Disclosures API

List disclosures

Retrieve a paginated list of all published disclosures.

GET /api/disclosures

Query parameters

Example request

curl https://cis.cveium.com/api/disclosures?page=1&limit=10

Example response

{
  "data": [
    {
      "id": "a1b2c3d4-...",
      "document_id": "DOC-001",
      "version": 1,
      "format": "cyclonedx_vex",
      "public_slug": "acme-server-2.1.0-vex",
      "content_hash": "sha256:abc123...",
      "published_at": "2026-02-08T14:30:00Z",
      "product": {
        "name": "Acme Web Server",
        "vendor": "Acme Corp"
      },
      "release": {
        "version": "2.1.0"
      },
      "links": {
        "self": "/api/disclosures/acme-server-2.1.0-vex",
        "raw": "/api/disclosures/acme-server-2.1.0-vex?format=raw"
      }
    }
  ],
  "meta": {
    "page": 1,
    "limit": 10,
    "total": 42,
    "totalPages": 5,
    "hasNextPage": true,
    "hasPrevPage": false
  },
  "links": {
    "self": "/api/disclosures?page=1&limit=10",
    "first": "/api/disclosures?page=1&limit=10",
    "last": "/api/disclosures?page=5&limit=10",
    "next": "/api/disclosures?page=2&limit=10"
  }
}

Get a single disclosure

Retrieve a specific disclosure by its public slug.

GET /api/disclosures/{slug}

Query parameters

JSON format (default)

Returns the full disclosure with metadata, snapshots, and VEX content.

curl https://cis.cveium.com/api/disclosures/acme-server-2.1.0-vex

Raw format

Returns the raw VEX document with appropriate content type headers. Useful for tools that consume VEX files directly.

curl https://cis.cveium.com/api/disclosures/acme-server-2.1.0-vex?format=raw

Response headers:

• Content-Type: Matches the VEX format (e.g., application/vnd.cyclonedx+json)
• X-Content-Hash: SHA-256 hash for integrity verification
• X-Content-Signature: HMAC-SHA256 signature (if signing is configured)