Fetch Container Details
Shows details of a container.
Input ParametersInput Parameters
Parameter |
Mandatory/Optional |
Data Type |
Description |
---|---|---|---|
containerSha |
Mandatory |
string |
Specify the SHA value of a specific container in the user’s scope. |
SampleSample
API request
curl -X "GET"
"<qualys_base_url>/csapi/v1.3/containers/647ae732d98e1bcceb7b02356bd7e873eef13c5916c3a1e9d95700ab893cc09f"
-H "accept: application/json"
-H "Authorization: Bearer <token>"
Response
{ "portMapping": null, "imageId": "a6c0cb5dbd21", "created": "1683279176000", "updated": "1683622183866", "label": [ { "key": "io.kubernetes.container.name", "value": "kube-flannel" }, { "key": "io.kubernetes.sandbox.id", "value": "48a021247b1d3bf3a2d269c2ff71604f54f4e827ca47584844870ed5591950c4" }, { "key": "io.kubernetes.pod.uid", "value": "5a737762-77c2-4763-9c1c-84c15a2684f0" } ], "uuid": "a90b7cb5-c704-3343-b538-74c7807807a2", "sha": "647ae732d98e1bcceb7b02356bd7e873eef13c5916c3a1e9d95700ab893cc09f", "privileged": false, "path": "/opt/bin/flanneld", "imageSha": "a6c0cb5dbd21197123942b3469a881f936fd7735f2dc9a22763b6f777f24345e", "macAddress": "", "customerUuid": "6a849349-****-****-****-e****e3a0019", "ipv4": null, "ipv6": null, "name": "k8s_kube-flannel_kube-flannel-ds-mpmq6_kubeflannel_5a737762-77c2-4763-9c1c-84c15a2684f0_0", "host": { "sensorUuid": "dae76860-22f7-4ef1-9a67-aef07944d92c", "hostname": "ip-10-**-9-***", "ipAddress": "10.**.9.***", "uuid": "86e028bd-f283-4468-a099-953a6a033728", "lastUpdated": "2023-05-09T08:47:15.854Z" }, "hostArchitecture": [ "x86_64" ], "state": "RUNNING", "imageUuid": "9baf9f85-f3bf-3259-b8d5-3cd51967d34a", "containerId": "647ae732d98e", "stateChanged": "1683528203674", "services": null, "users": [ "root" ], "operatingSystem": "Alpine Linux 3.17.3", "lastScanned": "1683575890303", "source": "GENERAL", "isInstrumented": null, "environment": [ "POD_NAME=kube-flannel-ds-mpmq6", "POD_NAMESPACE=kube-flannel", "KUBERNETES_SERVICE_HOST=10.96.0.1", "FLANNEL_ARCH=amd64", "KUBERNETES_PORT_443_TCP_PORT=xxx", "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "EVENT_QUEUE_DEPTH=5000", "KUBERNETES_SERVICE_PORT=xxx" ], "arguments": [ "--kube-subnet-mgr", "--ip-masq" ], "command": "--ip-masq --kube-subnet-mgr", "drift": { "category": [], "reason": [], "software": [], "vulnerability": [] }, "vulnerabilities": [], "softwares": [ { "name": "nghttp2-libs", "version": "1.51.0-r0", "scanType": null, "packagePath": null, "fixVersion": null, "vulnerabilities": null }, { "name": "iproute2-minimal", "version": "6.0.0-r1", "scanType": null, "packagePath": null, "fixVersion": null, "vulnerabilities": null }, ], "isDrift": false, "isRoot": true, "lastComplianceScanned": "1683622183866", "cluster": { "type": "KUBERNETES", "k8s": { "project": null, "pod": { "name": "kube-flannel-ds-mpmq6", "uuid": "5a737762-77c2-4763-9c1c-84c15a2684f0", "namespace": "kube-flannel", "namespaceMetadata": { "labels": [ "label127:value127", "label117:value117", "label125:value125", "label35:value35", "kubernetes.io/metadata.name:kube-flannel", "label165:value165", "label247:value247", "pod-security.kubernetes.io/enforce:privileged", "label227:value227" ], "annotations": [ "kubectl.kubernetes.io/last-appliedconfiguration:{\"apiVersion\":\"v1\",\"kind\":\"Namespace\",\"metadata\":{\"annotations\":{},\"labels\":{\"k8s-app\":\"flannel\",\"podsecurity.kubernetes.io/enforce\":\"privileged\"},\"name\":\"kubeflannel\"}}\n" ] }, "label": [ { "key": "tier", "value": "node" }, { "key": "pod-template-generation", "value": "1" } ], "controller": [ { "uuid": "3224eb6a-9040-4450-bfcf-6c969702bf79", "name": "kube-flannel-ds", "type": "DaemonSet" } ] }, "node": { "name": "ip-10-**-9-***", "isMaster": false } }, "version": "v1.26.3" }, "cloudProvider": { "aws.ecs.container.subnetId": null, "aws.ec2.instanceId": "i-0ab8d3318979f529c", "aws.ecs.clusterName": null, "aws.ecs.container.macAddress": null, "aws.ecs.region.code": null, "aws.ecs.container.id": null, "aws.ecs.accountId": null } "exceptions": [ { "uuid": "624efd86-6172-4851-beb1-75cb9b1634fb", "assignmentType": "CASCADE" }, { "uuid": "c0b4ec8d-a186-4f2c-9a6d-3adc3dfb3cff", "assignmentType": "CASCADE" }, { "uuid": "d7b11c61-dcf2-4cf5-b369-8877f1b619c6", "assignmentType": "MANUAL" } {"riskScore": 258, "riskScoreCalculatedDate": "1722355883371", "formulaUsed": "MIN (1000 , 2 * ( 1.0 * 64.70 * Pow(10,0.01) + 0.6 *60.04 * Pow(26,0.01) + 0.4 * 44.35 * Pow(147,0.01) + 0.2 *36.20*Pow(5,0.01) ))", "maxQdsScore": 87, "qdsSeverity": "CRITICAL" "criticality": 3, "criticalityUpdated": 1717098843553, } ] }
Error Response
The following error response is seen when the sub-users don't have permission to the specified containerSha.
{
"errorCode": "403 FORBIDDEN",
"message": "Request Forbidden",
"timestamp": 1700721586546
}
Sample for AWS FargateSample for AWS Fargate
This sample includes container details for AWS Fargate. Therefore, you’ll see the source value as “SERVERLESS_FARGATE” and the AWS ECS cloudProvider fields in the response.
API request
curl -X "GET"
"<qualys_base_url>/csapi/v1.3/containers/e39c5d55eb8638699f1099c5bd1527df1268aeef3628124e5a9ed6133fb03bba"
-H "accept: application/json"
-H "Authorization: Bearer <token>"
Response
{
"portMapping": null,
"imageId": "544d56423393",
"created": "1685526156673",
"updated": "1685526276307",
"label": null,
"uuid": "8946efb6-9f63-3b24-a4eb-1bb1285db496",
"sha": "e39c5d55eb8638699f1099c5bd1527df1268aeef3628124e5a9ed6133fb03bba",
"privileged": false,
"path": null,
"imageSha": "544d56423393b9eceacb196ea0a043f5940689269a6a6fcc9387a8b9b14f3fcc",
"macAddress": null,
"customerUuid": "6a849349-679f-ef25-8296-e51d4e3a0019",
"ipv4": null,
"ipv6": null,
"name": "wordpress_php80",
"host": null,
"hostArchitecture": null,
"state": "STOPPED",
"imageUuid": "eb82a38d-5ed1-3852-a092-58b24380d011",
"containerId": "e39c5d55eb86",
"stateChanged": "1685526157920",
"services": null,
"users": null,
"operatingSystem": null,
"lastScanned": null,
"source": "SERVERLESS_FARGATE",
"isInstrumented": null,
"environment": null,
"arguments": null,
"command": null,
"drift": null,
"vulnerabilities": [],
"softwares": null,
"isDrift": false,
"isRoot": null,
"lastComplianceScanned": null,
"cluster":{
"type": "KUBERNETES",
"k8s": {
"project": null,
"pod": {
"name": "spring-1",
"uuid": "4a7d3fc3-de97-44eb-85d3-5f661a175337",
"namespace": "default",
"namespaceMetadata": {
"labels": [
"kubernetes.io/metadata.name:default"
],
"annotations": [
"kubernetes.io/metadata.name:test",
"kubernetes.io/metadata.name:default"
]
},
"cloudProvider": {
"aws.ecs.container.subnetId": "subnet-073576bdd0261adda",
"aws.ecs.clusterName": "jack-explore",
"aws.ecs.container.macAddress": "06:**:4*:*0:**:45",
"aws.ecs.region.code": "us-west-2",
"aws.ecs.container.id": "1292cfce-301f-4817-a86f-8da65d431e3b",
"aws.ecs.accountId": "36******0442"
}
"exceptions": [
{
"uuid": "624efd86-6172-4851-beb1-75cb9b1634fb",
"assignmentType": "CASCADE"
},
{
"riskScore": 258,
"riskScoreCalculatedDate": "1722355883371",
"formulaUsed": "MIN (1000 , 2 * ( 1.0 * 64.70 * Pow(10,0.01) + 0.6 *60.04 * Pow(26,0.01) + 0.4 * 44.35 * Pow(147,0.01) + 0.2 *36.20*Pow(5,0.01) ))",
"maxQdsScore": 87,
"qdsSeverity": "CRITICAL"
"criticality": 3,
"criticalityUpdated": 1717098843553,
}
]
}
Error Response
The following error response will be seen when the sub-users don't have permission to the specified containerSha.
{
"errorCode": "403 FORBIDDEN",
"message": "Request Forbidden",
"timestamp": 1700721586546
}