Release 1.35 API

December 16, 2024

Before understanding the API release highlights, learn more about the API server URL to be used in your API requests by referring to the Know Your Qualys API Server URL section. For this API Release Notes, <qualys_base_url> is mentioned in the sample API requests. 

What's New?

With Container Security 1.35 release, the following enhancements in APIs are made.

Report Enhancement 

With this release, the following enhancements are done. 

 

New API: Update an Active Report Schedule 

New or Updated APIs New
API Endpoint (New version) /csapi/v1.3/reports/schedule/{reportingScheduleID}
Method PUT
DTD XSD Changes No
Input ParametersInput Parameters

Parameter

Mandatory/Optional

Data Type

Description

displayColumns  Optional  string Specify the columns to include in the report. Multiple columns should be comma-separated. 
Valid Values: repo, uuid, sha, severity, firstDetected, qdsScoreriskScore, qid and so on
expireAfter  Mandatory  string Specify a time period after which the report expires and gets deleted from your account.
Valid Values: 1, 7, 30, or 90 days.
eventTime  Mandatory  string Specify the start date and time (UTC) for the schedule.
For example, 2023-02-16T19:30:00Z.
eventEndTime  Mandatory  string Specify the end date and time (UTC) for the schedule.
reportScheduleDetails  Mandatory   Specify the below parameters to define a schedule. Specify null if you do not want to create a recurrent report schedule. In that case, the report is triggered for only once (on the time specified in eventTime).
recurrenceType  Mandatory  string Specify the recurrence frequency as DAILY or WEEKLY or MONTHLY. 
selectedDayOfWeeks  Mandatory  string Specify a day on which the report is triggered every week. This parameter is valid only if the recurrenceType is WEEKLY. The valid values are the names of days. Specify null if this parameter is not applicable. 
zip  Optional  integer Choose to send scheduled report through a Zip file.
Valid Values: 0 or 1.
'0' indicates 'no', and '1' indicates 'yes'.
emailNotification  Optional  boolean Choose to send scheduled report through an email.
Valid Values: 0 or 1.
'0' indicates 'no', and '1' indicates 'yes'.
sendAsAttachment  Optional  boolean Choose to send scheduled report through an attachment.
Valid Values: 0 or 1.
'0' indicates 'no', and '1' indicates 'yes'.
recipient  Optional  string Mandatory if emailNotification is choosen.
Email Id of the person whom you want to send the report update notification.
emailSubject  Optional  string Subject email of the update notification.
customMessage  Optional  string Message to be shown in the update notification email.
Sample: Update an Active Report ScheduleSample: Update an Active Report Schedule

API Request

    curl -X 'PUT' \
  '<qualys_base_url>/csapi/v1.3/reports/schedule/6e8f7a20-91cb-11ef-9f40-ad02a75af93a' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>' \
  -H 'Content-Type: application/json' \
  -d '{
  "displayColumns": [
        "repo",
        "uuid",
        "sha",
        "severity",
        "firstDetected",
        "riskScore",
        "qdsScore",
        "qid",
        "imageId"
      ],
  "expireAfter": "90",
  "eventTime": "2024-10-24T06:41:51.864Z",
  "eventEndTime": "2024-12-30T05:41:51.864Z",
  "reportScheduleDetails": {
    "recurrenceType": "WEEKLY",
    "selectedDayOfWeeks": [
      "THURSDAY"
    ]
  },
  "zip": "1",
  "emailNotification": "1",
  "sendAsAttachment": "1",
  "recipient": "jack_reader@rediffmail.com,john_doe@gmail.com",
  "emailSubject": "Test email for edit schedule",
  "customMessage": "Report-message"
}'
    

API Response

    { "message": "Details updated successfully for reportScheduleId 6e8f7a20-91cb-11ef-9f40-ad02a75af93a" }
    

 

Updated API: Create a Report Request 

New or Updated APIs Updated
API Endpoint (New version) /csapi/v1.3/reports
Method POST
DTD XSD Changes No
Input ParametersInput Parameters

The following table shows the updated or new input parameters.

Parameter

Mandatory/Optional

Data Type

Description

displayColumns  Mandatory  string Specify the columns to include in the report. Multiple columns should be comma-separated. 
Valid Values - repo, uuid, sha, severity, firstDetected, qdsScoreriskScore, qid and so on.
zip  Optional  integer Choose to send scheduled report through a Zip file.
Valid Values: 0 or 1.
'0' indicates 'no', and '1' indicates 'yes'.
sendAsAttachment  Optional  boolean Choose to send scheduled report through an attachment.
Valid Values: 0 or 1.
'0' indicates 'no', and '1' indicates 'yes'.
recipient  Optional  string Mandatory if emailNotification is choosen.
Email Id of the person whom you want to send the report update notification.
emailSubject  Optional  string Subject email of the update notification.
customMessage  Optional  string Message to be shown in the update notification email.
Sample: Create a Report RequestSample: Create a Report Request

API Request

   curl -X 'POST' \
  '<qualys_base_url>/csapi/v1.3/reports' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>' \
  -H 'Content-Type: application/json' \
  -d '{
  "description": "Report Test",
  "name": "ABC",
  "filter": null,
  "displayColumns": [
    "repo",
    "uuid",
    "qid",
    "firstDetected",
    "riskScore",
    "qdsScore"
  ],
  "templateName": "CS_IMAGE_VULNERABILITY",
  "expireAfter": "30",
  "zip": "0",
  "emailNotification": "1",
  "sendAsAttachment": "0",
  "recipient": "jack_reader@acme.com",
  "emailSubject": "EMAIL receive check",
  "customMessage": "Please find the email and its details."
}'
    

API Response

   {
  "reportUuid": "cfcd7840-91cc-11ef-9f40-ad02a75af93a"
} 
    

 

Updated API: Create a Report Schedule 

New or Updated APIs Updated
API Endpoint (New version) /csapi/v1.3/reports/schedule
Method POST
DTD XSD Changes No
Input ParametersInput Parameters

The following table shows the updated or new input parameters.

Parameter

Mandatory/Optional

Data Type

Description

displayColumns  Mandatory  string Specify the columns to include in the report. Multiple columns should be comma-separated. 
Valid Values - repo, uuid, sha, severity, firstDetectedqdsScoreriskScore, and so on. 
zip  Optional  integer Choose to send scheduled report through a Zip file.
Valid Values: 0 or 1.
'0' indicates 'no', and '1' indicates 'yes'.
sendAsAttachment  Optional  boolean Choose to send scheduled report through an attachment.
Valid Values: 0 or 1.
'0' indicates 'no', and '1' indicates 'yes'.
recipient  Optional  string Mandatory if emailNotification is choosen.
Email Id of the person whom you want to send the report update notification.
emailSubject  Optional  string Subject email of the update notification.
customMessage  Optional  string Message to be shown in the update notification email.
Sample: Create a Report ScheduleSample: Create a Report Schedule

API Request

    curl -X 'POST' \
  '<qualys_base_url>/csapi/v1.3/reports/schedule' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>' \
  -H 'Content-Type: application/json' \
  -d '{
  "description": "TEST EDIT SCHEDULE",
  "name": "Report-Test",
  "filter": null,
  "displayColumns": [
    "repo",
    "uuid",
    "sha",
    "severity",
    "firstDetected",
    "riskScore",
    "qdsScore",
    "qid"  ],
  "templateName": "CS_IMAGE_VULNERABILITY",
  "expireAfter": "30",
  "eventEndTime": "2024-11-24T05:41:51.864Z",
  "action": "CREATE",
  "eventTime": "2024-10-24T06:41:51.864Z",
  "reportScheduleDetails": {
    "recurrenceType": "DAILY"
  },
  "zip": "1",
  "emailNotification": "1",
  "sendAsAttachment": "1",
  "recipient": "john_doe@gmail.com",
  "emailSubject": "Acme Test Report",
  "customMessage": "Check the report generated"
}'
    

API Response

    {
  "scheduleUuid": "6e8f7a20-91cb-11ef-9f40-ad02a75af93a"
}
    

 

Updated API: Fetch a List of a Report Schedules 

New or Updated APIs Updated
API Endpoint (New version) /csapi/v1.3/reports/schedules
Method GET
DTD XSD Changes No
Sample: Fetch a List of Report SchedulesSample: Fetch a List of Report Schedules

API Request

    curl -X 'GET' \
  '<qualys_base_url>/csapi/v1.3/reports/schedules?pageNumber=1&pageSize=50' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>'
    

API Response

    {
  "data": [
    {
      "name": "Report-Test",
      "reportScheduleUuid": "6e8f7a20-91cb-11ef-9f40-ad02a75af93a",
      "scheduledDatetime": "2024-10-24T05:47:19.000Z",
      "templateName": "CS_IMAGE_VULNERABILITY",
      "resourceId": "0e7d3fca-cb6e-4140-ae4d-584f760ae6ce",
      "action": "CREATE",
      "eventTime": "2024-10-24T06:41:51.864Z",
      "eventEndTime": "2024-11-24T05:41:51.864Z",
      "cronExpression": "0 41 6 1/1 * ? *",
      "description": "TEST EDIT SCHEDULE",
      "createdDateTime": "2024-10-24T05:47:19.000Z",
      "nextFireTime": "2024-10-25T06:41:00.000Z",
      "state": "RESUME",
      "format": "csv",
      "moduleCode": "CS",
      "displayColumns": [
        "repo",
        "uuid",
        "sha",
        "severity",
        "firstDetected",
        "qid",
        "imageId"
      ],
      "emailNotification": 1,
      "filter": "",
      "reportScheduleDetails": {
        "recurrenceType": "DAILY",
        "selectedDayOfWeeks": null,
        "monthlyType": null,
        "ordinalDayOfMonth": 0,
        "dayOfWeek": null,
        "ordinalDayOfWeek": 0
      },
      "expireAfter": 30,
      "recipient": "john_doe@gmail.com",
      "customMessage": "Check the report generated.",
      "sendAsAttachment": 1,
      "emailSubject": "Qualys-test report",
      "zip": 1
    },
    {
      "name": "EMAIL2",
      "reportScheduleUuid": "d4067330-8a1a-11ef-9f40-ad02a75af93a",
      "scheduledDatetime": "2024-10-14T10:55:30.000Z",
      "templateName": "CS_IMAGE_VULNERABILITY",
      "resourceId": "20b1b9db-18de-494b-b70a-d250fe6848d6",
      "action": "CREATE",
      "eventTime": "2024-10-14T10:59:00Z",
      "eventEndTime": "",
      "cronExpression": "",
      "description": "",
      "createdDateTime": "2024-10-14T10:55:30.000Z",
      "nextFireTime": null,
      "state": "COMPLETED",
      "format": "csv",
      "moduleCode": "CS",
      "displayColumns": [
        "repo",
        "imageId",
        "sha",
        "uuid",
        "label",
        "tags",
        "created",
        "updated",
        "qid",
        "title",
        "severity",
        "cveids",
        "vendorReference",
        "cvssBase",
        "cvssTemporal",
        "cvss3Base",
        "cvss3Temporal",
        "threat",
        "impact",
        "solution",
        "exploitability",
        "associatedMalwares",
        "category",
        "software",
        "result"
      ],
      "emailNotification": 1,
      "filter": "",
      "reportScheduleDetails": null,
      "expireAfter": 7,
      "recipient": "kadamsur02@gmail.com,surkadam@qualys.com",
      "customMessage": "",
      "sendAsAttachment": 0,
      "emailSubject": "Qualys: EMAIL2",
      "zip": 0
    },
  ],
  "count": 2,
  "groups": null,
  "aggs": null
} 
    

 

Updated API: Fetch a List of Reports 

New or Updated APIs Updated
API Endpoint (New version) /csapi/v1.3/reports
Method GET
DTD XSD Changes No
Sample: Fetch a List of ReportsSample: Fetch a List of Reports

API Request

    curl -X 'GET' \
  '<qualys_base_url>/csapi/v1.3/reports?pageNumber=1&pageSize=50' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token> 
    

API Response

    {
  "data": [
    {
      "reportUuid": "cfcd7840-91cc-11ef-9f40-ad02a75af93a",
      "createdAt": "2024-10-24T05:57:11.000Z",
      "reportName": "ABC",
      "description": "Report Test",
      "fileFormat": "csv",
      "templateName": "CS_IMAGE_VULNERABILITY",
      "status": "COMPLETED",
      "isScheduled": 0,
      "filter": null,
      "displayColumns": [
        "repo",
        "uuid",
        "qid",
        "firstDetected",
        "imageId"
      ],
      "expireOn": "2024-11-23T05:57:11.000Z",
      "emailNotification": 1,
      "recipient": "jack_reader@acme.com",
      "emailSubject": "EMAIL receive check",
      "customMessage": "Test custom message",
      "sendAsAttachment": 0,
      "fileZipped": 0
    },
    {
      "reportUuid": "0265a320-9030-11ef-b98f-b9ad9f663189",
      "createdAt": "2024-10-22T04:42:14.000Z",
      "reportName": "joiewjfew",
      "description": null,
      "fileFormat": "csv",
      "templateName": "CS_IMAGE_VULNERABILITY",
      "status": "COMPLETED",
      "isScheduled": 0,
      "filter": null,
      "displayColumns": [
        "imageId",
        "tags",
        "qid",
        "firstDetected"
      ],
      "expireOn": "2024-10-29T04:42:14.000Z",
      "emailNotification": 0,
      "recipient": "",
      "emailSubject": "",
      "customMessage": "",
      "sendAsAttachment": 0,
      "fileZipped": 0
    },
    {
      "reportUuid": "1e2dca60-86fd-11ef-9f40-ad02a75af93a",
      "createdAt": "2024-10-10T11:45:16.000Z",
      "reportName": "ERS1",
      "description": null,
      "fileFormat": "csv",
      "templateName": "CS_IMAGE_VULNERABILITY",
      "status": "COMPLETED",
      "isScheduled": 1,
      "filter": "vulnerabilities.severity:3 ",
      "displayColumns": [
        "repo",
        "imageId",
        "sha",
        "uuid",
        "label",
        "tags",
        "created",
        "updated",
        "qid",
        "title",
        "severity",
        "cveids",
        "vendorReference",
        "cvssBase",
        "cvssTemporal",
        "cvss3Base",
        "cvss3Temporal",
        "threat",
        "impact",
        "solution",
        "exploitability",
        "associatedMalwares",
        "category",
        "software",
        "result"
      ],
      "expireOn": "2025-01-08T11:45:16.000Z",
      "emailNotification": 1,
      "recipient": "john_doe@gmail.com",
      "emailSubject": "",
      "customMessage": "",
      "sendAsAttachment": 0,
      "fileZipped": 1
    }
  ],
  "count": 3
}
    

 

Ability to Download SBOM of an Image

With this release, you can download SBOM report in SPDX and CycloneDX (CDX) formats with the help of SBOM download API. This API is newly introduced to download the SBOM of the specified image.

New API: Fetch SBOM of an Image

New or Updated APIs New
API Endpoint (New version) /csapi/v1.3/images/{imageSha}/sbom/download
Method GET
DTD XSD Changes No
Input ParametersInput Parameters

The following table shows the updated or new input parameters.

Parameter

Mandatory/Optional

Data Type

Description

imageSha Mandatory string Indicates SHA value of the image.
sbomType Mandatory string Indicates type of the SBOM you want to download.
Valid Values: SPDX, or CYCLONEDX
Sample: Fetch SBOM of an ImageSample: Fetch SBOM of an Image

API Request

    curl -X 'GET' \
  '<qualys_base_url>/csapi/v1.3/images/5a3c93f8edbc011a160dccbe33a17269004f9d7fc2da59d393b30fbd9e60d7e2/sbom/download?sbomType=SPDX' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>' \
  -H 'Content-Type: application/json' \ 
 
    

API Response (Truncated)

{
  "data": [    
{
      "imageId": "fdf935485c39",
      "created": "1722328423000",
      "updated": "1727093528962",
      "sha": "6874b21dfe6b5964c608254f83aec269ec4c916d6a9e55f48b24c3f174150f57",
      "uuid": "f1fe2d3f-1f6b-32c7-92fb-5378f218453c",
      "name": "happy_snyder",
      "host": {
        "sensorUuid": "9ab35e80-4ecc-4af7-a774-87a752631bc6",
        "hostname": "ntest_123",
        "ipAddress": "10.115.119.175",
        "uuid": "16c09c4f-fbda-4845-930b-d5965c3562ac",
        "lastUpdated": "2024-09-20T04:59:16.842Z"
      },
      "state": "UNKNOWN",
      "imageUuid": "fc3833ed-783b-3224-9c5a-637ab7e5dc6d",
      "containerId": "6874b21dfe6b",
      "stateChanged": "1727093502633",
      "lastVmScanDate": "1727083410250",
      "isRoot": true,
      "vulnerabilities": {
        "severity5Count": 1,
        "severity3Count": 2,
        "severity4Count": 5,
        "severity1Count": 0,
        "severity2Count": 0
      },
      "exceptions": null,
      "riskScore": 126,
      "riskScoreCalculatedDate": "1727083410248",
      "formulaUsed": "MIN (1000 , 2 * ( 0.6 * 71.00 * Pow(5,0.01) + 0.4 * 50.00 * Pow(2,0.01) ))",
      "maxQdsScore": 95,
      "qdsSeverity": "CRITICAL",
      "isExposedToWorld": false,
      "scanTypes": [
        "DYNAMIC"
      ],
      "cluster": null,
      "criticality": null,
      "criticalityUpdated": null,
      "compliance": {
        "failCount": 8,
        "passCount": 16,
        "errorCount": 0
      },
      "lastComplianceScanDate": "1726815129386"
    }
  }
  ],
.
.
.
  "count": 8
}
    

 

Support Cloud and Cluster Information in Container

With this release, Cluster and Cloud Provider information is available in the responses of the following APIs.

Updated API: Fetch a List of Containers in your Account

New or Updated APIs Updated
API Endpoint (New version) /csapi/v1.3/containers
Method GET
DTD XSD Changes No
Sample: Fetch a List of Containers in your AccountSample: Fetch a List of Containers in your Account

API Request

    curl -X 'GET' \
  '<qualys_base_url>/csapi/v1.3/containers?pageNumber=1&pageSize=50&sort=created%3Adesc' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>' 
    

API Response

{
 "data": [
 "imageId": "b798104c002a",
 "created": "1721713977000",
 "updated": "1721714109665",
 "sha":
"d838bcb622a003b767ace31039475f37a5d34f093f8de82a71536f3fcfcb839e",
 "uuid": "051a684a-9bad-3cb1-bf28-91084ee6e024",
 "name": "test-vul-propogation",
 "host": null,
 "state": "DELETED",
 "imageUuid": "fbdc0a10-7186-3439-8712-2db20df179e6",
 "containerId": "d838bcb622a0",
 "stateChanged": "1721714102790",
 "lastVmScanDate": null,
 "isRoot": null,
 "vulnerabilities": {
 "severity5Count": null,
 "severity3Count": null,
 "severity4Count": null,
 "severity1Count": null,
 "severity2Count": null
 },
 "exceptions": null,
 {
"riskScore": 258,
 "riskScoreCalculatedDate": "1723567125904",
  "formulaUsed": "MIN (1000 , 2 * ( 1.0 * 64.70 * Pow(10,0.01) + 0.6 * 60.04 * Pow(26,0.01) + 0.4 * 44.35 * Pow(147,0.01) + 0.2 * 36.20 *Pow(5,0.01) ))",
  "maxQdsScore": 95,
  "qdsSeverity": "CRITICAL",
 }
 "scanTypes": null,
 "cluster":
{
  "name": "kubernetes-admin",
   "uid": "bdc0d232-38af-46f9-b188-06cb61c928af"     
},
 "criticality": 3,
 "criticalityUpdated": "1717098843553",
 "compliance": {
 "failCount": 0,
 "passCount": 0,
 "errorCount": 0
 },
 "lastComplianceScanDate": null
 },
],
"count": 1
}

 

Updated API: Fetch Container Details

New or Updated APIs Updated
API Endpoint (New version) /csapi/v1.3/containers/{containerSha}
Method GET
DTD XSD Changes No
Sample: Fetch Containers DetailsSample: Fetch Containers Details

API Request

    curl -X 'GET' \
 '<qualys_base_url>/csapi/v1.3/containers/fd00f5df938fdfae4675063ff5b507a8c3229c07368890da7157bbda3303c15e' \
  -H 'accept: application/json' 
  -H 'Authorization: Bearer <token>' 

API Response 

{
  "portMapping": null,
  "imageId": "3acfa0195040",
  "created": "1724220796000",
  "updated": "1724329261476",
  "label": null,
  "uuid": "a223de44-1871-3470-b575-fc0ff52453f7",
  "sha": "42dd6168e45c6d7f7ab3043d7942d50ac8db0230066350d3c6dd9e53b30c5e91",
  "privileged": false,
  "path": null,
  "imageSha": "3acfa01950409618705f07e1cc86f29f10ebcf548fe4fb4a7b83abe5bbc6b515",
  "macAddress": null,
  "customerUuid": "7a00a660-36bb-f02b-8025-9fcf49faf0b7",
  "ipv4": null,
  "ipv6": null,
  "name": "spring-1",
  "host": null,
  "hostArchitecture": [
    "x86_64"
  ],
  "state": "RUNNING",
  "imageUuid": "0ba3ff46-5336-3494-84a4-ee981675963c",
  "containerId": "42dd6168e45c",
  "stateChanged": "1724243635787",
  "services": null,
  "users": null,
  "operatingSystem": null,
  "lastScanned": null,
  "source": "CLUSTER",
  "riskScore": null,
  "riskScoreCalculatedDate": null,
  "formulaUsed": null,
  "maxQdsScore": null,
  "qdsSeverity": null,
  "scanTypes": null,
  "environment": null,
  "arguments": null,
  "command": "null",
  "drift": null,
  "vulnerabilities": [],
  "softwares": null,
  "isDrift": false,
  "isRoot": null,
  "lastComplianceScanned": null,
  "cluster": {
    "type": "KUBERNETES",
    "k8s": {
      "project": null,
      "pod": {
        "name": "spring-1",
        "uuid": "4a7d3fc3-de97-44eb-85d3-5f661a175337",
        "namespace": "default",
        "namespaceMetadata": {
          "labels": [
            "kubernetes.io/metadata.name:default"
          ],
          "annotations": [
            "kubernetes.io/metadata.name:test",
            "kubernetes.io/metadata.name:default"
          ]
        },
        "label": null,
        "controller": null
      },
      "node": {
        "name": null,
        "isMaster": null
      }
    },
    "name": "kubernetes-admin",
    "uid": "bdc0d232-38af-46f9-b188-06cb61c928af",
    "version": null
  },
  "cloudProvider": {
    "aws.ecs.container.subnetId": null,
    "aws.eks.accountId": "362440600222",
    "aws.ecs.clusterName": null,
    "aws.ecs.container.macAddress": null,
    "aws.ecs.region.code": null,
    "aws.ecs.container.id": null,
    "aws.ecs.accountId": null,
    "aws.eks.arn": "arn:aws:sts::362440600222:assumed-role/AmazonSSMRoleForInstancesQuickSetup/i-0921342848h431ef8",
    "aws.eks.region": "us-east-1"
  },
  "exceptions": null,
  "k8sExposure": null
}
    

 

Introducing 'Runtime' Sensor Profile

With CS 1.35 release, you can see your Container Runtime Sensor details in the below APIs.

 

Updated API: Fetch Sensor Profiles Associated with a Sensor

New or Updated APIs Updated
API Endpoint (New version) /csapi/v1.3/sensors/profile/associate
Method GET
DTD XSD Changes No
Input ParametersInput Parameters

The following table shows the updated input parameters.

Parameter

Mandatory/Optional

Data Type

Description

sensorType Mandatory string Specify the sensor type: Registry, General, CICD, or RUNTIME
The default value is General.
Sample: Fetch Sensor Profiles Associated with a SensorSample: Fetch Sensor Profiles Associated with a Sensor

API Request

    curl -X 'GET' \  
'<qualys_base_url>/csapi/v1.3/sensors/profile/associate?sensorType=RUNTIME&pageNumber=1&pageSize=50&sort=created%3Adesc' \  
-H 'accept: application/json' \  
-H 'Authorization: Bearer <token>  

API Response 

{
  "data": [
    {
      "profileId": "24cb8f30-c3b9-461c-b6fc-bc1902fc3906",
      "profileName": "test123",
      "profileType": "Runtime",
      "associatedSensorsCount": null,
      "createdBy": "john_doe",
      "created": "1729851460268",
      "updatedBy": "john_doe",
      "updated": "1729851460268",
      "tags": []
    },
    {
      "profileId": "6c7ebe4c-33af-42d9-8e63-daaa247fc959",
      "profileName": "test123",
      "profileType": "Runtime",
      "associatedSensorsCount": null,
      "createdBy": "john_doe",
      "created": "1729839452243",
      "updatedBy": "john_doe",
      "updated": "1729842140300",
      "tags": []
    },
    {
      "profileId": "00000000-0000-0000-0000-000000000000",
      "profileName": "Default",
      "profileType": "Default",
      "associatedSensorsCount": null,
      "createdBy": "System",
      "created": "1708411029531",
      "updatedBy": "System",
      "updated": "1708411029531",
      "tags": []
    }
  ],
  "count": 3
} 

 

Updated API: Create a Sensor Profile

New or Updated APIs Updated
API Endpoint (New version) /csapi/v1.3/sensorProfile
Method POST
DTD XSD Changes No
Input ParametersInput Parameters

The following table shows the updated input parameters.

Parameter

Mandatory/Optional

Data Type

Description

profileType Mandatory string Specify the profile type: Registry, General, CICD, or RUNTIME
The default value is Registry.
runtimeSensor
 
Mandatory string Use it to send the Container Runtime Sensor (CRS) events to the Qualys Cloud Platform.

Valid values: enable or disable
If you mention 'disable', the CRS events data is not sent to the Qualys Cloud platform.
Default value: enable
ignoreProcesses Optional string Specify the processes to be exluded.
You can mention absolute path or binary name.
Example: /usr/bin/cat (absolute path) or
/cat (binary name)
Sample: Create a Container Runtime Sensor (CRS) ProfileSample: Create a Container Runtime Sensor (CRS) Profile

API Request

    curl -X 'POST' \
  '<qualys_base_url>/csapi/v1.3/sensorProfile' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>' \
  -H 'Content-Type: application/json' \
  -d '{
  "profileName": "TestQA",
  "profileType": "Runtime",
  "description": "test1_update",
  "createdBy": "john_doe",
  "updatedBy": "john_doe",
  "config": {
    "performanceManagement": {
      "logSecurityLevel": "INFORMATION",
      "maxNoOfArchivedLogFiles": 1,
      "maxLogFileSize": 3
    },
    "runtimeSensor": "enable",
    "ignoreProcesses": [
      "/usr/bin/cat"
    ]
  },
  "associatedSensorIds": [
    "096d96b4-c252-4c5b-835d-462109e5a8b0"
  ]
}

API Response 

{
  "profileUuid": "a68e5092-70ad-426d-ace5-3933de8971bb"
} 

 

Updated API: Update a Sensor Profile

New or Updated APIs Updated
API Endpoint (New version) /csapi/v1.3/sensorProfile/{sensorProfileId}
Method PUT
DTD XSD Changes No
Input ParametersInput Parameters

The following table shows the updated input parameters.

Parameter

Mandatory/Optional

Data Type

Description

profileType Mandatory string Specify the profile type: Registry, General, CICD, or RUNTIME
The default value is Registry.
runtimeSensor
 
Mandatory string Use it to send the Container Runtime Sensor (CRS) events to the Qualys Cloud Platform.

Valid values: enable or disable
If you mention 'disable', the CRS events data is not sent to the Qualys Cloud platform.
Default value: enable
ignoreProcesses Optional string Specify the processes to be exluded.
You can mention absolute path or binary name.
Example: /usr/bin/cat (absolute path) or
/cat (binary name)
Sample: Update a Container Runtime Sensor ProfileSample: Update a Container Runtime Sensor Profile

API Request

    curl -X 'PUT' \
  '<qualys_base_url>/csapi/v1.3/sensorProfile/a68e5092-70ad-426d-ace5-3933de8971bb' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>' \
  -H 'Content-Type: application/json' \
  -d '{
  "profileName": "check_update_123",
  "profileType": "Runtime",
  "description": "test1_update123",
  "createdBy": "john_doe",
  "updatedBy": "john_doe",
  "config": {
    "performanceManagement": {
      "logSecurityLevel": "DEBUG",
      "maxNoOfArchivedLogFiles": 1,
      "maxLogFileSize": 1
    },
    "runtimeSensor": "disable",
    "ignoreProcesses": [
      "test123",
      "/usr/bin/cat"
    ]
  },
  "associatedSensorIds": [
    "39e19424-ebb3-457b-b037-658d3bb3b1ec"
  ]
}'  

API Response 

{
  "profileUuid": "a68e5092-70ad-426d-ace5-3933de8971bb"
} 

 

Updated API: Fetch Sensors Associated with a Sensor Profile

New or Updated APIs Updated
API Endpoint (New version) /csapi/v1.3/sensorProfile/sensor/associate
Method GET
DTD XSD Changes No
Input ParametersInput Parameters

The following table shows the updated input parameter.

Parameter

Mandatory/Optional

Data Type

Description

sensorProfileType Mandatory string Specify the sensor type: Registry, General, CICD, or RUNTIME
The default value is General.
Sample: Fetch Sensors Associated with a Sensor ProfileSample: Fetch Sensors Associated with a Sensor Profile

API Request

    curl -X 'GET' \
  '<qualys_base_url>/csapi/v1.3/sensorProfile/sensor/associate?sensorProfileType=Runtime&pageNo=0&pageSize=50&sort=created%3Adesc' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>' 

API Response 

{
  "data": [
    {
      "uuid": "5a2ef67c-e81d-40ef-a0bb-b7b97888319a",
      "activationUuid": "ad112f67-336e-4328-9285-66594dacdb9f",
      "hostname": "ip-XX-XX-XX-XX3",
      "customerUuid": "62cbdd77-ba57-f5ce-82bb-168344e92550",
      "dockerVersion": null,
      "ipv4": null,
      "os": null,
      "ipv6": null,
      "sensorVersion": "1.0.0-0",
      "platform": null,
      "lastCheckedIn": "1728618878658",
      "label": null,
      "privileged": "true",
      "macAddress": null,
      "vulnSigVersion": null,
      "hostUuid": "8468cba4-4408-438d-bb11-a1ece5b38944",
      "configurationProfile": null,
      "status": "Provisioned",
      "registry": null,
      "sha": "f92f1d8a41a795ac0845e86ecb82797df30fdbe56aa9264d34ff2c61cf03c0f5",
      "sensorId": "f92f1d8a41a7",
      "name": "qualys-runtime-sensor",
      "created": "1728618878658",
      "imageId": "f92f1d8a41a7",
      "imageSha": "f92f1d8a41a795ac0845e86ecb82797df30fdbe56aa9264d34ff2c61cf03c0f5",
      "imageRepoDigest": null,
      "binaryVersion": null,
      "containerIpv4": null,
      "containerIpv6": null,
      "containerMacAddress": null,
      "sensorType": "RUNTIME",
      "containerRuntime": null,
      "containerRuntimeVersion": null,
      "architecture": "amd64",
      "associatedSensorProfile": "00000000-0000-0000-0000-000000000000",
      "associatedSensorProfileName": null,
      "tagDetails": null,
      "clusterUid": "a883e610-428d-4355-8a19-7aef2cf4afde"
    },
    {
      "uuid": "cb0388c5-8479-46f4-aa4e-0ac5e6bf13fb",
      "activationUuid": "ad112f67-336e-4328-9285-66594dacdb9f",
      "hostname": "ip-XX-XX-XX-XX3",
      "customerUuid": "62cbdd77-ba57-f5ce-82bb-168344e92550",
      "dockerVersion": null,
      "ipv4": null,
      "os": null,
      "ipv6": null,
      "sensorVersion": "1.0.0-0",
      "platform": null,
      "lastCheckedIn": "1728489391550",
      "label": null,
      "privileged": "true",
      "macAddress": null,
      "vulnSigVersion": null,
      "hostUuid": "8468cba4-4408-438d-bb11-a1ece5b38944",
      "configurationProfile": null,
      "status": "Provisioned",
      "registry": null,
      "sha": "9f9a914c9e5443ee70ebe5c1e038fd8130439169883b4b3baaec500858fb6d24",
      "sensorId": "9f9a914c9e54",
      "name": "qualys-runtime-sensor",
      "created": "1728467790863",
      "imageId": "9f9a914c9e54",
      "imageSha": "9f9a914c9e5443ee70ebe5c1e038fd8130439169883b4b3baaec500858fb6d24",
      "imageRepoDigest": null,
      "binaryVersion": null,
      "containerIpv4": null,
      "containerIpv6": null,
      "containerMacAddress": null,
      "sensorType": "RUNTIME",
      "containerRuntime": null,
      "containerRuntimeVersion": null,
      "architecture": "amd64",
      "associatedSensorProfile": "24100000-0000-2e45-5ca1-0a3c1s8n4000",
      "associatedSensorProfileName": null,
      "tagDetails": null,
      "clusterUid": "a883e610-428d-4355-8a19-7aef2cf4afde"
    }
  ],
  "count": 2,
  "groups": {},
  "aggs": null
} 

 

List Cluster Sensor PODs and Namespaces

With CS 1.34 release, you can see your POD and Namespace details with the help of CS APIs. To enable this feature, the following new APIs are introduced.

New API: Fetch a List Of PODs in your Account

New or Updated APIs New
API Endpoint (New version) /csapi/v1.3/k8sResource/pod
Method GET
DTD XSD Changes No
Input ParametersInput Parameters

The following table shows the input parameters introduced with this API.

Parameter

Mandatory/Optional

Data Type

Description

Filter
Optional string/number/boolean Use this to filter any specific data.
pageNumber 
Mandatory number Indicates page number.
The default value is 1.
pageSize 
Mandatory
number Indicates page size.
The default value is 50.
Sort
Optional
string/number Use it to filter the listing.
Sample: Fetch a List Of PODs in your AccountSample: Fetch a List Of PODs in your Account

API Request

    curl -X 'GET' \
 '<qualys_base_url>/csapi/v1.3/k8sResource/pod' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>' 

API Response 

{
  "data": [
    {
      "uuid": "d53dbb4c-274b-4d8e-8c5f-114161076b05",
      "customerUuid": "50d685c8-de44-e73f-81b3-b8ecb0ca1886",
      "clusterUid": "51250330-b7a3-4958-9858-390c8b6c7cde",
      "sensorUuid": "01f386f8-69e7-ae67-19eb-81e03ba66458",
      "name": "aws-node-g6fl7",
      "labels": [
        "k8s-app:aws-node",
        "app.kubernetes.io/instance:aws-vpc-cni",
        "pod-template-generation:1",
        "controller-revision-hash:885cd64f",
        "app.kubernetes.io/name:aws-node"
      ],
      "annotations": null,
      "updatedAt": "1731008618465",
      "deletedAt": null,
      "resourceVersion": 13316391,
      "namespace": "kube-system",
      "startedAt": "1730995495000",
      "status": "RUNNING",
      "containers": [
        "containerd://eae5b8a55055e263b68a4abaf56e32b5e125fc02b1f1da9ee40c5484405bae51",
        "containerd://46a12649f09a89ca71a83fc0e81199dfd0c0a40903b65fbde9a4885118eff39b",
        "containerd://43719d6dd9c0f4b753700f6952426bfc201caae811297e89370752ab2cf09149"
      ],
      "securityContext": [],
      "owner": null,
      "k8sExposure": null
    },
    {
      "uuid": "399d128f-ecd1-437b-8cd4-1db2a39d3c00",
      "customerUuid": "50d685c8-de44-e73f-81b3-b8ecb0ca1886",
      "clusterUid": "51250330-b7a3-4958-9858-390c8b6c7cde",
      "sensorUuid": "01f386f8-69e7-ae67-19eb-81e03ba66458",
      "name": "kube-proxy-9hrkb",
      "labels": [
        "k8s-app:kube-proxy",
        "pod-template-generation:1",
        "controller-revision-hash:6c75fb6796"
      ],
      "annotations": null,
      "updatedAt": "1731008618432",
      "deletedAt": null,
      "resourceVersion": 13316331,
      "namespace": "kube-system",
      "startedAt": "1730995495000",
      "status": "RUNNING",
      "containers": [
        "containerd://ab0e106a5b52057101ec2b0af85d28fa2c79d39cbf1e0dcc4c6651801fc5c617"
      ],
      "securityContext": [],
      "owner": null,
      "k8sExposure": null
    },
    {
      "uuid": "468041ab-836e-4ab4-aca1-52778cabf5c6",
      "customerUuid": "50d685c8-de44-e73f-81b3-b8ecb0ca1886",
      "clusterUid": "51250330-b7a3-4958-9858-390c8b6c7cde",
      "sensorUuid": "01f386f8-69e7-ae67-19eb-81e03ba66458",
      "name": "kube-proxy-7pm4d",
      "labels": [
        "k8s-app:kube-proxy",
        "pod-template-generation:1",
        "controller-revision-hash:6c75fb6796"
      ],
      "annotations": null,
      "updatedAt": "1731008618431",
      "deletedAt": null,
      "resourceVersion": 13315884,
      "namespace": "kube-system",
      "startedAt": "1730995370000",
      "status": "RUNNING",
      "containers": [
        "containerd://d50ca71b5c6d51ef0c3620d4bbb99f13cca385373bc2590d87f09ba18628f640"
      ],
      "securityContext": null,
      "owner": null,
      "k8sExposure": null
    }
  ],
  "count": 49,
  "groups": {},
  "aggs": null
}

 

New API: Fetch a List Of Namespaces in your Account

New or Updated APIs New
API Endpoint (New version) /csapi/v1.3/k8sResource/namespace
Method GET
DTD XSD Changes No
Input ParametersInput Parameters

The following table shows the input parameters introduced with this API.

Parameter

Mandatory/Optional

Data Type

Description

Filter Optional string/number/boolean Use this to filter any specific data.
pageNumber  Mandatory number Indicates page number.
The default value is 1.
pageSize  Mandatory number Indicates page size.
The default value is 50.
Sort Optional string/number Use it to filter the listing.
Sample: Fetch a List Of Namespace in your AccountSample: Fetch a List Of Namespace in your Account

API Request

    curl -X 'GET' \
 '<qualys_base_url>/csapi/v1.3/k8sResource/namespace' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>' 

API Response 

{
  "data": [
    {
      "uuid": "df035ed8-8360-4008-b360-f60c4be95e44",
      "customerUuid": "50d685c8-de44-e73f-81b3-b8ecb0ca1886",
      "clusterUid": "51250330-b7a3-4958-9858-390c8b6c7cde",
      "sensorUuid": "01f386f8-69e7-ae67-19eb-81e03ba66458",
      "name": "kube-node-lease",
      "labels": [
        "kubernetes.io/metadata.name:kube-node-lease"
      ],
      "annotations": null,
      "updatedAt": "1731008617460",
      "deletedAt": null,
      "resourceVersion": 29,
      "createdAt": "1726087859000",
      "status": "ACTIVE"
    },
    {
      "uuid": "308d678c-490c-4376-9e77-bf22f46e57c8",
      "customerUuid": "50d685c8-de44-e73f-81b3-b8ecb0ca1886",
      "clusterUid": "51250330-b7a3-4958-9858-390c8b6c7cde",
      "sensorUuid": "01f386f8-69e7-ae67-19eb-81e03ba66458",
      "name": "qualys",
      "labels": [
        "name:qualys",
        "kubernetes.io/metadata.name:qualys"
      ],
      "annotations": null,
      "updatedAt": "1731008617493",
      "deletedAt": null,
      "resourceVersion": 13351463,
      "createdAt": "1731008487000",
      "status": "ACTIVE"
    },
    {
      "uuid": "7a03c132-af38-4be4-9682-4ed563e0b156",
      "customerUuid": "50d685c8-de44-e73f-81b3-b8ecb0ca1886",
      "clusterUid": "51250330-b7a3-4958-9858-390c8b6c7cde",
      "sensorUuid": "01f386f8-69e7-ae67-19eb-81e03ba66458",
      "name": "kube-public",
      "labels": [
        "kubernetes.io/metadata.name:kube-public"
      ],
      "annotations": null,
      "updatedAt": "1731008617855",
      "deletedAt": null,
      "resourceVersion": 14,
      "createdAt": "1726087859000",
      "status": "ACTIVE"
    }
  ],
  "count": 26,
  "groups": {},
  "aggs": null
}

 

New API: Fetch Details of a Pod

New or Updated APIs New
API Endpoint (New version) /csapi/v1.3/k8sResource/pod/details/{podUid}
Method GET
DTD XSD Changes No
Input ParametersInput Parameters

The following table shows the input parameter introduced with this API.

Parameter

Mandatory/Optional

Data Type

Description

podUid  Mandatory UUID Specify the UUID of a POD.
Sample: Fetch Details of a PodSample: Fetch Details of a Pod

API Request

    curl -X 'GET' \
 '<qualys_base_url>/csapi/v1.3/k8sResource/pod/details/8c18a36e-ca9c-4b7e-9fe5-bbb260b99435' \
  -H 'accept: application/json' 
  -H 'Authorization: Bearer <token>' 

API Response 

{
  "uuid": "8c18a36e-ca9c-4b7e-9fe5-bbb260b99435",
  "customerUuid": "7e5d9ca3-ed1c-65b8-12ab-e38ea0c445cd",
  "clusterUid": "3e27e85e-99f9-4fac-bfdc-052ae00653a6",
  "sensorUuid": "407a2a6b-74e5-2a14-3f24-e6a440c29e38",
  "name": "kube-proxy-csfbx",
  "labels": [
    "component:kube-proxy",
    "controller-revision-hash:7cc4697865",
    "kubernetes.azure.com/managedby:aks",
    "pod-template-generation:6",
    "tier:node"
  ],
  "annotations": null,
  "updatedAt": 1729148079790,
  "deletedAt": null,
  "resourceVersion": 44221227,
  "namespace": "kube-system",
  "startedAt": 1728783935000,
  "status": "RUNNING",
  "containers": [
    "containerd://eb009a072729e6a576bbf1c1d9edd6057cfa040a58071430b81656a38fb8be1a",
    "containerd://b9cac4442fd0452c40831a3f7a2781e92773326440016217d42dc493e4ffb56b"
  ],
  "securityContext": null,
  "owner": {
    "uuid": "8133f71c-6901-46e8-ba77-87e261d4b312",
    "name": "kube-proxy",
    "kind": "DaemonSet"
  }
} 

 

New API: Fetch Details of a Namespace

New or Updated APIs New
API Endpoint (New version) /csapi/v1.3/k8sResource/namespace/details/{namespaceUid}
Method GET
DTD XSD Changes No
Input ParametersInput Parameters

The following table shows the input parameter introduced with this API.

Parameter

Mandatory/Optional

Data Type

Description

namespaceUid  Mandatory UUID Specify the UUID of a Namespace.
Sample: Fetch Details of a NamespaceSample: Fetch Details of a Namespace

API Request

    curl -X 'GET' \
 '<qualys_base_url>/csapi/v1.3/k8sResource/namespace/details/3a6ec3a3-fbf7-494f-8719-024897cd6c5e' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>' 

API Response 

{
  "uuid": "3a6ec3a3-fbf7-494f-8719-024897cd6c5e",
  "customerUuid": "7e5dc235-1w3r-65b8-9q2e-e38ea0c4cd9e",
  "clusterUid": "3e27e85e-99f9-4fac-bfdc-052ae00653a6",
  "sensorUuid": "407a2a6b-74e5-2a14-3f24-e6a440c29e38",
  "name": "default",
  "labels": [
    "kubernetes.io/metadata.name:default"
  ],
  "annotations": null,
  "updatedAt": 1729988224191,
  "deletedAt": null,
  "resourceVersion": 37,
  "createdAt": 1717159080000,
  "status": "UNKNOWN"
} 

 

Support Criticality Score in Trurisk

With this release, you will be able to see the Criticality score (criticality and its last updated time) in below APIs. 

Images

Containers

Images APIs

Updated API: Fetch a List of Images in your Account

New or Updated APIs New
API Endpoint (New version) /csapi/v1.3/images
Method GET
DTD XSD Changes No
Sample: Fetch a List of Images in your AccountSample: Fetch a List of Images in your Account

API Request

    curl -X GET
"<qualys_base_url>/csapi/v1.3/images?filter=imagesInUse:'[now-7d ...now]'&pageNumber=1&pageSize=50&sort=created%3Adesc" \
-H "accept: application/json" \
-H "Authorization: Bearer <token>"

API Response 

 "data": [
 {
 "created": "1717026901000",
 "updated": "1721714104046",
 "lastUsedDate": "1721714104046",
 "sha":
"4f67c83422ec747235357c04556616234e66fc3fa39cb4f40b2d4441ddd8f100",
 "repo": [
 {
 "registry": "docker.io",
 "tag": "latest",
 "repository": "nginx"
 }
 ],
 "repoDigests": [
 {
 "registry": "docker.io",
 "digest":
"0f04e4f646a3f14bf31d8bc8d885b6c951fdcf42589d06845f64d18aec6a3c4d",
 "repository": "nginx"
 }
 ],
 "uuid": "16c984cf-7029-3cd9-951f-b9ef7d712059",
 "size": 187667860,
 "vulnerabilities": {
 "severity5Count": 0,
 "severity3Count": 0,
 "severity4Count": 0,
 "severity1Count": 0,
 "severity2Count": 0
 },
 "imageId": "4f67c83422ec",
 "associatedContainersCount": 0,
 "associatedHostsCount": 1,
 "lastVmScanDate": "1718652145295",
 "registryUuid": null,
 "source": [
 "GENERAL"
 ],
 "isDockerHubOfficial": false,
 "scanType": null,
 "scanTypes": [
 "DYNAMIC"
 ],
 "scanErrorCode": null,
 "scanStatus": "SUCCESS",
 "lastFoundOnHost": {
 "sensorUuid": "e5c501d1-169e-4001-83d1-ca60ba35ef7d",
 "hostname": "ip-10-**-8-**",
 "ipAddress": "10.**.8.**",
 "uuid": "b7b5ad35-41fd-4262-9cbf-bc2601a6b5f5",
 "lastUpdated": "2024-06-12T06:54:09.796Z"
 },
 "exceptions": null,
 "riskScore": 78,
 "riskScoreCalculatedDate": 1721631694803,
 "maxQdsScore": 65,
 "qdsSeverity": MEDIUM,
 "lastScannedBySensor": null,
      "scanErrorMessage": null,
      "criticality": 4,
      "criticalityUpdated": 1717098843553,
      "baseImage": null,
      "childImagesCount": 0,
      "sbomLayerProcessingTimestamp": null,
      "baseImageProcessingTimestamp": null,
 "compliance": {
   "failCount": 2,
   "passCount": 0,
   "errorCount": 0 
}, 
"lastComplianceScanDate": "1718175514362"
 }
],
"count": 1
}

 

Updated API: Fetch Images Details

New or Updated APIs New
API Endpoint (New version) /csapi/v1.3/images/{imageSha}
Method GET
DTD XSD Changes No
Sample: Fetch Image DetailsSample: Fetch Image Details

API Request

    curl -X 'GET'
'<qualys_base_url>/csapi/v1.3/images/c64844065dcbc3d0a90c365c1f56421766a5cebf05f7ecbd3377af410fff09fd&scanDetails=malware_secrets' \
-H 'accept: application/json' \
-H Authorization: Bearer <Token> \
-H 'Content-Type: application/json' 

API Response 

{
 "created": "1603477517000",
 "updated": "1605017537578",
 "lastUsedDate;: "1716251515814",
 "author": "Jack_reader",
 "repo": [
 {
 "registry": "docker.io",
 "tag": "latest",
 "repository": "ac_base"
 }
 ],
 "repoDigests": [
 {
 "registry": "docker.io",
 "digest":
"1d811b3c382893f70f0cc0f2371a12d3671c1d5175bcc67e8c2a5c0bf4c8f976",
 "repository": "ac_base"
 }
 ],
 "label": null,
 "uuid": "5d48f83b-cddb-33ac-8fad-e8452dd116b1",
 "sha":
"c64844065dcbc3d0a90c365c1f56421766a5cebf05f7ecbd3377af410fff09fd",
 "operatingSystem": "Ubuntu Linux 16.04.7",
 "customerUuid": "192cc974-****-****-****-f78f6441cb0d",
 "dockerVersion": "18.09.7",
 "size": 1183790011,
 "layers": [
 {
 "size": "130553983",
 "createdBy": "ADD
file:c1f3147c7b6710af5affd417ff822ee28df872d716003858d3d2e23d2277c981 in
/ ",
 "created": "1603474388000",
 "comment": "",
 "id": null,
 "sha": null,
 "tags": null
 },
 {
 "size": "1930",
 "createdBy": "COPY file:d816a67f6d281a13fe685991e90cb7 in / ",
 "created": "1603477517000",
 "comment": "",
 "id": null,
 "sha": null,
 "tags": null
 }
 ],
 "host": [
 {
 "sensorUuid": "fed79006-2fa9-4b67-8f5a-272b4e02f084",
 "hostname": "host.qualys.com",
 "ipAddress": "10.**.**.40",
 "uuid": "6ba5be85-2758-4f44-814a-b690c9ed23ee",
 "lastUpdated": "2020-11-10T14:10:29.218Z"
 }
 ],
 "architecture": "amd64",
 "imageId": "c64844065dcb",
 "lastVmScanDate": "1605017537578",
 "registryUuid": null,
 "source": [
 "GENERAL"
 ],
 "totalVulCount": "0",
 "users": [
 "root"
 ],
 "isDockerHubOfficial": null,
 "isInstrumented": null,
 "instrumentedFrom": null,
 "instrumentationState": null,
 "scanType": "DYNAMIC",
 "scanTypes": [
 "DYNAMIC"
 ],
 "scanErrorCode": null,
 "scanStatus": "SUCCESS",
 "lastFoundOnHost": {
 "sensorUuid": "fed79006-2fa9-4b67-8f5a-272b4e02f084",
 "hostname": "host.qualys.com",
 "ipAddress": "10.**.**.40",
 "uuid": "6ba5be85-2758-4f44-814a-b690c9ed23ee",
 "lastUpdated": "2020-11-10T14:10:29.218Z"
 },
 "malware": {
 "imageMalwareCount": 1,
 "malwarePrediction": {
 "prediction": "malicious",
 "score": 1,
 "severity": 3,
 "category": "dropper",
 "family": "mirai"
 "riskScore": 238,
 "riskScoreCalculatedDate": "1721644261069",
 "formulaUsed": "MIN (1000 , 2 * ( 1.0 * 74.71 * Pow(7,0.01) +
0.6 * 42.45 * Pow(20,0.01) + 0.4 * 40.09 * Pow(11,0.01) ))",
 "maxQdsScore": 100,
 "qdsSeverity": "CRITICAL",
}
 },
 "lastMalwareScanned": null,
 "exceptions": [
 "77116d5b-aaa0-4dba-a334-9fe6a6f0dd98"
 ],
 "secrets": [
 {
 "severity": "LOW",
 "filePath": "/root/foo/foo1.txt",
 "layerSha":
"7afaca6fd6f46466f2f23f51c647918c7818a431792547db3a7bc033d261a1e3",
 "match": null,
 "startLine": 0,
 "secretType": "Easypost API Token"
 },
 {
 "severity": "CRITICAL",
 "filePath": "/home/qatest/key/gcp-service-account.json",
 "layerSha":
"5bc804df91a229c1f26d254b5247c699c1e1a53673ec1d30e263e7b4bda96beb",
 "match": null,
 "startLine": 0,
 "secretType": "Google (GCP) Service-account"
 }
 ],
  "lastSecretScanned": null,
  "riskScore": null,
  "riskScoreCalculatedDate": null,
  "formulaUsed": null,
  "maxQdsScore": null,
  "qdsSeverity": null,
  "criticality": 3,
  "criticalityUpdated": 1717098843553,
  "baseImage": null,
  "childImagesCount": 0,
  "sbomLayerProcessingTimestamp": null,
  "baseImageProcessingTimestamp": null,
 "softwares": [
 {
 "name": "libncursesw5:amd64",
 "version": "6.0+20160213-1ubuntu1",
 "fixVersion": null,
 "vulnerabilities": null
 },
 {
 "name": "libgpg-error0:amd64",
 "version": "1.21-2ubuntu1",
 "fixVersion": null,
 "vulnerabilities": null
 }
 ],
 "vulnerabilities": [],
 "lastComplianceScanned": "1603477517000"
}

 

Updated API: Fetch a List of Images (Bulk API)

New or Updated APIs New
API Endpoint (New version) /csapi/v1.3/images/list
Method GET
DTD XSD Changes No
 
Sample: Fetch a List of Images (Bulk API)Sample: Fetch a List of Images (Bulk API)

API Request

    curl -X 'GET' \
  '<qualys_base_url>/csapi/v1.3/images/list?limit=2' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>' 

API Response 

{
  "data": [
    {
      "created": "1472581305000",
      "updated": "1724323293607",
      "author": "Adam Miller <maxamillion@fedoraproject.org>",
      "repo": [
        {
          "registry": "art-hq.intranet.qualys.com:5001",
          "tag": "fedora22",
          "repository": "multi-os-images"
        },
        {
          "registry": "docker.io",
          "tag": "fedora",
          "repository": "hchandawad1/alpine-amd64"
        },
        {
          "registry": "sjc.ocir.io",
          "tag": "centos",
          "repository": "axtqwmwbaayf/public-hritika-1"
        },
        {
          "registry": "sjc.ocir.io",
          "tag": "fedora",
          "repository": "axtqwmwbaayf/qualys"
        },
        {
          "registry": "docker.io",
          "tag": "22",
          "repository": "fedora"
        },
        {
          "registry": "msftlongregistryandreponametest.azurecr.io",
          "tag": "tag",
          "repository": "test1/test2"
        }
      ],
      "repoDigests": [
        {
          "registry": "docker.io",
          "digest": "dea6d6d845c3eba400289b61444ce193dd3df73f8ac70fb60fb6ed39718e111c",
          "repository": "hchandawad1/alpine-amd64"
        },
        {
          "registry": "docker.io",
          "digest": "d5cce9139f8758171936a033c0625307760026446d4d30f084ff6b52aecc1721",
          "repository": "fedora"
        },
        {
          "registry": "art-hq.intranet.qualys.com:5001",
          "digest": "dea6d6d845c3eba400289b61444ce193dd3df73f8ac70fb60fb6ed39718e111c",
          "repository": "multi-os-images"
        },
        {
          "registry": "sjc.ocir.io",
          "digest": "dea6d6d845c3eba400289b61444ce193dd3df73f8ac70fb60fb6ed39718e111c",
          "repository": "axtqwmwbaayf/public-hritika-1"
        },
        {
          "registry": "msftlongregistryandreponametest.azurecr.io",
          "digest": "dea6d6d845c3eba400289b61444ce193dd3df73f8ac70fb60fb6ed39718e111c",
          "repository": "test1/test2"
        },
        {
          "registry": "sjc.ocir.io",
          "digest": "dea6d6d845c3eba400289b61444ce193dd3df73f8ac70fb60fb6ed39718e111c",
          "repository": "axtqwmwbaayf/qualys"
        }
      ],
      "label": [],
      "uuid": "d165a97b-7e10-3f0b-acb9-eac7c39d1532",
      "sha": "01a9fe974dba61470137158fc1987884ea1f2333ae60c7f76562dbae02739ada",
      "operatingSystem": "Fedora 22",
      "customerUuid": "af24ca38-27a8-6bd9-8241-5ec3c9eecdb5",
      "dockerVersion": "1.12.1",
      "size": 188728229,
      "layers": [
        {
          "size": "188728229",
          "createdBy": "ADD file:e14b712e5cfef28691da81e314415790d59685a366414f6be248b871e42d4436 in / ",
          "created": "1472581305000",
          "comment": "",
          "id": "01a9fe974dba",
          "sha": "01a9fe974dba61470137158fc1987884ea1f2333ae60c7f76562dbae02739ada",
          "tags": [
            "sjc.ocir.io/axtqwmwbaayf/qualys:fedora",
            "art-hq.intranet.qualys.com:5001/multi-os-images:fedora22",
            "hchandawad1/alpine-amd64:fedora",
            "fedora:22",
            "sjc.ocir.io/axtqwmwbaayf/public-hritika-1:centos",
            "msftlongregistryandreponametest.azurecr.io/test1/test2:tag"
          ],
          "layerNumber": null,
          "isBaseLayer": null,
          "isEmptyLayer": null
        },
        {
          "size": "0",
          "createdBy": "MAINTAINER Adam Miller <maxamillion@fedoraproject.org>",
          "created": "1472581297000",
          "comment": "",
          "id": null,
          "sha": null,
          "tags": null,
          "layerNumber": null,
          "isBaseLayer": null,
          "isEmptyLayer": null
        }
      ],
      "architecture": "amd64",
      "imageId": "01a9fe974dba",
      "lastScanned": "1724323293607",
      "registryUuid": null,
      "source": [
        "GENERAL"
      ],
      "users": [],
      "lastFoundOnHost": {
        "sensorUuid": "75e30f2f-05f5-413f-9baf-0095b39347ad",
        "hostname": "localhost.localdomain",
        "ipAddress": "10.115.97.76",
        "uuid": "62fe1baa-0311-0002-ca34-0050568cd03b",
        "lastUpdated": "2024-08-22T10:52:22.065Z"
      },
      "lastUsedDate": null,
      "isDockerHubOfficial": null,
      "scanType": null,
      "scanTypes": [
        "STATIC"
      ],
      "softwares": [
          "name": "rpm-plugin-selinux",
          "version": "4.12.0.1-14.fc22",
          "fixVersion": null,
          "scanType": "STATIC",
          "packagePath": null
        },
        {
          "name": "libuuid",
          "version": "2.26.2-4.fc22",
          "fixVersion": null,
          "scanType": "STATIC",
          "packagePath": null
        },
        {
          "name": "lzo",
          "version": "2.08-3.fc22",
          "fixVersion": null,
          "scanType": "STATIC",
          "packagePath": null
        },
        {
          "name": "rootfiles",
          "version": "8.1-17.fc21",
          "fixVersion": null,
          "scanType": "STATIC",
          "packagePath": null
        },
        {
          "name": "libstdc++",
          "version": "5.3.1-2.fc22",
          "fixVersion": null,
          "scanType": "STATIC",
          "packagePath": null
        },
        {
          "name": "deltarpm",
          "version": "3.6-8.fc22",
          "fixVersion": null,
          "scanType": "STATIC",
          "packagePath": null
        },
      ],
      "vulnerabilities": [
        {
          "qid": 124975,
          "result": null,
          "software": [
            {
              "name": "libssh2",
              "version": "1.5.0-1.fc22",
              "fixVersion": "1.5.0-2.fc22",
              "scanType": "STATIC",
              "packagePath": null
            }
          ],
          "lastFound": "1724323293564",
          "firstFound": "1724323293564",
          "typeDetected": "CONFIRMED",
          "scanType": [
            "STATIC"
          ]
        },
        {
          "qid": 276308,
          "result": null,
          "software": [
            {
              "name": "openssl-libs",
              "version": "1.0.1k-13.fc22",
              "fixVersion": "1.0.1k-14.fc22",
              "scanType": "STATIC",
              "packagePath": null
            }
          ],
          "lastFound": "1724323293570",
          "firstFound": "1724323293570",
          "typeDetected": "CONFIRMED",
          "scanType": [
            "STATIC"
          ]
        },
        {
          "qid": 276113,
          "result": null,
          "software": [
            {
              "name": "openssl-libs",
              "version": "1.0.1k-13.fc22",
              "fixVersion": "1.0.1k-15.fc22",
              "scanType": "STATIC",
              "packagePath": null
            }
          ],
          "lastFound": "1724323293567",
          "firstFound": "1724323293567",
          "typeDetected": "CONFIRMED",
          "scanType": [
            "STATIC"
          ]
        },
        {
          "qid": 106008,
          "result": null,
          "software": null,
          "lastFound": "1724323293573",
          "firstFound": "1724323293573",
          "typeDetected": "CONFIRMED",
          "scanType": [
            "STATIC"
          ]
        }
      ],
      "malware": null,
      "secrets": null,
      "lastMalwareScanned": null,
      "riskScore": null,
      "riskScoreCalculatedDate": null,
      "maxQdsScore": null,
      "qdsSeverity": null,
      "criticality": 5,
      "criticalityUpdated": 1717098843553
    },
    {
      "created": "1490217199000",
      "updated": "1724323252042",
      "author": "",
      "repo": [
        {
          "registry": "docker.io",
          "tag": "latest",
          "repository": "iojs"
        },
        {
          "registry": "dockregtest01.eng.sjc01.qualys.com:5000",
          "tag": "latest",
          "repository": "iojs"
        }
      ],
      "repoDigests": [
        {
          "registry": "docker.io",
          "digest": "e9c867712191ac0d35041268feed489bcaaf9c1169296ca780ba4be03ca4610c",
          "repository": "iojs"
        },
        {
          "registry": "dockregtest01.eng.sjc01.qualys.com:5000",
          "digest": "ebe3fd385e36a8bbfae06e1f8c1e88a4abfce10dbfc4b8b339d3c0df072ee9f4",
          "repository": "iojs"
        }
      ],
      "label": [],
      "uuid": "1ea83c91-0ef9-3c50-9fdc-d7d3551fb59a",
      "sha": "fdab38ea8e39d1bd42b3ef244e6ea4f85a72b41608c6f372bd9de4ba900b4f99",
      "operatingSystem": null,
      "customerUuid": "af24ca38-27a8-6bd9-8241-5ec3c9eecdb5",
      "dockerVersion": "1.12.6",
      "size": 648592935,
      "layers": [
        {
          "size": "0",
          "createdBy": "CMD [\"iojs\"]",
          "created": "1490217199000",
          "comment": "",
          "id": "fdab38ea8e39",
          "sha": "fdab38ea8e39d1bd42b3ef244e6ea4f85a72b41608c6f372bd9de4ba900b4f99",
          "tags": [
            "iojs:latest",
            "dockregtest01.eng.sjc01.qualys.com:5000/iojs:latest"
          ],
          "layerNumber": null,
          "isBaseLayer": null,
          "isEmptyLayer": null
        },
        {
          "size": "34650067",
          "createdBy": "curl -SLO \"https://iojs.org/dist/v$IOJS_VERSION/iojs-v$IOJS_VERSION-linux-x64.tar.gz\"   && curl -SLO \"https://iojs.org/dist/v$IOJS_VERSION/SHASUMS256.txt.asc\"   && gpg --verify SHASUMS256.txt.asc   && grep \" iojs-v$IOJS_VERSION-linux-x64.tar.gz\\$\" SHASUMS256.txt.asc | sha256sum -c -   && tar -xzf \"iojs-v$IOJS_VERSION-linux-x64.tar.gz\" -C /usr/local --strip-components=1   && rm \"iojs-v$IOJS_VERSION-linux-x64.tar.gz\" SHASUMS256.txt.asc",
          "created": "1490217198000",
          "comment": "",
          "id": null,
          "sha": null,
          "tags": null,
          "layerNumber": null,
          "isBaseLayer": null,
          "isEmptyLayer": null
        },
        {
          "size": "0",
          "createdBy": "ENV IOJS_VERSION=3.3.0",
          "created": "1490217194000",
          "comment": "",
          "id": null,
          "sha": null,
          "tags": null,
          "layerNumber": null,
          "isBaseLayer": null,
          "isEmptyLayer": null
        },
        {
          "size": "0",
          "createdBy": "ENV NPM_CONFIG_LOGLEVEL=info",
          "created": "1490217176000",
          "comment": "",
          "id": null,
          "sha": null,
          "tags": null,
          "layerNumber": null,
          "isBaseLayer": null,
          "isEmptyLayer": null
        },
        {
          "size": "88894",
          "createdBy": "set -ex   && for key in     9554F04D7259F04124DE6B476D5A82AC7E37093B     94AE36675C464D64BAFA68DD7434390BDBE9B9C5     0034A06D9D9B0064CE8ADF6BF1747F4AD2306D93     FD3A5288F042B6850C66B31F09FE44734EB7990E     71DCFD284A79C3B38668286BC97EC7A07EDE3FC1     DD8F2338BAE7501E3DD5AC78C273792F7D83545D   ; do     gpg --keyserver ha.pool.sks-keyservers.net --recv-keys \"$key\"   ; done",
          "created": "1490217175000",
          "comment": "",
          "id": null,
          "sha": null,
          "tags": null,
          "layerNumber": null,
          "isBaseLayer": null,
          "isEmptyLayer": null
        },
        {
          "size": "322890800",
          "createdBy": "set -ex; \tapt-get update; \tapt-get install -y --no-install-recommends \t\tautoconf \t\tautomake \t\tbzip2 \t\tfile \t\tg++ \t\tgcc \t\timagemagick \t\tlibbz2-dev \t\tlibc6-dev \t\tlibcurl4-openssl-dev \t\tlibdb-dev \t\tlibevent-dev \t\tlibffi-dev \t\tlibgdbm-dev \t\tlibgeoip-dev \t\tlibglib2.0-dev \t\tlibjpeg-dev \t\tlibkrb5-dev \t\tliblzma-dev \t\tlibmagickcore-dev \t\tlibmagickwand-dev \t\tlibncurses-dev \t\tlibpng-dev \t\tlibpq-dev \t\tlibreadline-dev \t\tlibsqlite3-dev \t\tlibssl-dev \t\tlibtool \t\tlibwebp-dev \t\tlibxml2-dev \t\tlibxslt-dev \t\tlibyaml-dev \t\tmake \t\tpatch \t\txz-utils \t\tzlib1g-dev \t\t\t\t$( \t\t\tif apt-cache show 'default-libmysqlclient-dev' 2>/dev/null | grep -q '^Version:'; then \t\t\t\techo 'default-libmysqlclient-dev'; \t\t\telse \t\t\t\techo 'libmysqlclient-dev'; \t\t\tfi \t\t) \t; \trm -rf /var/lib/apt/lists/*",
          "created": "1490123534000",
          "comment": "",
          "id": null,
          "sha": null,
          "tags": null,
          "layerNumber": null,
          "isBaseLayer": null,
          "isEmptyLayer": null
        },
        {
          "size": "122928427",
          "createdBy": "apt-get update && apt-get install -y --no-install-recommends \t\tbzr \t\tgit \t\tmercurial \t\topenssh-client \t\tsubversion \t\t\t\tprocps \t&& rm -rf /var/lib/apt/lists/*",
          "created": "1490123476000",
          "comment": "",
          "id": null,
          "sha": null,
          "tags": null,
          "layerNumber": null,
          "isBaseLayer": null,
          "isEmptyLayer": null
        },
        {
          "size": "44641329",
          "createdBy": "apt-get update && apt-get install -y --no-install-recommends \t\tca-certificates \t\tcurl \t\twget \t&& rm -rf /var/lib/apt/lists/*",
          "created": "1490123458000",
          "comment": "",
          "id": null,
          "sha": null,
          "tags": null,
          "layerNumber": null,
          "isBaseLayer": null,
          "isEmptyLayer": null
        },
        {
          "size": "0",
          "createdBy": "CMD [\"/bin/bash\"]",
          "created": "1490120945000",
          "comment": "",
          "id": null,
          "sha": null,
          "tags": null,
          "layerNumber": null,
          "isBaseLayer": null,
          "isEmptyLayer": null
        },
        {
          "size": "123393418",
          "createdBy": "ADD file:4eedf861fb567fffb2694b65ebdd58d5e371a2c28c3863f363f333cb34e5eb7b in / ",
          "created": "1490120931000",
          "comment": "",
          "id": null,
          "sha": null,
          "tags": null,
          "layerNumber": null,
          "isBaseLayer": null,
          "isEmptyLayer": null
        }
      ],
      "architecture": "amd64",
      "imageId": "fdab38ea8e39",
      "lastScanned": null,
      "registryUuid": null,
      "source": [
        "GENERAL"
      ],
      "users": null,
      "lastFoundOnHost": {
        "sensorUuid": "75e30f2f-05f5-413f-9baf-0095b39347ad",
        "hostname": "localhost.localdomain",
        "ipAddress": "10.115.97.76",
        "uuid": "62fe1baa-0311-0002-ca34-0050568cd03b",
        "lastUpdated": "2024-08-22T10:52:22.065Z"
      },
      "lastUsedDate": null,
      "isDockerHubOfficial": null,
      "scanType": null,
      "scanTypes": null,
      "softwares": null,
      "vulnerabilities": null,
      "malware": null,
      "secrets": null,
      "lastMalwareScanned": null,
      "riskScore": null,
      "riskScoreCalculatedDate": null,
      "maxQdsScore": null,
      "qdsSeverity": null
      "criticality": 5,
      "criticalityUpdated": 1717098843553
    }
  ],
  "limit": 2
}

 

Containers APIs

Updated API: Fetch a List of Containers in your Account

New or Updated APIs New
API Endpoint (New version) /csapi/v1.3/containers
Method GET
DTD XSD Changes No
 
Sample: Fetch a List of Containers in your AccountSample: Fetch a List of Containers in your Account

API Request

    curl -X GET
'<qualys_base_url>/csapi/v1.3/containers?pageNumber=1&pageSize=50&sort=created:desc" \
-H "Authorization: Bearer <token>'

API Response 

{
 "data": [
 "imageId": "b798104c002a",
 "created": "1721713977000",
 "updated": "1721714109665",
 "sha":
"d838bcb622a003b767ace31039475f37a5d34f093f8de82a71536f3fcfcb839e",
 "uuid": "051a684a-9bad-3cb1-bf28-91084ee6e024",
 "name": "test-vul-propogation",
 "host": null,
 "state": "DELETED",
 "imageUuid": "fbdc0a10-7186-3439-8712-2db20df179e6",
 "containerId": "d838bcb622a0",
 "stateChanged": "1721714102790",
 "lastVmScanDate": null,
 "isRoot": null,
 "vulnerabilities": {
 "severity5Count": null,
 "severity3Count": null,
 "severity4Count": null,
 "severity1Count": null,
 "severity2Count": null
 },
 "exceptions": null,
 { "riskScore": 258,
 "riskScoreCalculatedDate": "1723567125904",
 "formulaUsed": "MIN (1000 , 2 * ( 1.0 * 64.70 * Pow(10,0.01) +
0.6 * 60.04 * Pow(26,0.01) + 0.4 * 44.35 * Pow(147,0.01) + 0.2 * 36.20 *
Pow(5,0.01) ))",
 "maxQdsScore": 95,
 "qdsSeverity": "CRITICAL",
 }
 "scanTypes": null,
 "cluster": null,
 "criticality": 3,
 "criticalityUpdated": "1717098843553",

 "compliance": {
 "failCount": 0,
 "passCount": 0,
 "errorCount": 0
 },
 "lastComplianceScanDate": null
 },
],
"count": 1
}

 

Updated API: Fetch Containers Details

New or Updated APIs New
API Endpoint (New version) /csapi/v1.3/containers/{containerSha}
Method GET
DTD XSD Changes No
 
Sample: Fetch Container Details Sample: Fetch Container Details 

API Request

    curl -X 'GET'
'<qualys_base_url>/csapi/v1.3/containers/647ae732d98e1bcceb7b02356bd7e873eef13c5916c3a1e9d95700ab893cc09f' \
-H 'accept: application/json' \
-H Authorization: Bearer <Token>

API Response 

{
 "portMapping": null,
 "imageId": "a6c0cb5dbd21",
 "created": "1683279176000",
 "updated": "1683622183866",
 "label": [
 {
 "key": "io.kubernetes.container.name",
 "value": "kube-flannel"
 },
 {
 "key": "io.kubernetes.sandbox.id",
 "value":
"48a021247b1d3bf3a2d269c2ff71604f54f4e827ca47584844870ed5591950c4"
 },
 {
 "key": "io.kubernetes.pod.uid",
 "value": "5a737762-77c2-4763-9c1c-84c15a2684f0"
 }
 ],
 "uuid": "a90b7cb5-c704-3343-b538-74c7807807a2",
 "sha":
"647ae732d98e1bcceb7b02356bd7e873eef13c5916c3a1e9d95700ab893cc09f",
 "privileged": false,
 "path": "/opt/bin/flanneld",
 "imageSha":
"a6c0cb5dbd21197123942b3469a881f936fd7735f2dc9a22763b6f777f24345e",
"macAddress": "",
 "customerUuid": "6a849349-****-****-****-e****e3a0019",
 "ipv4": null,
 "ipv6": null,
 "name": "k8s_kube-flannel_kube-flannel-ds-mpmq6_kubeflannel_5a737762-77c2-4763-9c1c-84c15a2684f0_0",
 "host": {
 "sensorUuid": "dae76860-22f7-4ef1-9a67-aef07944d92c",
 "hostname": "ip-10-**-9-***",
 "ipAddress": "10.**.9.***",
 "uuid": "86e028bd-f283-4468-a099-953a6a033728",
 "lastUpdated": "2023-05-09T08:47:15.854Z"
 },
 "hostArchitecture": [
 "x86_64"
 ],
 "state": "RUNNING",
 "imageUuid": "9baf9f85-f3bf-3259-b8d5-3cd51967d34a",
 "containerId": "647ae732d98e",
 "stateChanged": "1683528203674",
 "services": null,
 "users": [
 "root"
 ],
 "operatingSystem": "Alpine Linux 3.17.3",
 "lastScanned": "1683575890303",
 "source": "GENERAL",
 "isInstrumented": null,
 "environment": [
 "POD_NAME=kube-flannel-ds-mpmq6",
 "POD_NAMESPACE=kube-flannel",
 "KUBERNETES_SERVICE_HOST=10.96.0.1",
 "FLANNEL_ARCH=amd64",
 "KUBERNETES_PORT_443_TCP_PORT=xxx",
 "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
 "EVENT_QUEUE_DEPTH=5000",
 "KUBERNETES_SERVICE_PORT=xxx"
 ],
 "arguments": [
 "--kube-subnet-mgr",
 "--ip-masq"
 ],
 "command": "--ip-masq --kube-subnet-mgr",
 "drift": {
 "category": [],
 "reason": [],
 "software": [],
 "vulnerability": []
 },
 "vulnerabilities": [],
 "softwares": [
 {
 "name": "nghttp2-libs",
 "version": "1.51.0-r0",
 "scanType": null,
 "packagePath": null,
 "fixVersion": null,
 "vulnerabilities": null
 },
 {
 "name": "iproute2-minimal",
 "version": "6.0.0-r1",
 "scanType": null,
 "packagePath": null,
 "fixVersion": null,
 "vulnerabilities": null
 },
 ],
 "isDrift": false,
 "isRoot": true,
 "lastComplianceScanned": "1683622183866",
 "cluster": {
 "type": "KUBERNETES",
 "k8s": {
 "project": null,
 "pod": {
 "name": "kube-flannel-ds-mpmq6",
 "uuid": "5a737762-77c2-4763-9c1c-84c15a2684f0",
 "namespace": "kube-flannel",
 "namespaceMetadata": {
 "labels": [
 "label127:value127",
 "label117:value117",
 "label125:value125",
 "label35:value35",
 "kubernetes.io/metadata.name:kube-flannel",
 "label165:value165",
 "label247:value247",
 "pod-security.kubernetes.io/enforce:privileged",
 "label227:value227"
 ],
 "annotations": [
 "kubectl.kubernetes.io/last-appliedconfiguration:{\"apiVersion\":\"v1\",\"kind\":\"Namespace\",\"metadata\":{\"annotations\":{},\"labels\":{\"k8s-app\":\"flannel\",\"podsecurity.kubernetes.io/enforce\":\"privileged\"},\"name\":\"kubeflannel\"}}\n"
 ]
 },
 "label": [
 {
 "key": "tier",
 "value": "node"
 },
 {
 "key": "pod-template-generation",
 "value": "1"
 }
 ],
 "controller": [
 {
 "uuid": "3224eb6a-9040-4450-bfcf-6c969702bf79",
 "name": "kube-flannel-ds",
 "type": "DaemonSet"
 }
 ]
 },
 "node": {
 "name": "ip-10-**-9-***",
 "isMaster": false
 }
 },
 "version": "v1.26.3"
 },
 "cloudProvider": {
 "aws.ecs.container.subnetId": null,
 "aws.ec2.instanceId": "i-0ab8d3318979f529c",
 "aws.ecs.clusterName": null,
 "aws.ecs.container.macAddress": null,
 "aws.ecs.region.code": null,
 "aws.ecs.container.id": null,
 "aws.ecs.accountId": null
 }
 "exceptions": [
 {
 "uuid": "624efd86-6172-4851-beb1-75cb9b1634fb",
 "assignmentType": "CASCADE"
 },
 {
 "uuid": "c0b4ec8d-a186-4f2c-9a6d-3adc3dfb3cff",
 "assignmentType": "CASCADE"
 },
 {
 "uuid": "d7b11c61-dcf2-4cf5-b369-8877f1b619c6",
 "assignmentType": "MANUAL"
 }
 {"riskScore": 258,
 "riskScoreCalculatedDate": "1722355883371",
 "formulaUsed": "MIN (1000 , 2 * ( 1.0 * 64.70 * Pow(10,0.01) + 0.6 *60.04 * Pow(26,0.01) + 0.4 * 44.35 * Pow(147,0.01) + 0.2 *36.20*Pow(5,0.01) ))",
 "maxQdsScore": 87,
 "qdsSeverity": "CRITICAL"
 "criticality": 3,
 "criticalityUpdated": 1717098843553
,
 }
 ]
}

 

Updated API: Fetch a List of Containers (Bulk API)

New or Updated APIs New
API Endpoint (New version) /csapi/v1.3/containers/list
Method GET
DTD XSD Changes No
 
Sample: Fetch a List of Containers (Bulk API)Sample: Fetch a List of Containers (Bulk API)

API Request

    curl -X 'GET'
'<qualys_base_url>/csapi/v1.3/containers/647ae732d98e1bcceb7b02356bd7e873eef13c5916c3a1e9d95700ab893cc09f' \
-H 'accept: application/json' \
-H Authorization: Bearer <Token>

API Response 

{
  "data": [
    {
      "portMapping": null,
      "imageId": "ca2b0f26964c",
      "created": "1710410237000",
      "updated": "1724328658730",
      "label": [
        {
          "key": "org.opencontainers.image.ref.name",
          "value": "ubuntu"
        },
        {
          "key": "org.opencontainers.image.version",
          "value": "22.04"
        }
      ],
      "uuid": "c4cbf8f2-692f-3587-b366-7c71b47ba738",
      "sha": "5dc4b9f325eb98b0ba589be9e3f653bacd5a35a00707579c80f72913c2892f3b",
      "privileged": false,
      "path": "/bin/bash",
      "imageSha": "ca2b0f26964cf2e80ba3e084d5983dab293fdb87485dc6445f3f7bbfc89d7459",
      "macAddress": "",
      "customerUuid": "af24ca38-27a8-6bd9-8241-5ec3c9eecdb5",
      "ipv4": null,
      "ipv6": null,
      "name": "practical_yalow",
      "host": {
        "sensorUuid": "75e30f2f-05f5-413f-9baf-0095b39347ad",
        "hostname": "localhost.localdomain",
        "ipAddress": "10.115.97.76",
        "uuid": "62fe1baa-0311-0002-ca34-0050568cd03b",
        "lastUpdated": "2024-08-22T10:52:22.065Z"
      },
      "hostArchitecture": [
        "x86_64"
      ],
      "state": "UNKNOWN",
      "imageUuid": "27b4826f-c917-3fbd-97e0-580a30911409",
      "containerId": "5dc4b9f325eb",
      "stateChanged": "1724328658594",
      "services": null,
      "users": root,
      "operatingSystem": null,
      "lastScanned": null,
      "source": "GENERAL",
      "riskScore": 258,
      "riskScoreCalculatedDate": 1722355883371,
      "formulaUsed": "MIN (1000 , 2 * ( 1.0 * 64.70 * Pow(10,0.01) + 0.6 *60.04 * Pow(26,0.01) + 0.4 * 44.35 * Pow(147,0.01) + 0.2 * 36.20 *Pow(5,0.01) ))",,
      "maxQdsScore": 87,
      "qdsSeverity": CRITICAL,
      "scanTypes": null,
      "criticality": 3,
      "criticalityUpdated": 1717098843553,
      "environment": [
        "HTTPS_PROXY=http://10.xxx.27.xx:3xx8",
        "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
      ],
      "arguments": null,
      "command": "/bin/bash",
      "drift": null,
      "vulnerabilities": null,
      "softwares": null,
      "isDrift": false,
      "isRoot": true,
      "isExposedToWorld": null,
      "cluster": null
    },
    ],
  "limit": 1
}

 

Base Image Identification

With this release, you can detect the base image. It provides additional details about the images like base image SHA, child image count associated with that image, processing time for SBOM, and base image processing.

The following APIs are updated for this feature.

Updated API: Fetch a List of Images in your Account

New or Updated APIs Updated
API Endpoint (New version) /csapi/v1.3/images
Method GET
DTD XSD Changes No

 

Output ParametersOutput Parameters

The following table shows the output parameters introduced for this feature in this API. To see these parameters, refer to the API Response given below.

Parameter

Data Type

Description

baseImage   String Specify base image ID or name. 
childImagesCount  Integer Indicates number of child images present in the base image.
sbomLayerProcessingTimestamp   String Indicates the time at which the SBOM layer was processed.
baseImageProcessingTimestamp  String Indicates the time at which the base image was processed.
Sample: Fetch a List of Images in your AccountSample: Fetch a List of Images in your Account

API Request

    curl -X 'GET'
'<qualys_base_url>/csapi/v1.3/images' \
-H 'accept: application/json' \
-H Authorization: Bearer <Token>

API Response 

{
  "data": [
    {
      "created": "1730886248000",
      "updated": "1731078956569",
      "lastUsedDate": null,
      "sha": "0d3c77cfe7f540bb04568941cbc7c91c906823fd9a57f2c7b8df7abc9692b22f",
      "repo": [
        {
          "registry": "docker.io",
          "tag": "scatestchildimg",
          "repository": "qualysdockerhub/repotest"
        }
      ],
      "repoDigests": [
        {
          "registry": "docker.io",
          "digest": "829a5795898044a133af696d0a89a120b8f5fe5fc240ce3fb783023b730108aa",
          "repository": "qualysdockerhub/repotest"
        }
      ],
      "uuid": "c2ea9884-2adc-3407-bc69-4aca4b8ac4ac",
      "size": 1876180009,
      "vulnerabilities": {
        "severity5Count": 6,
        "severity3Count": 15,
        "severity4Count": 15,
        "severity1Count": 0,
        "severity2Count": 2
      },
      "imageId": "0d3c77cfe7f5",
      "associatedContainersCount": 0,
      "associatedHostsCount": 1,
      "lastVmScanDate": "1731078956569",
      "registryUuid": null,
      "source": [
        "GENERAL"
      ],
      "isDockerHubOfficial": false,
      "scanType": null,
      "scanTypes": [
        "SCA",
        "DYNAMIC"
      ],
      "scanErrorCode": null,
      "scanStatus": null,
      "lastFoundOnHost": {
        "sensorUuid": "fe999c1c-2554-4925-9fee-afe94de3fd66",
        "hostname": "ip-10-82-11-118",
        "ipAddress": "10.82.11.118",
        "uuid": "854a41ef-835a-4a5d-9a22-1a946cced371",
        "lastUpdated": "2024-11-08T09:51:11.311Z"
      },
      "exceptions": null,
      "riskScore": 250,
      "riskScoreCalculatedDate": "1731078744423",
      "maxQdsScore": 72,
      "qdsSeverity": "HIGH",
      "lastScannedBySensor": null,
      "scanErrorMessage": null,
      "criticality": null,
      "criticalityUpdated": null,
      "baseImage": "6c8de432fc7f7d8c58899f61982d1662ec6b73fb3ef92f862ba170dcc5b64fa9",
      "childImagesCount": 0,
      "sbomLayerProcessingTimestamp": "1731059969786",
      "baseImageProcessingTimestamp": "1731059970069",
      "compliance": {
        "failCount": 0,
        "passCount": 0,
        "errorCount": 0
      },
      "lastComplianceScanDate": null
    },

 

Updated API: Fetch Image Details

New or Updated APIs Updated
API Endpoint (New version) /csapi/v1.3/images/{imageSha}
Method GET
DTD XSD Changes No

 

Output ParametersOutput Parameters

The following table shows the output parameters introduced for this feature in this API. To see these parameters, refer to the API Response given below.

Parameter

Data Type

Description

layerNumber      Integer Specify the layer number.
isBaseLayer  Boolean Specify if the image is base image.
Valid Values: yes or no
baseImage   String Specify base image ID or name. 
childImagesCount  Integer Indicates number of child images present in the base image.
sbomLayerProcessingTimestamp   String Indicates the time at which the SBOM layer was processed.
baseImageProcessingTimestamp  String Indicates the time at which the base image was processed.
Sample: Fetch Image DetailsSample: Fetch Image Details

API Request

    curl -X 'GET'
'<qualys_base_url>/csapi/v1.3/images/647ae732d98e1bcceb7b02356bd7e873eef13c5916c3a1e9d95700ab893cc09f' \
-H 'accept: application/json' \
-H Authorization: Bearer <Token>

API Response 

{
  "created": "1730118235000",
  "updated": "1731496560064",
  "lastUsedDate": null,
  "author": "",
  "repo": [
    {
      "registry": "docker.io",
      "tag": "mychildimg",
      "repository": "qualysdockerhub/testvk"
    }
  ],
  "repoDigests": [
    {
      "registry": "docker.io",
      "digest": "5cdc764ee36105fc1b6faf510cbcd58831f6288723af80cb129fe80bacb8ee57",
      "repository": "qualysdockerhub/testvk"
    }
  ],
  "label": [
    {
      "key": "org.opencontainers.image.ref.name",
      "value": "ubuntu"
    },
    {
      "key": "org.opencontainers.image.version",
      "value": "20.04"
    }
  ],
  "uuid": "093b245c-c23e-3e7c-9dfb-104bd9e7b979",
  "sha": "821f51aeaa3f7f7d1f2afd0528f227fd67e224e1576b51f5c634de0ce2605d4a",
  "operatingSystem": "Ubuntu Linux 20.04.6",
  "customerUuid": "090a1b6b-0bbb-7c4b-82a5-81395a4402b3",
  "dockerVersion": "24.0.7",
  "size": 90686992,
  "layers": [
    {
      "size": null,
      "createdBy": "ARG RELEASE",
      "created": "1728617905000",
      "comment": null,
      "id": null,
      "sha": "",
      "tags": null,
      "layerNumber": 1,
      "isBaseLayer": true,
      "isEmptyLayer": true
    },
    {
      "size": null,
      "createdBy": "RUN apt-get update && apt-get install -y     curl     && rm -rf /var/lib/apt/lists/*",
      "created": "1730118010000",
      "comment": null,
      "id": "dc9f0aa8da3f",
      "sha": "dc9f0aa8da3f0dcac5ca12a0ba4074e8dbbe301fe532e79bf27363b51dbd6f1f",
      "tags": null,
      "layerNumber": 7,
      "isBaseLayer": true,
      "isEmptyLayer": false
    },
    {
      "size": null,
      "createdBy": "RUN apt-get update && apt-get install -y     wget     && rm -rf /var/lib/apt/lists/*",
      "created": "1730118235000",
      "comment": null,
      "id": "70958f007e32",
      "sha": "70958f007e324e89351a73c36b95ad73be20a6c6a3c04836afec3ec882331794",
      "tags": null,
      "layerNumber": 8,
      "isBaseLayer": false,
      "isEmptyLayer": false
    }
  ],
  "host": [
    {
      "sensorUuid": "90e18a3d-0b1d-4603-a670-569994346804",
      "hostname": "ip-10-82-8-187",
      "ipAddress": "10.82.8.187",
      "uuid": "76aa7fc3-1af3-4afc-9e83-98aa230cb4be",
      "lastUpdated": null
    }
  ],
  "hostArchitecture": [
    "x86_64"
  ],
  "architecture": "amd64",
  "imageId": "821f51aeaa3f",
  "lastScanned": "1731496559882",
  "registryUuid": null,
  "source": [
    "CICD"
  ],
  "totalVulCount": "0",
  "users": null,
  "isDockerHubOfficial": null,
  "scanType": null,
  "scanTypes": [
    "SCA",
    "DYNAMIC"
  ],
  "scanErrorCode": null,
  "scanStatus": "SUCCESS",
  "lastFoundOnHost": null,
  "lastScannedBySensor": "90e18a3d-0b1d-4603-a670-569994346804",
  "scanErrorMessage": null,
  "malware": null,
  "lastMalwareScanned": null,
  "exceptions": null,
  "secrets": null,
  "lastSecretScanned": null,
  "riskScore": 0,
  "riskScoreCalculatedDate": "1731496559882",
  "formulaUsed": "MIN (1000 , 2 * ( 1.0 * 0 * Pow(0,0.01) + 0.6 * 0 * Pow(0,0.01) + 0.4 * 0 * Pow(0,0.01) + 0.2 * 0 * Pow(0,0.01) ))",
  "maxQdsScore": null,
  "qdsSeverity": null,
  "criticality": null,
  "criticalityUpdated": null,
  "baseImage": "7a9ac57a87becb3f00a35a6fa5939276a0363963b2822b44f0f9e99e399740f0",
  "childImagesCount": 0,
  "sbomLayerProcessingTimestamp": "1731496559846",
  "baseImageProcessingTimestamp": "1731496560037",
  "softwares": [
    {
      "name": "libext2fs2:amd64",
      "version": "1.45.5-2ubuntu1.2",
      "scanType": "DYNAMIC",
      "packagePath": null,
      "fixVersion": null,
      "vulnerabilities": null
    },
    {
      "name": "libgpg-error0:amd64",
      "version": "1.37-1",
      "scanType": "DYNAMIC",
      "packagePath": null,
      "fixVersion": null,
      "vulnerabilities": null
    },
    {
      "name": "libgcrypt20:amd64",
      "version": "1.8.5-5ubuntu1.1",
      "scanType": "DYNAMIC",
      "packagePath": null,
      "fixVersion": null,
      "vulnerabilities": null
    },
    {
      "name": "libkrb5support0:amd64",
      "version": "1.17-6ubuntu4.7",
      "scanType": "DYNAMIC",
      "packagePath": null,
      "fixVersion": null,
      "vulnerabilities": null
    },
    {
      "name": "bzip2",
      "version": "1.0.8-2",
      "scanType": "DYNAMIC",
      "packagePath": null,
      "fixVersion": null,
      "vulnerabilities": null
    },
    {
      "name": "libsemanage1:amd64",
      "version": "3.0-1build2",
      "scanType": "DYNAMIC",
      "packagePath": null,
      "fixVersion": null,
      "vulnerabilities": null
    },
    {
      "name": "libudev1:amd64",
      "version": "245.4-4ubuntu3.24",
      "scanType": "DYNAMIC",
      "packagePath": null,
      "fixVersion": null,
      "vulnerabilities": null
    },
    {
      "name": "init-system-helpers",
      "version": "1.57",
      "scanType": "DYNAMIC",
      "packagePath": null,
      "fixVersion": null,
      "vulnerabilities": null
    },
    {
      "name": "bsdutils",
      "version": "1:2.34-0.1ubuntu9.6",
      "scanType": "DYNAMIC",
      "packagePath": null,
      "fixVersion": null,
      "vulnerabilities": null
    }
  ],
  "vulnerabilities": [],
  "lastComplianceScanned": "1731496452537"
}

 

Bulk Registry Schedules

With this release, you can get more than 10,000 registry schedules using a single API request. To do this, the following API is introduced. 

Fetch a List of Registry Schedules in Bulk -

GET /csapi/v1.3/registry/{registryId}/schedule/list

For the registry schedules less than 10,000, you can use Fetch a List of Schedules Created for a Registry (GET /v1.3/registry/{registryId}/schedule) API.

 

New API: Fetch a List of Registry Schedules in Bulk

New or Updated APIs New
API Endpoint (New version) /csapi/v1.3/registry/{registryId}/schedule/list
Method GET
DTD XSD Changes No

 

Input ParametersInput Parameters

The following table shows the input parameters applicable to this API.

Parameter

Mandatry/Optional

Data Type

Description

registryId  Mandatory  string The ID of the registry for which you want to list the schedules.
filter  Optional  string Filter the registry schedules by providing a query using Qualys syntax.
paginationQuery      Optional  string     Provide a query to filter the next page. You can find the pagination query for the next page in the "nexturl" response header. 
limit  Optional  integer Specify the number of records to include in the response. Enter a value from 1 to 250.
Sample: Fetch a List of Schedules in your RegistrySample: Fetch a List of Schedules in your Registry

API Request

    curl -X 'GET'
'<qualys_base_url>/csapi/v1.3/registry/{registryId}/schedule/list?limit=2' \
-H 'accept: application/json' \
-H Authorization: Bearer <Token>

API Response 

{
    "data": [
        {
            "scheduleUuid": "7ee9271c-62a9-4cdb-8b84-706c06f37fa2",
            "onDemand": true,
            "created": "1732188118513",
            "updated": "1732188134485",
            "jobStartDate": "1732188134485",
            "jobCompletionDate": "1732188186217",
            "name": null,
            "errors": null,
            "schedule": "00:00",
            "filters": [
                {
                    "repoTags": [
                        {
                            "repo": "john_doe/secret-detection",
                            "tag": "all-combo-keywords"
                        }
                    ],
                    "days": null
                }
            ],
            "additionalFilters": null,
            "status": "Finished",
            "pendingScanJobsCount": 0,
            "jobListingStartDate": "1732188134485",
            "jobListingCompletionDate": null,
            "jobScanningStartDate": null,
            "jobScanningCompletionDate": "1732188186217",
            "forceScan": false,
            "scheduleIntervalInDays": 1,
            "weekDay": null,
            "orgName": ""
        },
        {
            "scheduleUuid": "93b04b02-77fa-4e73-9630-d114e4af11f2",
            "onDemand": true,
            "created": "1732189749338",
            "updated": "1732189801763",
            "jobStartDate": "1732189801763",
            "jobCompletionDate": "1732189879157",
            "name": null,
            "errors": null,
            "schedule": "00:00",
            "filters": [
                {
                    "repoTags": [
                        {
                            "repo": "john_doe/secret-detection",
                            "tag": "all-combo-keywords"
                        }
                    ],
                    "days": null
                }
            ],
            "additionalFilters": null,
            "status": "Finished",
            "pendingScanJobsCount": 0,
            "jobListingStartDate": "1732189801763",
            "jobListingCompletionDate": null,
            "jobScanningStartDate": null,
            "jobScanningCompletionDate": "1732189879157",
            "forceScan": false,
            "scheduleIntervalInDays": 1,
            "weekDay": null,
            "orgName": ""
        }
    ],
    "limit": 2
}