Welcome to the documentation repository for the Core API! 📖
This repository tracks changes and provides the Swagger documentation for the core-service API.
➡️ View the Documentation Online: Core API Documentation ⬅️
This documentation is automatically generated and updated to reflect the latest changes in the core-service API.
Feel free to explore the API documentation to understand the available endpoints and data models.
This section describes the asynchronous API used in core-service, featuring WebSockets for real-time communication.
Endpoint: ws://localhost:8002/ws/scan 🌐
Query Parameters:
tenantId: The identifier of the tenant for which to retrieve scans.otp: The One-Time Password for authentication.
Clients should establish a WebSocket connection 🔗 to the specified endpoint. The server will periodically broadcast scan data 📢 to all clients.
- Sends scan data.
[
{
"scan_id": "75e5b3d7-9932-47f5-a19a-4e59031ef99d",
"scan_date": "2025-11-08T09:00:00Z",
"host": "Printer Device 192.168.1.1",
"vulnerabilities": 1,
"severities": {
"critical": 0,
"high": 0,
"medium": 1,
"low": 0,
"none": 0,
"unknown": 0
},
"duration": 300,
"status": "Completed"
},
{
"scan_id": "0c560ebb-37e2-4375-ba11-9ea07191913b",
"scan_date": "2025-01-01T10:00:00Z",
"host": "Web Server example.com",
"vulnerabilities": 1,
"severities": {
"critical": 1,
"high": 0,
"medium": 0,
"low": 0,
"none": 0,
"unknown": 0
},
"duration": 300,
"status": "Completed"
}
]Endpoint: ws://localhost:8002/ws/report 🌐
{scanId}: Path parameter representing the unique identifier of the cybersecurity scan. Each scanId can be considered a separate "room" for real-time interaction.
Query Parameter:
otp: The One-Time Password for authentication.
Clients should establish a WebSocket connection 🔗 to the specified endpoint. The server will attempt to find or create a "room" for the given scanId.
All messages exchanged over the WebSocket connection are JSON objects with the following structure:
{
"type": "string",
"payload": {}
}initial_data_request: Requests the initial data for the report.
{
"type": "initial_data_request",
"payload": {
"scan_id": "string"
}
}vector_update: Sends an update to a specific vector's value.
{
"type": "vector_update",
"payload": {
"vulnerability_type_name": "string",
"new_value": 0.0
}
}select_vector: Informs the server which vector has been selected for detailed information.
{
"type": "select_vector",
"payload": {
"vulnerability_type_name": "string"
}
}apply_vectors_request: Signals that the user has finished adjusting the vectors and wants the final report data based on the applied values.
{
"type": "apply_vectors_request",
"payload": {}
}initial_data_response: Sends the initial data required to render the report.
{
"type": "initial_data_response",
"payload": {
"vulnerability_types": [
{
"name": "string",
"highest_cvss": 0.0,
"count": 0,
"percentage": 0.0,
"available_cvss_values": []
}
// ... more vulnerability types
],
"global_cvss_score": 0.0,
"global_total_vulnerabilities": 0
}
}vector_update_response: Sends the updated global expected CVSS score and total vulnerabilities after a vector's value is applied (or moved).
{
"type": "vector_update_response",
"payload": {
"expected_global_cvss_score": 0.0,
"expected_global_total_vulnerabilities": 0
}
}vector_details_response: Sends the details of the vulnerability with the highest CVSS for the selected vulnerability type.
{
"type": "vector_details_response",
"payload": {
"vulnerability_details": {
"name": "string",
"type": "string",
"cvss": 0.0,
"description": "string",
"privileges_required": "string",
"classification": "string",
"integrity": "string",
"availability": "string"
}
}
}report_data_response: Sends the final response data, including vulnerabilities to be solved, unattended vulnerabilities, and the overall security posture. This is sent after the user clicks "Apply" and potentially "Next".
{
"type": "report_data_response",
"payload": {
"vulnerability_graph": {
"series": {
{
"name": "Actual",
"data": [
{"x": "Injection", "y": 5.0},
{"x": "Software and Data Integrity Failures", "y", 4.0},
{"x": "Vulnerable and Outdated Components", "y", 4.5}
],
"average": 4.5
},
{
"name": "Expected",
"data": [
{"x": "Injection", "y": 5.0}
],
"average": 5.0
}
}
},
"expected_security_posture": 0.0,
"solved_vulnerabilities": [
{
"id": 0,
"name": "string",
"type": "string",
"severity": "string",
"max_cvss": 0,
"risk_score": 0,
"impact_score": 0,
"likelihood": "string",
"access": "string",
"complexity": "string",
"privileges": "string",
"exploitability": "string",
"description": "string",
"comment": "string",
"vendor_comments": [
{
"organization": "string",
"comment": "string",
"last_modified": "2025-04-22T14:59:28.663Z"
}
],
"references": [
"string"
]
}
],
"unattended_vulnerabilities": [
{
"id": 0,
"name": "string",
"type": "string",
"severity": "string",
"max_cvss": 0,
"risk_score": 0,
"impact_score": 0,
"likelihood": "string",
"access": "string",
"complexity": "string",
"privileges": "string",
"exploitability": "string",
"description": "string",
"comment": "string",
"vendor_comments": [
{
"organization": "string",
"comment": "string",
"last_modified": "2025-04-22T14:59:28.663Z"
}
],
"references": [
"string"
]
}
]
}
}error: Indicated an error occurred on the server.
{
"type": "error",
"payload": {
"message": "string"
}
}