API Reference

Develocity Provenance Governor exposes a REST API for publishing attestations, evaluating policies, and querying package provenance data. All endpoints accept and return JSON, and errors follow the RFC 7807 Problem Details format.

The API serves two primary workflows: attestation publishing, where CI jobs submit build scan references and receive signed attestations stored in your attestation backend, and policy evaluation, where CI/CD pipelines request Policy Scan™ results to gate promotions and deployments.

Authentication uses OIDC bearer tokens or HTTP Basic credentials, governed by the access control policies you define in your application configuration. See Access Control for identity and permission setup.

  • Operations — Complete REST endpoint reference with request and response formats.

  • MCP Tools — MCP server tools for AI agent integration with supply chain data.

  • Error Handling — RFC 7807 Problem Details error format and status code reference.

  • Monitoring — Health checks, readiness probes, and Prometheus metrics.