Release 1.26 API
Detecting Container Secrets
Container secrets are digital credentials providing identity authentication and authorizing access to privileged accounts, applications, and services. They can include passwords, API keys, and other credentials that are needed for applications to function properly.
If these secrets are not properly secured, they can be accessed by unauthorized users, leading to malicious attacks. Therefore, discovering container secrets is one of the important aspects of container security that organizations must prioritize to protect their sensitive data, meet compliance requirements, and reduce the risk of security incidents.
With this release, we have introduced the following new APIs for container secrets detection:
The following APIs are impacted:
List Secret Detectors
API affected | /csapi/v1.3/secretDetector |
---|---|
Operator | GET |
New or Updated APIs | New |
Shows a list of secret detectors in your account.
Input Parameters
Parameter | Mandatory? | Data Type | Description |
---|---|---|---|
filter | Optional | string | Filter the secret detectors by providing a QQL search query. |
Sample: Fetch a List of Secret Detectors
API Request
curl -X "GET"
"<qualys_base_url>/csapi/v1.3/secretDetector"
-H "accept: application/json"
-H "Authorization: Bearer <token>"
Response
{
"data": [
{
"ruleUuid": "ff34aaee-e4c2-11ed-b5ea-0242ac120002",
"created": "1682576371399",
"updated": "1682576371399",
"type": "system",
"category": "PublicKey",
"severity": "HIGH",
"secretDetector": "SSH public key DSA",
"status": "Active"
},
{
"ruleUuid": "9559ac14-e4c2-11ed-b5ea-0242ac120002",
"created": "1682576371290",
"updated": "1682576371290",
"type": "system",
"category": "PublicKey",
"severity": "HIGH",
"secretDetector": "SSH public key RSA",
"status": "Active"
},
{
"ruleUuid": "02e9a634-c96c-11ed-afa1-0242ac120002",
"created": "1681987259554",
"updated": "1681987259554",
"type": "system",
"category": "Typeform",
"severity": "LOW",
"secretDetector": "Typeform API Token",
"status": "Active"
},
{
"ruleUuid": "dddeeb1a-c96b-11ed-afa1-0242ac120002",
"created": "1681987259520",
"updated": "1681987259520",
"type": "system",
"category": "Twitch",
"severity": "LOW",
"secretDetector": "Twitch API Token",
"status": "Active"
},
{
"ruleUuid": "d68b44e4-c96b-11ed-afa1-0242ac120002",
"created": "1681987259478",
"updated": "1681987259478",
"type": "system",
"category": "LinkedIn",
"severity": "LOW",
"secretDetector": "LinkedIn Client Id",
"status": "Active"
},
{
"ruleUuid": "abea5478-c96b-11ed-afa1-0242ac120002",
"created": "1681987259448",
"updated": "1681987259448",
"type": "system",
"category": "LinkedIn",
"severity": "LOW",
"secretDetector": "LinkedIn Client Secret",
"status": "Active"
},
{
"ruleUuid": "920f95cc-c96b-11ed-afa1-0242ac120002",
"created": "1681987259408",
"updated": "1681987259408",
"type": "system",
"category": "Shippo",
"severity": "LOW",
"secretDetector": "Shippo API Token",
"status": "Active"
},
{
"ruleUuid": "7b2123f8-c96b-11ed-afa1-0242ac120002",
"created": "1681987259372",
"updated": "1681987259372",
"type": "system",
"category": "Sendinblue",
"severity": "LOW",
"secretDetector": "Sendinblue API Token",
"status": "Active"
}
...
],
"count": 85,
"groups": {}
}
Show Details of a Secret Detector
API affected | /csapi/v1.3/secretDetector/ |
---|---|
Operator |
|
New or Updated APIs | New |
Shows details of a secret detector.
Parameter | Mandatory? | Data Type | Description |
---|---|---|---|
secretDetectorId | Mandatory | string | Provide the ID/UUID of the secret detector of which you want to fetch details. |
Sample: Fetch a List of Reports
API Request
curl -X "GET"
"<qualys_base_url>/csapi/v1.3/secretDetector/02e9a634-c96c-11ed-afa1-0242ac120002"
-H "accept: application/json"
-H "Authorization: Bearer <token>"
Response
{
"ruleUuid": "02e9a634-c96c-11ed-afa1-0242ac120002",
"type": "system",
"category": "Typeform",
"severity": "LOW",
"secretDetector": "Typeform API Token",
"status": "Active",
"regex": "(?i)(?P<key>typeform[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}(?P<secret>tfp_[a-z0-9\\-_\\.=]{59})",
"created": "1681987259554",
"updated": "1681987259554",
"createdBy": "System",
"updatedBy": "System"
}
Show Detected Secrets of an Image
API affected | /csapi/v1.3/images/{imageSha}/secrets |
---|---|
Operator |
|
New or Updated APIs | New |
Shows a list of detected secrets for an image.
Parameter | Mandatory? | Data Type | Description |
---|---|---|---|
imageSha | Mandatory | string | Specify the SHA value of an image. |
Sample: Fetch a List of detected secrets for an image
API Request
curl -X "GET"
"<qualys_base_url>/csapi/v1.3/images/561f23db5e2d22838992ab8a5d3a52ee1097085735290a9fd3c41ac7ff639983/secrets"
-H "accept: application/json"
-H "Authorization: Bearer <token>"
Response
{
"data": [
{
"secretType": "Asymmetric Private Key",
"category": "AsymmetricPrivateKey",
"severity": "HIGH",
"ruleUuid": "d68b44e4-c96b-11ed-afa1-0242ac120002",
"lastUpdated": "1615188407216",
"matches": [
{
"startLine": 5,
"endLine": 10,
"match": "BEGIN RSA PRIVATE KE"
}
],
"layerSha": "sha2563d762ca8378d40f3029bb10de71ec98652580cb8859248250d812bede6998505",
"filePath": "root/jignal.pem"
},
{
"secretType": "Shopify Token",
"category": "shopify",
"severity": "HIGH",
"ruleUuid": "d68b44e4-c96b-11ed-afa1-0242ac120002",
"lastUpdated": "1615188407216",
"matches": [
{
"startLine": 10,
"endLine": 15,
"match": "BEGIN RSA PRIVATE KE"
}
],
"layerSha": "sha2563d762ca8378d40f3029bb10de71ec98652580cb8859248250d812bede6998505",
"filePath": "root/jignal.pem"
}
],
"count": 2,
"groups": {}
}
Container Security Policy Management
With this release, we have introduced policies in Container Security for managing configurations, vulnerability management, compliance, access, and auditing in containerized environment, and thus automating the process of securing images and containers. Policies provide a combination of rules that assess specific artifacts such as images, and containers, and provide actions associated with the rules.
The following new APIs have been introduced for Container Security policy management:
List Policies
API affected | /csapi/v1.3/centralizedPolicy |
---|---|
Operator |
|
New or Updated APIs | New |
Retrieves a list of policies from your account.
Parameter | Mandatory? | Data Type | Description |
---|---|---|---|
filter | Optional | string | Filter the policies by providing a QQL search query. |
pageNumber | Optional | integer | Specify the page to be returned. |
pageSize | Optional | integer | Specify the number of records to display per page. |
sort | Optional | string |
Specify how to sort the records in the response. The supported values are:
Where, "asc" and "desc" mean ascending and descending, respectively. |
Sample: List All Policies from Your Account
API Request
curl -X "GET"
"<qualys_base_url>/csapi/v1.3/centralizedPolicy?pageNumber=1&pageSize=50&sort=created%3Adesc"
-H "accept: application/json"
-H "Authorization: Bearer <token>"
Response
{
"data": [
{
"uuid": "098777a1-4b76-4df5-9868-50ca570c548a",
"policyName": "Test-011",
"description": "test",
"policyMode": "ACTIVE",
"createdBy": "quays_ab6",
"created": "1683261602526",
"updatedBy": "quays_ab6",
"updated": "1683261629891",
"assetType": "CICD",
"isDefault": false,
"tagIds": null
}
],
"count": 1,
"groups": {}
}
Create or Update a Policy
API affected | /csapi/v1.3/centralizedPolicy |
---|---|
Operator |
|
New or Updated APIs | New |
Creates a new policy or updates an existing policy.
Parameter | Mandatory? | Data Type | Description |
---|---|---|---|
policyName | Mandatory | string | Enter a policy name of up to 150 characters. |
description | Mandatory | string | Enter a description for the policy of up to 250 characters. |
policyType | Mandatory | string | Specify the policy type. Currently, the only available value is: IMAGESCAN |
policyMode | Mandatory | string | Specify the policy mode as active to enforce the policy or inactive to keep the policy deactivated. |
assetType | Mandatory | string | Specify the asset type. Currently, only "CICD" is supported. |
isDefault | Mandatory | string | Specify whether to make it a default policy. The valid values are: true or false. |
tagIds | Mandatory | string | Specify the UUIDs of tags to associate them with the policy. |
centralizedPolicyRules | At least one active rule is mandatory | - |
Provide rules as part of the policy evaluation.
This rule reads: If the count of vulnerabilities with severity level 1 is greater than 1, deny/fail the CICD build. Where,
|
Sample: Create a New Policy
API Request
curl -X "POST"
"<qualys_base_url>/csapi/v1.3/centralizedPolicy"
-H "accept: application/json"
-H "Authorization: Bearer <token>"
-H "Content-Type: application/json"
Request Body
{
"policyName": "Policy1214",
"policyType": "IMAGESCAN",
"policyMode": "ACTIVE",
"description": "Policy1234",
"createdBy": "quays_ab6",
"updatedBy": "quays_ab6",
"centralizedPolicyRules": [
{
"name": "Rule123",
"type": "IMAGESCAN_VULN_SEVERITYCOUNT",
"action": "DENY",
"isEnabled": true,
"stopProcessing": false,
"sortOrder": 0,
"metaData": {
"operator": "GREATER_THAN",
"severityLevel": 1,
"threshold": 1
}
}
],
"assetType": "CICD",
"isDefault": false,
"tagIds": [
"095a966f-fb5f-4eb5-8d43-b77d1a740876"
]
}
Response
{
"uuid": "d967073a-28d8-414d-b96d-3d19eaa20935"
}
Show Policy Details
API affected | /csapi/v1.3/centralizedPolicy/{policyId} |
---|---|
Operator |
|
New or Updated APIs | New |
Shows details of a policy.
Parameter | Mandatory? | Data Type | Description |
---|---|---|---|
policyId | Mandatory | string | Specify the UUID of the policy of which you want to fetch details. |
Sample: Fetch Details of a Policy
API Request
curl -X "GET"
"<qualys_base_url>/csapi/v1.3/centralizedPolicy/7a64bbd7-67a8-4c39-981e-6345c62bacb2"
-H "accept: application/json"
-H "Authorization: Bearer <token>"
Response
{
"uuid": "7a64bbd7-67a8-4c39-981e-6345c62bacb2",
"policyName": "Policy123",
"policyType": "IMAGESCAN",
"policyMode": "ACTIVE",
"description": "Policy123",
"createdBy": "user1",
"created": "1683537516989",
"updatedBy": "user1",
"updated": "1683537516989",
"centralizedPolicyRules": [
{
"name": "Rule123",
"type": "IMAGESCAN_VULN_SEVERITYCOUNT",
"action": "DENY",
"isEnabled": true,
"stopProcessing": false,
"sortOrder": 0,
"metaData": "{\"operator\":\"GREATER_THAN\",\"severityLevel\":1,\"threshold\":1}"
}
],
"version": 1,
"assetType": "CICD",
"isDefault": false,
"tagIds": [
{
"uuid": "cf203e51-490f-47d4-b271-bdc4822f6181",
"id": 7624640,
"name": "Tag-101",
"backgroundColor": "#B6D7A8",
"foregroundColor": "#000000",
"icon": null,
"criticalityScore": 0,
"tagType": null
},
{
"uuid": "383318ae-3e32-420a-a3dc-4deaab5ee283",
"id": 7624639,
"name": "Tag-10",
"backgroundColor": "#F9CB9C",
"foregroundColor": "#000000",
"icon": null,
"criticalityScore": 0,
"tagType": null
}
]
}
Show EC2 Instance ID in Container and Sensor Details
As the IP address of a host is not always unique and may change, searching for assets on a specific host using host’s IP address may provide inaccurate results.
Cloud providers add an instance ID to hosts to uniquely identify them within the cloud environment. With this release, the EC2 instance ID is now displayed in the sensor details and the details of containers being scanned by the sensor.
Show Container Details
API affected | /csapi/v1.3/containers/{containerSha} |
---|---|
Operator |
|
New or Updated APIs | Updated |
Shows details of a container with EC2 instance ID.
Sample: Instance ID in Container Details
API Request
curl -X "GET"
"<qualys_base_url>/csapi/v1.3/containers/647ae732d98e1bcceb7b02356bd7e873eef13c5916c3a1e9d95700ab893cc09f"
-H "accept: application/json"
-H "Authorization: Bearer <token>"
Response
{
"portMapping": null,
"imageId": "a6c0cb5dbd21",
"created": "1683279176000",
"updated": "1683622183866",
"label": [
{
"key": "io.kubernetes.container.name",
"value": "kube-flannel"
},
{
"key": "annotation.io.kubernetes.container.terminationMessagePath",
"value": "/dev/termination-log"
}
],
"uuid": "a90b7cb5-c704-3343-b538-74c7807807a2",
"sha": "647ae732d98e1bcceb7b02356bd7e873eef13c5916c3a1e9d95700ab893cc09f",
"privileged": false,
"path": "/opt/bin/flanneld",
"imageSha": "a6c0cb5dbd21197123942b3469a881f936fd7735f2dc9a22763b6f777f24345e",
"macAddress": "",
"customerUuid": "6a849349-679f-ef25-8296-e51d4e3a0019",
"ipv4": null,
"ipv6": null,
"name": "k8s_kube-flannel_kube-flannel-ds-mpmq6_kube-flannel_5a737762-77c2-4763-9c1c-84c15a2684f0_0",
"host": {
"sensorUuid": "dae76860-22f7-4ef1-9a67-aef07944d92c",
"hostname": "ip-10-82-9-150",
"ipAddress": "10.82.9.150",
"uuid": "86e028bd-f283-4468-a099-953a6a033728",
"lastUpdated": "2023-05-09T08:47:15.854Z"
},
"hostArchitecture": [
"x86_64"
],
"state": "RUNNING",
"imageUuid": "9baf9f85-f3bf-3259-b8d5-3cd51967d34a",
"containerId": "647ae732d98e",
"stateChanged": "1683528203674",
"services": null,
"users": [
"root"
],
"operatingSystem": "Alpine Linux 3.17.3",
...
"cloudProvider": {
"aws.ecs.container.subnetId": null,
"aws.ec2.instanceId": "i-0ab8d3318979f529c",
"aws.ecs.clusterName": null,
"aws.ecs.container.macAddress": null,
"aws.ecs.region.code": null,
"aws.ecs.container.id": null,
"aws.ecs.accountId": null
}
}
Show Sensor Details
API affected | /csapi/v1.3/sensors/{sensorId} |
---|---|
Operator |
|
New or Updated APIs | Updated |
Shows details of a sensor with EC2 instance ID.
Sample: Instance ID in Sensor Details
API Request
curl -X "GET"
"<qualys_base_url>/csapi/v1.3/sensors/826194dcacba"
-H "accept: application/json"
-H "Authorization: Bearer <token>"
Response
{
"uuid": "dae76860-22f7-4ef1-9a67-aef07944d92c",
"activationUuid": "ba77c39a-8086-44c5-aa08-7140aec8315e",
"hostname": "ip-10-x-x-x",
"customerUuid": "6a849349-679f-ef25-8296-e51d4e3a0019",
"dockerVersion": "23.0.5",
"ipv4": "10.x.x.x",
"os": "Ubuntu 22.04.2 LTS",
"ipv6": "fe80::8da:56ff:fea5:613d",
"sensorVersion": "1.26.1-0",
"platform": "LINUX_SENSOR",
"lastCheckedIn": "1683622119229",
"label": [
{
"key": "image-source",
"value": "SJC-POD04"
},
{
"key": "name",
"value": "Qualys Sensor Image"
}
],
"privileged": "false",
"macAddress": "0a:da:56:a5:61:3d",
"vulnSigVersion": null,
"hostUuid": "86e028bd-f283-4468-a099-953a6a033728",
...
"cluster": {
"type": "KUBERNETES",
"k8s": {
"project": null,
"pod": {
"name": "qualys-container-sensor-n28mk",
"uuid": "8beae725-d936-4fec-a50d-63d378279b24",
"namespace": "qualys",
"namespaceMetadata": {
"labels": [
"kubernetes.io/metadata.name:qualys"
],
"annotations": null
},
"label": [
{
"key": "name",
"value": "qualys-container-sensor"
}
],
"controller": [
{
"uuid": "6d0a6a96-6697-4c6f-9c9b-163df321faca",
"name": "qualys-container-sensor",
"type": "DaemonSet"
}
]
},
"node": {
"name": "ip-10-x-x-x",
"isMaster": false
}
},
"version": "v1.26.3"
},
"cloudProvider": {
"aws": {
"ec2": {
"instance-id": "i-0ab8d3318979f529c"
}
}
}
}