Compliance & Audit API
Generate compliance attestation reports and export audit logs via the API.
Access compliance reports and audit logs programmatically for regulatory submissions and internal reviews.
Compliance Report
GET /api/compliance/{releaseId}/report
Scope: compliance:read
Generates an HTML compliance attestation report for a release. The report covers:
- EU Cyber Resilience Act (CRA) requirements
- US Executive Order 14028/14144 requirements
- NIST SSDF (SP 800-218) attestation checklist
- Product and release information
- SBOM details and component inventory
- Vulnerability scan results and disposition summary
- VEX document status
- SLA policy compliance
The HTML output is suitable for printing to PDF.
Example:
curl -H "Authorization: Bearer cvk_YOUR_KEY" \
-o compliance-report.html \
https://cis.cveium.com/api/compliance/{release-id}/report
Response headers:
| Header | Value |
|---|---|
Content-Type | text/html; charset=utf-8 |
Audit Log Export
GET /api/audit/export
Scope: audit:read
Exports audit log entries as a CSV file. Returns up to 10,000 rows.
Query parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
accountId | uuid | Yes | Account ID (must match API key's account) |
entityType | string | No | Filter by entity type (e.g. product, release, vex_document) |
action | string | No | Filter by action (e.g. create, update, submit, approve, publish) |
startDate | datetime | No | Include logs from this timestamp (ISO 8601) |
endDate | datetime | No | Include logs up to this timestamp (ISO 8601) |
CSV columns
| Column | Description |
|---|---|
timestamp | When the action occurred |
action | The action performed |
entity_type | Type of entity affected |
entity_id | ID of the entity |
entity_name | Name of the entity |
actor_email | Email of the user or service account |
actor_name | Display name of the actor |
changes | JSON summary of what changed |
Example:
curl -H "Authorization: Bearer cvk_YOUR_KEY" \ -o audit-log.csv \ "https://cis.cveium.com/api/audit/export?accountId=YOUR_ACCOUNT_ID&startDate=2026-01-01T00:00:00Z&action=publish"
Use cases
- Regulatory audits: Provide a complete trail of all disclosure activities
- Internal reviews: Track who made triage decisions and when
- Compliance evidence: Demonstrate timely response to new vulnerabilities
- Change tracking: Monitor product and release modifications