Container Security Release 1.41 API
December 02, 2025
Before understanding the API release highlights, learn more about the API server URL to be used in your API requests by referring to the Know Your Qualys API Server URL section. For these API Release Notes, <qualys_base_url> is mentioned in the sample API requests.
With the Container Security 1.41 release, the following enhancements in APIs are made.
- Improvement in Dynamic Tags
- Enhancement in Registry Scan Jobs
- New Parameters in Report Templates
- Image Digest Information in Containers
Improvement in Dynamic Tags
Earlier, dynamic tags were allowed to be created only using Qualys Enterprise TruRisk™ Platform > Container Security. With this release, you can create a dynamic tag using the Container Security APIs. Additionally, you can re-evaluate a Dynamic tag for its existing assets. To support this, the following APIs are introduced.
- Create Dynamic Tags
POST /csapi/v1.3/tag/create - Re-evaluate a Dynamic Tag for Existing Assets
POST /csapi/v1.3/tag/evaluateTags
New API: Create Dynamic Tags
| New or Updated APIs | New |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/tag/create |
| Method | POST |
| DTD XSD Changes | No |
Input ParametersInput Parameters
The Input Parameter below is used for evaluating a dynamic tag for existing assets.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| name | Mandatory | string | Describes the name of the tag you want to evaluate. Example Usage tagName=<name of the dynamic tag>
|
| reevaluate |
Mandatory | boolean | Specify if re-evaluation is needed. Valid values: true or false |
| tagInfoDataList | Mandatory | -- | Specify information about the tag. |
| entityType | Mandatory | string | Describes type of the entity. Valid values: IMAGE or CONTAINER |
| rule | Mandatory | string | Specify the rule value in QQL format that you want to assign to the tag and repective assets (images or containers). |
Sample: Create Dynamic TagSample: Create Dynamic Tag
API Request
curl -X 'POST' \
'<qualys_base_url>/csapi/v1.3/tag/create' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '{
"name": "sample",
"reevaluate": true,
"tagInfoDataList": [
{
"entityType": "IMAGE",
"rule": "image.repo.repository:latest"
}
]
}'
API Response
{
"tagId": 52310803,
"name": "sample",
"backgroundColor": null,
"foregroundColor": null,
"icon": null,
"criticalityScore": null,
"entityTagInfo": [
{
"entityType": "image",
"dynamicTagRule": "image.repo.repository:latest"
}
]
}
New API: Re-evaluate a Dynamic Tag for Existing Assets
| New or Updated APIs | New |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/tag/evaluateTags |
| Method | POST |
| DTD XSD Changes | No |
Input ParametersInput Parameters
The Input Parameter below is used for evaluating a dynamic tag for existing assets.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| tagName | Mandatory | string | Describes the name of the tag you want to re-evaluate for an existing asset. Example Usage tagName=<name of the dynamic tag> |
Sample: Re-evaluate a Dynamic tag for Existing Assets Sample: Re-evaluate a Dynamic tag for Existing Assets
API Request
curl -X 'POST' \
'<qualys_base_url>/csapi/v1.3/tag/evaluateTags/tagName=dynamic123'\
-H 'accept: application/json' \
API Response
200
Enhancement in Registry Scan Jobs
With this release, the 'Scan Jobs' page is renamed to 'Schedules'. Additionally, the 'PENDING IMAGES' column present in this page is removed. To support this feature, the following APIs are introduced.
- Show a List of Executions Created for a Registry Schedule
GET /csapi/v1.3/registry/{registryId}/schedule/{scheduleId}/executions - Show a List of Images to be Scanned for a Registry Schedule Job
GET /csapi/v1.3/registry/{registryId}/schedule/{scheduleId}/executions/{jobId}/images - Show a List of Images to be Scanned for a Bulk API Schedule Job of a Registry
GET /csapi/v1.3/registry/{registryId}/schedule/{scheduleId}/executions/{jobId}/images/bulk
New API: Show a List of Executions Created for a Registry Schedule
| New or Updated APIs | New |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/registry/{registryId}/schedule/{scheduleId}/executions |
| Method | GET |
| DTD XSD Changes | No |
Input ParametersInput Parameters
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| registryId | Mandatory | string | Provide the ID of the registry for which you want to list the executions. |
| scheduleId |
Mandatory | string | Provide the ID of the schedule for which you want to list the executions. |
| filter | Optional | string | Filters the schedules list by providing a Qualys Query Language (QQL). |
| pageNumber | Optional | integer | Indicates the page to be displayed. |
| pageSize | Optional | integer | The number of records to be included per page in the response. |
| sort | Optional | string | Sort the results using a Qualys token. |
Sample: Show a List of Executions Created for a Registry ScheduleSample: Show a List of Executions Created for a Registry Schedule
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/registry/0eca6212-a6db-4ca4-bd2a-a8dd3d62b3eb/schedule/1c4e6622-ed4e-4ea1-8bb8-0a9738b7ec2a/executions?pageNumber=1&pageSize=50' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
API Response
{
"data": [
{
"jobUuid": "e0747952-c1c6-47ad-9735-a908ce8084a7",
"createdTime": "1762518900502",
"listStartTime": "1762585759730",
"listEndTime": "1762585807238",
"listedBy": "3d112f4f-ceb0-4245-9eec-85aa1bfffe5f",
"listingErrors": null,
"status": "Finished",
"totalImages": 1,
"scannedImages": 1,
"failedImages": 0,
"inProgressImages": 0,
"queuedImages": 0
}
],
"count": 1
}
New API: Show a List of Images to be Scanned for a Registry Schedule Job
| New or Updated APIs | New |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/registry/{registryId}/schedule/{scheduleId}/executions/{jobId}/images |
| Method | GET |
| DTD XSD Changes | No |
Input ParametersInput Parameters
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| registryId | Mandatory | string | Provide the ID of the registry for which you want to list the executions. |
| scheduleId |
Mandatory | string | Provide the ID of the schedule for which you want to list the executions. |
| jobId | Mandatory | string | Provide the ID of the Job for which you want to list the images. |
| filter | Optional | string | Filters the schedules list by providing a Qualys Query Language (QQL). |
| pageNumber | Optional | integer | Indicates the page to be displayed. |
| pageSize | Optional | integer | The number of records to be included per page in the response. |
| sort | Optional | string | Sort the results using a Qualys token. |
Sample: Show a List of Images to be Scanned for a Registry Schedule JobSample: Show a List of Images to be Scanned for a Registry Schedule Job
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/registry/0eca6212-a6db-4ca4-bd2a-a8dd3d62b3eb/schedule/1c4e6622-ed4e-4ea1-8bb8-0a9738b7ec2a/executions/227e223f-e3e4-4768-ad5d-508a0d0129f4/images?pageNumber=1&pageSize=50' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>
API Response
{
"data": [
{
"imageId": "sha256:4c95884bc0994a52c6a1dae0cf5d4289cd7f532f051510cbfe59f5e2616294d8",
"repository": "jas45/tmp",
"tags": "139",
"scannedBy": "3d112f4f-ceb0-4245-9eec-85aa1bfffe5f",
"scanStart": "1762587859533",
"scanEnd": "1762588208343",
"scanErrors": null,
"status": "Scanned",
"isContinuouslyAssessed": null
}
],
"count": 1
}
New API: Show a List of Images to be Scanned for a Bulk API Schedule Job of a Registry
| New or Updated APIs | New |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/registry/{registryId}/schedule/{scheduleId}/executions/{jobId}/images/bulk |
| Method | GET |
| DTD XSD Changes | No |
Input ParametersInput Parameters
The Input Parameters below show the updated parameters used for showing a list of Centralized Policies.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| filter | Optional | string | Indicates the policy tag name assigned to the centralized policies. New value: policy.tags.name: <tag name> |
Sample: Show a list of Images to be Scanned for a Bulk API Schedule job of a RegistrySample: Show a list of Images to be Scanned for a Bulk API Schedule job of a Registry
API Request
curl -X 'GET' \ '<qualys_base_url>/csapi/v1.3/registry/0eca6212-a6db-4ca4-bd2a-a8dd3d62b3eb/schedule/1c4e6622-ed4e-4ea1-8bb8-0a9738b7ec2a/executions/227e223f-e3e4-4768-ad5d-508a0d0129f4/images/bulk?limit=50' \ -H 'accept: application/json' \ -H 'Authorization: Bearer <token>
API Response (Truncated)
{
"data": [
{
"imageId": "sha256:087ae3ef328e85ee64e409bcb246b0b66b9ef4ed3dc954e72581e1ec88d9b5ec",
"repository": "rescan-private",
"tags": "image987",
"scannedBy": "f3da1530-3856-4316-8d20-12774d68ae16",
"scanStart": "1763567593074",
"scanEnd": null,
"scanErrors": null,
"status": "InProgress",
"isContinuouslyAssessed": null
},
{
"imageId": "sha256:8e99f22f08193af6a88d32785fe86160248346dceb925cce665cd798d15f4663",
"repository": "rescan-private",
"tags": "image926",
"scannedBy": "f3da1530-3856-4316-8d20-12774d68ae16",
"scanStart": "1763567593039",
"scanEnd": null,
"scanErrors": null,
"status": "InProgress",
"isContinuouslyAssessed": null
},
{
"imageId": "sha256:45dfcc03ef199cb3203931784e176809d4894d213cb6dca06297aa40ea767d18",
"repository": "rescan-private",
"tags": "image222",
"scannedBy": "f3da1530-3856-4316-8d20-12774d68ae16",
"scanStart": "1763567593011",
"scanEnd": null,
"scanErrors": null,
"status": "InProgress",
"isContinuouslyAssessed": null
},
.
.
.
],
"limit": 50
}
New Parameters in Report Templates
With this release, Qualys Container Security introduces eight new parameters under 'CS_IMAGE_VULNERABILITY' and 'CS_CONTAINER_VULNERABILITY' report templates. To support this enhancement, the following API is updated.
Show a List of Executions Created for a Registry Schedule
/csapi/v1.3/reports
Updated API: Create a Report Request
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/reports |
| Method | POST |
| DTD XSD Changes | No |
Input ParametersInput Parameters
The Input Parameters below show the updated parameter used for creating a report request.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| displayColumns | Optional | string |
Specify the columns to include in the report. Multiple columns should be comma-separated. The following column values are newly introduced under 'CS_IMAGE_VULNERABILITY' and 'CS_CONTAINER_VULNERABILITY' report templates.
|
Sample: Create a Report Request Sample: Create a Report Request
API Request to create a report
In the request below, see the new 'displayColumns' values applicable for 'CS_IMAGE_VULNERABILITY' which are used to create a Compliance report.
curl -X 'POST' \
'<qualys_base_url>/csapi/v1.3/reports' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '{
"description": "API test",
"name": "Test2",
"filter": null,
"displayColumns": [
"wormable", "predictedHighRisk", "privilegeEscalation", "unauthenticatedExploitation", "remoteCodeExecution", "ransomware", "solorigateSunburst", "cisaKnownExploitedVulns"
],
"templateName": "CS_IMAGE_VULNERABILITY",
"expireAfter": "1",
"zip": "0",
"emailNotification": "0",
"sendAsAttachment": "0",
"recipient": "[email protected]",
"emailSubject": "Test email subject",
"customMessage": ""
}'
API Response
{
"reportUuid": "73f866d0-c48c-11f0-997e-c5789176c2d5"
}
Image Digest Information in Containers
You can now see Image Digest or Image SHA information in Container Details APIs, using which you can match containers with their images captured from different non-CS-sensor sources.
To support this enhancement, the following APIs are updated.
- Fetch Container Details
GET csapi/v1.3/containers/{containerSha} - Fetch a List of Containers (Bulk API)
GET csapi/v1.3/containers/list
Updated API: Fetch Container Details
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/containers/{containerSha} |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch Container Details Sample: Fetch Container Details
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/containers/48962b094d6dfcdde24d6e099bb43cab60befc8aa8cd70f4791126f04e44297a' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>
API Response
In the Response below, see the newly added 'imageSha' and 'imageDigest' fields.
{
"portMapping": null,
"imageId": null,
"created": "1763857797000",
"updated": "1764028928891",
"label": null,
"uuid": "9f8a1b25-eaa9-3c3a-99fe-4e28501effde",
"sha": "48962b094d6dfcdde24d6e099bb43cab60befc8aa8cd70f4791126f04e44297a",
"privileged": false,
"path": null,
"imageSha": null,
"imageDigest": "553f64aecdc31b5bf944521731cd70e35da4faed96b2b7548a3d8e2598c52a42",
"macAddress": null,
"customerUuid": "18e1d022-0c53-f970-8021-01c7634aed94",
"ipv4": null,
"ipv6": null,
"name": "nginx-container",
"host": {
"sensorUuid": "f6dd3834-38fb-b1f0-1fbb-357550241fe6",
"hostname": "aks-userpool-18894733-vmss000000",
"ipAddress": "10.224.0.6",
"ipV6Address": null,
"uuid": null,
"lastUpdated": "2025-11-25T00:02:08.120Z"
},
"hostArchitecture": [
"amd64"
],
"state": "RUNNING",
"imageUuid": null,
"containerId": "48962b094d6d",
"stateChanged": "1763888582648",
"services": null,
"users": null,
"operatingSystem": null,
"lastScanned": null,
"source": "CLUSTER",
"sources": [
"CLUSTER"
],
"riskScore": null,
"riskScoreCalculatedDate": null,
"formulaUsed": null,
"maxQdsScore": null,
"qdsSeverity": null,
"scanTypes": null,
"criticality": null,
"criticalityUpdated": null,
"isVulnPropagated": null,
"vulnPropagationDate": null,
"sensorUuid": "f6dd3834-38fb-b1f0-1fbb-357550241fe6",
"environment": null,
"arguments": null,
"command": "null",
"drift": null,
"vulnerabilities": [],
"softwares": null,
"isDrift": false,
"isRoot": null,
"lastComplianceScanned": null,
"cluster": {
"type": "KUBERNETES",
"name": "sk-cluster-qlp",
"uid": "ee3ce816-34a8-4880-9f9a-34b2336ef272",
"version": null,
"k8s": {
"project": null,
"pod": {
"name": "nginx-deploy-84c5b8588f-6s8zg",
"uuid": "51e0d563-6b26-4792-b87f-e81570b3c31d",
"namespace": "nginx-ns",
"namespaceMetadata": null,
"label": null,
"controller": null
},
"node": {
"name": null,
"isMaster": null
}
}
},
"cloudProvider": {
"azure.aks.resourceId": "/subscriptions/5a85a387-af14-4a10-bfa0-c4846979cb16/resourcegroups/CMS/providers/Microsoft.ContainerService/managedClusters/sk-cluster-qlp",
"azure.aks.accountId": "5a85a387-af14-4a10-bfa0-c4846979cb16",
"azure.aks.region": "westus"
},
"exceptions": null,
"k8sExposure": null
}
Updated API: Fetch a List of Containers (Bulk API)
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/containers/list |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch a List of Containers (Bulk API) Sample: Fetch a List of Containers (Bulk API)
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/containers/list?limit=50' \
-H 'accept: application/json' \
-H 'Authorization:
API Response
In the Response below, see the newly added 'imageSha' and 'imageDigest' fields.
{
"data": [
{
"portMapping": null,
"imageId": null,
"created": "1744282729000",
"updated": "1763621686123",
"label": null,
"uuid": "36d25b77-27a3-3873-983f-de9091bc4bbf",
"sha": "4565583185fbb36f1a4521e9fa8cba525d7216e991f9ae937112a0a2808c9dd5",
"privileged": true,
"path": null,
"imageSha": null,
"imageDigest": "e35758d5c52ef46b9e0e1c66774e42c5ee74a3bfadb4c82a9152adbb1266e822",
"macAddress": null,
"customerUuid": "18e1d022-0c53-f970-8021-01c7634aed94",
"ipv4": null,
"ipv6": null,
"name": "kube-proxy",
"host": {
"sensorUuid": "8d9fe013-ca82-b370-1c5f-65c182f6d65f",
"hostname": "ip-10-82-10-133.ec2.internal",
"ipAddress": "10.82.10.133",
"ipV6Address": null,
"uuid": null,
"lastUpdated": "2025-11-20T06:54:45.302Z"
},
"hostArchitecture": [
"amd64"
],
"state": "DELETED",
"imageUuid": null,
"containerId": "4565583185fb",
"stateChanged": "1763449228234",
"services": null,
"users": null,
"operatingSystem": null,
"lastScanned": null,
"source": "CLUSTER",
"sources": [
"CLUSTER"
],
"riskScore": null,
"riskScoreCalculatedDate": null,
"formulaUsed": null,
"maxQdsScore": null,
"qdsSeverity": null,
"scanTypes": null,
"criticality": null,
"criticalityUpdated": null,
"isVulnPropagated": null,
"vulnPropagationDate": null,
"sensorUuid": "8d9fe013-ca82-b370-1c5f-65c182f6d65f",
"environment": [
"NODE_NAME="
],
"arguments": null,
"command": "[\"kube-proxy\",\"--hostname-override=$(NODE_NAME)\",\"--config=/var/lib/kube-proxy-config/config\",\"--v=2\"]",
"drift": null,
"vulnerabilities": null,
"softwares": null,
"isDrift": false,
"isRoot": null,
"isExposedToWorld": null,
"cluster": {
"type": "KUBERNETES",
"name": "surtest-ekstest",
"uid": "957e3031-c6d1-4a00-9c7e-6406e1bc3bcb",
"version": null,
"k8s": {
"project": null,
"pod": {
"name": "kube-proxy-wrs8v",
"uuid": "c0f40525-ef90-4c56-b80e-fae2cdbc07a2",
"namespace": "kube-system",
"namespaceMetadata": null,
"label": null,
"controller": null
},
"node": {
"name": null,
"isMaster": null
}
}
}
},
{
"portMapping": null,
"imageId": null,
"created": "1744282730000",
"updated": "1763621685615",
"label": null,
"uuid": "74833548-8719-3622-a00f-b62479a60c82",
"sha": "f7e8a336a17a92e6903f57e66b8335bf1ca6f8742dd1588ed215a135e8c971d8",
"privileged": true,
"path": null,
"imageSha": null,
"imageDigest": "4a3092b8ca1f720439a371af6206d7943d8e499518b5ede867474740c2b7c6ab",
"macAddress": null,
"customerUuid": "18e1d022-0c53-f970-8021-01c7634aed94",
"ipv4": null,
"ipv6": null,
"name": "aws-vpc-cni-init",
"host": {
"sensorUuid": "8d9fe013-ca82-b370-1c5f-65c182f6d65f",
"hostname": "ip-10-82-10-133.ec2.internal",
"ipAddress": "10.82.10.133",
"ipV6Address": null,
"uuid": null,
"lastUpdated": "2025-11-20T06:54:45.213Z"
},
"hostArchitecture": [
"amd64"
],
"state": "DELETED",
"imageUuid": null,
"containerId": "f7e8a336a17a",
"stateChanged": "1763449227811",
"services": null,
"users": null,
"operatingSystem": null,
"lastScanned": null,
"source": "CLUSTER",
"sources": [
"CLUSTER"
],
"riskScore": null,
"riskScoreCalculatedDate": null,
"formulaUsed": null,
"maxQdsScore": null,
"qdsSeverity": null,
"scanTypes": null,
"criticality": null,
"criticalityUpdated": null,
"isVulnPropagated": null,
"vulnPropagationDate": null,
"sensorUuid": "8d9fe013-ca82-b370-1c5f-65c182f6d65f",
"environment": [
"DISABLE_TCP_EARLY_DEMUX=false",
"ENABLE_IPv6=false"
],
"arguments": null,
"command": "null",
"drift": null,
"vulnerabilities": null,
"softwares": null,
"isDrift": false,
"isRoot": null,
"isExposedToWorld": null,
"cluster": {
"type": "KUBERNETES",
"name": "test-ekstest",
"uid": "957e3031-c6d1-4a00-9c7e-6406e1bc3bcb",
"version": null,
"k8s": {
"project": null,
"pod": {
"name": "aws-node-cvkm5",
"uuid": "cf2785d0-9756-4613-be51-0de9d2b2ff02",
"namespace": "kube-system",
"namespaceMetadata": null,
"label": null,
"controller": null
},
"node": {
"name": null,
"isMaster": null
}
}
}
}