This feature is currently only available by request, please contact Tidelift support if you'd like to use it.
Scan API
The detailed Scan API is available as a REST endpoint or through the Tidelift CLI application. Issues found during the Scan will be populated in the response. Each issue found has fields specific to the type of issue that was discovered during the scan. Note that this is only available to customers not using a Tidelift Catalog.
Fields
| Field |
Description |
Type |
| id |
ID of the Scan |
String |
| status |
Last status of the Scan |
String |
| revision |
Revision of the project that was scanned |
String |
| branch |
Branch of the project that was scanned |
String |
| manifests |
Results from each manifest from the scan |
See manifests Below |
| public_link |
URL to see scan results in Tidelift |
String |
| public_status |
Last status of the Scan |
String |
| sha |
Revision of the project that was scanned |
String |
manifests
| Field |
Description |
Type |
| platform |
Package manager of the manifest |
String |
| paths |
Directory path and file name of the manifest |
Array(String) |
| issues |
See Issues |
String |
issues
There are a set of fields which are common for every type of issue. There are then some fields which are added based on the issue_type
| Field |
Description |
Type |
| platform |
Package manager for this package |
String |
| name |
Name of package |
String |
| version |
Version of package |
String |
| dependency_type |
Type of dependency it is in the manifest, ie "runtime" |
String |
| issue_type |
The type of issue found |
String |
| direct |
True if this package is declared directly in the manifest. False if this is a transient dependency. |
Boolean |
| action |
The issue's impact on the status of the Scan, ie "fail" or "warn" |
String |
| version_guidance |
Versions of the package that are recommended to use |
See Version Guidance Below |
| introduced_at |
Date when we first saw this issue for this project |
Date ISO8601 Format |
vulnerable issue type fields
| Field |
Description |
Type |
| cve |
CVE ID of the vulnerability |
String |
| title |
Title of the CVE |
String |
| description |
Description of the CVE |
String |
| url |
Reference URL from the CVE |
String |
| recommendation |
Recommendation on how to handle the vulnerability |
String |
license prohibited issue type fields
| Field |
Description |
Type |
| licenses |
licenses found for this package |
Array(String) |
| spdx_expression |
SPDX compliant expression used for the package license |
String |
| original_license |
Original text of the license for this package |
String |
| allowed |
If your Tidelift policy file allows this license in your project |
Boolean |
| disallowed |
If your Tidelift policy file does not allow this license |
Boolean |
| researched_by_tidelift |
If Tidelift has researched and verified this is the correct license for the package |
Boolean |
unlicensed issue type fields
| Field |
Description |
Type |
| researched_by_tidelift |
If Tidelift has researched and verified this is the correct license for the package |
Boolean |
broken issue type fields
| Field |
Description |
Type |
| reason |
Reason it is broken |
String |
unmaintained issue type fields
| Field |
Description |
Type |
| reasons |
Reasons we have found that indicate this package may be unmaintained |
Array(String) |
| close_rate_last_year |
The percentage of issues closed in the package repository in the last year |
Number |
| issues_prs_count_last_year |
Number of pull requests and issues closed in the package repository in the last year |
Number |
| latest_commit_time |
Date of the last commit found in the package repository |
Date |
non spdx license issue type fields
| Field |
Description |
Type |
| licenses |
licenses found for this package |
Array(String) |
| spdx_expression |
SPDX compliant expression used for the package license |
String |
| original_license |
Original text of the license for this package |
String |
version guidance fields
| Field |
Description |
Type |
| is_deprecated |
licenses found for this package |
Array(String) |
| deprecation_type |
SPDX compliant expression used for the package license |
String |
| deprecation_reason |
Original text of the license for this package |
String |
| stable_latest_stream |
The latest stable release stream for the package |
String |
| recommended_latest_stream |
The release recommended from the package's latest release stream |
String |
| recommended_current_stream |
The release recommended from the stream that is currently being used |
String |
