/create: post: operationId: createRuntimePolicyException tags: - Runtime summary: Create a runtime policy exception requestBody: $ref: '#/components/requestBodies/GenericBody' responses: '200': description: Created. content: application/json: schema: $ref: '#/components/schemas/GenericResponse' '401': $ref: '#/components/responses/Unauthorized' /registry/scan: post: operationId: issueRegistryScan tags: - Registry summary: Issue a registry scan or set scheduler description: Issues a container registry scan or sets a scan scheduler (cron). requestBody: $ref: '#/components/requestBodies/GenericBody' responses: '200': description: Scan accepted. content: application/json: schema: $ref: '#/components/schemas/GenericResponse' '401': $ref: '#/components/responses/Unauthorized' put: operationId: updateRegistryScan tags: - Registry summary: Update the registry scan cron job requestBody: $ref: '#/components/requestBodies/GenericBody' responses: '200': description: Updated. content: application/json: schema: $ref: '#/components/schemas/GenericResponse' '401': $ref: '#/components/responses/Unauthorized' delete: operationId: deleteRegistryScan tags: - Registry summary: Delete the registry scan cron job responses: '200': description: Deleted. content: application/json: schema: $ref: '#/components/schemas/GenericResponse' '401': $ref: '#/components/responses/Unauthorized' /integrations/jira/config: get: operationId: getJiraConfig tags: - Integrations summary: Get Jira configuration responses: '200': description: Jira configuration. content: application/json: schema: $ref: '#/components/schemas/GenericResponse' '401': $ref: '#/components/responses/Unauthorized' post: operationId: saveJiraConfig tags: - Integrations summary: Save Jira configuration requestBody: $ref: '#/components/requestBodies/GenericBody' responses: '200': description: Saved. content: application/json: schema: $ref: '#/components/schemas/GenericResponse' '401': $ref: '#/components/responses/Unauthorized' /integrations/jira/issueV2: post: operationId: createJiraIssue tags: - Integrations summary: Create a Jira issue (ticket) description: Creates a Jira issue/ticket from an ARMO finding. requestBody: $ref: '#/components/requestBodies/GenericBody' responses: '200': description: Created. content: application/json: schema: $ref: '#/components/schemas/GenericResponse' '401': $ref: '#/components/responses/Unauthorized' /collaboration/config: post: operationId: createCollaborationConfig tags: - Integrations summary: Create a collaboration configuration requestBody: $ref: '#/components/requestBodies/GenericBody' responses: '200': description: Created. content: application/json: schema: $ref: '#/components/schemas/GenericResponse' '401': $ref: '#/components/responses/Unauthorized' /collaboration/share: post: operationId: shareCollaboration tags: - Integrations summary: Share data using a collaboration config requestBody: $ref: '#/components/requestBodies/GenericBody' responses: '200': description: Shared. content: application/json: schema: $ref: '#/components/schemas/GenericResponse' '401': $ref: '#/components/responses/Unauthorized' /authentication/accessKeys: get: operationId: listAccessKeys tags: - Access Keys summary: List access keys responses: '200': description: A list of access keys. content: application/json: schema: $ref: '#/components/schemas/ListResponse' '401': $ref: '#/components/responses/Unauthorized' post: operationId: createAccessKey tags: - Access Keys summary: Create an access key requestBody: $ref: '#/components/requestBodies/GenericBody' responses: '200': description: Created access key. content: application/json: schema: $ref: '#/components/schemas/GenericResponse' '401': $ref: '#/components/responses/Unauthorized' put: operationId: updateAccessKey tags: - Access Keys summary: Update an access key requestBody: $ref: '#/components/requestBodies/GenericBody' responses: '200': description: Updated. content: application/json: schema: $ref: '#/components/schemas/GenericResponse' '401': $ref: '#/components/responses/Unauthorized' /authentication/accessKeys/{guid}: parameters: - name: guid in: path required: true description: The GUID of the access key. schema: type: string get: operationId: getAccessKey tags: - Access Keys summary: Get an access key by GUID responses: '200': description: The access key. content: application/json: schema: $ref: '#/components/schemas/GenericResponse' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' delete: operationId: deleteAccessKey tags: - Access Keys summary: Delete an access key responses: '200': description: Deleted. content: application/json: schema: $ref: '#/components/schemas/GenericResponse' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' components: securitySchemes: apiKeyAuth: type: apiKey in: header name: X-API-KEY description: >- Account access key (Agent Access Key) generated in ARMO Platform under Settings, sent in the X-API-KEY header. parameters: IncidentGUID: name: incidentGUID in: path required: true description: The GUID of the runtime incident. schema: type: string requestBodies: ListQuery: required: false content: application/json: schema: $ref: '#/components/schemas/ListQuery' GenericBody: required: true content: application/json: schema: type: object additionalProperties: true responses: Unauthorized: description: Missing or invalid X-API-KEY. content: application/json: schema: $ref: '#/components/schemas/Error' NotFound: description: The requested resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' schemas: Error: type: object properties: error: type: string message: type: string GenericResponse: type: object additionalProperties: true ListQuery: type: object description: >- ARMO's list endpoints accept a common query body with pagination, sorting, and field filters. Exact filter keys vary per resource. properties: pageSize: type: integer default: 50 pageNum: type: integer default: 1 orderBy: type: string innerFilters: type: array items: type: object additionalProperties: true since: type: string format: date-time ListResponse: type: object properties: total: type: object properties: value: type: integer response: type: array items: type: object additionalProperties: true additionalProperties: true