Meta Control Plane

Bowtie’s meta control plane is a central API that serves Bowtie Downloads and other information.

In addition to product download interfaces, a variety of self-documenting APIs are available for use in cases such as retrieving the latest package for a given operating system or software bill-of-materials (SBOM) and vulnerability data. Reference the OpenAPI endpoint for complete documentation:

• https://api.bowtie.works/swagger-ui/

Vulnerability Data

Each package may include optional vulnerability data populated by scan processes targeting the file.

Use the indicated API data link to view raw scan data about the indicated package.

Each package’s vulnerability scan results include findings from a variety of scanners and include on optional suppressed field on each vulnerability that denotes that the vulnerability may not apply to the indicated package. For example, the package name may refer to a software artifact from a different packaging ecosystem (for example, an npm package rather than a Linux distribution package), or the vulnerable package may not be used in a way that presents an exposure risk. When referencing this vulnerability data in your own systems, you are encouraged to key off the presence of the suppressed field to determine whether the finding is a false positive or not.