Container Security Release 1.42 API
March 03, 2026
Before understanding the API release highlights, learn more about the API server URL to be used in your API requests by referring to the Know Your Qualys API Server URL section. For these API Release Notes, <qualys_base_url> is mentioned in the sample API requests.
With the Container Security 1.42 release, the following enhancements in CS APIs are made.
- New Report Templates - Images, Containers, Pods
- Vulnerability View for Images
- Software Lifecycle Details for Images
- Block Images with Unauthorized Author & Old Vulnerability
- Vulnerability Propagation in Sensor Profile
- Qualys Locator Path (QLP)
- Firstfound Field in Image APIs
New Report Templates - Images, Containers, Pods, & Vulnerability
With this release, Qualys Container Security has introduced the following new report templates: Images, Containers, Pods, and Vulnerability. To support this, the following new report formats are introduced.
- CS_Images
- CS_Containers
- CS_PODS
- CS_VULNERABILITIES
The following APIs are updated with Images, Containers, Vulnerabilities, and Pods report templates.
- Fetch a List of Reports in your Account
GET /csapi/v1.3/reports - Create a Report Request
POST /csapi/v1.3/reports - Create a Report Schedule
POST /csapi/v1.3/reports/schedule - Update an Active Report Schedule
PUT /csapi/v1.3/reports/schedule/{reportingSchedulingId}
Updated API: Fetch a List of Reports in Your Account
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/reports |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch a List of Reports in Your AccountSample: Fetch a List of Reports in Your Account
The sample below shows the request and response for getting CS_KUBERNETES_PODS report. Refer to the CS API Guide to see API requests and responses for creating a report schedule using CS_Image, CS_Containers, and CS_Vulnerability templates.
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/reports?filter=report.name%3Atest_pods_API&pageNumber=1&pageSize=50&sort=status%3Adesc' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
API Response
In the response below, see the new 'templateName' - CS_KUBERNETES_PODS used while getting a list of reports.
{
"data": [
{
"reportUuid": "4c90c260-71b5-11f0-92c4-d75b653a5a10",
"createdAt": "2025-08-05T04:33:13.000Z",
"reportName": "Test",
"description": null,
"fileFormat": "csv",
"templateName": "CS_KUBERNETES_PODS",
"status": "COMPLETED",
"isScheduled": 0,
"filter": null,
"displayColumns": [
"uuid",
"name",
"startedAt",
"namespace",
"clusterUid",
"containersSha",
"status",
"updatedAt",
"sensorUuid"
],
"expireOn": "2025-08-12T04:33:13.000Z",
"emailNotification": 0,
"recipient": "",
"emailSubject": "",
"customMessage": "",
"sendAsAttachment": 0,
"fileZipped": 0,
"expireAfter": 7
}
],
"count": 1
}
Updated API: Create a Report Request
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/reports |
| Method | POST |
| DTD XSD Changes | No |
Input ParametersInput Parameters
The following table shows the updated or new input parameters.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| templateName | Mandatory | string | Specify the name of the report template. With this release, the following new report templates are introduced. - CS_KUBERNETES_PODS - CS_CONTAINERS - CS_IMAGES |
Sample: Create a Report Request Sample: Create a Report Request
The sample below shows the request and response for creating CS_KUBERNETES_PODS report. Refer to CS API Guide to see API requests and reponses for creating report schedule using CS_Image and CS_Containers and CS_Vulnerability templates.
API Request
curl -X 'POST' \
'<qualys_base_url>/csapi/v1.3/reports' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d {
"name": "test_pods_API",
"description": "test",
"templateName": "CS_KUBERNETES_PODS",
"filter": null,
"reportScheduleDetails": null,
"expireAfter": 7,
"secondFilter": "",
"displayColumns": [
"uuid",
"name",
"startedAt",
"namespace",
"clusterUid",
"containersSha",
"status",
"updatedAt",
"sensorUuid"
],
"zip": 1,
"emailNotification": 0
}'
API Response
{
"reportUuid": "6c9f9c40-df2c-11f0-a6de-8fc0ae82011c"
}
Updated API: Create a Report Schedule
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/reports/schedule |
| Method | POST |
| DTD XSD Changes | No |
Input ParametersInput Parameters
The following table shows the updated or new input parameters.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| templateName | Mandatory | string | Specify the name of the report template. With this release, the following new report templates are introduced. - CS_KUBERNETES_PODS - CS_CONTAINERS - CS_IMAGES |
Sample: Create a Report ScheduleSample: Create a Report Schedule
The sample below shows the request and response for creating CS_KUBERNETES_PODS report schedule. Refer to CS API Guide to see API requests and reponses for creating report schedule using CS_Image and CS_Containers, and CS_Vulnerability templates.
API Request
curl -X 'POST' \
'<qualys_base_url>/csapi/v1.3/reports/schedule' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '{
"name": "test_schedule_Pods",
"description": "test",
"templateName": "CS_KUBERNETES_PODS",
"filter": null,
"reportScheduleDetails": {
"recurrenceType": "DAILY",
"selectedDayOfWeeks": null,
"monthlyType": null,
"ordinalDayOfMonth": 1,
"dayOfWeek": null,
"ordinalDayOfWeek": null
},
"expireAfter": 7,
"secondFilter": "",
"displayColumns": [
"uuid",
"name",
"startedAt",
"namespace",
"clusterUid",
"containersSha",
"status",
"updatedAt",
"sensorUuid"
],
"zip": 1,
"emailNotification": 1,
"sendAsAttachment": 0,
"customMessage": "",
"recipient": "",
"emailSubject": "test_schedule_Pods",
"eventEndTime": "2025-12-23T18:31:00Z",
"action": "CREATE",
"eventTime": "2025-12-22T17:31:00Z"
}'
API Response
{
"scheduleUuid": "a6d8ac00-df2f-11f0-93a0-e57faee019ed"
}
Updated API: Update an Active Report Schedule
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/reports/schedule/{reportingScheduleID} |
| Method | PUT |
| DTD XSD Changes | No |
Input ParametersInput Parameters
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| templateName | Mandatory | string | Specify the name of the report template. With this release, the following new report templates are introduced. - CS_KUBERNETES_PODS - CS_CONTAINERS - CS_IMAGES |
Sample: Update an Active Report ScheduleSample: Update an Active Report Schedule
The sample below shows the request and response for updating CS_KUBERNETES_PODS report schedule. Refer to CS API Guide to see API requests and reponses for updating an active report schedule made using CS_Image and CS_Containers templates.
API Request
curl -X 'PUT' \
'<qualys_base_url>/csapi/v1.3/reports/schedule/a6d8ac00-df2f-11f0-93a0-e57faee019ed' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '{
"name": "test_schedule_Pods",
"description": "test",
"templateName": "CS_KUBERNETES_PODS",
"filter": null,
"reportScheduleDetails": {
"recurrenceType": "DAILY",
"selectedDayOfWeeks": null,
"monthlyType": null,
"ordinalDayOfMonth": 1,
"dayOfWeek": null,
"ordinalDayOfWeek": null
},
"expireAfter": 7,
"secondFilter": "",
"displayColumns": [
"uuid",
"name",
"namespace",
"clusterUid",
"containersSha",
"status"
],
"zip": 1,
"emailNotification": 1,
"sendAsAttachment": 0,
"customMessage": "",
"recipient": "",
"emailSubject": "test_schedule_Pods",
"eventEndTime": "2025-12-23T18:31:00Z",
"action": "CREATE",
"eventTime": "2025-12-22T17:31:00Z"
}'
API Response
{
"message": "Details updated successfully for reportScheduleId a6d8ac00-df2f-11f0-93a0-e57faee019ed"
}
Vulnerability View for Images
With this release, Qualys Container Security now supports vulnerability-related activities. In this phase, you can obtain a list of vulnerabilities in your account along with their details on the dedicated Vulnerabilities page. The following APIs are introduced to support the Vulnerability report template.
- Fetch a List of Vulnerabilities in your Account
GET /csapi/v1.3/vulnerability - Fetch details of a Vulnerability
GET /csapi/v1.3/vulnerability/{Vulnerability UUID}
New API: Fetch a List of Vulnerabilities in Your Account
| New or Updated APIs | New |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/vulnerability |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch a List of Vulnerabilities in Your AccountSample: Fetch a List of Vulnerabilities in Your Account
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/vulnerability' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
API Response (Trauncated)
{
"data": [
{
"uuid": "55df0913-f728-3ac8-a8a5-34536e8edaac",
"assetId": "75f7b85a-9615-314b-9df8-e62795cb6c47",
"qid": 5007349,
"title": "Python (Pip) Security Update for pip (GHSA-6vgw-5pg2-w6jp)",
"firstFound": 1771335479949,
"lastFound": 1771335479949,
"patchAvailable": true,
"layerSha": [],
"isExcluded": false,
"host": [
{
"sensorUuid": "256e237b-f5b4-4888-9ca8-78357debdf3f",
"uuid": "f3d92b24-46ed-46b1-9626-b76c4662b8fb",
"hostname": "ip-10-82-62-69",
"ipAddress": "10.82.62.69",
"ipV6Address": "",
"lastUpdated": null
}
],
"software": [
{
"name": "pip",
"version": "23.0.1",
"fixVersion": "26.0",
"scanType": "SCA",
"packagePath": "usr/local/lib/python3.10/site-packages/pip-23.0.1.dist-info/METADATA",
"softwareQlp": "pip(23.0.1)"
}
],
"status": null,
"isInherited": false,
"assignedTags": [],
"lastScanned": 1771335479954,
"imageQlp": [
"reg://docker.io/qualysdockerhub/testvk/catest3",
"digest://docker.io/qualysdockerhub/testvk/c6a5d297b5f2f3634d8a6126f3f84262756e1c45366ff7147e2a85b461897a90",
"sha://370af546f1f41e1e14fd528081c870ca7f1db7ee4ed85411d66e504369e0be4a"
]
{
"data": [
{
"uuid": "55df0913-f728-3ac8-a8a5-34536e8edaac",
"assetId": "75f7b85a-9615-314b-9df8-e62795cb6c47",
"qid": 5007349,
"title": "Python (Pip) Security Update for pip (GHSA-6vgw-5pg2-w6jp)",
"firstFound": 1771335479949,
"lastFound": 1771335479949,
"patchAvailable": true,
"layerSha": [],
"isExcluded": false,
"host": [
{
"sensorUuid": "256e237b-f5b4-4888-9ca8-78357debdf3f",
"uuid": "f3d92b24-46ed-46b1-9626-b76c4662b8fb",
"hostname": "ip-10-82-62-69",
"ipAddress": "10.82.62.69",
"ipV6Address": "",
"lastUpdated": null
}
],
"software": [
{
"name": "pip",
"version": "23.0.1",
"fixVersion": "26.0",
"scanType": "SCA",
"packagePath": "usr/local/lib/python3.10/site-packages/pip-23.0.1.dist-info/METADATA",
"softwareQlp": "pip(23.0.1)"
}
],
"status": null,
"isInherited": false,
"assignedTags": [],
"lastScanned": 1771335479954,
"imageQlp": [
"reg://docker.io/qualysdockerhub/testvk/catest3",
"digest://docker.io/qualysdockerhub/testvk/c6a5d297b5f2f3634d8a6126f3f84262756e1c45366ff7147e2a85b461897a90",
"sha://370af546f1f41e1e14fd528081c870ca7f1db7ee4ed85411d66e504369e0be4a"
],
"containerQlp": null,
"containerQlpCount": 0,
"baseImage": null,
"sha": "370af546f1f41e1e14fd528081c870ca7f1db7ee4ed85411d66e504369e0be4a",
"qdsScore": 20,
"riskScore": 82,
"lastUsedDate": null,
"qdsSeverity": "LOW",
"repo": [
{
"registry": "docker.io",
"repository": "qualysdockerhub/testvk",
"tag": "catest3"
}
],
"registryUuid": null,
"created": 1771335485369,
"updated": 0
},
{
"uuid": "328f5f47-f423-33bb-aed1-619d6f016edf",
"assetId": "e459c3ec-3a50-3185-9ae3-b1c8e3720d45",
"qid": 243590,
"title": "Red Hat Update for python3 (RHSA-2024:3347)",
"firstFound": 1771330153693,
"lastFound": 1771335263090,
"patchAvailable": true,
"layerSha": [],
"isExcluded": false,
"host": [
{
"sensorUuid": "256e237b-f5b4-4888-9ca8-78357debdf3f",
"uuid": "f3d92b24-46ed-46b1-9626-b76c4662b8fb",
"hostname": "ip-10-82-62-69",
"ipAddress": "10.82.62.69",
"ipV6Address": "",
"lastUpdated": "2026-02-17T12:09:10.234Z"
}
],
"software": [
{
"name": "platform-python",
"version": "3.6.8-23.el8",
"fixVersion": "3.6.8-62.el8_10",
"scanType": "STATIC",
"softwareQlp": "platform-python(3.6.8-23.el8)"
},
{
"name": "python3-libs",
"version": "3.6.8-23.el8",
"fixVersion": "3.6.8-62.el8_10",
"scanType": "STATIC",
"softwareQlp": "python3-libs(3.6.8-23.el8)"
}
],
"status": null,
"isInherited": false,
"assignedTags": [],
"lastScanned": 1771335263110,
"imageQlp": [
"sha://ecbc6f53bba0d1923ca9e92b3f747da8353a070fccbae93625bd8b47dbee772e",
"reg://docker.io/redhat/ubi8/8.2",
"digest://docker.io/redhat/ubi8/d748c21a55796827da82c61f162b505c59451cba24f1874e5185f21275b6bddc"
],
"containerQlp": null,
"containerQlpCount": 0,
"baseImage": null,
"sha": "ecbc6f53bba0d1923ca9e92b3f747da8353a070fccbae93625bd8b47dbee772e",
"qdsScore": 35,
"riskScore": 206,
"lastUsedDate": null,
"qdsSeverity": "LOW",
"repo": [
{
"registry": "docker.io",
"repository": "redhat/ubi8",
"tag": "8.2"
}
],
"registryUuid": null,
"created": 1771330160830,
"updated": 0
}
],
.
.
.
.
"count": 1505,
"groups": {},
"aggs": null
}
New API: Fetch Details of a Vulnerability
| New or Updated APIs | New |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/vulnerability/{Vulnerability UUID} |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch Details of a VulnerabilitySample: Fetch Details of a Vulnerability
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/vulnerability/55df0913-f728-3ac8-a8a5-34536e8edaac' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
API Response
"vulnDef": {
"description": {
"en": "GO has released a security update for stdlib to fix the vulnerabilities."
},
"consequence": {
"en": "Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality."
},
"solution": {
"en": "Refer to GO security advisory <A HREF=\"https://pkg.go.dev/vuln/GO-2025-4175\" TARGET=\"_blank\">GO-2025-4175</A> for updates and patch information.<BR>"
},
"os": null,
"discoveryTypes": [
"AUTHENTICATED"
],
"published": "1764941831000",
"updated": "1764958223000",
"types": [
"VULNERABILITY"
],
"severity": 4,
"risk": 40,
"flags": [
"WINDOWS_AUTH",
"UNIX_AUTH",
"PCI_RELATED"
],
"category": "SCA",
"authTypes": [
"WINDOWS_AUTH",
"UNIX_AUTH"
],
"patches": [
1106649
],
"qid": 5006453,
"exploitability": null,
"exploits": [],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": null,
"highLateralMovement": true,
"easyExploit": null,
"highDataLoss": null,
"noPatch": null,
"denialOfService": null,
"malware": null,
"exploitKit": null,
"publicExploitNames": [],
"malwareNames": [],
"exploitKitNames": [],
"wormable": null,
"predictedHighRisk": null,
"privilegeEscalation": null,
"unauthenticatedExploitation": null,
"remoteCodeExecution": null,
"ransomware": null,
"solorigateSunburst": null,
"cisaKnownExploitedVulns": null
},
"malwares": [],
"title": "Go (Go) Security Update for stdlib (GO-2025-4175)",
"patchAvailable": true,
"cveIds": [
"CVE-2025-61727"
],
"vendorRefs": [
"GO-2025-4175"
],
"bugTraqIds": [
"0"
],
"cvssInfo": {
"baseScore": "5.4",
"temporalScore": "4",
"accessVector": "Adjacent Network"
},
"cvss3Info": {
"baseScore": "6.5",
"temporalScore": "5.7"
},
"sans20Categories": null,
"lists": null,
"compliances": [],
"supportedBy": [
"CA-Windows Agent",
"CA-Linux Agent",
"SCA",
"CS-Windows",
"CS-Linux"
],
"vendors": [
{
"vendorName": "go",
"productName": "go"
}
],
"vendorRefDetails": [
{
"vendorRef": "GO-2025-4175",
"url": "https://pkg.go.dev/vuln/GO-2025-4175",
"lastModified": "1764806404000"
}
],
"vulnPatch": {
"patchAvailable": true,
"patchReleaseDate": "1764633600000",
"vendorSeverity": "high",
"patches": [
{
"id": 1106649,
"advisoryID": "GO-2025-4175",
"component": null,
"lastModified": "1764806419000",
"link": "https://pkg.go.dev/vuln/GO-2025-4175",
"osSoftware": null,
"rebootDetails": "Conditional",
"rebootRequired": 2,
"subComponent": null
}
]
},
"qidProperties": [
"pci",
"win",
"unx"
],
"vulnQvsDef": {
"id": 374411,
"vulnId": "CVE-2025-61727",
"vulnType": "CVE",
"qvsScore": 30,
"qvsPrimeCredit": 0,
"drivers": {
"epss": [
"0.0001"
],
"threat_actors": null,
"exploit_maturity": null,
"exploit_available": null,
"trending": [
"02112026,02062026,01202026,01282026,02082026,02052026,01222026,01192026,01292026,01242026,01302026,01272026,01212026,01252026,02042026,02122026,01312026,02072026,02092026,02012026,02132026,01262026,01182026,01232026,01172026,02022026"
],
"mitigation_controls": null,
"malware_name": null,
"malware_hash": null,
"cvss": "6.5",
"cvss_version": "v3.x",
"cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"rti": null,
"qid_severity": null,
"cisa_vuln": null
},
"published": 1764792985,
"created": 1764819127,
"modified": 1764819127,
"lastModified": 1771125950
},
"highestContributingCVE": "CVE-2025-61727"
},
"vulnerabilityDetailDTO": {
"qid": 5006453,
"title": "Go (Go) Security Update for stdlib (GO-2025-4175)",
"result": "#table cols=\"5\"\nPackage Installed_Version Required_Version Language Install_Path\nstdlib v1.19.3 1.24.11 Go cms-automation/jobs/registryscandemo/eks-cluster/.terraform/providers/registry.terraform.io/hashicorp/aws/3.76.1/linux/terraform-provider-aws_v3.76.1_x5\nstdlib v1.20.11 1.24.11 Go cms-automation/jobs/registryscandemo/eks-cluster/helm-qcsinstall/.terraform/providers/registry.terraform.io/hashicorp/aws/5.31.0/linux/terraform-provider-aws_v5.31.0_x5\nstdlib v1.20.10 1.24.11 Go cms-automation/jobs/registryscandemo/eks-cluster/.terraform/providers/registry.terraform.io/hashicorp/null/3.2.2/linux/terraform-provider-null_v3.2.2_x5\nstdlib v1.21.5 1.24.11 Go cms-automation/jobs/registryscandemo/eks-cluster/helm-qcsinstall/.terraform/providers/registry.terraform.io/hashicorp/kubernetes/2.25.1/linux/terraform-provider-kubernetes_v2.25.1_x5\nstdlib v1.21.4 1.24.11 Go cms-automation/jobs/registryscandemo/eks-cluster/helm-qcsinstall/.terraform/providers/registry.terraform.io/hashicorp/helm/2.12.1/linux/terraform-provider-helm_v2.12.1_x5\nstdlib v1.18.5 1.24.11 Go cms-automation/jobs/gkesetup/.terraform/providers/registry.terraform.io/hashicorp/random/3.4.3/linux/terraform-provider-random_v3.4.3_x5\nstdlib v1.18.1 1.24.11 Go cms-automation/jobs/gkesetup/.terraform/providers/registry.terraform.io/hashicorp/google/4.46.0/linux/terraform-provider-google_v4.46.0_x5\nstdlib v1.19.1 1.24.11 Go cms-automation/jobs/gkesetup/.terraform/providers/registry.terraform.io/hashicorp/kubernetes/2.16.1/linux/terraform-provider-kubernetes_v2.16.1_x5\nstdlib v1.20.11 1.24.11 Go cms-automation/jobs/registryscandemo/eks-cluster/.terraform/providers/registry.terraform.io/hashicorp/tls/4.0.5/linux/terraform-provider-tls_v4.0.5_x5",
"lastFound": 1770911200812,
"firstFound": 1770911200812,
"fixed": null,
"severity": 4,
"customerSeverity": 4,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"nonRunningKernel": null,
"nonExploitableConfig": null,
"runningService": null,
"risk": 40,
"category": "SCA",
"os": null,
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"WINDOWS_AUTH",
"UNIX_AUTH"
],
"supportedBy": [
"CA-Windows Agent",
"CA-Linux Agent",
"SCA",
"CS-Windows",
"CS-Linux"
],
"product": [
"go"
],
"vendor": [
"go"
],
"cveids": [
"CVE-2025-61727"
],
"cvssInfo": {
"accessVector": "Adjacent Network",
"baseScore": 5.4,
"temporalScore": 4
},
"cvss3Info": {
"baseScore": 6.5,
"temporalScore": 5.7
},
"patchAvailable": true,
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": null,
"highLateralMovement": true,
"easyExploit": null,
"highDataLoss": null,
"noPatch": null,
"denialOfService": null,
"malware": null,
"exploitKit": null,
"wormable": null,
"predictedHighRisk": null,
"privilegeEscalation": null,
"unauthenticatedExploitation": null,
"remoteCodeExecution": null,
"ransomware": null,
"solorigateSunburst": null,
"cisaKnownExploitedVulns": null
},
"software": [
{
"name": "stdlib",
"version": "v1.19.3",
"fixVersion": "1.24.11",
"scanType": "SCA",
"packagePath": "cms-automation/jobs/registryscandemo/eks-cluster/.terraform/providers/registry.terraform.io/hashicorp/aws/3.76.1/linux_amd64/terraform-provider-aws_v3.76.1_x5",
"softwareQlp": "stdlib(v1.19.3)"
},
{
"name": "stdlib",
"version": "v1.21.4",
"fixVersion": "1.24.11",
"scanType": "SCA",
"packagePath": "cms-automation/jobs/registryscandemo/eks-cluster/helm-qcsinstall/.terraform/providers/registry.terraform.io/hashicorp/helm/2.12.1/linux_amd64/terraform-provider-helm_v2.12.1_x5",
"softwareQlp": "stdlib(v1.21.4)"
}
],
"scanType": [
"SCA"
],
"qdsScore": 30,
"layerSha": [],
"vendorData": null,
"published": 1764941831000,
"uuid": "2481c56b-1572-3b3c-965f-12a6d1f7e3b5",
"assetId": "dc343ad4-3f93-39ef-a261-7a81762f54f7",
"sha": "f5cbe014e29252ca0b92e3ec2a072f439e852f2c1053445ca9666fa5cdc94ef9",
"baseImage": null,
"isExcluded": false,
"host": [
{
"sensorUuid": "256e237b-f5b4-4888-9ca8-78357debdf3f",
"uuid": "f3d92b24-46ed-46b1-9626-b76c4662b8fb",
"hostname": "ip-10-82-62-69",
"ipAddress": "10.82.62.69",
"ipV6Address": "",
"lastUpdated": null
}
],
"source": [
"GENERAL"
],
"layers": [],
"layersCount": 0,
"isInherited": false,
"assignedTags": [
{
"uuid": "8b1cfd93-886d-4a42-9c7c-b234514f1a5f",
"id": 159107739,
"name": "testvk",
"criticalityScore": 0,
"backgroundColor": "#F37B12",
"foregroundColor": "#000000",
"icon": "",
"tagType": "DYNAMIC"
}
],
"customerUuid": "68af6a8c-e41f-4d78-806d-3744c29a789b",
"lastScanned": 1770911200846,
"lastScannedBySensor": "256e237b-f5b4-4888-9ca8-78357debdf3f",
"operatingSystem": "Alpine Linux 3.18.2",
"riskScore": 222,
"lastUsedDate": null,
"qdsSeverity": "LOW",
"repo": [
{
"registry": null,
"repository": "qualysdockerhub/overlay-functional",
"tag": "driftimage"
}
],
"registryUuid": null,
"imageQlp": [
"sha://f5cbe014e29252ca0b92e3ec2a072f439e852f2c1053445ca9666fa5cdc94ef9"
],
"containerQlp": null,
"created": 1770911206966,
"updated": 1770911231134
}
}
Software Lifecycle Details for Images
Qualys Container Security now supports software lifecycle details in image APIs. The APIs mentioned below provide lifecycle details such as, Stage, Lifecycle confidence (lifeCycleConfidence), End of life (eol), End of support (eos), and General Availability (ga).
- Fetch Image Details -
GET /csapi/v1.3/images/{imageSha} - Fetch a List of Images (Bulk API) -
GET /csapi/v1.3/images/list - Fetch a List of Software Installed on an Image -
GET /csapi/v1.3/images/{imageSha}/software
Updated API: Fetch Images Details
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/images/{imageSha} |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch Image DetailsSample: Fetch Image Details
API Request
curl -X 'GET'
'<qualys_base_url>/csapi/v1.3/images/fa7c845c82ad89b542233b42712cf419b409f6b8b28464c441d6e2645f563bd5' \
-H 'accept: application/json' \
-H Authorization: Bearer <Token> \
-H 'Content-Type: application/json'
API Response
{
"created": "1603477517000",
"updated": "1605017537578",
"lastUsedDate;: "1716251515814",
"author": "Couchbase Docker Team",
"repo": [
{
"registry": "docker.io",
"tag": "latest",
"repository": "couchbase"
}
],
"repoDigests": [
{
"registry": "docker.io",
"digest": "1d811b3c382893f70f0cc0f2371a12d3671c1d5175bcc67e8c2a5c0bf4c8f976",
"repository": "couchbase"
}
],
"label": null,
"uuid": "5d48f83b-cddb-33ac-8fad-e8452dd116b1",
"sha": "c64844065dcbc3d0a90c365c1f56421766a5cebf05f7ecbd3377af410fff09fd",
"operatingSystem": "Ubuntu Linux 16.04.7",
"customerUuid": "192cc974-1e44-cb6c-806e-f78f6441cb0d",
"dockerVersion": "18.09.7",
"size": 1183790011,
"layers": [
{
"size": "0",
"createdBy": "rm -rf-rt /var/lib/apt/lists/*",
"created": "1603474389000",
"comment": "",
"id": null,
"sha": null,
"tags": null
},
{
"size": "1930",
"createdBy": "COPY file:d816a67f62bfba76d2812cefbexxxxxxxa13f3852775c3e68599df7741exxxxx in / ",
"created": "1603477517000",
"comment": "",
"id": null,
"sha": null,
"tags": null
}
],
"host": [
{
"sensorUuid": "fed79006-2fa9-4b67-8f5a-272b4e02f084",
"hostname": "host.acme.com",
"ipAddress": "10.**.2*.*0",
"uuid": "6ba5be85-2758-4f44-814a-b690c9ed23ee",
"lastUpdated": "2020-11-10T14:10:29.218Z"
}
],
"architecture": "amd64",
"imageId": "c64844065dcb",
"lastVmScanDate": "1605017537578",
"registryUuid": null,
"source": [ "GENERAL", "REGISTRY", "CONTINUOUS_ASSESSMENT" ],
"totalVulCount": "0",
"users": [
"root"
],
"isDockerHubOfficial": null,
"isInstrumented": null,
"instrumentedFrom": null,
"instrumentationState": null,
"scanType": "DYNAMIC",
"scanTypes": [
"DYNAMIC"
],
"scanErrorCode": null,
"scanStatus": "SUCCESS",
"lastFoundOnHost": {
"sensorUuid": "fed79006-2fa9-4b67-8f5a-272b4e02f084",
"hostname": "host.acme.com",
"ipAddress": "10.**.2*.*0",
"uuid": "6ba5be85-2758-4f44-814a-b690c9ed23ee",
"lastUpdated": "2020-11-10T14:10:29.218Z"
},
"lastScannedBySensor": "fde436ad-3686-46f9-a2e5-9f7523668d34",
"scanErrorMessage": "Static: Package manager not found",
"malware": {
"imageMalwareCount": 1,
"malwarePrediction": {
"prediction": "malicious",
"score": 1,
"severity": 3,
"category": "dropper",
"family": "mirai"
}
},
"lastMalwareScanned": null,
"exceptions": [
"77116d5b-aaa0-4dba-a334-9fe6a6f0dd98"
],
"secrets": [
{
"severity": "MEDIUM",
"filePath": "/root/foo/foo1.txt",
"layerSha": "7afaca6fd6f46466f2f23f51c647918c7818a431792547db3a7bc033d261a1e3",
"match": null,
"startLine": 0,
"secretType": "Asana Client Secret"
},
{
"severity": "CRITICAL",
"filePath": "/home/qatest/key/gcp-service-account.json",
"layerSha": "5bc804df91a229c1f26d254b5247c699c1e1a53673ec1d30e263e7b4bda96beb",
"match": null,
"startLine": 0,
"secretType": "Google (GCP) Service-account"
}
],
"lastSecretScanned": null,
"riskScore": null,
"riskScoreCalculatedDate": null,
"formulaUsed": null,
"maxQdsScore": null,
"qdsSeverity": null,
"criticality": 3,
"criticalityUpdated": 1717098843553,
"baseImage": null,
"childImagesCount": 0,
"sbomLayerProcessingTimestamp": null,
"baseImageProcessingTimestamp": null,
"isContinuouslyAssessed": true,
"lastAssessed": "1746677220581"
"softwares": [
{
"name": "libsw5:amd64",
"version": "6.0+20160213-1ubuntu1",
"scanType": "STATIC",
"packagePath": null,
"type": "MAPPED",
"ignoredReason": null,
"lifecycle": {
"stage": "GA",
"lifeCycleConfidence": "Exact",
"eol": "-631152000000",
"eos": "-631152000000",
"ga": "1705622400000"
},
"fixVersion": null,
"vulnerabilities": null,
"layerSha": "p81e54f31270422d691e33eacbe3219309240a20566cd2bcca0de1f37d9m5827"
}
},
{
"name": "docker",
"version": "25.0.5-r0",
"scanType": "STATIC",
"packagePath": null,
"type": "MAPPED",
"ignoredReason": null,
"lifecycle": {
"stage": "GA",
"lifeCycleConfidence": "Exact",
"eol": "-631152000000",
"eos": "-631152000000",
"ga": "1705622400000"
},
"fixVersion": null,
"vulnerabilities": null,
"layerSha": "c21e54f31270422d691e33eacbe3219309240a20566cd2bcca0de1f33d9b5617"
}
],
"vulnerabilities": [],
"lastComplianceScanned": "1603477517000"
}
Updated API: Fetch a List of Images (Bulk API)
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/images/list |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch a List of Images (Bulk API)Sample: Fetch a List of Images (Bulk API)
API Request
curl -X "GET"
"<qualys_base_url>/csapi/v1.3/images/list?filter=imagesInUse:'[now-7d ... now]'&limit=2&scanDetails=malware%2C%20secrets"
-H "accept: application/json"
-H "Authorization: Bearer <token>"
API Response
{
"data": [
{
"created": "1472581305000",
"updated": "1724323293607",
"author": "jack_reader",
"repo": [
{
"registry": "art-hq.intranet.qualys.com:5001",
"tag": "fedora22",
"repository": "multi-os-images"
},
{
"registry": "docker.io",
"tag": "22",
"repository": "fedora"
}
],
"repoDigests": [
{
"registry": "docker.io",
"digest": "dea6d6d845c3eba400289b61444ce193dd3df73f8ac70fb60fb6ed39718e111c",
"repository": "jr1/alpine-amd64"
},
{
"registry": "sjc.ocir.io",
"digest": "dea6d6d845c3eba400289b61444ce193dd3df73f8ac70fb60fb6ed39718e111c",
"repository": "axtqwmwbaayf/qualys"
}
],
"label": [],
"uuid": "d165a97b-7e10-3f0b-acb9-eac7c39d1532",
"sha": "01a9fe974dba61470137158fc1987884ea1f2333ae60c7f76562dbae02739ada",
"operatingSystem": "Fedora 22",
"customerUuid": "af24ca38-27a8-6bd9-8241-5ec3c9eecdb5",
"dockerVersion": "1.12.1",
"size": 188728229,
"layers": [
{
"size": "188728229",
"createdBy": "ADD file:e14b712e5cfef28691da81e314415790d59685a366414f6be248b871e42d4436 in / ",
"created": "1472581305000",
"comment": "",
"id": "01a9fe974dba",
"sha": "01a9fe974dba61470137158fc1987884ea1f2333ae60c7f76562dbae02739ada",
"tags": [
"sjc.ocir.io/axtqwmwbaayf/qualys:fedora",
"art-hq.intranet.qualys.com:5001/multi-os-images:fedora22",
"alpine-amd64:fedora",
"fedora:22",
"sjc.ocir.io/axtqwmwbaayf/public-1:centos",
"msftlongregistryandreponametest.azurecr.io/test1/test2:tag"
],
"layerNumber": null,
"isBaseLayer": null,
"isEmptyLayer": null
},
{
"size": "0",
"createdBy": "jack_reader",
"created": "1472581297000",
"comment": "",
"id": null,
"sha": null,
"tags": null,
"layerNumber": null,
"isBaseLayer": null,
"isEmptyLayer": null
}
],
"architecture": "amd64",
"imageId": "01a9fe974dba",
"lastScanned": "1724323293607",
"registryUuid": null,
"source": [
"GENERAL"
],
"users": [],
"lastFoundOnHost": {
"sensorUuid": "75e30f2f-05f5-413f-9baf-0095b39347ad",
"hostname": "localhost.localdomain",
"ipAddress": "10.115.97.76",
"uuid": "62fe1baa-0311-0002-ca34-0050568cd03b",
"lastUpdated": "2024-08-22T10:52:22.065Z"
},
"lastUsedDate": null,
"isDockerHubOfficial": null,
"scanType": null,
"scanTypes": [
"STATIC"
],
"softwares": [
"name": "rpm-plugin-selinux",
"version": "4.12.0.1-14.fc22",
"fixVersion": null,
"scanType": "STATIC",
"packagePath": null
"lifecycle": {
"stage": "GA",
"lifeCycleConfidence": "Exact",
"eol": "-631152000000",
"eos": "-631152000000",
"ga": "1705622400000"
},
{
"name": "deltarpm",
"version": "3.6-8.fc22",
"fixVersion": null,
"scanType": "STATIC",
"packagePath": null
"lifecycle": {
"stage": "GA",
"lifeCycleConfidence": "Exact",
"eol": "-631152000000",
"eos": "-631152000000",
"ga": "1705622400000"
},
],
"vulnerabilities": [
{
"qid": 124975,
"result": null,
"software": [
{
"name": "libssh2",
"version": "1.5.0-1.fc22",
"fixVersion": "1.5.0-2.fc22",
"scanType": "STATIC",
"packagePath": null
}
],
"lastFound": "1724323293564",
"firstFound": "1724323293564",
"typeDetected": "CONFIRMED",
"scanType": [
"STATIC"
]
},
{
"qid": 106008,
"result": null,
"software": null,
"lastFound": "1724323293573",
"firstFound": "1724323293573",
"typeDetected": "CONFIRMED",
"scanType": [
"STATIC"
]
}
],
"malware": null,
"secrets": null,
"lastMalwareScanned": null,
"riskScore": null,
"riskScoreCalculatedDate": null,
"maxQdsScore": null,
"qdsSeverity": null,
"criticality": 5,
"criticalityUpdated": 1717098843553
},
{
"created": "1490217199000",
"updated": "1724323252042",
"author": "",
"repo": [
{
"registry": "docker.io",
"tag": "latest",
"repository": "iojs"
},
{
"registry": "dockregtest01.eng.sjc01.qualys.com:5000",
"tag": "latest",
"repository": "iojs"
}
],
"repoDigests": [
{
"registry": "docker.io",
"digest": "e9c867712191ac0d35041268feed489bcaaf9c1169296ca780ba4be03ca4610c",
"repository": "iojs"
},
{
"registry": "dockregtest01.eng.sjc01.qualys.com:5000",
"digest": "ebe3fd385e36a8bbfae06e1f8c1e88a4abfce10dbfc4b8b339d3c0df072ee9f4",
"repository": "iojs"
}
],
"label": [],
"uuid": "1ea83c91-0ef9-3c50-9fdc-d7d3551fb59a",
"sha": "fdab38ea8e39d1bd42b3ef244e6ea4f85a72b41608c6f372bd9de4ba900b4f99",
"operatingSystem": null,
"customerUuid": "af24ca38-27a8-6bd9-8241-5ec3c9eecdb5",
"dockerVersion": "1.12.6",
"size": 648592935,
"layers": [
{
"size": "322890800",
"createdBy": "set -ex; \g-dev \/*",
"created": "1490123534000",
"comment": "",
"id": null,
"sha": null,
"tags": null,
"layerNumber": null,
"isBaseLayer": null,
"isEmptyLayer": null
},
{
"size": "122928427",
"createdBy": "apt-get update && apt-get install -y --no-install-recommends \t\tbzr \t\tgit \t\tmercurial \t\topenssh-client \t\tsubversion \t\t\t\tprocps \t&& rm -rf /var/lib/apt/lists/*",
"created": "1490123476000",
"comment": "",
"id": null,
"sha": null,
"tags": null,
"layerNumber": null,
"isBaseLayer": null,
"isEmptyLayer": null
},
],
"architecture": "amd64",
"imageId": "fdab38ea8e39",
"lastScanned": null,
"registryUuid": null,
"source": [
"GENERAL"
],
"users": null,
"lastFoundOnHost": {
"sensorUuid": "75e30f2f-05f5-413f-9baf-0095b39347ad",
"hostname": "localhost.localdomain",
"ipAddress": "10.***.*7.7*",
"uuid": "62fe1baa-0311-0002-ca34-0050568cd03b",
"lastUpdated": "2024-08-22T10:52:22.065Z"
},
"lastUsedDate": null,
"isDockerHubOfficial": null,
"scanType": null,
"scanTypes": null,
"softwares": null,
"vulnerabilities": null,
"malware": null,
"secrets": null,
"lastMalwareScanned": null,
"riskScore": null,
"riskScoreCalculatedDate": null,
"maxQdsScore": null,
"qdsSeverity": null
"criticality": 5,
"criticalityUpdated": 1717098843553
}
],
"limit": 2
}
Updated API: Fetch a List of Software Installed on an Image
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/images/{imageSha}/software |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch a List of Software Installed on an ImageSample: Fetch a List of Software Installed on an Image
API Request
curl -X GET
"<qualys_base_url>/csapi/v1.3/images/fddd5d9814a9393cf85f4794c6435ba00e8db8facee9bcc05d9d0846016470df/software"
-H "accept: application/json"
-H "Authorization: Bearer <token>"
API Response
{
"data": [
{
"name": "libsystemd0:amd64",
"version": "237-3ubuntu10.33",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": "237-3ubuntu10.54",
"lifecycle": {
"stage": "GA",
"lifeCycleConfidence": "Exact",
"eol": "-631152000000",
"eos": "-631152000000",
"ga": "1705622400000"
"vulnerabilities": {
"severity5Count": 0,
"severity4Count": 1,
"severity3Count": 1,
"severity2Count": 1,
"severity1Count": 0
}
},
{
"name": "libprocps6:amd64",
"version": "2:3.3.12-3ubuntu1.2",
"scanType": "DYNAMIC",
"packagePath": null,
"fixVersion": null,
"lifecycle": {
"stage": "GA",
"lifeCycleConfidence": "Exact",
"eol": "-631152000000",
"eos": "-631152000000",
"ga": "1705622400000"
"vulnerabilities": {
"severity5Count": null,
"severity4Count": null,
"severity3Count": null,
"severity2Count": null,
"severity1Count": null
}
},
"count": 2,
"softwareCountBySeverity": {
"severity5Count": 8,
"severity3Count": 43,
"severity4Count": 40,
"severity1Count": 0,
"severity2Count": 7
},
"driftSoftwareCountBySeverity": null,
"driftSoftwareCountByDriftReason": null
}
New Rules for Images - Unauthorised Author, Old Vulnerabilities, & Deployment Scope
With this release, Container Security can block images with unauthorized authors and old vulnerabilities with the help of Centralized Admission Controller and Image Assessment (CICD) policies.
Additionally, a new policy scope, 'Deployment', has been added to the Admission Controller policy. This new scope is applicable to all existing and newly added rules.
To support this feature, the following APIs are updated.
- Create a Centralized Policy -
POST /csapi/v1.3/centralizedPolicy - Update a Centralized Policy -
PUT /csapi/v1.3/centralizedPolicy/{policyId}
Updated API: Create a Centralized Policy
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/centralizedPolicy |
| Method | POST |
| DTD XSD Changes | No |
Input ParametersInput Parameters
The Input Parameters below show the updated parameters used for creating a Centralized Admission Controller and Image Assessment (CICD) Policies.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| name | Mandatory | array | Indicates array for the centralized policy rules to be included. New rule sub-type: - Block Unauthorized Author - Block Older Vulnerability |
| type | Mandatory | string | A part of 'centralized PolicyRules' array. Indicates policy rule type. Is available only if the particular rule is set and enabled for the policy. New values: - IMAGESCAN_VULN_RESTRICTED_AUTHORS - IMAGESCAN_VULN_RESTRICTED_OLDER_VULNERABILITY |
Sample: Create a Centralized PolicySample: Create a Centralized Policy
API Request for a Centralized Image Assessment (CICD) Policy
curl -X 'POST' \
'<qualys_base_url>/csapi/v1.3/centralizedPolicy' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '{
"policyName": "Restricted author and old vul rule test",
"description": "Test",
"centralizedPolicyRules": [
{
"name": "Block Unauthorized Author",
"type": "IMAGESCAN_VULN_RESTRICTED_AUTHORS",
"isEnabled": true,
"stopProcessing": false,
"order": 0,
"kind": "IMAGE_SECURITY",
"metaData": {
"values": [
"John Doe"
]
},
"action": "FAIL"
},
{
"name": "Block Older Vulnerability",
"type": "IMAGESCAN_VULN_RESTRICTED_OLDER_VULNERABILITY",
"isEnabled": true,
"stopProcessing": false,
"order": 0,
"kind": "IMAGE_SECURITY",
"metaData": {
"value": 60
},
"action": "FAIL"
}
],
"exclusionPolicyRules": [],
"policyMode": "ACTIVE",
"policyType": "CICD",
"isDefault": false,
"tagIds": [
"7e538fcd-aae2-4d6e-a2cf-953a799b80b3"
],
"k8sFilters": []
}'
API Response
{
"uuid": "d296f6a2-dd15-4700-b2b1-be29a06cbee2"
}
API Request for a Centralized Admission Controller Policy with 'Deployment' Scope
The API Request shown below provides details of a Centralized Admission Controller Policy with the newly added Deployment Scope.
curl -X 'POST' \
'<qualys_base_url>/csapi/v1.3/centralizedPolicy' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '{
"policyName": "Restricted author and old vul rule test",
"description": "test",
"centralizedPolicyRules": [
{
"name": "Block Unauthorized Author",
"type": "IMAGESCAN_VULN_RESTRICTED_AUTHORS",
"isEnabled": true,
"stopProcessing": false,
"order": 0,
"kind": "IMAGE_SECURITY",
"metaData": {
"values": [
"john Doe"
]
},
"action": "FAIL"
},
{
"name": "Block Older Vulnerability",
"type": "IMAGESCAN_VULN_RESTRICTED_OLDER_VULNERABILITY",
"isEnabled": true,
"stopProcessing": false,
"order": 0,
"kind": "IMAGE_SECURITY",
"metaData": {
"value": 60
},
"action": "FAIL"
}
],
"exclusionPolicyRules": [],
"policyMode": "ACTIVE",
"policyType": "K8S_ADMISSION_CONTROLLER",
"isDefault": false,
"tagIds": [],
"k8sFilters": [
{
"cluster": null,
"namespace": null,
"deployment": {
"clusterUid": "618c60ba-6f2d-470a-a9e2-868c36ba7c48",
"namespaceValue": "default",
"deploymentValue": "cal-nginx-deployment"
}
}
]
}'
API Response
{
"uuid": "d296f6a2-dd15-4700-b2b1-be29a06cbee2"
}
Updated API: Update a Centralized Policy
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/centralizedPolicy/{policyId} |
| Method | PUT |
| DTD XSD Changes | No |
Input ParametersInput Parameters
The Input Parameters below show the updated parameters used for updating a Centralized Admission Controller Policy.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| name | Mandatory | array | Indicates array for the centralized policy rules to be included. New rule sub-type: - Block Images with Malware |
| type | Mandatory | string
|
A part of 'centralized PolicyRules' array. Indicates policy rule type. Is available only if the particular rule is set and enabled for the policy. New value: - IMAGESCAN_VULN_RESTRICTED_malware_IMAGES |
Sample: Update a Centralized PolicySample: Update a Centralized Policy
API Request for a Centralized Image Assessment (CICD) Policy
curl -X 'PUT' \
'<qualys_base_url>/csapi/v1.3/centralizedPolicy/9b5f6954-3bf5-4819-b96c-4fffb1d28b9f' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '{
"policyName": "Restricted author and old vul rule test",
"description": "Test",
"centralizedPolicyRules": [
{
"name": "Block Unauthorized Author",
"type": "IMAGESCAN_VULN_RESTRICTED_AUTHORS",
"isEnabled": true,
"stopProcessing": false,
"order": 0,
"kind": "IMAGE_SECURITY",
"metaData": {
"values": [
"John Doe"
]
},
"action": "FAIL"
},
{
"name": "Block Older Vulnerability",
"type": "IMAGESCAN_VULN_RESTRICTED_OLDER_VULNERABILITY",
"isEnabled": true,
"stopProcessing": false,
"order": 0,
"kind": "IMAGE_SECURITY",
"metaData": {
"value": 60
},
"action": "FAIL"
}
],
"exclusionPolicyRules": [],
"policyMode": "ACTIVE",
"policyType": "CICD",
"isDefault": false,
"tagIds": [
"7e538fcd-aae2-4d6e-a2cf-953a799b80b3"
],
"k8sFilters": []
}'
API Response
{
"policyUUID ": "d296f6a2-dd15-4700-b2b1-be29a06cbee2"
}
API Request for a Centralized Admission Controller Policy with 'Deployment' Scope
The API Request shown below provides details of a Centralized Admission Controller Policy with the newly added Deployment Scope.
curl -X 'PUT' \
'<qualys_base_url>/csapi/v1.3/centralizedPolicy/1eb0defd-776f-4fd6-a054-d477a5b160d7' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <Token>' \
-H 'Content-Type: application/json' \
-d '{
"policyName": "Restricted author and old vul rule test",
"description": "test",
"centralizedPolicyRules": [
{
"name": "Block Unauthorized Author",
"type": "IMAGESCAN_VULN_RESTRICTED_AUTHORS",
"isEnabled": true,
"stopProcessing": false,
"order": 0,
"kind": "IMAGE_SECURITY",
"metaData": {
"values": [
"john Doe"
]
},
"action": "FAIL"
},
{
"name": "Block Older Vulnerability",
"type": "IMAGESCAN_VULN_RESTRICTED_OLDER_VULNERABILITY",
"isEnabled": true,
"stopProcessing": false,
"order": 0,
"kind": "IMAGE_SECURITY",
"metaData": {
"value": 60
},
"action": "FAIL"
}
],
"exclusionPolicyRules": [],
"policyMode": "ACTIVE",
"policyType": "K8S_ADMISSION_CONTROLLER",
"isDefault": false,
"tagIds": [],
"k8sFilters": [
{
"cluster": null,
"namespace": null,
"deployment": {
"clusterUid": "618c60ba-6f2d-470a-a9e2-868c36ba7c48",
"namespaceValue": "default",
"deploymentValue": "cal-nginx-deployment"
}
}
]
}'
API Response
{
"policyUUID ": "1eb0defd-776f-4fd6-a054-d477a5b160d7"
}
Vulnerability Propagation in Sensor Profile
With this release, you can enable or disable Vulnerability propagation for your sensor profiles using CS APIs.
The Vulnerability Propagation applies only to General and Cluster Sensor profile types.
To support this feature, the following Sensor Profile APIs are updated.
- Fetch a List of Sensor Profiles
GET /csapi/v1.3/sensorProfile - Create a Sensor Profile
POST /csapi/v1.3/sensorProfile - Update a Sensor Profile
PUT /csapi/v1.3/sensorProfile/{sensorProfileId} - Update a Default Sensor Profile
PUT /csapi/v1.3/sensorProfile/{updateDefault}
Updated API: Fetch a List of Sensor Profiles
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/sensorProfile |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch a List of Sensor ProfilesSample: Fetch a List of Sensor Profiles
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/sensorProfile \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>
API Response
See the newly introduced 'isVulnPropagation' field introduced in the response below.
{
"data": [
{
"profileId": "24cb8f30-c3b9-461c-b6fc-bc1902fc3906",
"profileName": "test123",
"profileType": "General",
"associatedSensorsCount": 4,
"createdBy": "john_doe",
"created": "1768979006698",
"updatedBy": "john_doe",
"updated": "1768979006698",
"tags": [],
"isVulnPropagation": false,
"awsFargateVulnPropagationConfig": null
},
{
"profileId": "6c7ebe4c-33af-42d9-8e63-daaa247fc959",
"profileName": "test123",
"profileType": "General",
"associatedSensorsCount": 9,
"createdBy": "john_doe",
"created": "1768900013143",
"updatedBy": "john_doe",
"updated": "1768900013143",
"tags": [],
"isVulnPropagation": true,
"awsFargateVulnPropagationConfig": {
"awsVuLnPropagationMode": "ENABLE_VULNERABILITY_PROPAGATION_FOR_CLUSTERS",
"value": []
},
],
"count": 2
}
Updated API: Create a Sensor Profile
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/sensorProfile |
| Method | POST |
| DTD XSD Changes | No |
Input ParametersInput Parameters
The following table shows the newly added input parameter.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| isVulnPropagation | Mandatory | string | Apply vulnerability propagation to the sensor profile. Valid values: true or false |
Sample: Create a Sensor ProfileSample: Create a Sensor Profile
API Request
curl -X 'POST' \
'<qualys_base_url>/csapi/v1.3/sensorProfile' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '{
"profileName": "TestQA",
"profileType": "General",
"description": "test1_update",
"createdBy": "john_doe",
"updatedBy": "john_doe",
"config": {
"performanceManagement": {
"logSecurityLevel": "INFORMATION",
"maxNoOfArchivedLogFiles": 1,
"maxLogFileSize": 3
},
"vulnerabilityManagement": {
"containerScanningInterval": 0,
"imageExclusionRegexList": [
"string"
],
},
"globalScanningFlag": true,
"scanningPolicy": "DynamicWithStaticScanningAsFallback"
},
"performanceManagement": {
"maxNoOfArchivedLogFiles": 0,
"maxLogFileSize": 0,
"logSecurityLevel": "INFORMATION"
}
},
"associatedSensorIds": [
"096d96b4-c252-4c5b-835d-462109e5a8b0"
]
"isVulnPropagation": true,
"awsFargateVulnPropagationConfig": {}
}
}'
API Response
{
"profileUuid": "e130bba6-d8f4-47a0-ba34-194b74eaecdf"
}
Updated API: Update a Sensor Profile
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/sensorProfile/{sensorProfileId} |
| Method | PUT |
| DTD XSD Changes | No |
Input ParametersInput Parameters
The following table shows the newly added input parameter.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| isVulnPropagation | Mandatory | string | Apply vulnerability propagation to the sensor profile. Valid values: true or false |
Sample: Update a Sensor ProfileSample: Update a Sensor Profile
API Request
curl -X 'PUT' \
'<qualys_base_url>/csapi/v1.3/sensorProfile/a68e5092-70ad-426d-ace5-3933de8971bb' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '{
"profileName": "check_update_123",
"profileType": "General",
"description": "test1_update123",
"createdBy": "john_doe",
"updatedBy": "john_doe",
"config": {
"performanceManagement": {
"logSecurityLevel": "INFORMATION",
"maxNoOfArchivedLogFiles": 1,
"maxLogFileSize": 3
},
"vulnerabilityManagement": {
"containerScanningInterval": 0,
"imageExclusionRegexList": [
"string"
],
},
"globalScanningFlag": true,
"scanningPolicy": "DynamicWithStaticScanningAsFallback"
},
"performanceManagement": {
"maxNoOfArchivedLogFiles": 0,
"maxLogFileSize": 0,
"logSecurityLevel": "INFORMATION"
}
},
"associatedSensorIds": [
"096d96b4-c252-4c5b-835d-462109e5a8b0"
]
"isVulnPropagation": true,
"awsFargateVulnPropagationConfig": {}
}
}'
API Response
{
"profileUuid": "a68e5092-70ad-426d-ace5-3933de8971bb"
}
New API: Update a Default Sensor Profile
This is a newly introduced Container Security API in the Sensor Profile APIs. You can enable or disable vulnerability propagation for the clusters present in your default sensor profile.
| New or Updated APIs | New |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/sensorProfile/updateDefault |
| Method | PUT |
| DTD XSD Changes | No |
Input ParametersInput Parameters
The following table shows the newly added input parameters.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| isVulnPropagation | Mandatory | string | Apply vulnerability propagation to the sensor profile. Valid values: true or false |
| awsFargateVulnPropagationConfig | Mandatory | string | Vulnerability Propagation configuration section for AWS Fargate. |
| awsVuLnPropagationMode | Mandatory | string | Specify AWS Vulnerability Propagation mode. Valid values: ENABLE_VULNERABILITY_PROPAGATION_FOR_CLUSTERS DISABLE_VULNERABILITY_PROPAGATION_FOR_CLUSTERS |
| value | Mandatory | string | Specify the cluster name. For example, dev-cluster-01 |
Sample: Update a Default Sensor ProfileSample: Update a Default Sensor Profile
API Request
curl -X 'PUT' \
'<qualys_base_url>/csapi/v1.3/sensorProfile/updateDefault' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '{ "isVulnPropagation": true,
"awsFargateVulnPropagationConfig":
{ "awsVuLnPropagationMode": "ENABLE_VULNERABILITY_PROPAGATION_FOR_CLUSTERS",
"value": []
}
}'API Response
{ "profileUuid": "00000000-0000-0000-0000-000000000000"}
Qualys Locator Path (QLP)
With this release, Qualys Container Security provides a unique identification method to locate your containers. This method is known as Qualys Locator Path (QLP). To support this feature, the following APIs are updated.
To support this feature, the following Sensor Profile APIs are updated.
- Fetch a List of Containers in Your Account
GET /csapi/v1.3/containers - Fetch a List of Containers (Bulk API)
GET /csapi/v1.3/containers/list - Show Details of a Container
GET /csapi/v1.3/containers/{containerSha}
Updated API: Fetch a List of Containers in Your Account
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/containers |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch a List of Containers in Your AccountSample: Fetch a List of Containers in Your Account
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/containers' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>
API Response (Truncated)
{
"data": [
{
"imageId": null,
"created": "1769683837000",
"updated": "1770098009055",
"sha": "22da9d9829352f0624cea9d19d87ce7455c8f33d79bec59fb17e051d9df7e86f",
"uuid": "4272d723-0ee1-35f3-a9a2-22b52fb8e9cc",
"name": "arrax",
"host": {
"sensorUuid": "e8fe235d-e9d4-0722-1c08-2ef4621c02ea",
"hostname": "ip-10-82-8-16.ec2.internal",
"ipAddress": "10.82.8.16",
"ipV6Address": null,
"uuid": null,
"lastUpdated": "2026-02-03T05:53:28.674Z"
},
"state": "UNKNOWN",
"imageUuid": null,
"containerId": "22da9d982935",
"stateChanged": "1770098008584",
"lastVmScanDate": null,
"isRoot": null,
"vulnerabilities": {
"severity5Count": null,
"severity3Count": null,
"severity4Count": null,
"severity1Count": null,
"severity2Count": null
},
"exceptions": null,
"riskScore": null,
"riskScoreCalculatedDate": null,
"formulaUsed": null,
"maxQdsScore": null,
"qdsSeverity": null,
"isExposedToWorld": false,
"scanTypes": null,
"cluster": {
"name": "surtest-ekstest",
"uid": "957e3031-c6d1-4a00-9c7e-6406e1bc3bcb"
},
"criticality": 0,
"criticalityUpdated": "1770098008904",
"vulnPropagationDate": null,
"isVulnPropagated": null,
"sensorUuid": "e8fe235d-e9d4-0722-1c08-2ef4621c02ea",
"accountQlp": "aws://eks/us-east-1/362990800442",
"clusterQlp": "aws://eks/us-east-1/362990800442/surtest-ekstest",
"namespaceQlp": "aws://eks/us-east-1/362990800442/surtest-ekstest/default",
"podQlp": "aws://eks/us-east-1/362990800442/surtest-ekstest/default/arrax",
"containerQlp": "aws://eks/us-east-1/362990800442/surtest-ekstest/default/arrax/arrax",
"compliance": {
"failCount": 0,
"passCount": 0,
"errorCount": 0
},
"lastComplianceScanDate": null
},
{
"imageId": null,
"created": "1768943269000",
"updated": "1770681637791",
"sha": "495712abd7cb3177b31df1ccef7a9c5dd4c8511305b912489d9cd48202c057ad",
"uuid": "f666a77c-a59c-30c3-8787-2291d95d050e",
"name": "cluster",
"host": {
"sensorUuid": "e8fe235d-e9d4-0722-1c08-2ef4621c02ea",
"hostname": "ip-10-82-60-225.ec2.internal",
"ipAddress": "10.82.60.225",
"ipV6Address": null,
"uuid": null,
"lastUpdated": "2026-02-10T00:00:23.352Z"
},
"state": "DELETED",
"imageUuid": null,
"containerId": "495712abd7cb",
"stateChanged": "1770163289858",
"lastVmScanDate": null,
"isRoot": null,
"vulnerabilities": {
"severity5Count": null,
"severity3Count": null,
"severity4Count": null,
"severity1Count": null,
"severity2Count": null
},
"exceptions": null,
"riskScore": null,
"riskScoreCalculatedDate": null,
"formulaUsed": null,
"maxQdsScore": null,
"qdsSeverity": null,
"isExposedToWorld": false,
"scanTypes": null,
"cluster": {
"name": "surtest-ekstest",
"uid": "957e3031-c6d1-4a00-9c7e-6406e1bc3bcb"
},
"criticality": 0,
"criticalityUpdated": "1770163290313",
"vulnPropagationDate": null,
"isVulnPropagated": null,
"sensorUuid": "e8fe235d-e9d4-0722-1c08-2ef4621c02ea",
"accountQlp": "aws://eks/us-east-1/362990800442",
"clusterQlp": "aws://eks/us-east-1/362990800442/surtest-ekstest",
"namespaceQlp": "aws://eks/us-east-1/362990800442/surtest-ekstest/default",
"podQlp": "aws://eks/us-east-1/362990800442/surtest-ekstest/default/cluster-by-tag",
"containerQlp": "aws://eks/us-east-1/362990800442/surtest-ekstest/default/cluster-by-tag/cluster",
"compliance": {
"failCount": 0,
"passCount": 0,
"errorCount": 0
},
"lastComplianceScanDate": null
},
{
"imageId": null,
"created": "1768942801000",
"updated": "1770681638944",
"sha": "152f8ffb104795393f88ea204035b76efdd1c94b4dc99043b1be265245b05892",
"uuid": "edc6f562-20ab-318d-9823-f0be5d486add",
"name": "nginx-bala",
"host": {
"sensorUuid": "e8fe235d-e9d4-0722-1c08-2ef4621c02ea",
"hostname": "ip-10-82-10-133.ec2.internal",
"ipAddress": "10.82.10.133",
"ipV6Address": null,
"uuid": null,
"lastUpdated": "2026-02-10T00:00:24.276Z"
},
"state": "DELETED",
"imageUuid": null,
"containerId": "152f8ffb1047",
"stateChanged": "1770097770849",
"lastVmScanDate": null,
"isRoot": null,
"vulnerabilities": {
"severity5Count": null,
"severity3Count": null,
"severity4Count": null,
"severity1Count": null,
"severity2Count": null
},
"exceptions": null,
"riskScore": null,
"riskScoreCalculatedDate": null,
"formulaUsed": null,
"maxQdsScore": null,
"qdsSeverity": null,
"isExposedToWorld": false,
"scanTypes": null,
"cluster": {
"name": "surtest-ekstest",
"uid": "957e3031-c6d1-4a00-9c7e-6406e1bc3bcb"
},
"criticality": 0,
"criticalityUpdated": "1770097771403",
"vulnPropagationDate": null,
"isVulnPropagated": null,
"sensorUuid": "e8fe235d-e9d4-0722-1c08-2ef4621c02ea",
"accountQlp": "aws://eks/us-east-1/362990800442",
"clusterQlp": "aws://eks/us-east-1/362990800442/surtest-ekstest",
"namespaceQlp": "aws://eks/us-east-1/362990800442/surtest-ekstest/default",
"podQlp": "aws://eks/us-east-1/362990800442/surtest-ekstest/default/nginx-bala",
"containerQlp": "aws://eks/us-east-1/362990800442/surtest-ekstest/default/nginx-bala/nginx-bala",
"compliance": {
"failCount": 0,
"passCount": 0,
"errorCount": 0
},
"lastComplianceScanDate": null
}
Updated API: Fetch a List of Containers (Bulk API)
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/containers/list |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch a List of Containers (Bulk API)Sample: Fetch a List of Containers (Bulk API)
API Request
curl -X 'GET' \ ' /csapi/v1.3/containers/list' \ -H 'accept: application/json' \ -H 'Authorization: Bearer
API Response (Truncated)
{
"data": [
{
"portMapping": null,
"imageId": null,
"created": "1744282729000",
"updated": "1770681634747",
"label": null,
"uuid": "36d25b77-27a3-3873-983f-de9091bc4bbf",
"sha": "4565583185fbb36f1a4521e9fa8cba525d7216e991f9ae937112a0a2808c9dd5",
"privileged": true,
"path": null,
"imageSha": null,
"imageDigest": "e35758d5c52ef46b9e0e1c66774e42c5ee74a3bfadb4c82a9152adbb1266e822",
"macAddress": null,
"customerUuid": "7d80136c-2f05-4d22-8076-4af283a03921",
"ipv4": "10.82.10.133",
"ipv6": null,
"name": "kube-proxy",
"host": {
"sensorUuid": "e8fe235d-e9d4-0722-1c08-2ef4621c02ea",
"hostname": "ip-10-82-10-133.ec2.internal",
"ipAddress": "10.82.10.133",
"ipV6Address": null,
"uuid": null,
"lastUpdated": "2026-02-10T00:00:24.621Z"
},
"hostArchitecture": [
"amd64"
],
"state": "DELETED",
"imageUuid": null,
"containerId": "4565583185fb",
"stateChanged": "1770097771476",
"services": null,
"users": null,
"operatingSystem": null,
"lastScanned": null,
"source": "CLUSTER",
"sources": [
"CLUSTER"
],
"riskScore": null,
"riskScoreCalculatedDate": null,
"formulaUsed": null,
"maxQdsScore": null,
"qdsSeverity": null,
"scanTypes": null,
"criticality": 0,
"criticalityUpdated": "1767690420863",
"isVulnPropagated": null,
"vulnPropagationDate": null,
"sensorUuid": "e8fe235d-e9d4-0722-1c08-2ef4621c02ea",
"accountQlp": "aws://eks/us-east-1/362990800442",
"clusterQlp": "aws://eks/us-east-1/362990800442/surtest-ekstest",
"namespaceQlp": "aws://eks/us-east-1/362990800442/surtest-ekstest/kube-system",
"podQlp": "aws://eks/us-east-1/362990800442/surtest-ekstest/kube-system/kube-proxy",
"containerQlp": "aws://eks/us-east-1/362990800442/surtest-ekstest/kube-system/kube-proxy/kube-proxy",
"environment": [
"NODE_NAME="
],
"arguments": null,
"command": "[\"kube-proxy\",\"--hostname-override=$(NODE_NAME)\",\"--config=/var/lib/kube-proxy-config/config\",\"--v=2\"]",
"drift": null,
"vulnerabilities": null,
"softwares": null,
"isDrift": false,
"isRoot": null,
"cluster": {
"type": "KUBERNETES",
"name": "surtest-ekstest",
"uid": "957e3031-c6d1-4a00-9c7e-6406e1bc3bcb",
"version": null,
"k8s": {
"project": null,
"pod": {
"name": "kube-proxy-wrs8v",
"uuid": "c0f40525-ef90-4c56-b80e-fae2cdbc07a2",
"namespace": "kube-system",
"namespaceMetadata": null,
"label": null,
"controller": null
},
"node": {
"name": "ip-10-82-10-133.ec2.internal",
"isMaster": false
}
}
},
"k8sExposure": null
},
{
"portMapping": null,
"imageId": null,
"created": "1744282730000",
"updated": "1770681639273",
"label": null,
"uuid": "74833548-8719-3622-a00f-b62479a60c82",
"sha": "f7e8a336a17a92e6903f57e66b8335bf1ca6f8742dd1588ed215a135e8c971d8",
"privileged": true,
"path": null,
"imageSha": null,
"imageDigest": "4a3092b8ca1f720439a371af6206d7943d8e499518b5ede867474740c2b7c6ab",
"macAddress": null,
"customerUuid": "7d80136c-2f05-4d22-8076-4af283a03921",
"ipv4": "10.82.10.133",
"ipv6": null,
"name": "aws-vpc-cni-init",
"host": {
"sensorUuid": "e8fe235d-e9d4-0722-1c08-2ef4621c02ea",
"hostname": "ip-10-82-10-133.ec2.internal",
"ipAddress": "10.82.10.133",
"ipV6Address": null,
"uuid": null,
"lastUpdated": "2026-02-10T00:00:24.522Z"
},
"hostArchitecture": [
"amd64"
],
"state": "DELETED",
"imageUuid": null,
"containerId": "f7e8a336a17a",
"stateChanged": "1767690414160",
"services": null,
"users": null,
"operatingSystem": null,
"lastScanned": null,
"source": "CLUSTER",
"sources": [
"CLUSTER"
],
"riskScore": null,
"riskScoreCalculatedDate": null,
"formulaUsed": null,
"maxQdsScore": null,
"qdsSeverity": null,
"scanTypes": null,
"criticality": 0,
"criticalityUpdated": "1767690421655",
"isVulnPropagated": null,
"vulnPropagationDate": null,
"sensorUuid": "e8fe235d-e9d4-0722-1c08-2ef4621c02ea",
"accountQlp": "aws://eks/us-east-1/362990800442",
"clusterQlp": "aws://eks/us-east-1/362990800442/surtest-ekstest",
"namespaceQlp": "aws://eks/us-east-1/362990800442/surtest-ekstest/kube-system",
"podQlp": "aws://eks/us-east-1/362990800442/surtest-ekstest/kube-system/aws-node",
"containerQlp": "aws://eks/us-east-1/362990800442/surtest-ekstest/kube-system/aws-node/aws-vpc-cni-init",
"environment": [
"DISABLE_TCP_EARLY_DEMUX=false",
"ENABLE_IPv6=false"
],
"arguments": null,
"command": "null",
"drift": null,
"vulnerabilities": null,
"softwares": null,
"isDrift": false,
"isRoot": null,
"cluster": {
"type": "KUBERNETES",
"name": "surtest-ekstest",
"uid": "957e3031-c6d1-4a00-9c7e-6406e1bc3bcb",
"version": null,
"k8s": {
"project": null,
"pod": {
"name": "aws-node-cvkm5",
"uuid": "cf2785d0-9756-4613-be51-0de9d2b2ff02",
"namespace": "kube-system",
"namespaceMetadata": null,
"label": null,
"controller": null
},
"node": {
"name": "ip-10-82-10-133.ec2.internal",
"isMaster": false
}
}
},
"k8sExposure": null
},
.
.
.
.
.
],
"limit": 50
}
Updated API: Fetch Details of a Container
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/containers/{containerSha} |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch Details of a ContainerSample: Fetch Details of a Container
API Request
curl -X 'GET'\ '<qualys_base_url>/csapi/v1.3/containers/152f8ffb104795393f88ea204035b76efdd1c94b4dc99043b1be265245b05892' \
API Response
{
"portMapping": null,
"imageId": null,
"created": "1768942801000",
"updated": "1770681638944",
"label": null,
"uuid": "edc6f562-20ab-318d-9823-f0be5d486add",
"sha": "152f8ffb104795393f88ea204035b76efdd1c94b4dc99043b1be265245b05892",
"privileged": false,
"path": null,
"imageSha": null,
"imageDigest": "c881927c4077710ac4b1da63b83aa163937fb47457950c267d92f7e4dedf4aec",
"macAddress": null,
"customerUuid": "7d80136c-2f05-4d22-8076-4af283a03921",
"ipv4": "10.82.8.31",
"ipv6": null,
"name": "nginx-bala",
"host": {
"sensorUuid": "e8fe235d-e9d4-0722-1c08-2ef4621c02ea",
"hostname": "ip-10-82-10-133.ec2.internal",
"ipAddress": "10.82.10.133",
"ipV6Address": null,
"uuid": null,
"lastUpdated": "2026-02-10T00:00:24.276Z"
},
"hostArchitecture": [
"amd64"
],
"state": "DELETED",
"imageUuid": null,
"containerId": "152f8ffb1047",
"stateChanged": "1770097770849",
"services": null,
"users": null,
"operatingSystem": null,
"lastScanned": null,
"source": "CLUSTER",
"sources": [
"CLUSTER"
],
"riskScore": null,
"riskScoreCalculatedDate": null,
"formulaUsed": null,
"maxQdsScore": null,
"qdsSeverity": null,
"scanTypes": null,
"criticality": 0,
"criticalityUpdated": "1770097771403",
"isVulnPropagated": null,
"vulnPropagationDate": null,
"sensorUuid": "e8fe235d-e9d4-0722-1c08-2ef4621c02ea",
"accountQlp": "aws://eks/us-east-1/362990800442",
"clusterQlp": "aws://eks/us-east-1/362990800442/surtest-ekstest",
"namespaceQlp": "aws://eks/us-east-1/362990800442/surtest-ekstest/default",
"podQlp": "aws://eks/us-east-1/362990800442/surtest-ekstest/default/nginx-bala",
"containerQlp": "aws://eks/us-east-1/362990800442/surtest-ekstest/default/nginx-bala/nginx-bala",
"environment": null,
"arguments": null,
"command": "null",
"drift": null,
"vulnerabilities": [],
"softwares": null,
"isDrift": false,
"isRoot": null,
"lastComplianceScanned": null,
"cluster": {
"type": "KUBERNETES",
"name": "surtest-ekstest",
"uid": "957e3031-c6d1-4a00-9c7e-6406e1bc3bcb",
"version": null,
"k8s": {
"project": null,
"pod": {
"name": "nginx-bala",
"uuid": "84b30a9c-364d-4b5a-b1b5-a09e3db402e3",
"namespace": "default",
"namespaceMetadata": null,
"label": null,
"controller": null
},
"node": {
"name": "ip-10-82-10-133.ec2.internal",
"isMaster": false
}
}
},
"cloudProvider": {
"aws.ecs.container.subnetId": null,
"aws.eks.accountId": "362990800442",
"aws.ecs.clusterName": null,
"aws.ecs.container.macAddress": null,
"aws.ecs.region.code": null,
"aws.ecs.container.id": null,
"aws.ecs.accountId": null,
"aws.eks.arn": "arn:aws:eks:us-east-1:362990800442:cluster/surtest-ekstest",
"aws.eks.region": "us-east-1"
},
"exceptions": null,
"k8sExposure": null
}
Firstfound Field in Image APIs
With this release, Qualys Container Security now shows you when an image was first found. To support this, 'firstFound' field is added in below APIs.
Updated API: Fetch a List of Images in your Account
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/images |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch a List of Images in your AccountSample: Fetch a List of Images in your Account
API Request
curl -X "GET"
"<qualys_base_url>/csapi/v1.3/images?pageNumber=1&pageSize=50&sort=created%3Adesc"
-H "accept: application/json"
-H "Authorization: Bearer <token>"
API Response
{
"data": [
{
"created": "1771333027000",
"updated": "1771335262333",
"firstFound": "1771320738422",
"lastUsedDate": null,
"sha": "35a393e08e7f498eedd1e838a02154d2ac8238eaeb567e8b2b8218f601ff5b4d",
"repo": [
{
"registry": "docker.io",
"tag": "ulib7",
"repository": "qualysdockerhub/testjd"
}
],
"repoDigests": null,
"uuid": "d7c7774d-d355-3184-8d83-accb0f76ea77",
"size": 221427011,
"vulnerabilities": {
"severity5Count": 0,
"severity3Count": 0,
"severity4Count": 0,
"severity1Count": 0,
"severity2Count": 0
},
"imageId": "35a393e08e7f",
"associatedContainersCount": 1,
"associatedHostsCount": 1,
"lastVmScanDate": "1771335261962",
"registryUuid": null,
"source": [
"GENERAL"
],
"isDockerHubOfficial": false,
"scanType": null,
"scanTypes": [
"STATIC",
"SCA"
],
"scanErrorCode": null,
"scanStatus": "SUCCESS",
"lastFoundOnHost": {
"sensorUuid": "256e237b-f5b4-4888-9ca8-78357debdf3f",
"hostname": "ip-10-82-62-69",
"ipAddress": "10.82.62.69",
"ipV6Address": "",
"uuid": "f3d92b24-46ed-46b1-9626-b76c4662b8fb",
"lastUpdated": "2026-02-17T13:01:34.686Z"
},
"exceptions": null,
"riskScore": 0,
"riskScoreCalculatedDate": "1771335261960",
"maxQdsScore": null,
"qdsSeverity": null,
"lastScannedBySensor": "256e237b-f5b4-4888-9ca8-78357debdf3f",
"scanErrorMessage": null,
"criticality": 0,
"criticalityUpdated": "1771333294446",
"baseImage": null,
"childImagesCount": 0,
"sbomLayerProcessingTimestamp": null,
"baseImageProcessingTimestamp": null,
"isContinuouslyAssessed": false,
"lastAssessed": null,
"compliance": {
"failCount": 2,
"passCount": 0,
"errorCount": 0
},
"lastComplianceScanDate": "1771333283062"
}
],
"count": 1
}
Updated API: Fetch a List of Images (Bulk API)
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/images/list |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch a List of Images (Bulk API)Sample: Fetch a List of Images (Bulk API)
API Request
curl -X "GET"
"<qualys_base_url>/csapi/v1.3/images/list?filter=imagesInUse:'[now-7d ... now]'&limit=2&scanDetails=malware%2C%20secrets"
-H "accept: application/json"
-H "Authorization: Bearer <token>"
API Response
{
"data": [
{
"created": "1472581305000",
"updated": "1724323293607",
"firstFound": "1771320738422",
"author": "jack_reader",
"repo": [
{
"registry": "jack-dee.com:5001",
"tag": "fedora22",
"repository": "multi-os-images"
},
{
"registry": "docker.io",
"tag": "22",
"repository": "fedora"
}
],
"repoDigests": [
{
"registry": "docker.io",
"digest": "dea6d6d845c3eba400289b61444ce193dd3df73f8ac70fb60fb6ed39718e111c",
"repository": "jr1/alpine-amd64"
},
{
"registry": "sjc.ocir.io",
"digest": "dea6d6d845c3eba400289b61444ce193dd3df73f8ac70fb60fb6ed39718e111c",
"repository": "axtqwmwbaayf/acme"
}
],
"label": [],
"uuid": "d165a97b-7e10-3f0b-acb9-eac7c39d1532",
"sha": "01a9fe974dba61470137158fc1987884ea1f2333ae60c7f76562dbae02739ada",
"operatingSystem": "Fedora 22",
"customerUuid": "af24ca38-27a8-6bd9-8241-5ec3c9eecdb5",
"dockerVersion": "1.12.1",
"size": 188728229,
"layers": [
{
"size": "188728229",
"createdBy": "ADD file:e14b712e5cfef28691da81e314415790d59685a366414f6be248b871e42d4436 in / ",
"created": "1472581305000",
"comment": "",
"id": "01a9fe974dba",
"sha": "01a9fe974dba61470137158fc1987884ea1f2333ae60c7f76562dbae02739ada",
"tags": [
"sjc.ocir.io/axtqwmwbaayf/acme:fedora",
"jack-dee.com:5001/multi-os-images:fedora22",
"alpine-amd64:fedora",
"fedora:22",
"sjc.ocir.io/axtqwmwbaayf/public-1:centos",
"msftlongregistryandreponametest.azurecr.io/test1/test2:tag"
],
"layerNumber": null,
"isBaseLayer": null,
"isEmptyLayer": null
},
{
"size": "0",
"createdBy": "jack_reader",
"created": "1472581297000",
"comment": "",
"id": null,
"sha": null,
"tags": null,
"layerNumber": null,
"isBaseLayer": null,
"isEmptyLayer": null
}
],
"architecture": "amd64",
"imageId": "01a9fe974dba",
"lastScanned": "1724323293607",
"registryUuid": null,
"source": [
"GENERAL"
],
"users": [],
"lastFoundOnHost": {
"sensorUuid": "75e30f2f-05f5-413f-9baf-0095b39347ad",
"hostname": "localhost.localdomain",
"ipAddress": "10.115.97.76",
"uuid": "62fe1baa-0311-0002-ca34-0050568cd03b",
"lastUpdated": "2024-08-22T10:52:22.065Z"
},
"lastUsedDate": null,
"isDockerHubOfficial": null,
"scanType": null,
"scanTypes": [
"STATIC"
],
"softwares": [
"name": "rpm-plugin-selinux",
"version": "4.12.0.1-14.fc22",
"fixVersion": null,
"scanType": "STATIC",
"packagePath": null
"lifecycle": {
"stage": "GA",
"lifeCycleConfidence": "Exact",
"eol": "-631152000000",
"eos": "-631152000000",
"ga": "1705622400000"
},
{
"name": "deltarpm",
"version": "3.6-8.fc22",
"fixVersion": null,
"scanType": "STATIC",
"packagePath": null
"lifecycle": {
"stage": "GA",
"lifeCycleConfidence": "Exact",
"eol": "-631152000000",
"eos": "-631152000000",
"ga": "1705622400000"
},
],
"vulnerabilities": [
{
"qid": 124975,
"result": null,
"software": [
{
"name": "libssh2",
"version": "1.5.0-1.fc22",
"fixVersion": "1.5.0-2.fc22",
"scanType": "STATIC",
"packagePath": null
}
],
"lastFound": "1724323293564",
"firstFound": "1724323293564",
"typeDetected": "CONFIRMED",
"scanType": [
"STATIC"
]
},
{
"qid": 106008,
"result": null,
"software": null,
"lastFound": "1724323293573",
"firstFound": "1724323293573",
"typeDetected": "CONFIRMED",
"scanType": [
"STATIC"
]
}
],
"malware": null,
"secrets": null,
"lastMalwareScanned": null,
"riskScore": null,
"riskScoreCalculatedDate": null,
"maxQdsScore": null,
"qdsSeverity": null,
"criticality": 5,
"criticalityUpdated": 1717098843553
},
{
"created": "1490217199000",
"updated": "1724323252042",
"firstFound": "1771320738422"
"author": "",
"repo": [
{
"registry": "docker.io",
"tag": "latest",
"repository": "iojs"
},
{
"registry": "dockregtest01.jack-dee.com:5000",
"tag": "latest",
"repository": "iojs"
}
],
"repoDigests": [
{
"registry": "docker.io",
"digest": "e9c867712191ac0d35041268feed489bcaaf9c1169296ca780ba4be03ca4610c",
"repository": "iojs"
},
{
"registry": "dockregtest01.jack-dee.com:5000",
"digest": "ebe3fd385e36a8bbfae06e1f8c1e88a4abfce10dbfc4b8b339d3c0df072ee9f4",
"repository": "iojs"
}
],
"label": [],
"uuid": "1ea83c91-0ef9-3c50-9fdc-d7d3551fb59a",
"sha": "fdab38ea8e39d1bd42b3ef244e6ea4f85a72b41608c6f372bd9de4ba900b4f99",
"operatingSystem": null,
"customerUuid": "af24ca38-27a8-6bd9-8241-5ec3c9eecdb5",
"dockerVersion": "1.12.6",
"size": 648592935,
"layers": [
{
"size": "322890800",
"createdBy": "set -ex; \g-dev \/*",
"created": "1490123534000",
"comment": "",
"id": null,
"sha": null,
"tags": null,
"layerNumber": null,
"isBaseLayer": null,
"isEmptyLayer": null
},
{
"size": "122928427",
"createdBy": "apt-get update && apt-get install -y --no-install-recommends \t\tbzr \t\tgit \t\tmercurial \t\topenssh-client \t\tsubversion \t\t\t\tprocps \t&& rm -rf /var/lib/apt/lists/*",
"created": "1490123476000",
"comment": "",
"id": null,
"sha": null,
"tags": null,
"layerNumber": null,
"isBaseLayer": null,
"isEmptyLayer": null
},
],
"architecture": "amd64",
"imageId": "fdab38ea8e39",
"lastScanned": null,
"registryUuid": null,
"source": [
"GENERAL"
],
"users": null,
"lastFoundOnHost": {
"sensorUuid": "75e30f2f-05f5-413f-9baf-0095b39347ad",
"hostname": "localhost.localdomain",
"ipAddress": "10.***.*7.7*",
"uuid": "62fe1baa-0311-0002-ca34-0050568cd03b",
"lastUpdated": "2024-08-22T10:52:22.065Z"
},
"lastUsedDate": null,
"isDockerHubOfficial": null,
"scanType": null,
"scanTypes": null,
"softwares": null,
"vulnerabilities": null,
"malware": null,
"secrets": null,
"lastMalwareScanned": null,
"riskScore": null,
"riskScoreCalculatedDate": null,
"maxQdsScore": null,
"qdsSeverity": null
"criticality": 5,
"criticalityUpdated": 1717098843553
}
],
"limit": 2
}