Searching for Images
Use the search tokens below to search for images. Looking for help with writing your query? click here.
architecturearchitecture
Use a text value ##### to find images based on the image architecture, for example amd64 or arm64. Tip: Use the hostArchitecture token to find images based on the host architecture.
Example
Show findings with amd64 architecture
architecture: amd64
baseImagebaseImage
Use a text value ##### to find the list of images with the provided sha as their base image.
Example
Show images associated that have base image as fff4089977d34bb374297bfd013df512345679c8fc44cd428bb80ea014df444v
baseImage: fff4089977d34bb374297bfd013df512345679c8fc44cd428bb80ea014df444v
baseImagesForChildImagesbaseImagesForChildImages
Use a text value ##### to find the list of images with the provided sha as their child image.
Example
Show the list of images with the provided sha as their child image fff4089977d34bb374297bfd013df512345679c8fc44cd428bb80ea014df444v
baseImagesForChildImages: fff4089977d34bb374297bfd013df512345679c8fc44cd428bb80ea014df444v
controls.controlIdcontrols.controlId
Use a text value ##### to find controls by control ID.
Example
Show images with this control ID
controls.controlId: 10826
controls.criticalitycontrols.criticality
Use a text value ##### to find controls by criticality level (MINIMAL, MEDIUM, SERIOUS, CRITICAL, URGENT).
Example
Show images with URGENT controls
controls.criticality: "URGENT"
controls.posturecontrols.posture
Use a text value ##### to find controls by compliance posture (PASS, FAIL).
Example
Show images with failed controls
controls.posture: "FAIL"
createdcreated
Use a date range or specific date to define when images were created.
Examples
Find images created within certain dates
created: [2017-06-15 ... 2017-06-30]
Find images created on specific date
created:'2017-08-15'
exceptions.nameexceptions.name
Use a text value ##### to specify the names of exceptions.
Example
Show images on which these exceptions are applied.
exceptions.name: [Exception1,Exception2]
hasBaseImagehasBaseImage
Use a text value ##### to find images that have a base image.
Example
Show images associated with containers that have a base image.
hasBaseImage: true
hasChildImagehasChildImage
Use a text value ##### to find images having any child images.
Example
Show the list of images having any child images.
hasChildImage: true
hasSecretshasSecrets
Use a text value ##### to find images which has Secret/s.
Example
Show images with have secrets.
hasSecrets: true
hostArchitecturehostArchitecture
Use a text value ##### to find images based on the host architecture (amd64, arm64, x86_64).
Example
Show findings with arm64 host architecture
hostArchitecture: arm64
host.hostnamehost.hostname
Use a text value ##### to define the hostname you're looking for.
Example
Show findings with this hostname
host.hostname: dockerhost07.mydomain.com
host.ipAddresshost.ipAddress
Use a text value ##### to define a host IP address you're interested in.
Example
Show findings with this IP address
host.ipAddress: 10.44.92.127
imageIdimageId
Use a text value ##### to define an image ID of interest.
Example
Show findings with this image ID
imageId: c2d1b73a90ec
imagesInUseimagesInUse
Use the specified values ##### to define an image which is in use.
Example
Show images used in last 7 days.
imagesInUse: `[now-7d ... now]`
isDockerHubOfficialisDockerHubOfficial
Use the values true | false to find Docker Hub official images.
Example
Show Docker Hub official images
isDockerHubOfficial: true
label.keylabel.key
Use a text value ##### to define images with a certain label name.
Example
Show findings with label name "vendor"
label.key: vendor
label.valuelabel.value
Use a text value ##### to define images with a certain label value.
Example
Show findings with this label value
label.value: CentOS
lastComplianceScanDatelastComplianceScanDate
Use a date range or specific date to define when images were last scanned for compliance.
Examples
Show images with last compliance scan within certain dates
lastComplianceScanDate: [2021-01-01 ... 2021-01-30]
Show images with last compliance scan starting 2020-10-15, ending 1 month ago
lastComplianceScanDate: [2020-10-15 ... now-1M]
Show images with last compliance scan starting 2 weeks ago, ending 1 second ago
lastComplianceScanDate: [now-2w ... now-1s]
Show images with last compliance scan on specific date
lastComplianceScanDate:'2021-01-18'
lastMalwareScannedlastMalwareScanned
Use a date range or specific date to define when images were last scanned for malwares.
Examples
Show images with last malware scan within certain dates.
lastMalwareScanned: [2023-08-01 ... 2023-09-30]
Show images with last malware scan starting 2023-07-15, ending 1 month ago.
lastMalwareScanned: [2020-10-15 ... now-1M]
Show images with last malware scan starting 2 weeks ago, ending 1 second ago.
lastMalwareScanned: [now-2w ... now-1s]
Show images with last malware scan on specific date.
lastMalwareScanned:'2023-07-18'
lastVmScanDatelastVmScanDate
Use a date range or specific date to define when images were last scanned for vulnerabilities.
Examples
Show images last scanned within certain dates
lastVmScanDate: [2021-01-01 ... 2021-01-30]
Show images last scanned starting 2020-10-15, ending 1 month ago
lastVmScanDate: [2020-10-15 ... now-1M]
Show images last scanned starting 2 weeks ago, ending 1 second ago
lastVmScanDate: [now-2w ... now-1s]
Show images last scanned on specific date
lastVmScanDate:'2021-01-18'
layers.createdBylayers.createdBy
Use a text value ##### to find images having layers created by a certain user.
Example
Show findings created by jsmith
layers.createdBy: jsmith
layers.createdlayers.created
Use a date range or specific date to find when layers were created.
Examples
Show findings with layers created within certain dates
layers.created: [2017-10-01 ... 2017-10-12]
Show findings with layers created starting 2017-10-01, ending 1 month ago
layers.created: [2017-10-01 ... now-1M]
Show findings with layers created starting 2 weeks ago, ending 1 second ago
layers.created: [now-2w ... now-1s]
Show findings with layers created on certain date
layers.created:'2017-09-22'
layers.idlayers.id
Use a text value ##### to define images having a certain layer ID.
Example
Show findings with this layer ID
layers.id: 12345
layers.shalayers.sha
Use a text value ##### to define SHA 256 hash of image layer.
Example
Show image layer with this SHA value
layers.sha: 163dc7f6b91a30bdaa867c28e7edc341e72da63b0f9056be497bd59a83bce695
layers.sizelayers.size
Use a text value ##### to define images having layers with a certain size.
Example
Show findings with this layer size
layers.size: 10
layersCountlayersCount
Use a text value ##### to find images having a certain number of layers.
Example
Show findings with 12 layers
layersCount: 12
malware.imageMalwareCountmalware.imageMalwareCount
Use a number to specify a malware count. It shows images that have the specified number of malwares.
Example
Show images with 2 malwares.
malware.imageMalwareCount: 2
malware.malwarePrediction.familymalware.malwarePrediction.family
Use a text value ##### to specify a family of malwares. It shows images that have malwares of the specified family.
Example
Show images with malwares of the Mirai family.
malware.malwarePrediction.family: Mirai
malware.malwarePrediction.severitymalware.malwarePrediction.severity
Specify the severity of malwares. Select a value from the list. It shows images that have malwares of the specified severity.
Example
Show images with malwares of this severity.
malware.malwarePrediction.severity: 1
maxQdsScoremaxQdsScore
Specify the maximum QDS score. It shows the images having the maximum QDS score provided by you.
Example
Show images having maximum value of QDS Score as 95.
maxQdsScore: 95
qdsSeverityqdsSeverity
Use this value to help you find images with the QDS severity you're interested in.
Example
Show all images having QDS severity as 'HIGH'.
qdsSeverity: HIGH
registryUuidregistryUuid
Use a text value ##### to find images having a certain registry UUID.
Example
Show images with this registry UUID
registryUuid: ed46df944e1c
repoDigests.digestrepoDigests.digest
Use a text value ##### to find images having a certain repoDigest digest value.
Example
Show findings with this digest value
repoDigests.digest: 2c8d61c46f484d881db43b34d13ca47a269336e576c81cf007ca740fa9ec0800
repoDigests.registryrepoDigests.registry
Use a text value ##### to find images having a certain repoDigest registry name.
Example
Show findings with this repoDigest registry
repoDigests.registry: "my-registry-name"
repoDigests.repositoryrepoDigests.repository
Use a text value ##### to find images having a certain repoDigest repository name.
Example
Show findings with this repoDigest repository
repoDigests.repository: "repository-name"
repo.registryrepo.registry
Use a text value ##### to find images having a certain repository registry name.
Example
Show findings with this registry
repo.registry: "my-registry-name"
repo.repositoryrepo.repository
Use a text value ##### to find images from a certain image repository.
Example
Show findings from this image repository
repo.repository: "repository-name"
repo.tagrepo.tag
Use a text value ##### to find images having a certain repository tag name.
Example
Show findings with this tag
repo.tag: "my-tag"
riskScoreriskScore
Use a number value ##### to find images having a certain risk score.
Example
Show findings with this tag.
riskScore: "60"
scanErrorCodescanErrorCode
Use a text value ##### to find images that returned a certain error code (e.g. CMS-1301, CMS-1311, CMS-1317, etc) during the scan. See Scan Error Codes in the online help for codes.
Example
Show images that reported scan error code CMS-1301
scanErrorCode: CMS-1301
scanStatusscanStatus
Use a text value ##### to find images based on scan status (SUCCESS, FAILED).
Example
Show images with failed scan status
scanStatus: FAILED
scanTypescanType
Use a text value ##### to find images based on the type of scan (STATIC, DYNAMIC, SCA) used to scan the image.
Example
Show images scanned with static scanning
scanType: STATIC
secrets.severitysecrets.severity
Specify the severity of secrets. Select a value from the list. It finds images that have the secrets of a specific severity associated with them.
Example
Show images that have high severity secrets associated with them.
secrets.severity: HIGH
shasha
Use a text value ##### to define an image by its SHA 256 hash.
Example
Show findings with this SHA value
sha: 163dc7f6b91a30bdaa867c28e7edc341e72da63b0f9056be497bd59a83bce695
software.namesoftware.name
Use a text value ##### to define images running a software application name you're interested in.
Example
Show findings with this software name
software.name: "MyApp"
software.versionsoftware.version
Use a text value ##### to define images running a software application version of interest.
Example
Show findings with this software version
software.version: "2.0.3"
software.fixVersionsoftware.fixVersion
Use a text value ##### to find software with specific fix version.
Example
Show images with this software version
software.fixVersion: 2.0.3
software.vulnerabilities.authTypesoftware.vulnerabilities.authType
Use a text value ##### to find software vulnerabilities with an authentication type (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc). See Authentication Types in online help for more options.
Example
Show findings with Windows auth type
software.vulnerabilities.authType: "WINDOWS_AUTH"
software.vulnerabilities.categorysoftware.vulnerabilities.category
Use a text value ##### to find software vulnerabilities with a vulnerability category (CGI, Database, DNS, BIND, etc). See Vulnerability Categories in online help for category names.
Example
Show findings with category CGI
software.vulnerabilities.category: "CGI"
software.vulnerabilities.customerSeveritysoftware.vulnerabilities.customerSeverity
Use an integer value ##### to find software vulnerabilities with this customer defined severity (1-5).
Examples
Show findings with customer-defined severity 4
software.vulnerabilities.customerSeverity: "4"
Show findings with customer-defined severity 5 and category DNS
software.vulnerabilities: (customerSeverity: "5" AND category: "DNS")
software.vulnerabilities.cveidssoftware.vulnerabilities.cveids
Use a text value ##### to find software vulnerabilities with CVE Ids.
Example
Show findings with CVE Ids
software.vulnerabilities.cveids: "CVE-2014-9999"
software.vulnerabilities.cvssInfo.accessVectorsoftware.vulnerabilities.cvssInfo.accessVector
Use a text value ##### to find images having software vulnerabilities with specific CVSS access vector.
Example
Show findings with CVSS access vector
software.vulnerabilities.cvssInfo.accessVector: "Local"
software.vulnerabilities.cvssInfo.baseScoresoftware.vulnerabilities.cvssInfo.baseScore
Use a integer value ##### to find images having software vulnerabilities with specific CVSS base score.
Example
Show findings with CVSS base score
software.vulnerabilities.cvssInfo.baseScore: "7.2"
software.vulnerabilities.cvssInfo.temporalScoresoftware.vulnerabilities.cvssInfo.temporalScore
Use a integer value ##### to find images having software vulnerabilities with specific CVSS temporal score.
Example
Show findings with CVSS temporal score
software.vulnerabilities.cvssInfo.temporalScore: "6.2"
software.vulnerabilities.cvss3Info.baseScoresoftware.vulnerabilities.cvss3Info.baseScore
Use a integer value ##### to find images having software vulnerabilities with specific CVSS3 base score.
Example
Show findings with CVSS3 base score
software.vulnerabilities.cvss3Info.baseScore: "4.3"
software.vulnerabilities.cvss3Info.temporalScoresoftware.vulnerabilities.cvss3Info.temporalScore
Use a integer value ##### to find images having software vulnerabilities with specific CVSS3 temporal score.
Example
Show findings with CVSS3 temporal score
software.vulnerabilities.cvss3Info.temporalScore: "3.8"
software.vulnerabilities.discoveryTypesoftware.vulnerabilities.discoveryType
Use a text value ##### to find software vulnerabilities with a discovery type (REMOTE or AUTHENTICATED).
Example
Show findings with Remote discovery type
software.vulnerabilities.discoveryType: "REMOTE"
software.vulnerabilities.firstFoundsoftware.vulnerabilities.firstFound
Use a date range or specific date to find when software vulnerabilities were first found.
Examples
Show findings first found within certain dates
software.vulnerabilities.firstFound: [2017-10-01 ... 2017-10-12]
Show findings first found starting 2017-10-01, ending 1 month ago
software.vulnerabilities.firstFound: [2017-10-01 ... now-1M]
Show findings first found starting 2 weeks ago, ending 1 second ago
software.vulnerabilities.firstFound: [now-2w ... now-1s]
Show findings first found on certain date
software.vulnerabilities.firstFound:'2017-09-22'
Show findings first found in the past 10 days with severity 5
software.vulnerabilities: (firstFound > now-10d AND severity: "5")
software.vulnerabilities.lastFoundsoftware.vulnerabilities.lastFound
Use a date range or specific date to find when software vulnerabilities were last found.
Examples
Show findings last found within certain dates
software.vulnerabilities.lastFound: [2017-10-02 ... 2017-10-15]
Show findings last found starting 2017-10-01, ending 1 month ago
software.vulnerabilities.lastFound: [2017-10-01 ... now-1M]
Show findings last found starting 2 weeks ago, ending 1 second ago
software.vulnerabilities.lastFound: [now-2w ... now-1s]
Show findings last found on certain date
software.vulnerabilities.lastFound:'2017-10-11'
Show findings last found on 2017-10-12 and category CGI
software.vulnerabilities: (lastFound: '2017-10-12' AND category: "CGI")
software.vulnerabilities.resultsoftware.vulnerabilities.result
Use a text value ##### to find software packages that have vulnerabilities. This is scan (QID) test result generated by signature.
Example
Show findings with libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4
software.vulnerabilities.result: "libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4"
software.vulnerabilities.risksoftware.vulnerabilities.risk
Use an integer value ##### to find software vulnerabilities having a certain risk rating. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.
Example
Show findings with risk 50
software.vulnerabilities.risk: 50
software.vulnerabilities.severitysoftware.vulnerabilities.severity
Use an integer value ##### to find software vulnerabilities with this Qualys defined severity (1-5).
Examples
Show findings with severity 4
software.vulnerabilities.severity: "4"
Show findings with severity 5 and category DNS
software.vulnerabilities: (severity: "5" AND category: "DNS")
software.vulnerabilities.supportedBysoftware.vulnerabilities.supportedBy
Use a text value ##### to find software vulnerabilities that are supported by a Qualys product (VM, WAS, MD, WAF, CA-Windows Agent, CA-Linux Agent, CA-Mac Agent).
Example
Show findings supported by VM
software.vulnerabilities.supportedBy: "VM"
software.vulnerabilities.threatIntelsoftware.vulnerabilities.threatIntel
Use a text value ##### to find software vulnerabilities that are exposed to real-time threats.
Examples
Show findings exposed to public exploit threats
software.vulnerabilities.threatIntel: "publicExploit": true
Show findings exposed to multiple threats
software.vulnerabilities.threatIntel: {"publicExploit" : true, "publicExploitNames" : ["Sambar Server 4.3/4.4 Beta 3 - Search CGI - The Exploit-DB Ref : 20223" ]}
software.vulnerabilities.typeDetectedsoftware.vulnerabilities.typeDetected
Use a text value ##### to find software vulnerabilities with a detection type (CONFIRMED or POTENTIAL).
Example
Show findings with this detection type
software.vulnerabilities.typeDetected: "CONFIRMED"
software.vulnerabilities.qidsoftware.vulnerabilities.qid
Use an integer value ##### to provide a QID to find images with software having certain vulnerability.
Example
Show findings with QID 90405
software.vulnerabilities.qid: 90405
software.vulnerabilities.titlesoftware.vulnerabilities.title
Use an text value ##### to provide a title to find images with software having certain vulnerability.
Example
Show findings with title
software.vulnerabilities.title: title text
software.vulnerabilities.software.namesoftware.vulnerabilities.software.name
Use a text value ##### to find vulnerability present in certain software.
Example
Show findings with software name
software.vulnerabilities.software.name: my-app
software.vulnerabilities.software.versionsoftware.vulnerabilities.software.version
Use a text value ##### to find vulnerability present in certain software version.
Example
Show findings with software version
software.vulnerabilities.software.version: 8.0
software.vulnerabilities.software.fixVersionsoftware.vulnerabilities.software.fixVersion
Use a text value ##### to find vulnerability present in certain software fix version.
Example
Show findings with certain fix version
software.vulnerabilities.software.fixVersion: 8.0
software.vulnerabilities.sourcesoftware.vulnerabilities.source
Use a text value ##### to find software vulnerability from specific source (CONTAINER, IMAGE, BOTH).
Example
Show software software from images
software.vulnerabilities.source: IMAGE
software.vulnerabilities.reasonsoftware.vulnerabilities.reason
Use a text value ##### to find software vulnerability with specific state (Fixed, New, Removed, Varied)
Example
Show software software that is new
software.vulnerabilities.reason: NEW
software.vulnerabilities.threatIntel.activeAttackssoftware.vulnerabilities.threatIntel.activeAttacks
Use the values true | false to find images with software vulnerabilities leading to real-time threats due to active attacks.
Example
Show images exposed to threats due to active attacks
software.vulnerabilities.threatIntel.activeAttacks: true
software.vulnerabilities.threatIntel.denialOfServicesoftware.vulnerabilities.threatIntel.denialOfService
Use the values true | false to find images with software vulnerabilities leading to real-time threats due to denial of service.
Example
Show images having threats due to denial of service
software.vulnerabilities.threatIntel.denialOfService: true
software.vulnerabilities.threatIntel.easyExploitsoftware.vulnerabilities.threatIntel.easyExploit
Use the values true | false to find images with software vulnerabilities leading to real-time threats due to easy exploit.
Example
Show images exposed to threats due to easy exploit
software.vulnerabilities.threatIntel.easyExploit: true
software.vulnerabilities.threatIntel.highDataLosssoftware.vulnerabilities.threatIntel.highDataLoss
Use the values true | false to find images with software vulnerabilities leading to real-time threats due to high data loss.
Example
Show images exposed to threats due to high data loss
software.vulnerabilities.threatIntel.highDataLoss: true
software.vulnerabilities.threatIntel.highLateralMovementsoftware.vulnerabilities.threatIntel.highLateralMovement
Use the values true | false to find images with software vulnerabilities leading to real-time threats due to high lateral movement.
Example
Show images exposed to threats due to high lateral movement
software.vulnerabilities.threatIntel.highLateralMovement: true
software.vulnerabilities.threatIntel.malwaresoftware.vulnerabilities.threatIntel.malware
Use the values true | false to find images with software vulnerabilities leading to real-time threats due to malware.
Example
Show images exposed to threats due to malware
software.vulnerabilities.threatIntel.malware: true
software.vulnerabilities.threatIntel.noPatchsoftware.vulnerabilities.threatIntel.noPatch
Use the values true | false to find images with software vulnerabilities leading to real-time threats due to no patch available.
Example
Show images exposed to threats due to no patch available
software.vulnerabilities.threatIntel.noPatch: true
software.vulnerabilities.threatIntel.publicExploitsoftware.vulnerabilities.threatIntel.publicExploit
Use the values true | false to find images with software vulnerabilities leading to real-time threats due to public exploit.
Example
Show images exposed to threats due to public exploit
software.vulnerabilities.threatIntel.publicExploit: true
sourcesource
Use a text value ##### to find images from specific source (CICD, GENERAL, HOST, REGISTRY, SERVERLESS_FARGATE).
Example
Show images from registry
source: REGISTRY
updatedupdated
Use a date range or specific date to define when images were updated. The updated date is modified with each event on the image, and with vulnerability report processing for the image.
Examples
Find images updated within certain dates
updated: [2019-06-15 ... 2019-06-30]
Find images updated on specific date
updated:'2019-08-15'
usersusers
Use a text value ##### to define images having a user name you're looking for.
Example
Show findings with this user name
users: "asmith"
vulnerabilities.authTypevulnerabilities.authType
Use a text value ##### to find images having vulnerabilities with an authentication type (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc). See Authentication Types in online help for more options.
Example
Show findings with Windows auth type
vulnerabilities.authType: "WINDOWS_AUTH"
vulnerabilities.categoryvulnerabilities.category
Use a text value ##### to find images with vulnerabilities having a vulnerability category (CGI, Database, DNS, BIND, etc). See Vulnerability Categories in online help for category names.
Example
Show findings with category CGI
vulnerabilities.category: "CGI"
vulnerabilities.customerSeverityvulnerabilities.customerSeverity
Use an integer value ##### to find images having vulnerabilities with this customer defined severity (1-5).
Examples
Show findings with customer-defined severity 4
vulnerabilities.customerSeverity: "4"
Show findings with customer-defined severity 5 and category DNS
vulnerabilities: (customerSeverity: "5" AND category: "DNS")
vulnerabilities.cveidsvulnerabilities.cveids
Use a text value ##### to find images having vulnerabilities with the CVE name you're interested in.
Example
Show findings with CVE name CVE-2015-0313
vulnerabilities.cveids: CVE-2015-0313
vulnerabilities.cvssInfo.accessVectorvulnerabilities.cvssInfo.accessVector
Use a text value ##### to find images having vulnerabilities with specific CVSS access vector.
Example
Show findings with CVSS access vector
vulnerabilities.cvssInfo.accessVector: "Local"
vulnerabilities.cvssInfo.baseScorevulnerabilities.cvssInfo.baseScore
Use a integer value ##### to find images having vulnerabilities with specific CVSS base score.
Example
Show findings with CVSS base score
vulnerabilities.cvssInfo.baseScore: "7.2"
vulnerabilities.cvssInfo.temporalScorevulnerabilities.cvssInfo.temporalScore
Use a integer value ##### to find images having vulnerabilities with specific CVSS temporal score.
Example
Show findings with CVSS temporal score
vulnerabilities.cvssInfo.temporalScore: "6.2"
vulnerabilities.cvss3Info.baseScorevulnerabilities.cvss3Info.baseScore
Use a integer value ##### to find images having vulnerabilities with specific CVSS3 base score.
Example
Show findings with CVSS3 base score
vulnerabilities.cvss3Info.baseScore: "4.3"
vulnerabilities.cvss3Info.temporalScorevulnerabilities.cvss3Info.temporalScore
Use a integer value ##### to find images having vulnerabilities with specific CVSS3 temporal score.
Example
Show findings with CVSS3 temporal score
vulnerabilities.cvss3Info.temporalScore: "3.8"
vulnerabilities.discoveryTypevulnerabilities.discoveryType
Use a text value ##### to find images having vulnerabilities with a discovery type (REMOTE or AUTHENTICATED).
Example
Show findings with Remote discovery type
vulnerabilities.discoveryType: "REMOTE"
vulnerabilities.firstFoundvulnerabilities.firstFound
Use a date range or specific date to define when vulnerabilities on image were first found.
Examples
Show findings first found within certain dates
vulnerabilities.firstFound: [2017-10-01 ... 2017-10-12]
Show findings first found starting 2017-10-01, ending 1 month ago
vulnerabilities.firstFound: [2017-10-01 ... now-1M]
Show findings first found starting 2 weeks ago, ending 1 second ago
vulnerabilities.firstFound: [now-2w ... now-1s]
Show findings first found on certain date
vulnerabilities.firstFound:'2017-09-22'
Show findings first found in the past 10 days with severity 5
vulnerabilities: (firstFound > now-10d AND severity: "5")
vulnerabilities.fixedvulnerabilities.fixed
Use a date range or specific date to define when vulnerabilities on image were fixed.
Examples
Show findings fixed within certain dates
vulnerabilities.fixed: [2017-10-01 ... 2017-10-12]
Show findings fixed starting 2017-10-01, ending 1 month ago
vulnerabilities.fixed: [2017-10-01 ... now-1M]
Show findings fixed starting 2 weeks ago, ending 1 second ago
vulnerabilities.fixed: [now-2w ... now-1s]
Show findings fixed on certain date
vulnerabilities.fixed:'2017-09-22'
Show findings fixed in the past 10 days with severity 5
vulnerabilities: (fixed > now-10d AND severity: "5")
vulnerabilities.lastFoundvulnerabilities.lastFound
Use a date range or specific date to define when vulnerabilities on image were last found.
Examples
Show findings last found within certain dates
vulnerabilities.lastFound: [2017-10-02 ... 2017-10-15]
Show findings last found starting 2017-10-01, ending 1 month ago
vulnerabilities.lastFound: [2017-10-01 ... now-1M]
Show findings last found starting 2 weeks ago, ending 1 second ago
vulnerabilities.lastFound: [now-2w ... now-1s]
Show findings last found on certain date
vulnerabilities.lastFound:'2017-10-11'
Show findings last found on 2017-10-12 and category CGI
vulnerabilities: (lastFound: '2017-10-12' AND category: "CGI")
vulnerabilities.productvulnerabilities.product
Use a text value ##### to find images having vulnerabilities on a certain vendor product (moodle, gnome, code-crafters, etc). See Product References in online help for vendor names.
Example
Show findings for this product
vulnerabilities.product: "moodle"
vulnerabilities.resultvulnerabilities.result
Use values within quotes or backticks to help you find images having a detection result you're interested in.
Examples
Show any images that contain components of detection results
vulnerabilities.result: "Windows 2012"
Show images that match exact value "Windows 2012"
vulnerabilities.result: `Windows 2012`
vulnerabilities.riskvulnerabilities.risk
Use an integer value ##### to find images with vulnerabilities having a certain risk rating. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.
Example
Show findings with risk 50
vulnerabilities.risk: 50
vulnerabilities.severityvulnerabilities.severity
Use an integer value ##### to find images having vulnerabilities with this Qualys defined severity (1-5).
Examples
Show findings with severity 4
vulnerabilities.severity: "4"
Show findings with severity 5 and category DNS
vulnerabilities: (severity: "5" AND category: "DNS")
vulnerabilities.statusvulnerabilities.status
Use a text value ##### to find images having vulnerabilities with a vulnerability status (OPEN, FIXED or REOPENED).
Example
Show findings with this status
vulnerabilities.status: "OPEN"
vulnerabilities.supportedByvulnerabilities.supportedBy
Use a text value ##### to find images having vulnerabilities that are supported by a Qualys product (VM, WAS, MD, WAF, CA-Windows Agent, CA-Linux Agent, CA-Mac Agent).
Example
Show findings supported by VM
vulnerabilities.supportedBy: "VM"
vulnerabilities.threatIntel.activeAttacksvulnerabilities.threatIntel.activeAttacks
Use the values true | false to find images exposed to real-time threats due to active attacks.
Example
Show images exposed to active attacks
vulnerabilities.threatIntel.activeAttacks: true
vulnerabilities.threatIntel.denialOfServicevulnerabilities.threatIntel.denialOfService
Use the values true | false to find images exposed to real-time threats due to denial of service.
Example
Show images exposed to denial of service
vulnerabilities.threatIntel.denialOfService: true
vulnerabilities.threatIntel.easyExploitvulnerabilities.threatIntel.easyExploit
Use the values true | false to find images exposed to real-time threats due to easy exploit.
Example
Show images exposed to easy exploit
vulnerabilities.threatIntel.easyExploit: true
vulnerabilities.threatIntel.highDataLossvulnerabilities.threatIntel.highDataLoss
Use the values true | false to find images exposed to real-time threats due to high data loss.
Example
Show images exposed to high data loss
vulnerabilities.threatIntel.highDataLoss: true
vulnerabilities.threatIntel.highLateralMovementvulnerabilities.threatIntel.highLateralMovement
Use the values true | false to find images exposed to real-time threats due to high lateral movement.
Example
Show images exposed to high lateral movement
vulnerabilities.threatIntel.highLateralMovement: true
vulnerabilities.threatIntel.malwarevulnerabilities.threatIntel.malware
Use the values true | false to find images exposed to real-time threats due to malware.
Example
Show images exposed to malware threats
vulnerabilities.threatIntel.malware: true
vulnerabilities.threatIntel.noPatchvulnerabilities.threatIntel.noPatch
Use the values true | false to find images exposed to real-time threats due to no patch available.
Example
Show images exposed to threats due to no patch available
vulnerabilities.threatIntel.noPatch: true
vulnerabilities.threatIntel.publicExploitvulnerabilities.threatIntel.publicExploit
Use the values true | false to find images exposed to real-time threats due to public exploit.
Example
Show images exposed to public exploit threats
vulnerabilities.threatIntel.publicExploit: true
vulnerabilities.typeDetectedvulnerabilities.typeDetected
Use a text value ##### to find images having vulnerabilities with a detection type (CONFIRMED or POTENTIAL).
Example
Show findings with this detection type
vulnerabilities.typeDetected: "CONFIRMED"
vulnerabilities.vendorvulnerabilities.vendor
Use a text value ##### to find images having vulnerabilities on product from a certain vendor. See Vendor References in online help for vendor names.
Example
Show findings for this vendor
vulnerabilities.vendor: "vendor-name"
vulnerabilities.qidvulnerabilities.qid
Use an integer value ##### to provide a QID to find images with certain vulnerability.
Example
Show findings with QID 90405
vulnerabilities.qid: 90405
vulnerabilities.titlevulnerabilities.title
Use an text value ##### to provide a title to find images with certain vulnerability.
Example
Show findings with title
vulnerabilities.title: title text
vulnerabilities.software.namevulnerabilities.software.name
Use a text value ##### to find vulnerability present in certain software.
Example
Show findings with software name
vulnerabilities.software.name: my-app
vulnerabilities.software.versionvulnerabilities.software.version
Use a text value ##### to find vulnerability present in certain software version.
Example
Show findings with software version
vulnerabilities.software.version: 8.0
vulnerabilities.software.fixVersionvulnerabilities.software.fixVersion
Use a text value ##### to find vulnerability present in certain software fix version.
Example
Show findings with certain fix version
vulnerabilities.software.fixVersion: 8.0
dockerVersiondockerVersion
Use a text value ##### to define a Docker version you're looking for.
Example
Show findings with this Docker version
dockerVersion: 17.3
sizesize
Use a text value ##### to find a Docker image of a certain size.
Example
Show findings of this size
size: 300555112
services.nameservices.name
Use a text value ##### to find images with specific services running on them.
Example
Show findings with service name
services.name: sshd
services.descriptionservices.description
Use a text value ##### to find images with the description of specific services running on them.
Example
Show findings with service description
services.description: Secure Socket Shell
services.statusservices.status
Use a text value ##### to find images with the status of specific services running on them. Status could be RUNNING, STOPPED, etc.
Example
Show findings with service status
services.status: RUNNING
andand
Use a Boolean query to express your query using AND logic.
Example
Show images with static scanning and with Failed scan status
scanType: STATIC and scanStatus: FAILED
notnot
Use a Boolean query to express your query using NOT logic.
Example
Show images that don't have Failed scan status
not scanStatus: FAILED
oror
Use a Boolean query to express your query using OR logic.
Example
Show images with one of these repository tag names
repo.tag: "tag123" or repo.tag: "tagABC"
layers.commentlayers.comment
Use a text value ##### to define images with layer comment you're interested in.
Example
Show findings with this layer comment
layers.comment: "my comment"