Introducing Leen's V2 API for Vulnerability Data

When we founded Leen, we set out to solve one of the most persistent challenges in the security industry: the fragmentation of security data across disparate tools and categories.

Over the past year, we’ve partnered closely with security teams from dozens of organizations—across GRC, cyber insurance, CTEM, and vulnerability prioritization—and a consistent theme emerged: teams want a unified view of their security data, not one fragmented by product or vendor categories.

And as engineering practices evolve and vendors continue to rebrand, make acquisitions, and launch overlapping products, the lines between categories like application and infrastructure have become increasingly blurred.

And we heard our customers echo that sentiment. Their teams increasingly expect a unified view — one that’s not tied to how a product is marketed, but to how the data actually helps them make decisions. Whether responding to an auditor, checking SLA compliance or triaging high-severity findings, the message was consistent: consolidate, simplify, and prioritize.

This insight, coupled with the importance to align with authoritative sources like NVD and their taxonomy, led us to reimagine our approach from the ground up. Drawing inspiration from the Open Cybersecurity Schema Framework (OCSF), we are today launching our V2 model—starting with vulnerabilities—to make security data more universally accessible. By removing the categories from our API and focusing on just the data itself, we’re making it easier for teams to get what they need, regardless of where the signal comes from.

Designing the Vulnerability Finding Model

We arrived at three core design principles that constitute the V2 model:

1. A consolidated Model for All Vulnerability Findings: We’ve built one flexible model for all vulnerabilities, so security teams don’t have to deal with different data formats from different tools.
2. Resource-first Thinking: We've placed the affected resource at the center of our data model. Whether it's a file in a code repository, a container image, a cloud bucket, or a network endpoint, the resource is what security teams ultimately need to secure. This approach aligns with how modern security teams operate and enables easier prioritization.
3. Explicit Vulnerability Linkage: Using knowledge bases like NVD, we now relate every finding to known vulnerabilities (CVEs) and propagate helpful details like severity, type, weaknesses, etc. So your team has clear, comprehensive and up to date info.

The V2 Model: Key Improvements

1. Unified Resources Model: One Schema for All Asset Types

The vulnerability finding model is core to the improvements in the unified resources model.

In V1, each finding type was tightly coupled with a specific resource type for each category. For example, Vulnerabilities were tied to a Device, Issues were tied to a Repository, and Cloud findings were tied to a Host. This required developers to implement different processing logic for each type.

What’s changed:

V2 consolidates these different resource types into a single, consistent resource model within the unified vulnerability finding. Our V2 model also extends this scope to include more complex/specific resource types such as containers, images, services, and buckets. This allows teams to associate findings with their resources in a consistent, unified manner, removing the need to write specific processing logic for each category.

‍Benefits:

• Single, predictable data structure for all resource types
• Consistent field naming across resource types
• Simplified client code that can process any resource type with the same logic
• Reduced API complexity and improved developer experience
• Flexibility for adding new resource types in the future

2. Streamlined Access to Critical Vulnerability Data (CVE, CVSS, CWE)

In V1, all fields like cvss_base_score, vector, cve, cwe, severity are directly on the main object. i.e. in a flat and directly at the top level.

V1 Example:

‍

‍What’s changed:

In V2, these attributes are organized within a dedicated vulnerabilities array, providing a consolidated view while supporting richer metadata such as multiple CVSS scores, publication history, external references, and associated weakness categories.

V2 Example:

‍

3.  Improved Vendor Data Organization

In V1, vendor-specific data was inconsistently structured across different parts of the response.

V1 Example:

‍What’s changed:

The V2 model standardizes all vendor-related fields under a consistent pattern, with core vendor information at the top level and extended vendor data organized within vendor_attributes

V2 Example:

‍Benefits:

• Cleaner separation between standardized and vendor-specific fields
• Easier to integrate across multiple vendors using shared logic
• More resilient to changes in vendor metadata schemas
• Simplifies mapping and normalization during data ingestion
• Supports long-term interoperability with vendor APIs and tools

Why It Matters

1. One Normalized Model to Manage All Vulnerabilities: The V2 model eliminates the complexity of juggling different security taxonomies, enabling teams to apply consistent workflows across all vulnerability types. Whether addressing cloud misconfigurations or code vulnerabilities, teams work within a single, coherent framework that accelerates time-to-remediation.‍
2. Structured Enrichment & Easier Correlation: V2 enriches each finding with threat intelligence and highlights connections across systems, so teams get the full picture without extra effort — no matter the tool or environment size. No complex data wrangling required.‍
3. Simplified Resource Inventory Management: Another key strength of our V2 model is its ability to simplify resource inventory management. By implementing a consolidated resources model, we've created a much tighter relationship between resources and their vulnerabilities. Teams can now build clean, comprehensive resource inventories with direct linkages to every detected vulnerability (enabling bidirectional visibility).

The launch of our V2 API with GitLab, Tanium, and Upwind is just the beginning. We're continuing to expand our library of integrations and enrich our vulnerability intelligence to provide even more context for security decision-making.

We invite you to explore the power of unified vulnerability data with Leen. For more information on the technical details and API, visit our docs here.