API & integrations
Connect your fleet's vulnerability data to your own tooling using the project API key.
API key
Each project has its own API key. Find and regenerate it on the project page in your dashboard. Authenticate every request with X-API-Key or Authorization: Bearer <key>. Scope is per project — the key only exposes that project's machines.
Agent audit endpoint
The install agent uploads scan results to POST /api/v1/audit using the project API key. You normally don't call this directly — the agent script does it after each scan.
Prometheus /metrics
Scrape your vulnerabilities into Prometheus and chart them on Grafana. GET /api/v1/metrics returns Prometheus text exposition format, scoped to the project key. Add this scrape job:
scrape_configs:
- job_name: cve-platform
scheme: https
metrics_path: /api/v1/metrics
authorization:
type: Bearer
credentials: "<PROJECT_API_KEY>"
static_configs:
- targets: ["secvalis.eu"]Exported metrics
cve_machines_total— active machines in the projectcve_findings{severity}— CVE count by severity (project total)cve_machine_findings{machine,severity}— CVE count per machine by severitycve_machine_last_scan_timestamp_seconds{machine}— unix timestamp of last scan
Bearer auth is supported natively by Prometheus (every version). Series cardinality is bounded by your plan's machine slots.
Notifications & ChatOps
Under Settings → Notifications you can send new-CVE alerts and scheduled digests to email, Telegram, a generic webhook, or a chat channel — Slack, Microsoft Teams or Discord. Each alert and digest arrives as a native card (Slack Block Kit, Teams Adaptive Card, Discord embed), not a raw link. Configure the channel, frequency and severity threshold per account; use the built-in Test button to confirm delivery before you rely on it.
More integrations are on the way. Have one in mind? Tell us.
Need your key? See Getting started.

