Release 1.38 API
April 16, 2025
Before understanding the API release highlights, learn more about the API server URL to be used in your API requests by referring to the Know Your Qualys API Server URL section. For this API Release Notes, <qualys_base_url> is mentioned in the sample API requests.
What's New?
With the Container Security 1.38 release, the following enhancements in APIs are made.
- Qualys Kubernetes Poster Management
- Support 'First Detected' Information in Container Vulnerability Report
- Ability to Block Older Images in Centralized Admission Controller Policy
- Support for Vulnerability Propagation
Qualys Kubernetes Poster Management
With this release, Qualys Container Security has introduced Kubernetes Poster Management. This is considered as an integral part of Kubernetes Security Poster Management (KSPM). To support this feature, the following APIs are introduced.
- Fetch a List of K8s Control Postures -
GET /csapi/v1.3/k8s_postures/list - Show Control Postures Count -
GET /csapi/v1.3/k8s_postures/count - Show Details of CIS Control -
GET /csapi/v1.3/k8s_postures/control/{controlId} - Show Resource Control Posture Evidence -
GET /csapi/v1.3/k8s_postures/control/{controlId}/evidence
New API: Fetch a List of K8s Control Postures
| New or Updated APIs | New |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/k8s_postures/list |
| Method | GET |
| DTD XSD Changes | No |
Input ParametersInput Parameters
The following parameters are applicable to this API.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| filter | Optional | string | Filter the K8s posture list by providing a query using Qualys syntax. Refer to the 'Searching for Images' topic in the online help for assistance with creating your query. |
| limit | Optional | integer | Specify the number of records to include in the response. Enter a value from 1 to 250. |
| pageNumber | Optional | integer | The page to be returned. Page numbers start with 1. |
| pageSize | Optional | integer | The number of records per page to be included in the response. |
| sort | Optional | string | Sort the results using a Qualys token. Refer to the 'Sortable tokens' topic in the online help for more information. |
Sample: Fetch a List of K8s Control PosturesSample: Fetch a List of K8s Control Postures
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/k8s_postures/list?pageNumber=1&pageSize=50&limit=50' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>
API Response (Truncated)
{
"data": [
{
"cid": 45049,
"controlName": "CVE-2022-0185-linux-kernel-container-escape",
"policyNames": [
"AWS Elastic Kubernetes Service (EKS) Best Practices"
],
"criticality": "MEDIUM",
"passControls": 21,
"failedControls": 0,
"skippedControls": 0
},
{
"cid": 45228,
"controlName": "Minimize the admission of containers wishing to share the host IPC namespace",
"policyNames": [
"CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.6.0"
],
"criticality": "MEDIUM",
"passControls": 0,
"failedControls": 20,
"skippedControls": 0
},
{
"cid": 45230,
"controlName": "Minimize the admission of containers with allowPrivilegeEscalation",
"policyNames": [
"CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.6.0"
],
"criticality": "MEDIUM",
"passControls": 0,
"failedControls": 20,
"skippedControls": 0
},
{
"cid": 45144,
"controlName": "Consider external secret storage",
"policyNames": [
"CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.6.0"
],
"criticality": "MEDIUM",
"passControls": 0,
"failedControls": 10,
"skippedControls": 0
},
{
"cid": 45116,
"controlName": "Ensure that the kubeconfig file permissions are set to 644 or more restrictive",
"policyNames": [
"CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.6.0"
],
"criticality": "MEDIUM",
"passControls": 21,
"failedControls": 0,
"skippedControls": 0
}
....
],
"count": 95,
"groups": {},
"aggs": null
}
New API: Show Control Postures Count
| New or Updated APIs | New |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/k8s_postures/count |
| Method | GET |
| DTD XSD Changes | No |
Input ParametersInput Parameters
The following parameters are applicable to this API.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| filter | Optional | string | Filter the K8s posture list by providing a query using Qualys syntax. Refer to the 'Searching for Images' topic in the online help for assistance with creating your query. |
| limit | Optional | integer | Specify the number of records to include in the response. Enter a value from 1 to 250. |
| pageNumber | Optional | integer | The page to be returned. Page numbers start with 1. |
| pageSize | Optional | integer | The number of records per page to be included in the response. |
| sort | Optional | string | Sort the results using a Qualys token. Refer to the 'Sortable tokens' topic in the online help for more information. |
| groupBy | Optional | string | Group the K8s list using fields from result. |
Sample: Show Control Postures Count Sample: Show Control Postures Count
API Request
curl -X 'GET' \ '<qualys_base_url>/csapi/v1.3/k8s_postures/list?pageNumber=1&pageSize=50&limit=50' \ -H 'accept: application/json' \ -H 'Authorization: Bearer <token>
API Response (Truncated)
{
"data": [
{
"cid": 45136,
"controlName": "Prefer using dedicated EKS Service Accounts",
"clusterUid": "957e3031-c6d1-4a00-9c7e-6406e1bc3bcb",
"clusterName": "surtest-ekstest",
"controlCriticality": "HIGH",
"resourceName": "default",
"resourceType": "ServiceAccount",
"status": "FAIL",
"firstEvaluated": "Thu Mar 27 07:00:50 GMT 2025",
"lastEvaluated": "Fri Apr 11 05:02:48 GMT 2025",
"accountId": "362990800442",
"resourceId": "/v1/my-namespace/ServiceAccount/default",
"resourceUid": "7e7061a1-6aea-43c1-9619-85372d8e381d"
},
{
"cid": 45136,
"controlName": "Prefer using dedicated EKS Service Accounts",
"clusterUid": "957e3031-c6d1-4a00-9c7e-6406e1bc3bcb",
"clusterName": "surtest-ekstest",
"controlCriticality": "HIGH",
"resourceName": "eks:podsecuritypolicy:authenticated",
"resourceType": "ClusterRoleBinding",
"status": "PASS",
"firstEvaluated": "Tue Mar 18 10:53:43 GMT 2025",
"lastEvaluated": "Fri Apr 11 05:02:48 GMT 2025",
"accountId": "362990800442",
"resourceId": "rbac.authorization.k8s.io/v1//ClusterRoleBinding/eks:podsecuritypolicy:authenticated",
"resourceUid": "bdbe70a0-7b8b-4ad8-8042-f88cdf9a25e0"
},
{
"cid": 45136,
"controlName": "Prefer using dedicated EKS Service Accounts",
"clusterUid": "957e3031-c6d1-4a00-9c7e-6406e1bc3bcb",
"clusterName": "surtest-ekstest",
"controlCriticality": "HIGH",
"resourceName": "eks:service-operations",
"resourceType": "ClusterRoleBinding",
"status": "PASS",
"firstEvaluated": "Tue Mar 18 10:53:40 GMT 2025",
"lastEvaluated": "Fri Apr 11 05:02:48 GMT 2025",
"accountId": "362990800442",
"resourceId": "rbac.authorization.k8s.io/v1//ClusterRoleBinding/eks:service-operations",
"resourceUid": "d102693f-44cf-4fb4-84e9-ffe2deab3b3e"
},
{
"cid": 45136,
"controlName": "Prefer using dedicated EKS Service Accounts",
"clusterUid": "957e3031-c6d1-4a00-9c7e-6406e1bc3bcb",
"clusterName": "surtest-ekstest",
"controlCriticality": "HIGH",
"resourceName": "system:controller:disruption-controller",
"resourceType": "ClusterRoleBinding",
"status": "PASS",
"firstEvaluated": "Tue Mar 18 10:53:43 GMT 2025",
"lastEvaluated": "Fri Apr 11 05:02:48 GMT 2025",
"accountId": "362990800442",
"resourceId": "rbac.authorization.k8s.io/v1//ClusterRoleBinding/system:controller:disruption-controller",
"resourceUid": "a012b7d7-7977-4cc3-a304-51af53044933"
}
.......
],
"count": 3160,
"groups": {},
"aggs": null
}
New API: Show Details of CIS Control
| New or Updated APIs | New |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/k8s_postures/control/{controlId} |
| Method | GET |
| DTD XSD Changes | No |
Input ParametersInput Parameters
The following parameter is applicable to this API.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| controlId | Mandatory | integer | Specify the Control ID. |
Sample: Show Details of CIS Control Sample: Show Details of CIS Control
API Request
curl -X 'GET' \ '<qualys_base_url>/csapi/v1.3/k8s_postures/control/45026' \ -H 'accept: application/json' \ -H 'Authorization: Bearer <token>'
API Response
{
"remediation": "Remove hostPath mounts unless they are absolutely necessary and use exception mechanism to remove notifications.",
"policyNames": [
"Kubernetes Best Practices",
"Azure Kubernetes Service (AKS) Best Practices",
"Red Hat OpenShift Container Platform Best Practices",
"AWS Elastic Kubernetes Service (EKS) Best Practices",
"Google Kubernetes Engine (GKE) Best practices"
],
"cid": 45026,
"controlName": "HostPath mount",
"controlCriticality": "HIGH",
"services": null,
"category": "SYSTEM DEFINED",
"evaluation": null,
"rationale": null,
"specification": "Mounting host directory to the container can be used by attackers to get access to the underlying host. This control identifies all the pods using hostPath mount."
}
New API: Show Resource Control Posture Evidence
| New or Updated APIs | New |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/k8s_postures/control/{controlId}/evidence |
| Method | GET |
| DTD XSD Changes | No |
Input ParametersInput Parameters
The following parameters are applicable to this API.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| controlId | Mandatory | integer | Specify the Control ID. |
| resourceUid | Mandatory | integer | Specify UID of the recource of which you want to find evidence. |
| clusterUid | Mandatory | integer | Specify Cluster UID. |
Sample: Show Resource Control Posture Evidence Sample: Show Resource Control Posture Evidence
API Request
curl -X 'GET' \ '<qualys_base_url>/csapi/v1.3/k8s_postures/control/45026/evidence?resourceUid=464bc0f7-6d88-4765-b86e-85f4d41d0c1a&clusterId=957e3031-c6d1-4a00-9c7e-6406e1bc3bcb' \ -H 'accept: application/json' \ -H 'Authorization: Bearer <token>
API Response
[
{
"ruleName": "alert-any-hostpath",
"status": "FAIL",
"lastEvaluated": "Fri Apr 11 05:02:05 GMT 2025",
"failedPaths": [
"spec.template.spec.containers[0].volumeMounts[0]",
"spec.template.spec.containers[0].volumeMounts[1]",
"spec.template.spec.containers[0].volumeMounts[2]",
"spec.template.spec.volumes[0]",
"spec.template.spec.volumes[1]",
"spec.template.spec.volumes[2]"
],
"deletePaths": [
"spec.template.spec.containers[0].volumeMounts[0]",
"spec.template.spec.containers[0].volumeMounts[1]",
"spec.template.spec.containers[0].volumeMounts[2]",
"spec.template.spec.volumes[0]",
"spec.template.spec.volumes[1]",
"spec.template.spec.volumes[2]"
],
"reviewPaths": null,
"fixPaths": null
}
]
Support 'First Detected' Information in Container Vulnerability Report
Earlier, 'firstDetected' column was introduced in 'Image Vulnerability' report template. With this release, the same column is now available under 'Container Vulnerability' report template. To support this feature, the following APIs are updated.
- Fetch a List of Reports -
GET /csapi/v1.3/reports - Create a Report Request -
POST /csapi/v1.3/reports - Create a Report Schedule -
POST /csapi/v1.3/reports/schedule - Update an Active Report Schedule -
PUT /csapi/v1.3/reports/schedule/{reportingScheduleId}
Updated API: Fetch a List of Reports
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/reports |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch a List of ReportsSample: Fetch a List of Reports
API Request
curl -X GET
"<qualys_base_url>/csapi/v1.3/reports?pageNumber=1&pageSize=50"
-H 'accept: application/json' \
-H "Authorization: Bearer <token>"
API Response
In the response below, see firstDetected value in displayColumns parameter introduced for 'CS_CONTAINER_VULNERABILITY' template.
{
"data": [
{
"reportUuid": "7e71ecb0-0314-11f0-9274-53256e39b1ae",
"createdAt": "2025-03-17T09:45:00.000Z",
"reportName": "Recurring_withFirstDetected",
"description": "test",
"fileFormat": "csv",
"templateName": "CS_CONTAINER_VULNERABILITY",
"status": "COMPLETED",
"isScheduled": 1,
"filter": "containerId:edc01607bc33",
"displayColumns": [
"containerId",
"qid",
"severity",
"firstDetected"
],
"expireOn": "2025-06-15T09:45:00.000Z",
"emailNotification": 1,
"recipient": "achandanshive@qualys.com",
"emailSubject": "Qualys: Recurring_withFirstDetected",
"customMessage": "test",
"sendAsAttachment": 0,
"fileZipped": 1,
"expireAfter": 90
},
{
"reportUuid": "a7ca7290-0313-11f0-9274-53256e39b1ae",
"createdAt": "2025-03-17T09:39:00.000Z",
"reportName": "SingleOccurance_withFirstDetected",
"description": "test",
"fileFormat": "csv",
"templateName": "CS_CONTAINER_VULNERABILITY",
"status": "COMPLETED",
"isScheduled": 1,
"filter": "containerId:edc01607bc33",
"displayColumns": [
"containerId",
"qid",
"severity",
"firstDetected"
],
"expireOn": "2025-06-15T09:39:00.000Z",
"emailNotification": 1,
"recipient": "achandanshive@qualys.com",
"emailSubject": "Qualys: SingleOccurance_withFirstDetected",
"customMessage": "test",
"sendAsAttachment": 1,
"fileZipped": 1,
"expireAfter": 90
},
{
"reportUuid": "1427f3f0-0313-11f0-9274-53256e39b1ae",
"createdAt": "2025-03-17T09:34:52.000Z",
"reportName": "RunNow_FirstDetected",
"description": "test1",
"fileFormat": "csv",
"templateName": "CS_CONTAINER_VULNERABILITY",
"status": "COMPLETED",
"isScheduled": 0,
"filter": "containerId:edc01607bc33",
"displayColumns": [
"containerId",
"qid",
"severity",
"firstDetected"
],
"expireOn": "2025-06-15T09:34:52.000Z",
"emailNotification": 1,
"recipient": "achandanshive@qualys.com,surkadam@qualys.com",
"emailSubject": "Qualys: RunNow_FirstDetected",
"customMessage": "test1",
"sendAsAttachment": 0,
"fileZipped": 1,
"expireAfter": 90
},
{
"reportUuid": "3ad67dd0-0004-11f0-a654-e759a2132d7b",
"createdAt": "2025-03-13T12:11:01.000Z",
"reportName": "a",
"description": null,
"fileFormat": "csv",
"templateName": "CS_CONTAINER_VULNERABILITY",
"status": "COMPLETED",
"isScheduled": 1,
"filter": null,
"displayColumns": [
"containerId",
"tags",
"qid",
"clusterName",
"podNameSpace",
"podName",
"nodeName"
],
"expireOn": "2025-03-20T12:11:01.000Z",
"emailNotification": 0,
"recipient": "",
"emailSubject": "",
"customMessage": "",
"sendAsAttachment": 0,
"fileZipped": 0,
"expireAfter": 7
},
{
"reportUuid": "79a38e10-ffda-11ef-a654-e759a2132d7b",
"createdAt": "2025-03-13T07:12:08.000Z",
"reportName": "single_occ",
"description": null,
"fileFormat": "csv",
"templateName": "CS_CONTAINER_VULNERABILITY",
"status": "COMPLETED",
"isScheduled": 1,
"filter": "containerId:edc01607bc33",
"displayColumns": [
"containerId",
"lastScanned",
"qid",
"firstDetected"
],
"expireOn": "2025-03-20T07:12:08.000Z",
"emailNotification": 0,
"recipient": "",
"emailSubject": "",
"customMessage": "",
"sendAsAttachment": 0,
"fileZipped": 0,
"expireAfter": 7
},
{
"reportUuid": "eb989610-ffd4-11ef-a654-e759a2132d7b",
"createdAt": "2025-03-13T06:32:22.000Z",
"reportName": "test_CMS-27128",
"description": null,
"fileFormat": "csv",
"templateName": "CS_CONTAINER_VULNERABILITY",
"status": "COMPLETED",
"isScheduled": 0,
"filter": "containerId:edc01607bc33",
"displayColumns": [
"containerId",
"qid",
"severity",
"firstDetected",
"clusterName",
"podNameSpace",
"podName",
"nodeName"
],
"expireOn": "2025-03-20T06:32:22.000Z",
"emailNotification": 0,
"recipient": "",
"emailSubject": "",
"customMessage": "",
"sendAsAttachment": 0,
"fileZipped": 0,
"expireAfter": 7
}
],
"count": 6
}
Updated API: Create a Report Request
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/reports |
| Method | POST |
| DTD XSD Changes | No |
Input ParametersInput Parameters
With this release, the firstDetected value in displayColumns parameter is introduced for 'CS_CONTAINER_VULNERABILITY' template.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| displayColumns | Optional | string | Specify the columns to include in the report. Multiple columns should be comma-separated. With this release, for 'CS_Container_Vulnerability' report template, firstDetected value is supported. |
Sample: Create a Report Request Sample: Create a Report Request
API Request
curl -X 'POST' \
'<qualys_base_url>/csapi/v1.3/reports' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '{
"name": "TESTAPI",
"description": "",
"templateName": "CS_CONTAINER_VULNERABILITY",
"filter": null,
"format": "csv",
"reportScheduleDetails": null,
"expireAfter": 7,
"secondFilter": "",
"displayColumns": [
"name",
"containerId",
"firstDetected",
"severity"
],
"zip": 0,
"emailNotification": 0
}'
API Response
{
"reportUuid": "4cd3fb10-0316-11f0-a654-e759a2132d7b"
}
Updated API: Create a Report Schedule
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/reports/schedule |
| Method | POST |
| DTD XSD Changes | No |
Input ParametersInput Parameters
With this release, the firstDetected value in displayColumns parameter is introduced for 'CS_CONTAINER_VULNERABILITY' template.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| displayColumns | Optional | string | Specify the columns to include in the report. Multiple columns should be comma-separated. With this release, for 'CS_Container_Vulnerability' report template, firstDetected value is supported. |
Sample: Create a Report ScheduleSample: Create a Report Schedule
API Request
curl -X 'POST' \
'<qualys_base_url>/csapi/v1.3/reports/schedule' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token> ' \
-H 'Content-Type: application/json' \
-d '{
"name": "SCHEDTESTAPI",
"description": "",
"templateName": "CS_CONTAINER_VULNERABILITY",
"filter": null,
"format": "csv",
"reportScheduleDetails": {
"recurrenceType": "DAILY",
"selectedDayOfWeeks": null,
"monthlyType": null,
"ordinalDayOfMonth": 1,
"dayOfWeek": null,
"ordinalDayOfWeek": null
},
"expireAfter": 7,
"secondFilter": "",
"displayColumns": [
"name",
"containerId",
"firstDetected",
"qid"
],
"zip": 0,
"e-mail notification": 0,
"eventEndTime": "2025-03-18T16:34:00Z",
"action": "CREATE",
"eventTime": "2025-03-17T10:20:00Z"
}'
API Response
{
"scheduleUuid": "310ab890-0318-11f0-9274-53256e39b1ae"
}
Updated API: Update an Active Report Schedule
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/reports/schedule/{reportingScheduleId} |
| Method | PUT |
| DTD XSD Changes | No |
Input ParametersInput Parameters
With this release, the firstDetected value in displayColumns field introduced for 'CS_CONTAINER_VULNERABILITY' template.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| displayColumns | Optional | string | Specify the columns to include in the report. Multiple columns should be comma-separated. With this release, for 'CS_Container_Vulnerability' report template, firstDetected value is supported. |
Sample: Update an Active Report ScheduleSample: Update an Active Report Schedule
API Request
curl -X 'PUT' \
'<qualys_base_url>/csapi/v1.3/reports/schedule/310ab890-0318-11f0-9274-53256e39b1ae' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>
-H 'Content-Type: application/json' \
-d '{
"name": "SCHEDTESTAPI",
"description": "",
"templateName": "CS_CONTAINER_VULNERABILITY",
"filter": null,
"format": "csv",
"reportScheduleDetails": {
"recurrenceType": "DAILY",
"selectedDayOfWeeks": null,
"monthlyType": null,
"ordinalDayOfMonth": 1,
"dayOfWeek": null,
"ordinalDayOfWeek": null
},
"expireAfter": 7,
"secondFilter": "",
"displayColumns": [
"name",
"containerId",
"firstDetected",
"qid",
"hostArchitecture"
],
"zip": 0,
"e-mail notification": 0,
"eventEndTime": "2025-03-18T16:34:00Z",
"action": "CREATE",
"eventTime": "2025-03-17T10:45:00Z"
}'
API Response
{
"message": "Details updated successfully for reportScheduleId 310ab890-0318-11f0-9274-53256e39b1ae"
}
Ability to Block Older Images in Centralized Admission Controller Policy
Container Security has introduced a new rule and rule type in Centralized Policy Management. With the help of this rule, you can now block older images in your account.
The new rule is applicable only to the 'Admission Controller' policies.
The following APIs are updated for this feature.
- Show Details of a Centralized Policy -
GET /csapi/v1.3/centralizedPolicy/{policyId} - Create a Centralized Policy -
POST /csapi/v1.3/centralizedPolicy - Update a Centralized Policy -
PUT /csapi/v1.3/centralizedPolicy/{policyId}
Updated API: Show Details of a Centralized Policy
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/centralizedPolicy/{policyId} |
| Method | GET |
| DTD XSD Changes | No |
Output ParametersOutput Parameters
The table below shows the updated response parameters.
|
Parameter |
Data Type |
Description |
|---|---|---|
| name | array | Indicates array for the centralized policy rules to be included. New rule: - Block Older Images |
| type | string | A part of 'centralized PolicyRules' array. Indicates policy rule type. Is available only if the particular rule is set and enabled for the policy. New value: - IMAGESCAN_VULN_RESTRICTED_OLDER_IMAGES |
Sample: Show Details of a Centralized PolicySample: Show Details of a Centralized Policy
API Request
curl -X 'GET' \ '<qualys_base_url>/csapi/v1.3/centralizedPolicy/05feab62-10d2-4e2a-8875-c5b0d32160f0'\ -H 'accept: application/json' \ -H 'Authorization: Bearer <token>
API Response for a Centralized Admission Controller Policy
{
"uuid": "05feab62-10d2-4e2a-8875-c5b0d32160f0",
"policyName": "CPM Block older image demo",
"policyType": "K8S_ADMISSION_CONTROLLER",
"policyMode": "ACTIVE",
"description": "CPM Block older image demo",
"createdBy": "john_doe",
"created": "1741858693801",
"updatedBy": "john_doe",
"updated": "1741869341208",
"centralizedPolicyRules": [
{
"name": "Block Older Images",
"type": "IMAGESCAN_VULN_RESTRICTED_OLDER_IMAGES",
"action": "FAIL",
"isEnabled": true,
"stopProcessing": false,
"sortOrder": 0,
"metaData": "{\"value\":1000}",
"kind": "IMAGE_SECURITY"
}
],
"exclusionPolicyRules": [],
"version": 3,
"isDefault": false,
"tagIds": null,
"k8sFilters": [
{
"cluster": null,
"namespace": {
"namespaceUuid": null,
"namespaceValue": "block_older_image",
"clusterUid": "f8c3de3d-1fea-4d7c-a8b0-29f63c4c3454"
}
}
]
}
Updated API: Create a Centralized Policy
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/centralizedPolicy |
| Method | POST |
| DTD XSD Changes | No |
Input ParametersInput Parameters
The Input Parameters below show the updated parameters used for creating a Centralized Admission Controller Policy.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| name | Mandatory | array | Indicates array for the centralized policy rules to be included. New rule: - Block Older Images |
| type | Mandatory | string
|
A part of 'centralized PolicyRules' array. Indicates policy rule type. Is available only if the particular rule is set and enabled for the policy. New value: - IMAGESCAN_VULN_RESTRICTED_OLDER_IMAGES |
| metaData | Mandatory | integer | Indicates age of the image in days. For example, 180. |
Sample: Create a Centralized PolicySample: Create a Centralized Policy
API Request for a Centralized Admission Controller Policy
curl -X 'POST' \
'<qualys_base_url>/csapi/v1.3/centralizedPolicy' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '{
"policyName":"Testing 123",
"description":"",
"centralizedPolicyRules":
[
{
"name":"Block Older Images",
"type":"IMAGESCAN_VULN_RESTRICTED_OLDER_IMAGES",
"isEnabled":true,
"stopProcessing":false,
"order":0,
"kind":"IMAGE_SECURITY",
"metaData":{"value":180},
"action":"FAIL"
}
],
"exclusionPolicyRules":[],
"policyMode":"ACTIVE",
"policyType":"K8S_ADMISSION_CONTROLLER",
"isDefault":false,
"tagIds":[],
"k8sFilters":
[
{"cluster":
{"clusterUid":"a883e610-428d-4355-8a19-7aef2cf4afde",
"clusterName":"cluster24"
},
"namespace":null
}
]
}'
API Response
{
"uuid": "abe4ed1b-fa12-4118-a3aa-aa944d593e73"
}
Updated API: Update a Centralized Policy
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/centralizedPolicy/{policyId} |
| Method | PUT |
| DTD XSD Changes | No |
Input ParametersInput Parameters
The Input Parameters below show the updated parameters used for updating a Centralized Admission Controller Policy.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| name | Mandatory | array | Indicates array for the centralized policy rules to be included. New rule: - Block Older Images |
| type | Mandatory | string
|
A part of 'centralized PolicyRules' array. Indicates policy rule type. Is available only if the particular rule is set and enabled for the policy. New value: - IMAGESCAN_VULN_RESTRICTED_OLDER_IMAGES |
| metaData | Mandatory | integer | Indicates age of the image in days. For example, 180. |
Samples: Update a Centralized PolicySamples: Update a Centralized Policy
API Request for a Centralized Admission Controller Policy
curl -X 'PUT' \
'<qualys_base_url>/csapi/v1.3/centralizedPolicy/462c9a8e-0114-42d0-8a89-a6edd0d0c52b' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '{
"uuid":"abe4ed1b-fa12-4118-a3aa-aa944d593e73",
"policyName":"Testing 123",
"policyType":"K8S_ADMISSION_CONTROLLER",
"policyMode":"ACTIVE",
"description":"",
"createdBy":"john_doe",
"created":"1742186741989",
"updatedBy":"john_doe",
"updated":"1742186741989",
"centralizedPolicyRules":
[{"name":"Block Older Images",
"type":"IMAGESCAN_VULN_RESTRICTED_OLDER_IMAGES",
"action":"FAIL",
"isEnabled":true,
"stopProcessing":false,
"sortOrder":0,
"metaData":{"value":30},
"kind":"IMAGE_SECURITY"}],
"exclusionPolicyRules":[],
"version":1,
"isDefault":false,
"tagIds":[],
"k8sFilters":[
{"cluster":
{"clusterUid":"a883e610-428d-4355-8a19-7aef2cf4afde",
"clusterName":"cluster26"},
"namespace":null}],
"hasDeprecatedRulesPresent":false
}'
API Response
{
"policyUUID ": "abe4ed1b-fa12-4118-a3aa-aa944d593e73"
}
Support for Vulnerability Propagation
With this release, Qualys Container Security APIs can inform you about propagated vulnerabilities in your account. 'Vulnerability Propagation' refers to how a vulnerability in one part of a system (like software, hardware, or a network) can spread or affect other parts of that system.
The following APIs provide propagated vulnerability details.
- Fetch a List of Containers in Your Account -
GET csapi/v1.3/containers - Fetch Container Details -
GET csapi/v1.3/containers/{containerSha} - Fetch a List of Containers (Bulk API) -
GET csapi/v1.3/containers/list
Updated API: Fetch a List of Containers in your Account
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/containers |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch a List of Containers in your AccountSample: Fetch a List of Containers in your Account
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/containers?pageNumber=1&pageSize=50&sort=created%3Adesc' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
API Response
The response of this API is updated with 'vulnPropagationDate' and 'isVulnPropagated' parameters.
{
"data": [
"imageId": "b798104c002a",
"created": "1721713977000",
"updated": "1721714109665",
"sha":
"d838bcb622a003b767ace31039475f37a5d34f093f8de82a71536f3fcfcb839e",
"uuid": "051a684a-9bad-3cb1-bf28-91084ee6e024",
"name": "test-vul-propogation",
"host": null,
"state": "DELETED",
"imageUuid": "fbdc0a10-7186-3439-8712-2db20df179e6",
"containerId": "d838bcb622a0",
"stateChanged": "1721714102790",
"lastVmScanDate": null,
"isRoot": null,
"vulnerabilities": {
"severity5Count": 6,
"severity3Count": 2,
"severity4Count": 4,
"severity1Count": null,
"severity2Count": 3
},
"exceptions": null,
{
"riskScore": 258,
"riskScoreCalculatedDate": "1723567125904",
"formulaUsed": "MIN (1000 , 2 * ( 1.0 * 64.70 * Pow(10,0.01) + 0.6 * 60.04 * Pow(26,0.01) + 0.4 * 44.35 * Pow(147,0.01) + 0.2 * 36.20 *Pow(5,0.01) ))",
"maxQdsScore": 95,
"qdsSeverity": "CRITICAL",
}
"scanTypes": null,
"cluster":
{
"name": "kubernetes-admin",
"uid": "bdc0d232-38af-46f9-b188-06cb61c928af"
},
"criticality": 3,
"criticalityUpdated": "1717098843553",
"vulnPropagationDate": "1743148605300",
"isVulnPropagated": true,
"compliance": {
"failCount": 0,
"passCount": 0,
"errorCount": 0
},
"lastComplianceScanDate": null
},
],
"count": 1
}
Updated API: Fetch Container Details
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/containers/{containerSha} |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch Containers DetailsSample: Fetch Containers Details
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/containers/fd00f5df938fdfae4675063ff5b507a8c3229c07368890da7157bbda3303c15e' \
-H 'accept: application/json'
-H 'Authorization: Bearer <token>'
API Response
The response of this API is updated with 'vulnPropagationDate' and 'isVulnPropagated' parameters.
{
"portMapping": null,
"imageId": "3acfa0195040",
"created": "1724220796000",
"updated": "1724329261476",
"label": null,
"uuid": "a223de44-1871-3470-b575-fc0ff52453f7",
"sha": "42dd6168e45c6d7f7ab3043d7942d50ac8db0230066350d3c6dd9e53b30c5e91",
"privileged": false,
"path": null,
"imageSha": "3acfa01950409618705f07e1cc86f29f10ebcf548fe4fb4a7b83abe5bbc6b515",
"macAddress": null,
"customerUuid": "7a00a660-36bb-f02b-8025-9fcf49faf0b7",
"ipv4": null,
"ipv6": null,
"name": "spring-1",
"host": null,
"hostArchitecture": [
"x86_64"
],
"state": "RUNNING",
"imageUuid": "0ba3ff46-5336-3494-84a4-ee981675963c",
"containerId": "42dd6168e45c",
"stateChanged": "1724243635787",
"services": null,
"users": null,
"operatingSystem": null,
"lastScanned": null,
"source": "CLUSTER",
"riskScore": null,
"riskScoreCalculatedDate": null,
"formulaUsed": null,
"maxQdsScore": null,
"qdsSeverity": null,
"scanTypes": null,
"criticality": null,
"criticalityUpdated": null,
"vulnPropagationDate": "1743148605300",
"isVulnPropagated": true,
"sensorUuid": "197ddd8b-d4d2-4821-bf73-005347bc933a",
"environment": null,
"arguments": null,
"command": "null",
"drift": null,
"vulnerabilities": [
{ "severity5Count": 6,
"severity3Count": 2,
"severity4Count": 4,
"severity1Count": null,
"severity2Count": 3 },
],
"softwares": null,
"isDrift": false,
"isRoot": null,
"lastComplianceScanned": null,
"cluster": {
"type": "KUBERNETES",
"k8s": {
"project": null,
"pod": {
"name": "spring-1",
"uuid": "4a7d3fc3-de97-44eb-85d3-5f661a175337",
"namespace": "default",
"namespaceMetadata": {
"labels": [
"kubernetes.io/metadata.name:default"
],
"annotations": [
"kubernetes.io/metadata.name:test",
"kubernetes.io/metadata.name:default"
]
},
"label": null,
"controller": null
},
"node": {
"name": null,
"isMaster": null
}
},
"name": "kubernetes-admin",
"uid": "bdc0d232-38af-46f9-b188-06cb61c928af",
"version": null
},
"cloudProvider": {
"aws.ecs.container.subnetId": null,
"aws.eks.accountId": "362440600222",
"aws.ecs.clusterName": null,
"aws.ecs.container.macAddress": null,
"aws.ecs.region.code": null,
"aws.ecs.container.id": null,
"aws.ecs.accountId": null,
"aws.eks.arn": "arn:aws:sts::362440600222:assumed-role/AmazonSSMRoleForInstancesQuickSetup/i-0921342848h431ef8",
"aws.eks.region": "us-east-1"
},
"exceptions": null,
"k8sExposure": null
}
Updated API: Fetch a List of Containers (Bulk API)
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/containers/list |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch a List of Containers (Bulk API)Sample: Fetch a List of Containers (Bulk API)
API Request
curl -X 'GET' '<qualys_base_url>/csapi/v1.3/containers/647ae732d98e1bcceb7b02356bd7e873eef13c5916c3a1e9d95700ab893cc09f' \ -H 'accept: application/json' \ -H Authorization: Bearer <Token>
API Response
The response of this API is updated with 'vulnPropagationDate' and 'isVulnPropagated' parameters.
{
"data": [
{
"portMapping": null,
"imageId": "ca2b0f26964c",
"created": "1710410237000",
"updated": "1724328658730",
"label": [
{
"key": "org.opencontainers.image.ref.name",
"value": "ubuntu"
},
{
"key": "org.opencontainers.image.version",
"value": "22.04"
}
],
"uuid": "c4cbf8f2-692f-3587-b366-7c71b47ba738",
"sha": "5dc4b9f325eb98b0ba589be9e3f653bacd5a35a00707579c80f72913c2892f3b",
"privileged": false,
"path": "/bin/bash",
"imageSha": "ca2b0f26964cf2e80ba3e084d5983dab293fdb87485dc6445f3f7bbfc89d7459",
"macAddress": "",
"customerUuid": "af24ca38-27a8-6bd9-8241-5ec3c9eecdb5",
"ipv4": null,
"ipv6": null,
"name": "practical_yalow",
"host": {
"sensorUuid": "75e30f2f-05f5-413f-9baf-0095b39347ad",
"hostname": "localhost.localdomain",
"ipAddress": "10.***.9*.**",
"uuid": "62fe1baa-0311-0002-ca34-0050568cd03b",
"lastUpdated": "2024-08-22T10:52:22.065Z"
},
"hostArchitecture": [
"x86_64"
],
"state": "UNKNOWN",
"imageUuid": "27b4826f-c917-3fbd-97e0-580a30911409",
"containerId": "5dc4b9f325eb",
"stateChanged": "1724328658594",
"services": null,
"users": root,
"operatingSystem": null,
"lastScanned": null,
"source": "GENERAL",
"riskScore": 258,
"riskScoreCalculatedDate": 1722355883371,
"formulaUsed": "MIN (1000 , 2 * ( 1.0 * 64.70 * Pow(10,0.01) + 0.6 *60.04 * Pow(26,0.01) + 0.4 * 44.35 * Pow(147,0.01) + 0.2 * 36.20 *Pow(5,0.01) ))",,
"maxQdsScore": 87,
"qdsSeverity": CRITICAL,
"scanTypes": null,
"criticality": 3,
"criticalityUpdated": 1717098843553,
"vulnPropagationDate": "1743148605300",
"isVulnPropagated": true,
"environment": [
"HTTPS_PROXY=http://10.xxx.27.xx:3xx8",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"arguments": null,
"command": "/bin/bash",
"drift": null,
"vulnerabilities": {
"severity5Count": 6,
"severity3Count": 2
},
"softwares": null,
"isDrift": false,
"isRoot": true,
"isExposedToWorld": null,
"cluster": null
},
],
"limit": 1
}