Hex API

Vulnerability intelligence at machine speed.

Embed Maze artifact-level analysis directly into your development and security workflows. One API call to know if an artifact is safe — across software, firmware, AI models, and more.

Get API Access Read the Docs

Request

curl -X POST https://api.hex41.com/v1/analyze \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"package":"lodash","version":"4.17.21","registry":"npm"}'

Response

{
  "verdict": "clean",
  "risk_score": 0.02,
  "engines_detected": 0,
  "engines_total": 15
}

Capabilities

Everything you need to secure every artifact in your pipeline.

Real-Time Verdicts

Sub-second analysis results for any artifact. Get risk scores, vulnerability findings, and actionable intelligence instantly.

Batch Analysis

Submit hundreds of artifacts in a single request. Ideal for scanning entire dependency trees, container images, or fleet inventories.

Webhook Alerts

Get notified immediately when a previously-clean artifact turns malicious or a new vulnerability emerges — including pre-CVE detections.

SBOM Integration

Submit CycloneDX or SPDX SBOMs for full artifact tree analysis with a single API call.

Broad Artifact Coverage

Software, firmware, AI models, agents, containers, and extensions. One unified API across the AI-era enterprise stack.

Policy as Code

Define custom security rules and get automated pass/fail verdicts. Integrate policy enforcement directly into your pipeline.

Integrate in minutes, protect for good.

01

Get Your API Key

Sign up and receive your credentials in minutes.

02

Install the SDK

Available for Python, Node.js, Go, and REST.

03

Add to Your Pipeline

Drop the check into CI/CD, pre-commit hooks, or your IDE.

04

Monitor & Enforce

Continuous scanning with policy-based blocking.

Developer Experience

Simple by design. Powerful by default.

Single endpoint for all registries

Typed SDKs for Python, Node.js, and Go

Comprehensive error codes and retry logic

Rate limits designed for CI/CD scale

Python Node.js cURL 
from hex41 import HexAPI

client = HexAPI(api_key="YOUR_KEY")
result = client.analyze(
    package="requests",
    version="2.31.0",
    registry="pypi"
)

if result.risk_score > 0.7:
    print(f"BLOCKED: {result.summary}")

Start securing your pipeline today.

Get access to the Hex API and embed Maze vulnerability intelligence into every build, every pipeline, every artifact.

Get API Access View Documentation