Home

Manage Reports in Container Security

All reports and schedules are listed in the Reports and Schedules tabs, respectively. For report jobs, you can view and download the reports, rerun the report job, and delete them. For schedules, you can view the schedule summary, pause or resume the schedules, and delete them.

Reports

The Reports tab lists the on-demand and scheduled report jobs. A scheduled job is added to this tab only when the schedule is triggered.

The Expires in column shows the time remaining before a report gets removed from your account. Note that the deletion job runs once a day. Therefore, if your report is expiring today, you may see the value as scheduled for today before it is actually removed.

View & Download Reports

When your report shows the Completed status, it is ready to be viewed and downloaded. Select Download from the Quick Actions menu to download the report in CSV format.

Use a search query to quickly find a report by report name.

For each row in the report, you’ll see image or container details (Examples: repository, image or container id, and so on) followed by vulnerability details (Examples: QID, title, severity, and so on) for a single detected vulnerability. If the image or container has multiple vulnerabilities it will be listed multiple times (Examples: 10 rows for 10 vulnerabilities on the same image or container).

Download SBOM Report

You can download Software Bill Of Material (SBOM) report of a scan using ASSETS > Images > Quick Actions > Download SBOM. 

The SBOM can be downloaded in the following formats.

  • SPDX - This is the default SBOM report format offered by Qualys. The SPDX SBOM package primarily consists of three elements: Documents (metadata about the SBOM), Packages (groups of elements), and Files (single files). It is managed by 'The Linux Foundation'. To know more about SPDX SBOM, refer to https://spdx.dev/about/overview/.
  • CycloneDX - The CycloneDX Software Bill of Materials (SBOM) includes metadata and outlines a collection of software elements, organized into components, services, and dependencies. Additionally, the SBOM defines relationships between these elements through a specific architecture. It is managed by OWASP. To know more about CycloneDX, refer to https://cyclonedx.org/.

Delete Reports

To delete a single report, select Delete from the Quick Actions menu.

To delete multiple reports in bulk, select the check-boxes of the reports you want to delete and select Actions > Delete present above the reports list.

Schedules

The Schedules tab lists the report schedules. Every time a schedule is triggered, a report job is added to the Reports tab.

View Schedule Details

To view the schedule details, select View from the Quick Actions menu.

The state of the schedule indicates the current status of a schedule. You can also view this status in the Schedule Status column. The possible values for the schedule status are:

  • Active: The schedule is active.
  • Completed: The time-frame of the schedule is completed, which means the schedule is not running anymore.
  • Paused: The schedule is paused.

The Next Launch column under Schedules indicates when the schedule is set to trigger next time.

Pause or Resume a Schedule

You can pause an Active schedule or resume a Paused schedule. To pause or resume a schedule, select Pause or Resume from the Quick Actions menu, respectively.

Delete a Schedule

To delete a schedule, select Delete from the Quick Actions menu.

 

 

© 2024 Qualys, Inc. All rights reserved. Privacy Policy.