********************
 Meta Control Plane
********************

Bowtie’s `meta control plane <https://api.bowtie.works>`_ is a central API that serves :doc:`bowtie-get` and other information.

In addition to product download interfaces, a variety of self-documenting APIs are available for use in cases such as retrieving the latest package for a given operating system or software bill-of-materials (SBOM) and vulnerability data.
Reference the OpenAPI endpoint for complete documentation:

- https://api.bowtie.works/swagger-ui/

.. _vulnerability-data:

====================
 Vulnerability Data
====================

Each package may include optional *vulnerability data* populated by scan processes targeting the file.

.. image:: _static/mcp-vuln.png

Use the indicated ``API data`` link to view raw scan data about the indicated package.

Each package’s vulnerability scan results include findings from a variety of scanners and include on optional ``suppressed`` field on each vulnerability that denotes that the vulnerability may not apply to the indicated package.
For example, the package name may refer to a software artifact from a different packaging ecosystem (for example, an ``npm`` package rather than a Linux distribution package), or the vulnerable package may not be used in a way that presents an exposure risk.
When referencing this vulnerability data in your own systems, you are encouraged to key off the presence of the ``suppressed`` field to determine whether the finding is a false positive or not.