Fetch Image Details

Shows details of an image.

GET/csapi/v1.3/images/{imageSha}

Input ParametersInput Parameters

Parameter

Mandatory/Optional

Data Type

Description

imageSha

Mandatory

string

Specify the SHA value of a specific image in the user’s scope.

scanDetails Optional string

Specify the following values:

  • For malware information: malware.
  • For secrets information: secrets.
  • For compliance information: compliance.

You can specify multiple values separated by comma.

SampleSample

API request

    curl -X GET 
"<qualys_base_url>/csapi/v1.3/images/c64844065dcbc3d0a90c365c1f56421766a5cebf05f7ecbd3377af410fff09fd?scanDetails=malware%2Csecrets" --header "Authorization: Bearer <token>"

Response

    {
    "created": "1603477517000",
    "updated": "1605017537578",
    "author": "Couchbase Docker Team <docker@couchbase.com>",
    "repo": [
        {
            "registry": "docker.io",
            "tag": "latest",
            "repository": "couchbase"
        }
    ],
    "repoDigests": [
        {
            "registry": "docker.io",
            "digest": "1d811b3c382893f70f0cc0f2371a12d3671c1d5175bcc67e8c2a5c0bf4c8f976",
            "repository": "couchbase"
        }
    ],
    "label": null,
    "uuid": "5d48f83b-cddb-33ac-8fad-e8452dd116b1",
    "sha": "c64844065dcbc3d0a90c365c1f56421766a5cebf05f7ecbd3377af410fff09fd",
    "operatingSystem": "Ubuntu Linux 16.04.7",
    "customerUuid": "192cc974-1e44-cb6c-806e-f78f6441cb0d",
    "dockerVersion": "18.09.7",
    "size": 1183790011,
    "layers": [
        {
            "size": "130553983",
            "createdBy": "ADD file:c1f3147c7b6710af5affd417ff822ee28df872d716003858d3d2e23d2277c981 in / ",
            "created": "1603474388000",
            "comment": "",
            "id": null,
            "sha": null,
            "tags": null
        },
        {
            "size": "0",
            "createdBy": "rm -rf /var/lib/apt/lists/*",
            "created": "1603474389000",
            "comment": "",
            "id": null,
            "sha": null,
            "tags": null
        },
        {
            "size": "1930",
            "createdBy": "COPY file:d816a67f62bfba76d2812cefbe92252afa13f3852775c3e68599df7741e90cb7 in / ",
            "created": "1603477517000",
            "comment": "",
            "id": null,
            "sha": null,
            "tags": null
        }
    ],
    "host": [
        {
            "sensorUuid": "fed79006-2fa9-4b67-8f5a-272b4e02f084",
            "hostname": "host.qualys.com",
            "ipAddress": "10.44.29.40",
            "uuid": "6ba5be85-2758-4f44-814a-b690c9ed23ee",
            "lastUpdated": "2020-11-10T14:10:29.218Z"
        }
    ],
    "architecture": "amd64",
    "imageId": "c64844065dcb",
    "lastVmScanDate": "1605017537578",
    "registryUuid": null,
    "source": [
        "GENERAL"
    ],
    "totalVulCount": "0",
    "users": [
        "root"
    ],
    "isDockerHubOfficial": null,
    "isInstrumented": null,
    "instrumentedFrom": null,
    "instrumentationState": null,
    "scanType": "DYNAMIC",
    "scanTypes": [
        "DYNAMIC"
    ],
    "scanErrorCode": null,
    "scanStatus": "SUCCESS",
    "lastFoundOnHost": {
        "sensorUuid": "fed79006-2fa9-4b67-8f5a-272b4e02f084",
        "hostname": "host.qualys.com",
        "ipAddress": "10.44.29.40",
        "uuid": "6ba5be85-2758-4f44-814a-b690c9ed23ee",
        "lastUpdated": "2020-11-10T14:10:29.218Z"
    },
    "malware": {
        "imageMalwareCount": 1,
        "malwarePrediction": {
            "prediction": "malicious",
            "score": 1,
            "severity": 3,
            "category": "dropper",
            "family": "mirai"
        }
    },
    "lastMalwareScanned": null,
    "exceptions": [
        "77116d5b-aaa0-4dba-a334-9fe6a6f0dd98"
    ],
    "secrets": [
        {
            "severity": "LOW",
            "filePath": "/root/foo/foo1.txt",
            "layerSha": "7afaca6fd6f46466f2f23f51c647918c7818a431792547db3a7bc033d261a1e3",
            "match": null,
            "startLine": 0,
            "secretType": "Easypost API Token"
        },
        {
            "severity": "LOW",
            "filePath": "/root/foo/foo1.txt",
            "layerSha": "7afaca6fd6f46466f2f23f51c647918c7818a431792547db3a7bc033d261a1e3",
            "match": null,
            "startLine": 0,
            "secretType": "Adobe Client ID (Oauth Web)"
        },
        {
            "severity": "MEDIUM",
            "filePath": "/root/foo/foo1.txt",
            "layerSha": "7afaca6fd6f46466f2f23f51c647918c7818a431792547db3a7bc033d261a1e3",
            "match": null,
            "startLine": 0,
            "secretType": "Asana Client Secret"
        },
        {
            "severity": "CRITICAL",
            "filePath": "/home/qatest/key/gcp-service-account.json",
            "layerSha": "5bc804df91a229c1f26d254b5247c699c1e1a53673ec1d30e263e7b4bda96beb",
            "match": null,
            "startLine": 0,
            "secretType": "Google (GCP) Service-account"
        }
    ],
    "softwares": [
        {
            "name": "libncursesw5:amd64",
            "version": "6.0+20160213-1ubuntu1",
            "fixVersion": null,
            "vulnerabilities": null
        },
        {
            "name": "libgpg-error0:amd64",
            "version": "1.21-2ubuntu1",
            "fixVersion": null,
            "vulnerabilities": null
        }
    ],
    "vulnerabilities": [],
    "lastComplianceScanned": "1603477517000"
}

Error Response

The following error response is seen when the sub-users don't have permission to the specified image.

    {  
    "errorCode": "403 FORBIDDEN",  
    "message": "Request Forbidden",  
    "timestamp": 1700721586546
    }

Sample for AWS FargateSample for AWS Fargate

The response shows a source value of “SERVERLESS_FARGATE” in this case.

API request

    curl -X GET 
"<qualys_base_url>/csapi/v1.3/images/85669404084756ad51914d98c460b5b83f45848b2ec9567f08b262170db264e4" --header "Authorization: Bearer <token>"  
    

Response

    {
    "created": "1633506189000",
    "updated": "1659422877918",
    "author": "",
    "repo": [
        {
            "registry": "362990800442.dkr.ecr.ca-central-1.amazonaws.com",
            "tag": "jboss1.18",
            "repository": "cs-sensor"
        }
    ],
    "repoDigests": [
        {
            "registry": "362990800442.dkr.ecr.ca-central-1.amazonaws.com",
            "digest": "0d4bdc5749b80631a069957de99b0fa20201e38380ce90cc68786894231e429d",
            "repository": "cs-sensor"
        }
    ],
   
    
   
   ...
   
    
   
    "hostArchitecture": [
        "x86_64"
    ],
    "architecture": "amd64",
    "imageId": "856694040847",
    "lastScanned": "1659422877918",
    "registryUuid": null,
    "source": [
        "SERVERLESS_FARGATE"
    ],
    "totalVulCount": "42",
    "users": [
        "root"
    ],
   
    
   
   ...
}

Error Response

The following error response is seen when the sub-users don't have permission to the specified image.

    {  
    "errorCode": "403 FORBIDDEN",  
    "message": "Request Forbidden",  
    "timestamp": 1700721586546
    }

Sample with SCA ScanningSample with SCA Scanning

This is applicable for subscriptions with SCA Scanning enabled and for images scanned using SCA.

API request

    curl -X GET 
"<qualys_base_url>/csapi/v1.3/images?pageNumber=1&pageSize=50&sort=created%3Adesc" --header "Authorization: Bearer <token>"
    

Response

    {
    "created": "1525522580000",
    "updated": "1661479716359",
    "sha": "0645d07d36305947d72a31282e2dd035f54fbeff6d9adb6701e9c72e75f675e8",
    "repo": [
        {
            "registry": "docker.io",
            "tag": "0.9.2",
            "repository": "known"
        }
    ],
    "repoDigests": [
        {
            "registry": "docker.io",
            "digest": "a3cfd95b4ff72c4f1f33aa98aae1d86b9ed1bfe050058fb46205540280e9937f",
            "repository": "known"
        }
    ],
    "uuid": "38aa3900-f803-32a7-9806-39233e66b85c",
    "size": 539069295,
    "vulnerabilities": {
        "severity5Count": 8,
        "severity3Count": 54,
        "severity4Count": 13,
        "severity1Count": 1,
        "severity2Count": 1
    },
    "imageId": "0645d07d3630",
    "associatedContainersCount": 1,
    "associatedHostsCount": 1,
    "lastVmScanDate": "1661479716359",
    "registryUuid": null,
    "source": [
        "GENERAL"
    ],
    "isDockerHubOfficial": false,
    "isInstrumented": false,
    "instrumentedFrom": null,
    "instrumentationState": null,
    "scanType": null,
    "scanTypes": [
        "SCA",
        "DYNAMIC"
    ],
    "scanErrorCode": null,
    "scanStatus": "SUCCESS",
    "lastFoundOnHost": {
        "sensorUuid": "2ed740ac-acba-47b5-8072-aaa739e44f0d",
        "hostname": "ip-10-20-30-40",
        "ipAddress": "10.20.30.40",
        "uuid": "721e3460-bced-4ec0-b695-3c3349eefefb",
        "lastUpdated": "2022-08-26T01:57:22.110Z"
    },
    "exceptions": [
    "77116d5b-aaa0-4dba-a334-9fe6a6f0dd98"
    ],
    "compliance": {
        "failCount": 2,
        "passCount": 0,
        "errorCount": 0
    },
    "lastComplianceScanDate": "1661479044741"
}
    

Error Response

The following error response is seen when the sub-users don't have permission to the specified image.

    {  
    "errorCode": "403 FORBIDDEN",  
    "message": "Request Forbidden",  
    "timestamp": 1700721586546
    }