Join us in London for Infosecurity Europe June 2 – 4, 2026 | Booth C69 | Excel London | Get a FREE ticket
Components
Encryption
Dependencies
Geoprovenance
Licenses
Scanning
Semgrep
- POSTStandard health check endpoint to verify service availability and connectivity
- GETGet potential security issues associated with a single component This is the current method that accepts ComponentRequest for enhanced component identification Replaces the deprecated GetIssues method for single component queries
- POSTGet potential security issues associated with multiple components This is the current method that accepts ComponentsRequest for enhanced component identification Replaces the deprecated GetIssues method
Vulnerabilities
Get potential security issues associated with a single component
This is the current method that accepts ComponentRequest for enhanced component identification
Replaces the deprecated GetIssues method for single component queries
curl --request GET \
--url https://api.example.com/v2/semgrep/issues/component{
"component": {
"purl": "pkg:maven/org.apache.commons/commons-lang3",
"version": "3.12.0",
"requirement": "3.12.0",
"files": [
{
"fileMD5": "a1b2c3d4e5f6",
"path": "src/main/java/org/apache/commons/lang3/StringUtils.java",
"issues": [
{
"ruleID": "java.lang.security.audit.sql-injection.sql-injection",
"from": "284",
"to": "286",
"severity": "ERROR"
}
]
}
]
},
"status": {
"status": "SUCCESS",
"message": "Security analysis completed successfully"
}
}Semgrep
Get potential security issues associated with a single component This is the current method that accepts ComponentRequest for enhanced component identification Replaces the deprecated GetIssues method for single component queries
GET
/
v2
/
semgrep
/
issues
/
component
Get potential security issues associated with a single component
This is the current method that accepts ComponentRequest for enhanced component identification
Replaces the deprecated GetIssues method for single component queries
curl --request GET \
--url https://api.example.com/v2/semgrep/issues/component{
"component": {
"purl": "pkg:maven/org.apache.commons/commons-lang3",
"version": "3.12.0",
"requirement": "3.12.0",
"files": [
{
"fileMD5": "a1b2c3d4e5f6",
"path": "src/main/java/org/apache/commons/lang3/StringUtils.java",
"issues": [
{
"ruleID": "java.lang.security.audit.sql-injection.sql-injection",
"from": "284",
"to": "286",
"severity": "ERROR"
}
]
}
]
},
"status": {
"status": "SUCCESS",
"message": "Security analysis completed successfully"
}
}Documentation Index
Fetch the complete documentation index at: https://docs.scanoss.com/llms.txt
Use this file to discover all available pages before exploring further.
Query Parameters
Package URL identifying the component to analyze.
Version constraint for component resolution when PURL lacks explicit version.
Response
A successful response.
Component issue response data (JSON payload) Contains security issues detected by Semgrep analysis for a single component. This is the current response format that replaces the deprecated SemgrepResponse.
Standard health check endpoint to verify service availability and connectivityGet potential security issues associated with multiple components
This is the current method that accepts ComponentsRequest for enhanced component identification
Replaces the deprecated GetIssues method
⌘I