Skip to main content

Server Usage

dep-scan and cdxgen could be run in server mode. Use the included docker-compose file to get started.

git clone https://github.com/owasp-dep-scan/dep-scan
docker compose up
depscan --server --server-host 0.0.0.0 --server-port 7070

In server mode, use /cache endpoint to cache the vulnerability database.

# This would take over 5 minutes
curl http://0.0.0.0:7070/cache

Use the /scan endpoint to perform scans.

[!NOTE] The type parameter is mandatory in server mode.

  • Scanning a local directory. Scanning an SBOM file (present locally).
curl --json '{"path": "/tmp/vulnerable-aws-koa-app/sbom_file.json", "type": "js"}' http://0.0.0.0:7070/scan
  • Scanning a GitHub repo.
curl --json '{"url": "https://github.com/HooliCorp/vulnerable-aws-koa-app", "type": "js"}' http://0.0.0.0:7070/scan -o app.vdr.json
  • Uploading an SBOM file and generating results based on it.
curl -X POST -H 'Content-Type: multipart/form-data' -F 'file=@/tmp/app/sbom_file.json' http://0.0.0.0:7070/scan?type=js