Fetch Vulnerability Details for a Container
Shows vulnerability details for a container.
Input ParametersInput Parameters
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
|
containerSha |
Mandatory |
string |
Specify the SHA value of a specific container in the user’s scope. |
|
filter |
Optional |
string |
Filter the containers list by providing a query using Qualys syntax. |
|
type |
Optional |
string |
Specify the type of information to be fetched.
|
|
isDrift |
Optional |
boolean |
Specify true if you are looking for drift containers. |
| applyException | Optional | boolean | Use this to enable or disable exceptions. Valid values: true/false Default value: true |
SampleSample
API request
curl -X 'GET'
'<qualys_base_url>/csapi/v1.3/images/76c8fb57b6fc8599de38027112c47170bd19f99e7945392bd78d6816db01f4ad/vuln?type=ALL&sort=vulnerabilities.qid%3Aasc&applyException=false' \
-H 'accept: application/json' \
-H Authorization: Bearer <Token>
Response
{
"details": [
{
"vulnerability": null,
"result": "#table cols=\"5\"\nPackage Installed_Version Required_Version Language Install_Path\ngithub.com/devfile/registry-support/registry-library v0.0.0-20220913214140-36887a7907aa 0.0.0-20240206 Go opt/bridge/bin/bridge",
"lastFound": "1736222365021",
"firstFound": "1735885333904",
"severity": 3,
"customerSeverity": 3,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 30,
"category": "SCA",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"CA-Windows Agent",
"CA-Linux Agent",
"SCA",
"CS-Windows",
"CS-Linux"
],
"product": [
"go"
],
"vendor": [
"go"
],
"cveids": [
"CVE-2024-1485"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": null,
"highLateralMovement": true,
"easyExploit": null,
"highDataLoss": null,
"noPatch": null,
"denialOfService": null,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null
},
"qid": 997393,
"title": "GO (Go) Security Update for github.com/devfile/registry-support/registry-library (GHSA-84xv-jfrm-h4gm)",
"cvssInfo": {
"baseScore": "5.4",
"temporalScore": "4.0",
"accessVector": "Adjacent Network"
},
"cvss3Info": {
"baseScore": "9.3",
"temporalScore": "8.1"
},
"patchAvailable": true,
"published": 1708607013000,
"scanType": [
"SCA"
],
"qdsScore": 65,
"vendorData": {
"rhsa": {
"id": null,
"severity": null,
"cve": [
{
"id": "CVE-2024-1485",
"severity": "important",
"cvss2": {
"baseScore": null
},
"cvss3": {
"baseScore": 8
}
}
]
}
},
"software": [
{
"name": "github.com/devfile/registry-support/registry-library",
"version": "v0.0.0-20220913214140-36887a7907aa",
"scanType": "SCA",
"packagePath": "opt/bridge/bin/bridge",
"fixVersion": "0.0.0-20240206",
"vulnerabilities": null
}
]
},
{
"vulnerability": null,
"result": "#table cols=\"3\"\nPackage Installed_Version Required_Version\nplatform-python 3.6.8-47.el8__6.1.x86__64 3.6.8-47.el8__6.4\npython3-libs 3.6.8-47.el8__6.1.x86__64 3.6.8-47.el8__6.4",
"lastFound": "1736222365006",
"firstFound": "1735885333396",
"severity": 3,
"customerSeverity": 3,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 30,
"category": "RedHat",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"VM",
"CA-Linux Agent",
"CS-Linux"
],
"product": [
"python3"
],
"vendor": [
"redhat"
],
"cveids": [
"CVE-2023-27043",
"CVE-2007-4559",
"CVE-2020-10735",
"CVE-2022-45061",
"CVE-2022-48560",
"CVE-2022-48564"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": true,
"highLateralMovement": null,
"easyExploit": null,
"highDataLoss": null,
"noPatch": null,
"denialOfService": null,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null
},
"qid": 242742,
"title": "Red Hat Update for python3 (RHSA-2024:0430)",
"cvssInfo": {
"baseScore": "6.8",
"temporalScore": "5.3",
"accessVector": "Network"
},
"cvss3Info": {
"baseScore": "7.5",
"temporalScore": "6.7"
},
"patchAvailable": true,
"published": 1706188614000,
"scanType": [
"DYNAMIC"
],
"qdsScore": 42,
"vendorData": {
"rhsa": {
"id": "RHSA-2024:0430",
"severity": "moderate",
"cve": [
{
"id": "CVE-2007-4559",
"severity": "moderate",
"cvss2": {
"baseScore": null
},
"cvss3": {
"baseScore": 5.5
}
},
{
"id": "CVE-2020-10735",
"severity": "moderate",
"cvss2": {
"baseScore": null
},
"cvss3": {
"baseScore": 7.5
}
},
{
"id": "CVE-2022-45061",
"severity": "moderate",
"cvss2": {
"baseScore": null
},
"cvss3": {
"baseScore": 7.5
}
},
{
"id": "CVE-2022-48560",
"severity": "moderate",
"cvss2": {
"baseScore": null
},
"cvss3": {
"baseScore": 7.5
}
},
{
"id": "CVE-2022-48564",
"severity": "moderate",
"cvss2": {
"baseScore": null
},
"cvss3": {
"baseScore": 6.5
}
},
{
"id": "CVE-2023-27043",
"severity": "moderate",
"cvss2": {
"baseScore": null
},
"cvss3": {
"baseScore": 5.3
}
}
]
}
},
"software": [
{
"name": "platform-python",
"version": "3.6.8-47.el8_6.1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": "3.6.8-47.el8__6.4",
"vulnerabilities": null
},
{
"name": "python3-libs",
"version": "3.6.8-47.el8_6.1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": "3.6.8-47.el8__6.4",
"vulnerabilities": null
}
]
},
],
"vulnSummary": {
"confirmed": {
"sev1Count": 0,
"sev5Count": 1,
"sev2Count": 7,
"sev4Count": 17,
"sev3Count": 59
},
"potential": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 0,
"sev3Count": 0
},
"patchAvailability": {
"confirmed": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 7,
"sev4Count": 17,
"sev3Count": 58
},
"potential": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 0,
"sev3Count": 0
}
}
}
}
Response - in the case of sub-users
The following error response is seen when the sub-users don't have permission to the specified containerSha.
{
"errorCode": "403 FORBIDDEN",
"message": "Request Forbidden",
"timestamp": 1700721586546
}