Roles and Scopes

This table gives an overview of which role is allowed to execute which actions.

Function	Developer	Manager	Compliance Manager	Portfolio Manager	Account Manager	Enterprise Admin	Company Component Manager	Company Security Manager
CORE
/users
> GET nologin
> GET Keyusage
/accounts
> GET authorization
/imports
> POST
/projects
> GET
> POST
> DEL
> GET /partsList
> GET /sbom
/modules
> GET /modules
> DEL
> POST
> GET /partsList
/reports
> GET cveImpcat
> GET dashboard
> GET licenses
> GET versioning
> GET viability
> GET vulnerabilities
/scans
> GET
> POST
> GET /binaryLinks
> POST /binaryLinks
> POST reProcess
COMPLIANCE
/approvals
> POST
> GET
> POST approve
> POST reject
/check
> POST component
> POST license
REPOSITORY
> POST scan
> GET scan
> GET status
> GET results
VULNERABILITIES
> POST cveDetails
> POST cveFind
> GET cwes

Besides these we have a handful of public functions, which can be triggered by using the Release keys. Actually they are not really public, you will require the Release key to access the associated information, but everybody using the key will be able to access all information. Currently we have three documents, that can be retrieved:

• SBOM
• Notice File
• CSAF VEX