ARMO

ARMO is the cloud-native and Kubernetes security company behind the leading open-source project Kubescape. ARMO Platform is a runtime-driven CNAPP that unifies Kubernetes Security Posture Management (KSPM), vulnerability and image scanning, compliance frameworks, network and seccomp policy generation, and runtime Cloud Application Detection and Response (CADR) - correlating runtime behavior with posture and vulnerabilities to cut alert noise. ARMO exposes a documented REST API over HTTPS (base https://api.armosec.io/api/v1 in the EU region and https://api.us.armosec.io/api/v1 in the US region), authenticated with an account access key sent in the X-API-KEY header. The API covers clusters, workloads, vulnerabilities, posture and compliance, security risks, runtime incidents, attack chains, network and runtime policies, registry scanning, and integrations. API access is available to platform customers who have generated an Agent Access Key; the endpoints below are documented but the data returned requires a connected account and clusters.

9 APIs 0 Features
Kubernetes SecurityCloud Native SecurityCNAPPDevSecOpsKSPMVulnerability ManagementComplianceRuntime SecurityCADRKubescapeContainer Security

APIs

ARMO Vulnerabilities API

Query image and workload vulnerabilities discovered by ARMO. Issue scans for a workload or context, retrieve scan result summaries and details, severity roll-ups, top vulnerabil...

ARMO Posture and Compliance API

Kubernetes Security Posture Management (KSPM) results across compliance frameworks. Get per-framework scan summaries, control run results and framework sections, affected resour...

ARMO Clusters and Workloads API

Inventory of connected Kubernetes clusters and workloads. Retrieve the cluster list with history over time, list workloads with their vulnerability and posture context, and chec...

ARMO Runtime Incidents API

Runtime Cloud Application Detection and Response (CADR). List runtime incidents and their alerts, get an incident explanation, resolve or unresolve incidents, and get incidents ...

ARMO Security Risks and Attack Chains API

Prioritized, correlated security risks and attack chains. List security risks, the resources associated with them, and severity summaries, and retrieve attack chains that combin...

ARMO Network and Runtime Policies API

Generate and manage hardening policies from observed runtime behavior. Retrieve and generate Kubernetes network policies, generate and list seccomp profiles, and create runtime ...

ARMO Registry Scanning API

Scan container image registries on demand or on a schedule. Issue a registry scan or set a scan scheduler (cron), and update or delete the registry scan cron job.

ARMO Integrations API

Push ARMO findings into ticketing and collaboration tools. Configure Jira, look up projects, issue types, field schemas and values, create Jira issues from findings, and manage ...

ARMO Access Keys API

Programmatically manage the Agent Access Keys used to authenticate API calls. List, create, get by GUID, update, and delete access keys for your account.

Collections

Pricing Plans

Armosec Plans Pricing

4 plans

PLANS

Rate Limits

Armosec Rate Limits

3 limits

RATE LIMITS

FinOps

Resources

🔗
AgenticAccess
AgenticAccess
🔗
DomainSecurity
DomainSecurity
🔑
Authentication
Authentication
👥
GitHubOrganization
GitHubOrganization
🔗
LinkedIn
LinkedIn
🔗
Website
Website
🔗
Documentation
Documentation
🔗
Plans
Plans
🔗
RateLimits
RateLimits
🔗
FinOps
FinOps
📰
Blog
Blog

Sources

Raw ↑
opencollection: 1.0.0
info:
  name: ARMO Platform API
  version: '1.0'
request:
  auth:
    type: apikey
    apikey:
      in: header
      key: X-API-KEY
      value: '{{apiKey}}'
items:
- info:
    name: Vulnerabilities
    type: folder
  items:
  - info:
      name: Issue a vulnerability scan.
      type: http
    http:
      method: POST
      url: https://api.armosec.io/api/v1/vulnerability/scan
      body:
        type: json
        data: '{}'
    docs: Issues a vulnerability scan for a specific context or workload.
  - info:
      name: List vulnerabilities.
      type: http
    http:
      method: POST
      url: https://api.armosec.io/api/v1/vulnerabilities/list
      body:
        type: json
        data: '{}'
    docs: Retrieves a filtered, paginated list of vulnerabilities (CVEs).
  - info:
      name: List vulnerabilities by image.
      type: http
    http:
      method: POST
      url: https://api.armosec.io/api/v1/vulnerabilities/images/list
      body:
        type: json
        data: '{}'
    docs: Retrieves vulnerabilities scoped to container images.
  - info:
      name: Get vulnerability scan summary.
      type: http
    http:
      method: POST
      url: https://api.armosec.io/api/v1/vulnerability/scanResults/summary
      body:
        type: json
        data: '{}'
    docs: Returns a summary of a vulnerability scan.
- info:
    name: Posture and Compliance
    type: folder
  items:
  - info:
      name: Get posture frameworks summary.
      type: http
    http:
      method: POST
      url: https://api.armosec.io/api/v1/posture/frameworks
      body:
        type: json
        data: '{}'
    docs: Returns the scan summary for each compliance framework.
  - info:
      name: Get posture controls.
      type: http
    http:
      method: POST
      url: https://api.armosec.io/api/v1/posture/controls
      body:
        type: json
        data: '{}'
    docs: Returns the list of posture controls and their run results.
  - info:
      name: Get resources affected by posture issues.
      type: http
    http:
      method: POST
      url: https://api.armosec.io/api/v1/posture/resources
      body:
        type: json
        data: '{}'
    docs: Returns resources affected by posture issues.
- info:
    name: Clusters and Workloads
    type: folder
  items:
  - info:
      name: Get clusters with history.
      type: http
    http:
      method: POST
      url: https://api.armosec.io/api/v1/clusters/overtime
      body:
        type: json
        data: '{}'
    docs: Returns the list of connected clusters with historical posture over time.
  - info:
      name: List workloads.
      type: http
    http:
      method: POST
      url: https://api.armosec.io/api/v1/workload/list
      body:
        type: json
        data: '{}'
    docs: Retrieves workloads with their vulnerability and posture context.
- info:
    name: Runtime Incidents (CADR)
    type: folder
  items:
  - info:
      name: List runtime incidents.
      type: http
    http:
      method: GET
      url: https://api.armosec.io/api/v1/runtime/incidents
    docs: Retrieves all runtime incidents detected by ARMO's runtime sensor.
  - info:
      name: Get incident alerts.
      type: http
    http:
      method: GET
      url: https://api.armosec.io/api/v1/runtime/incidents/:incidentGUID/alerts
      params:
      - name: incidentGUID
        value: ''
        type: path
        description: The GUID of the runtime incident.
    docs: Retrieves alerts for a specific incident.
  - info:
      name: Resolve an incident.
      type: http
    http:
      method: POST
      url: https://api.armosec.io/api/v1/runtime/incidents/:incidentGUID/resolve
      params:
      - name: incidentGUID
        value: ''
        type: path
        description: The GUID of the runtime incident.
    docs: Marks a runtime incident as resolved.
- info:
    name: Security Risks and Attack Chains
    type: folder
  items:
  - info:
      name: List security risks.
      type: http
    http:
      method: GET
      url: https://api.armosec.io/api/v1/security/risks
    docs: Retrieves the list of correlated security risks.
  - info:
      name: Get attack chains.
      type: http
    http:
      method: GET
      url: https://api.armosec.io/api/v1/attack/chains
    docs: Retrieves attack chains matching the provided filters.
- info:
    name: Registry Scanning
    type: folder
  items:
  - info:
      name: Issue a registry scan.
      type: http
    http:
      method: POST
      url: https://api.armosec.io/api/v1/registry/scan
      body:
        type: json
        data: '{}'
    docs: Issues a container registry scan or sets a scan scheduler (cron).
- info:
    name: Integrations
    type: folder
  items:
  - info:
      name: Create a Jira issue.
      type: http
    http:
      method: POST
      url: https://api.armosec.io/api/v1/integrations/jira/issueV2
      body:
        type: json
        data: '{}'
    docs: Creates a Jira issue/ticket from an ARMO finding.
- info:
    name: Access Keys
    type: folder
  items:
  - info:
      name: List access keys.
      type: http
    http:
      method: GET
      url: https://api.armosec.io/api/v1/authentication/accessKeys
    docs: Retrieves all account access keys.
  - info:
      name: Create an access key.
      type: http
    http:
      method: POST
      url: https://api.armosec.io/api/v1/authentication/accessKeys
      body:
        type: json
        data: '{}'
    docs: Creates a new account access key.