Fetch Image Details
Shows details of an image.
Input ParametersInput Parameters
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
|
imageSha |
Mandatory |
string |
Specify the SHA value of a specific image in the user’s scope. |
| scanDetails | Optional | string |
Specify the following values:
You can specify multiple values separated by comma. |
SampleSample
API request
curl -X GET
"<qualys_base_url>/csapi/v1.3/images/c64844065dcbc3d0a90c365c1f56421766a5cebf05f7ecbd3377af410fff09fd?scanDetails=malware%2Csecrets"
-H "Authorization: Bearer <token>"
Response
{
"created": "1603477517000",
"updated": "1605017537578",
"lastUsedDate": "1716251515814",
"author": "Docker Team",
"repo": [
{
"registry": "docker.io",
"tag": "static-amazonlinux3-sca-secret-malware",
"repository": "couchbase"
},
{
"registry": "registry-1.docker.io",
"tag": "static-amazonlinux3-sca-secret-malware",
"repository": "qualysdockerhub/overlay-functional"
}
],
"repoDigests": [
{
"registry": "docker.io",
"digest": "1d811b3c382893f70f0cc0f2371a12d3671c1d5175bcc67e8c2a5c0bf4c8f976",
"repository": "couchbase"
}
],
"label": null,
"uuid": "5d48f83b-cddb-33ac-8fad-e8452dd116b1",
"sha": "c64844065dcbc3d0a90c365c1f56421766a5cebf05f7ecbd3377af410fff09fd",
"operatingSystem": "Ubuntu Linux 16.04.7",
"customerUuid": "192cc974-1e44-cb6c-806e-f78f6441cb0d",
"dockerVersion": "18.09.7",
"size": 1183790011,
"layers": [
"id": "ec7e9b7a9687",
"sha": "ec7e9b7a9687c54974be3e2dee312c06f52762c58b670561bd49dcb14c225dfa",
"tags": null,
"layerNumber": 1,
"isBaseLayer": null,
"isEmptyLayer": false,
"vulnStats": {
"severity5Count": 25,
"severity3Count": 63,
"severity4Count": 45,
"severity1Count": 0,
"severity2Count": 9
}
},
{
"size": null,
"createdBy": "CMD [\"/bin/bash\"]",
"created": "1491583413000",
"comment": null,
"id": null,
"sha": "",
"tags": null,
"layerNumber": 2,
"isBaseLayer": null,
"isEmptyLayer": true,
"vulnStats": null
},
],
"host": [
{
"sensorUuid": "fed79006-2fa9-4b67-8f5a-272b4e02f084",
"hostname": "host.qualys.com",
"ipAddress": "10.**.2*.*0",
"uuid": "6ba5be85-2758-4f44-814a-b690c9ed23ee",
"lastUpdated": "2020-11-10T14:10:29.218Z"
}
],
"hostArchitecture": [
"x86_64"
],
"architecture": "amd64",
"imageId": "c64844065dcb",
"lastScanned": "1738827505696",
"registryUuid": [
"18871aad-720b-42b0-b373-3cbbe741f6a0"
],
"source": [
"GENERAL",
"REGISTRY"
],
"totalVulCount": "0",
"users": [
"root"
],
"isDockerHubOfficial": null,
"scanType": "DYNAMIC",
"scanTypes": [
"DYNAMIC"
],
"scanErrorCode": null,
"scanStatus": "SUCCESS",
"lastFoundOnHost": {
"sensorUuid": "fed79006-2fa9-4b67-8f5a-272b4e02f084",
"hostname": "host.qualys.com",
"ipAddress": "10.**.2*.*0",
"uuid": "6ba5be85-2758-4f44-814a-b690c9ed23ee",
"lastUpdated": "2020-11-10T14:10:29.218Z"
},
"lastScannedBySensor": "fde436ad-3686-46f9-a2e5-9f7523668d34",
"scanErrorMessage": "Static: Package manager not found",
"malware": {
"imageMalwareCount": 1,
"malwarePrediction": {
"prediction": "malicious",
"score": 1,
"severity": 3,
"category": "dropper",
"family": "mirai"
}
},
"lastMalwareScanned": null,
"exceptions": [
"77116d5b-aaa0-4dba-a334-9fe6a6f0dd98"
],
"secrets": [
{
"severity": "LOW",
"filePath": "/root/foo/foo1.txt",
"layerSha": "7afaca6fd6f46466f2f23f51c647918c7818a431792547db3a7bc033d261a1e3",
"match": null,
"startLine": 0,
"secretType": "Easypost API Token"
},
{
"severity": "LOW",
"filePath": "/root/foo/foo1.txt",
"layerSha": "7afaca6fd6f46466f2f23f51c647918c7818a431792547db3a7bc033d261a1e3",
"match": null,
"startLine": 0,
"secretType": "Adobe Client ID (Oauth Web)"
},
{
"severity": "MEDIUM",
"filePath": "/root/foo/foo1.txt",
"layerSha": "7afaca6fd6f46466f2f23f51c647918c7818a431792547db3a7bc033d261a1e3",
"match": null,
"startLine": 0,
"secretType": "Asana Client Secret"
},
{
"severity": "CRITICAL",
"filePath": "/home/qatest/key/gcp-service-account.json",
"layerSha": "5bc804df91a229c1f26d254b5247c699c1e1a53673ec1d30e263e7b4bda96beb",
"match": null,
"startLine": 0,
"secretType": "Google (GCP) Service-account"
}
],
"lastSecretScanned": null,
"riskScore": null,
"riskScoreCalculatedDate": null,
"formulaUsed": null,
"maxQdsScore": null,
"qdsSeverity": null,
"criticality": 3,
"criticalityUpdated": 1717098843553,
"baseImage": null,
"childImagesCount": 0,
"sbomLayerProcessingTimestamp": null,
"baseImageProcessingTimestamp": null,
"softwares": [
{
"name": "libncursesw5:amd64",
"version": "6.0+20160213-1ubuntu1",
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libgpg-error0:amd64",
"version": "1.21-2ubuntu1",
"fixVersion": null,
"vulnerabilities": null
}
],
"vulnerabilities": [
{
"vulnerability": null,
"result": "#table cols=\"5\"\nPackage Installed_Version Required_Version Language Install_Path\nio.airlift:aircompressor 0.11 0.27 Java root/random/lib/presto/lib/aircompressor-0.11.jar",
"lastFound": "1738827505622",
"firstFound": "1738660043494",
"severity": 4,
"customerSeverity": 4,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 40,
"category": "SCA",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"CA-Windows Agent",
"CA-Linux Agent",
"SCA",
"CS-Windows",
"CS-Linux"
],
"product": [
"maven"
],
"vendor": [
"maven"
],
"cveids": [
"CVE-2024-36114"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": null,
"highLateralMovement": true,
"easyExploit": null,
"highDataLoss": null,
"noPatch": null,
"denialOfService": null,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null
},
"qid": 999919,
"title": "Java (Maven) Security Update for io.airlift:aircompressor (GHSA-973x-65j7-xcf4)",
"cvssInfo": {
"baseScore": "5.4",
"temporalScore": "4.0",
"accessVector": "Adjacent Network"
},
"cvss3Info": {
"baseScore": "8.6",
"temporalScore": "7.5"
},
"patchAvailable": true,
"published": null,
"scanType": [
"SCA"
],
"qdsScore": 35,
"isExempted": null,
"vendorData": null,
"software": null
}
],
"layerSha": ["a89a93d2f3594bb3aaaaa42f4baed95aa1e69c17b679ae69892ff391daaa62b0"
]
}
],
"lastComplianceScanned": "1603477517000"
}
Error Response
The following error response is seen when the sub-users don't have permission to the specified image.
{
"errorCode": "403 FORBIDDEN",
"message": "Request Forbidden",
"timestamp": 1700721586546
}
Sample for AWS FargateSample for AWS Fargate
The response shows a source value of “SERVERLESS_FARGATE” in this case.
API request
curl -X GET
"<qualys_base_url>/csapi/v1.3/images/85669404084756ad51914d98c460b5b83f45848b2ec9567f08b262170db264e4" --header "Authorization: Bearer <token>"
Response
{
"created": "1633506189000",
"updated": "1659422877918",
"author": "",
"repo": [
{
"registry": "362990800442.dkr.ecr.ca-central-1.amazonaws.com",
"tag": "jboss1.18",
"repository": "cs-sensor"
}
],
"repoDigests": [
{
"registry": "362990800442.dkr.ecr.ca-central-1.amazonaws.com",
"digest": "0d4bdc5749b80631a069957de99b0fa20201e38380ce90cc68786894231e429d",
"repository": "cs-sensor"
}
],
...
"hostArchitecture": [
"x86_64"
],
"architecture": "amd64",
"imageId": "856694040847",
"lastScanned": "1659422877918",
"registryUuid": null,
"source": [
"SERVERLESS_FARGATE"
],
"totalVulCount": "42",
"users": [
"root"
],
...
}
Error Response
The following error response is seen when the sub-users don't have permission to the specified image.
{
"errorCode": "403 FORBIDDEN",
"message": "Request Forbidden",
"timestamp": 1700721586546
}
Sample with SCA ScanningSample with SCA Scanning
This is applicable for subscriptions with SCA Scanning enabled and for images scanned using SCA.
API request
curl -X GET
"<qualys_base_url>/csapi/v1.3/images?pageNumber=1&pageSize=50&sort=created%3Adesc" --header "Authorization: Bearer <token>"
Response
{
"created": "1525522580000",
"updated": "1661479716359",
"sha": "0645d07d36305947d72a31282e2dd035f54fbeff6d9adb6701e9c72e75f675e8",
"repo": [
{
"registry": "docker.io",
"tag": "0.9.2",
"repository": "known"
}
],
"repoDigests": [
{
"registry": "docker.io",
"digest": "a3cfd95b4ff72c4f1f33aa98aae1d86b9ed1bfe050058fb46205540280e9937f",
"repository": "known"
}
],
"uuid": "38aa3900-f803-32a7-9806-39233e66b85c",
"size": 539069295,
"vulnerabilities": {
"severity5Count": 8,
"severity3Count": 54,
"severity4Count": 13,
"severity1Count": 1,
"severity2Count": 1
},
"imageId": "0645d07d3630",
"associatedContainersCount": 1,
"associatedHostsCount": 1,
"lastVmScanDate": "1661479716359",
"registryUuid": null,
"source": [
"GENERAL"
],
"isDockerHubOfficial": false,
"isInstrumented": false,
"instrumentedFrom": null,
"instrumentationState": null,
"scanType": null,
"scanTypes": [
"SCA",
"DYNAMIC"
],
"scanErrorCode": null,
"scanStatus": "SUCCESS",
"lastFoundOnHost": {
"sensorUuid": "2ed740ac-acba-47b5-8072-aaa739e44f0d",
"hostname": "ip-10-20-30-40",
"ipAddress": "10.20.30.40",
"uuid": "721e3460-bced-4ec0-b695-3c3349eefefb",
"lastUpdated": "2022-08-26T01:57:22.110Z"
},
"exceptions": [
"77116d5b-aaa0-4dba-a334-9fe6a6f0dd98"
],
"compliance": {
"failCount": 2,
"passCount": 0,
"errorCount": 0
},
"lastComplianceScanDate": "1661479044741"
}
Error Response
The following error response is seen when the sub-users don't have permission to the specified image.
{
"errorCode": "403 FORBIDDEN",
"message": "Request Forbidden",
"timestamp": 1700721586546
}