Update Scripts API

This API enables you to update the script.

API Version History

The following table depicts the information about the different versions of this API along with the status:

API Version API Status Deprecation Date Deletion Date
v4.0 Active N/A N/A
v3.0 Deprecated Feb 2025 August 2025

v4.0

PATCH  /sm/v4/script/{id}

Input ParametersInput Parameters

Parameter Optional
/Mandatory
Data Type Description
categoryId Optional Long Provide the category of script based on categories like general automation, data collection, and backup.
content Optional String

Parameter to pass the script content.

Note: Script Content should be passed with base64 encoding. If not passed in the request, script content will be pulled from github params in the request. If github parameters are also not passed then error message is shown

comment Optional String

Provide consent comment for updating the script contents and passed in this key.

Note: It is if the content of the script is changed from existing.

githubInputURL Optional String

Provide a complete github file path for which we want to create script content. If the content is not provided it is mandatory.

Note: If the script repo is private then 'gitHubToken' also needs to be passed in the request.

gitHubUser Optional String Provide a github user that has a github account. If the content is not provided, it is mandatory.
gitHubRepo Optional String Provide the name of the github repository. If the content is not provided, it is mandatory.
gitHubFilePath Optional String Provide a relative github file path for which we want to create as script content. If the content is not provided, it is mandatory.
gitHubBranch Optional String Provide the github branch name. If the content is not provided, it is mandatory.
gitHubToken Optional String Provide a github token to access a private github repository. For private repository, it is mandatory
gitHubSyncEnabled Optional Boolean Enable the GitHub script to sync with the created script.
gitHubAutoSync Optional Boolean Enable GitHub autosync with the created script.
scriptApprovalUser
Consent
Optional Boolean Create a script in an approval state or not. Deafult Value - False
customQid.title Optional String Provide the qid title. Default script title is applied if not passed.
customQid.type Optional String Provide the type of QID. Currently its supported type is only - "Detection QID".
customQid.qds Optional String Provide TruRisk QDS score.
customQid.cveIds Optional String Provide a CVE ID that is associated with a specific QID.
customQid.impact Optional String Provide the details of the possible outcome if the vulnerability is exploited.
customQid.solution Optional String Provide a verified solution for the impact.
customQid.
bugTrackIds
Optional String Provide a URL or an ID as an additional reference.
customQid.return
CodeStatusMap
Optional List of returnCode and Status

Get return code and the status based on the script you provide.

Note: If returnCode not passed, default 0 will be considered.

threshold Optional Long Provide the specific time that defines how long the script must run. You can specify the time in seconds.

hasParameters

Optional

(This is mandatory only
if you want to
define the params.key 
and params.value 
parameter.)

Boolean

Provide this value as true if you want to define the script parameters.

Default value is false.

Note: This parameter is only applicable when you want to create a parameterized script.

params.key

Mandatory

(This is mandatory
when the 
hasParameters
value is true.)

String

Provide the Base64 encoded string value.

params.value

Mandatory

(This is mandatory
when the
hasParameters
value is true.)

String

Provide the Base64 encoded string value.

detectionRegex Optional List Contains the cardinality and regular expression values.
cardinality Optional String Provide a cardinality value.

The values are:

  • CONTAINS
  • DOES_NOT_CONTAIN
  • INTERSECT
  • MATCHES
  • IS_CONTAINED_IN
  • CUSTOM_REGEX
regex Optional List of string Provide regular expression values.

These values are evaluated on script output to mark a Custom QID Detected or Not-Detected.

status Optional String Provide the custom QID detection status values.

The supported values are:

  • Detected
  • Not-detected

Sample: Update Script with Base64 ContentSample: Update Script with Base64 Content

API Request

curl -X PATCH
'<qualys_base_url>/sm/v4/script/{Scriptid}'
--header 'Accept: application/vnd.qualys.car.api.v4.0+json'
--header 'Authorization: Bearer <authToken>'
--header 'Content-Type: application/json'
--data-raw 
{
    "categoryId": 103,
    "content": "bHMgLWx0cg==",
    "description": "Sample description",
    "platform": "WINDOWS",
    "severity": "3",
    "threshold":300,
    "title": "Sample title",
    "typeId": 2,
    "languageId": 1,
    "scriptApprovalUserConsent": true,
    "hasParameters": true,
    "customQid": {
        "qid": "12345",
        "type": "Detection QID",
        "severity": "4",
        "qds": "75",
        "vulnerabilityType": "Potential",
        "cveIds": "CVE-2023-3452",
        "detectionLogic": "Use Script",
        "returnCodeStatusMap": [
            {
                "returnCode": "1",
                "status": "Not-Detected"
            },
            {
                "returnCode": "5",
                "status": "Detected"
            }
        ]
    },
     "params": [
        {
            "key": "string",
            "value": "string"
        }
    ]
}

Response

{
    "id": 100010,
    "message": "Updated Successfully."
}

Sample: Update Script with GitHub ParametersSample: Update Script with GitHub Parameters

API Request

curl -X PATCH
'<qualys_base_url>/sm/v4/script/{Scriptid}'
--header 'Accept: application/vnd.qualys.car.api.v4.0+json'
--header 'Authorization: Bearer <authToken>'
--header 'Content-Type: application/json'
--data-raw 
{
    "categoryId": 605,
    "githubInputUrl": "<sample github url>",
    "gitHubToken": "<sample github token of private repo>",
    "gitHubUser": "<sample username>",
    "gitHubRepo": "<sample repo name>",
    "gitHubBranch": "<sample branch name>",
    "gitHubFilePath": "<sample github file path>",
    "description": "sample description",
    "platform": "WINDOWS",
    "severity": "3",
    "threshold":300,
    "title": "Sample title",
    "typeId": 2,
    "languageId": 1,
    "scriptApprovalUserConsent": true,
    "hasParameters": true,
    "customQid": {
        "qid": "12345",
        "type": "Detection QID",
        "severity": "4",
        "qds": "75",
        "vulnerabilityType": "Potential",
        "cveIds": "CVE-2023-3452",
        "detectionLogic": "Use Script",
        "returnCodeStatusMap": [
            {
                "returnCode": "1",
                "status": "Not-Detected"
            },
            {
                "returnCode": "5",
                "status": "Detected"
            }
        ]
    },
     "params": [
        {
            "key": "string",
            "value": "string"
        }
    ]
}

Response

{
    "id": 100010,
    "message": "Updated Successfully."
}

Sample: Update Script to modify the "detectionRegex" valuesSample: Update Script to modify the "detectionRegex" values

API Request

curl -X PATCH
'<qualys_base_url>/sm/v4/script/{Scriptid}'
--header 'Accept: application/vnd.qualys.car.api.v4.0+json'
--header 'Authorization: Bearer <authToken>'
--header 'Content-Type: application/json'
--data-raw 
'{
    "categoryId": 605,
    "content": "bHMgLWx0cg==",
    "description": "sample description",
    "platform": "WINDOWS",
    "severity": "3",
    "threshold":300,
    "thresholdTimeUnit": "SECOND",
    "title": "Sample title",
    "typeId": 2,
    "languageId": 204,
    "scriptApprovalUserConsent": true,
    "hasParameters": true,
    "customQid": {
        "type": "Detection QID",
        "severity": "4",
        "qds": "75",
        "vulnerabilityType": "Information_Gathered",
        "cveIds": "CVE-2023-3452",
        "detectionLogic": "Use Script",
        "detectionRegex": {
            "cardinality": "CONTAINS",
            "regex": [
               "3.6.9"
               ],
            "status": "detected"
              },
    "params": [
        {
            "key": "string",
            "value": "string"
        }
    ]
}'

Response

{
  "id": 213673,
  "message": "Updated Successfully."
}

v3.0

PATCH  /sm/v3/script/{id}

Input ParametersInput Parameters

Parameter Mandatory/
Optional
Data Type Description
categoryId Optional Long Provide the category of script based on categories like general automation, data collection, and backup.
content Optional String

Parameter to pass the script content.

Note: Script Content should be passed with base64 encoding. If not passed in the request, script content will be pulled from github params in the request. If github parameters are also not passed then error message is shown

comment Optional String

Provide consent comment for updating the script contents and passed in this key.

Note: It is if the content of the script is changed from existing.

githubInputURL Optional String

Provide a complete github file path for which we want to create script content. If the content is not provided it is mandatory.

Note: If the script repo is private then 'gitHubToken' also needs to be passed in the request.

gitHubUser Optional String Provide a github user that has a github account. If the content is not provided, it is mandatory.
gitHubRepo Optional String Provide the name of the github repository. If the content is not provided, it is mandatory.
gitHubFilePath Optional String Provide a relative github file path for which we want to create as script content. If the content is not provided, it is mandatory.
gitHubBranch Optional String Provide the github branch name. If the content is not provided, it is mandatory.
gitHubToken Optional String Provide a github token to access a private github repository. For private repository, it is mandatory
gitHubSyncEnabled Optional Boolean Enable the GitHub script to sync with the created script.
gitHubAutoSync Optional Boolean Enable GitHub autosync with the created script.
scriptApprovalUser Consent Optional Boolean Create a script in an approval state or not. Deafult Value - False
customQid.title Optional String Provide the qid title. Default script title is applied if not passed.
customQid.type Optional String Provide the type of QID. Currently its supported type is only - "Detection QID".
customQid.qds Optional String Provide TruRisk QDS score.
customQid.cveIds Optional String Provide a CVE ID that is associated with a specific QID.
customQid.impact Optional String Provide the details of the possible outcome if the vulnerability is exploited.
customQid.solution Optional String Provide a verified solution for the impact.
customQid.
bugTrackIds
Optional String Provide a URL or an ID as an additional reference.
customQid.
returnCodeStatusMap
Optional List of returnCode and Status

Get return code and the status based on the script you provide.

Note: If returnCode not passed, default 0 will be considered.

threshold Optional Long Provide the specific time that defines how long the script must run. You can specify the time in seconds, hours and minutes.
thresholdTimeUnit Optional Long Provide the time to specify in SECONDS, HOURS, MINUTES.

Sample: Create Script with Base64 ContentSample: Create Script with Base64 Content

API Request

curl -X PATCH 
'<qualys_base_url>/sm/v3/script/{scriptID}'
--header 'Accept: application/vnd.qualys.car.api.v3.0+json'
--header 'Authorization: Bearer <authToken>'
--header 'Content-Type: application/json'
--data-raw '{
"description":"scirpt to be executed on Linux platform",
"severity": "1",
"threshold":5,
"thresholdTimeUnit": "MINUTE",
 "categoryId": 6 
}'

Response

{
 "id": 100007,
 "message": "Updated Successfully."
}

v2.0

PATCH /sm/v2/script/{id}

Input Parameters Input Parameters

Parameter Mandatory/Optional Data Type Description
title Optional   String Use it to provide the name of the script.
categoryID  Optional   String   Use it to provide the category of script based on categories like general automation, data collection, and backup.
severity  Optional   Short   Use it to provide the severity level that defines the criticality of the script. Select a value from 1 to 5.
threshold  Optional  Integer  Use it to provide the specific time that defines how long the script must run. You can specify the time in seconds, hours, and minutes
gitHubUser  Optional  String  Use it to provide a github user that has a github account.
gitHubRepo Optional  String  Use it to provide the name of the github repository
gitHubBranch Optional String  Use it to provide the github branch name.
gitHubFilepath Optional  String   Use it to provide a relative github file path for which we want to create as script content
gitHubToken  Optional  String  Use it to provide a github token to access a private github repository.
scriptApproval
UserConsent
Optional Boolean Use it to create a script in an approval state or not.
githubInputUrl  Optional String Use it to provide a complete github file path for which we want to create script content.

Sample: Update Script by Providing File in URLSample: Update Script by Providing File in URL

API Request

curl -X PATCH 
"<qualys_base_url>/sm/v2/script/61179"
--header "Authorization: Bearer <JWT Token>"
--header "Content-Type: application/json"
--data-raw '{
    "title": "giturl_api_284216",
    "description": "Sample Description updated",
    "categoryId": 6,
    "severity": 3,
    "threshold": 300,
    "thresholdTimeUnit": "SECOND",
    "githubInputUrl": "<github_url>"
  }'

Response

{
 "id":61179,
 "message":"Updated Successfully."
}

Sample: Update Script with Github ParametersSample: Update Script with Github Parameters

API Request

curl -X PATCH
'<qualys_base_url>/sm/v2/script/61180'
--header "Authorization: Bearer <JWT Token>"
--header "Content-Type: application/json"
--data-raw '{
 "title": "Sample title",
 "description": "Sample Description updated",
 "categoryId": 6, 
 "severity": 3,
 "threshold": 300,
 "thresholdTimeUnit": "SECOND", 
 "gitHubUser": "Qualys",
 "gitHubRepo": "community",
 "gitHubBranch": "<gitHubBranch>",
"gitHubFilePath": "<gitHubFilePath>"
}'

Response

{
 "id":61180,
 "message":"Updated Successfully."
}

Sample: Update Script with Github Parameters Using a Private RepositorySample: Update Script with Github Parameters Using a Private Repository

API Request

curl -X PATCH
'<qualys_base_url>/sm/v2/script/61186'
--header "Authorization: Bearer <JWT Token>"
--header "Content-Type: application/json"
--data-raw '{
 "title": "Sample title",
 "description": "Sample Description updated",
 "categoryId": 6,
 "severity": 3,
 "threshold": 300,
 "thresholdTimeUnit": "SECOND",
 "gitHubUser": "<gitHubUser>",
 "gitHubRepo": "<gitHubRepo>",
 "gitHubBranch": "<gitHubBranch>",
 "gitHubFilePath": "<gitHubFilePath>",
 "gitHubToken": "<gitHubToken>"
}'

Response

{
 "id":61186,
 "message":"Updated Successfully."
}

Sample: Update Script by with Github URL Using Private RepositorySample: Update Script by with Github URL Using Private Repository

API Request

curl -X PATCH
'<qualys_base_url>/sm/v2/script/61403'
--header "Authorization: Bearer <JWT Token>"
--header "Content-Type: application/json"
--data-raw '{
"title": "Sample title",
"description": "Sample private url Description updated",
"categoryId": 6,
"severity": 3,
"threshold": 300,
"thresholdTimeUnit": "SECOND",
"gitHubToken" : "<gitHubToken>",
"githubInputUrl": "<githubInputUrl>"
}'

Response

{
"id": 61403,
"message": "Updated Successfully."
}