Ossprey exposes a public REST API for triggering scans, retrieving scan results, and managing projects programmatically. The API is the same surface used by the dashboard and CI integrations, so anything you can do in the UI you can do via the API.
All endpoints require an API key passed in the Authorization header. API keys can be generated from the dashboard under your project settings.
- Submitting an SBOM or dependency manifest for scanning
- Polling scan status and fetching results
- Listing projects, scans, and detected findings
- Integrating Ossprey into custom CI/CD pipelines beyond the standard GitHub Action