Release 1.37 API
March 11, 2025
Before understanding the API release highlights, learn more about the API server URL to be used in your API requests by referring to the Know Your Qualys API Server URL section. For this API Release Notes, <qualys_base_url> is mentioned in the sample API requests.
What's New?
With the Container Security 1.37 release, the following enhancements in APIs are made.
- Ability to Identify Vulnerabilities per Image Layer
- Support RedHat Scanner Certification in Images and Containers
- Ability to Enable or Disable Vulnerability Exception
- Support Host Architecture Column in Container Reports
Ability to Identify Vulnerabilities per Image Layer
With this release, the response section of some Image APIs shows the Layer Shas (layerSha) of the images having the same vulnerability. To support this feature, the following APIs are updated.
- Fetch Image Details -
GET /csapi/v1.3/images/{imageSha} - Fetch Vulnerability Details for an Image -
GET /csapi/v1.3/images/{imageSha}/vuln - Fetch a List of Images (Bulk API) -
GET /csapi/v1.3/images/list - Fetch a List of Software Installed in an Image -
GET /csapi/v1.3/images/{imageSha}/software
Updated API: Fetch Images Details
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/images/{imageSha} |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch Image DetailsSample: Fetch Image Details
API Request
curl -X 'GET'
'<qualys_base_url>/csapi/v1.3/images/c0d70a7b0a0d705941f4fc3e86b4fa67370011e4695c6306537251e31d7e0458' \
-H 'accept: application/json' \
-H Authorization: Bearer <Token> \
-H 'Content-Type: application/json'
API Response
In the response below, the newly added 'layerSha' field shows the layerSha of the image in which the vulnerability was found.
{
"created": "1712222311000",
"updated": "1738827505696",
"lastUsedDate": null,
"author": "",
"repo": [
{
"registry": null,
"tag": "static-amazonlinux3-sca-secret-malware",
"repository": "qualysdockerhub/overlay-functional"
},
{
"registry": "registry-1.docker.io",
"tag": "static-amazonlinux3-sca-secret-malware",
"repository": "qualysdockerhub/overlay-functional"
},
{
"registry": "docker.io",
"tag": "static-amazonlinux3-sca-secret-malware",
"repository": "qualysdockerhub/overlay-functional"
}
],
"repoDigests": [
{
"registry": "registry-1.docker.io",
"digest": "1be6cdf5f6eaf97ebdde466d8c6d75435e90679eb4a70f212c0821550735b0ca",
"repository": "qualysdockerhub/overlay-functional"
},
{
"registry": null,
"digest": "1be6cdf5f6eaf97ebdde466d8c6d75435e90679eb4a70f212c0821550735b0ca",
"repository": "qualysdockerhub/overlay-functional"
},
{
"registry": "docker.io",
"digest": "1be6cdf5f6eaf97ebdde466d8c6d75435e90679eb4a70f212c0821550735b0ca",
"repository": "qualysdockerhub/overlay-functional"
}
],
"label": null,
"uuid": "9963e63a-3200-336c-be59-8f1bd01bbe81",
"sha": "c0d70a7b0a0d705941f4fc3e86b4fa67370011e4695c6306537251e31d7e0458",
"operatingSystem": "Amazon Linux 2017.03",
"customerUuid": "0cab77d3-ae4e-6e66-8022-bc1f2e37eafc",
"dockerVersion": "20.10.7",
"size": 658859554,
"layers": [
{
"size": null,
"createdBy": "ADD file:f3cf8c8e1ec2c8a1def08d5a104ce873febd881e68bb614a36aa94fc158d0fe7 in / ",
"created": "1491583412000",
"comment": null,
"id": "ec7e9b7a9687",
"sha": "ec7e9b7a9687c54974be3e2dee312c06f52762c58b670561bd49dcb14c225dfa",
"tags": null,
"layerNumber": 1,
"isBaseLayer": null,
"isEmptyLayer": false,
"vulnStats": {
"severity5Count": 25,
"severity3Count": 63,
"severity4Count": 45,
"severity1Count": 0,
"severity2Count": 9
}
},
{
"size": null,
"createdBy": "CMD [\"/bin/bash\"]",
"created": "1491583413000",
"comment": null,
"id": null,
"sha": "",
"tags": null,
"layerNumber": 2,
"isBaseLayer": null,
"isEmptyLayer": true,
"vulnStats": null
},
{
"size": null,
"createdBy": "COPY dir:6822415285dd8a9e0f20955a86f71ef0965e1b9731e8ccbf8da539dc92bddb52 in /root/spring/ ",
"created": "1712145747000",
"comment": null,
"id": "36499e9e1e5c",
"sha": "36499e9e1e5c20dc6f21a324b7e8ea53f56abb6a8c9b8103e39d2dcf33522e2d",
"tags": null,
"layerNumber": 3,
"isBaseLayer": null,
"isEmptyLayer": false,
"vulnStats": {
"severity5Count": 3,
"severity3Count": 5,
"severity4Count": 9,
"severity1Count": 0,
"severity2Count": 1
}
},
],
"host": [
{
"sensorUuid": "97001e9e-eed9-442e-9cfd-a8c3beba86b9",
"hostname": "ip-10-82-8-107",
"ipAddress": "10.82.8.107",
"uuid": "45ab0968-1e7b-4848-9143-a804319a8dd6",
"lastUpdated": "2025-02-04T09:38:03.502Z"
}
],
"hostArchitecture": [
"x86_64"
],
"architecture": "amd64",
"imageId": "c0d70a7b0a0d",
"lastScanned": "1738827505696",
"registryUuid": [
"18871aad-720b-42b0-b373-3cbbe741f6a0"
],
"source": [
"GENERAL",
"REGISTRY"
],
"totalVulCount": "333",
"users": null,
"isDockerHubOfficial": null,
"scanType": null,
"scanTypes": [
"STATIC",
"SCA"
],
"scanErrorCode": null,
"scanStatus": "SUCCESS",
"lastFoundOnHost": {
"sensorUuid": "97001e9e-eed9-442e-9cfd-a8c3beba86b9",
"hostname": "ip-10-82-8-107",
"ipAddress": "10.82.8.107",
"uuid": "45ab0968-1e7b-4848-9143-a804319a8dd6",
"lastUpdated": "2025-02-04T09:38:03.502Z"
},
"lastScannedBySensor": "26bdf9a1-3fac-4c3f-88be-f0566b2a74a4",
"scanErrorMessage": null,
"malware": null,
"lastMalwareScanned": null,
"exceptions": null,
"secrets": null,
"lastSecretScanned": null,
"riskScore": 250,
"riskScoreCalculatedDate": "1738827505638",
"formulaUsed": "MIN (1000 , 2 * ( 1.0 * 70.88 * Pow(52,0.01) + 0.6 * 42.30 * Pow(127,0.01) + 0.4 * 40.57 * Pow(130,0.01) + 0.2 * 36.00 * Pow(16,0.01) ))",
"maxQdsScore": 100,
"qdsSeverity": "CRITICAL",
"criticality": null,
"criticalityUpdated": null,
"baseImage": null,
"childImagesCount": 0,
"sbomLayerProcessingTimestamp": "1738660042711",
"baseImageProcessingTimestamp": null,
"softwares": [
{
"name": "org.apache.pulsar:pulsar-presto-connector-original",
"version": "2.4.0",
"scanType": "SCA",
"packagePath": "root/random/lib/presto/plugin/pulsar-presto-connector/pulsar-presto-connector-original-2.4.0.jar",
"fixVersion": null,
"vulnerabilities": null,
"layerSha": "a89a93d2f3594bb3aaaaa42f4baed95aa1e69c17b679ae69892ff391daaa62b0"
},
{
"name": "io.airlift:aircompressor",
"version": "0.11",
"scanType": "SCA",
"packagePath": "root/random/lib/presto/lib/aircompressor-0.11.jar",
"fixVersion": "0.27",
"vulnerabilities": [
{
"vulnerability": null,
"result": "#table cols=\"5\"\nPackage Installed_Version Required_Version Language Install_Path\nio.airlift:aircompressor 0.11 0.27 Java root/random/lib/presto/lib/aircompressor-0.11.jar",
"lastFound": "1738827505622",
"firstFound": "1738660043494",
"severity": 4,
"customerSeverity": 4,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 40,
"category": "SCA",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"CA-Windows Agent",
"CA-Linux Agent",
"SCA",
"CS-Windows",
"CS-Linux"
],
"product": [
"maven"
],
"vendor": [
"maven"
],
"cveids": [
"CVE-2024-36114"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": null,
"highLateralMovement": true,
"easyExploit": null,
"highDataLoss": null,
"noPatch": null,
"denialOfService": null,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null
},
"qid": 999919,
"title": "Java (Maven) Security Update for io.airlift:aircompressor (GHSA-973x-65j7-xcf4)",
"cvssInfo": {
"baseScore": "5.4",
"temporalScore": "4.0",
"accessVector": "Adjacent Network"
},
"cvss3Info": {
"baseScore": "8.6",
"temporalScore": "7.5"
},
"patchAvailable": true,
"published": null,
"scanType": [
"SCA"
],
"qdsScore": 35,
"isExempted": null,
"vendorData": null,
"software": null
}
],
"layerSha": "a89a93d2f3594bb3aaaaa42f4baed95aa1e69c17b679ae69892ff391daaa62b0"
},
{
"vulnerability": null,
"result": "#table cols=\"3\"\nPackage Installed_Version Required_Version\ncurl 7.51.0-4.73.amzn1.x86__64 7.61.1-12.100.amzn1\nlibcurl 7.51.0-4.73.amzn1.x86__64 7.61.1-12.100.amzn1\ncurl 7.51.0-4.73.amzn1.x86__64 7.61.1-12.100.amzn1",
"lastFound": "1738827505518",
"firstFound": "1738660042946",
"severity": 3,
"customerSeverity": 3,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 30,
"category": "Amazon Linux",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"VM",
"CA-Linux Agent"
],
"product": [
"curl"
],
"vendor": [
"amazon linux"
],
"cveids": [
"CVE-2021-22947",
"CVE-2021-22946"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": true,
"highLateralMovement": null,
"easyExploit": true,
"highDataLoss": null,
"noPatch": null,
"denialOfService": null,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null
},
"qid": 352874,
"title": "Amazon Linux Security Advisory for curl : ALAS-2021-1549",
"cvssInfo": {
"baseScore": "5.0",
"temporalScore": "3.9",
"accessVector": "Network"
},
"cvss3Info": {
"baseScore": "7.5",
"temporalScore": "6.7"
},
"patchAvailable": true,
"published": 1637239653000,
"scanType": [
"STATIC"
],
"qdsScore": 41,
"isExempted": false,
"vendorData": null,
"software": [
{
"name": "curl",
"version": "7.51.0-4.73.amzn1",
"scanType": "STATIC",
"packagePath": null,
"fixVersion": "7.61.1-12.100.amzn1",
"vulnerabilities": null
},
{
"name": "libcurl",
"version": "7.51.0-4.73.amzn1",
"scanType": "STATIC",
"packagePath": null,
"fixVersion": "7.61.1-12.100.amzn1",
"vulnerabilities": null
}
],
"layerSha": [
"ec7e9b7a9687c54974be3e2dee312c06f52762c58b670561bd49dcb14c225dfa"
]
}
],
"lastComplianceScanned": "1738662697146"
}
Updated API: Fetch Vulnerability Details for an Image
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/images/{imageSha}/vuln |
| Method | GET |
| DTD XSD Changes | No |
Input ParametersInput Parameters
With this release, the following input parameter is introduced.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| type | Optional | string | Use this to choose the data to be sent to Qualys Enterprise TruRisk™ Platform (ETP). Valid Values:
|
| applyException | Optional | integer | Use this to enable or disable exceptions. Valid values: true/false Default value: true |
Sample: Fetch Vulnerability Details of an Image Sample: Fetch Vulnerability Details of an Image
API Request
curl -X 'GET' '<qualys_base_url>/csapi/v1.3/images/76c8fb57b6fc8599de38027112c47170bd19f99e7945392bd78d6816db01f4ad/vuln? type=ALL&sort=vulnerabilities.qid%3Aasc&applyException=false' \ -H 'accept: application/json' \ -H Authorization: Bearer <Token>
API Response
In the response given below, the layerSha field is newly introduced which shows the image layerSha having the respective vulnerability.
{
"details":
[
{
"vulnerability": null,
"result": "#table cols=\"3\"\nPackage Installed_Version Required_Version\nexpat 2.1.0-10.21.amzn1.x86__64 2.1.0-14.31.amzn1\nexpat 2.1.0-10.21.amzn1.x86__64 2.1.0-14.31.amzn1",
"lastFound": "1738827505526",
"firstFound": "1738660042992",
"severity": 5,
"customerSeverity": 5,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 50,
"category": "Amazon Linux",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"VM",
"CA-Linux Agent"
],
"product": [
"expat"
],
"vendor": [
"amazon linux"
],
"cveids": [
"CVE-2022-22827",
"CVE-2022-22826",
"CVE-2022-22823",
"CVE-2022-22824",
"CVE-2021-46143",
"CVE-2022-22822",
"CVE-2022-22825"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": true,
"highLateralMovement": null,
"easyExploit": true,
"highDataLoss": null,
"noPatch": null,
"denialOfService": null,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null
},
"qid": 353975,
"title": "Amazon Linux Security Advisory for expat : ALAS-2022-1603",
"cvssInfo": {
"baseScore": "7.5",
"temporalScore": "5.9",
"accessVector": "Network"
},
"cvss3Info": {
"baseScore": "9.8",
"temporalScore": "8.8"
},
"patchAvailable": true,
"published": 1657545460000,
"scanType": [
"STATIC"
],
"qdsScore": 65,
"isExempted": false,
"vendorData": null,
"software": [
{
"name": "expat",
"version": "2.1.0-10.21.amzn1",
"scanType": "STATIC",
"packagePath": null,
"fixVersion": "2.1.0-14.31.amzn1",
"vulnerabilities": null
}
],
"layerSha": [
"ec7e9b7a9687c54974be3e2dee312c06f52762c58b670561bd49dcb14c225dfa"
]
},
{
"vulnerability": null,
"result": "#table cols=\"3\"\nPackage Installed_Version Required_Version\nopenssl 1.0.1k-15.99.amzn1.x86__64 1.0.2k-16.159.amzn1\nopenssl 1.0.1k-15.99.amzn1.x86__64 1.0.2k-16.159.amzn1",
"lastFound": "1738827505526",
"firstFound": "1738660042995",
"severity": 5,
"customerSeverity": 5,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 50,
"category": "Amazon Linux",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"VM",
"CA-Linux Agent"
],
"product": [
"openssl"
],
"vendor": [
"amazon linux"
],
"cveids": [
"CVE-2022-2068"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": true,
"highLateralMovement": true,
"easyExploit": true,
"highDataLoss": true,
"noPatch": null,
"denialOfService": true,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null
},
"qid": 354035,
"title": "Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS-2022-1626",
"cvssInfo": {
"baseScore": "10.0",
"temporalScore": "7.8",
"accessVector": "Network"
},
"cvss3Info": {
"baseScore": "9.8",
"temporalScore": "8.8"
},
"patchAvailable": true,
"published": 1659963868000,
"scanType": [
"STATIC"
],
"qdsScore": 95,
"isExempted": false,
"vendorData": null,
"software": [
{
"name": "openssl",
"version": "1.0.1k-15.99.amzn1",
"scanType": "STATIC",
"packagePath": null,
"fixVersion": "1.0.2k-16.159.amzn1",
"vulnerabilities": null
}
],
"layerSha": [
"ec7e9b7a9687c54974be3e2dee312c06f52762c58b670561bd49dcb14c225dfa"
]
},
{
"vulnerability": null,
"result": "#table cols=\"5\"\nPackage Installed_Version Required_Version Language Install_Path\ncom.fasterxml.jackson.core:jackson-databind 2.8.11.3 2.9.10.7 Java root/random/lib/presto/plugin/pulsar-presto-connector/jackson-databind-2.8.11.3.jar\ncom.fasterxml.jackson.core:jackson-databind 2.8.11.3 2.9.10.7 Java root/random/lib/presto/lib/jackson-databind-2.8.11.3.jar\ncom.fasterxml.jackson.core:jackson-databind 2.9.8 2.9.10.7 Java root/log4j/java-instance.jar\ncom.fasterxml.jackson.core:jackson-databind 2.9.8 2.9.10.7 Java root/random/java-instance.jar\ncom.fasterxml.jackson.core:jackson-databind 2.9.8 2.9.10.7 Java root/random/lib/com.fasterxml.jackson.core-jackson-databind-2.9.8.jar",
"lastFound": "1738827505607",
"firstFound": "1738660043412",
"severity": 4,
"customerSeverity": 4,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 40,
"category": "SCA",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"CA-Windows Agent",
"CA-Linux Agent",
"SCA",
"CS-Windows",
"CS-Linux"
],
"product": [
"jackson-databind",
"oncommand_insight",
"oncommand_api_services",
"service_level_manager",
"active_iq_unified_manager"
],
"vendor": [
"fasterxml",
"netapp",
"netapp",
"netapp",
"netapp"
],
"cveids": [
"CVE-2021-20190"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": null,
"highLateralMovement": null,
"easyExploit": null,
"highDataLoss": null,
"noPatch": null,
"denialOfService": true,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null
},
"qid": 982711,
"title": "Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-5949-rw7g-wx7w)",
"cvssInfo": {
"baseScore": "8.3",
"temporalScore": "6.1",
"accessVector": "Network"
},
"cvss3Info": {
"baseScore": "8.1",
"temporalScore": "7.1"
},
"patchAvailable": true,
"published": 1647355408000,
"scanType": [
"SCA"
],
"qdsScore": 35,
"isExempted": false,
"vendorData": null,
"software": [
{
"name": "com.fasterxml.jackson.core:jackson-databind",
"version": "2.8.11.3",
"scanType": "SCA",
"packagePath": "root/random/lib/presto/plugin/pulsar-presto-connector/jackson-databind-2.8.11.3.jar",
"fixVersion": "2.9.10.7",
"vulnerabilities": null
},
{
"name": "com.fasterxml.jackson.core:jackson-databind",
"version": "2.9.8",
"scanType": "SCA",
"packagePath": "root/random/java-instance.jar",
"fixVersion": "2.9.10.7",
"vulnerabilities": null
}
],
"layerSha": [
"a89a93d2f3594bb3aaaaa42f4baed95aa1e69c17b679ae69892ff391daaa62b0"
]
},
],
"vulnSummary": {
"confirmed": {
"sev1Count": 0,
"sev5Count": 54,
"sev2Count": 18,
"sev4Count": 130,
"sev3Count": 131
},
"potential": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 0,
"sev3Count": 0
},
"patchAvailability": {
"confirmed": {
"sev1Count": 0,
"sev5Count": 45,
"sev2Count": 18,
"sev4Count": 127,
"sev3Count": 122
},
"potential": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 0,
"sev3Count": 0
}
}
}
}
Updated API: Fetch a List of Images (Bulk API)
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/images/list |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch a List of Images (Bulk API)Sample: Fetch a List of Images (Bulk API)
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/images/list?limit=1' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
API Response
{
"data": [
{
"created": "1483729557000",
"updated": "1738920639385",
"author": "",
"repo": [
{
"registry": "docker.io",
"tag": "latest",
"repository": "rails"
},
{
"registry": null,
"tag": "latest",
"repository": "rails"
}
],
"repoDigests": [
{
"registry": "docker.io",
"digest": "aec52fe81ff0e99d64174001fbdf44c3bc9e1869756dec05c447f52a0fe637e7",
"repository": "rails"
},
{
"registry": null,
"digest": "aec52fe81ff0e99d64174001fbdf44c3bc9e1869756dec05c447f52a0fe637e7",
"repository": "rails"
}
],
"label": null,
"uuid": "54a92046-a7a5-38fa-8046-a6ed4f9cacf1",
"sha": "660f41442a278fab36077eaad1cb0bce5e0842b5ad5e34d0e3bb9ccf995391d3",
"operatingSystem": "Debian Linux 8.6",
"customerUuid": "0cab77d3-ae4e-6e66-8022-bc1f2e37eafc",
"dockerVersion": "1.12.3",
"size": 840234153,
"layers": [
{
"size": null,
"createdBy": "ADD file:1d214d2782eaccc743b8d683ccecf2f87f12a0ecdfbcd6fdf4943ce616f23870 in / ",
"created": "1481667059000",
"comment": null,
"id": "b6ca02dfe5e6",
"sha": "b6ca02dfe5e62c58dacb1dec16eb42ed35761c15562485f9da9364bb7c90b9b3",
"tags": null,
"layerNumber": 1,
"isBaseLayer": null,
"isEmptyLayer": false,
"vulnStats": {
"severity5Count": 6,
"severity3Count": 33,
"severity4Count": 3,
"severity1Count": 2,
"severity2Count": 2
}
},
{
"size": null,
"createdBy": "CMD [\"/bin/bash\"]",
"created": "1481667059000",
"comment": null,
"id": null,
"sha": "",
"tags": null,
"layerNumber": 2,
"isBaseLayer": null,
"isEmptyLayer": true,
"vulnStats": null
},
{
"size": null,
"createdBy": "RUN apt-get update && apt-get install -y --no-install-recommends \t\tca-certificates \t\tcurl \t\twget \t&& rm -rf /var/lib/apt/lists/*",
"created": "1481670011000",
"comment": null,
"id": "60a0858edcd5",
"sha": "60a0858edcd5aad240966e33389850e4328de4cfb5282977eddda56bffc7f95f",
"tags": null,
"layerNumber": 3,
"isBaseLayer": null,
"isEmptyLayer": false,
"vulnStats": {
"severity5Count": 3,
"severity3Count": 36,
"severity4Count": 4,
"severity1Count": 0,
"severity2Count": 0
}
}
],
"architecture": "amd64",
"imageId": "660f41442a27",
"lastScanned": "1738834821529",
"registryUuid": null,
"source": [
"GENERAL"
],
"users": null,
"lastFoundOnHost": {
"sensorUuid": "97001e9e-eed9-442e-9cfd-a8c3beba86b9",
"hostname": "ip-10-82-8-107",
"ipAddress": "10.82.8.107",
"uuid": "45ab0968-1e7b-4848-9143-a804319a8dd6",
"lastUpdated": "2025-02-04T09:38:03.502Z"
},
"lastUsedDate": "1738920639385",
"isDockerHubOfficial": null,
"scanType": null,
"scanTypes": [
"DYNAMIC",
"SCA"
],
"softwares": [
{
"name": "libmpc3:amd64",
"version": "1.0.2-1",
"fixVersion": null,
"scanType": "DYNAMIC",
"packagePath": null,
"layerSha": "0a5e2b2ddeaa749d95730bad9be3e3a472ff6f80544da0082a99ba569df34ff3"
},
{
"name": "libmysqlclient-dev",
"version": "5.5.53-0+deb8u1",
"fixVersion": "5.5.62-0+deb8u1",
"scanType": "DYNAMIC",
"packagePath": null,
"layerSha": "0a5e2b2ddeaa749d95730bad9be3e3a472ff6f80544da0082a99ba569df34ff3"
}
],
"vulnerabilities": [
{
"qid": 993654,
"result": null,
"software": [
{
"name": "nokogiri",
"version": "1.7.0.1",
"fixVersion": "1.11.4",
"scanType": "SCA",
"packagePath": "usr/local/bundle/specifications/nokogiri-1.7.0.1.gemspec"
}
],
"lastFound": "1738834821117",
"firstFound": "1738662268221",
"typeDetected": "CONFIRMED",
"scanType": [
"SCA"
],
"layerSha": [
"10b40b389ca133b000fb94c19b1cc82a307eacc808b77aa4cf8349389e89eb7d"
]
},
{
"qid": 176339,
"result": null,
"software": [
{
"name": "openssl",
"version": "1.0.1t-1+deb8u5",
"fixVersion": "1.0.1t-1+deb8u8",
"scanType": "DYNAMIC",
"packagePath": null
},
{
"name": "libssl1.0.0:amd64",
"version": "1.0.1t-1+deb8u5",
"fixVersion": "1.0.1t-1+deb8u8",
"scanType": "DYNAMIC",
"packagePath": null
},
{
"name": "libssl-dev:amd64",
"version": "1.0.1t-1+deb8u5",
"fixVersion": "1.0.1t-1+deb8u8",
"scanType": "DYNAMIC",
"packagePath": null
}
],
"lastFound": "1738834821006",
"firstFound": "1738662268141",
"typeDetected": "CONFIRMED",
"scanType": [
"DYNAMIC"
],
"layerSha": [
"0a5e2b2ddeaa749d95730bad9be3e3a472ff6f80544da0082a99ba569df34ff3",
"60a0858edcd5aad240966e33389850e4328de4cfb5282977eddda56bffc7f95f"
]
},
{
"qid": 992845,
"result": null,
"software": [
{
"name": "nokogiri",
"version": "1.7.0.1",
"fixVersion": "1.14.3",
"scanType": "SCA",
"packagePath": "usr/local/bundle/specifications/nokogiri-1.7.0.1.gemspec"
}
],
"lastFound": "1738834821235",
"firstFound": "1738662268299",
"typeDetected": "CONFIRMED",
"scanType": [
"SCA"
],
"layerSha": [
"10b40b389ca133b000fb94c19b1cc82a307eacc808b77aa4cf8349389e89eb7d"
]
}
"malware": null,
"secrets": null,
"lastMalwareScanned": null,
"riskScore": 242,
"riskScoreCalculatedDate": "1738834821447",
"maxQdsScore": 95,
"qdsSeverity": "CRITICAL",
"criticality": null,
"criticalityUpdated": null
}
],
"limit": 1
}
Updated API: Fetch a List of Software Installed in an Image
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/images/{imageSha}/software |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch a List of Software Installed on an ImageSample: Fetch a List of Software Installed on an Image
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/images/{imageSha}/software \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
API Response
{
"data": [
{
"name": "org.apache.pulsar:pulsar-presto-connector-original",
"version": "2.4.0",
"scanType": "SCA",
"packagePath": "root/random/lib/presto/plugin/pulsar-presto-connector/pulsar-presto-connector-original-2.4.0.jar",
"fixVersion": null,
"vulnerabilities": {
"severity5Count": null,
"severity4Count": null,
"severity3Count": null,
"severity2Count": null,
"severity1Count": null
},
"layerSha": "a89a93d2f3594bb3aaaaa42f4baed95aa1e69c17b679ae69892ff391daaa62b0"
},
{
"name": "com.sun.istack:istack-commons-runtime",
"version": "2.13",
"scanType": "SCA",
"packagePath": "root/random/lib/presto/plugin/pulsar-presto-connector/jaxb-impl-2.2.6.jar",
"fixVersion": null,
"vulnerabilities": {
"severity5Count": null,
"severity4Count": null,
"severity3Count": null,
"severity2Count": null,
"severity1Count": null
},
"layerSha": "a89a93d2f3594bb3aaaaa42f4baed95aa1e69c17b679ae69892ff391daaa62b0"
},
{
"name": "com.yahoo.datasketches:sketches-core",
"version": "0.8.3",
"scanType": "SCA",
"packagePath": "root/random/lib/presto/plugin/pulsar-presto-connector/sketches-core-0.8.3.jar",
"fixVersion": null,
"vulnerabilities": {
"severity5Count": null,
"severity4Count": null,
"severity3Count": null,
"severity2Count": null,
"severity1Count": null
},
"layerSha": "a89a93d2f3594bb3aaaaa42f4baed95aa1e69c17b679ae69892ff391daaa62b0"
}
{
"name": "com.google.code.findbugs:jsr305",
"version": "3.0.2",
"scanType": "SCA",
"packagePath": "root/spring/sonar-security-java-frontend-plugin-8.7.0.7826.jar/META-INF/lib/sonar-analyzer-commons-1.11.0.541.jar",
"fixVersion": null,
"vulnerabilities": {
"severity5Count": null,
"severity4Count": null,
"severity3Count": null,
"severity2Count": null,
"severity1Count": null
},
"layerSha": "36499e9e1e5c20dc6f21a324b7e8ea53f56abb6a8c9b8103e39d2dcf33522e2d"
}
.
.
.
.
.
],
"count": 30,
"softwareCountBySeverity": {
"severity5Count": 37,
"severity3Count": 74,
"severity4Count": 76,
"severity1Count": 0,
"severity2Count": 16
},
"driftSoftwareCountBySeverity": null,
"driftSoftwareCountByDriftReason": null
}
Support RedHat Vulnerability Scanner certification Images and Containers
Container Security now supports RedHat Vulnerability Scanner certification.
- Fetch Image Details -
GET /csapi/v1.3/images/{imageSha} - Fetch Vulnerability Details for an Image -
GET /csapi/v1.3/images/{imageSha}/vuln - Fetch Container Details -
GET /csapi/v1.3/containers/{containerSha} - Fetch Vulnerability Details for a Container -
GET /csapi/v1.3/containers/{containerSha}/vuln
Updated API: Fetch Images Details
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/images/{imageSha} |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch Image DetailsSample: Fetch Image Details
API Request
curl -X 'GET'
'<qualys_base_url>/csapi/v1.3/images/c64844065dcbc3d0a90c365c1f56421766a5cebf05f7ecbd3377af410fff09fd&scanDetails=malware_secrets' \
-H 'accept: application/json' \
-H Authorization: Bearer <Token> \
-H 'Content-Type: application/json'
API Response
{
"created": "1691122417000",
"updated": "1736222365139",
"lastUsedDate": null,
"author": "",
"repo": [
{
"registry": "registry.redhat.io",
"tag": "v4.13.0-202308040326.p0.g67543a2.assembly.stream",
"repository": "openshift4/ose-console"
}
],
"repoDigests": [
{
"registry": "registry.redhat.io",
"digest": "91b6b81723553c4f56911e6eb1db5005a06ee43bc2cecbf1e1bbee24f72c8c81",
"repository": "openshift4/ose-console"
}
],
"label": [
{
"key": "com.redhat.build-host",
"value": "cpt-1001.osbs.prod.upshift.rdu2.redhat.com"
},
{
"key": "io.openshift.maintainer.component",
"value": "Management Console"
}
],
"uuid": "fe336e7f-a705-3c4a-93d1-19e6d8f23c90",
"sha": "65a361b8cd0fbf15bd68002e55ac5d5b9d2dded497aaf85d82ff1cf638129ff0",
"operatingSystem": "Red Hat Enterprise Linux 8.6",
"customerUuid": "af400d1d-8f6d-feb1-829b-2dea4c6cc6c9",
"dockerVersion": "",
"size": 509588699,
"layers": [
{
"size": null,
"createdBy": "",
"created": "1662485485000",
"comment": null,
"id": "e2e51ecd22dc",
"sha": "e2e51ecd22dcbc318fb317f20dff685c6d54755d60a80b12ed290658864d45fd",
"tags": null,
"layerNumber": 1,
"isBaseLayer": null,
"isEmptyLayer": false
},
{
"size": null,
"createdBy": "",
"created": "1662485497000",
"comment": null,
"id": "d3fbfed1573d",
"sha": "d3fbfed1573def1cd078186e307411a8929138baf65bdd0a02bcbdb451707f67",
"tags": null,
"layerNumber": 2,
"isBaseLayer": null,
"isEmptyLayer": false
}
],
"host": [
{
"sensorUuid": "e58d93d6-27b7-459e-99d6-551b323ded4f",
"hostname": "ip-10-82-10-182",
"ipAddress": "10.82.10.182",
"uuid": "c3441874-5ca6-4002-9950-03a9e2e71879",
"lastUpdated": "2025-01-03T06:15:50.596Z"
}
],
"hostArchitecture": [
"x86_64"
],
"architecture": "amd64",
"imageId": "65a361b8cd0f",
"lastScanned": "1736222365139",
"registryUuid": null,
"source": [
"CICD"
],
"totalVulCount": "84",
"users": [
"root"
],
"isDockerHubOfficial": null,
"scanType": null,
"scanTypes": [
"DYNAMIC",
"SCA"
],
"scanErrorCode": null,
"scanStatus": "SUCCESS",
"lastFoundOnHost": {
"sensorUuid": "e58d93d6-27b7-459e-99d6-551b323ded4f",
"hostname": "ip-10-82-10-182",
"ipAddress": "10.82.10.182",
"uuid": "c3441874-5ca6-4002-9950-03a9e2e71879",
"lastUpdated": "2025-01-03T06:15:50.596Z"
},
"lastScannedBySensor": "e58d93d6-27b7-459e-99d6-551b323ded4f",
"scanErrorMessage": null,
"malware": null,
"lastMalwareScanned": null,
"exceptions": null,
"secrets": null,
"lastSecretScanned": null,
"riskScore": 240,
"riskScoreCalculatedDate": "1736222365030",
"formulaUsed": "MIN (1000 , 2 * ( 1.0 * 65.00 * Pow(1,0.01) + 0.6 * 50.88 * Pow(17,0.01) + 0.4 * 40.15 * Pow(55,0.01) + 0.2 * 36.17 * Pow(6,0.01) ))",
"maxQdsScore": 95,
"qdsSeverity": "CRITICAL",
"criticality": null,
"criticalityUpdated": null,
"baseImage": null,
"childImagesCount": 0,
"sbomLayerProcessingTimestamp": "1735885333068",
"baseImageProcessingTimestamp": null,
"softwares": [
{
"name": "cracklib-dicts",
"version": "2.9.6-15.el8",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "socat",
"version": "1.7.4.1-1.el8",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": [
{
"vulnerability": null,
"result": "#table cols=\"3\"\nPackage Installed_Version Required_Version\npython3-libxml2 2.9.7-13.el8__6.1.x86__64 2.9.7-13.el8__6.2\nlibxml2 2.9.7-13.el8__6.1.x86__64 2.9.7-13.el8__6.2",
"lastFound": "1736222364998",
"firstFound": "1735885333218",
"severity": 3,
"customerSeverity": 3,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 30,
"category": "RedHat",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"VM",
"CA-Linux Agent",
"CS-Linux"
],
"product": [
"libxml2"
],
"vendor": [
"redhat"
],
"cveids": [
"CVE-2016-3709"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": true,
"highLateralMovement": true,
"easyExploit": null,
"highDataLoss": null,
"noPatch": null,
"denialOfService": null,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null
},
"qid": 241966,
"title": "Red Hat Update for libxml2 (RHSA-2023:4767)",
"cvssInfo": {
"baseScore": "5.4",
"temporalScore": "4.3",
"accessVector": "Adjacent Network"
},
"cvss3Info": {
"baseScore": "6.1",
"temporalScore": "5.5"
},
"patchAvailable": true,
"published": 1693313438000,
"scanType": [
"DYNAMIC"
],
"qdsScore": 36,
"vendorData": {
"rhsa": {
"id": "RHSA-2023:4767",
"severity": "moderate",
"cve": [
{
"id": "CVE-2016-3709",
"severity": "moderate",
"cvss2": {
"baseScore": null
},
"cvss3": {
"baseScore": 6.1
}
}
]
}
},
"software": [
{
"name": "libxml2",
"version": "2.9.7-13.el8_6.1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": "2.9.7-13.el8__6.2",
"vulnerabilities": null
},
{
"name": "python3-libxml2",
"version": "2.9.7-13.el8_6.1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": "2.9.7-13.el8__6.2",
"vulnerabilities": null
}
]
}
],
"lastComplianceScanned": null
}
Updated API: Fetch Vulnerability Details for an Image
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/images/{imageSha}/vuln |
| Method | GET |
| DTD XSD Changes | No |
Input ParametersInput Parameters
With this release, the following input parameter is introduced.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| type | Optional | string | Use this to choose the data to be sent to Qualys Enterprise TruRisk™ Platform (ETP). Valid Values:
|
| applyException | Optional | integer | Use this to enable or disable exceptions. Valid values: true/false Default value: true |
Sample: Fetch Vulnerability Details of an Image Sample: Fetch Vulnerability Details of an Image
API Request
curl -X 'GET' '<qualys_base_url>/csapi/v1.3/images/76c8fb57b6fc8599de38027112c47170bd19f99e7945392bd78d6816db01f4ad/vuln?type=ALL&sort=vulnerabilities.qid%3Aasc&applyException=false' \ -H 'accept: application/json' \ -H Authorization: Bearer <Token>
API Response
In the response given below, the 'category' and 'vendor' parameters have a new value called 'RedHat' and 'redhat' respectively. It indicates ??.
{
"details": [
{
"vulnerability": null,
"result": "#table cols=\"5\"\nPackage Installed_Version Required_Version Language Install_Path\ngithub.com/devfile/registry-support/registry-library v0.0.0-20220913214140-36887a7907aa 0.0.0-20240206 Go opt/bridge/bin/bridge",
"lastFound": "1736222365021",
"firstFound": "1735885333904",
"severity": 3,
"customerSeverity": 3,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 30,
"category": "SCA",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"CA-Windows Agent",
"CA-Linux Agent",
"SCA",
"CS-Windows",
"CS-Linux"
],
"product": [
"go"
],
"vendor": [
"go"
],
"cveids": [
"CVE-2024-1485"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": null,
"highLateralMovement": true,
"easyExploit": null,
"highDataLoss": null,
"noPatch": null,
"denialOfService": null,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null
},
"qid": 997393,
"title": "GO (Go) Security Update for github.com/devfile/registry-support/registry-library (GHSA-84xv-jfrm-h4gm)",
"cvssInfo": {
"baseScore": "5.4",
"temporalScore": "4.0",
"accessVector": "Adjacent Network"
},
"cvss3Info": {
"baseScore": "9.3",
"temporalScore": "8.1"
},
"patchAvailable": true,
"published": 1708607013000,
"scanType": [
"SCA"
],
"qdsScore": 65,
"vendorData": {
"rhsa": {
"id": null,
"severity": null,
"cve": [
{
"id": "CVE-2024-1485",
"severity": "important",
"cvss2": {
"baseScore": null
},
"cvss3": {
"baseScore": 8
}
}
]
}
},
"software": [
{
"name": "github.com/devfile/registry-support/registry-library",
"version": "v0.0.0-20220913214140-36887a7907aa",
"scanType": "SCA",
"packagePath": "opt/bridge/bin/bridge",
"fixVersion": "0.0.0-20240206",
"vulnerabilities": null
}
]
},
{
"vulnerability": null,
"result": "#table cols=\"3\"\nPackage Installed_Version Required_Version\nplatform-python 3.6.8-47.el8__6.1.x86__64 3.6.8-47.el8__6.4\npython3-libs 3.6.8-47.el8__6.1.x86__64 3.6.8-47.el8__6.4",
"lastFound": "1736222365006",
"firstFound": "1735885333396",
"severity": 3,
"customerSeverity": 3,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 30,
"category": "RedHat",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"VM",
"CA-Linux Agent",
"CS-Linux"
],
"product": [
"python3"
],
"vendor": [
"redhat"
],
"cveids": [
"CVE-2023-27043",
"CVE-2007-4559",
"CVE-2020-10735",
"CVE-2022-45061",
"CVE-2022-48560",
"CVE-2022-48564"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": true,
"highLateralMovement": null,
"easyExploit": null,
"highDataLoss": null,
"noPatch": null,
"denialOfService": null,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null
},
"qid": 242742,
"title": "Red Hat Update for python3 (RHSA-2024:0430)",
"cvssInfo": {
"baseScore": "6.8",
"temporalScore": "5.3",
"accessVector": "Network"
},
"cvss3Info": {
"baseScore": "7.5",
"temporalScore": "6.7"
},
"patchAvailable": true,
"published": 1706188614000,
"scanType": [
"DYNAMIC"
],
"qdsScore": 42,
"vendorData": {
"rhsa": {
"id": "RHSA-2024:0430",
"severity": "moderate",
"cve": [
{
"id": "CVE-2007-4559",
"severity": "moderate",
"cvss2": {
"baseScore": null
},
"cvss3": {
"baseScore": 5.5
}
},
{
"id": "CVE-2020-10735",
"severity": "moderate",
"cvss2": {
"baseScore": null
},
"cvss3": {
"baseScore": 7.5
}
},
{
"id": "CVE-2022-45061",
"severity": "moderate",
"cvss2": {
"baseScore": null
},
"cvss3": {
"baseScore": 7.5
}
},
{
"id": "CVE-2022-48560",
"severity": "moderate",
"cvss2": {
"baseScore": null
},
"cvss3": {
"baseScore": 7.5
}
},
{
"id": "CVE-2022-48564",
"severity": "moderate",
"cvss2": {
"baseScore": null
},
"cvss3": {
"baseScore": 6.5
}
},
{
"id": "CVE-2023-27043",
"severity": "moderate",
"cvss2": {
"baseScore": null
},
"cvss3": {
"baseScore": 5.3
}
}
]
}
},
"software": [
{
"name": "platform-python",
"version": "3.6.8-47.el8_6.1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": "3.6.8-47.el8__6.4",
"vulnerabilities": null
},
{
"name": "python3-libs",
"version": "3.6.8-47.el8_6.1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": "3.6.8-47.el8__6.4",
"vulnerabilities": null
}
]
},
],
"vulnSummary": {
"confirmed": {
"sev1Count": 0,
"sev5Count": 1,
"sev2Count": 7,
"sev4Count": 17,
"sev3Count": 59
},
"potential": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 0,
"sev3Count": 0
},
"patchAvailability": {
"confirmed": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 7,
"sev4Count": 17,
"sev3Count": 58
},
"potential": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 0,
"sev3Count": 0
}
}
}
}
Updated API: Fetch Container Details
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/containers/{containerSha} |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch Containers DetailsSample: Fetch Containers Details
API Request
curl -X "GET"
"<qualys_base_url>/csapi/v1.3/containers/647ae732d98e1bcceb7b02356bd7e873eef13c5916c3a1e9d95700ab893cc09f"
-H "accept: application/json"
-H "Authorization: Bearer <token>"
API Response
{
"portMapping": null,
"imageId": "a6c0cb5dbd21",
"created": "1683279176000",
"updated": "1683622183866",
"label": [
{
"key": "io.kubernetes.container.name",
"value": "kube-flannel"
},
{
"key": "annotation.io.kubernetes.container.terminationMessagePath",
"value": "/dev/termination-log"
},
{
"key": "annotation.io.kubernetes.container.hash",
"value": "8f3412d9"
},
{
"key": "io.kubernetes.pod.namespace",
"value": "kube-flannel"
},
{
"key": "annotation.io.kubernetes.pod.terminationGracePeriod",
"value": "30"
},
{
"key": "io.kubernetes.container.logpath",
"value": "/var/log/pods/kube-flannel_kube-flannel-ds-mpmq6_5a737762-77c2-4763-9c1c-84c15a2684f0/kube-flannel/0.log"
},
{
"key": "io.kubernetes.sandbox.id",
"value": "48a021247b1d3bf3a2d269c2ff71604f54f4e827ca47584844870ed5591950c4"
},
{
"key": "annotation.io.kubernetes.container.restartCount",
"value": "0"
},
{
"key": "annotation.io.kubernetes.container.terminationMessagePolicy",
"value": "File"
},
{
"key": "io.kubernetes.pod.name",
"value": "kube-flannel-ds-mpmq6"
},
{
"key": "io.kubernetes.docker.type",
"value": "container"
},
{
"key": "io.kubernetes.pod.uid",
"value": "5a737762-77c2-4763-9c1c-84c15a2684f0"
}
],
"uuid": "a90b7cb5-c704-3343-b538-74c7807807a2",
"sha": "647ae732d98e1bcceb7b02356bd7e873eef13c5916c3a1e9d95700ab893cc09f",
"privileged": false,
"path": "/opt/bin/flanneld",
"imageSha": "a6c0cb5dbd21197123942b3469a881f936fd7735f2dc9a22763b6f777f24345e",
"macAddress": "",
"customerUuid": "6a849349-679f-ef25-8296-e51d4e3a0019",
"ipv4": null,
"ipv6": null,
"name": "k8s_kube-flannel_kube-flannel-ds-mpmq6_kube-flannel_5a737762-77c2-4763-9c1c-84c15a2684f0_0",
"host": {
"sensorUuid": "dae76860-22f7-4ef1-9a67-aef07944d92c",
"hostname": "ip-10-82-9-150",
"ipAddress": "10.82.9.150",
"uuid": "86e028bd-f283-4468-a099-953a6a033728",
"lastUpdated": "2023-05-09T08:47:15.854Z"
},
"hostArchitecture": [
"x86_64"
],
"state": "RUNNING",
"imageUuid": "9baf9f85-f3bf-3259-b8d5-3cd51967d34a",
"containerId": "647ae732d98e",
"stateChanged": "1683528203674",
"services": null,
"users": [
"root"
],
"operatingSystem": "Alpine Linux 3.17.3",
"lastScanned": "1683575890303",
"source": "GENERAL",
"isInstrumented": null,
"environment": [
"KUBERNETES_PORT_443_TCP_PROTO=tcp",
"KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1",
"KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443",
"KUBERNETES_PORT=tcp://10.96.0.1:443",
"KUBERNETES_SERVICE_PORT_HTTPS=443",
"POD_NAME=kube-flannel-ds-mpmq6",
"POD_NAMESPACE=kube-flannel",
"KUBERNETES_SERVICE_HOST=10.96.0.1",
"FLANNEL_ARCH=amd64",
"KUBERNETES_PORT_443_TCP_PORT=443",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"EVENT_QUEUE_DEPTH=5000",
"KUBERNETES_SERVICE_PORT=443"
],
"arguments": [
"--kube-subnet-mgr",
"--ip-masq"
],
"command": "--ip-masq --kube-subnet-mgr",
"drift": {
"category": [],
"reason": [],
"software": [],
"vulnerability": []
},
"vulnerabilities": [
{
"vulnerability": null,
"result": "#table cols=\"3\"\nPackage Installed_Version Required_Version\ngnupg 1.4.18-7+deb8u3 1.4.18-7+deb8u4\ngpgv 1.4.18-7+deb8u3 1.4.18-7+deb8u4",
"lastFound": "1736836112738",
"firstFound": "1736836112738",
"severity": 3,
"customerSeverity": 3,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 30,
"category": "Debian",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"VM",
"CA-Linux Agent",
"CS-Linux"
],
"product": [
"debian_linux"
],
"vendor": [
"debian"
],
"cveids": [
"CVE-2017-7526"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": null,
"highLateralMovement": null,
"easyExploit": null,
"highDataLoss": null,
"noPatch": null,
"denialOfService": null,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null
},
"qid": 176139,
"title": "Debian Security Update for gnupg (DSA 3960-1)",
"cvssInfo": {
"baseScore": "4.3",
"temporalScore": "3.2",
"accessVector": "Network"
},
"cvss3Info": {
"baseScore": "6.8",
"temporalScore": "5.9"
},
"patchAvailable": true,
"published": 1505381043000,
"scanType": [
"DYNAMIC"
],
"qdsScore": 30,
"vendorData": {
"rhsa": {
"id": null,
"severity": null,
"cve": [
{
"id": "CVE-2017-7526",
"severity": "moderate",
"cvss2": {
"baseScore": null
},
"cvss3": {
"baseScore": 6.1
}
}
]
}
},
"software": [
{
"name": "gnupg",
"version": "1.4.18-7+deb8u3",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": "1.4.18-7+deb8u4",
"vulnerabilities": null
},
{
"name": "gpgv",
"version": "1.4.18-7+deb8u3",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": "1.4.18-7+deb8u4",
"vulnerabilities": null
}
]
}
],
"softwares": [
{
"name": "nghttp2-libs",
"version": "1.51.0-r0",
"scanType": null,
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "readline",
"version": "8.2.0-r0",
"scanType": null,
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libcap2",
"version": "2.66-r0",
"scanType": null,
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "ca-certificates",
"version": "20220614-r4",
"scanType": null,
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "iproute2-minimal",
"version": "6.0.0-r1",
"scanType": null,
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "musl-fts",
"version": "1.2.7-r3",
"scanType": null,
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "brotli-libs",
"version": "1.0.9-r9",
"scanType": null,
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libssl3",
"version": "3.0.8-r4",
"scanType": null,
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "apk-tools",
"version": "2.12.10-r1",
"scanType": null,
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
}
],
"isDrift": false,
"isRoot": true,
"lastComplianceScanned": "1683622183866",
"cluster": {
"type": "KUBERNETES",
"k8s": {
"project": null,
"pod": {
"name": "kube-flannel-ds-mpmq6",
"uuid": "5a737762-77c2-4763-9c1c-84c15a2684f0",
"namespace": "kube-flannel",
"namespaceMetadata": {
"labels": [
"label127:value127",
"label117:value117",
"label104:value104",
"label24:value24",
"label170:value170",
"label125:value125",
"label35:value35",
"kubernetes.io/metadata.name:kube-flannel",
"label165:value165",
"label155:value155",
"label228:value228",
"label145:value145",
"label218:value218",
"label58:value58",
"label184:value184",
"label136:value136",
"label247:value247",
"pod-security.kubernetes.io/enforce:privileged",
"label164:value164",
"label110:value110",
"label221:value221",
"label116:value116",
"label227:value227"
],
"annotations": [
"kubectl.kubernetes.io/last-applied-configuration:{\"apiVersion\":\"v1\",\"kind\":\"Namespace\",\"metadata\":{\"annotations\":{},\"labels\":{\"k8s-app\":\"flannel\",\"pod-security.kubernetes.io/enforce\":\"privileged\"},\"name\":\"kube-flannel\"}}\n"
]
},
"label": [
{
"key": "tier",
"value": "node"
},
{
"key": "controller-revision-hash",
"value": "5f95689cf6"
},
{
"key": "app",
"value": "flannel"
},
{
"key": "pod-template-generation",
"value": "1"
}
],
"controller": [
{
"uuid": "3224eb6a-9040-4450-bfcf-6c969702bf79",
"name": "kube-flannel-ds",
"type": "DaemonSet"
}
]
},
"node": {
"name": "ip-10-82-9-150",
"isMaster": false
}
},
"version": "v1.26.3"
},
"cloudProvider": {
"aws.ecs.container.subnetId": null,
"aws.ec2.instanceId": "i-0ab8d3318979f529c",
"aws.ecs.clusterName": null,
"aws.ecs.container.macAddress": null,
"aws.ecs.region.code": null,
"aws.ecs.container.id": null,
"aws.ecs.accountId": null
}
"exceptions": [
{
"uuid": "624efd86-6172-4851-beb1-75cb9b1634fb",
"assignmentType": "CASCADE"
},
{
"uuid": "c0b4ec8d-a186-4f2c-9a6d-3adc3dfb3cff",
"assignmentType": "CASCADE"
},
{
"uuid": "d7b11c61-dcf2-4cf5-b369-8877f1b619c6",
"assignmentType": "MANUAL"
}
]
}
Updated API: Fetch Vulnerability Details of a Container
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/containers/{containerSha}/vuln |
| Method | GET |
| DTD XSD Changes | No |
Input ParametersInput Parameters
With this release, the following input parameter is introduced.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| applyException | Optional | integer | Use this to enable or disable exceptions. Valid values: true/false Default value: true |
Sample: Fetch Vulnerability Details of a Container Sample: Fetch Vulnerability Details of a Container
API Request
curl -X GET
"<qualys_base_url>/csapi/v1.3/containers/4cd72d247f99b38fa4235111431b60d6b36feaa886fda222d97c511938bd55b1/vuln?type=ALL&isDrift=false"
-H "accept: application/json"
-H "Authorization: Bearer <token>"
API Response
In the response given below, the 'rhsa' component is newly added. It indicates details related to 'Red Hat Security Advisory'.
{
"details": {
"vulns": [
{
"vulnerability": null,
"result": "#table cols=\"3\"\nPackage Installed_Version Required_Version\nperl 5.18.2-2ubuntu1.1 5.18.2-2ubuntu1.6",
"lastFound": "1666956928761",
"firstFound": "1666956928761",
"severity": 3,
"customerSeverity": 3,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 30,
"category": "Ubuntu",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"VM",
"CA-Linux Agent"
],
"product": [
"None"
],
"vendor": [
"ubuntu"
],
"cveids": [
"CVE-2018-12015"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": null,
"highLateralMovement": null,
"easyExploit": true,
"highDataLoss": null,
"noPatch": null,
"denialOfService": null,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null
},
"qid": 197172,
"title": "Ubuntu Security Notification for Perl Vulnerability (USN-3684-1)",
"cvssInfo": {
"baseScore": "6.4",
"temporalScore": "4.7",
"accessVector": "Network"
},
"cvss3Info": {
"baseScore": "7.5",
"temporalScore": "6.5"
},
"patchAvailable": true,
"published": 1528968142000,
"scanType": null,
"software": [
{
"name": "perl",
"version": "5.18.2-2ubuntu1.1",
"scanType": null,
"packagePath": null,
"fixVersion": "5.18.2-2ubuntu1.6",
"vulnerabilities": null
}
]
},
{
"vulnerability": null,
"result": "#table cols=\"3\"\nPackage Installed_Version Required_Version\nlibc6 2.19-0ubuntu6.7 2.19-0ubuntu6.13",
"lastFound": "1666956928761",
"firstFound": "1666956928761",
"severity": 4,
"customerSeverity": 4,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 40,
"category": "Ubuntu",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"VM",
"CA-Linux Agent"
],
"product": [
"None"
],
"vendor": [
"ubuntu"
],
"cveids": [
"CVE-2017-1000366"
],
"threatIntel": {
"activeAttacks": true,
"zeroDay": null,
"publicExploit": true,
"highLateralMovement": true,
"easyExploit": true,
"highDataLoss": true,
"noPatch": null,
"denialOfService": true,
"malware": true,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null
},
"qid": 196813,
"title": "Ubuntu Security Notification for Eglibc, Glibc Vulnerability (USN-3323-1) (Stack Clash)",
"cvssInfo": {
"baseScore": "7.2",
"temporalScore": "6.0",
"accessVector": "Local"
},
"cvss3Info": {
"baseScore": "7.8",
"temporalScore": "7.2"
},
"patchAvailable": true,
"published": 1497885555000,
"scanType": null,
"software": [
{
"name": "libc6:amd64",
"version": "2.19-0ubuntu6.7",
"scanType": null,
"packagePath": null,
"fixVersion": "2.19-0ubuntu6.13",
"vulnerabilities": null
}
]
},
{
"vulnerability": null,
"result": "#table cols=\"3\"\nPackage Installed_Version Required_Version\napt 1.0.9.8.4 1.0.9.8.5\nlibapt-pkg4.12 1.0.9.8.4 1.0.9.8.5",
"lastFound": "1736836113637",
"firstFound": "1736836113637",
"severity": 5,
"customerSeverity": 5,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 50,
"category": "Debian",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"VM",
"CA-Linux Agent",
"CS-Linux"
],
"product": [
"debian_linux",
"advanced_package_tool"
],
"vendor": [
"debian",
"debian"
],
"cveids": [
"CVE-2019-3462"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": null,
"highLateralMovement": true,
"easyExploit": null,
"highDataLoss": true,
"noPatch": null,
"denialOfService": true,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null
},
"qid": 177380,
"title": "Debian Security Update for apt (DLA 1637-1)",
"cvssInfo": {
"baseScore": "9.3",
"temporalScore": "6.9",
"accessVector": "Network"
},
"cvss3Info": {
"baseScore": "8.1",
"temporalScore": "7.1"
},
"patchAvailable": true,
"published": 1571137810000,
"scanType": [
"DYNAMIC"
],
"qdsScore": 65,
"vendorData": {
"rhsa": {
"id": null,
"severity": null,
"cve": [
{
"id": "CVE-2019-3462",
"severity": null,
"cvss2": {
"baseScore": null
},
"cvss3": {
"baseScore": null
}
}
]
}
},
"software": [
{
"name": "libapt-pkg4.12:amd64",
"version": "1.0.9.8.4",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": "1.0.9.8.5",
"vulnerabilities": null
},
{
"name": "apt",
"version": "1.0.9.8.4",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": "1.0.9.8.5",
"vulnerabilities": null
}
]
}
]
"driftVulns": null
},
"vulnSummary": {
"confirmed": {
"sev1Count": 0,
"sev5Count": 1,
"sev2Count": 0,
"sev4Count": 3,
"sev3Count": 53
},
"potential": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 0,
"sev3Count": 0
},
"patchAvailability": {
"confirmed": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 3,
"sev3Count": 53
},
"potential": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 0,
"sev3Count": 0
}
}
}
}
Ability to Enable or Disable Vulnerability Exception
As you can exclude vulnerabilities associated with an image or container, with this release, CS has introduced 'applyException' optional parameter in vulnerability details APIs to enable or disable the exceptions. You will also see a new column 'is qid exempted' in Image and container reports. The following APIs are updated to support this feature.
- Fetch Image Details -
GET /csapi/v1.3/images/{imageSha} - Fetch Vulnerability Details for an Image -
GET /csapi/v1.3/images/{imageSha}/vuln - Fetch Container Details -
GET /csapi/v1.3/containers/{containerSha} - Fetch Vulnerability Details for a Container -
GET /csapi/v1.3/containers/{containerSha}/vuln - Create a Report Request -
POST /csapi/v1.3/reports - Create a Report Schedule
POST -/csapi/v1.3/reports/schedule - Update an Active Report Schedule -
PUT /csapi/v1.3/reports/schedule/{reportingScheduleID} - Fetch a List of Reports -
GET /csapi/v1.3/reports/schedule
Updated API: Fetch Images Details
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/images/{imageSha} |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch Image DetailsSample: Fetch Image Details
API Request
curl -X 'GET'
'<qualys_base_url>/csapi/v1.3/images/b1e9cef3f2977f8bdd19eb9ae04f83b315f80fe4f5c5651fedf41482c12432f7' \
-H 'accept: application/json' \
-H Authorization: Bearer <Token> \
-H 'Content-Type: application/json'
API Response
In the response given below, the 'isExempted' parameter is newly introduced to each vulnerability object. It indicates whether a vulnerability is exempted (True) or not (False).
{
"created": "1724774103000",
"updated": "1726752573842",
"lastUsedDate": null,
"author": "",
"repo": [
{
"registry": "docker.io",
"tag": "latest",
"repository": "ubuntu"
}
],
"repoDigests": [
{
"registry": "docker.io",
"digest": "dfc10878be8d8fc9c61cbff33166cb1d1fe44391539243703c72766894fa834a",
"repository": "ubuntu"
}
],
"label": [
{
"key": "org.opencontainers.image.ref.name",
"value": "ubuntu"
},
{
"key": "org.opencontainers.image.version",
"value": "24.04"
}
],
"uuid": "9bf49ce8-9abd-3a5b-a0f9-9206e6f01ec3",
"sha": "b1e9cef3f2977f8bdd19eb9ae04f83b315f80fe4f5c5651fedf41482c12432f7",
"operatingSystem": "Ubuntu Linux 24.04.1",
"customerUuid": "b9d2369c-aff8-6004-83f9-a334bb66dae6",
"dockerVersion": "24.0.7",
"size": 78108401,
"layers": [
{
"size": "0",
"createdBy": "CMD [\"/bin/bash\"]",
"created": "1724774103000",
"comment": "",
"id": "b1e9cef3f297",
"sha": "b1e9cef3f2977f8bdd19eb9ae04f83b315f80fe4f5c5651fedf41482c12432f7",
"tags": [
"ubuntu:latest"
],
"layerNumber": null,
"isBaseLayer": null,
"isEmptyLayer": null,
"vulnStats": null
},
{
"size": "78108401",
"createdBy": "ADD file:aaeb92d3288093ff43a69d19f9133475372ca003b6de902066a2d4641eec2456 in / ",
"created": "1724774103000",
"comment": "",
"id": null,
"sha": null,
"tags": null,
"layerNumber": null,
"isBaseLayer": null,
"isEmptyLayer": null,
"vulnStats": null
},
{
"size": "0",
"createdBy": "LABEL org.opencontainers.image.version=24.04",
"created": "1724774101000",
"comment": "",
"id": null,
"sha": null,
"tags": null,
"layerNumber": null,
"isBaseLayer": null,
"isEmptyLayer": null,
"vulnStats": null
},
{
"size": "0",
"createdBy": "LABEL org.opencontainers.image.ref.name=ubuntu",
"created": "1724774101000",
"comment": "",
"id": null,
"sha": null,
"tags": null,
"layerNumber": null,
"isBaseLayer": null,
"isEmptyLayer": null,
"vulnStats": null
},
{
"size": "0",
"createdBy": "ARG LAUNCHPAD_BUILD_ARCH",
"created": "1724774101000",
"comment": "",
"id": null,
"sha": null,
"tags": null,
"layerNumber": null,
"isBaseLayer": null,
"isEmptyLayer": null,
"vulnStats": null
},
{
"size": "0",
"createdBy": "ARG RELEASE",
"created": "1724774101000",
"comment": "",
"id": null,
"sha": null,
"tags": null,
"layerNumber": null,
"isBaseLayer": null,
"isEmptyLayer": null,
"vulnStats": null
}
],
"host": [
{
"sensorUuid": "0c601a7f-ec19-42cd-9662-38770be0898b",
"hostname": "ip-10-82-10-128",
"ipAddress": "10.82.10.128",
"uuid": null,
"lastUpdated": "2024-09-19T13:25:42.656Z"
}
],
"hostArchitecture": [
"x86_64"
],
"architecture": "amd64",
"imageId": "b1e9cef3f297",
"lastScanned": "1726752573842",
"registryUuid": null,
"source": [
"GENERAL"
],
"totalVulCount": "1",
"users": null,
"isDockerHubOfficial": null,
"scanType": null,
"scanTypes": [
"DYNAMIC"
],
"scanErrorCode": null,
"scanStatus": "SUCCESS",
"lastFoundOnHost": {
"sensorUuid": "0c601a7f-ec19-42cd-9662-38770be0898b",
"hostname": "ip-10-82-10-128",
"ipAddress": "10.82.10.128",
"uuid": null,
"lastUpdated": "2024-09-19T13:25:42.656Z"
},
"lastScannedBySensor": "0c601a7f-ec19-42cd-9662-38770be0898b",
"scanErrorMessage": null,
"malware": null,
"lastMalwareScanned": null,
"exceptions": [
"372a0495-72dd-42ae-9b22-77be0ad939ee"
],
"secrets": null,
"lastSecretScanned": null,
"riskScore": 42,
"riskScoreCalculatedDate": "1726752573841",
"formulaUsed": "MIN (1000 , 2 * ( 0.6 * 35.00 * Pow(1,0.01) ))",
"maxQdsScore": 35,
"qdsSeverity": "LOW",
"criticality": null,
"criticalityUpdated": null,
"baseImage": null,
"childImagesCount": 0,
"sbomLayerProcessingTimestamp": null,
"baseImageProcessingTimestamp": null,
"softwares": [
{
"name": "libxxhash0:amd64",
"version": "0.8.2-2build1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null,
"layerSha": null
},
{
"name": "libgmp10:amd64",
"version": "2:6.3.0+dfsg-2ubuntu6",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null,
"layerSha": null
},
{
"name": "libssl3t64:amd64",
"version": "3.0.13-0ubuntu3.3",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": "3.0.13-0ubuntu3.4",
"vulnerabilities": [
{
"vulnerability": null,
"result": "#table cols=\"3\"\nPackage Installed_Version Required_Version\nlibssl3t64 3.0.13-0ubuntu3.3 3.0.13-0ubuntu3.4",
"lastFound": "1726752573832",
"firstFound": "1726752573832",
"severity": 4,
"customerSeverity": 4,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 40,
"category": "Ubuntu",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"VM",
"CA-Linux Agent",
"CS-Linux"
],
"product": [
"openssl"
],
"vendor": [
"ubuntu"
],
"cveids": [
"CVE-2024-6119"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": null,
"highLateralMovement": true,
"easyExploit": null,
"highDataLoss": null,
"noPatch": null,
"denialOfService": null,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null
},
"qid": 200683,
"title": "Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerability (USN-6986-1)",
"cvssInfo": {
"baseScore": "5.4",
"temporalScore": "4.0",
"accessVector": "Adjacent Network"
},
"cvss3Info": {
"baseScore": "7.5",
"temporalScore": "6.5"
},
"patchAvailable": true,
"published": null,
"scanType": [
"DYNAMIC"
],
"qdsScore": 35,
"isExempted": false,
"vendorData": null,
"software": null
}
],
"layerSha": null
},
{
"name": "libassuan0:amd64",
"version": "2.5.6-1build1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null,
"layerSha": null
},
{
"name": "coreutils",
"version": "9.4-3ubuntu6",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null,
"layerSha": null
}
],
"vulnerabilities": [
{
"vulnerability": null,
"result": "#table cols=\"3\"\nPackage Installed_Version Required_Version\nlibssl3t64 3.0.13-0ubuntu3.3 3.0.13-0ubuntu3.4",
"lastFound": "1726752573832",
"firstFound": "1726752573832",
"severity": 4,
"customerSeverity": 4,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 40,
"category": "Ubuntu",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"VM",
"CA-Linux Agent",
"CS-Linux"
],
"product": [
"openssl"
],
"vendor": [
"ubuntu"
],
"cveids": [
"CVE-2024-6119"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": null,
"highLateralMovement": true,
"easyExploit": null,
"highDataLoss": null,
"noPatch": null,
"denialOfService": null,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null
},
"qid": 200683,
"title": "Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerability (USN-6986-1)",
"cvssInfo": {
"baseScore": "5.4",
"temporalScore": "4.0",
"accessVector": "Adjacent Network"
},
"cvss3Info": {
"baseScore": "7.5",
"temporalScore": "6.5"
},
"patchAvailable": true,
"published": 1725453113000,
"scanType": [
"DYNAMIC"
],
"qdsScore": 35,
"isExempted": false,
"vendorData": null,
"software": [
{
"name": "libssl3t64:amd64",
"version": "3.0.13-0ubuntu3.3",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": "3.0.13-0ubuntu3.4",
"vulnerabilities": null
}
],
"layerSha": null
}
],
"lastComplianceScanned": "1726752346949"
}
Updated API: Fetch Vulnerability Details for an Image
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/images/{imageSha}/vuln |
| Method | GET |
| DTD XSD Changes | No |
Input ParametersInput Parameters
With this release, the following input parameter is introduced.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| applyException | Optional | boolean | Use this to enable or disable exceptions. Valid values: true/false Default value: true |
Sample: Fetch Vulnerability Details of an Image Sample: Fetch Vulnerability Details of an Image
API Request
curl -X 'GET' '<qualys_base_url>/csapi/v1.3/images/76c8fb57b6fc8599de38027112c47170bd19f99e7945392bd78d6816db01f4ad/vuln?type=ALL&sort=vulnerabilities.qid%3Aasc&applyException=false' \ -H 'accept: application/json' \ -H Authorization: Bearer <Token>
API Response
In the response given below, the 'isExempted' parameter is newly introduced to each vulnerability object. It indicates whether a vulnerability is exempted (True) or not (False).
{
"details": [
{
"vulnerability": null,
"result": "#table cols=\"3\"\nPackage Installed_Version Required_Version\nzlib 1.2.12-r0 1.2.12-r2",
"lastFound": "1726661897421",
"firstFound": "1726661897421",
"severity": 4,
"customerSeverity": 4,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 40,
"category": "Alpine Linux",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"VM",
"CA-Linux Agent",
"CS-Linux"
],
"product": [
"zlib"
],
"vendor": [
"alpine"
],
"cveids": [
"CVE-2022-37434"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": true,
"highLateralMovement": true,
"easyExploit": null,
"highDataLoss": null,
"noPatch": null,
"denialOfService": null,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null
},
"qid": 502475,
"title": "Alpine Linux Security Update for zlib",
"cvssInfo": {
"baseScore": "5.4",
"temporalScore": "4.3",
"accessVector": "Adjacent Network"
},
"cvss3Info": {
"baseScore": "9.8",
"temporalScore": "8.8"
},
"patchAvailable": true,
"published": 1659963869000,
"scanType": [
"DYNAMIC"
],
"qdsScore": 72,
"isExempted": false,
"vendorData": null,
"software": [
{
"name": "zlib",
"version": "1.2.12-r0",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": "1.2.12-r2",
"vulnerabilities": null
}
],
"layerSha": null
},
{
"vulnerability": null,
"result": "#table cols=\"3\"\nPackage Installed_Version Required_Version\nbusybox 1.34.1-r4 1.34.1-r5",
"lastFound": "1726661897420",
"firstFound": "1726661897420",
"severity": 5,
"customerSeverity": 5,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 50,
"category": "Alpine Linux",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"CA-Linux Agent",
"CS-Linux"
],
"product": [
"busybox"
],
"vendor": [
"alpine"
],
"cveids": [
"CVE-2022-28391"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": true,
"highLateralMovement": null,
"easyExploit": null,
"highDataLoss": null,
"noPatch": null,
"denialOfService": null,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null
},
"qid": 501951,
"title": "Alpine Linux Security Update for busybox",
"cvssInfo": {
"baseScore": "6.8",
"temporalScore": "5.3",
"accessVector": "Network"
},
"cvss3Info": {
"baseScore": "8.8",
"temporalScore": "7.9"
},
"patchAvailable": true,
"published": 1656420298000,
"scanType": [
"DYNAMIC"
],
"qdsScore": 42,
"isExempted": true,
"vendorData": null,
"software": [
{
"name": "busybox",
"version": "1.34.1-r4",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": "1.34.1-r5",
"vulnerabilities": null
}
],
"layerSha": null
}
],
"vulnSummary": {
"confirmed": {
"sev1Count": 0,
"sev5Count": 1,
"sev2Count": 0,
"sev4Count": 1,
"sev3Count": 0
},
"potential": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 0,
"sev3Count": 0
},
"patchAvailability": {
"confirmed": {
"sev1Count": 0,
"sev5Count": 1,
"sev2Count": 0,
"sev4Count": 1,
"sev3Count": 0
},
"potential": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 0,
"sev3Count": 0
}
}
}
}
Updated API: Fetch Containers Details
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/containers/{containerSha} |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch Container Details Sample: Fetch Container Details
API Request
curl -X 'GET' '<qualys_base_url>/csapi/v1.3/containers/647ae732d98e1bcceb7b02356bd7e873eef13c5916c3a1e9d95700ab893cc09f' \ -H 'accept: application/json' \ -H Authorization: Bearer <Token>
API Response
In the response given below, the 'isExempted' parameter is newly introduced to each vulnerability object. It indicates whether a vulnerability is exempted (True) or not (False).
{
"portMapping": null,
"imageId": "b1e9cef3f297",
"created": "1726811504000",
"updated": "1726831514106",
"label": [
{
"key": "org.opencontainers.image.ref.name",
"value": "ubuntu"
},
{
"key": "org.opencontainers.image.version",
"value": "24.04"
}
],
"uuid": "27bc66ea-1e8f-33a7-b944-a0a81b0166c6",
"sha": "61a9bc410df7cd912be6ad19a309b0e494120fbb293c7e71aba0ae36ce1abf19",
"privileged": false,
"path": "/bin/bash",
"imageSha": "b1e9cef3f2977f8bdd19eb9ae04f83b315f80fe4f5c5651fedf41482c12432f7",
"macAddress": "02:42:ac:11:00:02",
"customerUuid": "b9d2369c-aff8-6004-83f9-a334bb66dae6",
"ipv4": "172.17.0.2",
"ipv6": null,
"name": "happy_leakey",
"host": {
"sensorUuid": "0c601a7f-ec19-42cd-9662-38770be0898b",
"hostname": "ip-10-82-10-128",
"ipAddress": "10.82.10.128",
"uuid": null,
"lastUpdated": "2024-09-20T05:51:48.567Z"
},
"hostArchitecture": [
"x86_64"
],
"state": "UNKNOWN",
"imageUuid": "9bf49ce8-9abd-3a5b-a0f9-9206e6f01ec3",
"containerId": "61a9bc410df7",
"stateChanged": "1726831514077",
"services": null,
"users": null,
"operatingSystem": "Ubuntu Linux 24.04.1",
"lastScanned": "1726826753729",
"source": "GENERAL",
"riskScore": 42,
"riskScoreCalculatedDate": "1726826753729",
"formulaUsed": "MIN (1000 , 2 * ( 0.6 * 35.00 * Pow(1,0.01) ))",
"maxQdsScore": 35,
"qdsSeverity": "LOW",
"scanTypes": [
"DYNAMIC"
],
"criticality": null,
"criticalityUpdated": null,
"environment": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"arguments": null,
"command": "/bin/bash",
"drift": {
"category": [],
"reason": [],
"software": [],
"vulnerability": []
},
"vulnerabilities": [
{
"vulnerability": null,
"result": "#table cols=\"3\"\nPackage Installed_Version Required_Version\nlibssl3t64 3.0.13-0ubuntu3.3 3.0.13-0ubuntu3.4",
"lastFound": "1726826753703",
"firstFound": "1726811816127",
"severity": 4,
"customerSeverity": 4,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 40,
"category": "Ubuntu",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"VM",
"CA-Linux Agent",
"CS-Linux"
],
"product": [
"openssl"
],
"vendor": [
"ubuntu"
],
"cveids": [
"CVE-2024-6119"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": null,
"highLateralMovement": true,
"easyExploit": null,
"highDataLoss": null,
"noPatch": null,
"denialOfService": null,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null
},
"qid": 200683,
"title": "Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerability (USN-6986-1)",
"cvssInfo": {
"baseScore": "5.4",
"temporalScore": "4.0",
"accessVector": "Adjacent Network"
},
"cvss3Info": {
"baseScore": "7.5",
"temporalScore": "6.5"
},
"patchAvailable": true,
"published": 1725453113000,
"scanType": [
"DYNAMIC"
],
"qdsScore": 35,
"isExempted": false,
"vendorData": null,
"software": [
{
"name": "libssl3t64:amd64",
"version": "3.0.13-0ubuntu3.3",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": "3.0.13-0ubuntu3.4",
"vulnerabilities": null
}
]
}
],
"softwares": [
{
"name": "libxxhash0:amd64",
"version": "0.8.2-2build1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libgmp10:amd64",
"version": "2:6.3.0+dfsg-2ubuntu6",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "sensible-utils",
"version": "0.0.22",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libunistring5:amd64",
"version": "1.1-2build1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "sed",
"version": "4.9-2build1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libext2fs2t64:amd64",
"version": "1.47.0-2.4~exp1ubuntu4.1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libp11-kit0:amd64",
"version": "0.25.3-4ubuntu2.1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "sysvinit-utils",
"version": "3.08-6ubuntu3",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libffi8:amd64",
"version": "3.4.6-1build1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libgpg-error0:amd64",
"version": "1.47-3build2",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "hostname",
"version": "3.23+nmu2ubuntu2",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libgcc-s1:amd64",
"version": "14-20240412-0ubuntu1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "tar",
"version": "1.35+dfsg-3build1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "bash",
"version": "5.2.21-2ubuntu4",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libsystemd0:amd64",
"version": "255.4-1ubuntu8.4",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libselinux1:amd64",
"version": "3.5-2ubuntu2",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libcom-err2:amd64",
"version": "1.47.0-2.4~exp1ubuntu4.1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "init-system-helpers",
"version": "1.66ubuntu1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "ubuntu-keyring",
"version": "2023.11.28.1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libcap2:amd64",
"version": "1:2.66-5ubuntu2",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libsepol2:amd64",
"version": "3.5-2build1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "ncurses-bin",
"version": "6.4+20240113-1ubuntu2",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libattr1:amd64",
"version": "1:2.5.2-1build1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "mawk",
"version": "1.3.4.20240123-1build1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libseccomp2:amd64",
"version": "2.5.5-1ubuntu3.1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "gcc-14-base:amd64",
"version": "14-20240412-0ubuntu1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libdebconfclient0:amd64",
"version": "0.271ubuntu3",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "grep",
"version": "3.11-4build1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libpam0g:amd64",
"version": "1.5.3-5ubuntu5.1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libss2:amd64",
"version": "1.47.0-2.4~exp1ubuntu4.1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libapt-pkg6.0t64:amd64",
"version": "2.7.14build2",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "logsave",
"version": "1.47.0-2.4~exp1ubuntu4.1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libuuid1:amd64",
"version": "2.39.3-9ubuntu6.1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libsmartcols1:amd64",
"version": "2.39.3-9ubuntu6.1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libbz2-1.0:amd64",
"version": "1.0.8-5.1build0.1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "debconf",
"version": "1.5.86ubuntu1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libproc2-0:amd64",
"version": "2:4.0.4-4ubuntu3",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "zlib1g:amd64",
"version": "1:1.3.dfsg-3.1ubuntu2.1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "e2fsprogs",
"version": "1.47.0-2.4~exp1ubuntu4.1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libsemanage2:amd64",
"version": "3.5-1build5",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libaudit1:amd64",
"version": "1:3.1.2-2.1build1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libtinfo6:amd64",
"version": "6.4+20240113-1ubuntu2",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "liblz4-1:amd64",
"version": "1.9.4-1build1.1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "procps",
"version": "2:4.0.4-4ubuntu3",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "gzip",
"version": "1.12-1ubuntu3",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "findutils",
"version": "4.9.0-5build1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libcrypt1:amd64",
"version": "1:4.4.36-4build1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libpcre2-8-0:amd64",
"version": "10.42-4ubuntu2",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "bsdutils",
"version": "1:2.39.3-9ubuntu6.1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libpam-runtime",
"version": "1.5.3-5ubuntu5.1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "debianutils",
"version": "5.17build1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "base-passwd",
"version": "3.6.3build1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "dpkg",
"version": "1.22.6ubuntu6.1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libc6:amd64",
"version": "2.39-0ubuntu8.3",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "base-files",
"version": "13ubuntu10.1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "dash",
"version": "0.5.12-6ubuntu5",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libzstd1:amd64",
"version": "1.5.5+dfsg2-2build1.1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libncursesw6:amd64",
"version": "6.4+20240113-1ubuntu2",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libhogweed6t64:amd64",
"version": "3.9.1-2.2build1.1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libudev1:amd64",
"version": "255.4-1ubuntu8.4",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libpam-modules-bin",
"version": "1.5.3-5ubuntu5.1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libnettle8t64:amd64",
"version": "3.9.1-2.2build1.1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libnpth0t64:amd64",
"version": "1.6-3.1build1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "diffutils",
"version": "1:3.10-1build1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "ncurses-base",
"version": "6.4+20240113-1ubuntu2",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libstdc++6:amd64",
"version": "14-20240412-0ubuntu1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libdb5.3t64:amd64",
"version": "5.3.28+dfsg2-7",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libblkid1:amd64",
"version": "2.39.3-9ubuntu6.1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libacl1:amd64",
"version": "2.3.2-1build1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libgnutls30t64:amd64",
"version": "3.8.3-1.1ubuntu3.2",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libcap-ng0:amd64",
"version": "0.8.4-2build2",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "apt",
"version": "2.7.14build2",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "util-linux",
"version": "2.39.3-9ubuntu6.1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libc-bin",
"version": "2.39-0ubuntu8.3",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libaudit-common",
"version": "1:3.1.2-2.1build1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libmd0:amd64",
"version": "1.1.0-2build1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "passwd",
"version": "1:4.13+dfsg1-4ubuntu3",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libpam-modules:amd64",
"version": "1.5.3-5ubuntu5.1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "login",
"version": "1:4.13+dfsg1-4ubuntu3",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libsemanage-common",
"version": "3.5-1build5",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "liblzma5:amd64",
"version": "5.6.1+really5.4.5-1build0.1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libtasn1-6:amd64",
"version": "4.19.0-3build1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libmount1:amd64",
"version": "2.39.3-9ubuntu6.1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libidn2-0:amd64",
"version": "2.3.7-2build1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "perl-base",
"version": "5.38.2-3.2build2",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libgcrypt20:amd64",
"version": "1.10.3-2build1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "gpgv",
"version": "2.4.4-2ubuntu17",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "mount",
"version": "2.39.3-9ubuntu6.1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "libssl3t64:amd64",
"version": "3.0.13-0ubuntu3.3",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": "3.0.13-0ubuntu3.4",
"vulnerabilities": [
{
"vulnerability": null,
"result": "#table cols=\"3\"\nPackage Installed_Version Required_Version\nlibssl3t64 3.0.13-0ubuntu3.3 3.0.13-0ubuntu3.4",
"lastFound": "1726826753703",
"firstFound": "1726811816127",
"severity": 4,
"customerSeverity": 4,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 40,
"category": "Ubuntu",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"VM",
"CA-Linux Agent",
"CS-Linux"
],
"product": [
"openssl"
],
"vendor": [
"ubuntu"
],
"cveids": [
"CVE-2024-6119"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": null,
"highLateralMovement": true,
"easyExploit": null,
"highDataLoss": null,
"noPatch": null,
"denialOfService": null,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null
},
"qid": 200683,
"title": "Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerability (USN-6986-1)",
"cvssInfo": {
"baseScore": "5.4",
"temporalScore": "4.0",
"accessVector": "Adjacent Network"
},
"cvss3Info": {
"baseScore": "7.5",
"temporalScore": "6.5"
},
"patchAvailable": true,
"published": null,
"scanType": [
"DYNAMIC"
],
"qdsScore": 35,
"isExempted": null,
"vendorData": null,
"software": null
}
]
},
{
"name": "libassuan0:amd64",
"version": "2.5.6-1build1",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
},
{
"name": "coreutils",
"version": "9.4-3ubuntu6",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"vulnerabilities": null
}
],
"isDrift": false,
"isRoot": true,
"lastComplianceScanned": "1726811565218",
"cluster": null,
"cloudProvider": {
"aws.ecs.container.subnetId": null,
"aws.ec2.instanceId": "i-00cf29ec3145801ee",
"aws.ecs.clusterName": null,
"aws.ecs.container.macAddress": null,
"aws.ecs.region.code": null,
"aws.ecs.container.id": null,
"aws.ecs.accountId": null
},
"exceptions": [
{
"uuid": "372a0495-72dd-42ae-9b22-77be0ad939ee",
"assignmentType": "CASCADE"
}
],
"k8sExposure": null
}
Updated API: Fetch Vulnerability Details of a Container
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/containers/{containerSha}/vuln |
| Method | GET |
| DTD XSD Changes | No |
Input ParametersInput Parameters
With this release, the following input parameter is introduced.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| applyException | Optional | boolean | Use this to enable or disable exceptions. Valid values: true/false Default value: true |
Sample: Fetch Vulnerability Details of a Container Sample: Fetch Vulnerability Details of a Container
API Request
curl -X 'GET' '<qualys_base_url>/csapi/v1.3/containers/647ae732d98e1bcceb7b02356bd7e873eef13c5916c3a1e9d95700ab893cc09f/vuln?type=ALL&sort=vulnerabilities.qid%3Aasc&applyException=false' \ -H 'accept: application/json' \ -H Authorization: Bearer <Token>
API Response
In the response given below, the 'isExempted' parameter is newly introduced to each vulnerability object. It indicates whether a vulnerability is exempted (True) or not (False).
{
"details": {
"vulns": [
{
"vulnerability": null,
"result": "#table cols=\"3\"\nPackage Installed_Version Required_Version\nlibcrypto3 3.1.4-r2 3.1.4-r3\nlibssl3 3.1.4-r2 3.1.4-r3",
"lastFound": "1707265998223",
"firstFound": "1707219450497",
"severity": 4,
"customerSeverity": 4,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 40,
"category": "Alpine Linux",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"VM",
"CA-Linux Agent",
"CS-Linux"
],
"product": [
"openssl"
],
"vendor": [
"alpine"
],
"cveids": [
"CVE-2023-6129"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": null,
"highLateralMovement": true,
"easyExploit": null,
"highDataLoss": null,
"noPatch": null,
"denialOfService": null,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null
},
"qid": 505912,
"title": "Alpine Linux Security Update for openssl",
"cvssInfo": {
"baseScore": "5.4",
"temporalScore": "4.0",
"accessVector": "Adjacent Network"
},
"cvss3Info": {
"baseScore": "6.5",
"temporalScore": "5.7"
},
"patchAvailable": true,
"published": 1705323222000,
"scanType": null,
"qdsScore": null,
"isExempted": false,
"vendorData": null,
"software": [
{
"name": "libssl3",
"version": "3.1.4-r2",
"scanType": null,
"packagePath": null,
"fixVersion": "3.1.4-r3",
"vulnerabilities": null
},
{
"name": "libcrypto3",
"version": "3.1.4-r2",
"scanType": null,
"packagePath": null,
"fixVersion": "3.1.4-r3",
"vulnerabilities": null
}
]
},
{
"vulnerability": null,
"result": "#table cols=\"3\"\nPackage Installed_Version Required_Version\nlibcrypto3 3.1.4-r2 3.1.4-r5\nlibssl3 3.1.4-r2 3.1.4-r5",
"lastFound": "1707265998223",
"firstFound": "1707219450497",
"severity": 4,
"customerSeverity": 4,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 40,
"category": "Alpine Linux",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"VM",
"CA-Linux Agent",
"CS-Linux"
],
"product": [
"openssl"
],
"vendor": [
"alpine"
],
"cveids": [
"CVE-2024-0727"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": null,
"highLateralMovement": true,
"easyExploit": null,
"highDataLoss": null,
"noPatch": null,
"denialOfService": null,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null
},
"qid": 510696,
"title": "Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)",
"cvssInfo": {
"baseScore": "5.4",
"temporalScore": "4.0",
"accessVector": "Adjacent Network"
},
"cvss3Info": {
"baseScore": "5.5",
"temporalScore": "4.8"
},
"patchAvailable": true,
"published": 1706535003000,
"scanType": null,
"qdsScore": null,
"isExempted": true,
"vendorData": null,
"software": [
{
"name": "libssl3",
"version": "3.1.4-r2",
"scanType": null,
"packagePath": null,
"fixVersion": "3.1.4-r5",
"vulnerabilities": null
},
{
"name": "libcrypto3",
"version": "3.1.4-r2",
"scanType": null,
"packagePath": null,
"fixVersion": "3.1.4-r5",
"vulnerabilities": null
}
]
},
{
"vulnerability": null,
"result": "#table cols=\"3\"\nPackage Installed_Version Required_Version\nlibcrypto3 3.1.4-r2 3.1.4-r4\nlibssl3 3.1.4-r2 3.1.4-r4",
"lastFound": "1707265998223",
"firstFound": "1707219450497",
"severity": 4,
"customerSeverity": 4,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 40,
"category": "Alpine Linux",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"VM",
"CA-Linux Agent",
"CS-Linux"
],
"product": [
"openssl"
],
"vendor": [
"alpine"
],
"cveids": [
"CVE-2023-6237"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": null,
"highLateralMovement": true,
"easyExploit": null,
"highDataLoss": null,
"noPatch": null,
"denialOfService": null,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null
},
"qid": 510671,
"title": "Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)",
"cvssInfo": {
"baseScore": "5.4",
"temporalScore": "4.0",
"accessVector": "Adjacent Network"
},
"cvss3Info": {
"baseScore": "8.6",
"temporalScore": "7.5"
},
"patchAvailable": true,
"published": 1705581629000,
"scanType": null,
"qdsScore": null,
"isExempted": false,
"vendorData": null,
"software": [
{
"name": "libssl3",
"version": "3.1.4-r2",
"scanType": null,
"packagePath": null,
"fixVersion": "3.1.4-r4",
"vulnerabilities": null
},
{
"name": "libcrypto3",
"version": "3.1.4-r2",
"scanType": null,
"packagePath": null,
"fixVersion": "3.1.4-r4",
"vulnerabilities": null
}
]
}
],
"driftVulns": null
},
"vulnSummary": {
"confirmed": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 3,
"sev3Count": 0
},
"potential": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 0,
"sev3Count": 0
},
"patchAvailability": {
"confirmed": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 3,
"sev3Count": 0
},
"potential": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 0,
"sev3Count": 0
}
}
}
Updated API: Create a Report Request
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/reports |
| Method | POST |
| DTD XSD Changes | No |
Input ParametersInput Parameters
The following table shows the updated or new input parameters.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| displayColumns | Mandatory | string | Specify the columns to include in the report. Multiple column values should be comma-separated. With this release a new value is introduced - isQidExempted. You can mention this new value to display IS QID EXEMPTED column in the report on Qualys Enterprise TruRisk™ Platform. |
Sample: Create a Report RequestSample: Create a Report Request
API Request
curl -X 'POST' \
'<qualys_base_url>/csapi/v1.3/reports' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
--d '{
"name": "API1",
"description": "test",
"templateName": "CS_IMAGE_VULNERABILITY",
"filter": null,
"reportScheduleDetails": null,
"expireAfter": 7,
"secondFilter": "",
"displayColumns": [
"imageId",
"riskScore",
"tags",
"qid",
"isQidExempted"
],
"zip": 0,
"emailNotification": 1,
"sendAsAttachment": 0,
"customMessage": "test",
"recipient": "acha@acme.com",
"emailSubject": "Qualys: API1"
}'
API Response
{
"reportUuid": "ff6f0f30-e480-11ef-9cea-bb09b08c3a27"
}
Updated API: Create a Report Schedule
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/reports/schedule |
| Method | POST |
| DTD XSD Changes | No |
Input ParametersInput Parameters
The following table shows the updated or new input parameters.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| displayColumns | Mandatory | string | Specify the columns to include in the report. Multiple column values should be comma-separated. With this release a new value is introduced - isQidExempted. You can mention this new value to display IS QID EXEMPTED column in the report on Qualys Enterprise TruRisk™ Platform. |
Sample: Create a Report ScheduleSample: Create a Report Schedule
API Request
curl -X 'POST' \ '<qualys_base_url>/csapi/v1.3/reports/schedule' \ -H 'accept: application/json' \ -H 'Authorization: Bearer <token>' \ -H 'Content-Type: application/json' \ -d '{ "name": "API_sch2", "description": "test", "templateName": "CS_IMAGE_VULNERABILITY", "filter": null, "reportScheduleDetails": { "recurrenceType": "DAILY" }, "expireAfter": 7, "displayColumns": [ "imageId", "riskScore", "tags", "qid", "isQidExempted" ], "zip": 1, "emailNotification": 1, "sendAsAttachment": 0, "customMessage": "test", "recipient": "ach@gmail.com", "emailSubject": "Qualys: API_sch1", "eventEndTime": "2025-02-07T18:33:00Z", "action": "CREATE", "eventTime": "2025-02-06T12:30:00Z" }'
API Response
{
"scheduleUuid": "6b979680-e483-11ef-b8b3-9743be488de7"
}
Updated API: Update an Active Report Schedule
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/reports/schedule/{reportingScheduleID} |
| Method | PUT |
| DTD XSD Changes | No |
Input ParametersInput Parameters
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| displayColumns | Optional | string | Specify the columns to include in the report. Multiple column values should be comma-separated. With this release a new value is introduced - isQidExempted. You can mention this new value to display Is Exempted column in the report. |
Sample: Update an Active Report ScheduleSample: Update an Active Report Schedule
API Request
curl -X 'PUT' \ '<qualys_base_url>/csapi/v1.3/reports/schedule/6e8f7a20-91cb-11ef-9f40-ad02a75af93a' \ -H 'accept: application/json' \ -H 'Authorization: Bearer <token>' \ -H 'Content-Type: application/json' \ -d '{ "name": "API_sch2", "description": "test", "templateName": "CS_IMAGE_VULNERABILITY", "filter": null, "reportScheduleDetails": { "recurrenceType": "WEEKLY", "selectedDayOfWeeks": [ "THURSDAY" ] }, "expireAfter": 7, "displayColumns": [ "imageId", "riskScore", "tags", "qid", "isQidExempted", "firstDetected" ], "zip": 1, "emailNotification": 1, "sendAsAttachment": 0, "customMessage": "test", "recipient": "ach@gmail.com", "emailSubject": "Qualys: API_sch1", "eventEndTime": "2025-02-13T18:33:00Z", "action": "CREATE", "eventTime": "2025-02-06T12:30:00Z" }'
API Response
{ "message": "Details updated successfully for reportScheduleId 6b979680-e483-11ef-b8b3-9743be488de7" }
Updated API: Fetch a List of Reports
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/reports |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch a List of ReportsSample: Fetch a List of Reports
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/reports?filter=reportName%3AAPI1&pageNumber=1&pageSize=50&sort=status%3Adesc' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>
API Response
{
"data": [
{
"reportUuid": "cfcd7840-91cc-11ef-9f40-ad02a75af93a",
"createdAt": "2024-10-24T05:57:11.000Z",
"reportName": "ABC",
"description": "Report Test",
"fileFormat": "csv",
"templateName": "CS_IMAGE_VULNERABILITY",
"status": "COMPLETED",
"isScheduled": 0,
"filter": null,
"displayColumns": [
"repo",
"uuid",
"qid",
"isQidExempted",
"imageId"
],
"expireOn": "2024-11-23T05:57:11.000Z",
"emailNotification": 1,
"recipient": "jack_reader@acme.com",
"emailSubject": "EMAIL receive check",
"customMessage": "Test custom message",
"sendAsAttachment": 0,
"fileZipped": 0
},
{
"reportUuid": "0265a320-9030-11ef-b98f-b9ad9f663189",
"createdAt": "2024-10-22T04:42:14.000Z",
"reportName": "joiewjfew",
"description": null,
"fileFormat": "csv",
"templateName": "CS_IMAGE_VULNERABILITY",
"status": "COMPLETED",
"isScheduled": 0,
"filter": null,
"displayColumns": [
"imageId",
"tags",
"qid",
"firstDetected"
],
"expireOn": "2024-10-29T04:42:14.000Z",
"emailNotification": 0,
"recipient": "",
"emailSubject": "",
"customMessage": "",
"sendAsAttachment": 0,
"fileZipped": 0
},
{
"reportUuid": "1e2dca60-86fd-11ef-9f40-ad02a75af93a",
"createdAt": "2024-10-10T11:45:16.000Z",
"reportName": "ERS1",
"description": null,
"fileFormat": "csv",
"templateName": "CS_IMAGE_VULNERABILITY",
"status": "COMPLETED",
"isScheduled": 1,
"filter": "vulnerabilities.severity:3 ",
"displayColumns": [
"repo",
"imageId",
"sha",
"uuid",
"label",
"tags",
"created",
"updated",
"qid",
"title",
"severity",
"cveids",
"vendorReference",
"cvssBase",
"cvssTemporal",
"cvss3Base",
"cvss3Temporal",
"threat",
"impact",
"solution",
"exploitability",
"associatedMalwares",
"category",
"software",
"result"
],
"expireOn": "2025-01-08T11:45:16.000Z",
"emailNotification": 1,
"recipient": "john_doe@gmail.com",
"emailSubject": "",
"customMessage": "",
"sendAsAttachment": 0,
"fileZipped": 1
}
],
"count": 3
}
Support Host Architecture Column in Container Reports
With this release, CS provides a new column (hostArchitecture) in Container reports that shows the Host Architecture used. The following APIs are updated with this change.
- Update an Active Report Schedule -
PUT /csapi/v1.3/reports/schedule/{reportingScheduleID} - Create a Report Schedule -
POST /csapi/v1.3/reports/schedule - Create a Report Request -
POST /csapi/v1.3/reports - Fetch a List of Reports -
GET /csapi/v1.3/reports
Updated API: Update an Active Report Schedule
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/reports/schedule/{reportingScheduleID} |
| Method | PUT |
| DTD XSD Changes | No |
Input ParametersInput Parameters
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| displayColumns | Optional | string | Specify the columns to include in the report. Multiple column values should be comma-separated. With this release a new value is introduced - hostArchitecture. You can mention this new value to display the Host Architecture column in the report. |
Sample: Update an Active Report ScheduleSample: Update an Active Report Schedule
API Request
curl -X 'PUT' \ '<qualys_base_url>/csapi/v1.3/reports/schedule/4f4b1bd0-e9cb-11ef-8b06-9bc463950d0a' \ -H 'accept: application/json' \ -H 'Authorization: Bearer <token>' \ -H 'Content-Type: application/json' \ -d '{ "name": "SCHEDTESTAPI", "description": "", "templateName": "CS_CONTAINER_VULNERABILITY", "filter": null, "secondFilter": "", "reportScheduleDetails": { "recurrenceType": "DAILY", "selectedDayOfWeeks": null, "monthlyType": null, "ordinalDayOfMonth": 1, "dayOfWeek": null, "ordinalDayOfWeek": null }, "format": "csv", "expireAfter": 7, "displayColumns": [ "name", "containerId", "riskScore", "tags", "hostArchitecture", "qid" ], "zip": 0, "emailNotification": 1, "sendAsAttachment": 0, "customMessage": "", "recipient": "janedoe@abc.com", "emailSubject": "Qualys: SCHEDTESTAPI", "eventEndTime": "2025-02-28T11:56:00Z", "action": "CREATE", "eventTime": "2025-02-13T10:56:00Z" }'
API Response
{
"message": "Details updated successfully for reportScheduleId 4f4b1bd0-e9cb-11ef-8b06-9bc463950d0a"
}
Updated API: Create a Report Schedule
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/reports/schedule |
| Method | POST |
| DTD XSD Changes | No |
Input ParametersInput Parameters
The following table shows the updated or new input parameters.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| displayColumns | Mandatory | string | Specify the columns to include in the report. Multiple columns should be comma-separated. With this release a new value is introduced - hostArchitecture. You can mention this new value to display the Host Architecture column in the report. |
Sample: Create a Report ScheduleSample: Create a Report Schedule
API Request
curl -X 'POST' \ '<qualys_base_url>/csapi/v1.3/reports/schedule' \ -H 'accept: application/json' \ -H 'Authorization: Bearer <token>' \ -H 'Content-Type: application/json' \-d '{ "name": "SCHEDTESTAPI", "description": "", "templateName": "CS_CONTAINER_VULNERABILITY", "filter": null, "format": "csv", "reportScheduleDetails": { "recurrenceType": "DAILY", "selectedDayOfWeeks": null, "monthlyType": null, "ordinalDayOfMonth": 1, "dayOfWeek": null, "ordinalDayOfWeek": null }, "expireAfter": 7, "secondFilter": "", "displayColumns": [ "name", "containerId", "tags", "hostArchitecture", "qid" ], "zip": 0, "emailNotification": 0, "eventEndTime": "2025-02-28T11:56:00Z", "action": "CREATE", "eventTime": "2025-02-13T10:56:00Z" }'
API Response
{ "scheduleUuid": "4f4b1bd0-e9cb-11ef-8b06-9bc463950d0a"
}
Updated API: Create a Report Request
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/reports |
| Method | POST |
| DTD XSD Changes | No |
Input ParametersInput Parameters
The following table shows the updated or new input parameters.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| displayColumns | Mandatory | string | Specify the columns to include in the report. Multiple columns should be comma-separated. With this release a new value is introduced - hostArchitecture. You can mention this new value to display the Host Architecture column in the report. |
Sample: Create a Report RequestSample: Create a Report Request
API Request
curl -X 'POST' \
'<qualys_base_url>/csapi/v1.3/reports' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '{
"name": "TESTAPI",
"description": "",
"templateName": "CS_CONTAINER_VULNERABILITY",
"filter": null,
"timezone": "Asia/Calcutta",
"format": "csv",
"reportScheduleDetails": null,
"expireAfter": 7,
"secondFilter": "",
"displayColumns": [
"name",
"containerId",
"uuid",
"tags",
"hostArchitecture",
"qid",
"clusterName",
"podNameSpace",
"podName",
"nodeName"
],
"zip": 0,
"emailNotification": 0
}
API Response
{
"reportUuid": "16566100-e9ca-11ef-b727-b1f750f01c63"
}
Updated API: Fetch a List of Reports
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/reports |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch a List of ReportsSample: Fetch a List of Reports
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/reports?pageNumber=1&pageSize=50' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>
API Response
The API reponse below shows the 'hostArchitecture' value in the 'displayColumns' field.
{
"data": [
{
"reportUuid": "425d6510-e9c9-11ef-8b06-9bc463950d0a",
"createdAt": "2025-02-13T05:13:28.000Z",
"reportName": "TESTAPI",
"description": null,
"fileFormat": "csv",
"templateName": "CS_CONTAINER_VULNERABILITY",
"status": "COMPLETED",
"isScheduled": 0,
"filter": null,
"displayColumns": [
"name",
"containerId",
"uuid",
"tags",
"hostArchitecture",
"qid",
"clusterName",
"podNameSpace",
"podName",
"nodeName"
],
"expireOn": "2025-02-20T05:13:28.000Z",
"emailNotification": 0,
"recipient": "",
"emailSubject": "",
"customMessage": "",
"sendAsAttachment": 0,
"fileZipped": 0,
"expireAfter": 7
},
{
"reportUuid": "4fa6fbc0-e83c-11ef-a453-571443ecc181",
"createdAt": "2025-02-11T05:52:00.000Z",
"reportName": "Test_Schedule_1",
"description": null,
"fileFormat": "csv",
"templateName": "CS_CONTAINER_VULNERABILITY",
"status": "COMPLETED",
"isScheduled": 1,
"filter": null,
"displayColumns": [
"containerId",
"tags",
"qid",
"clusterName",
"podNameSpace",
"podName",
"nodeName"
],
"expireOn": "2025-02-18T05:52:00.000Z",
"emailNotification": 0,
"recipient": "",
"emailSubject": "",
"customMessage": "",
"sendAsAttachment": 0,
"fileZipped": 1,
"expireAfter": 7
},
],
"count": 2
}