PodArmor docs
API

Public REST API (v1)

Read-only access to your catalog, SBOMs, and vulnerability data.

The /v1 API gives programmatic, read-only access to everything you're licensed for. Authenticate with a scoped API key. The machine-readable spec is at /v1/openapi.json, and the in-portal Developer page has live examples.

Base URL: https://<your-subdomain>.app.podarmor.dev

Endpoints

Method & pathScopeReturns
GET /v1/imagesread:catalogEvery licensed image + its latest version
GET /v1/images/{id}read:catalogImage detail: base OS, size, latest-version severity counts
GET /v1/images/{id}/sbom?format=cyclonedx|spdxread:sbomThe signed SBOM, verbatim
GET /v1/images/{id}/vulnerabilitiesread:vulnsVulnerabilities on the latest version, with fix state
GET /v1/cve/{cveId}read:vulnsWhich of your images carry a given CVE
GET /v1/openapi.json— (public)The OpenAPI 3.0 spec

Example: gate CI on critical CVEs

IMG=$(curl -s -H "Authorization: Bearer $PODARMOR_KEY" \
  $BASE/v1/images | jq -r '.images[] | select(.name=="nginx") | .id')

CRIT=$(curl -s -H "Authorization: Bearer $PODARMOR_KEY" \
  $BASE/v1/images/$IMG | jq '.vulnerabilityCounts.critical')

[ "$CRIT" -gt 0 ] && { echo "blocked: $CRIT critical CVEs"; exit 1; } || echo "clear"

Cross-tenant access is impossible — every response is scoped to the key's tenant, and an unknown image id returns 404. Requests are rate-limited per key.

On this page