Returns response with a given number of Image records according to filter.
When you make your API request, you’ll use the “limit” input parameter to specify the number of records to return. For example, you can choose to return details for 10 images at a time by specifying limit=10. The Response Header will include a unique link that you can specify in the next API request to get the next set of results. i.e. the next 10 images. Take the link as is for the new request, no additional parameters are needed. When there are no more records to return, the Response Header will show a value of “null” for the link.
The details shown for each image in the list response will be the same as if you were fetching a single image, with a few exceptions. The “vulnerabilities” section of the response will only show qid, result and software. Instead of listing all hosts where an image was found, we’ll show details for the most recent host where the image was found. This appears in the response under “lastFoundOnHost”.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
|
limit |
Optional |
integer |
Specify the number of records to include in the response. Enter a value from 1 to 250. |
|
filter |
Optional |
string |
Filter the images list by providing a query using Qualys syntax. Refer to “How to Search” topic in the online help for assistance with creating your query. |
| paginationQuery | Optional | string |
Specify the next page filter query. You can find the next page query in the response headers. |
API request
curl -X "GET"
"<qualys_base_url>/csapi/v1.3/images/list?limit=2&scanDetails=malware%2C%20secrets"
-H "accept: application/json"
-H "Authorization: Bearer <token>"
Response Headers
{
"content-type": "application/json;charset=UTF-8",
"date": "Wed, 26 Aug 2020 07:41:21 GMT",
"link": "<http://qualysapi.qualys.com/csapi/v1.3/images/list?limit=2&paginationQuery=updated%3E%3D1593731505425+AND+not+uuid%3A+%5Bbc092a61-caee-3ff1-a693-d9062361ad3c%5D<;rel=next",
"referrer-policy": "same-origin",
"server": "Qualys",
"transfer-encoding": "chunked",
"x-content-type-options": "nosniff",
"x-frame-options": "sameorigin",
"x-permitted-cross-domain-policies": "none",
"x-powered-by": "Qualys",
"x-xss-protection": "1; mode=block"
}
Response JSON
{
"data": [
{
"created": "1683673870000",
"updated": "1690897352513",
"author": "",
"repo": [
{
"registry": null,
"tag": "alpine",
"repository": "test_scan_target"
},
{
"registry": null,
"tag": "latest",
"repository": "alpine"
}
],
"repoDigests": [
{
"registry": null,
"digest": "02bb6f428431fbc2809c5d1b41eab5a68350194fb508869a33cb1af4444c9b11",
"repository": "alpine"
}
],
"label": null,
"uuid": "8f595428-d6f7-3961-ade8-ede516d47771",
"sha": "112b554c1c45d22c9d1aa836828828e320a26011b76c08631ac896cbc3629ed0",
"operatingSystem": null,
"customerUuid": "78ff6722-3d25-42b8-806d-8b710de88886",
"dockerVersion": "20.10.23",
"size": 7322585,
"layers": [
{
"size": "444",
"createdBy": "CMD [\"/bin/sh\"]",
"created": "1683673870000",
"comment": "",
"id": "5e2b554c1c45",
"sha": "5e2b554c1c45d22c9d1aa836828828e320a26011b76c08631ac896cbc3625e3g",
"tags": [
"alpine:latest"
]
},
{
"size": "0",
"createdBy": "CMD [\"/bin/sh\"]",
"created": "1683673870000",
"comment": "",
"id": "5e2b554c1c45",
"sha": "5e2b554c1c45d22c9d1aa836828828e320a26011b76c08631ac896cbc3625e3g",
"tags": [
"alpine:latest"
]
},
{
"size": "7322585",
"createdBy": "ADD file:7625ddfd589fb824ee39f1b1eb387b98f3676420ff52f26eb9d975151e889667 in / ",
"created": "1683673870000",
"comment": "",
"id": null,
"sha": null,
"tags": null
}
],
"architecture": "amd64",
"imageId": "112b554c1c45",
"lastScanned": null,
"registryUuid": null,
"source": null,
"users": null,
"lastFoundOnHost": null,
"isDockerHubOfficial": null,
"isInstrumented": null,
"instrumentedFrom": null,
"instrumentationState": null,
"scanType": null,
"scanTypes": null,
"softwares": null,
"vulnerabilities": null,
"malware": {
"imageMalwareCount": 2,
"malwarePrediction": {
"prediction": "malicious",
"score": null,
"severity": null,
"category": null,
"family": null
}
},
"lastMalwareScanned": "1690897352455"
},
{
"created": "1683673870000",
"updated": "1690898072522",
"author": "",
"repo": [
{
"registry": null,
"tag": "alpine",
"repository": "test_scan_target"
},
{
"registry": null,
"tag": "latest",
"repository": "alpine"
}
],
"repoDigests": [
{
"registry": null,
"digest": "112b554c1c45d22c9d1aa836828828e320a26011b76c08631ac896cbc3629ed0",
"repository": "alpine"
}
],
"label": null,
"uuid": "179bbc27-e424-3646-9395-ac6592572a9e",
"sha": "212b554c1c45d22c9d1aa836828828e320a26011b76c08631ac896cbc3629ed0",
"operatingSystem": null,
"customerUuid": "78ff6722-3d25-42b8-806d-8b710de88886",
"dockerVersion": "20.10.23",
"size": 7322585,
"layers": [
{
"size": "444",
"createdBy": "CMD [\"/bin/sh\"]",
"created": "1683673870000",
"comment": "",
"id": "5e2b554c1c45",
"sha": "5e2b554c1c45d22c9d1aa836828828e320a26011b76c08631ac896cbc3625e3g",
"tags": [
"alpine:latest"
]
},
{
"size": "0",
"createdBy": "CMD [\"/bin/sh\"]",
"created": "1683673870000",
"comment": "",
"id": "5e2b554c1c45",
"sha": "5e2b554c1c45d22c9d1aa836828828e320a26011b76c08631ac896cbc3625e3g",
"tags": [
"alpine:latest"
]
},
{
"size": "7322585",
"createdBy": "ADD file:7625ddfd589fb824ee39f1b1eb387b98f3676420ff52f26eb9d975151e889667 in / ",
"created": "1683673870000",
"comment": "",
"id": null,
"sha": null,
"tags": null
}
],
"architecture": "amd64",
"imageId": "212b554c1c45",
"lastScanned": null,
"registryUuid": null,
"source": null,
"users": null,
"lastFoundOnHost": null,
"isDockerHubOfficial": null,
"isInstrumented": null,
"instrumentedFrom": null,
"instrumentationState": null,
"scanType": null,
"scanTypes": null,
"softwares": null,
"vulnerabilities": null,
"malware": {
"imageMalwareCount": 2,
"malwarePrediction": {
"prediction": "malicious",
"score": null,
"severity": null,
"category": null,
"family": null
}
},
"lastMalwareScanned": "1690898072477"
}
],
"limit": 2
}
In this example, the link from the Response Header from the previous API request is specified as part of the new request in order to get the next set of results. The response will be similar to the previous example.
API request
curl -X GET
"<qualys_base_url>/csapi/v1.3/images/list?limit=2&paginationQuery=updated%3E%3D1593731505425+AND+not+uuid%3A+%5Bbc092a61-caee-3ff1-a693-d9062361ad3c%5D" --header "Authorization: Bearer <token>"
Here’s a sample response where there are no more records to return after this, so there is no link provided in the Response Header section. You’ll see a value of “null” for the link.
Response Headers
{
"content-type": "application/json;charset=UTF-8",
"date": "Wed, 26 Aug 2020 07:41:21 GMT",
"link": "null",
"referrer-policy": "same-origin",
"server": "Qualys",
"transfer-encoding": "chunked",
"x-content-type-options": "nosniff",
"x-frame-options": "sameorigin",
"x-permitted-cross-domain-policies": "none",
"x-powered-by": "Qualys",
"x-xss-protection": "1; mode=block"
}
This is applicable for subscriptions with SCA Scanning enabled and for images scanned using SCA. The response includes “SCA” in the value for scanTypes.
API request
curl -X GET
"<qualys_base_url>/csapi/v1.3/images/list?limit=2" --header "Authorization: Bearer <token>"
Response
{
"data": [
{
"created": "1660094821000",
"updated": "1661479235359",
"author": "",
"repo": [
{
"registry": "docker.io",
"tag": "latest",
"repository": "vault"
}
],
"repoDigests": [
{
"registry": "docker.io",
"digest": "f2c0f82d1bde88a6608f26468258306e48ac46a4d353db2151e26e0fd00928bb",
"repository": "vault"
}
],
"label": null,
"uuid": "a449db68-b539-33f1-8bc0-723c9e9c6e0a",
"sha": "22fdc6314051df714eb280680c24524ed01d0ed2eddff1358cc40d528c82579e",
"operatingSystem": "Alpine Linux 3.14.8",
"customerUuid": "98c16d24-d2c1-53c9-8200-4468190aff46",
"dockerVersion": "20.10.12",
"size": 207222566,
"layers": [
{
"size": "0",
"createdBy": "CMD [\"/bin/sh\"]",
"created": "1660065608000",
"comment": "",
"id": null,
"sha": null,
"tags": null
},
...
"architecture": "amd64",
"imageId": "22fdc6314051",
"lastScanned": "1661479235359",
"registryUuid": null,
"source": [
"GENERAL"
],
"users": [
"root"
],
"lastFoundOnHost": {
"sensorUuid": "2ed740ac-acba-47b5-8072-aaa739e44f0d",
"hostname": "ip-10-20-30-40",
"ipAddress": "10.20.30.40",
"uuid": "721e3460-bced-4ec0-b695-3c3349eefefb",
"lastUpdated": "2022-08-26T01:57:22.110Z"
},
"isDockerHubOfficial": null,
"isInstrumented": null,
"instrumentedFrom": null,
"instrumentationState": null,
"scanType": null,
"scanTypes": [
"DYNAMIC",
"SCA"
],
"softwares": [
{
"name": "github.com/hashicorp/golang-lru",
"version": "v0.5.4",
"fixVersion": null,
"scanType": "SCA",
"packagePath": "bin/vault"
},
{
"name": "github.com/xdg-go/scram",
"version": "v1.0.2",
"fixVersion": null,
"scanType": "SCA",
"packagePath": "bin/vault"
},
...
"vulnerabilities": [
{
"qid": 980408,
"result": "#table cols=\"5\"\nPackage Installed_Version Required_Version Language Install_Path\norg.jsoup:jsoup 1.12.1 1.14.2 Java usr/share/maven/lib/wagon-http-3.4.3-shaded.jar",
"software": [
{
"name": "org.jsoup:jsoup",
"version": "1.12.1",
"fixVersion": "1.14.2",
"scanType": "SCA",
"packagePath": "usr/share/maven/lib/wagon-http-3.4.3-shaded.jar"
}
],
"lastFound": "1661479693756",
"firstFound": "1661479693756",
"typeDetected": "CONFIRMED",
"scanType": [
"SCA"
]
},
...