The Vulnerability Lookup Service API (VLS-API) is a go-lang based API, to get Vulnerabilities associated with the packages used in different programming languages. VLS-API supports multiple ecosystems for detecting vulnerabilities in packages.
- Fetches the latest vulnerabilities data from Open Source Vulnerability Database.
- Supports searching for vulnerabilities associated with specific packages.
- Supports multiple package scan.
- Ecosystem Supports: PyPI, NPM, Maven, crates.io/Rust, Go
- Easy to integrate with other applications & services.
- Fast and Efficient performance.
It is recommended to run the VLS-API as a docker container. To build and run the VLS-API, follow these steps
-
We have a docker file, build a docker image using:
docker build -t iss-lab/vls-api . -
Start the docker container :
docker run --rm -d -p 3000:3000 iss-lab/vls-api
Note : The vls-api can be accessed via url http://localhost:3000/
The API provides the following endpoints:
- The request sent to
/scanreturns the Summary, Description and Severity of the vulnerabilities existing in the package. An attributeoverallSeveritygives a summary of the severity of the package, based upon the severities of different vulnerabilities that exist in a package for it's specific version.
The request is sent in form of JSON, which is as follows:
{
"scan_request": [
{
"version":"", // Version of package to be scanned
"name": "", // Name of package to be scanned
"ecosystem": "" // Ecosystem of package to be scanned (e.g. PyPI, Maven, Go, etc.)
}
]
}This endpoint is used to check whether the API is alive or not.