GLOSI API Documentation
© 2026 Lineaje, Inc. All rights reserved. Proprietary and Confidential
Introduction
This reference describes the GLOSI REST API and Lineaje Query Language (LQL), enabling you to query component, vulnerability, and supply chain data programmatically.
GLOSI data is accessible via a REST endpoint. Lineaje exposes LQL on this endpoint to simplify queries and support advanced analytical use cases. LQL is a flexible query language designed to search and analyze GLOSI data. It provides an intuitive syntax for filtering, aggregating, and visualizing data related to components and vulnerabilities.
Deployment Models
GLOSI supports two deployment models:
Local deployment — GLOSI is deployed within the customer's own infrastructure. The API endpoint is local to the customer environment.
Cloud API — Lineaje hosts the GLOSI endpoint. No local deployment is required.
API Endpoint
Endpoint URLs
Use the endpoint that matches your deployment model:
Local deployment
http://:8000/api/v2/lql/components
Lineaje Cloud
https://data-service-v2-apigw.commercialdev.dev.veedna.com/api/v2/lql/components
Request
Method: POST
Request Headers
accept
No
Accepted response media types. Recommended: application/json, text/plain, /
content-type
Yes
Must be application/json
company-id
Yes
Your Lineaje company identifier (for example: vdna_994mgmr65tculnfy)
product-id
No
Product identifier. Use 1 for the default product scope.
Request Body Parameters
lql
string
Yes
The LQL query string. See LQL Syntax for the full grammar.
limit
integer
No
Maximum number of results to return per page. Default: 10.
page_no
integer
No
Page number for paginated results. Default: 1.
is_opensource
boolean
No
When true, restricts results to open-source packages only.
include_raw_data
boolean
No
When false, the raw document array in the response is empty. Use false with chart table() to return only function results. Default: false.
Example request:
Response
Pagination Fields
Every response includes these top-level pagination fields:
total_hits
Total number of records matching the query.
total_docs
Number of records returned on this page.
current_page
The current page number.
total_pages
Total number of available pages.
Result Fields
Result data appears under keys named after the query components:
"<search_term>"
Array of raw matching documents. Empty when include_raw_data is false.
"function: "
Array of rows produced by the function (for example: chart table()). Present only when a function is included in the LQL query.
all_columns
All field names available in the result set (returned with chart table()).
default_columns
The fields requested in the chart table() call.
LQL Syntax
An LQL query consists of up to four components, evaluated left to right and separated by the pipe character (|):
search_term | function parameters | command(parameters) | clause parameters
Each query must contain:
Exactly one search term
Zero or more functions
Zero or more commands
Zero or more clauses
Search Terms
Search terms are the foundation of any LQL query. They act like a database WHERE clause, defining which records to include. When submitted without any other component, LQL returns the raw matching documents.
Search terms support exact matching, wildcards, ranges, and logical operators:
Functions
Use functions to perform calculations or transformations on your data, producing aggregate results rather than individual records. Functions are useful for data analysis and visualization:
Commands
Commands modify how search results are processed or presented. They transform the result set without changing which records are included. Apply commands using the pipe (|) symbol:
Commands are processed left to right, each operating on the output of the previous one.
Clauses
Clauses extend function capabilities by specifying how results are grouped or filtered. The most common clause is by, which groups function results:
Clauses support nested aggregations for hierarchical grouping:
Evaluation Order
LQL queries are evaluated strictly from left to right. Think of each component as building on the previous one:
Logical operators work at two levels:
Between different fields: connect complete search conditions (for example, field1=value $AND field2=value).
Within the same field: connect multiple values for one field (for example, field=value1 $OR value2).
Example showing operator precedence:
Querying by Data Type
Start your search term with the appropriate prefix for the data type you want to query:
Packages / components
package.= example: package.name=log4j*
Vulnerabilities
vulnerability.= example: vulnerability.name=CVE-1234*
Code quality issues
code_quality.= example: code_quality.name=EOL
Security posture
security_posture.= example: security_posture.severity=*
Commits
commits.= example: commits.country_code=*
Search Examples — Raw Data
The following examples use a search term only. The response contains all document fields. Set include_raw_data to true (or omit include_raw_data) to receive full document bodies.
Search for a Package by Name
Returns all log4j packages with their full field set.
Response (abbreviated):
Search for a Specific Vulnerability
Returns all packages affected by CVE-2021-23406.
Response (abbreviated):
Search Examples — Specific Fields
Use the chart table() function to specify exactly which fields to return. When include_raw_data is false, the raw document array is empty and results appear under the "function: chart table(...)" key.
All Versions of log4j
Response:
Versions of log4j with Vulnerabilities
Response (abbreviated):
Critical Vulnerabilities in a Date Range
Returns log4j packages with critical vulnerabilities created between 1 June 2025 01:00 and 30 June 2025 14:00, sorted by package name.
Critical Vulnerabilities from a Verified Supplier (Last 120 Days)
Returns log4j packages with critical vulnerabilities, created within the last 120 days, from a verified supplier, sorted by vulnerability name.
LQL Quick Reference
Search Term Operators
field=value
Exact match. example: vulnerability.severity=critical
field=value*
Starts with. example: vulnerability.name=CVE-28*
field=value
Contains. example: vulnerability.name=VE-28
field=*
Any value (field exists). example: vulnerability.severity=*
field!=value
Not equal. example: vulnerability.is_exploited!=true
field>value
Greater than. example: risk_level.score > 9
field>=value
Greater than or equal. example: project.created >= 2025-06-24
field<value
Less than. example: risk_level.score < 9
field<=value
Less than or equal. example: project.created <= 2025-06-24
field=value with spaces
Exact match including spaces. example: project.name=Apache Software Foundation
Logical Operators
field1=value1 $AND field2=value2
Both conditions must match.
field1=value1 $OR field2=value2
Either condition must match.
field=value1 $AND value2
Field equals value1 AND value2.
field=value1 $OR value2
Field equals value1 OR value2.
Functions
| stats avg(field, ...)
Average value of the field.
| stats count(field, ...)
Count occurrences of the field.
| stats max(field, ...)
Maximum value of the field.
| stats min(field, ...)
Minimum value of the field.
| stats sum(field, ...)
Sum of the field values.
| stats unique(field, ...)
Unique values of the field.
| stats unique_values(field, ...)
Unique values of the field (alias).
| stats unique_count(field, ...)
Count of distinct values.
| stats top_hits(N)
Top N hits for the search term results.
| chart table(field, ...)
Format results as a table with specified fields.
| chart table_fold(field, ...)
Format results as a folded table.
| chart histogram(field, ...)
Create a histogram of field values.
Commands
| sort(field:asc)
Sort ascending. example: | sort(project.name:asc)
| sort(field:desc)
Sort descending. example: | sort(project.name:desc)
| sort(field1:asc, field2:desc)
Sort by multiple fields. example: | sort(project.name:asc, package.name:asc)
| collapse(field)
Group by field; return top document per group. example: | collapse(package.purl)
| collapse_latest(field)
Group by field; return latest document per group. example: | collapse_latest(package.purl)
| boost(field1:2.0, field2:1.5)
Boost relevance score for specific fields.
| histogram_interval(field:interval)
Set histogram interval for date fields. example: | histogram_interval(field1:day, field2:month, field3:100)
Clauses
Append a by clause to any stats or chart function to group results:
| stats count(field) by (group_field)
Count field values, grouped by group_field.
| stats avg(field) by (group_field)
Average field values, grouped by group_field.
| stats max(field) by (group_field)
Maximum field values, grouped by group_field.
| stats min(field) by (group_field)
Minimum field values, grouped by group_field.
| stats sum(field) by (group_field)
Sum field values, grouped by group_field.
| stats unique(field) by (group_field)
Unique field values, grouped by group_field.
| stats unique_count(field) by (group_field)
Count of distinct values, grouped by group_field.
| stats unique_values(field) by (group_field)
Unique values, grouped by group_field.
| chart table(field) by (group_field)
Table of field values, grouped by group_field.
| chart table_fold(field) by (group_field)
Folded table, grouped by group_field.
| chart histogram(field) by (group_field)
Histogram, grouped by group_field.
Best Practices
Be as specific as possible with search terms to improve query performance.
For complex aggregations, consider splitting into multiple focused queries.
When searching for exact matches, avoid wildcards.
For time-based queries, use ISO date format (YYYY-MM-DD) for precision.
Use chart table() with a limited set of fields to reduce response size and improve readability.
LQL Field Glossary
The following tables list the queryable fields for each entity type. Use these field names in LQL search terms and functions.
Package
package.purl
Package URL (purl).
package.name
Package name.
package.version
Package version.
package.pkg_manager
Package manager (for example: maven, npm).
package.download_loc
Package download location.
package.checksum.md5
MD5 checksum.
package.checksum.sha1
SHA-1 checksum.
package.checksum.sha256
SHA-256 checksum.
package.checksum.sha512
SHA-512 checksum.
package.description
Package description.
package.last_modified
Date the package was last modified.
package.license
Package license.
package.license.url
License URL.
package.license.version
License version.
package.license.full_name
Full license name.
package.license.short_id
License SPDX short identifier.
package.license.is_opensource
Whether the license is open source.
package.supplier
Package supplier name.
package.supplier_info.name
Supplier name.
package.supplier_info.org
Supplier organization.
package.supplier_info.home_page
Supplier home page URL.
package.supplier_info.is_verified
Whether the supplier is verified.
package.total_vulnerability_count
Total number of vulnerabilities.
package.total_fixed_vulnerability_count
Number of fixed vulnerabilities.
package.category
Package category.
package.classification
Package classification.
package.cpes
Common Platform Enumeration (CPE) entries.
package.file_name
Package file name.
package.files_analysed
Whether package files were analyzed.
package.friendly_name
Human-readable package name.
package.id
Package identifier.
package.license_category
License category.
package.license_name
License name.
package.scope
Package scope (for example: required, optional).
package.src_info
Source information.
package.vuln_fixed_info.major.count
Count of major-version fixes available.
package.vuln_fixed_info.major.version
Major version that fixes the vulnerability.
package.vuln_fixed_info.minor.count
Count of minor-version fixes available.
package.vuln_fixed_info.minor.version
Minor version that fixes the vulnerability.
package.vuln_fixed_info.patch.count
Count of patch-version fixes available.
package.vuln_fixed_info.patch.version
Patch version that fixes the vulnerability.
package.vuln_fixed_info.upgrade.count
Count of upgrade-version fixes available.
package.vuln_fixed_info.upgrade.version
Upgrade version that fixes the vulnerability.
Image
image.name
Image name.
image.version
Image version.
image.os
Operating system.
image.tags
Image tags.
image.manifest
Image manifest.
image.owner
Image owner.
image.size
Image size.
image.architecture
Image architecture.
image.repo_checksum
Repository checksum.
image.layer.checksum.sha256
Layer SHA-256 checksum.
image.layer.size
Layer size.
image.download_loc
Download location.
image.config
Image configuration.
image.desc
Image description.
image.docker_version
Docker version.
image.file_name
Image file name.
image.image_created
Image creation timestamp.
Vulnerability
vulnerability.name
Vulnerability identifier (for example: CVE-2025-1234, GHSA-xxx).
vulnerability.score
Vulnerability score.
vulnerability.severity
Severity level: Critical, High, Medium, Low, or Unknown.
vulnerability.base_score
CVSS base score.
vulnerability.name_space
Vulnerability namespace (for example: NVD, Ubuntu).
vulnerability.description
Vulnerability description.
vulnerability.vector
CVSS vector string.
vulnerability.vuln_created
Date the vulnerability was first disclosed publicly.
vulnerability.vuln_modified
Date the vulnerability record was last modified.
vulnerability.vuln_withdrawn
Date the vulnerability was withdrawn.
vulnerability.fix_state
Fix state (for example: fixed, not-fixed).
vulnerability.fix_versions
Versions that include a fix.
vulnerability.impact_score
CVSS impact score.
vulnerability.exploitability_score
CVSS exploitability score.
vulnerability.is_exploited
Whether the vulnerability is actively exploited.
vulnerability.affected_versions
Affected package versions.
vulnerability.category
Vulnerability category.
vulnerability.collector
Data collector.
vulnerability.data_source
Source URL for the vulnerability data.
vulnerability.origin
Origin of the vulnerability record.
vulnerability.package_purl
PURL of the affected package.
vulnerability.package.name
Name of the affected package.
vulnerability.package.version
Version of the affected package.
vulnerability.package.pkg_manager
Package manager of the affected package.
vulnerability.mitigated.status
Mitigation status.
vulnerability.target
Vulnerability target (PURL).
Attestation
attestation_level.lcal
Attestation level score (integer 0–4, corresponding to LCAL-0 through LCAL-4).
Risk Score
risk_level.score
Risk level score (float 0.0–10.0). Maps to IRLC, IRLH, IRLM, IRLL, or ZIRL.
risk_level.severity
Risk level severity label.
Security Posture
security_posture.name
Check name. Values: Branch-Protection, Pinned-Dependencies, Dangerous-Workflow, SAST, Dependency-Update-Tool, Security-Policy, Fuzzing, Token-Permissions, Packaging, Webhooks, Embedded Secrets.
security_posture.score
Check score.
security_posture.severity
Check severity.
security_posture.reason
Reason for the score.
security_posture.desc
Check description.
security_posture.entropy
Entropy measurement.
security_posture.author
Check author.
security_posture.commit
Associated commit.
security_posture.complexity
Complexity score.
security_posture.created
Check creation date.
security_posture.documentation_url
Documentation URL for the check.
security_posture.fingerprint
Fingerprint.
security_posture.language
Programming language.
security_posture.origin
Origin of the check.
security_posture.rule_id
Rule identifier.
security_posture.source_code.name
Source code repository name.
security_posture.source_code.version
Source code version.
security_posture.source_link
Source link URL.
Code Quality
code_quality.name
Check name. Values: Embedded Secrets, Binary-Artifacts, CII-Best-Practices, Fuzzing, Gitleaks, CI-Tests, Code-Review, Maintained.
code_quality.score
Check score.
code_quality.severity
Check severity.
code_quality.reason
Reason for the score.
code_quality.desc
Check description.
code_quality.author
Check author.
code_quality.checksum.md5
MD5 checksum.
code_quality.checksum.sha1
SHA-1 checksum.
code_quality.checksum.sha256
SHA-256 checksum.
code_quality.commit
Associated commit name.
code_quality.complexity
Complexity score.
code_quality.created
Check creation date.
code_quality.documentation_url
Documentation URL.
code_quality.entropy
Entropy measurement.
code_quality.fingerprint
Fingerprint.
code_quality.language
Programming language.
code_quality.origin
Origin of the check.
code_quality.rule_id
Rule identifier.
code_quality.source_code.name
Source code repository name.
code_quality.source_code.version
Source code version.
code_quality.source_link
Source link URL.
Source Code
source_code.loc
Repository URL (for example: https://github.com//).
source_code.version
Source code version.
source_code.tag
Tag or branch name.
source_code.code_quality_score
Code quality score.
source_code.contributors_count
Number of contributors.
source_code.total_commits
Total number of commits.
source_code.first_commit
Date of the first commit.
source_code.last_commit
Date of the most recent commit.
source_code.is_opensource
Whether the repository is open source.
source_code.direct_dep_count
Count of direct dependencies.
source_code.transitive_dep_count
Count of transitive dependencies.
source_code.friendly_name
Human-readable name.
source_code.id
Source code identifier.
source_code.is_suspicious_activity
Whether suspicious activity has been detected.
source_code.languages
Programming languages used.
source_code.latest_version
Latest available version.
source_code.latest_version_date
Date of the latest version.
source_code.name
Repository name.
source_code.score
Overall score.
source_code.security_posture_score
Security posture score.
source_code.src_code_created
Repository creation date.
source_code.url
Repository URL.
Provenance
provenance.country.code
Country code for the contributor.
provenance.timezone
Contributor timezone.
provenance.contributor_commit_count
Number of commits by this contributor.
provenance.contributor_link
Link to the contributor profile.
provenance.contributor.commits
Contributor commits.
provenance.contributor.email
Contributor email.
provenance.contributor.is_suspicious
Whether the contributor is flagged as suspicious.
provenance.contributor.name
Contributor name.
provenance.count
Total contributor count.
provenance.country_code
Country code (alias).
Contributor / Commits
contributor.name
Contributor name.
contributor.email
Contributor email.
contributor.id
Contributor identifier.
contributor.commits
Number of commits.
contributor.is_suspicious
Whether the contributor is flagged as suspicious.
contributor.link
Contributor profile link.
commits.commit
Commit name.
commits.contributor_commit_count
Number of commits by the contributor.
commits.contributor_email
Contributor email.
commits.contributor_link
Contributor profile link.
commits.contributor.country.code
Contributor country code.
commits.contributor.is_suspicious
Whether the contributor is flagged as suspicious.
commits.contributor.name
Contributor name.
commits.count
Total commit count.
commits.country_code
Country code associated with the commits.
commits.timezone
Timezone associated with the commits.
License
license.url
License URL.
license.category
License category.
license.fullname
Full license name.
license.is_deprecated
Whether the license identifier is deprecated.
license.is_opensource
Whether the license is an open-source license.
license.is_osi_approved
Whether the license is OSI-approved.
license.license_id
License identifier.
license.name
License name.
license.full_name
Full license name (alias).
license.short_id
SPDX short license identifier.
license.version
License version.
license.details_url
License details URL.
license.references
License reference links.
Supplier
supplier.name
Supplier name.
supplier.is_verified
Whether the supplier is verified.
supplier.organisation
Supplier organization.
supplier.verified
Verification status (alias for is_verified).
supplier_info.name
Supplier info name.
Last updated