List and get Finding resources - detected problems requiring remediation including reachable vulnerabilities, license risks, malware, secrets, and SAST results - filtered and field-masked under a namespace.
openapi: 3.0.1
info:
title: Endor Labs REST API
description: >-
The Endor Labs REST API is a uniform resource API over namespaces. Every
resource kind (Project, PackageVersion, DependencyMetadata, Finding, Policy,
ScanResult, Metric, and more) is addressed under
/v1/namespaces/{namespace}/{resource}, with consistent list (GET), get
(GET /{uuid}), create (POST), update (PATCH /{uuid}), and delete
(DELETE /{uuid}) semantics. List endpoints share a common set of
list_parameters (filter, mask, page_size, page_token, sort, count, group).
Authentication is a bearer access token obtained by exchanging an API key and
secret at POST /v1/auth/api-key.
termsOfService: https://www.endorlabs.com/terms
contact:
name: Endor Labs Support
url: https://docs.endorlabs.com/rest-api/
version: '1.0'
servers:
- url: https://api.endorlabs.com/v1
security:
- bearerAuth: []
tags:
- name: Authentication
description: Exchange API key and secret for a bearer access token.
- name: Namespaces
description: Tenants and child namespaces a token may access.
- name: Projects
description: Project resources - the root of scanned source code.
- name: Packages
description: PackageVersion and dependency resources.
- name: Findings
description: Detected problems requiring remediation.
- name: Policies
description: Governance rules over resources.
- name: Scan Results
description: Scan execution results and metrics.
paths:
/auth/api-key:
post:
operationId: exchangeApiKey
tags:
- Authentication
summary: Exchange an API key and secret for an access token.
security: []
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/ApiKeyRequest'
responses:
'200':
description: A bearer access token with the same scopes as the API key.
content:
application/json:
schema:
$ref: '#/components/schemas/TokenResponse'
'401':
$ref: '#/components/responses/Unauthorized'
/namespaces/{namespace}/projects:
get:
operationId: listProjects
tags:
- Projects
summary: List Project resources in a namespace.
parameters:
- $ref: '#/components/parameters/Namespace'
- $ref: '#/components/parameters/Filter'
- $ref: '#/components/parameters/Mask'
- $ref: '#/components/parameters/PageSize'
- $ref: '#/components/parameters/PageToken'
- $ref: '#/components/parameters/SortPath'
- $ref: '#/components/parameters/Count'
responses:
'200':
description: A list of Project resources.
content:
application/json:
schema:
$ref: '#/components/schemas/ProjectList'
'401':
$ref: '#/components/responses/Unauthorized'
post:
operationId: createProject
tags:
- Projects
summary: Create a Project resource in a namespace.
parameters:
- $ref: '#/components/parameters/Namespace'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/Project'
responses:
'200':
description: The created Project resource.
content:
application/json:
schema:
$ref: '#/components/schemas/Project'
'401':
$ref: '#/components/responses/Unauthorized'
/namespaces/{namespace}/projects/{uuid}:
get:
operationId: getProject
tags:
- Projects
summary: Get a Project resource by UUID.
parameters:
- $ref: '#/components/parameters/Namespace'
- $ref: '#/components/parameters/Uuid'
responses:
'200':
description: The requested Project resource.
content:
application/json:
schema:
$ref: '#/components/schemas/Project'
'404':
$ref: '#/components/responses/NotFound'
/namespaces/{namespace}/package-versions:
get:
operationId: listPackageVersions
tags:
- Packages
summary: List PackageVersion resources in a namespace.
parameters:
- $ref: '#/components/parameters/Namespace'
- $ref: '#/components/parameters/Filter'
- $ref: '#/components/parameters/Mask'
- $ref: '#/components/parameters/PageSize'
- $ref: '#/components/parameters/PageToken'
- $ref: '#/components/parameters/Count'
responses:
'200':
description: A list of PackageVersion resources.
content:
application/json:
schema:
$ref: '#/components/schemas/PackageVersionList'
'401':
$ref: '#/components/responses/Unauthorized'
/namespaces/{namespace}/package-versions/{uuid}:
get:
operationId: getPackageVersion
tags:
- Packages
summary: Get a PackageVersion resource by UUID.
parameters:
- $ref: '#/components/parameters/Namespace'
- $ref: '#/components/parameters/Uuid'
responses:
'200':
description: The requested PackageVersion resource.
content:
application/json:
schema:
$ref: '#/components/schemas/PackageVersion'
'404':
$ref: '#/components/responses/NotFound'
/namespaces/{namespace}/findings:
get:
operationId: listFindings
tags:
- Findings
summary: List Finding resources in a namespace.
parameters:
- $ref: '#/components/parameters/Namespace'
- $ref: '#/components/parameters/Filter'
- $ref: '#/components/parameters/Mask'
- $ref: '#/components/parameters/PageSize'
- $ref: '#/components/parameters/PageToken'
- $ref: '#/components/parameters/SortPath'
- $ref: '#/components/parameters/Count'
responses:
'200':
description: A list of Finding resources.
content:
application/json:
schema:
$ref: '#/components/schemas/FindingList'
'401':
$ref: '#/components/responses/Unauthorized'
/namespaces/{namespace}/findings/{uuid}:
get:
operationId: getFinding
tags:
- Findings
summary: Get a Finding resource by UUID.
parameters:
- $ref: '#/components/parameters/Namespace'
- $ref: '#/components/parameters/Uuid'
responses:
'200':
description: The requested Finding resource.
content:
application/json:
schema:
$ref: '#/components/schemas/Finding'
'404':
$ref: '#/components/responses/NotFound'
/namespaces/{namespace}/policies:
get:
operationId: listPolicies
tags:
- Policies
summary: List Policy resources in a namespace.
parameters:
- $ref: '#/components/parameters/Namespace'
- $ref: '#/components/parameters/Filter'
- $ref: '#/components/parameters/Mask'
- $ref: '#/components/parameters/PageSize'
- $ref: '#/components/parameters/PageToken'
responses:
'200':
description: A list of Policy resources.
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyList'
'401':
$ref: '#/components/responses/Unauthorized'
post:
operationId: createPolicy
tags:
- Policies
summary: Create a Policy resource in a namespace.
parameters:
- $ref: '#/components/parameters/Namespace'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/Policy'
responses:
'200':
description: The created Policy resource.
content:
application/json:
schema:
$ref: '#/components/schemas/Policy'
'401':
$ref: '#/components/responses/Unauthorized'
/namespaces/{namespace}/policies/{uuid}:
get:
operationId: getPolicy
tags:
- Policies
summary: Get a Policy resource by UUID.
parameters:
- $ref: '#/components/parameters/Namespace'
- $ref: '#/components/parameters/Uuid'
responses:
'200':
description: The requested Policy resource.
content:
application/json:
schema:
$ref: '#/components/schemas/Policy'
'404':
$ref: '#/components/responses/NotFound'
patch:
operationId: updatePolicy
tags:
- Policies
summary: Update a Policy resource by UUID.
parameters:
- $ref: '#/components/parameters/Namespace'
- $ref: '#/components/parameters/Uuid'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/Policy'
responses:
'200':
description: The updated Policy resource.
content:
application/json:
schema:
$ref: '#/components/schemas/Policy'
'404':
$ref: '#/components/responses/NotFound'
delete:
operationId: deletePolicy
tags:
- Policies
summary: Delete a Policy resource by UUID.
parameters:
- $ref: '#/components/parameters/Namespace'
- $ref: '#/components/parameters/Uuid'
responses:
'200':
description: The Policy resource was deleted.
'404':
$ref: '#/components/responses/NotFound'
/namespaces/{namespace}/scan-results:
get:
operationId: listScanResults
tags:
- Scan Results
summary: List ScanResult resources in a namespace.
parameters:
- $ref: '#/components/parameters/Namespace'
- $ref: '#/components/parameters/Filter'
- $ref: '#/components/parameters/Mask'
- $ref: '#/components/parameters/PageSize'
- $ref: '#/components/parameters/PageToken'
responses:
'200':
description: A list of ScanResult resources.
content:
application/json:
schema:
$ref: '#/components/schemas/ScanResultList'
'401':
$ref: '#/components/responses/Unauthorized'
/namespaces/{namespace}/scan-results/{uuid}:
get:
operationId: getScanResult
tags:
- Scan Results
summary: Get a ScanResult resource by UUID.
parameters:
- $ref: '#/components/parameters/Namespace'
- $ref: '#/components/parameters/Uuid'
responses:
'200':
description: The requested ScanResult resource.
content:
application/json:
schema:
$ref: '#/components/schemas/ScanResult'
'404':
$ref: '#/components/responses/NotFound'
/namespaces/{namespace}/namespaces:
get:
operationId: listNamespaces
tags:
- Namespaces
summary: List child namespaces under a namespace.
parameters:
- $ref: '#/components/parameters/Namespace'
- $ref: '#/components/parameters/PageSize'
- $ref: '#/components/parameters/PageToken'
responses:
'200':
description: A list of Namespace resources.
content:
application/json:
schema:
$ref: '#/components/schemas/NamespaceList'
'401':
$ref: '#/components/responses/Unauthorized'
components:
securitySchemes:
bearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
description: >-
Bearer access token obtained from POST /v1/auth/api-key by exchanging
an Endor Labs API key and secret.
parameters:
Namespace:
name: namespace
in: path
required: true
description: The tenant namespace (tenant_meta.namespace) that scopes the resource.
schema:
type: string
Uuid:
name: uuid
in: path
required: true
description: The UUID of the resource.
schema:
type: string
Filter:
name: list_parameters.filter
in: query
required: false
description: Endor query-language filter expression applied to the resource list.
schema:
type: string
Mask:
name: list_parameters.mask
in: query
required: false
description: Comma-separated field mask selecting which fields to return.
schema:
type: string
PageSize:
name: list_parameters.page_size
in: query
required: false
description: Maximum number of resources to return per page.
schema:
type: integer
format: int32
PageToken:
name: list_parameters.page_token
in: query
required: false
description: Opaque token to retrieve the next page of results.
schema:
type: string
SortPath:
name: list_parameters.sort.path
in: query
required: false
description: Field path to sort the result set by.
schema:
type: string
Count:
name: list_parameters.count
in: query
required: false
description: When true, return only the count of matching resources.
schema:
type: boolean
responses:
Unauthorized:
description: Missing or invalid bearer access token.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
NotFound:
description: The requested resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
schemas:
ApiKeyRequest:
type: object
required:
- key
- secret
properties:
key:
type: string
description: The API key identifier.
secret:
type: string
description: The API key secret.
TokenResponse:
type: object
properties:
token:
type: string
description: The bearer access token.
expiration_time:
type: string
format: date-time
TenantMeta:
type: object
properties:
namespace:
type: string
description: The namespace the resource belongs to.
ResourceMeta:
type: object
properties:
name:
type: string
kind:
type: string
description:
type: string
version:
type: string
create_time:
type: string
format: date-time
update_time:
type: string
format: date-time
Project:
type: object
properties:
uuid:
type: string
meta:
$ref: '#/components/schemas/ResourceMeta'
tenant_meta:
$ref: '#/components/schemas/TenantMeta'
spec:
type: object
properties:
git:
type: object
properties:
http_clone_url:
type: string
full_name:
type: string
platform_source:
type: string
description: Source platform, e.g. GITHUB, GITLAB.
ProjectList:
type: object
properties:
list:
type: object
properties:
objects:
type: array
items:
$ref: '#/components/schemas/Project'
response:
$ref: '#/components/schemas/ListResponse'
PackageVersion:
type: object
properties:
uuid:
type: string
meta:
$ref: '#/components/schemas/ResourceMeta'
tenant_meta:
$ref: '#/components/schemas/TenantMeta'
spec:
type: object
properties:
ecosystem:
type: string
package_name:
type: string
version:
type: string
project_uuid:
type: string
PackageVersionList:
type: object
properties:
list:
type: object
properties:
objects:
type: array
items:
$ref: '#/components/schemas/PackageVersion'
response:
$ref: '#/components/schemas/ListResponse'
Finding:
type: object
properties:
uuid:
type: string
meta:
$ref: '#/components/schemas/ResourceMeta'
tenant_meta:
$ref: '#/components/schemas/TenantMeta'
spec:
type: object
properties:
finding_categories:
type: array
items:
type: string
level:
type: string
description: Severity level, e.g. FINDING_LEVEL_CRITICAL.
summary:
type: string
explanation:
type: string
target_uuid:
type: string
project_uuid:
type: string
finding_metadata:
type: object
properties:
vulnerability:
type: object
description: Vulnerability detail when the finding is a vulnerability.
reachability:
type: string
description: Reachability assessment for the finding.
FindingList:
type: object
properties:
list:
type: object
properties:
objects:
type: array
items:
$ref: '#/components/schemas/Finding'
response:
$ref: '#/components/schemas/ListResponse'
Policy:
type: object
properties:
uuid:
type: string
meta:
$ref: '#/components/schemas/ResourceMeta'
tenant_meta:
$ref: '#/components/schemas/TenantMeta'
spec:
type: object
properties:
policy_type:
type: string
resource_kinds:
type: array
items:
type: string
query_statements:
type: array
items:
type: string
rule:
type: string
disable:
type: boolean
PolicyList:
type: object
properties:
list:
type: object
properties:
objects:
type: array
items:
$ref: '#/components/schemas/Policy'
response:
$ref: '#/components/schemas/ListResponse'
ScanResult:
type: object
properties:
uuid:
type: string
meta:
$ref: '#/components/schemas/ResourceMeta'
tenant_meta:
$ref: '#/components/schemas/TenantMeta'
spec:
type: object
properties:
project_uuid:
type: string
type:
type: string
status:
type: string
start_time:
type: string
format: date-time
end_time:
type: string
format: date-time
ScanResultList:
type: object
properties:
list:
type: object
properties:
objects:
type: array
items:
$ref: '#/components/schemas/ScanResult'
response:
$ref: '#/components/schemas/ListResponse'
Namespace:
type: object
properties:
uuid:
type: string
meta:
$ref: '#/components/schemas/ResourceMeta'
tenant_meta:
$ref: '#/components/schemas/TenantMeta'
NamespaceList:
type: object
properties:
list:
type: object
properties:
objects:
type: array
items:
$ref: '#/components/schemas/Namespace'
response:
$ref: '#/components/schemas/ListResponse'
ListResponse:
type: object
properties:
next_page_token:
type: string
count:
type: integer
format: int32
Error:
type: object
properties:
code:
type: integer
format: int32
message:
type: string