API & integrations

Connect your fleet's vulnerability data to your own tooling using the project API key.

API key

Each project has its own API key. Find and regenerate it on the project page in your dashboard. Authenticate every request with X-API-Key or Authorization: Bearer <key>. Scope is per project — the key only exposes that project's machines.

Agent audit endpoint

The install agent uploads scan results to POST /api/v1/audit using the project API key. You normally don't call this directly — the agent script does it after each scan.

Prometheus /metrics

Scrape your vulnerabilities into Prometheus and chart them on Grafana. GET /api/v1/metrics returns Prometheus text exposition format, scoped to the project key. Add this scrape job:

scrape_configs:
  - job_name: cve-platform
    scheme: https
    metrics_path: /api/v1/metrics
    authorization:
      type: Bearer
      credentials: "<PROJECT_API_KEY>"
    static_configs:
      - targets: ["secvalis.eu"]

Exported metrics

  • cve_machines_totalactive machines in the project
  • cve_findings{severity}CVE count by severity (project total)
  • cve_machine_findings{machine,severity}CVE count per machine by severity
  • cve_machine_last_scan_timestamp_seconds{machine}unix timestamp of last scan

Bearer auth is supported natively by Prometheus (every version). Series cardinality is bounded by your plan's machine slots.

Notifications & ChatOps

Under Settings → Notifications you can send new-CVE alerts and scheduled digests to email, Telegram, a generic webhook, or a chat channel — Slack, Microsoft Teams or Discord. Each alert and digest arrives as a native card (Slack Block Kit, Teams Adaptive Card, Discord embed), not a raw link. Configure the channel, frequency and severity threshold per account; use the built-in Test button to confirm delivery before you rely on it.

More integrations are on the way. Have one in mind? Tell us.

Need your key? See Getting started.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS