openapi: 3.0.0 info: description: Socket full scans API endpoints. title: Socket Full Scans API version: '0' servers: - url: https://api.socket.dev/v0 paths: /orgs/{org_slug}/full-scans: get: tags: - full-scans summary: List full scans operationId: getOrgFullScanList parameters: - name: org_slug in: path required: true description: The slug of the organization schema: type: string - name: sort in: query required: false description: Specify Sort order. schema: type: string enum: - name - created_at default: created_at - name: direction in: query required: false description: Specify sort direction. schema: type: string enum: - asc - desc default: desc - name: per_page in: query required: false description: Specify the maximum number of results to return per page. schema: type: integer minimum: 1 maximum: 100 default: 30 - name: page in: query required: false description: The page number to return when using offset-style pagination. Ignored when cursor pagination is used. schema: type: integer minimum: 1 default: 1 - name: startAfterCursor in: query required: false description: Cursor token for pagination. Pass the returned nextPageCursor from previous responses to fetch the next set of results. schema: type: string - name: use_cursor in: query required: false description: Set to true on the first request to opt into cursor-based pagination. schema: type: boolean default: false - name: from in: query required: false description: A Unix timestamp in seconds that filters full-scans prior to the date. schema: type: string - name: workspace in: query required: false description: A repository workspace to filter full-scans by. schema: type: string - name: repo in: query required: false description: A repository slug to filter full-scans by. schema: type: string - name: branch in: query required: false description: A branch name to filter full-scans by. schema: type: string - name: pull_request in: query required: false description: A PR number to filter full-scans by. schema: type: string - name: commit_hash in: query required: false description: A commit hash to filter full-scans by. schema: type: string - name: scan_type in: query required: false description: A scan type to filter full-scans by (e.g. socket, socket_tier1, socket_basics). schema: type: string security: - bearerAuth: - full-scans:list - basicAuth: - full-scans:list description: 'Returns a paginated list of all full scans in an org, excluding SBOM artifacts. This endpoint consumes 1 unit of your quota. This endpoint requires the following org token scopes: - full-scans:list' responses: '200': content: application/json: schema: type: object additionalProperties: false description: '' properties: results: type: array items: type: object additionalProperties: false properties: id: type: string description: '' default: '' created_at: type: string description: '' default: '' updated_at: type: string description: '' default: '' organization_id: type: string description: '' default: '' organization_slug: type: string description: '' default: '' repository_id: type: string description: '' default: '' repository_slug: type: string description: '' default: '' branch: type: string description: '' default: '' nullable: true commit_message: type: string description: '' default: '' nullable: true commit_hash: type: string description: '' default: '' nullable: true pull_request: type: integer description: '' default: 0 nullable: true committers: type: array items: type: string description: '' default: '' description: '' html_url: type: string description: '' default: '' nullable: true api_url: type: string description: '' default: '' nullable: true workspace: type: string description: '' default: '' repo: type: string description: '' default: '' html_report_url: type: string description: '' default: '' integration_type: type: string description: '' default: '' nullable: true integration_repo_url: type: string description: '' default: '' integration_branch_url: type: string description: '' default: '' nullable: true integration_commit_url: type: string description: '' default: '' nullable: true integration_pull_request_url: type: string description: '' default: '' nullable: true scan_type: type: string description: '' default: '' nullable: true scan_state: type: string enum: - pending - precrawl - resolve - scan description: The current processing status of the SBOM default: pending nullable: true description: '' description: '' nextPageCursor: type: string description: '' default: '' nullable: true nextPage: type: integer description: '' default: 0 nullable: true required: - nextPage - nextPageCursor - results description: Lists repositories for the specified organization. The authenticated user must be a member of the organization. '400': $ref: '#/components/responses/SocketBadRequest' '401': $ref: '#/components/responses/SocketUnauthorized' '403': $ref: '#/components/responses/SocketForbidden' '404': $ref: '#/components/responses/SocketNotFoundResponse' '429': $ref: '#/components/responses/SocketTooManyRequestsResponse' x-readme: {} post: tags: - full-scans summary: Create full scan operationId: CreateOrgFullScan parameters: - name: org_slug in: path required: true description: The slug of the organization schema: type: string - name: repo in: query required: true description: The slug of the repository to associate the full-scan with. schema: type: string - name: workspace in: query required: false description: The workspace of the repository to associate the full-scan with. schema: type: string - name: branch in: query required: false description: 'The branch name to associate the full-scan with. Branch names must follow Git branch name rules: be 1–255 characters long; cannot be exactly @; cannot begin or end with /, ., or .lock; cannot contain "//", "..", or "@{"; and cannot include control characters, spaces, or any of ~^:?*[.' schema: type: string - name: commit_message in: query required: false description: The commit message to associate the full-scan with. schema: type: string - name: commit_hash in: query required: false description: The commit hash to associate the full-scan with. schema: type: string - name: pull_request in: query required: false description: The pull request number to associate the full-scan with. schema: type: integer minimum: 1 - name: committers in: query required: false description: The committers to associate with the full-scan. Set query more than once to set multiple. schema: type: string - name: integration_type in: query required: false description: The integration type to associate the full-scan with. Defaults to "Api" if omitted. schema: type: string enum: - api - github - gitlab - bitbucket - azure - web - name: integration_org_slug in: query required: false description: The integration org slug to associate the full-scan with. If omitted, the Socket org name will be used. This is used to generate links and badges. schema: type: string - name: make_default_branch in: query required: false description: Set the default branch of the repository to the branch of this full-scan. A branch name is required with this option. schema: type: boolean default: false - name: set_as_pending_head in: query required: false description: Designate this full-scan as the latest scan of a given branch. Default branch head scans are included in org alerts. This is only supported on the default branch. A branch name is required with this option. schema: type: boolean default: false - name: tmp in: query required: false description: Create a temporary full-scan that is not listed in the reports dashboard. Cannot be used when set_as_pending_head=true. schema: type: boolean default: false - name: scan_type in: query required: false description: The type of scan to perform. Defaults to 'socket'. Must be 32 characters or less. Used for categorizing multiple SBOM heads per repository branch. schema: type: string default: socket requestBody: content: multipart/form-data: schema: type: object additionalProperties: type: string default: type: Buffer data: [] format: binary description: '' properties: {} description: '' required: false security: - bearerAuth: - full-scans:create - basicAuth: - full-scans:create description: 'Create a full scan from a set of package manifest files. Returns a full scan including all SBOM artifacts. To get a list of supported filetypes that can be uploaded in a full-scan, see the [Get supported file types](/reference/getsupportedfiles) endpoint. The maximum number of files you can upload at a time is 5000 and each file can be no bigger than 268 MB. **Query Parameters:** - `scan_type` (optional): The type of scan to perform. Defaults to ''socket''. Must be 32 characters or less. Used for categorizing multiple SBOM heads per repository branch. This endpoint consumes 1 unit of your quota. This endpoint requires the following org token scopes: - full-scans:create' responses: '201': content: application/json: schema: type: object additionalProperties: false properties: id: type: string description: '' default: '' created_at: type: string description: '' default: '' updated_at: type: string description: '' default: '' organization_id: type: string description: '' default: '' organization_slug: type: string description: '' default: '' repository_id: type: string description: '' default: '' repository_slug: type: string description: '' default: '' branch: type: string description: '' default: '' nullable: true commit_message: type: string description: '' default: '' nullable: true commit_hash: type: string description: '' default: '' nullable: true pull_request: type: integer description: '' default: 0 nullable: true committers: type: array items: type: string description: '' default: '' description: '' html_url: type: string description: '' default: '' nullable: true api_url: type: string description: '' default: '' nullable: true workspace: type: string description: '' default: '' repo: type: string description: '' default: '' html_report_url: type: string description: '' default: '' integration_type: type: string description: '' default: '' nullable: true integration_repo_url: type: string description: '' default: '' integration_branch_url: type: string description: '' default: '' nullable: true integration_commit_url: type: string description: '' default: '' nullable: true integration_pull_request_url: type: string description: '' default: '' nullable: true scan_type: type: string description: '' default: '' nullable: true scan_state: type: string enum: - pending - precrawl - resolve - scan description: The current processing status of the SBOM default: pending nullable: true unmatchedFiles: type: array items: type: string description: '' default: '' description: '' description: '' description: The details of the created full scan. '400': $ref: '#/components/responses/SocketBadRequest' '401': $ref: '#/components/responses/SocketUnauthorized' '403': $ref: '#/components/responses/SocketForbidden' '404': $ref: '#/components/responses/SocketNotFoundResponse' '429': $ref: '#/components/responses/SocketTooManyRequestsResponse' x-readme: {} /orgs/{org_slug}/full-scans/{full_scan_id}: get: tags: - full-scans summary: Stream full scan operationId: getOrgFullScan parameters: - name: org_slug in: path required: true description: The slug of the organization schema: type: string - name: full_scan_id in: path required: true description: The ID of the full scan schema: type: string - name: include_alert_priority_details in: query required: false description: Control which alert priority fields to include in the response. Set to "true" to include all fields, "false" to exclude all fields, or specify individual fields like "components,formula" to include only those fields. schema: oneOf: - type: boolean default: false - type: array items: type: string enum: - component - formula default: false - name: include_scores in: query required: true description: Include scores event in the response. include_scores_details implies this flag schema: type: boolean default: false - name: include_scores_details in: query required: false description: Control which score detail fields to include in the scores event. Set to "true" to include all fields, "false" to exclude all fields, or specify individual fields like "components,formula" to include only those fields. schema: oneOf: - type: boolean default: false - type: array items: type: string enum: - components - formula default: false - name: include_license_details in: query required: true description: Include license details in the response. This can increase the response size significantly. schema: type: boolean default: false - name: cached in: query required: false description: Return cached immutable scan results. When enabled and results are cached, returns the pre-computed scan. When results are not yet cached, returns 202 Accepted and enqueues a background job. schema: type: boolean default: false security: - bearerAuth: - full-scans:list - basicAuth: - full-scans:list description: 'Stream all SBOM artifacts for a full scan. This endpoint returns the latest, available alert data for artifacts in the full scan (stale while revalidate). Actively running analysis will be returned when available on subsequent runs. This endpoint consumes 1 unit of your quota. This endpoint requires the following org token scopes: - full-scans:list' responses: '200': content: application/x-ndjson: schema: anyOf: - $ref: '#/components/schemas/SocketArtifact' - type: object additionalProperties: false properties: _type: type: string enum: - scores value: $ref: '#/components/schemas/SocketSBOMScore' required: - _type - value description: Socket issue lists and scores for all packages, followed by a final scores event '202': content: application/json: schema: type: object additionalProperties: false description: '' properties: status: type: string description: '' default: processing id: type: string description: '' default: '' required: - id - status description: Scan is being processed. Poll again later to retrieve results. '400': $ref: '#/components/responses/SocketBadRequest' '401': $ref: '#/components/responses/SocketUnauthorized' '403': $ref: '#/components/responses/SocketForbidden' '404': $ref: '#/components/responses/SocketNotFoundResponse' '429': $ref: '#/components/responses/SocketTooManyRequestsResponse' x-readme: {} delete: tags: - full-scans summary: Delete full scan operationId: deleteOrgFullScan parameters: - name: org_slug in: path required: true description: The slug of the organization schema: type: string - name: full_scan_id in: path required: true description: The ID of the full scan schema: type: string security: - bearerAuth: - full-scans:delete - basicAuth: - full-scans:delete description: 'Delete an existing full scan. This endpoint consumes 1 unit of your quota. This endpoint requires the following org token scopes: - full-scans:delete' responses: '200': content: application/json: schema: type: object additionalProperties: false description: '' properties: status: type: string description: '' default: ok required: - status description: Success '400': $ref: '#/components/responses/SocketBadRequest' '401': $ref: '#/components/responses/SocketUnauthorized' '403': $ref: '#/components/responses/SocketForbidden' '404': $ref: '#/components/responses/SocketNotFoundResponse' '429': $ref: '#/components/responses/SocketTooManyRequestsResponse' x-readme: {} /orgs/{org_slug}/full-scans/{full_scan_id}/metadata: get: tags: - full-scans summary: Get full scan metadata operationId: getOrgFullScanMetadata parameters: - name: org_slug in: path required: true description: The slug of the organization schema: type: string - name: full_scan_id in: path required: true description: The ID of the full scan schema: type: string security: - bearerAuth: - full-scans:list - basicAuth: - full-scans:list description: 'Get metadata for a single full scan This endpoint consumes 1 unit of your quota. This endpoint requires the following org token scopes: - full-scans:list' responses: '200': content: application/json: schema: type: object additionalProperties: false properties: id: type: string description: '' default: '' created_at: type: string description: '' default: '' updated_at: type: string description: '' default: '' organization_id: type: string description: '' default: '' organization_slug: type: string description: '' default: '' repository_id: type: string description: '' default: '' repository_slug: type: string description: '' default: '' branch: type: string description: '' default: '' nullable: true commit_message: type: string description: '' default: '' nullable: true commit_hash: type: string description: '' default: '' nullable: true pull_request: type: integer description: '' default: 0 nullable: true committers: type: array items: type: string description: '' default: '' description: '' html_url: type: string description: '' default: '' nullable: true api_url: type: string description: '' default: '' nullable: true workspace: type: string description: '' default: '' repo: type: string description: '' default: '' html_report_url: type: string description: '' default: '' integration_type: type: string description: '' default: '' nullable: true integration_repo_url: type: string description: '' default: '' integration_branch_url: type: string description: '' default: '' nullable: true integration_commit_url: type: string description: '' default: '' nullable: true integration_pull_request_url: type: string description: '' default: '' nullable: true scan_type: type: string description: '' default: '' nullable: true scan_state: type: string enum: - pending - precrawl - resolve - scan description: The current processing status of the SBOM default: pending nullable: true description: '' description: The data from the full scan '400': $ref: '#/components/responses/SocketBadRequest' '401': $ref: '#/components/responses/SocketUnauthorized' '403': $ref: '#/components/responses/SocketForbidden' '404': $ref: '#/components/responses/SocketNotFoundResponse' '429': $ref: '#/components/responses/SocketTooManyRequestsResponse' x-readme: {} /orgs/{org_slug}/full-scans/{full_scan_id}/files/tar: get: tags: - full-scans summary: Download full scan files as tarball operationId: downloadOrgFullScanFilesAsTar parameters: - name: org_slug in: path required: true description: The slug of the organization schema: type: string - name: full_scan_id in: path required: true description: The ID of the full scan schema: type: string security: - bearerAuth: - full-scans:list - basicAuth: - full-scans:list description: 'Download all files associated with a full scan in tar format. This endpoint consumes 1 unit of your quota. This endpoint requires the following org token scopes: - full-scans:list' responses: '200': content: application/x-tar: {} description: Tar archive of full scan files '400': $ref: '#/components/responses/SocketBadRequest' '401': $ref: '#/components/responses/SocketUnauthorized' '403': $ref: '#/components/responses/SocketForbidden' '404': $ref: '#/components/responses/SocketNotFoundResponse' '429': $ref: '#/components/responses/SocketTooManyRequestsResponse' x-readme: {} /orgs/{org_slug}/full-scans/archive: post: tags: - full-scans summary: Create full scan from archive operationId: CreateOrgFullScanArchive parameters: - name: org_slug in: path required: true description: The slug of the organization schema: type: string - name: repo in: query required: true description: The slug of the repository to associate the full-scan with. schema: type: string - name: workspace in: query required: false description: The workspace of the repository to associate the full-scan with. schema: type: string - name: branch in: query required: false description: 'The branch name to associate the full-scan with. Branch names must follow Git branch name rules: be 1–255 characters long; cannot be exactly @; cannot begin or end with /, ., or .lock; cannot contain "//", "..", or "@{"; and cannot include control characters, spaces, or any of ~^:?*[.' schema: type: string - name: commit_message in: query required: false description: The commit message to associate the full-scan with. schema: type: string - name: commit_hash in: query required: false description: The commit hash to associate the full-scan with. schema: type: string - name: pull_request in: query required: false description: The pull request number to associate the full-scan with. schema: type: integer minimum: 1 - name: committers in: query required: false description: The committers to associate with the full-scan. Set query more than once to set multiple. schema: type: string - name: integration_type in: query required: false description: The integration type to associate the full-scan with. Defaults to "Api" if omitted. schema: type: string enum: - api - github - gitlab - bitbucket - azure - web - name: integration_org_slug in: query required: false description: The integration org slug to associate the full-scan with. If omitted, the Socket org name will be used. This is used to generate links and badges. schema: type: string - name: make_default_branch in: query required: false description: Set the default branch of the repository to the branch of this full-scan. A branch name is required with this option. schema: type: boolean default: false - name: set_as_pending_head in: query required: false description: Designate this full-scan as the latest scan of a given branch. Default branch head scans are included in org alerts. This is only supported on the default branch. A branch name is required with this option. schema: type: boolean default: false - name: tmp in: query required: false description: Create a temporary full-scan that is not listed in the reports dashboard. Cannot be used when set_as_pending_head=true. schema: type: boolean default: false - name: scan_type in: query required: false description: The type of scan to perform. Defaults to 'socket'. Must be 32 characters or less. Used for categorizing multiple SBOM heads per repository branch. schema: type: string default: socket requestBody: content: multipart/form-data: schema: type: object additionalProperties: type: string default: type: Buffer data: [] format: binary description: '' properties: {} description: '' required: false security: - bearerAuth: - full-scans:create - basicAuth: - full-scans:create description: 'Create a full scan by uploading one or more archives. Supported archive formats include **.tar**, **.tar.gz/.tgz**, and **.zip**. Each uploaded archive is extracted server-side and any supported manifest files (like package.json, package-lock.json, pnpm-lock.yaml, etc.) are ingested for the scan. If you upload multiple archives in a single request, the manifests from every archive are merged into one full scan. The response includes any files that were ignored. The maximum combined number of files extracted from your upload is 5000 and each extracted file can be no bigger than 268 MB. This endpoint consumes 1 unit of your quota. This endpoint requires the following org token scopes: - full-scans:create' responses: '201': content: application/json: schema: type: object additionalProperties: false properties: id: type: string description: '' default: '' created_at: type: string description: '' default: '' updated_at: type: string description: '' default: '' organization_id: type: string description: '' default: '' organization_slug: type: string description: '' default: '' repository_id: type: string description: '' default: '' repository_slug: type: string description: '' default: '' branch: type: string description: '' default: '' nullable: true commit_message: type: string description: '' default: '' nullable: true commit_hash: type: string description: '' default: '' nullable: true pull_request: type: integer description: '' default: 0 nullable: true committers: type: array items: type: string description: '' default: '' description: '' html_url: type: string description: '' default: '' nullable: true api_url: type: string description: '' default: '' nullable: true workspace: type: string description: '' default: '' repo: type: string description: '' default: '' html_report_url: type: string description: '' default: '' integration_type: type: string description: '' default: '' nullable: true integration_repo_url: type: string description: '' default: '' integration_branch_url: type: string description: '' default: '' nullable: true integration_commit_url: type: string description: '' default: '' nullable: true integration_pull_request_url: type: string description: '' default: '' nullable: true scan_type: type: string description: '' default: '' nullable: true scan_state: type: string enum: - pending - precrawl - resolve - scan description: The current processing status of the SBOM default: pending nullable: true unmatchedFiles: type: array items: type: string description: '' default: '' description: '' description: '' description: The details of the created full scan. '400': $ref: '#/components/responses/SocketBadRequest' '401': $ref: '#/components/responses/SocketUnauthorized' '403': $ref: '#/components/responses/SocketForbidden' '404': $ref: '#/components/responses/SocketNotFoundResponse' '429': $ref: '#/components/responses/SocketTooManyRequestsResponse' x-readme: {} /orgs/{org_slug}/full-scans/{full_scan_id}/rescan: post: tags: - full-scans summary: Rescan full scan operationId: rescanOrgFullScan parameters: - name: org_slug in: path required: true description: The slug of the organization schema: type: string - name: full_scan_id in: path required: true description: The ID of the full scan to rescan schema: type: string - name: mode in: query required: false description: 'The rescan mode: "shallow" (default) re-applies policies to cached data, "deep" re-fetches the SBOM stream.' schema: type: string enum: - shallow - deep default: shallow security: - bearerAuth: - full-scans:create - basicAuth: - full-scans:create description: 'Create a new full scan by rescanning an existing scan. A "shallow" rescan reapplies the latest policies to the previously cached dependency resolution results. A "deep" rescan reruns dependency resolution and applies the latest policies to the results. This endpoint consumes 1 unit of your quota. This endpoint requires the following org token scopes: - full-scans:create' responses: '201': content: application/json: schema: type: object additionalProperties: false description: '' properties: id: type: string description: '' default: The ID of the newly created full scan status: type: string description: '' default: The status of the new scan required: - id - status description: Rescan initiated successfully '400': $ref: '#/components/responses/SocketBadRequest' '401': $ref: '#/components/responses/SocketUnauthorized' '403': $ref: '#/components/responses/SocketForbidden' '404': $ref: '#/components/responses/SocketNotFoundResponse' '429': $ref: '#/components/responses/SocketTooManyRequestsResponse' x-readme: {} /orgs/{org_slug}/full-scans/{full_scan_id}/format/csv: post: tags: - full-scans summary: Export CSV of alerts for full scan operationId: getOrgFullScanCsv parameters: - name: org_slug in: path required: true description: The slug of the organization schema: type: string - name: full_scan_id in: path required: true description: The ID of the full scan schema: type: string - name: include_alert_priority_details in: query required: false description: Control which alert priority fields to include in the response. Set to "true" to include all fields, "false" to exclude all fields, or specify individual fields like "components,formula" to include only those fields. schema: oneOf: - type: boolean default: false - type: array items: type: string enum: - component - formula default: false - name: include_license_details in: query required: true description: Include license details in the response. schema: type: boolean default: false requestBody: content: application/json: schema: type: object additionalProperties: false properties: filters: type: array items: type: object additionalProperties: false description: '' properties: id: type: string description: '' default: '' value: type: array items: type: string description: '' default: '' description: '' required: - id - value description: '' required: false security: - bearerAuth: - full-scans:list - basicAuth: - full-scans:list description: 'Export a CSV file containing all alerts from a full scan. The CSV includes details about each alert and the affected packages. You can optionally filter using the request body "filters" array. Supported filter IDs include: - alert.action (error|warn|monitor|ignore) - alert.type - alert.category - alert.severity (low|medium|middle|high|critical or 0-3) - artifact.type (purl type, e.g. npm, pypi) - dependency.type (direct|transitive) - dependency.scope (dev|normal) - dependency.usage (used|unused) - manifest.file This endpoint consumes 1 unit of your quota. This endpoint requires the following org token scopes: - full-scans:list' responses: '200': content: text/csv: {} description: CSV export of alerts '400': $ref: '#/components/responses/SocketBadRequest' '401': $ref: '#/components/responses/SocketUnauthorized' '403': $ref: '#/components/responses/SocketForbidden' '404': $ref: '#/components/responses/SocketNotFoundResponse' '429': $ref: '#/components/responses/SocketTooManyRequestsResponse' x-readme: {} /orgs/{org_slug}/full-scans/{full_scan_id}/format/pdf: post: tags: - full-scans summary: Generate PDF report for full scan operationId: getOrgFullScanPdf parameters: - name: org_slug in: path required: true description: The slug of the organization schema: type: string - name: full_scan_id in: path required: true description: The ID of the full scan schema: type: string - name: include_alert_priority_details in: query required: false description: Control which alert priority fields to include in the response. Set to "true" to include all fields, "false" to exclude all fields, or specify individual fields like "components,formula" to include only those fields. schema: oneOf: - type: boolean default: false - type: array items: type: string enum: - component - formula default: false - name: include_license_details in: query required: true description: Include license details in the response. schema: type: boolean default: false requestBody: content: application/json: schema: type: object additionalProperties: false properties: filters: type: array items: type: object additionalProperties: false description: '' properties: id: type: string description: '' default: '' value: type: array items: type: string description: '' default: '' description: '' required: - id - value description: '' groupBy: type: string description: '' default: '' additionalInformation: type: string description: '' default: '' required: false security: - bearerAuth: - full-scans:list - basicAuth: - full-scans:list description: 'Generate a PDF report for all alerts in a full scan. This endpoint streams a PDF document containing all alerts found in the full scan, with optional filtering and grouping options. Supported request body filter IDs include: - alert.action (error|warn|monitor|ignore) - alert.type - alert.category - alert.severity (low|medium|middle|high|critical or 0-3) - artifact.type (purl type, e.g. npm, pypi) - dependency.type (direct|transitive) - dependency.scope (dev|normal) - dependency.usage (used|unused) - manifest.file This endpoint consumes 1 unit of your quota. This endpoint requires the following org token scopes: - full-scans:list' responses: '200': content: application/pdf: {} description: PDF report of alerts '400': $ref: '#/components/responses/SocketBadRequest' '401': $ref: '#/components/responses/SocketUnauthorized' '403': $ref: '#/components/responses/SocketForbidden' '404': $ref: '#/components/responses/SocketNotFoundResponse' '429': $ref: '#/components/responses/SocketTooManyRequestsResponse' x-readme: {} /orgs/{org_slug}/export/cdx/{id}: get: tags: - full-scans summary: Export CycloneDX SBOM (Beta) operationId: exportCDX parameters: - name: org_slug in: path required: true description: The slug of the organization schema: type: string - name: id in: path required: true description: The full scan OR sbom report ID schema: type: string - name: author in: query required: false description: 'The person(s) who created the BOM. Set this value if you''re intending the modify the BOM and claim authorship.' schema: type: string default: OWASP Foundation - name: project_group in: query required: false description: Dependency track project group schema: type: string default: '' - name: project_name in: query required: false description: Dependency track project name. Default use the directory name schema: type: string default: '' - name: project_version in: query required: false description: Dependency track project version schema: type: string default: '' - name: project_id in: query required: false description: Dependency track project id. Either provide the id or the project name and version together schema: type: string default: '' - name: include_vulnerabilities in: query required: false description: Include vulnerability information in the SBOM. Also includes reachability/VEX if available schema: type: string default: 'false' security: - bearerAuth: - report:read - basicAuth: - report:read description: 'Export a Socket SBOM as a CycloneDX SBOM Supported ecosystems: - crates - go - maven - npm - nuget - pypi - rubygems - spdx - cdx Unsupported ecosystems are filtered from the export. This endpoint consumes 1 unit of your quota. This endpoint requires the following org token scopes: - report:read' responses: '200': content: application/json: schema: $ref: '#/components/schemas/CDXManifestSchema' description: CycloneDX SBOM '400': $ref: '#/components/responses/SocketBadRequest' '401': $ref: '#/components/responses/SocketUnauthorized' '403': $ref: '#/components/responses/SocketForbidden' '404': $ref: '#/components/responses/SocketNotFoundResponse' '429': $ref: '#/components/responses/SocketTooManyRequestsResponse' x-readme: {} /orgs/{org_slug}/export/openvex/{id}: get: tags: - full-scans summary: Export OpenVEX Document (Beta) operationId: exportOpenVEX parameters: - name: org_slug in: path required: true description: The slug of the organization schema: type: string - name: id in: path required: true description: The full scan OR sbom report ID schema: type: string - name: author in: query required: false description: The author of the VEX document. Should be an individual or organization. schema: type: string default: Socket Security - name: role in: query required: false description: The role of the document author (e.g., "VEX Generator", "Security Team"). schema: type: string default: VEX Generator - name: document_id in: query required: false description: Custom IRI for the VEX document. If not provided, a default IRI will be generated. schema: type: string default: '' security: - bearerAuth: - report:read - basicAuth: - report:read description: 'Export vulnerability exploitability data as an OpenVEX v0.2.0 document. OpenVEX (Vulnerability Exploitability eXchange) documents communicate the exploitability status of vulnerabilities in software products. This export includes: - **Patch data**: Vulnerabilities fixed by applied Socket patches are marked as "fixed" - **Reachability analysis**: Code reachability determines if vulnerable code is exploitable: - Unreachable code → "not_affected" with justification - Reachable code → "affected" - Unknown/pending → "under_investigation" Each statement in the document represents a single artifact-vulnerability pair for granular reachability information. This endpoint consumes 1 unit of your quota. This endpoint requires the following org token scopes: - report:read' responses: '200': content: application/json: schema: $ref: '#/components/schemas/OpenVEXDocumentSchema' description: OpenVEX v0.2.0 document '400': $ref: '#/components/responses/SocketBadRequest' '401': $ref: '#/components/responses/SocketUnauthorized' '403': $ref: '#/components/responses/SocketForbidden' '404': $ref: '#/components/responses/SocketNotFoundResponse' '429': $ref: '#/components/responses/SocketTooManyRequestsResponse' x-readme: {} /orgs/{org_slug}/export/spdx/{id}: get: tags: - full-scans summary: Export SPDX SBOM (Beta) operationId: exportSPDX parameters: - name: org_slug in: path required: true description: The slug of the organization schema: type: string - name: id in: path required: true description: The full scan OR sbom report ID schema: type: string - name: author in: query required: false description: 'The person(s) who created the BOM. Set this value if you''re intending the modify the BOM and claim authorship.' schema: type: string default: OWASP Foundation - name: project_group in: query required: false description: Dependency track project group schema: type: string default: '' - name: project_name in: query required: false description: Dependency track project name. Default use the directory name schema: type: string default: '' - name: project_version in: query required: false description: Dependency track project version schema: type: string default: '' - name: project_id in: query required: false description: Dependency track project id. Either provide the id or the project name and version together schema: type: string default: '' - name: include_vulnerabilities in: query required: false description: Include vulnerability information in the SBOM. Also includes reachability/VEX if available schema: type: string default: 'false' security: - bearerAuth: - report:read - basicAuth: - report:read description: 'Export a Socket SBOM as a SPDX SBOM Supported ecosystems: - crates - go - maven - npm - nuget - pypi - rubygems - spdx - cdx Unsupported ecosystems are filtered from the export. This endpoint consumes 1 unit of your quota. This endpoint requires the following org token scopes: - report:read' responses: '200': content: application/json: schema: $ref: '#/components/schemas/SPDXManifestSchema' description: SPDX SBOM '400': $ref: '#/components/responses/SocketBadRequest' '401': $ref: '#/components/responses/SocketUnauthorized' '403': $ref: '#/components/responses/SocketForbidden' '404': $ref: '#/components/responses/SocketNotFoundResponse' '429': $ref: '#/components/responses/SocketTooManyRequestsResponse' x-readme: {} /orgs/{org_slug}/supported-files: get: tags: - metadata - full-scans - diff-scans summary: Get supported file types operationId: getSupportedFiles parameters: - name: org_slug in: path required: true description: The slug of the organization schema: type: string security: - bearerAuth: [] - basicAuth: [] description: 'Get a list of supported files for full scan generation. Files are categorized first by environment (e.g. NPM or PyPI), then by name. Files whose names match the patterns returned by this endpoint can be uploaded for report generation. Examples of supported filenames include `package.json`, `package-lock.json`, and `yarn.lock`. This endpoint consumes 1 unit of your quota. This endpoint requires the following org token scopes: - No Scopes Required, but authentication is required' responses: '200': content: application/json: schema: type: object additionalProperties: type: object additionalProperties: type: object additionalProperties: false description: '' properties: pattern: type: string description: '' default: '' required: - pattern properties: {} description: '' properties: {} description: '' description: Glob patterns used to match supported files '400': $ref: '#/components/responses/SocketBadRequest' '404': $ref: '#/components/responses/SocketNotFoundResponse' '429': $ref: '#/components/responses/SocketTooManyRequestsResponse' x-readme: {} /alert-types: post: tags: - metadata - full-scans - diff-scans summary: Alert Types Metadata operationId: alertTypes parameters: - name: language in: query required: false description: Language for alert metadata schema: type: string enum: - ach-UG - de-DE - en-US - es-ES - fr-FR - it-IT default: en-US requestBody: content: application/json: schema: type: array items: type: string description: '' default: '' description: '' required: false security: [] description: 'For an array of alert type identifiers, returns metadata for each alert type. Optionally, specify a language via the ''language'' query parameter. This endpoint consumes 1 unit of your quota. This endpoint requires the following org token scopes:' responses: '200': content: application/json: schema: type: array items: type: object additionalProperties: false description: '' properties: type: type: string description: '' default: '' title: type: string description: '' default: '' description: type: string description: '' default: '' suggestion: type: string description: '' default: '' emoji: type: string description: '' default: '' nextStepTitle: type: string description: '' default: '' props: type: object additionalProperties: type: string description: '' default: '' properties: {} description: '' nullable: true required: - description - emoji - nextStepTitle - props - suggestion - title - type description: '' description: Metadata for the requested alert types '400': $ref: '#/components/responses/SocketBadRequest' x-readme: {} components: requestBodies: {} responses: SocketBadRequest: content: application/json: schema: type: object additionalProperties: false description: '' properties: error: type: object additionalProperties: false description: '' properties: message: type: string description: '' default: '' details: type: object description: '' default: null nullable: true required: - details - message required: - error description: Bad request SocketUnauthorized: content: application/json: schema: type: object additionalProperties: false description: '' properties: error: type: object additionalProperties: false description: '' properties: message: type: string description: '' default: '' details: type: object description: '' default: null nullable: true required: - details - message required: - error description: Unauthorized SocketForbidden: content: application/json: schema: type: object additionalProperties: false description: '' properties: error: type: object additionalProperties: false description: '' properties: message: type: string description: '' default: '' details: type: object description: '' default: null nullable: true required: - details - message required: - error description: Insufficient max_quota for API method SocketNotFoundResponse: content: application/json: schema: type: object additionalProperties: false description: '' properties: error: type: object additionalProperties: false description: '' properties: message: type: string description: '' default: '' details: type: object description: '' default: null nullable: true required: - details - message required: - error description: Resource not found SocketTooManyRequestsResponse: description: Insufficient quota for API route headers: Retry-After: description: 'Retry contacting the endpoint *at least* after seconds. See https://tools.ietf.org/html/rfc7231#section-7.1.3' schema: format: int32 type: integer content: application/json: schema: type: object additionalProperties: false description: '' properties: error: type: object additionalProperties: false description: '' properties: message: type: string description: '' default: '' details: type: object description: '' default: null nullable: true required: - details - message required: - error SocketInternalServerError: content: application/json: schema: type: object additionalProperties: false description: '' properties: error: type: object additionalProperties: false description: '' properties: message: type: string description: '' default: '' details: type: object description: '' default: null nullable: true required: - details - message required: - error description: Internal server error SocketConflict: content: application/json: schema: type: object additionalProperties: false description: '' properties: error: type: object additionalProperties: false description: '' properties: message: type: string description: '' default: '' details: type: object description: '' default: null nullable: true required: - details - message required: - error description: Resource already exists SocketGone: content: application/json: schema: type: object additionalProperties: false description: '' properties: error: type: object additionalProperties: false description: '' properties: message: type: string description: '' default: '' details: type: object description: '' default: null nullable: true required: - details - message required: - error description: Gone schemas: SPDXManifestSchema: type: object additionalProperties: false description: '' properties: spdxVersion: type: string description: '' default: SPDX-2.3 dataLicense: type: string description: '' default: CC0-1.0 SPDXID: type: string description: '' default: SPDXRef-DOCUMENT name: type: string description: '' default: '' documentNamespace: type: string description: '' default: '' creationInfo: type: object additionalProperties: false description: '' properties: created: type: string description: '' default: '' creators: type: array items: type: string description: '' default: '' description: '' required: - created - creators documentDescribes: type: array items: type: string description: '' default: '' description: '' packages: type: array items: type: object additionalProperties: false properties: name: type: string description: '' default: '' SPDXID: type: string description: '' default: '' versionInfo: type: string description: '' default: '' packageFileName: type: string description: '' default: '' description: type: string description: '' default: '' primaryPackagePurpose: type: string description: '' default: '' downloadLocation: type: string description: '' default: '' filesAnalyzed: type: boolean default: false description: '' homepage: type: string description: '' default: NOASSERTION licenseDeclared: type: string description: '' default: NOASSERTION externalRefs: type: array items: type: object additionalProperties: false description: '' properties: referenceCategory: type: string description: '' default: PACKAGE-MANAGER referenceType: type: string description: '' default: purl referenceLocator: type: string description: '' default: '' required: - referenceCategory - referenceLocator - referenceType description: '' checksums: type: array items: type: object additionalProperties: false description: '' properties: algorithm: type: string description: '' default: '' checksumValue: type: string description: '' default: '' required: - algorithm - checksumValue description: '' required: - SPDXID - externalRefs - filesAnalyzed - homepage - licenseDeclared - name - packageFileName - versionInfo description: '' relationships: type: array items: type: object additionalProperties: false description: '' properties: spdxElementId: type: string description: '' default: SPDXRef-DOCUMENT relatedSpdxElement: type: string description: '' default: '' relationshipType: type: string description: '' default: DESCRIBES required: - relatedSpdxElement - relationshipType - spdxElementId description: '' required: - SPDXID - creationInfo - dataLicense - documentDescribes - documentNamespace - name - packages - relationships - spdxVersion ReachabilityResultItem: type: object additionalProperties: false properties: type: $ref: '#/components/schemas/ReachabilityType' truncated: type: boolean default: false description: Indicates if the reachability analysis was stopped early due to depth or complexity limits error: type: string description: Error message if reachability analysis failed default: '' matches: anyOf: - type: object additionalProperties: false properties: type: type: string enum: - function-level value: type: array items: type: array items: $ref: '#/components/schemas/CallStackItem' description: '' description: '' - type: object additionalProperties: false properties: type: type: string enum: - class-level value: type: array items: type: array items: $ref: '#/components/schemas/ClassStackItem' description: '' description: '' workspacePath: type: string description: Path to the workspace root for multi-workspace projects default: '' subprojectPath: type: string description: Path to the subproject within the workspace default: '' required: - type CallStackItem: type: object additionalProperties: false properties: purl: type: string description: Package URL (PURL) of the dependency containing this code default: '' sourceLocation: $ref: '#/components/schemas/SourceLocation' confidence: type: number description: Confidence score from 0.0 to 1.0 indicating how certain the reachability analysis is about this result default: 0 description: '' SocketCategory: type: string enum: - supplyChainRisk - quality - maintenance - vulnerability - license - other description: '' default: other SocketArtifactPatch: type: object additionalProperties: false properties: appliedPatch: $ref: '#/components/schemas/SocketPatch' availablePatches: type: array items: $ref: '#/components/schemas/SocketPatch' description: List of available patches that can be applied to fix vulnerabilities description: '' OpenVEXDocumentSchema: type: object additionalProperties: false properties: '@context': type: string description: '' default: https://openvex.dev/ns/v0.2.0 '@id': type: string description: '' default: '' author: type: string description: '' default: Socket Security timestamp: type: string description: '' default: '' version: type: number description: '' default: 1 statements: type: array items: $ref: '#/components/schemas/OpenVEXStatementSchema' description: '' role: type: string description: '' default: VEX Generator last_updated: type: string description: '' default: '' tooling: type: string description: '' default: Socket Security VEX Generator required: - '@context' - '@id' - author - statements - timestamp - version SocketScore: type: object additionalProperties: false description: '' properties: license: type: number description: Score from 0.0 to 1.0 evaluating license permissiveness and compatibility default: 0 maintenance: type: number description: Score from 0.0 to 1.0 evaluating project maintenance health and activity default: 0 overall: type: number description: Combined score from 0.0 to 1.0 representing overall package health and safety default: 0 quality: type: number description: Score from 0.0 to 1.0 evaluating code quality, testing, and documentation default: 0 supplyChain: type: number description: Score from 0.0 to 1.0 evaluating supply chain security and provenance default: 0 vulnerability: type: number description: Score from 0.0 to 1.0 based on known vulnerabilities and their severity default: 0 required: - license - maintenance - overall - quality - supplyChain - vulnerability OpenVEXHashesSchema: type: object additionalProperties: false properties: md5: type: string description: '' default: '' sha1: type: string description: '' default: '' sha-256: type: string description: '' default: '' sha-384: type: string description: '' default: '' sha-512: type: string description: '' default: '' sha3-224: type: string description: '' default: '' sha3-256: type: string description: '' default: '' sha3-384: type: string description: '' default: '' sha3-512: type: string description: '' default: '' blake2s-256: type: string description: '' default: '' blake2b-256: type: string description: '' default: '' blake2b-512: type: string description: '' default: '' description: '' SocketIssueSeverity: type: string enum: - low - middle - high - critical description: '' default: low CDXComponentSchema: type: object additionalProperties: false properties: author: type: string description: '' default: '' publisher: type: string description: '' default: '' group: type: string description: '' default: '' name: type: string description: '' default: '' version: type: string description: '' default: '' description: type: string description: '' default: '' scope: type: string description: '' default: '' hashes: type: array items: type: object additionalProperties: false description: '' properties: alg: type: string description: '' default: '' content: type: string description: '' default: '' required: - alg - content description: '' licenses: type: array items: type: object additionalProperties: false properties: expression: type: string description: '' default: '' license: type: object additionalProperties: false properties: id: type: string description: '' default: '' name: type: string description: '' default: '' url: type: string description: '' default: '' description: '' description: '' description: '' purl: type: string description: '' default: '' externalReferences: type: array items: type: object additionalProperties: false description: '' properties: type: type: string description: '' default: '' url: type: string description: '' default: '' required: - type - url description: '' type: type: string description: '' default: application bom-ref: type: string description: '' default: '' evidence: type: object additionalProperties: false properties: identity: type: object additionalProperties: false description: '' properties: field: type: string description: '' default: '' confidence: type: number description: '' default: 0 methods: type: array items: type: object additionalProperties: false description: '' properties: technique: type: string description: '' default: '' confidence: type: number description: '' default: 0 value: type: string description: '' default: '' required: - confidence - technique - value description: '' required: - confidence - field - methods occurrences: type: array items: type: object additionalProperties: false description: '' properties: location: type: string description: '' default: '' required: - location description: '' required: - identity tags: type: array items: type: string description: '' default: '' description: '' properties: type: array items: type: object additionalProperties: false description: '' properties: name: type: string description: '' default: '' value: type: string description: '' default: '' required: - name - value description: '' cryptoProperties: type: array items: type: object additionalProperties: false description: '' properties: assetType: type: string description: '' default: '' algorithmProperties: type: object additionalProperties: false description: '' properties: executionEnvironment: type: string description: '' default: '' implementationPlatform: type: string description: '' default: '' required: - executionEnvironment - implementationPlatform required: - algorithmProperties - assetType description: '' components: type: array items: $ref: '#/components/schemas/CDXComponentSchema' description: '' required: - bom-ref - group - name - purl - type - version SocketId: type: string description: '' default: '' ClassStackItem: type: object additionalProperties: false properties: purl: type: string description: Package URL (PURL) of the dependency containing this class default: '' class: type: string description: Name of the class in the dependency default: '' confidence: type: number description: Confidence score from 0.0 to 1.0 indicating how certain the reachability analysis is about this result default: 0 description: '' OpenVEXVulnerabilitySchema: type: object additionalProperties: false properties: name: type: string description: '' default: '' '@id': type: string description: '' default: '' description: type: string description: '' default: '' aliases: type: array items: type: string description: '' default: '' description: '' required: - name ReachabilityType: type: string enum: - missing_support - undeterminable_reachability - pending - unreachable - unknown - direct_dependency - error - maybe_reachable - reachable description: Status of reachability analysis for vulnerable code paths default: unknown SocketArtifactLink: type: object additionalProperties: false properties: direct: type: boolean default: false description: Indicates if this is a direct dependency (not transitive) dev: type: boolean default: false description: Indicates if this is a development-only dependency not used in production dead: type: boolean default: false description: Indicates if this package is deprecated, abandoned, or no longer maintained manifestFiles: type: array items: $ref: '#/components/schemas/SocketManifestReference' description: '' topLevelAncestors: type: array items: $ref: '#/components/schemas/SocketId' description: IDs of the root-level packages in the dependency tree that depend on this package dependencies: type: array items: $ref: '#/components/schemas/SocketId' description: IDs of packages that this package directly depends on alertPriorities: type: object additionalProperties: type: object additionalProperties: false properties: result: type: integer description: Computed priority score for this alert default: 0 components: type: object additionalProperties: false description: '' properties: isFixable: type: object additionalProperties: false description: '' properties: result: type: number description: Contribution of fixability to the priority score default: 0 value: type: boolean default: false description: Whether a fix is available for this alert required: - result - value isReachable: type: object additionalProperties: false description: '' properties: result: type: number description: Contribution of reachability to the priority score default: 0 value: type: boolean default: false description: Whether the vulnerable code is reachable specificValue: type: string description: Specific reachability type value such as 'unreachable', 'maybe_reachable', or 'reachable' default: '' required: - result - specificValue - value severity: type: object additionalProperties: false description: '' properties: result: type: number description: Contribution of severity to the priority score default: 0 value: type: integer description: Numeric severity level default: 0 required: - result - value required: - isFixable - isReachable - severity formula: type: string description: Formula used to calculate the priority score default: '' required: - result properties: {} description: Computed priority scores for each alert type based on severity, reachability, and fixability factors artifact: allOf: - $ref: '#/components/schemas/SocketPURL' - type: object additionalProperties: false properties: id: $ref: '#/components/schemas/SocketId' required: - id alertKeysToReachabilityTypes: type: object additionalProperties: type: array items: type: string description: '' default: '' description: '' properties: {} description: 'Deprecated: mapping of alert keys to arrays of reachability types found across different manifest files or code locations. This field is derived from alertKeysToReachabilitySummaries for backward compatibility; use that property instead.' alertKeysToReachabilitySummaries: type: object additionalProperties: type: array items: type: object additionalProperties: false description: '' properties: type: type: string description: '' default: '' required: - type description: '' properties: {} description: Mapping of alert keys to arrays of reachability summaries. Each summary contains a reachability type indicating the result of reachability analysis for the corresponding vulnerability alert. description: '' SAttrib1_N: type: array items: type: object additionalProperties: false description: '' properties: attribText: type: string description: Full text of the license attribution or copyright notice found in the package default: '' attribData: type: array items: type: object additionalProperties: false description: '' properties: purl: type: string description: Package URL this attribution applies to default: '' foundInFilepath: type: string description: File path where this attribution was found default: '' spdxExpr: type: string description: SPDX license expression parsed from the attribution text default: '' foundAuthors: type: array items: type: string description: '' default: '' description: Authors mentioned in this attribution required: - foundAuthors - foundInFilepath - purl - spdxExpr description: '' required: - attribData - attribText description: '' OpenVEXComponentSchema: type: object additionalProperties: false properties: '@id': type: string description: '' default: '' identifiers: $ref: '#/components/schemas/OpenVEXIdentifiersSchema' hashes: $ref: '#/components/schemas/OpenVEXHashesSchema' CDXManifestSchema: type: object additionalProperties: false properties: bomFormat: type: string description: '' default: CycloneDX specVersion: type: string description: '' default: '1.5' serialNumber: type: string description: '' default: '' version: type: number description: '' default: 0 metadata: type: object additionalProperties: false properties: timestamp: type: string description: '' default: '' tools: type: object additionalProperties: false description: '' properties: components: type: array items: allOf: - $ref: '#/components/schemas/CDXComponentSchema' - type: object additionalProperties: false properties: author: type: string description: '' default: Socket authors: type: array items: type: string description: '' default: Socket description: '' publisher: type: string description: '' default: Socket description: '' required: - components authors: type: array items: type: object additionalProperties: false description: '' properties: name: type: string description: '' default: Socket required: - name description: '' supplier: type: string description: '' default: '' lifecycles: type: array items: type: object additionalProperties: false description: '' properties: phase: type: string description: '' default: build required: - phase description: '' component: $ref: '#/components/schemas/CDXComponentSchema' properties: type: array items: type: object additionalProperties: false description: '' properties: name: type: string description: '' default: '' value: type: string description: '' default: '' required: - name - value description: '' required: - authors - component - lifecycles - timestamp - tools components: type: array items: $ref: '#/components/schemas/CDXComponentSchema' description: '' dependencies: type: array items: type: object additionalProperties: false properties: ref: type: string description: '' default: '' dependsOn: type: array items: type: string description: '' default: '' description: '' required: - ref description: '' vulnerabilities: type: array items: type: object additionalProperties: false properties: id: type: string description: '' default: '' ref: type: string description: '' default: '' source: type: object additionalProperties: false properties: name: type: string description: '' default: '' url: type: string description: '' default: '' description: '' ratings: type: array items: type: object additionalProperties: false properties: source: type: object additionalProperties: false properties: name: type: string description: '' default: '' url: type: string description: '' default: '' description: '' score: type: number description: '' default: 0 severity: type: string description: '' default: '' method: type: string description: '' default: '' vector: type: string description: '' default: '' description: '' description: '' cwes: type: array items: type: number description: '' default: 0 description: '' description: type: string description: '' default: '' detail: type: string description: '' default: '' recommendation: type: string description: '' default: '' advisories: type: array items: type: object additionalProperties: false properties: url: type: string description: '' default: '' title: type: string description: '' default: '' required: - url description: '' created: type: string description: '' default: '' published: type: string description: '' default: '' updated: type: string description: '' default: '' affects: type: array items: type: object additionalProperties: false properties: ref: type: string description: '' default: '' versions: type: array items: type: object additionalProperties: false properties: version: type: string description: '' default: '' status: type: string description: '' default: '' description: '' description: '' required: - ref description: '' analysis: type: object additionalProperties: false properties: state: type: string description: '' default: '' justification: type: string description: '' default: '' response: type: array items: type: string description: '' default: '' description: '' detail: type: string description: '' default: '' firstIssued: type: string description: '' default: '' lastUpdated: type: string description: '' default: '' description: '' required: - id description: '' required: - bomFormat - components - dependencies - metadata - serialNumber - specVersion - version SocketArtifact: allOf: - $ref: '#/components/schemas/SocketPURL' - $ref: '#/components/schemas/SocketArtifactLink' - type: object additionalProperties: false properties: id: $ref: '#/components/schemas/SocketId' author: type: array items: type: string description: '' default: '' description: List of package authors or maintainers size: type: number description: Total size of the package artifact in bytes default: 0 repositoryType: type: string description: Hugging Face model, dataset, or space type default: '' alerts: type: array items: $ref: '#/components/schemas/SocketAlert' description: '' score: $ref: '#/components/schemas/SocketScore' patch: $ref: '#/components/schemas/SocketArtifactPatch' inputPurl: type: string description: Original unmodified PURL input string before normalization default: '' batchIndex: type: integer description: 'Deprecated: Always 0. Previously used for batch ordering but replaced by inputPurl for better tracking.' default: 0 license: type: string description: '' default: '' licenseDetails: $ref: '#/components/schemas/LicenseDetails' licenseAttrib: $ref: '#/components/schemas/SAttrib1_N' OpenVEXIdentifiersSchema: type: object additionalProperties: false properties: purl: type: string description: '' default: '' cpe23: type: string description: '' default: '' cpe22: type: string description: '' default: '' description: '' OpenVEXStatementSchema: type: object additionalProperties: false properties: vulnerability: $ref: '#/components/schemas/OpenVEXVulnerabilitySchema' products: type: array items: $ref: '#/components/schemas/OpenVEXProductSchema' description: '' status: type: string description: '' default: affected '@id': type: string description: '' default: '' version: type: number description: '' default: 0 timestamp: type: string description: '' default: '' last_updated: type: string description: '' default: '' supplier: type: string description: '' default: '' status_notes: type: string description: '' default: '' justification: type: string description: '' default: '' impact_statement: type: string description: '' default: '' action_statement: type: string description: '' default: '' action_statement_timestamp: type: string description: '' default: '' required: - products - status - vulnerability SocketAlert: type: object additionalProperties: false properties: key: type: string description: Unique identifier for this alert instance, used for deduplication and tracking across scans default: '' type: type: string description: Alert type identifier referencing the alert type definition default: '' severity: $ref: '#/components/schemas/SocketIssueSeverity' category: $ref: '#/components/schemas/SocketCategory' file: type: string description: File path where this alert was detected default: '' start: type: integer description: Starting position of the alert in the file default: 0 end: type: integer description: Ending position of the alert in the file default: 0 props: type: object description: Additional alert-specific properties and metadata that vary by alert type default: null action: type: string description: Action to take for this alert (e.g., error, warn, ignore) default: '' actionSource: type: object additionalProperties: false description: '' properties: type: type: string description: Type of action source (e.g., policy, override) default: '' candidates: type: array items: type: object additionalProperties: false description: '' properties: type: type: string description: Type of action candidate default: '' action: type: string description: Proposed action for this candidate default: '' actionPolicyIndex: type: integer description: Index of the policy rule for this candidate default: 0 repoLabelId: type: string description: Repository label ID associated with this candidate default: '' required: - action - actionPolicyIndex - repoLabelId - type description: '' required: - candidates - type actionPolicyIndex: type: integer description: Index of the policy rule that triggered this action, for traceability to security policies default: 0 fix: type: object additionalProperties: false properties: type: type: string description: Type of fix available (e.g., upgrade, remove, cve) default: '' description: type: string description: Human-readable description of how to fix this issue default: '' patch: type: array items: type: object additionalProperties: false properties: uuid: type: string description: Unique identifier for this patch default: '' tier: type: string enum: - free - paid description: Access tier required for this patch (free or paid) default: free deprecated: type: boolean default: false description: Indicates if this patch is deprecated and should not be used required: - tier - uuid description: Patches available to fix this specific alert required: - description - type patch: $ref: '#/components/schemas/SocketPatch' reachability: type: object additionalProperties: false properties: head: $ref: '#/components/schemas/ReachabilityResult' base: $ref: '#/components/schemas/ReachabilityResult' description: '' subType: type: string description: Generic alert sub-type default: '' required: - key - type SocketPURL_Type: type: string enum: - alpm - apk - bitbucket - cocoapods - cargo - chrome - clawhub - composer - conan - conda - cran - deb - docker - gem - generic - github - golang - hackage - hex - huggingface - maven - mlflow - npm - nuget - qpkg - oci - pub - pypi - rpm - socket - swid - swift - vscode - unknown description: Package ecosystem type identifier based on the PURL specification default: unknown SocketSBOMScore: type: object additionalProperties: type: object additionalProperties: false description: '' properties: value: type: object additionalProperties: false properties: result: type: number description: Score from 0.0 to 1.0 for the scanned repository, computed from supply chain risk alerts using weighted exponential decay per direct dependency default: 0 components: type: object additionalProperties: type: number description: '' default: 0 properties: {} description: Components used to compute result of the formula formula: type: string description: Formula used to compute the supply chain security score default: '' required: - result required: - value properties: {} description: Mapping of supply chain risk alert types to their computed score contributions and formulas used for calculation. This allows for detailed breakdowns of how each alert type impacts the overall supply chain security score, with the ability to include custom formulas and components for each alert type. SocketManifestReference: type: object additionalProperties: false properties: file: type: string description: Path to the manifest file (e.g., package.json, pom.xml) default: '' start: type: integer description: Starting line or position in the manifest file default: 0 end: type: integer description: Ending line or position in the manifest file default: 0 required: - file ReachabilityResult: type: object additionalProperties: false description: '' properties: type: type: string enum: - precomputed - full-scan description: Type of reachability analysis performed default: precomputed results: type: array items: $ref: '#/components/schemas/ReachabilityResultItem' description: Reachability analysis results for each vulnerability required: - results - type SocketPURL: type: object additionalProperties: false properties: type: $ref: '#/components/schemas/SocketPURL_Type' namespace: type: string description: Package namespace or scope, such as npm organizations (@angular), Maven groupIds, or Docker image owners default: '' name: type: string description: Package name within its ecosystem default: '' version: type: string description: Package version string default: '' subpath: type: string description: Path within the package to a specific file or directory, used to reference nested components default: '' release: type: string description: Package-specific release identifier, such as PyPI's artifact ID or the specific build/release version default: '' required: - type SourceLocation: type: object additionalProperties: false description: '' properties: start: type: object additionalProperties: false description: '' properties: line: type: integer description: Line number in the source file default: 0 column: type: integer description: Column number in the source file default: 0 byteOffset: type: integer description: Absolute byte position from the beginning of the file, used for precise location tracking default: 0 required: - byteOffset - column - line end: type: object additionalProperties: false properties: line: type: integer description: Line number in the source file default: 0 column: type: integer description: Column number in the source file default: 0 byteOffset: type: integer description: Absolute byte position from the beginning of the file, used for precise location tracking default: 0 description: '' filename: type: string description: Path to the source file default: '' fileHash: type: string description: Hash of the source file for integrity verification default: '' required: - end - fileHash - filename - start LicenseDetails: type: array items: type: object additionalProperties: false description: '' properties: spdxDisj: type: string description: SPDX license expression in disjunctive normal form (e.g., '(MIT OR Apache-2.0)') default: '' authors: type: array items: type: string description: '' default: '' description: List of authors found in the license text errorData: type: string description: Error details if license parsing failed default: '' provenance: type: string description: Source where this license information was detected (e.g., 'package.json', 'LICENSE file', 'README') default: '' filepath: type: string description: Path to the file containing this license information default: '' match_strength: type: number description: Confidence score from 0.0 to 1.0 indicating how well the detected license matches the source text default: 0 required: - authors - errorData - filepath - match_strength - provenance - spdxDisj description: '' SocketPatch: type: object additionalProperties: false properties: uuid: type: string description: Unique identifier for this patch default: '' tier: type: string enum: - free - paid description: Access tier required for this patch (free or paid) default: free deprecated: type: boolean default: false description: Indicates if this patch is deprecated and should not be used required: - tier - uuid OpenVEXProductSchema: type: object additionalProperties: false properties: '@id': type: string description: '' default: '' identifiers: $ref: '#/components/schemas/OpenVEXIdentifiersSchema' hashes: $ref: '#/components/schemas/OpenVEXHashesSchema' subcomponents: type: array items: $ref: '#/components/schemas/OpenVEXComponentSchema' description: '' required: - '@id' securitySchemes: bearerAuth: type: http scheme: bearer description: Organization Tokens can be passed as a Bearer token basicAuth: type: http scheme: basic description: Organization Tokens can be passed as the user field in basic auth