Fetch a List of Software Installed on an Image

Shows the software installed on an image.

GET/v1.3/images/{imageSha}/software

Input ParametersInput Parameters

Parameter

Mandatory/Optional

Data Type

Description

imageSha

Mandatory

string

Specify the SHA value of a specific image in the user’s scope.

filter

Optional

string

Filter the images list by providing a query using Qualys syntax.

Refer to the “How to Search” topic in the online help for assistance with creating your query.

sort

Optional

string

Sort the results using a Qualys token. For example qid:asc.

Refer to the “Sortable tokens” topic in the online help for more information.

SampleSample

API request

    curl -X GET
"<qualys_base_url>/csapi/v1.3/images/fddd5d9814a9393cf85f4794c6435ba00e8db8facee9bcc05d9d0846016470df/software"
-H "accept: application/json"
-H "Authorization: Bearer <token>"

Response

   {
  "data": [
    {
      "name": "libsystemd0:amd64",
      "version": "237-3ubuntu10.33",
      "scanType": "DYNAMIC",
      "packagePath": null,
      "fixVersion": "237-3ubuntu10.54",
      "lifecycle": {
           "stage": "GA",
           "lifeCycleConfidence": "Exact",
           "eol": "-631152000000",
           "eos": "-631152000000",
           "ga": "1705622400000"
      "vulnerabilities": {
        "severity5Count": 0,
        "severity4Count": 1,
        "severity3Count": 1,
        "severity2Count": 1,
        "severity1Count": 0
      }
    },
    {
      "name": "libprocps6:amd64",
      "version": "2:3.3.12-3ubuntu1.2",
      "scanType": "DYNAMIC",
      "packagePath": null,
      "fixVersion": null,
      "lifecycle": {
           "stage": "GA",
           "lifeCycleConfidence": "Exact",
           "eol": "-631152000000",
           "eos": "-631152000000",
           "ga": "1705622400000"
      "vulnerabilities": {
        "severity5Count": null,
        "severity4Count": null,
        "severity3Count": null,
        "severity2Count": null,
        "severity1Count": null
      }
    },
     "count": 2,
  "softwareCountBySeverity": {
    "severity5Count": 8,
    "severity3Count": 43,
    "severity4Count": 40,
    "severity1Count": 0,
    "severity2Count": 7
  },
  "driftSoftwareCountBySeverity": null,
  "driftSoftwareCountByDriftReason": null
}

Error Response

The following error response is seen when the sub-users don't have permission to the specified image.

    {  
    "errorCode": "403 FORBIDDEN",  
    "message": "Request Forbidden",  
    "timestamp": 1700721586546
    }

Sample with SCA ScanningSample with SCA Scanning

This is applicable for subscriptions with SCA Scanning enabled and for images scanned using SCA. You’ll see SCA for scanType when the software was detected by an SCA scan.

API request

    curl -X GET
"<qualys_base_url>/csapi/v1.3/images/5d556c82899c/software" 
-H "Authorization: Bearer <token>"

Response

    {
    "data": [
        {
            "name": "org.apache.maven.resolver:maven-resolver-transport-wagon",
            "version": "1.6.3",
            "scanType": "SCA",
            "packagePath": "usr/share/maven/lib/maven-resolver-transport-wagon-1.6.3.jar",
            "fixVersion": null,
            "vulnerabilities": {
                "severity5Count": null,
                "severity4Count": null,
                "severity3Count": null,
                "severity2Count": null,
                "severity1Count": null
            }
        },
   
   ...
}

Error Response

The following error response is seen when the sub-users don't have permission to the specified image.

    {  
    "errorCode": "403 FORBIDDEN",  
    "message": "Request Forbidden",  
    "timestamp": 1700721586546
    }

 

© 2026 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: April, 2026