Skip to main content
GET
/
v2
/
vulnerabilities
/
cpes
/
component
Get CPEs (Common Platform Enumeration) associated with a single software component.
curl --request GET \
  --url http://api.scanoss.com/v2/vulnerabilities/cpes/component
{
  "component": {
    "purl": "pkg:github/scanoss/engine@1.0.0",
    "requirement": "1.0.0",
    "version": "1.0.0",
    "cpes": [
      "cpe:2.3:a:scanoss:engine:1.0.0:*:*:*:*:*:*:*"
    ]
  },
  "status": {
    "status": "SUCCESS",
    "message": "CPEs Successfully retrieved"
  }
}

Query Parameters

purl
string
required

Package URL identifying the component to analyze.

requirement
string

Version constraint for component resolution when PURL lacks explicit version.

Response

A successful response.

Success example. For error cases, each component block reports the processing status via info_message and info_code. Example: {"component":{"purl":"pkg:github/unknown/component","requirement":"","version":"","cpes":[],"info_message":"Component not found in database","info_code":"COMPONENT_NOT_FOUND"},"status":{"status":"SUCCESS","message":"Request processed"}}

component
object

Common Platform Enumeration information for a specific component.

Contains CPE identifiers that can be used to match the component against vulnerability databases and security advisories.

status
object

Detailed response details.