Release 1.39 API

July 07, 2025

Before understanding the API release highlights, learn more about the API server URL to be used in your API requests by referring to the Know Your Qualys API Server URL section. For this API Release Notes, <qualys_base_url> is mentioned in the sample API requests. 

With the Container Security 1.39 release, the following enhancements in APIs are made.

 

Continuous Assessment of Images

With this release, CS supports Continuous Assessment of images. As a result, the Response section of some Image APIs shows the following fields. To know more about Continuous Assessment of the images, refer to Container Security 1.39 Release Notes.

Parameter

 Description

source Indicates type of the scan source. With this release, a new value CONTINUOUS_ASSESSMENT is introduced which indicates that the image type is marked for Continuous Assessment.
Valid values: GENERAL, REGISTRY, CICD, CONTINUOUS_ASSESSMENT, and so on.
isContinuouslyAssessed Specify if the image is continuously assessed.
Valid values:
true - The image is marked for its continuous assessment.
false - The image is not marked for continuous assessment.
lastAssessed Indicates the time (EPOCH) at which the image was assessed for the last time.
Example: 1746677220581


The following APIs are updated to support this feature. 

  • Fetch Image Details -
    GET /csapi/v1.3/images/{imageSha}
  • Fetch a List of Images (Bulk API) -
    GET /csapi/v1.3/images/list
  • Fetch a List of Images in your account -
    GET /csapi/v1.3/images

 

Updated API: Fetch Images Details

New or Updated APIs Updated
API Endpoint (New version) /csapi/v1.3/images/{imageSha}
Method GET
DTD XSD Changes No
Sample: Fetch Image DetailsSample: Fetch Image Details

API Request

    curl -X 'GET'
'<qualys_base_url>/csapi/v1.3/images/fa7c845c82ad89b542233b42712cf419b409f6b8b28464c441d6e2645f563bd5' \
-H 'accept: application/json' \
-H Authorization: Bearer <Token> \
-H 'Content-Type: application/json' 

API Response 

 {
    "created": "1603477517000",
    "updated": "1605017537578",
    "lastUsedDate;: "1716251515814",
    "author": "Couchbase Docker Team <docker@couchbase.com>",
    "repo": [
        {
            "registry": "docker.io",
            "tag": "latest",
            "repository": "couchbase"
        }
    ],
    "repoDigests": [
        {
            "registry": "docker.io",
            "digest": "1d811b3c382893f70f0cc0f2371a12d3671c1d5175bcc67e8c2a5c0bf4c8f976",
            "repository": "couchbase"
        }
    ],
    "label": null,
    "uuid": "5d48f83b-cddb-33ac-8fad-e8452dd116b1",
    "sha": "c64844065dcbc3d0a90c365c1f56421766a5cebf05f7ecbd3377af410fff09fd",
    "operatingSystem": "Ubuntu Linux 16.04.7",
    "customerUuid": "192cc974-1e44-cb6c-806e-f78f6441cb0d",
    "dockerVersion": "18.09.7",
    "size": 1183790011,
    "layers": [
        {
            "size": "0",
            "createdBy": "rm -rf-rt /var/lib/apt/lists/*",
            "created": "1603474389000",
            "comment": "",
            "id": null,
            "sha": null,
            "tags": null
        },
        {
            "size": "1930",
            "createdBy": "COPY file:d816a67f62bfba76d2812cefbe92252afa13f3852775c3e68599df7741e90cb7 in / ",
            "created": "1603477517000",
            "comment": "",
            "id": null,
            "sha": null,
            "tags": null
        }
    ],
    "host": [
        {
            "sensorUuid": "fed79006-2fa9-4b67-8f5a-272b4e02f084",
            "hostname": "host.acme.com",
            "ipAddress": "10.**.2*.*0",
            "uuid": "6ba5be85-2758-4f44-814a-b690c9ed23ee",
            "lastUpdated": "2020-11-10T14:10:29.218Z"
        }
    ],
    "architecture": "amd64",
    "imageId": "c64844065dcb",
    "lastVmScanDate": "1605017537578",
    "registryUuid": null,
    "source": [ "GENERAL", "REGISTRY", "CONTINUOUS_ASSESSMENT" ], 
    "totalVulCount": "0",
    "users": [
        "root"
    ],
    "isDockerHubOfficial": null,
    "isInstrumented": null,
    "instrumentedFrom": null,
    "instrumentationState": null,
    "scanType": "DYNAMIC",
    "scanTypes": [
        "DYNAMIC"
    ],
    "scanErrorCode": null,
    "scanStatus": "SUCCESS",
    "lastFoundOnHost": {
        "sensorUuid": "fed79006-2fa9-4b67-8f5a-272b4e02f084",
        "hostname": "host.acme.com",
        "ipAddress": "10.**.2*.*0",
        "uuid": "6ba5be85-2758-4f44-814a-b690c9ed23ee",
        "lastUpdated": "2020-11-10T14:10:29.218Z"
    },
    "lastScannedBySensor": "fde436ad-3686-46f9-a2e5-9f7523668d34",
    "scanErrorMessage": "Static: Package manager not found",
    "malware": {
        "imageMalwareCount": 1,
        "malwarePrediction": {
            "prediction": "malicious",
            "score": 1,
            "severity": 3,
            "category": "dropper",
            "family": "mirai"
        }
    },
    "lastMalwareScanned": null,
    "exceptions": [
        "77116d5b-aaa0-4dba-a334-9fe6a6f0dd98"
    ],
    "secrets": [
        {
            "severity": "MEDIUM",
            "filePath": "/root/foo/foo1.txt",
            "layerSha": "7afaca6fd6f46466f2f23f51c647918c7818a431792547db3a7bc033d261a1e3",
            "match": null,
            "startLine": 0,
            "secretType": "Asana Client Secret"
        },
        {
            "severity": "CRITICAL",
            "filePath": "/home/qatest/key/gcp-service-account.json",
            "layerSha": "5bc804df91a229c1f26d254b5247c699c1e1a53673ec1d30e263e7b4bda96beb",
            "match": null,
            "startLine": 0,
            "secretType": "Google (GCP) Service-account"
        }
    ],
  "lastSecretScanned": null,
  "riskScore": null,
  "riskScoreCalculatedDate": null,
  "formulaUsed": null,
  "maxQdsScore": null,
  "qdsSeverity": null,
  "criticality": 3,
  "criticalityUpdated": 1717098843553,
  "baseImage": null,
  "childImagesCount": 0,
  "sbomLayerProcessingTimestamp": null,
  "baseImageProcessingTimestamp": null,
  "isContinuouslyAssessed": true,
  "lastAssessed": "1746677220581"
    "softwares": [
        {
            "name": "libsw5:amd64",
            "version": "6.0+20160213-1ubuntu1",
            "fixVersion": null,
            "vulnerabilities": null
        },
        {
            "name": "libgpg-error0:amd64",
            "version": "1.21-2ubuntu1",
            "fixVersion": null,
            "vulnerabilities": null
        }
    ],
    "vulnerabilities": [],
    "lastComplianceScanned": "1603477517000"
}

 

Updated API: Fetch a List of Images (Bulk API)

New or Updated APIs Updated
API Endpoint (New version) /csapi/v1.3/images/list
Method GET
DTD XSD Changes No
Sample: Fetch a List of Images (Bulk API)Sample: Fetch a List of Images (Bulk API)

API Request

     curl -X "GET"
"<qualys_base_url>/csapi/v1.3/images/list?filter=imagesInUse:'[now-7d ... now]'&limit=2&scanDetails=malware%2C%20secrets"
-H "accept: application/json"
-H "Authorization: Bearer <token>"

API Response 

 {
  "data": [
    {
      "created": "1472581305000",
      "updated": "1724323293607",
      "author": "jack_reader",
      "repo": [
        {
          "registry": "art-hq.abc.com:5001",
          "tag": "fedora22",
          "repository": "multi-os-images"
        },
        {
          "registry": "msftlongregistrytest.azurecr.io",
          "tag": "tag",
          "repository": "test1/test2"
        }
      ],
      "repoDigests": [
        {
          "registry": "docker.io",
          "digest": "dea6d6d845c3eba400289b61444ce193dd3df73f8ac70fb60fb6ed39718e111c",
          "repository": "jr1/alpine-amd64"
        },
        {
          "registry": "docker.io",
          "digest": "d5cce9139f8758171936a033c0625307760026446d4d30f084ff6b52aecc1721",
          "repository": "fedora"
        },
      ],
      "label": [],
      "uuid": "d165a97b-7e10-3f0b-acb9-eac7c39d1532",
      "sha": "01a9fe974dba61470137158fc1987884ea1f2333ae60c7f76562dbae02739ada",
      "operatingSystem": "Fedora 22",
      "customerUuid": "af24ca38-27a8-6bd9-8241-5ec3c9eecdb5",
      "dockerVersion": "1.12.1",
      "size": 188728229,
      "layers": [
        {
          "size": "188728229",
          "createdBy": "ADD file:e14b712e5cfef28691da81e314415790d59685a366414f6be248b871e42d4436 in / ",
          "created": "1472581305000",
          "comment": "",
          "id": "01a9fe974dba",
          "sha": "01a9fe974dba61470137158fc1987884ea1f2333ae60c7f76562dbae02739ada",
          "tags": [
            "ocir.io/baayf/abc:fedora",
            "art-hq.abc.com:5001/multi-os-images:fedora22",
            "jack_reader/alpine-amd64:fedora",
            "fedora:22",
            "ocir.io/baayf/public-1:centos",
            "msftlongregistryandreponametest.azurecr.io/test1/test2:tag"
          ],
          "layerNumber": null,
          "isBaseLayer": null,
          "isEmptyLayer": null
        },
        {
          "size": "0",
          "createdBy": "jack_reader",
          "created": "1472581297000",
          "comment": "",
          "id": null,
          "sha": null,
          "tags": null,
          "layerNumber": null,
          "isBaseLayer": null,
          "isEmptyLayer": null
        }
      ],
      "architecture": "amd64",
      "imageId": "01a9fe974dba",
      "lastScanned": "1724323293607",
      "registryUuid": null,
      "source": [
        "GENERAL",
        "REGISTRY",
        "CONTINUOUS_ASSESSMENT"
      ],
      "users": [],
      "lastFoundOnHost": {
        "sensorUuid": "75e30f2f-05f5-413f-9baf-0095b39347ad",
        "hostname": "localhost.localdomain",
        "ipAddress": "10.115.97.76",
        "uuid": "62fe1baa-0311-0002-ca34-0050568cd03b",
        "lastUpdated": "2024-08-22T10:52:22.065Z"
      },
      "lastUsedDate": null,
      "isDockerHubOfficial": null,
      "scanType": null,
      "scanTypes": [
        "STATIC"
      ],
      "softwares": [
          "name": "rpm-plugin-selinux",
          "version": "4.12.0.1-14.fc22",
          "fixVersion": null,
          "scanType": "STATIC",
          "packagePath": null
        },
        {
          "name": "libuuid",
          "version": "2.26.2-4.fc22",
          "fixVersion": null,
          "scanType": "STATIC",
          "packagePath": null
        },
        {
          "name": "libstdc++",
          "version": "5.3.1-2.fc22",
          "fixVersion": null,
          "scanType": "STATIC",
          "packagePath": null
        },
        {
          "name": "deltarpm",
          "version": "3.6-8.fc22",
          "fixVersion": null,
          "scanType": "STATIC",
          "packagePath": null
        },
      ],
      "vulnerabilities": [
        {
          "qid": 124975,
          "result": null,
          "software": [
            {
              "name": "libssh2",
              "version": "1.5.0-1.fc22",
              "fixVersion": "1.5.0-2.fc22",
              "scanType": "STATIC",
              "packagePath": null
            }
          ],
          "lastFound": "1724323293564",
          "firstFound": "1724323293564",
          "typeDetected": "CONFIRMED",
          "scanType": [
            "STATIC"
          ]
        },
        {
          "qid": 276308,
          "result": null,
          "software": [
            {
              "name": "openssl-libs",
              "version": "1.0.1k-13.fc22",
              "fixVersion": "1.0.1k-14.fc22",
              "scanType": "STATIC",
              "packagePath": null
            }
          ],
          "lastFound": "1724323293570",
          "firstFound": "1724323293570",
          "typeDetected": "CONFIRMED",
          "scanType": [
            "STATIC"
          ]
        },
        {
          "qid": 276113,
          "result": null,
          "software": [
            {
              "name": "openssl-libs",
              "version": "1.0.1k-13.fc22",
              "fixVersion": "1.0.1k-15.fc22",
              "scanType": "STATIC",
              "packagePath": null
            }
          ],
          "lastFound": "1724323293567",
          "firstFound": "1724323293567",
          "typeDetected": "CONFIRMED",
          "scanType": [
            "STATIC"
          ]
        },
      ],
      "malware": null,
      "secrets": null,
      "lastMalwareScanned": null,
      "riskScore": null,
      "riskScoreCalculatedDate": null,
      "maxQdsScore": null,
      "qdsSeverity": null,
      "criticality": 5,
      "criticalityUpdated": 1717098843553,
      "isContinuouslyAssessed": true,
      "lastAssessed": "1746677220581",
    },
    {
      "created": "1490217199000",
      "updated": "1724323252042",
      "author": "",
      "repo": [
        {
          "registry": "docker.io",
          "tag": "latest",
          "repository": "iojs"
        },
        {
          "registry": "dockregtest01.eng.acme.com:5000",
          "tag": "latest",
          "repository": "iojs"
        }
      ],
      "repoDigests": [
        {
          "registry": "docker.io",
          "digest": "e9c867712191ac0d35041268feed489bcaaf9c1169296ca780ba4be03ca4610c",
          "repository": "iojs"
        },
        {
          "registry": "dockregtest01.eng.acme.com:5000",
          "digest": "ebe3fd385e36a8bbfae06e1f8c1e88a4abfce10dbfc4b8b339d3c0df072ee9f4",
          "repository": "iojs"
        }
      ],
      "label": [],
      "uuid": "1ea83c91-0ef9-3c50-9fdc-d7d3551fb59a",
      "sha": "fdab38ea8e39d1bd42b3ef244e6ea4f85a72b41608c6f372bd9de4ba900b4f99",
      "operatingSystem": null,
      "customerUuid": "af24ca38-27a8-6bd9-8241-5ec3c9eecdb5",
      "dockerVersion": "1.12.6",
      "size": 648592935,
      "layers": [
        {
          "size": "0",
          "createdBy": "CMD [\"iojs\"]",
          "created": "1490217199000",
          "comment": "",
          "id": "fdab38ea8e39",
          "sha": "fdab38ea8e39d1bd42b3ef244e6ea4f85a72b41608c6f372bd9de4ba900b4f99",
          "tags": [
            "iojs:latest",
            "dockregtest01.eng.acme.com:5000/iojs:latest"
          ],
          "layerNumber": null,
          "isBaseLayer": null,
          "isEmptyLayer": null
        },
        {
          "size": "0",
          "createdBy": "ENV IOJS_VERSION=3.3.0",
          "created": "1490217194000",
          "comment": "",
          "id": null,
          "sha": null,
          "tags": null,
          "layerNumber": null,
          "isBaseLayer": null,
          "isEmptyLayer": null
        },
        {
          "size": "0",
          "createdBy": "ENV NPM_CONFIG_LOGLEVEL=info",
          "created": "1490217176000",
          "comment": "",
          "id": null,
          "sha": null,
          "tags": null,
          "layerNumber": null,
          "isBaseLayer": null,
          "isEmptyLayer": null
        },
        {
          "size": "322890800",
          "createdBy": "john_doe",
          "created": "1490123534000",
          "comment": "",
          "id": null,
          "sha": null,
          "tags": null,
          "layerNumber": null,
          "isBaseLayer": null,
          "isEmptyLayer": null
        },
      ],
      "architecture": "amd64",
      "imageId": "fdab38ea8e39",
      "lastScanned": null,
      "registryUuid": null,
      "source": [
        "GENERAL",
        "REGISTRY",
        "CONTINUOUS_ASSESSMENT"
      ],
      "users": null,
      "lastFoundOnHost": {
        "sensorUuid": "75e30f2f-05f5-413f-9baf-0095b39347ad",
        "hostname": "localhost.localdomain",
        "ipAddress": "10.***.*7.7*",
        "uuid": "62fe1baa-0311-0002-ca34-0050568cd03b",
        "lastUpdated": "2024-08-22T10:52:22.065Z"
      },
      "lastUsedDate": null,
      "isDockerHubOfficial": null,
      "scanType": null,
      "scanTypes": null,
      "softwares": null,
      "vulnerabilities": null,
      "malware": null,
      "secrets": null,
      "lastMalwareScanned": null,
      "riskScore": null,
      "riskScoreCalculatedDate": null,
      "maxQdsScore": null,
      "qdsSeverity": null
      "criticality": 5,
      "criticalityUpdated": 1717098843553
      "isContinuouslyAssessed": true,
      "lastAssessed": "1746677220581",
    }
  ],
  "limit": 2
}        
         

 

Updated API: Fetch a List of Images in Your Account

New or Updated APIs Updated
API Endpoint (New version) /csapi/v1.3/images
Method GET
DTD XSD Changes No
Sample: Fetch a List of Images in Your AccountSample: Fetch a List of Images in Your Account

API Request

    curl -X GET
"<qualys_base_url>/csapi/v1.3/images?filter=imagesInUse:'[now-7d ... now]'&pageNumber=1&pageSize=50&sort=created%3Adesc"
-H "accept: application/json"
-H "Authorization: Bearer <token>" 

API Response 

    {
  "data": [
    {
      "created": "1746424138000",
      "updated": "1746677220582",
      "lastUsedDate": "1746522959591",
      "sha": "fa7c845c82ad89b542233b42712cf419b409f6b8b28464c441d6e2645f563bd5",
      "repo": [
        {
          "registry": "docker.io",
          "tag": "test4",
          "repository": "continuous_assessment"
        }
      ],
      "repoDigests": null,
      "uuid": "4e73a2d6-c794-354e-b215-6f4c95ffdd99",
      "size": 772697934,
      "vulnerabilities": {
        "severity5Count": 32,
        "severity3Count": 70,
        "severity4Count": 86,
        "severity1Count": 0,
        "severity2Count": 9
      },
      "imageId": "fa7c845c82ad",
      "associatedContainersCount": 1,
      "associatedHostsCount": 2,
      "lastVmScanDate": "1746677220581",
      "registryUuid": null,
      "source": [
        "GENERAL",
        "REGISTRY",
        "CONTINUOUS_ASSESSMENT"
      ],
      "isDockerHubOfficial": false,
      "scanType": null,
      "scanTypes": [
        "SCA",
        "STATIC"
      ],
      "scanErrorCode": null,
      "scanStatus": "SUCCESS",
      "lastFoundOnHost": {
        "sensorUuid": "8d2a23be-c5bf-470f-833b-f5e9bfd68902",
        "hostname": "ip-10-82-11-187",
        "ipAddress": "10.82.11.187",
        "uuid": "2b572df5-a2b1-44bb-ba7d-2409ba2a73f5",
        "lastUpdated": "2025-05-06T06:09:56.207Z"
      },
      "exceptions": null,
      "riskScore": 248,
      "riskScoreCalculatedDate": "1746677220542",
      "maxQdsScore": 100,
      "qdsSeverity": "CRITICAL",
      "lastScannedBySensor": "8d2a23be-c5bf-470f-833b-f5e9bfd68902",
      "scanErrorMessage": null,
      "criticality": 0,
      "criticalityUpdated": "1746425189812",
      "baseImage": "db1141b0252cc593dbc7838571c3eb4cd6043009b0495a6210c74007f0e43697",
      "childImagesCount": 0,
      "sbomLayerProcessingTimestamp": "1746424256307",
      "baseImageProcessingTimestamp": "1746424260455",
      "isContinuouslyAssessed": true,
      "lastAssessed": "1746677220581",
      "compliance": {
        "failCount": 2,
        "passCount": 0,
        "errorCount": 0
      },
      "lastComplianceScanDate": "1746512983198"
    }
  ],
  "count": 1
}   
         

 

Ability to Block Malicious Images

With this release, Container Security can block images having malware in them with the help of Centralized Admission Controller policies. To support this feature, the following APIs are updated. 

  • Show Details of a Centralized Policy  -  
    GET/csapi/v1.3/centralizedPolicy/{policyId}
  • Create a Centralized Policy -
    POST/csapi/v1.3/centralizedPolicy
  • Update a Centralized Policy -
    PUT /csapi/v1.3/centralizedPolicy/{policyId}

 

Updated API: Show Details of a Centralized Policy

New or Updated APIs Updated
API Endpoint (New version) /csapi/v1.3/centralizedPolicy/{policyId}
Method GET
DTD XSD Changes No
Output ParametersOutput Parameters

The table below shows the updated response parameters.

Parameter

Data Type

 Description

name array Indicates array for the centralized policy rules to be included.
New rule:
- Block Images with Malware
type string A part of 'centralized PolicyRules' array. Indicates policy rule type. Is available only if the particular rule is set and enabled for the policy. 
New value:
IMAGESCAN_VULN_RESTRICTED_MALWARE_IMAGES
Sample: Show Details of a Centralized PolicySample: Show Details of a Centralized Policy

API Request

    curl -X 'GET' \
  '<qualys_base_url>/csapi/v1.3/centralizedPolicy/76d024d8-b263-4b64-b630-cec66a31b0c3'\
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>'

API Response for a Centralized Admission Controller Policy

    {
  "uuid": "76d024d8-b263-4b64-b630-cec66a31b0c3",
  "policyName": "CLUSTER",
  "policyType": "K8S_ADMISSION_CONTROLLER",
  "policyMode": "ACTIVE",
  "description": "",
  "createdBy": "john_doe",
  "created": "1722315249509",
  "updatedBy": "john_doe",
  "updated": "1746519217955",
  "centralizedPolicyRules": [
    {
      "name": "Limit Vulnerability using Severity",
      "type": "IMAGESCAN_VULN_SEVERITYCOUNT",
      "action": "FAIL",
      "isEnabled": false,
      "stopProcessing": false,
      "sortOrder": 0,
      "metaData": "{\"operator\":\"GREATER_THAN\",\"severityLevel\":1,\"threshold\":1}",
      "kind": "IMAGE_SECURITY"
    },
    {
      "name": "Block Images with Malware",
      "type": "IMAGESCAN_VULN_RESTRICTED_MALWARE_IMAGES",
      "action": "FAIL",
      "isEnabled": true,
      "stopProcessing": false,
      "sortOrder": 0,
      "metaData": "{}",
      "kind": "IMAGE_SECURITY"
    }
  ],
  "exclusionPolicyRules": [],
  "version": 22,
  "isDefault": false,
  "tagIds": null,
  "k8sFilters": [
    {
      "cluster": {
        "clusterUid": "957e3031-c6d1-4a00-9c7e-6406e1bc3bcb",
        "clusterName": "uk_zone1"
      },
      "namespace": null
    }
  ]
}

 

Updated API: Create a Centralized Policy

New or Updated APIs Updated
API Endpoint (New version) /csapi/v1.3/centralizedPolicy
Method POST
DTD XSD Changes No
Input ParametersInput Parameters

The Input Parameters below show the updated parameters used for creating a Centralized Admission Controller Policy.

Parameter

Mandatory/Optional

Data Type

Description

name Mandatory array Indicates array for the centralized policy rules to be included.
New rule sub-type:
- Block Images with Malware
type Mandatory string A part of 'centralized PolicyRules' array. Indicates policy rule type. Is available only if the particular rule is set and enabled for the policy. 
New value:
IMAGESCAN_VULN_RESTRICTED_MALWARE_IMAGES
Sample: Create a Centralized PolicySample: Create a Centralized Policy

API Request for a Centralized Admission Controller Policy

    curl -X 'POST' \
  '<qualys_base_url>/csapi/v1.3/centralizedPolicy' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>' \
  -H 'Content-Type: application/json' \
  -d '{
  "policyName": "APITest",
  "description": "",
  "centralizedPolicyRules": [
    {
      "name": "Block Images with Malware",
      "type": "IMAGESCAN_VULN_RESTRICTED_MALWARE_IMAGES",
      "isEnabled": true,
      "kind": "IMAGE_SECURITY",
      "metaData": {}
    }
  ],
  "exclusionPolicyRules": [],
  "policyMode": "ACTIVE",
  "policyType": "K8S_ADMISSION_CONTROLLER",
  "isDefault": false,
  "tagIds": [],
  "k8sFilters": [
    {
      "cluster": null,
      "namespace": {
        "clusterUid": "957e3031-c6d1-4a00-9c7e-6406e1bc3bcb",
        "namespaceValue": "check-test"
      }
    }
  ]
}'

API Response 

    { 
"uuid": "9b5f6954-3bf5-4819-b96c-4fffb1d28b9f" 
}

 

Updated API: Update a Centralized Policy

New or Updated APIs Updated
API Endpoint (New version) /csapi/v1.3/centralizedPolicy/{policyId}
Method PUT
DTD XSD Changes No
Input ParametersInput Parameters

The Input Parameters below show the updated parameters used for updating a Centralized Admission Controller Policy.

Parameter

Mandatory/Optional

Data Type

Description

name Mandatory array Indicates array for the centralized policy rules to be included.
New rule sub-type:
- Block Images with Malware
 type Mandatory string

 

A part of 'centralized PolicyRules' array. Indicates policy rule type. Is available only if the particular rule is set and enabled for the policy. 
New value:
IMAGESCAN_VULN_RESTRICTED_malware_IMAGES
Sample: Update a Centralized PolicySample: Update a Centralized Policy

API Request for a Centralized Admission Controller Policy

    curl -X 'PUT' \
  '<qualys_base_url>/csapi/v1.3/centralizedPolicy/9b5f6954-3bf5-4819-b96c-4fffb1d28b9f' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>' \
  -H 'Content-Type: application/json' \
  -d '{
  "policyName": "API-sample",
  "description": "",
  "policyType": "K8S_ADMISSION_CONTROLLER",
  "isDefault": false,
  "centralizedPolicyRules": [
    {
      "name": "Block Images with Malware",
      "type": "IMAGESCAN_VULN_RESTRICTED_MALWARE_IMAGES",
      "isEnabled": true,
      "kind": "IMAGE_SECURITY",
      "metaData": {}
    }
  ],
  "exclusionPolicyRules": [],
  "k8sFilters": [
    {
      "cluster": null,
      "namespace": {
        "clusterUid": "957e3031-c6d1-4a00-9c7e-6406e1bc3bcb",
        "namespaceValue": "check-test"
      }
    },
    {
      "cluster": null,
      "namespace": {
        "clusterUid": "957e3031-c6d1-4a00-9c7e-6406e1bc3bcb",
        "namespaceValue": "kube-public"
      }
    }
  ]
}'

API Response

    {
  "policyUUID ": "9b5f6954-3bf5-4819-b96c-4fffb1d28b9f"
} 

 

Ability to Block Images having Secrets

With this release, Container Security blocks images having secrets in them with the help of Centralized CICD policies. To support this feature, the following APIs are updated. 

  • Show Details of a Centralized Policy  -  
    GET/csapi/v1.3/centralizedPolicy/{policyId}
  • Create a Centralized Policy -
    POST/csapi/v1.3/centralizedPolicy
  • Update a Centralized Policy -
    PUT /csapi/v1.3/centralizedPolicy/{policyId}

 

Updated API: Show Details of a Centralized Policy

New or Updated APIs Updated
API Endpoint (New version) /csapi/v1.3/centralizedPolicy/{policyId}
Method GET
DTD XSD Changes No
Output ParametersOutput Parameters

The table below shows the updated response parameters.

Parameter

Data Type

 Description

name array Indicates array for the centralized policy rules to be included.
New rule sub-type:
- Block Images with Secrets
type string A part of 'centralized PolicyRules' array. Indicates policy rule type. Is available only if the particular rule is set and enabled for the policy. 
New value:
IMAGESCAN_VULN_SECRETS_SEVERITYCOUNT
Sample: Show Details of a Centralized PolicySample: Show Details of a Centralized Policy

API Request

    curl -X 'GET' \
  '<qualys_base_url>/csapi/v1.3/centralizedPolicy/253ebf27-d2f2-4810-b0e6-22d3b97201d0'\
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>'

API Response for Showing a Centralized CI/CD Policy

{
  "uuid": "253ebf27-d2f2-4810-b0e6-22d3b97201d0",
  "policyName": "Demo test",
  "policyType": "CICD",
  "policyMode": "ACTIVE",
  "description": "",
  "createdBy": "john_doe",
  "created": "1746687441028",
  "updatedBy": "john_doe",
  "updated": "1746687441028",
  "centralizedPolicyRules": [
    {
      "name": "secret_rule_cicd",
      "type": "IMAGESCAN_VULN_SECRETS_SEVERITYCOUNT",
      "action": "FAIL",
      "isEnabled": true,
      "stopProcessing": false,
      "sortOrder": 0,
      "metaData": "{\"operator\":\"GREATER_THAN\",\"threshold\":1,\"value\":\"CRITICAL\"}",
      "kind": "IMAGE_SECURITY"
    }
  ],
  "exclusionPolicyRules": [],
  "version": 1,
  "isDefault": false,
  "tagIds": [
    {
      "uuid": "445a9519-a850-413f-848e-207ce409b81b",
      "id": 47734725,
      "name": "apitag",
      "backgroundColor": "#000000",
      "foregroundColor": "#000000",
      "icon": null,
      "criticalityScore": 0,
      "tagType": null
    }
  ],    

 

Updated API: Create a Centralized Policy

New or Updated APIs Updated
API Endpoint (New version) /csapi/v1.3/centralizedPolicy
Method POST
DTD XSD Changes No
Input ParametersInput Parameters

The Input Parameters below show the updated parameters used for creating a Centralized CICD Policy.

Parameter

Mandatory/Optional

Data Type

Description

name Mandatory array Indicates array for the centralized policy rules to be included.
New rule sub-type:
- Block Images with sECRETS
type Mandatory string A part of 'centralized PolicyRules' array. Indicates policy rule type. Is available only if the particular rule is set and enabled for the policy. 
New value:
IMAGESCAN_VULN_SECRETS_SEVERITYCOUNT
Sample: Create a Centralized PolicySample: Create a Centralized Policy

API Request for Creating a Centralized CI/CD Policy

    curl -X 'POST' \
  '<qualys_base_url>/csapi/v1.3/centralizedPolicy' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>' \
  -H 'Content-Type: application/json' \
  -d '{
  "policyName": "Demo test",
  "description": "",
  "policyType": "CICD",
  "centralizedPolicyRules": [
    {
      "name": "secret_rule_cicd",
      "isEnabled": true,
      "type": "IMAGESCAN_VULN_SECRETS_SEVERITYCOUNT",
      "kind": "IMAGE_SECURITY",
      "metaData": {
        "operator": "GREATER_THAN",
        "threshold": 1,
        "value": "CRITICAL"
      }
    }
  ],
  "exclusionPolicyRules": [],
  "policyMode": "ACTIVE",
  "isDefault": false,
  "tagIds": [
    "445a9519-a850-413f-848e-207ce409b81b"
  ],
  "k8sFilters": []
}'

API Response 

    { 
"uuid": "253ebf27-d2f2-4810-b0e6-22d3b97201d0" 
}

 

Updated API: Update a Centralized Policy

New or Updated APIs Updated
API Endpoint (New version) /csapi/v1.3/centralizedPolicy/{policyId}
Method PUT
DTD XSD Changes No
Input ParametersInput Parameters

The Input Parameters below show the updated parameters used for updating a Centralized CICD Policy.

Parameter

Mandatory/Optional

Data Type

Description

name Mandatory array Indicates array for the centralized policy rules to be included.
New rule sub-type:
- Block Images with Secrets
 type Mandatory string

 

A part of 'centralized PolicyRules' array. Indicates policy rule type. Is available only if the particular rule is set and enabled for the policy. 
New value:
IMAGESCAN_VULN_SECRETS_SEVERITYCOUNT
Sample: Update a Centralized PolicySample: Update a Centralized Policy

API Request for Updating a Centralized CI/CD Policy

    curl -X 'PUT' \
  '<qualys_base_url>/csapi/v1.3/centralizedPolicy/9b5f6954-3bf5-4819-b96c-4fffb1d28b9f' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>' \
  -H 'Content-Type: application/json' \
  -d '{
  "policyName": "Demo-API",
  "description": "",
  "policyType": "CICD",
  "isDefault": true,
  "centralizedPolicyRules": [
    {
      "name": "secret_rule_cicd_update",
      "isEnabled": true,
      "type": "IMAGESCAN_VULN_SECRETS_SEVERITYCOUNT",
      "kind": "IMAGE_SECURITY",
      "metaData": {
        "operator": "GREATER_THAN",
        "threshold": 10,
        "value": "LOW"
      }
    }
  ],
  "exclusionPolicyRules": [],
  "k8sFilters": []
}'

API Response

    {
  "policyUUID ": "253ebf27-d2f2-4810-b0e6-22d3b97201d0"
}