Firmware Security
Use the v1/firmware/security API to analyze your custom firmware for CVE vulnerabilities and get security reports.
Info
The Firmware Security API applies only to Digi ConnectCore firmware. To use it, you need a subscription to Digi ConnectCore Security Services. For more details and available plans, see the ConnectCore Security Services page.
URI
https://<hostname>/ws/v1/firmware/security
Formats
| HTTP method | Format | Description | Parameters | Body |
|---|---|---|---|---|
| POST | /ws/v1/firmware/security/inventory/{vendor_id}/ {device_type}/{firmware_version} | Creates an SBOM for the given firmware version | scan_frequency production email_notification | SBOM manifest package binary file as ‘application/octet-stream’ |
| GET | /ws/v1/firmware/security/inventory | Gets a list of all firmware SBOMs | size query cursor orderby | |
| GET | /ws/v1/firmware/security/inventory/{vendor_id}/ {device_type}/{firmware_version} | Gets the SBOM for the given firmware version | ||
| PUT | /ws/v1/firmware/security/inventory/{vendor_id}/ {device_type}/{firmware_version} | Updates the SBOM for the given firmware version | JSON with one or multiple of: ‘scan_frequency’, ‘production’, ’email_notification’ | |
| DELETE | /ws/v1/firmware/security/inventory/{vendor_id}/ {device_type}/{firmware_version} | Deletes the SBOM for the given firmware version | ||
| POST | /ws/v1/firmware/security/scans/inventory/ {vendor_id}/{device_type}/{firmware_version} | Scans the given firmware version for vulnerabilities | ||
| GET | /ws/v1/firmware/security/scans/inventory/ {vendor_id}/{device_type}/{firmware_version} | Gets a list of all scans for the given firmware version | size query cursor orderby | |
| GET | /ws/v1/firmware/security/report/{vendor_id}/ {device_type}/{firmware_version}/{latest | scan_id} | Gets the latest (or specific) security report for the given firmware version | format | |
| GET | /ws/v1/firmware/security/subscription | Gets the current subscription details and remaining scans | ||
| GET | /ws/v1/firmware/security/cve/inventory | Gets a list of all custom CVE statuses | size query cursor orderby | |
| GET | /ws/v1/firmware/security/cve/inventory/ {vendor_id}/{device_type}/{cve_id}/{package} | Gets the latest custom status for the given CVE and package | ||
| POST | /ws/v1/firmware/security/cve/inventory/ {vendor_id}/{device_type}/{cve_id}/{package} | Creates or updates a custom status for the given CVE and package | JSON with ‘scan_id’ and one or multiple of: ‘status’, ‘score’, ‘additional_details’ | |
| GET | /ws/v1/firmware/security/cve/history/ {vendor_id}/{device_type}/{cve_id}/{package} | Gets the history of custom statuses for the given CVE and package | size query cursor orderby |
Path Parameters
These parameters are required in the URL path of some API calls.
| Name | Type | Description |
|---|---|---|
| vendor_id | string | The vendor ID of the firmware in hex. For example, ConnectCore devices usually have a vendor ID of FE080003. |
| device_type | string | The device type of the firmware. Requires encoding special characters (link blanks) correctly. |
| firmware_version | string | The version of the firmware in dotted format (XX.XX.XX.XX) |
| latest | scan_id | string | Use latest to get the latest report, or provide a specific scan ID to get that report. |
| cve_id | string | The CVE identifier, e.g., CVE-2023-12345. |
| package | string | The package name affected by the CVE, e.g., libssl. |
Parameters
| Name | Type | Description |
|---|---|---|
| size | integer | Number of items to return. The maximum and default is 1000. |
| query | string | The Remote Manager query language query condition used to filter results. See v1 API Query Language. |
| cursor | string | Cursor to get the next page of devices. Omit on initial call. |
| orderby | string | Specify any field described in the query parameter syntax. Optionally add asc or desc to control the sort order. For example, to order with most recently created jobs first, specify orderby=id desc. Note The default sort order is desc (descending). |
| scan_frequency | string | How often to scan the firmware for vulnerabilities. One of: weekly, monthly, quarterly or manual. Default is manual. |
| production | boolean | Whether this firmware is used in production. If true, the SBOM cannot be overwritten. Default is false. |
| email_notification | boolean | Whether to send an email notification when a scan is completed. Default is false. |
| format | string | The format of the security report. So far, only pdf is available. If not specified, the report is returned in JSON format. |
| status | string | The custom status for the CVE. One of: fixed, resolved with pedigree, affected, in triage, false positive or not_affected. |
| score | decimal | The custom CVE score (0.0 - 10.0). |
| additional_details | string | Additional details about the custom CVE status. |