Searching for Images
Use the search tokens below to search for images. Looking for help with writing your query? click here.
container.image.architecturecontainer.image.architecture
Use a text value ##### to find images based on the image container.image.architecture, for example amd64 or arm64. Tip: Use the container.image.host.architecture token to find images based on the host architecture.
Example
Show findings with amd64 container.image.architecture
container.image.architecture: amd64
container.image.baseImagecontainer.image.baseImage
Use a text value ##### to find the list of images with the provided container.image.sha as their base image.
Example
Show images associated that have base image as fff4089977d34bb374297bfd013df512345679c8fc44cd428bb80ea014df444v
container.image.baseImage: fff4089977d34bb374297bfd013df512345679c8fc44cd428bb80ea014df444v
container.image.baseImagesForChildImagescontainer.image.baseImagesForChildImages
Use a text value ##### to find the list of images with the provided container.image.sha as their child image.
Example
Show the list of images with the provided container.image.sha as their child image fff4089977d34bb374297bfd013df512345679c8fc44cd428bb80ea014df444v
container.image.baseImagesForChildImages: fff4089977d34bb374297bfd013df512345679c8fc44cd428bb80ea014df444v
asset.container.instance.tag.nameasset.container.instance.tag.name
Use a text value ##### to find images that are associated with containers with this tag.
Example
Show images associated with containers that have the tag 'TestContainer'
asset.container.instance.tag.name: TestContainer
control.idcontrol.id
Use a text value ##### to find controls by control ID.
Example
Show images with this control ID
control.id: 10826
control.criticalitycontrol.criticality
Use a text value ##### to find controls by criticality level (MINIMAL, MEDIUM, SERIOUS, CRITICAL, URGENT).
Example
Show images with URGENT controls
control.criticality: "URGENT"
controls.posturecontrols.posture
Use a text value ##### to find controls by compliance posture (PASS, FAIL).
Example
Show images with failed controls
controls.posture: "FAIL"
container.image.createdDatecontainer.image.createdDate
Use a date range or specific date to define when images were created.
Examples
Find images container.image.createdDate within certain dates
container.image.createdDate: [2017-06-15 ... 2017-06-30]
Find images container.image.createdDate on specific date
container.image.createdDate:'2017-08-15'
riskAcceptance.nameriskAcceptance.name
Use a text value ##### to specify the names of exceptions.
Example
Show images on which these exceptions are applied.
riskAcceptance.name: [Exception1,Exception2]
container.image.hasBaseImagecontainer.image.hasBaseImage
Use a text value ##### to find images that have a base image.
Example
Show images associated with containers that have a base image.
container.image.hasBaseImage: true
container.image.hasChildImagecontainer.image.hasChildImage
Use a text value ##### to find images having any child images.
Example
Show the list of images having any child images.
container.image.hasChildImage: true
container.image.hasSecretscontainer.image.hasSecrets
Use a text value ##### to find images which has Secret/s.
Example
Show images with have secrets.
container.image.hasSecrets: true
container.image.host.architecturecontainer.image.host.architecture
Use a text value ##### to find images based on the host container.image.architecture (amd64, arm64, x86_64).
Example
Show findings with arm64 host container.image.architecture
container.image.host.architecture: arm64
container.image.host.namecontainer.image.host.name
Use a text value ##### to define the hostname you're looking for.
Example
Show findings with this hostname
container.image.host.name: dockerhost07.mydomain.com
container.image.host.ipAddresscontainer.image.host.ipAddress
Use a text value ##### to define a host IP address you're interested in.
Example
Show findings with this IP address
container.image.host.ipAddress: 10.44.92.127
container.image.idcontainer.image.id
Use a text value ##### to define an image ID of interest.
Example
Show findings with this image ID
container.image.id: c2d1b73a90ec
container.image.lastUsedDatecontainer.image.lastUsedDate
Use the specified values ##### to define an image which is in use.
Example
Show images used in last 7 days.
container.image.lastUsedDate: `[now-7d ... now]`
container.image.isDockerHubOfficialcontainer.image.isDockerHubOfficial
Use the values true | false to find Docker Hub official images.
Example
Show Docker Hub official images
container.image.isDockerHubOfficial: true
container.image.label.keycontainer.image.label.key
Use a text value ##### to define images with a certain label name.
Example
Show findings with label name "vendor"
container.image.label.key: vendor
container.image.label.valuecontainer.image.label.value
Use a text value ##### to define images with a certain label value.
Example
Show findings with this label value
container.image.label.value: CentOS
container.image.lastComplianceScanDatecontainer.image.lastComplianceScanDate
Use a date range or specific date to define when images were last scanned for compliance.
Examples
Show images with last compliance scan within certain dates
container.image.lastComplianceScanDate: [2021-01-01 ... 2021-01-30]
Show images with last compliance scan starting 2020-10-15, ending 1 month ago
container.image.lastComplianceScanDate: [2020-10-15 ... now-1M]
Show images with last compliance scan starting 2 weeks ago, ending 1 second ago
container.image.lastComplianceScanDate: [now-2w ... now-1s]
Show images with last compliance scan on specific date
container.image.lastComplianceScanDate:'2021-01-18'
container.image.lastMalwareScanDatecontainer.image.lastMalwareScanDate
Use a date range or specific date to define when images were last scanned for malwares.
Examples
Show images with last malware scan within certain dates.
container.image.lastMalwareScanDate: [2023-08-01 ... 2023-09-30]
Show images with last malware scan starting 2023-07-15, ending 1 month ago.
container.image.lastMalwareScanDate: [2020-10-15 ... now-1M]
Show images with last malware scan starting 2 weeks ago, ending 1 second ago.
container.image.lastMalwareScanDate: [now-2w ... now-1s]
Show images with last malware scan on specific date.
container.image.lastMalwareScanDate:'2023-07-18'
container.image.lastVmScanDatecontainer.image.lastVmScanDate
Use a date range or specific date to define when images were last scanned for vulnerabilities.
Examples
Show images last scanned within certain dates
container.image.lastVmScanDate: [2021-01-01 ... 2021-01-30]
Show images last scanned starting 2020-10-15, ending 1 month ago
container.image.lastVmScanDate: [2020-10-15 ... now-1M]
Show images last scanned starting 2 weeks ago, ending 1 second ago
container.image.lastVmScanDate: [now-2w ... now-1s]
Show images last scanned on specific date
container.image.lastVmScanDate:'2021-01-18'
container.image.layer.createdBycontainer.image.layer.createdBy
Use a text value ##### to find images having layers container.image.createdDate by a certain user.
Example
Show findings container.image.createdDate by jsmith
container.image.layer.createdBy: jsmith
container.image.layer.createdDatecontainer.image.layer.createdDate
Use a date range or specific date to find when layers were created.
Examples
Show findings with layers container.image.createdDate within certain dates
container.image.layer.createdDate: [2017-10-01 ... 2017-10-12]
Show findings with layers container.image.createdDate starting 2017-10-01, ending 1 month ago
container.image.layer.createdDate: [2017-10-01 ... now-1M]
Show findings with layers container.image.createdDate starting 2 weeks ago, ending 1 second ago
container.image.layer.createdDate: [now-2w ... now-1s]
Show findings with layers container.image.createdDate on certain date
container.image.layer.createdDate:'2017-09-22'
container.image.layer.idcontainer.image.layer.id
Use a text value ##### to define images having a certain layer ID.
Example
Show findings with this layer ID
container.image.layer.id: 12345
container.image.layer.shacontainer.image.layer.sha
Use a text value ##### to define SHA 256 hash of image layer.
Example
Show image layer with this SHA value
container.image.layer.sha: 163dc7f6b91a30bdaa867c28e7edc341e72da63b0f9056be497bd59a83bce695
container.image.layer.sizeInBytescontainer.image.layer.sizeInBytes
Use a text value ##### to define images having layers with a certain size.
Example
Show findings with this layer container.image.sizeInBytes
container.image.layer.sizeInBytes: 10
container.image.layer.tagcontainer.image.layer.tag
Use a text value ##### to define images having layers with a certain tag.
Example
Show findings with this layer tag
container.image.layer.tag: "layer-tag8"
container.image.layer.countcontainer.image.layer.count
Use a text value ##### to find images having a certain number of layers.
Example
Show findings with 12 layers
container.image.layer.count: 12
image.malware.countimage.malware.count
Use a number to specify a malware count. It shows images that have the specified number of malwares.
Example
Show images with 2 malwares.
image.malware.count: 2
image.malware.malwarePrediction.familyimage.malware.malwarePrediction.family
Use a text value ##### to specify a family of malwares. It shows images that have malwares of the specified family.
Example
Show images with malwares of the Mirai family.
image.malware.malwarePrediction.family: Mirai
image.malware.malwarePrediction.severityimage.malware.malwarePrediction.severity
Specify the severity of malwares. Select a value from the list. It shows images that have malwares of the specified severity.
Example
Show images with malwares of this severity.
image.malware.malwarePrediction.severity: 1
container.image.maxQdsScorecontainer.image.maxQdsScore
Specify the maximum QDS score. It shows the images having the maximum QDS score provided by you.
Example
Show images having maximum value of QDS Score as 95.
container.image.maxQdsScore: 95
container.image.qdsSeveritycontainer.image.qdsSeverity
Use this value to help you find images with the QDS severity you're interested in.
Example
Show all images having QDS severity as 'HIGH'.
container.image.qdsSeverity: HIGH
container.image.registryUuidcontainer.image.registryUuid
Use a text value ##### to find images having a certain registry UUID.
Example
Show images with this registry UUID
container.image.registryUuid: ed46df944e1c
container.image.repoDigest.digestcontainer.image.repoDigest.digest
Use a text value ##### to find images having a certain repoDigest digest value.
Example
Show findings with this digest value
container.image.repoDigest.digest: 2c8d61c46f484d881db43b34d13ca47a269336e576c81cf007ca740fa9ec0800
container.image.repoDigest.registrycontainer.image.repoDigest.registry
Use a text value ##### to find images having a certain repoDigest registry name.
Example
Show findings with this repoDigest registry
container.image.repoDigest.registry: "my-registry-name"
container.image.repoDigest.repositorycontainer.image.repoDigest.repository
Use a text value ##### to find images having a certain repoDigest repository name.
Example
Show findings with this repoDigest repository
container.image.repoDigest.repository: "repository-name"
container.image.repo.registrycontainer.image.repo.registry
Use a text value ##### to find images having a certain repository registry name.
Example
Show findings with this registry
container.image.repo.registry: "my-registry-name"
container.image.repo.repositorycontainer.image.repo.repository
Use a text value ##### to find images from a certain image repository.
Example
Show findings from this image repository
container.image.repo.repository: "repository-name"
container.image.repo.tag.namecontainer.image.repo.tag.name
Use a text value ##### to find images having a certain repository tag name.
Example
Show findings with this tag
container.image.repo.tag.name: "my-tag"
asset.truRiskasset.truRisk
Use a number value ##### to find images having a certain risk score.
Example
Show findings with this tag.
asset.truRisk: "60"
container.image.scanErrorCodecontainer.image.scanErrorCode
Use a text value ##### to find images that returned a certain error code (e.g. CMS-1301, CMS-1311, CMS-1317, etc) during the scan. See Scan Error Codes in the online help for codes.
Example
Show images that reported scan error code CMS-1301
container.image.scanErrorCode: CMS-1301
container.image.scanStatuscontainer.image.scanStatus
Use a text value ##### to find images based on scan status (SUCCESS, FAILED).
Example
Show images with failed scan status
container.image.scanStatus: FAILED
container.image.scanTypecontainer.image.scanType
Use a text value ##### to find images based on the type of scan (STATIC, DYNAMIC, SCA) used to scan the image.
Example
Show images scanned with static scanning
container.image.scanType: STATIC
secret.severitysecret.severity
Specify the severity of secrets. Select a value from the list. It finds images that have the secrets of a specific severity associated with them.
Example
Show images that have high severity secrets associated with them.
secret.severity: HIGH
container.image.shacontainer.image.sha
Use a text value ##### to define an image by its SHA 256 hash.
Example
Show findings with this SHA value
container.image.sha: 163dc7f6b91a30bdaa867c28e7edc341e72da63b0f9056be497bd59a83bce695
software.namesoftware.name
Use a text value ##### to define images running a software application name you're interested in.
Example
Show findings with this software name
software.name: "MyApp"
software.versionsoftware.version
Use a text value ##### to define images running a software application version of interest.
Example
Show findings with this software version
software.version: "2.0.3"
software.fixVersionsoftware.fixVersion
Use a text value ##### to find software with specific fix version.
Example
Show images with this software version
software.fixVersion: 2.0.3
software.vulnerabilities.authTypesoftware.vulnerabilities.authType
Use a text value ##### to find software vulnerabilities with an authentication type (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc). See Authentication Types in online help for more options.
Example
Show findings with Windows auth type
software.vulnerabilities.authType: "WINDOWS_AUTH"
software.vulnerabilities.categorysoftware.vulnerabilities.category
Use a text value ##### to find software vulnerabilities with a vulnerability category (CGI, Database, DNS, BIND, etc). See Vulnerability Categories in online help for category names.
Example
Show findings with category CGI
software.vulnerabilities.category: "CGI"
software.vulnerabilities.customerSeveritysoftware.vulnerabilities.customerSeverity
Use an integer value ##### to find software vulnerabilities with this customer defined severity (1-5).
Examples
Show findings with customer-defined severity 4
software.vulnerabilities.customerSeverity: "4"
Show findings with customer-defined severity 5 and category DNS
software.vulnerabilities: (customerSeverity: "5" AND category: "DNS")
software.vulnerabilities.cveIdssoftware.vulnerabilities.cveIds
Use a text value ##### to find software vulnerabilities with CVE Ids.
Example
Show findings with CVE Ids
software.vulnerabilities.cveIds: "CVE-2014-9999"
software.vulnerabilities.cvssAccessVectorsoftware.vulnerabilities.cvssAccessVector
Use a text value ##### to find images having software vulnerabilities with specific CVSS access vector.
Example
Show findings with CVSS access vector
software.vulnerabilities.cvssAccessVector: "Local"
software.vulnerabilities.cvssBaseScoresoftware.vulnerabilities.cvssBaseScore
Use a integer value ##### to find images having software vulnerabilities with specific CVSS base score.
Example
Show findings with CVSS base score
software.vulnerabilities.cvssBaseScore: "7.2"
software.vulnerabilities.cvssTemporalScoresoftware.vulnerabilities.cvssTemporalScore
Use a integer value ##### to find images having software vulnerabilities with specific CVSS temporal score.
Example
Show findings with CVSS temporal score
software.vulnerabilities.cvssTemporalScore: "6.2"
software.vulnerabilities.cvss3BaseScoresoftware.vulnerabilities.cvss3BaseScore
Use a integer value ##### to find images having software vulnerabilities with specific CVSS3 base score.
Example
Show findings with CVSS3 base score
software.vulnerabilities.cvss3BaseScore: "4.3"
software.vulnerabilities.cvss3TemporalScoresoftware.vulnerabilities.cvss3TemporalScore
Use a integer value ##### to find images having software vulnerabilities with specific CVSS3 temporal score.
Example
Show findings with CVSS3 temporal score
software.vulnerabilities.cvss3TemporalScore: "3.8"
software.vulnerabilities.discoveryTypesoftware.vulnerabilities.discoveryType
Use a text value ##### to find software vulnerabilities with a discovery type (REMOTE or AUTHENTICATED).
Example
Show findings with Remote discovery type
software.vulnerabilities.discoveryType: "REMOTE"
software.vulnerabilities.firstFoundDatesoftware.vulnerabilities.firstFoundDate
Use a date range or specific date to find when software vulnerabilities were first found.
Examples
Show findings first found within certain dates
software.vulnerabilities.firstFoundDate: [2017-10-01 ... 2017-10-12]
Show findings first found starting 2017-10-01, ending 1 month ago
software.vulnerabilities.firstFoundDate: [2017-10-01 ... now-1M]
Show findings first found starting 2 weeks ago, ending 1 second ago
software.vulnerabilities.firstFoundDate: [now-2w ... now-1s]
Show findings first found on certain date
software.vulnerabilities.firstFoundDate:'2017-09-22'
Show findings first found in the past 10 days with severity 5
software.vulnerabilities: (container.image.firstFoundDate > now-10d AND severity: "5")
software.vulnerabilities.lastFoundDatesoftware.vulnerabilities.lastFoundDate
Use a date range or specific date to find when software vulnerabilities were last found.
Examples
Show findings last found within certain dates
software.vulnerabilities.lastFoundDate: [2017-10-02 ... 2017-10-15]
Show findings last found starting 2017-10-01, ending 1 month ago
software.vulnerabilities.lastFoundDate: [2017-10-01 ... now-1M]
Show findings last found starting 2 weeks ago, ending 1 second ago
software.vulnerabilities.lastFoundDate: [now-2w ... now-1s]
Show findings last found on certain date
software.vulnerabilities.lastFoundDate:'2017-10-11'
Show findings last found on 2017-10-12 and category CGI
software.vulnerabilities: (lastFound: '2017-10-12' AND category: "CGI")
software.vulnerabilities.resultsoftware.vulnerabilities.result
Use a text value ##### to find software packages that have vulnerabilities. This is scan (QID) test result generated by signature.
Example
Show findings with libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4
software.vulnerabilities.result: "libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4"
software.vulnerabilities.risksoftware.vulnerabilities.risk
Use an integer value ##### to find software vulnerabilities having a certain risk rating. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.
Example
Show findings with risk 50
software.vulnerabilities.risk: 50
software.vulnerabilities.severitysoftware.vulnerabilities.severity
Use an integer value ##### to find software vulnerabilities with this Qualys defined severity (1-5).
Examples
Show findings with severity 4
software.vulnerabilities.severity: "4"
Show findings with severity 5 and category DNS
software.vulnerabilities: (severity: "5" AND category: "DNS")
software.vulnerabilities.supportedBy.serviceNamesoftware.vulnerabilities.supportedBy.serviceName
Use a text value ##### to find software vulnerabilities that are supported by a Qualys product (VM, WAS, MD, WAF, CA-Windows Agent, CA-Linux Agent, CA-Mac Agent).
Example
Show findings supported by VM
software.vulnerabilities.supportedBy.serviceName: "VM"
software.vulnerabilities.threatIntelsoftware.vulnerabilities.threatIntel
Use a text value ##### to find software vulnerabilities that are exposed to real-time threats.
Examples
Show findings exposed to public exploit threats
software.vulnerabilities.threatIntel: "publicExploit": true
Show findings exposed to multiple threats
software.vulnerabilities.threatIntel: {"publicExploit" : true, "publicExploitNames" : ["Sambar Server 4.3/4.4 Beta 3 - Search CGI - The Exploit-DB Ref : 20223" ]}
software.vulnerabilities.typeDetectedsoftware.vulnerabilities.typeDetected
Use a text value ##### to find software vulnerabilities with a detection type (CONFIRMED or POTENTIAL).
Example
Show findings with this detection type
software.vulnerabilities.typeDetected: "CONFIRMED"
software.vulnerabilities.qidsoftware.vulnerabilities.qid
Use an integer value ##### to provide a QID to find images with software having certain vulnerability.
Example
Show findings with QID 90405
software.vulnerabilities.qid: 90405
software.vulnerabilities.titlesoftware.vulnerabilities.title
Use an text value ##### to provide a title to find images with software having certain vulnerability.
Example
Show findings with title
software.vulnerabilities.title: title text
software.vulnerabilities.software.namesoftware.vulnerabilities.software.name
Use a text value ##### to find vulnerability present in certain software.
Example
Show findings with software name
software.vulnerabilities.software.name: my-app
software.vulnerabilities.software.versionsoftware.vulnerabilities.software.version
Use a text value ##### to find vulnerability present in certain software version.
Example
Show findings with software version
software.vulnerabilities.software.version: 8.0
software.vulnerabilities.software.fixVersionsoftware.vulnerabilities.software.fixVersion
Use a text value ##### to find vulnerability present in certain software fix version.
Example
Show findings with certain fix version
software.vulnerabilities.software.fixVersion: 8.0
software.vulnerabilities.sourcesoftware.vulnerabilities.source
Use a text value ##### to find software vulnerability from specific container.image.source (CONTAINER, IMAGE, BOTH).
Example
Show software software from images
software.vulnerabilities.source: IMAGE
software.vulnerabilities.reasonsoftware.vulnerabilities.reason
Use a text value ##### to find software vulnerability with specific state (Fixed, New, Removed, Varied)
Example
Show software software that is new
software.vulnerabilities.reason: NEW
software.vulnerabilities.threatIntel.isActiveAttacksoftware.vulnerabilities.threatIntel.isActiveAttack
Use the values true | false to find images with software vulnerabilities leading to real-time threats due to active attacks.
Example
Show images exposed to threats due to active attacks
software.vulnerabilities.threatIntel.isActiveAttack: true
software.vulnerabilities.threatIntel.isDenialOfServicesoftware.vulnerabilities.threatIntel.isDenialOfService
Use the values true | false to find images with software vulnerabilities leading to real-time threats due to denial of service.
Example
Show images having threats due to denial of service
software.vulnerabilities.threatIntel.isDenialOfService: true
software.vulnerabilities.threatIntel.isEasyExploitsoftware.vulnerabilities.threatIntel.isEasyExploit
Use the values true | false to find images with software vulnerabilities leading to real-time threats due to easy exploit.
Example
Show images exposed to threats due to easy exploit
software.vulnerabilities.threatIntel.isEasyExploit: true
software.vulnerabilities.threatIntel.isHighDataLosssoftware.vulnerabilities.threatIntel.isHighDataLoss
Use the values true | false to find images with software vulnerabilities leading to real-time threats due to high data loss.
Example
Show images exposed to threats due to high data loss
software.vulnerabilities.threatIntel.isHighDataLoss: true
software.vulnerabilities.threatIntel.isHighLateralMovementsoftware.vulnerabilities.threatIntel.isHighLateralMovement
Use the values true | false to find images with software vulnerabilities leading to real-time threats due to high lateral movement.
Example
Show images exposed to threats due to high lateral movement
software.vulnerabilities.threatIntel.isHighLateralMovement: true
software.vulnerabilities.threatIntel.isMalwaresoftware.vulnerabilities.threatIntel.isMalware
Use the values true | false to find images with software vulnerabilities leading to real-time threats due to malware.
Example
Show images exposed to threats due to malware
software.vulnerabilities.threatIntel.isMalware: true
software.vulnerabilities.threatIntel.hasNoPatchsoftware.vulnerabilities.threatIntel.hasNoPatch
Use the values true | false to find images with software vulnerabilities leading to real-time threats due to no patch available.
Example
Show images exposed to threats due to no patch available
software.vulnerabilities.threatIntel.hasNoPatch: true
software.vulnerabilities.threatIntel.isPublicExploitsoftware.vulnerabilities.threatIntel.isPublicExploit
Use the values true | false to find images with software vulnerabilities leading to real-time threats due to public exploit.
Example
Show images exposed to threats due to public exploit
software.vulnerabilities.threatIntel.isPublicExploit: true
container.image.sourcecontainer.image.source
Use a text value ##### to find images from specific container.image.source (CICD, GENERAL, HOST, REGISTRY, SERVERLESS_FARGATE).
Example
Show images from registry
container.image.source: REGISTRY
asset.container.image.tag.nameasset.container.image.tag.name
Use a text value ##### to find images that are assigned with this tag.
Example
Show images assigned with the tag 'TestImage'
asset.container.image.tag.name: TestImage
container.image.updatedDatecontainer.image.updatedDate
Use a date range or specific date to define when images were updated. The container.image.updatedDate date is modified with each event on the image, and with vulnerability report processing for the image.
Examples
Find images container.image.updatedDate within certain dates
container.image.updatedDate: [2019-06-15 ... 2019-06-30]
Find images container.image.updatedDate on specific date
container.image.updatedDate:'2019-08-15'
container.image.user.usernamecontainer.image.user.username
Use a text value ##### to define images having a user name you're looking for.
Example
Show findings with this user name
container.image.user.username: "asmith"
finding.authTypefinding.authType
Use a text value ##### to find images having vulnerabilities with an authentication type (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc). See Authentication Types in online help for more options.
Example
Show findings with Windows auth type
finding.authType: "WINDOWS_AUTH"
finding.categoryfinding.category
Use a text value ##### to find images with vulnerabilities having a vulnerability category (CGI, Database, DNS, BIND, etc). See Vulnerability Categories in online help for category names.
Example
Show findings with category CGI
finding.category: "CGI"
finding.customerSeverityfinding.customerSeverity
Use an integer value ##### to find images having vulnerabilities with this customer defined severity (1-5).
Examples
Show findings with customer-defined severity 4
finding.customerSeverity: "4"
Show findings with customer-defined severity 5 and category DNS
vulnerabilities: (customerSeverity: "5" AND category: "DNS")
finding.cveIdfinding.cveId
Use a text value ##### to find images having vulnerabilities with the CVE name you're interested in.
Example
Show findings with CVE name CVE-2015-0313
finding.cveId: CVE-2015-0313
finding.cvssAccessVectorfinding.cvssAccessVector
Use a text value ##### to find images having vulnerabilities with specific CVSS access vector.
Example
Show findings with CVSS access vector
finding.cvssAccessVector: "Local"
finding.cvss2BaseScorefinding.cvss2BaseScore
Use a integer value ##### to find images having vulnerabilities with specific CVSS base score.
Example
Show findings with CVSS base score
finding.cvss2BaseScore: "7.2"
finding.cvss2TemporalScorefinding.cvss2TemporalScore
Use a integer value ##### to find images having vulnerabilities with specific CVSS temporal score.
Example
Show findings with CVSS temporal score
finding.cvss2TemporalScore: "6.2"
finding.cvss3BaseScorefinding.cvss3BaseScore
Use a integer value ##### to find images having vulnerabilities with specific CVSS3 base score.
Example
Show findings with CVSS3 base score
finding.cvss3BaseScore: "4.3"
finding.cvss3TemporalScorefinding.cvss3TemporalScore
Use a integer value ##### to find images having vulnerabilities with specific CVSS3 temporal score.
Example
Show findings with CVSS3 temporal score
finding.cvss3TemporalScore: "3.8"
finding.discoveryTypefinding.discoveryType
Use a text value ##### to find images having vulnerabilities with a discovery type (REMOTE or AUTHENTICATED).
Example
Show findings with Remote discovery type
finding.discoveryType: "REMOTE"
finding.firstFoundDatefinding.firstFoundDate
Use a date range or specific date to define when vulnerabilities on image were first found.
Examples
Show findings first found within certain dates
finding.firstFoundDate: [2017-10-01 ... 2017-10-12]
Show findings first found starting 2017-10-01, ending 1 month ago
finding.firstFoundDate: [2017-10-01 ... now-1M]
Show findings first found starting 2 weeks ago, ending 1 second ago
finding.firstFoundDate: [now-2w ... now-1s]
Show findings first found on certain date
finding.firstFoundDate:'2017-09-22'
Show findings first found in the past 10 days with severity 5
vulnerabilities: (container.image.firstFoundDate > now-10d AND severity: "5")
vulnerabilities.fixedvulnerabilities.fixed
Use a date range or specific date to define when vulnerabilities on image were fixed.
Examples
Show findings fixed within certain dates
vulnerabilities.fixed: [2017-10-01 ... 2017-10-12]
Show findings fixed starting 2017-10-01, ending 1 month ago
vulnerabilities.fixed: [2017-10-01 ... now-1M]
Show findings fixed starting 2 weeks ago, ending 1 second ago
vulnerabilities.fixed: [now-2w ... now-1s]
Show findings fixed on certain date
vulnerabilities.fixed:'2017-09-22'
Show findings fixed in the past 10 days with severity 5
vulnerabilities: (fixed > now-10d AND severity: "5")
finding.lastFoundDatefinding.lastFoundDate
Use a date range or specific date to define when vulnerabilities on image were last found.
Examples
Show findings last found within certain dates
finding.lastFoundDate: [2017-10-02 ... 2017-10-15]
Show findings last found starting 2017-10-01, ending 1 month ago
finding.lastFoundDate: [2017-10-01 ... now-1M]
Show findings last found starting 2 weeks ago, ending 1 second ago
finding.lastFoundDate: [now-2w ... now-1s]
Show findings last found on certain date
finding.lastFoundDate:'2017-10-11'
Show findings last found on 2017-10-12 and category CGI
vulnerabilities: (lastFound: '2017-10-12' AND category: "CGI")
finding.layerShafinding.layerSha
Use a layerSha to find images having that layerSha.
Examples
Show images with the given layerSha.
finding.layerSha: hq34cl3d762ca8378d40f3029bb10de71ec98652580cb8859248250d812bede6998505
finding.vendorProductNamefinding.vendorProductName
Use a text value ##### to find images having vulnerabilities on a certain vendor product (moodle, gnome, code-crafters, etc). See Product References in online help for vendor names.
Example
Show findings for this product
finding.vendorProductName: "moodle"
vulnerabilities.publishedvulnerabilities.published
Use a date range or specific date to identify vulnerabilities based on their published date.
Examples
Show vulnerabilities published within certain dates
vulnerabilities.published: [2025-11-01 ... 2025-11-30]
Show vulnerabilities published on specific date
vulnerabilities.published:'2025-11-18'
finding.resultfinding.result
Use values within quotes or backticks to help you find images having a detection result you're interested in.
Examples
Show any images that contain components of detection results
finding.result: "Windows 2012"
Show images that match exact value "Windows 2012"
finding.result: `Windows 2012`
finding.riskfinding.risk
Use an integer value ##### to find images with vulnerabilities having a certain risk rating. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.
Example
Show findings with risk 50
finding.risk: 50
finding.severityfinding.severity
Use an integer value ##### to find images having vulnerabilities with this Qualys defined severity (1-5).
Examples
Show findings with severity 4
finding.severity: "4"
Show findings with severity 5 and category DNS
vulnerabilities: (severity: "5" AND category: "DNS")
vulnerabilities.statusvulnerabilities.status
Use a text value ##### to find images having vulnerabilities with a vulnerability status (OPEN, FIXED or REOPENED).
Example
Show findings with this status
vulnerabilities.status: "OPEN"
finding.supportedBy.serviceNamefinding.supportedBy.serviceName
Use a text value ##### to find images having vulnerabilities that are supported by a Qualys product (VM, WAS, MD, WAF, CA-Windows Agent, CA-Linux Agent, CA-Mac Agent).
Example
Show findings supported by VM
finding.supportedBy.serviceName: "VM"
finding.threatIntel.isActiveAttackfinding.threatIntel.isActiveAttack
Use the values true | false to find images exposed to real-time threats due to active attacks.
Example
Show images exposed to active attacks
finding.threatIntel.isActiveAttack: true
finding.threatIntel.isDenialOfServicefinding.threatIntel.isDenialOfService
Use the values true | false to find images exposed to real-time threats due to denial of service.
Example
Show images exposed to denial of service
finding.threatIntel.isDenialOfService: true
finding.threatIntel.isEasyExploitfinding.threatIntel.isEasyExploit
Use the values true | false to find images exposed to real-time threats due to easy exploit.
Example
Show images exposed to easy exploit
finding.threatIntel.isEasyExploit: true
finding.threatIntel.isHighDataLossfinding.threatIntel.isHighDataLoss
Use the values true | false to find images exposed to real-time threats due to high data loss.
Example
Show images exposed to high data loss
finding.threatIntel.isHighDataLoss: true
finding.threatIntel.isHighLateralMovementfinding.threatIntel.isHighLateralMovement
Use the values true | false to find images exposed to real-time threats due to high lateral movement.
Example
Show images exposed to high lateral movement
finding.threatIntel.isHighLateralMovement: true
finding.threatIntel.isMalwarefinding.threatIntel.isMalware
Use the values true | false to find images exposed to real-time threats due to malware.
Example
Show images exposed to malware threats
finding.threatIntel.isMalware: true
finding.threatIntel.hasNoPatchfinding.threatIntel.hasNoPatch
Use the values true | false to find images exposed to real-time threats due to no patch available.
Example
Show images exposed to threats due to no patch available
finding.threatIntel.hasNoPatch: true
finding.threatIntel.isPublicExploitfinding.threatIntel.isPublicExploit
Use the values true | false to find images exposed to real-time threats due to public exploit.
Example
Show images exposed to public exploit threats
finding.threatIntel.isPublicExploit: true
finding.typeDetectedfinding.typeDetected
Use a text value ##### to find images having vulnerabilities with a detection type (CONFIRMED or POTENTIAL).
Example
Show findings with this detection type
finding.typeDetected: "CONFIRMED"
finding.vendorfinding.vendor
Use a text value ##### to find images having vulnerabilities on product from a certain vendor. See Vendor References in online help for vendor names.
Example
Show findings for this vendor
finding.vendor: "vendor-name"
finding.qidfinding.qid
Use an integer value ##### to provide a QID to find images with certain vulnerability.
Example
Show findings with QID 90405
finding.qid: 90405
finding.titlefinding.title
Use an text value ##### to provide a title to find images with certain vulnerability.
Example
Show findings with title
finding.title: title text
finding.software.namefinding.software.name
Use a text value ##### to find vulnerability present in certain software.
Example
Show findings with software name
finding.software.name: my-app
finding.software.versionfinding.software.version
Use a text value ##### to find vulnerability present in certain software version.
Example
Show findings with software version
finding.software.version: 8.0
finding.software.fixVersionfinding.software.fixVersion
Use a text value ##### to find vulnerability present in certain software fix version.
Example
Show findings with certain fix version
finding.software.fixVersion: 8.0
container.image.dockerVersioncontainer.image.dockerVersion
Use a text value ##### to define a Docker version you're looking for.
Example
Show findings with this Docker version
container.image.dockerVersion: 17.3
container.image.sizeInBytescontainer.image.sizeInBytes
Use a text value ##### to find a Docker image of a certain size.
Example
Show findings of this container.image.sizeInBytes
container.image.sizeInBytes: 300555112
container.image.service.namecontainer.image.service.name
Use a text value ##### to find images with specific services running on them.
Example
Show findings with service name
container.image.service.name: sshd
container.image.service.descriptioncontainer.image.service.description
Use a text value ##### to find images with the description of specific services running on them.
Example
Show findings with service description
container.image.service.description: Secure Socket Shell
container.image.service.statuscontainer.image.service.status
Use a text value ##### to find images with the status of specific services running on them. Status could be RUNNING, STOPPED, etc.
Example
Show findings with service status
container.image.service.status: RUNNING
andand
Use a text value to express your query using AND logic.
Example
Show images with static scanning and with Failed scan status
container.image.scanType: STATIC and container.image.scanStatus: FAILED
notnot
Use a text value to express your query using NOT logic.
Example
Show images that don't have Failed scan status
not container.image.scanStatus: FAILED
oror
Use a Boolean query to express your query using OR logic.
Example
Show images with one of these repository tag names
container.image.repo.tag.name: "tag123" or container.image.repo.tag.name: "tagABC"
finding.vendorData.rhsa.severityfinding.vendorData.rhsa.severity
Use a text value ##### to find images with the RHSA Severity of specific VendorData vulnerabilities. RHSA severity could be moderate, important, low, or critical.
Example
Show images with finding.vendorData.rhsa.severity to be 'moderate'.
finding.vendorData.rhsa.severity: moderate
finding.vendorData.rhsa.idfinding.vendorData.rhsa.id
Use a value ##### to find images with a specific RHSA ID of the VendorData vulnerabilities.
Example
Show images with vulnerabilities with RHSA ID - 'RHSA-2023:5476' of the VendorData.
vulnerabilities.vendorData.rhsa-id: "RHSA-2023:5476"
finding.vendorData.rhsa.cve.severityfinding.vendorData.rhsa.cve.severity
Use a text value ##### to find images with the RHSA CVE Severity of specific VendorData vulnerabilities. RHSA CVE Severity could be moderate, important, low, or critical.
Example
Show images with finding.vendorData.rhsa.cve.severity to be 'critical'.
finding.vendorData.rhsa.cve.severity: critical
finding.vendorData.rhsa.cve.cvss2BaseScorefinding.vendorData.rhsa.cve.cvss2BaseScore
Use a text value ##### to find images with the RHSA CVE CVSS2 BaseScore of the VendorData vulnerabilities. Allowed values - '0' to '10'.
Example
Show images with vulnerabilities.vendorData.rhsa.cve.cvss2.basescore to be '10'.
finding.vendorData.rhsa.cve.cvss2BaseScore:10
finding.vendorData.rhsa.cve.cvss3BaseScorefinding.vendorData.rhsa.cve.cvss3BaseScore
Use a text value ##### to find images with the RHSA CVE CVSS3 BaseScore of the VendorData vulnerabilities. Allowed values - '0' to '10'.
Example
Show images with vulnerabilities.vendorData.rhsa.cve.cvss3.basescore to be '8'.
finding.vendorData.rhsa.cve.cvss3BaseScore:8
container.image.layer.commentcontainer.image.layer.comment
Use a text value ##### to define images with layer comment you're interested in.
Example
Show findings with this layer comment
container.image.layer.comment: "my comment"