This site uses cookies for managing your session and website analytics purposes. Allow Cookies

VulnIQ

How it works

VulnIQ automatically aggregates data from various sources, that you can configure yourself, and make them available through unified APIs. You can use VulnIQ APIs to integrate VulnIQ data into your existing applications and processes. Even if data formats at their sources change VulnIQ APIs will continue to work in a backwards compatible way so that you will not have to update your integrations everytime a data source or format changes.

Example use case:

Without VulnIQ maybe you can develop some code that will parse NVD feeds and add CVE data to your JIRA workflows. Even a single integration will require a significant amount of time and resources. But for all others, everyone working on a security issue will open a browser window and try to find relevant information manually.

With VulnIQ

Supported Input Data Formats

VulnIQ includes many data processors that can automatically download and process certain data formats. Even when running your private instance, all data will be updated automatically.

Structured Data

Unstructured Data

Integrations

APIs

Query endpoints

You can query and get all data using the API.
For example, https://vulniq.example.com/api/data/CVE-2018-6307/relations will return a list of data correlated with CVE-2018-6307.
Similarly https://vulniq-local.com/api/data/CVE-2017-7865/tags will return tags for this data(which actually returns 'buffer overflow', 'ffmpeg', 'heap'...).

Statistics endpoints

API endpoints for generating data statistics are also available. As the web UI is also built using the APIs, data for all charts available in the web UI is generated by API endpoints.
For example https://vulniq.example.com/api/vulnerability/stats?groupBy=date&startDate=2019-01-01 will return the number of vulnerabilities created in January 2019, grouped by date.
Likewise https://vulniq.example.com/api/git/stats?groupBy=date&startDate=2019-01-01 will return the number of git commits created in January 2019, grouped by date.

Administrative endpoints

All administrative functions such as creating or updating data sources can be performed using the API. The web UI also uses the same APIs.

Direct data store access

When running your private instances, as they will be your own servers/databases etc, you can query data stores directly. But this is not a recommended method as it may cause data integrity and performance problems. Direct data store access should be considered only as a last resort.