Skip to main content
GET
/
v2
/
vulnerabilities
/
cpes
/
component
Get CPEs (Common Platform Enumeration) associated with a single software component.
curl --request GET \
  --url http://api.scanoss.com/v2/vulnerabilities/cpes/component
{
  "component": {
    "purl": "pkg:github/scanoss/engine@1.0.0",
    "requirement": "1.0.0",
    "version": "1.0.0",
    "cpes": [
      "cpe:2.3:a:scanoss:engine:1.0.0:*:*:*:*:*:*:*"
    ]
  },
  "status": {
    "status": "SUCCESS",
    "message": "CPEs Successfully retrieved"
  }
}

Documentation Index

Fetch the complete documentation index at: https://docs.scanoss.com/llms.txt

Use this file to discover all available pages before exploring further.

Query Parameters

purl
string
required

Package URL identifying the component to analyze.

requirement
string

Version constraint for component resolution when PURL lacks explicit version.

Response

A successful response.

Success example. For error cases, each component block reports the processing status via info_message and info_code. Example: {"component":{"purl":"pkg:github/unknown/component","requirement":"","version":"","cpes":[],"info_message":"Component not found in database","info_code":"COMPONENT_NOT_FOUND"},"status":{"status":"SUCCESS","message":"Request processed"}}

component
object

Common Platform Enumeration information for a specific component.

Contains CPE identifiers that can be used to match the component against vulnerability databases and security advisories.

status
object

Detailed response details.