Release 1.35 API
November 10, 2024
Before understanding the API release highlights, learn more about the API server URL to be used in your API requests by referring to the Know Your Qualys API Server URL section. For this API Release Notes, <qualys_base_url>
is mentioned in the sample API requests.
What's New?
With Container Security 1.35 release, the following enhancements in APIs are made.
- Report Enhancement
- Ability to Download SBOM of an Image
- Support Cloud and Cluster Information in Container
- Introducing 'Runtime' Sensor Profile
- List Cluster Sensor PODs and Namespaces
- Support Criticality Score in Trurisk
- Base Image Identification
Report Enhancement
With this release, the following enhancements are done.
- Ability to update the 'Active' scheduled report - To enable this feature, a new API called 'Update an Active Report Schedule' is introduced.
PUT /csapi/v1.3/reports/schedule/{reportingScheduleID}
. - Ability to select first detected field - To support this feature, the responses of the following APIs are updated with 'firstDetected' parameter.
- Update an Active Report Schedule -
PUT /csapi/v1.3/reports/schedule/{reportingScheduleID}
- Create a Report Request -
POST /csapi/v1.3/reports
- Create a Report Schedule -
POST /csapi/v1.3/reports/schedule
- Update an Active Report Schedule -
- Support vulnerability report attachment in an email - To enable this feature, either the request or response bodies of the following APIs are updated with these new parameters - zip, sendAsAttachment, recipient, emailSubject, and customMessage.
- Update an Active Report Schedule -
PUT /csapi/v1.3/reports/schedule/{reportingScheduleID}
- Create a Report Request -
POST /csapi/v1.3/reports
- Create a Report Schedule -
POST /csapi/v1.3/reports/schedule
- Fetch a list of Report Schedules -
GET /csapi/v1.3/reports/schedules
- Fetch a list of Reports -
GET /csapi/v1.3/reports
- Update an Active Report Schedule -
New API: Update an Active Report Schedule
New or Updated APIs | New |
---|---|
API Endpoint (New version) | /csapi/v1.3/reports/schedule/{reportingScheduleID} |
Method | PUT |
DTD XSD Changes | No |
Input ParametersInput Parameters
Parameter |
Mandatory/Optional |
Data Type |
Description |
---|---|---|---|
displayColumns | Optional | string | Specify the columns to include in the report. Multiple columns should be comma-separated. Valid Values: repo, uuid, sha, severity, firstDetected, qid and so on |
expireAfter | Mandatory | string | Specify a time period after which the report expires and gets deleted from your account. Valid Values: 1, 7, 30, or 90 days. |
eventTime | Mandatory | string | Specify the start date and time (UTC) for the schedule. For example, 2023-02-16T19:30:00Z. |
eventEndTime | Mandatory | string | Specify the end date and time (UTC) for the schedule. |
reportScheduleDetails | Mandatory | Specify the below parameters to define a schedule. Specify null if you do not want to create a recurrent report schedule. In that case, the report is triggered for only once (on the time specified in eventTime). | |
recurrenceType | Mandatory | string | Specify the recurrence frequency as DAILY or WEEKLY or MONTHLY. |
selectedDayOfWeeks | Mandatory | string | Specify a day on which the report is triggered every week. This parameter is valid only if the recurrenceType is WEEKLY. The valid values are the names of days. Specify null if this parameter is not applicable. |
zip | Optional | integer | Choose to send scheduled report through a Zip file. Valid Values: 0 or 1. '0' indicates 'no', and '1' indicates 'yes'. |
emailNotification | Optional | boolean | Choose to send scheduled report through an email. Valid Values: 0 or 1. '0' indicates 'no', and '1' indicates 'yes'. |
sendAsAttachment | Optional | boolean | Choose to send scheduled report through an attachment. Valid Values: 0 or 1. '0' indicates 'no', and '1' indicates 'yes'. |
recipient | Optional | string | Mandatory if emailNotification is choosen. Email Id of the person whom you want to send the report update notification. |
emailSubject | Optional | string | Subject email of the update notification. |
customMessage | Optional | string | Message to be shown in the update notification email. |
Sample: Update an Active Report ScheduleSample: Update an Active Report Schedule
API Request
curl -X 'PUT' \
'<qualys_base_url>/csapi/v1.3/reports/schedule/6e8f7a20-91cb-11ef-9f40-ad02a75af93a' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '{
"displayColumns": [
"repo",
"uuid",
"sha",
"severity",
"firstDetected",
"qid",
"imageId"
],
"expireAfter": "90",
"eventTime": "2024-10-24T06:41:51.864Z",
"eventEndTime": "2024-12-30T05:41:51.864Z",
"reportScheduleDetails": {
"recurrenceType": "WEEKLY",
"selectedDayOfWeeks": [
"THURSDAY"
]
},
"zip": "1",
"emailNotification": "1",
"sendAsAttachment": "1",
"recipient": "jack_reader@rediffmail.com,john_doe@gmail.com",
"emailSubject": "Test email for edit schedule",
"customMessage": "Report-message"
}'
API Response
{ "message": "Details updated successfully for reportScheduleId 6e8f7a20-91cb-11ef-9f40-ad02a75af93a" }
Updated API: Create a Report Request
New or Updated APIs | Updated |
---|---|
API Endpoint (New version) | /csapi/v1.3/reports |
Method | POST |
DTD XSD Changes | No |
Input ParametersInput Parameters
The following table shows the updated or new input parameters.
Parameter |
Mandatory/Optional |
Data Type |
Description |
---|---|---|---|
displayColumns | Mandatory | string | Specify the columns to include in the report. Multiple columns should be comma-separated. Valid Values - repo, uuid, sha, severity, firstDetected, qid and so on. |
zip | Optional | integer | Choose to send scheduled report through a Zip file. Valid Values: 0 or 1. '0' indicates 'no', and '1' indicates 'yes'. |
sendAsAttachment | Optional | boolean | Choose to send scheduled report through an attachment. Valid Values: 0 or 1. '0' indicates 'no', and '1' indicates 'yes'. |
recipient | Optional | string | Mandatory if emailNotification is choosen. Email Id of the person whom you want to send the report update notification. |
emailSubject | Optional | string | Subject email of the update notification. |
customMessage | Optional | string | Message to be shown in the update notification email. |
Sample: Create a Report RequestSample: Create a Report Request
API Request
curl -X 'POST' \
'<qualys_base_url>/csapi/v1.3/reports' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '{
"description": "Report Test",
"name": "ABC",
"filter": null,
"displayColumns": [
"repo",
"uuid",
"qid",
"firstDetected"
],
"templateName": "CS_IMAGE_VULNERABILITY",
"expireAfter": "30",
"zip": "0",
"emailNotification": "1",
"sendAsAttachment": "0",
"recipient": "jack_reader@acme.com",
"emailSubject": "EMAIL receive check",
"customMessage": "Please find the email and its details."
}'
API Response
{
"reportUuid": "cfcd7840-91cc-11ef-9f40-ad02a75af93a"
}
Updated API: Create a Report Schedule
New or Updated APIs | Updated |
---|---|
API Endpoint (New version) | /csapi/v1.3/reports/schedule |
Method | POST |
DTD XSD Changes | No |
Input ParametersInput Parameters
The following table shows the updated or new input parameters.
Parameter |
Mandatory/Optional |
Data Type |
Description |
---|---|---|---|
displayColumns | Mandatory | string | Specify the columns to include in the report. Multiple columns should be comma-separated. Valid Values - repo, uuid, sha, severity, firstDetected, and so on. |
zip | Optional | integer | Choose to send scheduled report through a Zip file. Valid Values: 0 or 1. '0' indicates 'no', and '1' indicates 'yes'. |
sendAsAttachment | Optional | boolean | Choose to send scheduled report through an attachment. Valid Values: 0 or 1. '0' indicates 'no', and '1' indicates 'yes'. |
recipient | Optional | string | Mandatory if emailNotification is choosen. Email Id of the person whom you want to send the report update notification. |
emailSubject | Optional | string | Subject email of the update notification. |
customMessage | Optional | string | Message to be shown in the update notification email. |
Sample: Create a Report ScheduleSample: Create a Report Schedule
API Request
curl -X 'POST' \
'<qualys_base_url>/csapi/v1.3/reports/schedule' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '{
"description": "TEST EDIT SCHEDULE",
"name": "Report-Test",
"filter": null,
"displayColumns": [
"repo",
"uuid",
"sha",
"severity",
"firstDetected",
"qid" ],
"templateName": "CS_IMAGE_VULNERABILITY",
"expireAfter": "30",
"eventEndTime": "2024-11-24T05:41:51.864Z",
"action": "CREATE",
"eventTime": "2024-10-24T06:41:51.864Z",
"reportScheduleDetails": {
"recurrenceType": "DAILY"
},
"zip": "1",
"emailNotification": "1",
"sendAsAttachment": "1",
"recipient": "john_doe@gmail.com",
"emailSubject": "Acme Test Report",
"customMessage": "Check the report generated"
}'
API Response
{
"scheduleUuid": "6e8f7a20-91cb-11ef-9f40-ad02a75af93a"
}
Updated API: Fetch a List of a Report Schedules
New or Updated APIs | Updated |
---|---|
API Endpoint (New version) | /csapi/v1.3/reports/schedules |
Method | GET |
DTD XSD Changes | No |
Sample: Fetch a List of Report SchedulesSample: Fetch a List of Report Schedules
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/reports/schedules?pageNumber=1&pageSize=50' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
API Response
{
"data": [
{
"name": "Report-Test",
"reportScheduleUuid": "6e8f7a20-91cb-11ef-9f40-ad02a75af93a",
"scheduledDatetime": "2024-10-24T05:47:19.000Z",
"templateName": "CS_IMAGE_VULNERABILITY",
"resourceId": "0e7d3fca-cb6e-4140-ae4d-584f760ae6ce",
"action": "CREATE",
"eventTime": "2024-10-24T06:41:51.864Z",
"eventEndTime": "2024-11-24T05:41:51.864Z",
"cronExpression": "0 41 6 1/1 * ? *",
"description": "TEST EDIT SCHEDULE",
"createdDateTime": "2024-10-24T05:47:19.000Z",
"nextFireTime": "2024-10-25T06:41:00.000Z",
"state": "RESUME",
"format": "csv",
"moduleCode": "CS",
"displayColumns": [
"repo",
"uuid",
"sha",
"severity",
"firstDetected",
"qid",
"imageId"
],
"emailNotification": 1,
"filter": "",
"reportScheduleDetails": {
"recurrenceType": "DAILY",
"selectedDayOfWeeks": null,
"monthlyType": null,
"ordinalDayOfMonth": 0,
"dayOfWeek": null,
"ordinalDayOfWeek": 0
},
"expireAfter": 30,
"recipient": "john_doe@gmail.com",
"customMessage": "Check the report generated.",
"sendAsAttachment": 1,
"emailSubject": "Qualys-test report",
"zip": 1
},
{
"name": "EMAIL2",
"reportScheduleUuid": "d4067330-8a1a-11ef-9f40-ad02a75af93a",
"scheduledDatetime": "2024-10-14T10:55:30.000Z",
"templateName": "CS_IMAGE_VULNERABILITY",
"resourceId": "20b1b9db-18de-494b-b70a-d250fe6848d6",
"action": "CREATE",
"eventTime": "2024-10-14T10:59:00Z",
"eventEndTime": "",
"cronExpression": "",
"description": "",
"createdDateTime": "2024-10-14T10:55:30.000Z",
"nextFireTime": null,
"state": "COMPLETED",
"format": "csv",
"moduleCode": "CS",
"displayColumns": [
"repo",
"imageId",
"sha",
"uuid",
"label",
"tags",
"created",
"updated",
"qid",
"title",
"severity",
"cveids",
"vendorReference",
"cvssBase",
"cvssTemporal",
"cvss3Base",
"cvss3Temporal",
"threat",
"impact",
"solution",
"exploitability",
"associatedMalwares",
"category",
"software",
"result"
],
"emailNotification": 1,
"filter": "",
"reportScheduleDetails": null,
"expireAfter": 7,
"recipient": "kadamsur02@gmail.com,surkadam@qualys.com",
"customMessage": "",
"sendAsAttachment": 0,
"emailSubject": "Qualys: EMAIL2",
"zip": 0
},
],
"count": 2,
"groups": null,
"aggs": null
}
Updated API: Fetch a List of Reports
New or Updated APIs | Updated |
---|---|
API Endpoint (New version) | /csapi/v1.3/reports |
Method | GET |
DTD XSD Changes | No |
Sample: Fetch a List of ReportsSample: Fetch a List of Reports
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/reports?pageNumber=1&pageSize=50' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>
API Response
{
"data": [
{
"reportUuid": "cfcd7840-91cc-11ef-9f40-ad02a75af93a",
"createdAt": "2024-10-24T05:57:11.000Z",
"reportName": "ABC",
"description": "Report Test",
"fileFormat": "csv",
"templateName": "CS_IMAGE_VULNERABILITY",
"status": "COMPLETED",
"isScheduled": 0,
"filter": null,
"displayColumns": [
"repo",
"uuid",
"qid",
"firstDetected",
"imageId"
],
"expireOn": "2024-11-23T05:57:11.000Z",
"emailNotification": 1,
"recipient": "jack_reader@acme.com",
"emailSubject": "EMAIL receive check",
"customMessage": "Test custom message",
"sendAsAttachment": 0,
"fileZipped": 0
},
{
"reportUuid": "0265a320-9030-11ef-b98f-b9ad9f663189",
"createdAt": "2024-10-22T04:42:14.000Z",
"reportName": "joiewjfew",
"description": null,
"fileFormat": "csv",
"templateName": "CS_IMAGE_VULNERABILITY",
"status": "COMPLETED",
"isScheduled": 0,
"filter": null,
"displayColumns": [
"imageId",
"tags",
"qid",
"firstDetected"
],
"expireOn": "2024-10-29T04:42:14.000Z",
"emailNotification": 0,
"recipient": "",
"emailSubject": "",
"customMessage": "",
"sendAsAttachment": 0,
"fileZipped": 0
},
{
"reportUuid": "1e2dca60-86fd-11ef-9f40-ad02a75af93a",
"createdAt": "2024-10-10T11:45:16.000Z",
"reportName": "ERS1",
"description": null,
"fileFormat": "csv",
"templateName": "CS_IMAGE_VULNERABILITY",
"status": "COMPLETED",
"isScheduled": 1,
"filter": "vulnerabilities.severity:3 ",
"displayColumns": [
"repo",
"imageId",
"sha",
"uuid",
"label",
"tags",
"created",
"updated",
"qid",
"title",
"severity",
"cveids",
"vendorReference",
"cvssBase",
"cvssTemporal",
"cvss3Base",
"cvss3Temporal",
"threat",
"impact",
"solution",
"exploitability",
"associatedMalwares",
"category",
"software",
"result"
],
"expireOn": "2025-01-08T11:45:16.000Z",
"emailNotification": 1,
"recipient": "john_doe@gmail.com",
"emailSubject": "",
"customMessage": "",
"sendAsAttachment": 0,
"fileZipped": 1
}
],
"count": 3
}
Ability to Download SBOM of an Image
With this release, you can download SBOM report in SPDX and CycloneDX (CDX) formats with the help of SBOM download API. This API is newly introduced to download the SBOM of the specified image.
New API: Fetch SBOM of an Image
New or Updated APIs | New |
---|---|
API Endpoint (New version) | /csapi/v1.3/images/{imageSha}/sbom/download |
Method | GET |
DTD XSD Changes | No |
Input ParametersInput Parameters
The following table shows the updated or new input parameters.
Parameter |
Mandatory/Optional |
Data Type |
Description |
---|---|---|---|
imageSha | Mandatory | string | Indicates SHA value of the image. |
sbomType | Mandatory | string | Indicates type of the SBOM you want to download. Valid Values: SPDX, or CYCLONEDX |
Sample: Fetch SBOM of an ImageSample: Fetch SBOM of an Image
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/images/5a3c93f8edbc011a160dccbe33a17269004f9d7fc2da59d393b30fbd9e60d7e2/sbom/download?sbomType=SPDX' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
API Response (Truncated)
{
"data": [
{
"imageId": "fdf935485c39",
"created": "1722328423000",
"updated": "1727093528962",
"sha": "6874b21dfe6b5964c608254f83aec269ec4c916d6a9e55f48b24c3f174150f57",
"uuid": "f1fe2d3f-1f6b-32c7-92fb-5378f218453c",
"name": "happy_snyder",
"host": {
"sensorUuid": "9ab35e80-4ecc-4af7-a774-87a752631bc6",
"hostname": "ntest_123",
"ipAddress": "10.115.119.175",
"uuid": "16c09c4f-fbda-4845-930b-d5965c3562ac",
"lastUpdated": "2024-09-20T04:59:16.842Z"
},
"state": "UNKNOWN",
"imageUuid": "fc3833ed-783b-3224-9c5a-637ab7e5dc6d",
"containerId": "6874b21dfe6b",
"stateChanged": "1727093502633",
"lastVmScanDate": "1727083410250",
"isRoot": true,
"vulnerabilities": {
"severity5Count": 1,
"severity3Count": 2,
"severity4Count": 5,
"severity1Count": 0,
"severity2Count": 0
},
"exceptions": null,
"riskScore": 126,
"riskScoreCalculatedDate": "1727083410248",
"formulaUsed": "MIN (1000 , 2 * ( 0.6 * 71.00 * Pow(5,0.01) + 0.4 * 50.00 * Pow(2,0.01) ))",
"maxQdsScore": 95,
"qdsSeverity": "CRITICAL",
"isExposedToWorld": false,
"scanTypes": [
"DYNAMIC"
],
"cluster": null,
"criticality": null,
"criticalityUpdated": null,
"compliance": {
"failCount": 8,
"passCount": 16,
"errorCount": 0
},
"lastComplianceScanDate": "1726815129386"
}
}
],
.
.
.
"count": 8
}
Support Cloud and Cluster Information in Container
With this release, Cluster and Cloud Provider information is available in the responses of the following APIs.
- Fetch a List of Containers in your Account
GET /csapi/v1.3/containers
- Fetch Container Details
GET /csapi/v1.3/containers/{containerSha}
Updated API: Fetch a List of Containers in your Account
New or Updated APIs | Updated |
---|---|
API Endpoint (New version) | /csapi/v1.3/containers |
Method | GET |
DTD XSD Changes | No |
Sample: Fetch a List of Containers in your AccountSample: Fetch a List of Containers in your Account
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/containers?pageNumber=1&pageSize=50&sort=created%3Adesc' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
API Response
{
"data": [
"imageId": "b798104c002a",
"created": "1721713977000",
"updated": "1721714109665",
"sha":
"d838bcb622a003b767ace31039475f37a5d34f093f8de82a71536f3fcfcb839e",
"uuid": "051a684a-9bad-3cb1-bf28-91084ee6e024",
"name": "test-vul-propogation",
"host": null,
"state": "DELETED",
"imageUuid": "fbdc0a10-7186-3439-8712-2db20df179e6",
"containerId": "d838bcb622a0",
"stateChanged": "1721714102790",
"lastVmScanDate": null,
"isRoot": null,
"vulnerabilities": {
"severity5Count": null,
"severity3Count": null,
"severity4Count": null,
"severity1Count": null,
"severity2Count": null
},
"exceptions": null,
{
"riskScore": 258,
"riskScoreCalculatedDate": "1723567125904",
"formulaUsed": "MIN (1000 , 2 * ( 1.0 * 64.70 * Pow(10,0.01) + 0.6 * 60.04 * Pow(26,0.01) + 0.4 * 44.35 * Pow(147,0.01) + 0.2 * 36.20 *Pow(5,0.01) ))",
"maxQdsScore": 95,
"qdsSeverity": "CRITICAL",
}
"scanTypes": null,
"cluster":
{
"name": "kubernetes-admin",
"uid": "bdc0d232-38af-46f9-b188-06cb61c928af"
},
"criticality": 3,
"criticalityUpdated": "1717098843553",
"compliance": {
"failCount": 0,
"passCount": 0,
"errorCount": 0
},
"lastComplianceScanDate": null
},
],
"count": 1
}
Updated API: Fetch Container Details
New or Updated APIs | Updated |
---|---|
API Endpoint (New version) | /csapi/v1.3/containers/{containerSha} |
Method | GET |
DTD XSD Changes | No |
Sample: Fetch Containers DetailsSample: Fetch Containers Details
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/containers/fd00f5df938fdfae4675063ff5b507a8c3229c07368890da7157bbda3303c15e' \
-H 'accept: application/json'
-H 'Authorization: Bearer <token>'
API Response
{
"portMapping": null,
"imageId": "3acfa0195040",
"created": "1724220796000",
"updated": "1724329261476",
"label": null,
"uuid": "a223de44-1871-3470-b575-fc0ff52453f7",
"sha": "42dd6168e45c6d7f7ab3043d7942d50ac8db0230066350d3c6dd9e53b30c5e91",
"privileged": false,
"path": null,
"imageSha": "3acfa01950409618705f07e1cc86f29f10ebcf548fe4fb4a7b83abe5bbc6b515",
"macAddress": null,
"customerUuid": "7a00a660-36bb-f02b-8025-9fcf49faf0b7",
"ipv4": null,
"ipv6": null,
"name": "spring-1",
"host": null,
"hostArchitecture": [
"x86_64"
],
"state": "RUNNING",
"imageUuid": "0ba3ff46-5336-3494-84a4-ee981675963c",
"containerId": "42dd6168e45c",
"stateChanged": "1724243635787",
"services": null,
"users": null,
"operatingSystem": null,
"lastScanned": null,
"source": "CLUSTER",
"riskScore": null,
"riskScoreCalculatedDate": null,
"formulaUsed": null,
"maxQdsScore": null,
"qdsSeverity": null,
"scanTypes": null,
"environment": null,
"arguments": null,
"command": "null",
"drift": null,
"vulnerabilities": [],
"softwares": null,
"isDrift": false,
"isRoot": null,
"lastComplianceScanned": null,
"cluster": {
"type": "KUBERNETES",
"k8s": {
"project": null,
"pod": {
"name": "spring-1",
"uuid": "4a7d3fc3-de97-44eb-85d3-5f661a175337",
"namespace": "default",
"namespaceMetadata": {
"labels": [
"kubernetes.io/metadata.name:default"
],
"annotations": [
"kubernetes.io/metadata.name:test",
"kubernetes.io/metadata.name:default"
]
},
"label": null,
"controller": null
},
"node": {
"name": null,
"isMaster": null
}
},
"name": "kubernetes-admin",
"uid": "bdc0d232-38af-46f9-b188-06cb61c928af",
"version": null
},
"cloudProvider": {
"aws.ecs.container.subnetId": null,
"aws.eks.accountId": "362440600222",
"aws.ecs.clusterName": null,
"aws.ecs.container.macAddress": null,
"aws.ecs.region.code": null,
"aws.ecs.container.id": null,
"aws.ecs.accountId": null,
"aws.eks.arn": "arn:aws:sts::362440600222:assumed-role/AmazonSSMRoleForInstancesQuickSetup/i-0921342848h431ef8",
"aws.eks.region": "us-east-1"
},
"exceptions": null,
"k8sExposure": null
}
Introducing 'Runtime' Sensor Profile
With CS 1.35 release, you can see your Container Runtime Sensor details in the below APIs.
- Fetch Sensor Profiles associated with a Sensor
GET /csapi/v1.3/sensors/profile/associate
- Create a Sensor Profile
POST /csapi/v1.3/sensorProfile
- Update a Sensor Profile
PUT /csapi/v1.3/sensorProfile/{sensorProfileId}
- Fetch Sensors Associated with a Sensor Profile
GET /csapi/v1.3/sensorProfile/sensor/associate
Updated API: Fetch Sensor Profiles Associated with a Sensor
New or Updated APIs | Updated |
---|---|
API Endpoint (New version) | /csapi/v1.3/sensors/profile/associate |
Method | GET |
DTD XSD Changes | No |
Input ParametersInput Parameters
The following table shows the updated input parameters.
Parameter |
Mandatory/Optional |
Data Type |
Description |
---|---|---|---|
sensorType | Mandatory | string | Specify the sensor type: Registry, General, CICD, or RUNTIME The default value is General. |
Sample: Fetch Sensor Profiles Associated with a SensorSample: Fetch Sensor Profiles Associated with a Sensor
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/sensors/profile/associate?sensorType=RUNTIME&pageNumber=1&pageSize=50&sort=created%3Adesc' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>
API Response
{
"data": [
{
"profileId": "24cb8f30-c3b9-461c-b6fc-bc1902fc3906",
"profileName": "test123",
"profileType": "Runtime",
"associatedSensorsCount": null,
"createdBy": "john_doe",
"created": "1729851460268",
"updatedBy": "john_doe",
"updated": "1729851460268",
"tags": []
},
{
"profileId": "6c7ebe4c-33af-42d9-8e63-daaa247fc959",
"profileName": "test123",
"profileType": "Runtime",
"associatedSensorsCount": null,
"createdBy": "john_doe",
"created": "1729839452243",
"updatedBy": "john_doe",
"updated": "1729842140300",
"tags": []
},
{
"profileId": "00000000-0000-0000-0000-000000000000",
"profileName": "Default",
"profileType": "Default",
"associatedSensorsCount": null,
"createdBy": "System",
"created": "1708411029531",
"updatedBy": "System",
"updated": "1708411029531",
"tags": []
}
],
"count": 3
}
Updated API: Create a Sensor Profile
New or Updated APIs | Updated |
---|---|
API Endpoint (New version) | /csapi/v1.3/sensorProfile |
Method | POST |
DTD XSD Changes | No |
Input ParametersInput Parameters
The following table shows the updated input parameters.
Parameter |
Mandatory/Optional |
Data Type |
Description |
---|---|---|---|
profileType | Mandatory | string | Specify the profile type: Registry, General, CICD, or RUNTIME The default value is Registry. |
runtimeSensor |
Mandatory | string | Use it to send the Container Runtime Sensor (CRS) events to the Qualys Cloud Platform. Valid values: enable or disable If you mention 'disable', the CRS events data is not sent to the Qualys Cloud platform. Default value: enable |
ignoreProcesses | Optional | string | Specify the processes to be exluded. You can mention absolute path or binary name. Example: /usr/bin/cat (absolute path) or /cat (binary name) |
Sample: Create a Container Runtime Sensor (CRS) ProfileSample: Create a Container Runtime Sensor (CRS) Profile
API Request
curl -X 'POST' \
'<qualys_base_url>/csapi/v1.3/sensorProfile' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '{
"profileName": "TestQA",
"profileType": "Runtime",
"description": "test1_update",
"createdBy": "john_doe",
"updatedBy": "john_doe",
"config": {
"performanceManagement": {
"logSecurityLevel": "INFORMATION",
"maxNoOfArchivedLogFiles": 1,
"maxLogFileSize": 3
},
"runtimeSensor": "enable",
"ignoreProcesses": [
"/usr/bin/cat"
]
},
"associatedSensorIds": [
"096d96b4-c252-4c5b-835d-462109e5a8b0"
]
}
API Response
{
"profileUuid": "a68e5092-70ad-426d-ace5-3933de8971bb"
}
Updated API: Update a Sensor Profile
New or Updated APIs | Updated |
---|---|
API Endpoint (New version) | /csapi/v1.3/sensorProfile/{sensorProfileId} |
Method | PUT |
DTD XSD Changes | No |
Input ParametersInput Parameters
The following table shows the updated input parameters.
Parameter |
Mandatory/Optional |
Data Type |
Description |
---|---|---|---|
profileType | Mandatory | string | Specify the profile type: Registry, General, CICD, or RUNTIME The default value is Registry. |
runtimeSensor |
Mandatory | string | Use it to send the Container Runtime Sensor (CRS) events to the Qualys Cloud Platform. Valid values: enable or disable If you mention 'disable', the CRS events data is not sent to the Qualys Cloud platform. Default value: enable |
ignoreProcesses | Optional | string | Specify the processes to be exluded. You can mention absolute path or binary name. Example: /usr/bin/cat (absolute path) or /cat (binary name) |
Sample: Update a Container Runtime Sensor ProfileSample: Update a Container Runtime Sensor Profile
API Request
curl -X 'PUT' \
'<qualys_base_url>/csapi/v1.3/sensorProfile/a68e5092-70ad-426d-ace5-3933de8971bb' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '{
"profileName": "check_update_123",
"profileType": "Runtime",
"description": "test1_update123",
"createdBy": "john_doe",
"updatedBy": "john_doe",
"config": {
"performanceManagement": {
"logSecurityLevel": "DEBUG",
"maxNoOfArchivedLogFiles": 1,
"maxLogFileSize": 1
},
"runtimeSensor": "disable",
"ignoreProcesses": [
"test123",
"/usr/bin/cat"
]
},
"associatedSensorIds": [
"39e19424-ebb3-457b-b037-658d3bb3b1ec"
]
}'
API Response
{
"profileUuid": "a68e5092-70ad-426d-ace5-3933de8971bb"
}
Updated API: Fetch Sensors Associated with a Sensor Profile
New or Updated APIs | Updated |
---|---|
API Endpoint (New version) | /csapi/v1.3/sensorProfile/sensor/associate |
Method | GET |
DTD XSD Changes | No |
Input ParametersInput Parameters
The following table shows the updated input parameter.
Parameter |
Mandatory/Optional |
Data Type |
Description |
---|---|---|---|
sensorProfileType | Mandatory | string | Specify the sensor type: Registry, General, CICD, or RUNTIME The default value is General. |
Sample: Fetch Sensors Associated with a Sensor ProfileSample: Fetch Sensors Associated with a Sensor Profile
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/sensorProfile/sensor/associate?sensorProfileType=Runtime&pageNo=0&pageSize=50&sort=created%3Adesc' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
API Response
{
"data": [
{
"uuid": "5a2ef67c-e81d-40ef-a0bb-b7b97888319a",
"activationUuid": "ad112f67-336e-4328-9285-66594dacdb9f",
"hostname": "ip-XX-XX-XX-XX3",
"customerUuid": "62cbdd77-ba57-f5ce-82bb-168344e92550",
"dockerVersion": null,
"ipv4": null,
"os": null,
"ipv6": null,
"sensorVersion": "1.0.0-0",
"platform": null,
"lastCheckedIn": "1728618878658",
"label": null,
"privileged": "true",
"macAddress": null,
"vulnSigVersion": null,
"hostUuid": "8468cba4-4408-438d-bb11-a1ece5b38944",
"configurationProfile": null,
"status": "Provisioned",
"registry": null,
"sha": "f92f1d8a41a795ac0845e86ecb82797df30fdbe56aa9264d34ff2c61cf03c0f5",
"sensorId": "f92f1d8a41a7",
"name": "qualys-runtime-sensor",
"created": "1728618878658",
"imageId": "f92f1d8a41a7",
"imageSha": "f92f1d8a41a795ac0845e86ecb82797df30fdbe56aa9264d34ff2c61cf03c0f5",
"imageRepoDigest": null,
"binaryVersion": null,
"containerIpv4": null,
"containerIpv6": null,
"containerMacAddress": null,
"sensorType": "RUNTIME",
"containerRuntime": null,
"containerRuntimeVersion": null,
"architecture": "amd64",
"associatedSensorProfile": "00000000-0000-0000-0000-000000000000",
"associatedSensorProfileName": null,
"tagDetails": null,
"clusterUid": "a883e610-428d-4355-8a19-7aef2cf4afde"
},
{
"uuid": "cb0388c5-8479-46f4-aa4e-0ac5e6bf13fb",
"activationUuid": "ad112f67-336e-4328-9285-66594dacdb9f",
"hostname": "ip-XX-XX-XX-XX3",
"customerUuid": "62cbdd77-ba57-f5ce-82bb-168344e92550",
"dockerVersion": null,
"ipv4": null,
"os": null,
"ipv6": null,
"sensorVersion": "1.0.0-0",
"platform": null,
"lastCheckedIn": "1728489391550",
"label": null,
"privileged": "true",
"macAddress": null,
"vulnSigVersion": null,
"hostUuid": "8468cba4-4408-438d-bb11-a1ece5b38944",
"configurationProfile": null,
"status": "Provisioned",
"registry": null,
"sha": "9f9a914c9e5443ee70ebe5c1e038fd8130439169883b4b3baaec500858fb6d24",
"sensorId": "9f9a914c9e54",
"name": "qualys-runtime-sensor",
"created": "1728467790863",
"imageId": "9f9a914c9e54",
"imageSha": "9f9a914c9e5443ee70ebe5c1e038fd8130439169883b4b3baaec500858fb6d24",
"imageRepoDigest": null,
"binaryVersion": null,
"containerIpv4": null,
"containerIpv6": null,
"containerMacAddress": null,
"sensorType": "RUNTIME",
"containerRuntime": null,
"containerRuntimeVersion": null,
"architecture": "amd64",
"associatedSensorProfile": "24100000-0000-2e45-5ca1-0a3c1s8n4000",
"associatedSensorProfileName": null,
"tagDetails": null,
"clusterUid": "a883e610-428d-4355-8a19-7aef2cf4afde"
}
],
"count": 2,
"groups": {},
"aggs": null
}
List Cluster Sensor PODs and Namespaces
With CS 1.34 release, you can see your POD and Namespace details with the help of CS APIs. To enable this feature, the following new APIs are introduced.
- Fetch a List of PODs in your Account
GET /csapi/v1.3/k8sResource/pod
- Fetch a List Of Namespaces in your Account
GET /csapi/v1.3/k8sResource/namespace
- Fetch Details of a POD
GET /csapi/v1.3/k8sResource/pod/details/{podUid}
- Fetch Details of a Namespace
GET /csapi/v1.3/k8sResource/namespace/details/{namespaceUid}
New API: Fetch a List Of PODs in your Account
New or Updated APIs | New |
---|---|
API Endpoint (New version) | /csapi/v1.3/k8sResource/pod |
Method | GET |
DTD XSD Changes | No |
Input ParametersInput Parameters
The following table shows the input parameters introduced with this API.
Parameter |
Mandatory/Optional |
Data Type |
Description |
---|---|---|---|
Filter |
Optional | string/number/boolean | Use this to filter any specific data. |
pageNumber |
Mandatory | number | Indicates page number. The default value is 1. |
pageSize |
Mandatory |
number | Indicates page size. The default value is 50. |
Sort |
Optional |
string/number | Use it to filter the listing. |
Sample: Fetch a List Of PODs in your AccountSample: Fetch a List Of PODs in your Account
API Request
curl -X 'GET' \ '<qualys_base_url>/csapi/v1.3/
k8sResource/pod' \ -H 'accept: application/json' \ -H 'Authorization: Bearer <token>'
API Response
{
"data": [
{
"uuid": "d53dbb4c-274b-4d8e-8c5f-114161076b05",
"customerUuid": "50d685c8-de44-e73f-81b3-b8ecb0ca1886",
"clusterUid": "51250330-b7a3-4958-9858-390c8b6c7cde",
"sensorUuid": "01f386f8-69e7-ae67-19eb-81e03ba66458",
"name": "aws-node-g6fl7",
"labels": [
"k8s-app:aws-node",
"app.kubernetes.io/instance:aws-vpc-cni",
"pod-template-generation:1",
"controller-revision-hash:885cd64f",
"app.kubernetes.io/name:aws-node"
],
"annotations": null,
"updatedAt": "1731008618465",
"deletedAt": null,
"resourceVersion": 13316391,
"namespace": "kube-system",
"startedAt": "1730995495000",
"status": "RUNNING",
"containers": [
"containerd://eae5b8a55055e263b68a4abaf56e32b5e125fc02b1f1da9ee40c5484405bae51",
"containerd://46a12649f09a89ca71a83fc0e81199dfd0c0a40903b65fbde9a4885118eff39b",
"containerd://43719d6dd9c0f4b753700f6952426bfc201caae811297e89370752ab2cf09149"
],
"securityContext": [],
"owner": null,
"k8sExposure": null
},
{
"uuid": "399d128f-ecd1-437b-8cd4-1db2a39d3c00",
"customerUuid": "50d685c8-de44-e73f-81b3-b8ecb0ca1886",
"clusterUid": "51250330-b7a3-4958-9858-390c8b6c7cde",
"sensorUuid": "01f386f8-69e7-ae67-19eb-81e03ba66458",
"name": "kube-proxy-9hrkb",
"labels": [
"k8s-app:kube-proxy",
"pod-template-generation:1",
"controller-revision-hash:6c75fb6796"
],
"annotations": null,
"updatedAt": "1731008618432",
"deletedAt": null,
"resourceVersion": 13316331,
"namespace": "kube-system",
"startedAt": "1730995495000",
"status": "RUNNING",
"containers": [
"containerd://ab0e106a5b52057101ec2b0af85d28fa2c79d39cbf1e0dcc4c6651801fc5c617"
],
"securityContext": [],
"owner": null,
"k8sExposure": null
},
{
"uuid": "468041ab-836e-4ab4-aca1-52778cabf5c6",
"customerUuid": "50d685c8-de44-e73f-81b3-b8ecb0ca1886",
"clusterUid": "51250330-b7a3-4958-9858-390c8b6c7cde",
"sensorUuid": "01f386f8-69e7-ae67-19eb-81e03ba66458",
"name": "kube-proxy-7pm4d",
"labels": [
"k8s-app:kube-proxy",
"pod-template-generation:1",
"controller-revision-hash:6c75fb6796"
],
"annotations": null,
"updatedAt": "1731008618431",
"deletedAt": null,
"resourceVersion": 13315884,
"namespace": "kube-system",
"startedAt": "1730995370000",
"status": "RUNNING",
"containers": [
"containerd://d50ca71b5c6d51ef0c3620d4bbb99f13cca385373bc2590d87f09ba18628f640"
],
"securityContext": null,
"owner": null,
"k8sExposure": null
}
],
"count": 49,
"groups": {},
"aggs": null
}
New API: Fetch a List Of Namespaces in your Account
New or Updated APIs | New |
---|---|
API Endpoint (New version) | /csapi/v1.3/k8sResource/namespace |
Method | GET |
DTD XSD Changes | No |
Input ParametersInput Parameters
The following table shows the input parameters introduced with this API.
Parameter |
Mandatory/Optional |
Data Type |
Description |
---|---|---|---|
Filter | Optional | string/number/boolean | Use this to filter any specific data. |
pageNumber | Mandatory | number | Indicates page number. The default value is 1. |
pageSize | Mandatory | number | Indicates page size. The default value is 50. |
Sort | Optional | string/number | Use it to filter the listing. |
Sample: Fetch a List Of Namespace in your AccountSample: Fetch a List Of Namespace in your Account
API Request
curl -X 'GET' \ '<qualys_base_url>/csapi/v1.3/
k8sResource/namespace' \ -H 'accept: application/json' \ -H 'Authorization: Bearer <token>'
API Response
{
"data": [
{
"uuid": "df035ed8-8360-4008-b360-f60c4be95e44",
"customerUuid": "50d685c8-de44-e73f-81b3-b8ecb0ca1886",
"clusterUid": "51250330-b7a3-4958-9858-390c8b6c7cde",
"sensorUuid": "01f386f8-69e7-ae67-19eb-81e03ba66458",
"name": "kube-node-lease",
"labels": [
"kubernetes.io/metadata.name:kube-node-lease"
],
"annotations": null,
"updatedAt": "1731008617460",
"deletedAt": null,
"resourceVersion": 29,
"createdAt": "1726087859000",
"status": "ACTIVE"
},
{
"uuid": "308d678c-490c-4376-9e77-bf22f46e57c8",
"customerUuid": "50d685c8-de44-e73f-81b3-b8ecb0ca1886",
"clusterUid": "51250330-b7a3-4958-9858-390c8b6c7cde",
"sensorUuid": "01f386f8-69e7-ae67-19eb-81e03ba66458",
"name": "qualys",
"labels": [
"name:qualys",
"kubernetes.io/metadata.name:qualys"
],
"annotations": null,
"updatedAt": "1731008617493",
"deletedAt": null,
"resourceVersion": 13351463,
"createdAt": "1731008487000",
"status": "ACTIVE"
},
{
"uuid": "7a03c132-af38-4be4-9682-4ed563e0b156",
"customerUuid": "50d685c8-de44-e73f-81b3-b8ecb0ca1886",
"clusterUid": "51250330-b7a3-4958-9858-390c8b6c7cde",
"sensorUuid": "01f386f8-69e7-ae67-19eb-81e03ba66458",
"name": "kube-public",
"labels": [
"kubernetes.io/metadata.name:kube-public"
],
"annotations": null,
"updatedAt": "1731008617855",
"deletedAt": null,
"resourceVersion": 14,
"createdAt": "1726087859000",
"status": "ACTIVE"
}
],
"count": 26,
"groups": {},
"aggs": null
}
New API: Fetch Details of a Pod
New or Updated APIs | New |
---|---|
API Endpoint (New version) | /csapi/v1.3/k8sResource/pod/details/{podUid} |
Method | GET |
DTD XSD Changes | No |
Input ParametersInput Parameters
The following table shows the input parameter introduced with this API.
Parameter |
Mandatory/Optional |
Data Type |
Description |
---|---|---|---|
podUid | Mandatory | UUID | Specify the UUID of a POD. |
Sample: Fetch Details of a PodSample: Fetch Details of a Pod
API Request
curl -X 'GET' \ '<qualys_base_url>/csapi/v1.3/
k8sResource/pod/details/8c18a36e-ca9c-4b7e-9fe5-bbb260b99435' \ -H 'accept: application/json' -H 'Authorization: Bearer <token>'
API Response
{
"uuid": "8c18a36e-ca9c-4b7e-9fe5-bbb260b99435",
"customerUuid": "7e5d9ca3-ed1c-65b8-12ab-e38ea0c445cd",
"clusterUid": "3e27e85e-99f9-4fac-bfdc-052ae00653a6",
"sensorUuid": "407a2a6b-74e5-2a14-3f24-e6a440c29e38",
"name": "kube-proxy-csfbx",
"labels": [
"component:kube-proxy",
"controller-revision-hash:7cc4697865",
"kubernetes.azure.com/managedby:aks",
"pod-template-generation:6",
"tier:node"
],
"annotations": null,
"updatedAt": 1729148079790,
"deletedAt": null,
"resourceVersion": 44221227,
"namespace": "kube-system",
"startedAt": 1728783935000,
"status": "RUNNING",
"containers": [
"containerd://eb009a072729e6a576bbf1c1d9edd6057cfa040a58071430b81656a38fb8be1a",
"containerd://b9cac4442fd0452c40831a3f7a2781e92773326440016217d42dc493e4ffb56b"
],
"securityContext": null,
"owner": {
"uuid": "8133f71c-6901-46e8-ba77-87e261d4b312",
"name": "kube-proxy",
"kind": "DaemonSet"
}
}
New API: Fetch Details of a Namespace
New or Updated APIs | New |
---|---|
API Endpoint (New version) | /csapi/v1.3/k8sResource/namespace/details/{namespaceUid} |
Method | GET |
DTD XSD Changes | No |
Input ParametersInput Parameters
The following table shows the input parameter introduced with this API.
Parameter |
Mandatory/Optional |
Data Type |
Description |
---|---|---|---|
namespaceUid | Mandatory | UUID | Specify the UUID of a Namespace. |
Sample: Fetch Details of a NamespaceSample: Fetch Details of a Namespace
API Request
curl -X 'GET' \ '<qualys_base_url>/csapi/v1.3/
k8sResource/namespace/details/3a6ec3a3-fbf7-494f-8719-024897cd6c5e' \ -H 'accept: application/json' \ -H 'Authorization: Bearer <token>'
API Response
{
"uuid": "3a6ec3a3-fbf7-494f-8719-024897cd6c5e",
"customerUuid": "7e5dc235-1w3r-65b8-9q2e-e38ea0c4cd9e",
"clusterUid": "3e27e85e-99f9-4fac-bfdc-052ae00653a6",
"sensorUuid": "407a2a6b-74e5-2a14-3f24-e6a440c29e38",
"name": "default",
"labels": [
"kubernetes.io/metadata.name:default"
],
"annotations": null,
"updatedAt": 1729988224191,
"deletedAt": null,
"resourceVersion": 37,
"createdAt": 1717159080000,
"status": "UNKNOWN"
}
Support Criticality Score in Trurisk
With this release, you will be able to see the Criticality score (criticality and its last updated time) in below APIs.
Images
- Fetch a List of Images in Your Account
GET /csapi/v1.3/images
- Fetch Image Details
GET /csapi/v1.3/images/{imageSha}
- Fetch a List of Images (Bulk API)
GET /csapi/v1.3/images/list
Containers
- Fetch a List of Containers in Your Account
GET /csapi/v1.3/containers
- Fetch Container Details
GET /csapi/v1.3/containers/{containerSha}
- Fetch a List of Containers (Bulk API)
GET /csapi/v1.3/containers/list
Updated API: Fetch a List of Images in your Account
New or Updated APIs | New |
---|---|
API Endpoint (New version) | /csapi/v1.3/images |
Method | GET |
DTD XSD Changes | No |
Sample: Fetch a List of Images in your AccountSample: Fetch a List of Images in your Account
API Request
curl -X GET
"<qualys_base_url>/csapi/v1.3/images?filter=imagesInUse:'[now-7d ...now]'&pageNumber=1&pageSize=50&sort=created%3Adesc" \
-H "accept: application/json" \
-H "Authorization: Bearer <token>"
API Response
"data": [
{
"created": "1717026901000",
"updated": "1721714104046",
"lastUsedDate": "1721714104046",
"sha":
"4f67c83422ec747235357c04556616234e66fc3fa39cb4f40b2d4441ddd8f100",
"repo": [
{
"registry": "docker.io",
"tag": "latest",
"repository": "nginx"
}
],
"repoDigests": [
{
"registry": "docker.io",
"digest":
"0f04e4f646a3f14bf31d8bc8d885b6c951fdcf42589d06845f64d18aec6a3c4d",
"repository": "nginx"
}
],
"uuid": "16c984cf-7029-3cd9-951f-b9ef7d712059",
"size": 187667860,
"vulnerabilities": {
"severity5Count": 0,
"severity3Count": 0,
"severity4Count": 0,
"severity1Count": 0,
"severity2Count": 0
},
"imageId": "4f67c83422ec",
"associatedContainersCount": 0,
"associatedHostsCount": 1,
"lastVmScanDate": "1718652145295",
"registryUuid": null,
"source": [
"GENERAL"
],
"isDockerHubOfficial": false,
"scanType": null,
"scanTypes": [
"DYNAMIC"
],
"scanErrorCode": null,
"scanStatus": "SUCCESS",
"lastFoundOnHost": {
"sensorUuid": "e5c501d1-169e-4001-83d1-ca60ba35ef7d",
"hostname": "ip-10-**-8-**",
"ipAddress": "10.**.8.**",
"uuid": "b7b5ad35-41fd-4262-9cbf-bc2601a6b5f5",
"lastUpdated": "2024-06-12T06:54:09.796Z"
},
"exceptions": null,
"riskScore": 78,
"riskScoreCalculatedDate": 1721631694803,
"maxQdsScore": 65,
"qdsSeverity": MEDIUM,
"lastScannedBySensor": null,
"scanErrorMessage": null,
"criticality": 4,
"criticalityUpdated": 1717098843553,
"baseImage": null,
"childImagesCount": 0,
"sbomLayerProcessingTimestamp": null,
"baseImageProcessingTimestamp": null,
"compliance": {
"failCount": 2,
"passCount": 0,
"errorCount": 0
},
"lastComplianceScanDate": "1718175514362"
}
],
"count": 1
}
Updated API: Fetch Images Details
New or Updated APIs | New |
---|---|
API Endpoint (New version) | /csapi/v1.3/images/{imageSha} |
Method | GET |
DTD XSD Changes | No |
Sample: Fetch Image DetailsSample: Fetch Image Details
API Request
curl -X 'GET'
'<qualys_base_url>/csapi/v1.3/images/c64844065dcbc3d0a90c365c1f56421766a5cebf05f7ecbd3377af410fff09fd&scanDetails=malware_secrets' \
-H 'accept: application/json' \
-H Authorization: Bearer <Token> \
-H 'Content-Type: application/json'
API Response
{
"created": "1603477517000",
"updated": "1605017537578",
"lastUsedDate;: "1716251515814",
"author": "Jack_reader",
"repo": [
{
"registry": "docker.io",
"tag": "latest",
"repository": "ac_base"
}
],
"repoDigests": [
{
"registry": "docker.io",
"digest":
"1d811b3c382893f70f0cc0f2371a12d3671c1d5175bcc67e8c2a5c0bf4c8f976",
"repository": "ac_base"
}
],
"label": null,
"uuid": "5d48f83b-cddb-33ac-8fad-e8452dd116b1",
"sha":
"c64844065dcbc3d0a90c365c1f56421766a5cebf05f7ecbd3377af410fff09fd",
"operatingSystem": "Ubuntu Linux 16.04.7",
"customerUuid": "192cc974-****-****-****-f78f6441cb0d",
"dockerVersion": "18.09.7",
"size": 1183790011,
"layers": [
{
"size": "130553983",
"createdBy": "ADD
file:c1f3147c7b6710af5affd417ff822ee28df872d716003858d3d2e23d2277c981 in
/ ",
"created": "1603474388000",
"comment": "",
"id": null,
"sha": null,
"tags": null
},
{
"size": "1930",
"createdBy": "COPY file:d816a67f6d281a13fe685991e90cb7 in / ",
"created": "1603477517000",
"comment": "",
"id": null,
"sha": null,
"tags": null
}
],
"host": [
{
"sensorUuid": "fed79006-2fa9-4b67-8f5a-272b4e02f084",
"hostname": "host.qualys.com",
"ipAddress": "10.**.**.40",
"uuid": "6ba5be85-2758-4f44-814a-b690c9ed23ee",
"lastUpdated": "2020-11-10T14:10:29.218Z"
}
],
"architecture": "amd64",
"imageId": "c64844065dcb",
"lastVmScanDate": "1605017537578",
"registryUuid": null,
"source": [
"GENERAL"
],
"totalVulCount": "0",
"users": [
"root"
],
"isDockerHubOfficial": null,
"isInstrumented": null,
"instrumentedFrom": null,
"instrumentationState": null,
"scanType": "DYNAMIC",
"scanTypes": [
"DYNAMIC"
],
"scanErrorCode": null,
"scanStatus": "SUCCESS",
"lastFoundOnHost": {
"sensorUuid": "fed79006-2fa9-4b67-8f5a-272b4e02f084",
"hostname": "host.qualys.com",
"ipAddress": "10.**.**.40",
"uuid": "6ba5be85-2758-4f44-814a-b690c9ed23ee",
"lastUpdated": "2020-11-10T14:10:29.218Z"
},
"malware": {
"imageMalwareCount": 1,
"malwarePrediction": {
"prediction": "malicious",
"score": 1,
"severity": 3,
"category": "dropper",
"family": "mirai"
"riskScore": 238,
"riskScoreCalculatedDate": "1721644261069",
"formulaUsed": "MIN (1000 , 2 * ( 1.0 * 74.71 * Pow(7,0.01) +
0.6 * 42.45 * Pow(20,0.01) + 0.4 * 40.09 * Pow(11,0.01) ))",
"maxQdsScore": 100,
"qdsSeverity": "CRITICAL",
}
},
"lastMalwareScanned": null,
"exceptions": [
"77116d5b-aaa0-4dba-a334-9fe6a6f0dd98"
],
"secrets": [
{
"severity": "LOW",
"filePath": "/root/foo/foo1.txt",
"layerSha":
"7afaca6fd6f46466f2f23f51c647918c7818a431792547db3a7bc033d261a1e3",
"match": null,
"startLine": 0,
"secretType": "Easypost API Token"
},
{
"severity": "CRITICAL",
"filePath": "/home/qatest/key/gcp-service-account.json",
"layerSha":
"5bc804df91a229c1f26d254b5247c699c1e1a53673ec1d30e263e7b4bda96beb",
"match": null,
"startLine": 0,
"secretType": "Google (GCP) Service-account"
}
],
"lastSecretScanned": null,
"riskScore": null,
"riskScoreCalculatedDate": null,
"formulaUsed": null,
"maxQdsScore": null,
"qdsSeverity": null,
"criticality": 3,
"criticalityUpdated": 1717098843553,
"baseImage": null,
"childImagesCount": 0,
"sbomLayerProcessingTimestamp": null,
"baseImageProcessingTimestamp": null,
"softwares": [
{
"name": "libncursesw5:amd64",
"version": "6.0+20160213-1ubuntu1",
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libgpg-error0:amd64",
"version": "1.21-2ubuntu1",
"fixVersion": null,
"vulnerabilities": null
}
],
"vulnerabilities": [],
"lastComplianceScanned": "1603477517000"
}
Updated API: Fetch a List of Images (Bulk API)
New or Updated APIs | New |
---|---|
API Endpoint (New version) | /csapi/v1.3/images/list |
Method | GET |
DTD XSD Changes | No |
Sample: Fetch a List of Images (Bulk API)Sample: Fetch a List of Images (Bulk API)
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/images/list?limit=2' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
API Response
{
"data": [
{
"created": "1472581305000",
"updated": "1724323293607",
"author": "Adam Miller <maxamillion@fedoraproject.org>",
"repo": [
{
"registry": "art-hq.intranet.qualys.com:5001",
"tag": "fedora22",
"repository": "multi-os-images"
},
{
"registry": "docker.io",
"tag": "fedora",
"repository": "hchandawad1/alpine-amd64"
},
{
"registry": "sjc.ocir.io",
"tag": "centos",
"repository": "axtqwmwbaayf/public-hritika-1"
},
{
"registry": "sjc.ocir.io",
"tag": "fedora",
"repository": "axtqwmwbaayf/qualys"
},
{
"registry": "docker.io",
"tag": "22",
"repository": "fedora"
},
{
"registry": "msftlongregistryandreponametest.azurecr.io",
"tag": "tag",
"repository": "test1/test2"
}
],
"repoDigests": [
{
"registry": "docker.io",
"digest": "dea6d6d845c3eba400289b61444ce193dd3df73f8ac70fb60fb6ed39718e111c",
"repository": "hchandawad1/alpine-amd64"
},
{
"registry": "docker.io",
"digest": "d5cce9139f8758171936a033c0625307760026446d4d30f084ff6b52aecc1721",
"repository": "fedora"
},
{
"registry": "art-hq.intranet.qualys.com:5001",
"digest": "dea6d6d845c3eba400289b61444ce193dd3df73f8ac70fb60fb6ed39718e111c",
"repository": "multi-os-images"
},
{
"registry": "sjc.ocir.io",
"digest": "dea6d6d845c3eba400289b61444ce193dd3df73f8ac70fb60fb6ed39718e111c",
"repository": "axtqwmwbaayf/public-hritika-1"
},
{
"registry": "msftlongregistryandreponametest.azurecr.io",
"digest": "dea6d6d845c3eba400289b61444ce193dd3df73f8ac70fb60fb6ed39718e111c",
"repository": "test1/test2"
},
{
"registry": "sjc.ocir.io",
"digest": "dea6d6d845c3eba400289b61444ce193dd3df73f8ac70fb60fb6ed39718e111c",
"repository": "axtqwmwbaayf/qualys"
}
],
"label": [],
"uuid": "d165a97b-7e10-3f0b-acb9-eac7c39d1532",
"sha": "01a9fe974dba61470137158fc1987884ea1f2333ae60c7f76562dbae02739ada",
"operatingSystem": "Fedora 22",
"customerUuid": "af24ca38-27a8-6bd9-8241-5ec3c9eecdb5",
"dockerVersion": "1.12.1",
"size": 188728229,
"layers": [
{
"size": "188728229",
"createdBy": "ADD file:e14b712e5cfef28691da81e314415790d59685a366414f6be248b871e42d4436 in / ",
"created": "1472581305000",
"comment": "",
"id": "01a9fe974dba",
"sha": "01a9fe974dba61470137158fc1987884ea1f2333ae60c7f76562dbae02739ada",
"tags": [
"sjc.ocir.io/axtqwmwbaayf/qualys:fedora",
"art-hq.intranet.qualys.com:5001/multi-os-images:fedora22",
"hchandawad1/alpine-amd64:fedora",
"fedora:22",
"sjc.ocir.io/axtqwmwbaayf/public-hritika-1:centos",
"msftlongregistryandreponametest.azurecr.io/test1/test2:tag"
],
"layerNumber": null,
"isBaseLayer": null,
"isEmptyLayer": null
},
{
"size": "0",
"createdBy": "MAINTAINER Adam Miller <maxamillion@fedoraproject.org>",
"created": "1472581297000",
"comment": "",
"id": null,
"sha": null,
"tags": null,
"layerNumber": null,
"isBaseLayer": null,
"isEmptyLayer": null
}
],
"architecture": "amd64",
"imageId": "01a9fe974dba",
"lastScanned": "1724323293607",
"registryUuid": null,
"source": [
"GENERAL"
],
"users": [],
"lastFoundOnHost": {
"sensorUuid": "75e30f2f-05f5-413f-9baf-0095b39347ad",
"hostname": "localhost.localdomain",
"ipAddress": "10.115.97.76",
"uuid": "62fe1baa-0311-0002-ca34-0050568cd03b",
"lastUpdated": "2024-08-22T10:52:22.065Z"
},
"lastUsedDate": null,
"isDockerHubOfficial": null,
"scanType": null,
"scanTypes": [
"STATIC"
],
"softwares": [
"name": "rpm-plugin-selinux",
"version": "4.12.0.1-14.fc22",
"fixVersion": null,
"scanType": "STATIC",
"packagePath": null
},
{
"name": "libuuid",
"version": "2.26.2-4.fc22",
"fixVersion": null,
"scanType": "STATIC",
"packagePath": null
},
{
"name": "lzo",
"version": "2.08-3.fc22",
"fixVersion": null,
"scanType": "STATIC",
"packagePath": null
},
{
"name": "rootfiles",
"version": "8.1-17.fc21",
"fixVersion": null,
"scanType": "STATIC",
"packagePath": null
},
{
"name": "libstdc++",
"version": "5.3.1-2.fc22",
"fixVersion": null,
"scanType": "STATIC",
"packagePath": null
},
{
"name": "deltarpm",
"version": "3.6-8.fc22",
"fixVersion": null,
"scanType": "STATIC",
"packagePath": null
},
],
"vulnerabilities": [
{
"qid": 124975,
"result": null,
"software": [
{
"name": "libssh2",
"version": "1.5.0-1.fc22",
"fixVersion": "1.5.0-2.fc22",
"scanType": "STATIC",
"packagePath": null
}
],
"lastFound": "1724323293564",
"firstFound": "1724323293564",
"typeDetected": "CONFIRMED",
"scanType": [
"STATIC"
]
},
{
"qid": 276308,
"result": null,
"software": [
{
"name": "openssl-libs",
"version": "1.0.1k-13.fc22",
"fixVersion": "1.0.1k-14.fc22",
"scanType": "STATIC",
"packagePath": null
}
],
"lastFound": "1724323293570",
"firstFound": "1724323293570",
"typeDetected": "CONFIRMED",
"scanType": [
"STATIC"
]
},
{
"qid": 276113,
"result": null,
"software": [
{
"name": "openssl-libs",
"version": "1.0.1k-13.fc22",
"fixVersion": "1.0.1k-15.fc22",
"scanType": "STATIC",
"packagePath": null
}
],
"lastFound": "1724323293567",
"firstFound": "1724323293567",
"typeDetected": "CONFIRMED",
"scanType": [
"STATIC"
]
},
{
"qid": 106008,
"result": null,
"software": null,
"lastFound": "1724323293573",
"firstFound": "1724323293573",
"typeDetected": "CONFIRMED",
"scanType": [
"STATIC"
]
}
],
"malware": null,
"secrets": null,
"lastMalwareScanned": null,
"riskScore": null,
"riskScoreCalculatedDate": null,
"maxQdsScore": null,
"qdsSeverity": null,
"criticality": 5,
"criticalityUpdated": 1717098843553
},
{
"created": "1490217199000",
"updated": "1724323252042",
"author": "",
"repo": [
{
"registry": "docker.io",
"tag": "latest",
"repository": "iojs"
},
{
"registry": "dockregtest01.eng.sjc01.qualys.com:5000",
"tag": "latest",
"repository": "iojs"
}
],
"repoDigests": [
{
"registry": "docker.io",
"digest": "e9c867712191ac0d35041268feed489bcaaf9c1169296ca780ba4be03ca4610c",
"repository": "iojs"
},
{
"registry": "dockregtest01.eng.sjc01.qualys.com:5000",
"digest": "ebe3fd385e36a8bbfae06e1f8c1e88a4abfce10dbfc4b8b339d3c0df072ee9f4",
"repository": "iojs"
}
],
"label": [],
"uuid": "1ea83c91-0ef9-3c50-9fdc-d7d3551fb59a",
"sha": "fdab38ea8e39d1bd42b3ef244e6ea4f85a72b41608c6f372bd9de4ba900b4f99",
"operatingSystem": null,
"customerUuid": "af24ca38-27a8-6bd9-8241-5ec3c9eecdb5",
"dockerVersion": "1.12.6",
"size": 648592935,
"layers": [
{
"size": "0",
"createdBy": "CMD [\"iojs\"]",
"created": "1490217199000",
"comment": "",
"id": "fdab38ea8e39",
"sha": "fdab38ea8e39d1bd42b3ef244e6ea4f85a72b41608c6f372bd9de4ba900b4f99",
"tags": [
"iojs:latest",
"dockregtest01.eng.sjc01.qualys.com:5000/iojs:latest"
],
"layerNumber": null,
"isBaseLayer": null,
"isEmptyLayer": null
},
{
"size": "34650067",
"createdBy": "curl -SLO \"https://iojs.org/dist/v$IOJS_VERSION/iojs-v$IOJS_VERSION-linux-x64.tar.gz\" && curl -SLO \"https://iojs.org/dist/v$IOJS_VERSION/SHASUMS256.txt.asc\" && gpg --verify SHASUMS256.txt.asc && grep \" iojs-v$IOJS_VERSION-linux-x64.tar.gz\\$\" SHASUMS256.txt.asc | sha256sum -c - && tar -xzf \"iojs-v$IOJS_VERSION-linux-x64.tar.gz\" -C /usr/local --strip-components=1 && rm \"iojs-v$IOJS_VERSION-linux-x64.tar.gz\" SHASUMS256.txt.asc",
"created": "1490217198000",
"comment": "",
"id": null,
"sha": null,
"tags": null,
"layerNumber": null,
"isBaseLayer": null,
"isEmptyLayer": null
},
{
"size": "0",
"createdBy": "ENV IOJS_VERSION=3.3.0",
"created": "1490217194000",
"comment": "",
"id": null,
"sha": null,
"tags": null,
"layerNumber": null,
"isBaseLayer": null,
"isEmptyLayer": null
},
{
"size": "0",
"createdBy": "ENV NPM_CONFIG_LOGLEVEL=info",
"created": "1490217176000",
"comment": "",
"id": null,
"sha": null,
"tags": null,
"layerNumber": null,
"isBaseLayer": null,
"isEmptyLayer": null
},
{
"size": "88894",
"createdBy": "set -ex && for key in 9554F04D7259F04124DE6B476D5A82AC7E37093B 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 0034A06D9D9B0064CE8ADF6BF1747F4AD2306D93 FD3A5288F042B6850C66B31F09FE44734EB7990E 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 DD8F2338BAE7501E3DD5AC78C273792F7D83545D ; do gpg --keyserver ha.pool.sks-keyservers.net --recv-keys \"$key\" ; done",
"created": "1490217175000",
"comment": "",
"id": null,
"sha": null,
"tags": null,
"layerNumber": null,
"isBaseLayer": null,
"isEmptyLayer": null
},
{
"size": "322890800",
"createdBy": "set -ex; \tapt-get update; \tapt-get install -y --no-install-recommends \t\tautoconf \t\tautomake \t\tbzip2 \t\tfile \t\tg++ \t\tgcc \t\timagemagick \t\tlibbz2-dev \t\tlibc6-dev \t\tlibcurl4-openssl-dev \t\tlibdb-dev \t\tlibevent-dev \t\tlibffi-dev \t\tlibgdbm-dev \t\tlibgeoip-dev \t\tlibglib2.0-dev \t\tlibjpeg-dev \t\tlibkrb5-dev \t\tliblzma-dev \t\tlibmagickcore-dev \t\tlibmagickwand-dev \t\tlibncurses-dev \t\tlibpng-dev \t\tlibpq-dev \t\tlibreadline-dev \t\tlibsqlite3-dev \t\tlibssl-dev \t\tlibtool \t\tlibwebp-dev \t\tlibxml2-dev \t\tlibxslt-dev \t\tlibyaml-dev \t\tmake \t\tpatch \t\txz-utils \t\tzlib1g-dev \t\t\t\t$( \t\t\tif apt-cache show 'default-libmysqlclient-dev' 2>/dev/null | grep -q '^Version:'; then \t\t\t\techo 'default-libmysqlclient-dev'; \t\t\telse \t\t\t\techo 'libmysqlclient-dev'; \t\t\tfi \t\t) \t; \trm -rf /var/lib/apt/lists/*",
"created": "1490123534000",
"comment": "",
"id": null,
"sha": null,
"tags": null,
"layerNumber": null,
"isBaseLayer": null,
"isEmptyLayer": null
},
{
"size": "122928427",
"createdBy": "apt-get update && apt-get install -y --no-install-recommends \t\tbzr \t\tgit \t\tmercurial \t\topenssh-client \t\tsubversion \t\t\t\tprocps \t&& rm -rf /var/lib/apt/lists/*",
"created": "1490123476000",
"comment": "",
"id": null,
"sha": null,
"tags": null,
"layerNumber": null,
"isBaseLayer": null,
"isEmptyLayer": null
},
{
"size": "44641329",
"createdBy": "apt-get update && apt-get install -y --no-install-recommends \t\tca-certificates \t\tcurl \t\twget \t&& rm -rf /var/lib/apt/lists/*",
"created": "1490123458000",
"comment": "",
"id": null,
"sha": null,
"tags": null,
"layerNumber": null,
"isBaseLayer": null,
"isEmptyLayer": null
},
{
"size": "0",
"createdBy": "CMD [\"/bin/bash\"]",
"created": "1490120945000",
"comment": "",
"id": null,
"sha": null,
"tags": null,
"layerNumber": null,
"isBaseLayer": null,
"isEmptyLayer": null
},
{
"size": "123393418",
"createdBy": "ADD file:4eedf861fb567fffb2694b65ebdd58d5e371a2c28c3863f363f333cb34e5eb7b in / ",
"created": "1490120931000",
"comment": "",
"id": null,
"sha": null,
"tags": null,
"layerNumber": null,
"isBaseLayer": null,
"isEmptyLayer": null
}
],
"architecture": "amd64",
"imageId": "fdab38ea8e39",
"lastScanned": null,
"registryUuid": null,
"source": [
"GENERAL"
],
"users": null,
"lastFoundOnHost": {
"sensorUuid": "75e30f2f-05f5-413f-9baf-0095b39347ad",
"hostname": "localhost.localdomain",
"ipAddress": "10.115.97.76",
"uuid": "62fe1baa-0311-0002-ca34-0050568cd03b",
"lastUpdated": "2024-08-22T10:52:22.065Z"
},
"lastUsedDate": null,
"isDockerHubOfficial": null,
"scanType": null,
"scanTypes": null,
"softwares": null,
"vulnerabilities": null,
"malware": null,
"secrets": null,
"lastMalwareScanned": null,
"riskScore": null,
"riskScoreCalculatedDate": null,
"maxQdsScore": null,
"qdsSeverity": null
"criticality": 5,
"criticalityUpdated": 1717098843553
}
],
"limit": 2
}
Updated API: Fetch a List of Containers in your Account
New or Updated APIs | New |
---|---|
API Endpoint (New version) | /csapi/v1.3/containers |
Method | GET |
DTD XSD Changes | No |
Sample: Fetch a List of Containers in your AccountSample: Fetch a List of Containers in your Account
API Request
curl -X GET
'<qualys_base_url>/csapi/v1.3/containers?pageNumber=1&pageSize=50&sort=created:desc" \
-H "Authorization: Bearer <token>'
API Response
{
"data": [
"imageId": "b798104c002a",
"created": "1721713977000",
"updated": "1721714109665",
"sha":
"d838bcb622a003b767ace31039475f37a5d34f093f8de82a71536f3fcfcb839e",
"uuid": "051a684a-9bad-3cb1-bf28-91084ee6e024",
"name": "test-vul-propogation",
"host": null,
"state": "DELETED",
"imageUuid": "fbdc0a10-7186-3439-8712-2db20df179e6",
"containerId": "d838bcb622a0",
"stateChanged": "1721714102790",
"lastVmScanDate": null,
"isRoot": null,
"vulnerabilities": {
"severity5Count": null,
"severity3Count": null,
"severity4Count": null,
"severity1Count": null,
"severity2Count": null
},
"exceptions": null,
{ "riskScore": 258,
"riskScoreCalculatedDate": "1723567125904",
"formulaUsed": "MIN (1000 , 2 * ( 1.0 * 64.70 * Pow(10,0.01) +
0.6 * 60.04 * Pow(26,0.01) + 0.4 * 44.35 * Pow(147,0.01) + 0.2 * 36.20 *
Pow(5,0.01) ))",
"maxQdsScore": 95,
"qdsSeverity": "CRITICAL",
}
"scanTypes": null,
"cluster": null,
"criticality": 3,
"criticalityUpdated": "1717098843553",
"compliance": {
"failCount": 0,
"passCount": 0,
"errorCount": 0
},
"lastComplianceScanDate": null
},
],
"count": 1
}
Updated API: Fetch Containers Details
New or Updated APIs | New |
---|---|
API Endpoint (New version) | /csapi/v1.3/containers/{containerSha} |
Method | GET |
DTD XSD Changes | No |
Sample: Fetch Container Details Sample: Fetch Container Details
API Request
curl -X 'GET' '<qualys_base_url>/csapi/v1.3/containers/647ae732d98e1bcceb7b02356bd7e873eef13c5916c3a1e9d95700ab893cc09f' \ -H 'accept: application/json' \ -H Authorization: Bearer <Token>
API Response
{
"portMapping": null,
"imageId": "a6c0cb5dbd21",
"created": "1683279176000",
"updated": "1683622183866",
"label": [
{
"key": "io.kubernetes.container.name",
"value": "kube-flannel"
},
{
"key": "io.kubernetes.sandbox.id",
"value":
"48a021247b1d3bf3a2d269c2ff71604f54f4e827ca47584844870ed5591950c4"
},
{
"key": "io.kubernetes.pod.uid",
"value": "5a737762-77c2-4763-9c1c-84c15a2684f0"
}
],
"uuid": "a90b7cb5-c704-3343-b538-74c7807807a2",
"sha":
"647ae732d98e1bcceb7b02356bd7e873eef13c5916c3a1e9d95700ab893cc09f",
"privileged": false,
"path": "/opt/bin/flanneld",
"imageSha":
"a6c0cb5dbd21197123942b3469a881f936fd7735f2dc9a22763b6f777f24345e",
"macAddress": "",
"customerUuid": "6a849349-****-****-****-e****e3a0019",
"ipv4": null,
"ipv6": null,
"name": "k8s_kube-flannel_kube-flannel-ds-mpmq6_kubeflannel_5a737762-77c2-4763-9c1c-84c15a2684f0_0",
"host": {
"sensorUuid": "dae76860-22f7-4ef1-9a67-aef07944d92c",
"hostname": "ip-10-**-9-***",
"ipAddress": "10.**.9.***",
"uuid": "86e028bd-f283-4468-a099-953a6a033728",
"lastUpdated": "2023-05-09T08:47:15.854Z"
},
"hostArchitecture": [
"x86_64"
],
"state": "RUNNING",
"imageUuid": "9baf9f85-f3bf-3259-b8d5-3cd51967d34a",
"containerId": "647ae732d98e",
"stateChanged": "1683528203674",
"services": null,
"users": [
"root"
],
"operatingSystem": "Alpine Linux 3.17.3",
"lastScanned": "1683575890303",
"source": "GENERAL",
"isInstrumented": null,
"environment": [
"POD_NAME=kube-flannel-ds-mpmq6",
"POD_NAMESPACE=kube-flannel",
"KUBERNETES_SERVICE_HOST=10.96.0.1",
"FLANNEL_ARCH=amd64",
"KUBERNETES_PORT_443_TCP_PORT=xxx",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"EVENT_QUEUE_DEPTH=5000",
"KUBERNETES_SERVICE_PORT=xxx"
],
"arguments": [
"--kube-subnet-mgr",
"--ip-masq"
],
"command": "--ip-masq --kube-subnet-mgr",
"drift": {
"category": [],
"reason": [],
"software": [],
"vulnerability": []
},
"vulnerabilities": [],
"softwares": [
{
"name": "nghttp2-libs",
"version": "1.51.0-r0",
"scanType": null,
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "iproute2-minimal",
"version": "6.0.0-r1",
"scanType": null,
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
],
"isDrift": false,
"isRoot": true,
"lastComplianceScanned": "1683622183866",
"cluster": {
"type": "KUBERNETES",
"k8s": {
"project": null,
"pod": {
"name": "kube-flannel-ds-mpmq6",
"uuid": "5a737762-77c2-4763-9c1c-84c15a2684f0",
"namespace": "kube-flannel",
"namespaceMetadata": {
"labels": [
"label127:value127",
"label117:value117",
"label125:value125",
"label35:value35",
"kubernetes.io/metadata.name:kube-flannel",
"label165:value165",
"label247:value247",
"pod-security.kubernetes.io/enforce:privileged",
"label227:value227"
],
"annotations": [
"kubectl.kubernetes.io/last-appliedconfiguration:{\"apiVersion\":\"v1\",\"kind\":\"Namespace\",\"metadata\":{\"annotations\":{},\"labels\":{\"k8s-app\":\"flannel\",\"podsecurity.kubernetes.io/enforce\":\"privileged\"},\"name\":\"kubeflannel\"}}\n"
]
},
"label": [
{
"key": "tier",
"value": "node"
},
{
"key": "pod-template-generation",
"value": "1"
}
],
"controller": [
{
"uuid": "3224eb6a-9040-4450-bfcf-6c969702bf79",
"name": "kube-flannel-ds",
"type": "DaemonSet"
}
]
},
"node": {
"name": "ip-10-**-9-***",
"isMaster": false
}
},
"version": "v1.26.3"
},
"cloudProvider": {
"aws.ecs.container.subnetId": null,
"aws.ec2.instanceId": "i-0ab8d3318979f529c",
"aws.ecs.clusterName": null,
"aws.ecs.container.macAddress": null,
"aws.ecs.region.code": null,
"aws.ecs.container.id": null,
"aws.ecs.accountId": null
}
"exceptions": [
{
"uuid": "624efd86-6172-4851-beb1-75cb9b1634fb",
"assignmentType": "CASCADE"
},
{
"uuid": "c0b4ec8d-a186-4f2c-9a6d-3adc3dfb3cff",
"assignmentType": "CASCADE"
},
{
"uuid": "d7b11c61-dcf2-4cf5-b369-8877f1b619c6",
"assignmentType": "MANUAL"
}
{"riskScore": 258,
"riskScoreCalculatedDate": "1722355883371",
"formulaUsed": "MIN (1000 , 2 * ( 1.0 * 64.70 * Pow(10,0.01) + 0.6 *60.04 * Pow(26,0.01) + 0.4 * 44.35 * Pow(147,0.01) + 0.2 *36.20*Pow(5,0.01) ))",
"maxQdsScore": 87,
"qdsSeverity": "CRITICAL"
"criticality": 3,
"criticalityUpdated": 1717098843553,
}
]
}
Updated API: Fetch a List of Containers (Bulk API)
New or Updated APIs | New |
---|---|
API Endpoint (New version) | /csapi/v1.3/containers/list |
Method | GET |
DTD XSD Changes | No |
Sample: Fetch a List of Containers (Bulk API)Sample: Fetch a List of Containers (Bulk API)
API Request
curl -X 'GET' '<qualys_base_url>/csapi/v1.3/containers/647ae732d98e1bcceb7b02356bd7e873eef13c5916c3a1e9d95700ab893cc09f' \ -H 'accept: application/json' \ -H Authorization: Bearer <Token>
API Response
{ "data": [ { "portMapping": null, "imageId": "ca2b0f26964c", "created": "1710410237000", "updated": "1724328658730", "label": [ { "key": "org.opencontainers.image.ref.name", "value": "ubuntu" }, { "key": "org.opencontainers.image.version", "value": "22.04" } ], "uuid": "c4cbf8f2-692f-3587-b366-7c71b47ba738", "sha": "5dc4b9f325eb98b0ba589be9e3f653bacd5a35a00707579c80f72913c2892f3b", "privileged": false, "path": "/bin/bash", "imageSha": "ca2b0f26964cf2e80ba3e084d5983dab293fdb87485dc6445f3f7bbfc89d7459", "macAddress": "", "customerUuid": "af24ca38-27a8-6bd9-8241-5ec3c9eecdb5", "ipv4": null, "ipv6": null, "name": "practical_yalow", "host": { "sensorUuid": "75e30f2f-05f5-413f-9baf-0095b39347ad", "hostname": "localhost.localdomain", "ipAddress": "10.115.97.76", "uuid": "62fe1baa-0311-0002-ca34-0050568cd03b", "lastUpdated": "2024-08-22T10:52:22.065Z" }, "hostArchitecture": [ "x86_64" ], "state": "UNKNOWN", "imageUuid": "27b4826f-c917-3fbd-97e0-580a30911409", "containerId": "5dc4b9f325eb", "stateChanged": "1724328658594", "services": null, "users": root, "operatingSystem": null, "lastScanned": null, "source": "GENERAL", "riskScore": 258, "riskScoreCalculatedDate": 1722355883371, "formulaUsed": "MIN (1000 , 2 * ( 1.0 * 64.70 * Pow(10,0.01) + 0.6 *60.04 * Pow(26,0.01) + 0.4 * 44.35 * Pow(147,0.01) + 0.2 * 36.20 *Pow(5,0.01) ))",, "maxQdsScore": 87, "qdsSeverity": CRITICAL, "scanTypes": null, "criticality": 3, "criticalityUpdated": 1717098843553, "environment": [ "HTTPS_PROXY=http://10.xxx.27.xx:3xx8", "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], "arguments": null, "command": "/bin/bash", "drift": null, "vulnerabilities": null, "softwares": null, "isDrift": false, "isRoot": true, "isExposedToWorld": null, "cluster": null }, ], "limit": 1 }
Base Image Identification
With this release, you can detect the base image. It provides additional details about the images like base image SHA, child image count associated with that image, processing time for SBOM, and base image processing.
The following APIs are updated for this feature.
- Fetch a List of Images in your Account
GET /csapi/v1.3/images - Fetch Image Details
GET /csapi/v1.3/images/{imageSha}
Updated API: Fetch a List of Images in your Account
New or Updated APIs | Updated |
---|---|
API Endpoint (New version) | /csapi/v1.3/images |
Method | GET |
DTD XSD Changes | No |
Output ParametersOutput Parameters
The following table shows the output parameters introduced for this feature in this API. To see these parameters, refer to the API Response given below.
Parameter |
Data Type |
Description |
---|---|---|
baseImage | String | Specify base image ID or name. |
childImagesCount | Integer | Indicates number of child images present in the base image. |
sbomLayerProcessingTimestamp | String | Indicates the time at which the SBOM layer was processed. |
baseImageProcessingTimestamp | String | Indicates the time at which the base image was processed. |
Sample: Fetch a List of Images in your AccountSample: Fetch a List of Images in your Account
API Request
curl -X 'GET' '<qualys_base_url>/csapi/v1.3/images' \ -H 'accept: application/json' \ -H Authorization: Bearer <Token>
API Response
{ "data": [ { "created": "1730886248000", "updated": "1731078956569", "lastUsedDate": null, "sha": "0d3c77cfe7f540bb04568941cbc7c91c906823fd9a57f2c7b8df7abc9692b22f", "repo": [ { "registry": "docker.io", "tag": "scatestchildimg", "repository": "qualysdockerhub/repotest" } ], "repoDigests": [ { "registry": "docker.io", "digest": "829a5795898044a133af696d0a89a120b8f5fe5fc240ce3fb783023b730108aa", "repository": "qualysdockerhub/repotest" } ], "uuid": "c2ea9884-2adc-3407-bc69-4aca4b8ac4ac", "size": 1876180009, "vulnerabilities": { "severity5Count": 6, "severity3Count": 15, "severity4Count": 15, "severity1Count": 0, "severity2Count": 2 }, "imageId": "0d3c77cfe7f5", "associatedContainersCount": 0, "associatedHostsCount": 1, "lastVmScanDate": "1731078956569", "registryUuid": null, "source": [ "GENERAL" ], "isDockerHubOfficial": false, "scanType": null, "scanTypes": [ "SCA", "DYNAMIC" ], "scanErrorCode": null, "scanStatus": null, "lastFoundOnHost": { "sensorUuid": "fe999c1c-2554-4925-9fee-afe94de3fd66", "hostname": "ip-10-82-11-118", "ipAddress": "10.82.11.118", "uuid": "854a41ef-835a-4a5d-9a22-1a946cced371", "lastUpdated": "2024-11-08T09:51:11.311Z" }, "exceptions": null, "riskScore": 250, "riskScoreCalculatedDate": "1731078744423", "maxQdsScore": 72, "qdsSeverity": "HIGH", "lastScannedBySensor": null, "scanErrorMessage": null, "criticality": null, "criticalityUpdated": null, "baseImage": "6c8de432fc7f7d8c58899f61982d1662ec6b73fb3ef92f862ba170dcc5b64fa9", "childImagesCount": 0, "sbomLayerProcessingTimestamp": "1731059969786", "baseImageProcessingTimestamp": "1731059970069", "compliance": { "failCount": 0, "passCount": 0, "errorCount": 0 }, "lastComplianceScanDate": null },
Updated API: Fetch Image Details
New or Updated APIs | Updated |
---|---|
API Endpoint (New version) | /csapi/v1.3/images/{imageSha} |
Method | GET |
DTD XSD Changes | No |
Output ParametersOutput Parameters
The following table shows the output parameters introduced for this feature in this API. To see these parameters, refer to the API Response given below.
Parameter |
Data Type |
Description |
---|---|---|
layerNumber | Integer | Specify the layer number. |
isBaseLayer | Boolean | Specify if the image is base image. Valid Values: yes or no |
baseImage | String | Specify base image ID or name. |
childImagesCount | Integer | Indicates number of child images present in the base image. |
sbomLayerProcessingTimestamp | String | Indicates the time at which the SBOM layer was processed. |
baseImageProcessingTimestamp | String | Indicates the time at which the base image was processed. |
Sample: Fetch Image DetailsSample: Fetch Image Details
API Request
curl -X 'GET' '<qualys_base_url>/csapi/v1.3/images/647ae732d98e1bcceb7b02356bd7e873eef13c5916c3a1e9d95700ab893cc09f' \ -H 'accept: application/json' \ -H Authorization: Bearer <Token>
API Response
{ "created": "1730118235000", "updated": "1731496560064", "lastUsedDate": null, "author": "", "repo": [ { "registry": "docker.io", "tag": "mychildimg", "repository": "qualysdockerhub/testvk" } ], "repoDigests": [ { "registry": "docker.io", "digest": "5cdc764ee36105fc1b6faf510cbcd58831f6288723af80cb129fe80bacb8ee57", "repository": "qualysdockerhub/testvk" } ], "label": [ { "key": "org.opencontainers.image.ref.name", "value": "ubuntu" }, { "key": "org.opencontainers.image.version", "value": "20.04" } ], "uuid": "093b245c-c23e-3e7c-9dfb-104bd9e7b979", "sha": "821f51aeaa3f7f7d1f2afd0528f227fd67e224e1576b51f5c634de0ce2605d4a", "operatingSystem": "Ubuntu Linux 20.04.6", "customerUuid": "090a1b6b-0bbb-7c4b-82a5-81395a4402b3", "dockerVersion": "24.0.7", "size": 90686992, "layers": [ { "size": null, "createdBy": "ARG RELEASE", "created": "1728617905000", "comment": null, "id": null, "sha": "", "tags": null, "layerNumber": 1, "isBaseLayer": true, "isEmptyLayer": true }, { "size": null, "createdBy": "RUN apt-get update && apt-get install -y curl && rm -rf /var/lib/apt/lists/*", "created": "1730118010000", "comment": null, "id": "dc9f0aa8da3f", "sha": "dc9f0aa8da3f0dcac5ca12a0ba4074e8dbbe301fe532e79bf27363b51dbd6f1f", "tags": null, "layerNumber": 7, "isBaseLayer": true, "isEmptyLayer": false }, { "size": null, "createdBy": "RUN apt-get update && apt-get install -y wget && rm -rf /var/lib/apt/lists/*", "created": "1730118235000", "comment": null, "id": "70958f007e32", "sha": "70958f007e324e89351a73c36b95ad73be20a6c6a3c04836afec3ec882331794", "tags": null, "layerNumber": 8, "isBaseLayer": false, "isEmptyLayer": false } ], "host": [ { "sensorUuid": "90e18a3d-0b1d-4603-a670-569994346804", "hostname": "ip-10-82-8-187", "ipAddress": "10.82.8.187", "uuid": "76aa7fc3-1af3-4afc-9e83-98aa230cb4be", "lastUpdated": null } ], "hostArchitecture": [ "x86_64" ], "architecture": "amd64", "imageId": "821f51aeaa3f", "lastScanned": "1731496559882", "registryUuid": null, "source": [ "CICD" ], "totalVulCount": "0", "users": null, "isDockerHubOfficial": null, "scanType": null, "scanTypes": [ "SCA", "DYNAMIC" ], "scanErrorCode": null, "scanStatus": "SUCCESS", "lastFoundOnHost": null, "lastScannedBySensor": "90e18a3d-0b1d-4603-a670-569994346804", "scanErrorMessage": null, "malware": null, "lastMalwareScanned": null, "exceptions": null, "secrets": null, "lastSecretScanned": null, "riskScore": 0, "riskScoreCalculatedDate": "1731496559882", "formulaUsed": "MIN (1000 , 2 * ( 1.0 * 0 * Pow(0,0.01) + 0.6 * 0 * Pow(0,0.01) + 0.4 * 0 * Pow(0,0.01) + 0.2 * 0 * Pow(0,0.01) ))", "maxQdsScore": null, "qdsSeverity": null, "criticality": null, "criticalityUpdated": null, "baseImage": "7a9ac57a87becb3f00a35a6fa5939276a0363963b2822b44f0f9e99e399740f0", "childImagesCount": 0, "sbomLayerProcessingTimestamp": "1731496559846", "baseImageProcessingTimestamp": "1731496560037", "softwares": [ { "name": "libext2fs2:amd64", "version": "1.45.5-2ubuntu1.2", "scanType": "DYNAMIC", "packagePath": null, "fixVersion": null, "vulnerabilities": null }, { "name": "libgpg-error0:amd64", "version": "1.37-1", "scanType": "DYNAMIC", "packagePath": null, "fixVersion": null, "vulnerabilities": null }, { "name": "libgcrypt20:amd64", "version": "1.8.5-5ubuntu1.1", "scanType": "DYNAMIC", "packagePath": null, "fixVersion": null, "vulnerabilities": null }, { "name": "libkrb5support0:amd64", "version": "1.17-6ubuntu4.7", "scanType": "DYNAMIC", "packagePath": null, "fixVersion": null, "vulnerabilities": null }, { "name": "bzip2", "version": "1.0.8-2", "scanType": "DYNAMIC", "packagePath": null, "fixVersion": null, "vulnerabilities": null }, { "name": "libsemanage1:amd64", "version": "3.0-1build2", "scanType": "DYNAMIC", "packagePath": null, "fixVersion": null, "vulnerabilities": null }, { "name": "libudev1:amd64", "version": "245.4-4ubuntu3.24", "scanType": "DYNAMIC", "packagePath": null, "fixVersion": null, "vulnerabilities": null }, { "name": "init-system-helpers", "version": "1.57", "scanType": "DYNAMIC", "packagePath": null, "fixVersion": null, "vulnerabilities": null }, { "name": "bsdutils", "version": "1:2.34-0.1ubuntu9.6", "scanType": "DYNAMIC", "packagePath": null, "fixVersion": null, "vulnerabilities": null } ], "vulnerabilities": [], "lastComplianceScanned": "1731496452537" }