Container Security Release 1.43 API
May 13, 2026
Before understanding the API release highlights, refer to the Know Your Qualys API Server URL section to learn about the API server URL used in your API requests.
For these API Release Notes, we use <qualys_base_url> in the sample API requests.
With the Container Security 1.43 release, the we have made the following enhancements in CS APIs.
- Compliance Posture for an Image
- Vulnerability Details for an image
- Enhancement in Asset Tagging
- Enhanced Policy Rule Compliance
- New Report Template - Image Softwares
- Improvement in Dynamic Tags
Compliance Posture for an Image
Qualys Container Security now supports image-compliance scanning. It allows you to evaluate and report compliance during image scans. This capability strengthens control over the container compliance posture and simplifies compliance validation within existing security workflows.
This release expands compliance coverage with the addition of the following controls:
- Control ID 19388
- Control ID 19386
- Control ID 19378
These controls improve visibility into compliance risks and enable more accurate policy enforcement during image scanning.
To enhance risk prioritization and improve clarity, this release updates the criticality levels as follows:
- LOW: Renamed from MINIMAL
- MEDIUM: Combines MEDIUM and SERIOUS
- HIGH: Combines CRITICAL and URGENT
The following API includes updated policy compliance details for images.
Fetch Compliance Posture for an Image
/csapi/v1.3/images/{imageSha}/compliance
Updated API: Fetch Compliance Posture for an Image
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /v1.3/images/{imageSha}/compliance |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch Compliance Posture for an ImageSample: Fetch Compliance Posture for an Image
API Request
curl -X 'GET' \ '<qualys_base_url>/csapi/v1.3/images/2724e40d4303391e1a46884134da358e20a6d0b03f32ee6c412079ddb4ac6783/compliance' \ -H 'accept: application/json' \ -H 'Authorization: Bearer <token>'
API Response
{
"uuid": "9badf287-5629-33a0-8059-3673720ddd11",
"sha": "1111e40d4303391e1a46884134da358e20a6d0b03f32ee6c412079ddb4ac1111",
"customerUuid": "1162741d-fb3f-6d14-824e-762226d61411",
"created": "1728035800000",
"updated": "1773727409392",
"controls": [
{
"controlId": 19388,
"policyUuid": "e07da90a-dc32-48e0-9bbb-2eae68012333",
"technologyId": 283,
"criticality": "MEDIUM",
"posture": "FAIL",
"lastEvaluated": "1773727201621",
"datapoints": [],
"statement": null,
"findings": [
"USER not created"
]
},
{
"controlId": 19386,
"policyUuid": "e07da90a-dc32-48e0-9bbb-2eae68012333",
"technologyId": 283,
"criticality": "MEDIUM",
"posture": "FAIL",
"lastEvaluated": "1773727202110",
"datapoints": [],
"statement": null,
"findings": [
"update instruction found in layer #5",
"update instruction found in layer #3",
"update instruction found in layer #9"
]
},
{
"controlId": 10826,
"policyUuid": "e07da90a-dc32-48e0-9bbb-2eae68012333",
"technologyId": 283,
"criticality": "MEDIUM",
"posture": "FAIL",
"lastEvaluated": "1773727201866",
"datapoints": [],
"statement": null,
"findings": [
"HEALTHCHECK not configured"
]
},
{
"controlId": 19511,
"policyUuid": "e07da90a-dc32-48e0-9bbb-2eae68012333",
"technologyId": 283,
"criticality": "MEDIUM",
"posture": "PASS",
"lastEvaluated": "1773727202355",
"datapoints": [],
"statement": null,
"findings": []
},
{
"controlId": 19378,
"policyUuid": "e07da90a-dc32-48e0-9bbb-2eae68012333",
"technologyId": 283,
"criticality": "HIGH",
"posture": "PASS",
"lastEvaluated": "1773727202600",
"datapoints": [],
"statement": null,
"findings": []
}
],
"lastComplianceScanned": "1773727203912"
}
Vulnerability Details for an Image
Qualys Container Security now supports AI QIDs, which help to get more vulnerability counts associated with AI packages or files. To support this, the following API includes updated vulnerability details for an image.
Fetch Vulnerability Details for an Image
/csapi/v1.3/images/{imageSha}/vul
Updated API: Fetch Vulnerability Details for an Image
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /v1.3/images/{imageSha}/vul |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch Vulnerability Details for an ImageSample: Fetch Vulnerability Details for an Image
API Request
curl -X 'GET' \ '<qualys_base_url>/csapi/v1.3/images/09b90c8c603ca0sdhdsdXXXXX74bb56184194XXXbb67cf519a8bccb5d6d671e01bdb/vuln?type=ALL&sort=vulnerabilities.qid%3Aasc&applyException=true' \ -H 'accept: application/json' \ -H 'Authorization: Bearer <token>'
API Response
We have added igs parameters in the patchAvailability and vulnSummary columns.
{
"details": [
{
"vulnerability": null,
"result": "#table cols=\"3\"\nPackage Installed_Version Required_Version\nmusl 1.2.5-r21 1.2.5-r22\nmusl-utils 1.2.5-r21 1.2.5-r22",
"lastFound": "1777350753212",
"firstFound": "1777350753212",
"severity": 2,
"customerSeverity": 2,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 20,
"category": "Alpine Linux",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"VM",
"CA-Linux Agent",
"CS-Linux"
],
"product": [
"musl"
],
"vendor": [
"alpine"
],
"cveids": [
"CVE-2026-6042"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": true,
"highLateralMovement": null,
"easyExploit": true,
"highDataLoss": null,
"noPatch": null,
"denialOfService": null,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null,
"wormable": null,
"predictedHighRisk": null,
"privilegeEscalation": null,
"unauthenticatedExploitation": null,
"remoteCodeExecution": null,
"ransomware": null,
"solorigateSunburst": null,
"cisaKnownExploitedVulns": null
},
"qid": 6563639,
"title": "Alpine Linux 3.23 Security Update for musl",
"cvssInfo": {
"baseScore": "1.7",
"temporalScore": "1.4",
"accessVector": "Local"
},
"cvss3Info": {
"baseScore": "3.3",
"temporalScore": "3.0"
},
"patchAvailable": true,
"published": 1776085539000,
"scanType": [
"DYNAMIC"
],
"qdsScore": 37,
"isExempted": false,
"vendorData": null,
"software": [
{
"name": "musl",
"version": "1.2.5-r21",
"scanType": "DYNAMIC",
"packagePath": null,
"type": null,
"ignoredReason": null,
"lifecycle": null,
"isAiSoftware": null,
"fixVersion": "1.2.5-r22",
"vulnerabilities": null
},
{
"name": "musl-utils",
"version": "1.2.5-r21",
"scanType": "DYNAMIC",
"packagePath": null,
"type": null,
"ignoredReason": null,
"lifecycle": null,
"isAiSoftware": null,
"fixVersion": "1.2.5-r22",
"vulnerabilities": null
}
],
"layerSha": [
"989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e"
]
},
{
"vulnerability": null,
"result": "#table cols=\"3\"\nPackage Installed_Version Required_Version\nmusl 1.2.5-r21 1.2.5-r23\nmusl-utils 1.2.5-r21 1.2.5-r23",
"lastFound": "1777350753210",
"firstFound": "1777350753210",
"severity": 4,
"customerSeverity": 4,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 40,
"category": "Alpine Linux",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"VM",
"CA-Linux Agent",
"CS-Linux"
],
"product": [
"musl"
],
"vendor": [
"alpine"
],
"cveids": [
"CVE-2026-40200"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": null,
"highLateralMovement": true,
"easyExploit": null,
"highDataLoss": null,
"noPatch": null,
"denialOfService": null,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null,
"wormable": null,
"predictedHighRisk": null,
"privilegeEscalation": true,
"unauthenticatedExploitation": null,
"remoteCodeExecution": null,
"ransomware": null,
"solorigateSunburst": null,
"cisaKnownExploitedVulns": null
},
"qid": 6563633,
"title": "Alpine Linux 3.23 Security Update for musl",
"cvssInfo": {
"baseScore": "5.4",
"temporalScore": "4.0",
"accessVector": "Adjacent Network"
},
"cvss3Info": {
"baseScore": "8.1",
"temporalScore": "7.1"
},
"patchAvailable": true,
"published": 1776085539000,
"scanType": [
"DYNAMIC"
],
"qdsScore": 35,
"isExempted": false,
"vendorData": null,
"software": [
{
"name": "musl",
"version": "1.2.5-r21",
"scanType": "DYNAMIC",
"packagePath": null,
"type": null,
"ignoredReason": null,
"lifecycle": null,
"isAiSoftware": null,
"fixVersion": "1.2.5-r23",
"vulnerabilities": null
},
{
"name": "musl-utils",
"version": "1.2.5-r21",
"scanType": "DYNAMIC",
"packagePath": null,
"type": null,
"ignoredReason": null,
"lifecycle": null,
"isAiSoftware": null,
"fixVersion": "1.2.5-r23",
"vulnerabilities": null
}
],
"layerSha": [
"989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e"
]
},
{
"vulnerability": null,
"result": "#table cols=\"3\"\nPackage Installed_Version Required_Version\nlibcrypto3 3.5.5-r0 3.5.6-r0\nlibssl3 3.5.5-r0 3.5.6-r0",
"lastFound": "1777350753207",
"firstFound": "1777350753207",
"severity": 4,
"customerSeverity": 4,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 40,
"category": "Alpine Linux",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"VM",
"CA-Linux Agent",
"CS-Linux"
],
"product": [
"openssl"
],
"vendor": [
"alpine"
],
"cveids": [
"CVE-2026-2673",
"CVE-2026-28387",
"CVE-2026-28388",
"CVE-2026-28389",
"CVE-2026-28390",
"CVE-2026-31789",
"CVE-2026-31790"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": null,
"highLateralMovement": null,
"easyExploit": true,
"highDataLoss": null,
"noPatch": null,
"denialOfService": null,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null,
"wormable": null,
"predictedHighRisk": null,
"privilegeEscalation": null,
"unauthenticatedExploitation": null,
"remoteCodeExecution": null,
"ransomware": null,
"solorigateSunburst": null,
"cisaKnownExploitedVulns": null
},
"qid": 6563620,
"title": "Alpine Linux 3.23 Security Update for Open Secure Sockets Layer (OpenSSL)",
"cvssInfo": {
"baseScore": "7.5",
"temporalScore": "5.5",
"accessVector": "Network"
},
"cvss3Info": {
"baseScore": "7.5",
"temporalScore": "6.5"
},
"patchAvailable": true,
"published": 1776085523000,
"scanType": [
"DYNAMIC"
],
"qdsScore": 65,
"isExempted": false,
"vendorData": null,
"software": [
{
"name": "libssl3",
"version": "3.5.5-r0",
"scanType": "DYNAMIC",
"packagePath": null,
"type": null,
"ignoredReason": null,
"lifecycle": null,
"isAiSoftware": null,
"fixVersion": "3.5.6-r0",
"vulnerabilities": null
},
{
"name": "libcrypto3",
"version": "3.5.5-r0",
"scanType": "DYNAMIC",
"packagePath": null,
"type": null,
"ignoredReason": null,
"lifecycle": null,
"isAiSoftware": null,
"fixVersion": "3.5.6-r0",
"vulnerabilities": null
}
],
"layerSha": [
"989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e"
]
},
{
"vulnerability": null,
"result": "#table cols=\"3\"\nPackage Installed_Version Required_Version\nzlib 1.3.1-r2 1.3.2-r0",
"lastFound": "1777350753204",
"firstFound": "1777350753204",
"severity": 2,
"customerSeverity": 2,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 20,
"category": "Alpine Linux",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"VM",
"CA-Linux Agent",
"CS-Linux"
],
"product": [
"zlib"
],
"vendor": [
"alpine"
],
"cveids": [
"CVE-2026-22184",
"CVE-2026-27171"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": true,
"highLateralMovement": true,
"easyExploit": null,
"highDataLoss": null,
"noPatch": null,
"denialOfService": null,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null,
"wormable": null,
"predictedHighRisk": null,
"privilegeEscalation": null,
"unauthenticatedExploitation": null,
"remoteCodeExecution": null,
"ransomware": null,
"solorigateSunburst": null,
"cisaKnownExploitedVulns": null
},
"qid": 6563533,
"title": "Alpine Linux 3.23 Security Update for zlib",
"cvssInfo": {
"baseScore": "5.4",
"temporalScore": "4.3",
"accessVector": "Adjacent Network"
},
"cvss3Info": {
"baseScore": "7.8",
"temporalScore": "7.0"
},
"patchAvailable": true,
"published": 1773062754000,
"scanType": [
"DYNAMIC"
],
"qdsScore": 37,
"isExempted": false,
"vendorData": null,
"software": [
{
"name": "zlib",
"version": "1.3.1-r2",
"scanType": "DYNAMIC",
"packagePath": null,
"type": null,
"ignoredReason": null,
"lifecycle": null,
"isAiSoftware": null,
"fixVersion": "1.3.2-r0",
"vulnerabilities": null
}
],
"layerSha": [
"989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e"
]
}
],
"vulnSummary": {
"confirmed": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 2,
"sev4Count": 2,
"sev3Count": 0
},
"potential": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 0,
"sev3Count": 0
},
"igs": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 0,
"sev3Count": 0
},
"patchAvailability": {
"confirmed": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 2,
"sev4Count": 2,
"sev3Count": 0
},
"potential": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 0,
"sev3Count": 0
},
"igs": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 0,
"sev3Count": 0
}
}
}
}
Enhancement in Asset Tagging
Qualys Container Security now supports two new fields: entitySha and tagName to the assign tag API. The entitySha field helps you identify the target image or container when the entity UUID is not provided. The tagName specifies the tag to assign, and creates the tag if it does not already exist.
The following API is updated to support the Assign Tag template.
Assign Tag to an Asset
/csapi/v1.3/tag/assign
Updated API: Assign Tag to an Asset
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/tag/assign |
| Method | POST |
| DTD XSD Changes | No |
Input ParametersInput Parameters
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| entitySha | Mandatory | string | Identify the target image or container when the entity UUID is not provided |
| tagName | Mandatory | string | Specify the tag to assign by name, and trigger tag creation if the tag does not already exist |
At least one of the following must be provided for tag assignment: entitySha or entityUUID, and tagName or tagUuid
Sample: Assign Tag to an AssetSample: Assign Tag to an Asset
API Request
curl -X "POST"
"<qualys_base_url>/csapi/v1.3/tag/assign"
-H "accept: application/json"
-H "Authorization: Bearer <token>"
-H "Content-Type: application/json"
-d "{
"entitySha": "string",
"entityType": "IMAGE / CONTAINER",
"entityUUID": "string",
"moduleCode": "string",
"subscriptionId": "string",
"tagsToAdd": [
{
"isCascadeToContainer": true,
"tagName": "string",
"tagUuid": "string"
}
]
}
API Response
{
"entityUUID": "string"
}
Enhancement in Policy Rule Compliance
We have enhanced the policy rule compliance for Centralized Policy (CICD) and the Kubernetes (K8S) admission controller policy.
Centralized Image Assessment Policy and K8S Admission Controller Policy
While creating a CICD policy, Qualys Container Security now supports new compliance-related rules for image scan, such as Block known compliance using Controls and Limit Compliance using Criticality.
Similarly, while creating a K8S Admission Controller policy, Qualys Container Security now supports compliance-related rules for policy-based image scans.
- Show Details of a Centralized Policy
GET /csapi/v1.3/centralizedPolicy/{policyId} - Create a Centralized Policy
POST /csapi/v1.3/centralizedPolicy - Update a Centralized Policy
PUT /csapi/v1.3/centralizedPolicy/{policyId}
Updated API: Show Details of a Centralized Policy
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/centralizedPolicy/{policyId} |
| Method | GET |
| DTD XSD Changes | No |
Sample: Show Details of a Centralized PolicySample: Show Details of a Centralized Policy
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/centralizedPolicy/f0c6ebef-1246-4d61-be1b-0c11075aaebb' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
API Response
{
"uuid": "f0c6ebef-1246-4d61-be1b-0c11075aaebb",
"policyName": "Test-Compliance related rules",
"policyType": "CICD",
"policyMode": "ACTIVE",
"description": "test Policy",
"createdBy": "john_doe",
"created": "1769684140646",
"updatedBy": "john_doe",
"updated": "1769685855150",
"centralizedPolicyRules": [
{
"name": "Block known compliance using Controls",
"type": "IMAGESCAN_VULN_RESTRICTED_CIDS",
"isEnabled": true,
"stopProcessing": false,
"order": 0,
"kind": "IMAGE_SECURITY",
"metaData": {
"values": [
10826,
19378,
19386,
19388,
19511
]
},
"action": "FAIL"
},
{
"name": "Limit Compliance using Criticality",
"type": "IMAGESCAN_VULN_CONTROL_CRITICALITYCOUNT",
"isEnabled": true,
"stopProcessing": false,
"order": 0,
"kind": "IMAGE_SECURITY",
"metaData": {
"value": "MEDIUM",
"operator": "GREATER_THAN",
"threshold": 1
},
"action": "FAIL"
}
],
"exclusionPolicyRules": [
{
"isEnabled": true,
"order": 0,
"sortOrder": 0,
"stopProcessing": false,
"kind": "EXCLUSION",
"action": "FAIL",
"metaData": {
"values": [
19386,
19378
]
},
"name": "Exclude CIDs",
"type": "EX_IMAGESCAN_VULN_CIDS"
}
],
"version": 4,
"isDefault": false,
"tagIds": [
"b3b02b72-c74c-4b5a-82a5-12c52b0a7d86",
"5d877004-14df-490b-b522-89cc51a1e1e6",
"2f5afc01-8148-4576-b39c-22232ae85632"
],
"k8sFilters": null
}
Sample: Show a K8S Admission Controller PolicySample: Show a K8S Admission Controller Policy
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/centralizedPolicy/f18f35a9-3362-490f-87e6-bc33814dd056' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
API Response
{
"uuid": "f18f35a9-3362-490f-87e6-bc33814dd056",
"policyName": "TEST2",
"policyType": "K8S_ADMISSION_CONTROLLER",
"policyMode": "ACTIVE",
"policyBehavior": "BLOCK",
"description": "",
"createdBy": "john_doe",
"created": "1776228725396",
"updatedBy": "john_doe",
"updated": "1776228725396",
"centralizedPolicyRules": [
{
"name": "rule2",
"type": "IMAGESCAN_VULN_RESTRICTED_CIDS",
"action": "FAIL",
"isEnabled": true,
"stopProcessing": false,
"sortOrder": 0,
"metaData": "{\"values\":[10826,19388,19511]}",
"kind": "IMAGE_SECURITY"
},
{
"name": "rule1",
"type": "IMAGESCAN_VULN_CONTROL_CRITICALITYCOUNT",
"action": "FAIL",
"isEnabled": true,
"stopProcessing": false,
"sortOrder": 0,
"metaData": "{\"operator\":\"GREATER_THAN\",\"threshold\":1,\"value\":\"MEDIUM\"}",
"kind": "IMAGE_SECURITY"
}
],
"exclusionPolicyRules": [],
"version": 1,
"isDefault": false,
"tagIds": null,
"excludedTagIds": null,
"k8sFilters": [
{
"cluster": {
"clusterUid": "957e3031-c6d1-4a00-9c7e-6406e1bc3bcb",
"clusterName": "surtest-ekstest"
},
"namespace": null,
"deployment": null
}
],
"excludedK8sFilters": null
}
Updated API: Create a Centralized Policy
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/centralizedPolicy |
| Method | POST |
| DTD XSD Changes | No |
Input ParametersInput Parameters
We have added the following new rules while creating the policy.
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| centralizedPolicyRules: name |
Mandatory | string | Specify the name of the policy rule
|
| centralizedPolicyRules: type |
Mandatory | string |
Specify the type of policy rule
|
Sample: Create a Centralized PolicySample: Create a Centralized Policy
API Request
curl -X 'POST' \
'<qualys_base_url>/csapi/v1.3/centralizedPolicy' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-d '{
"policyName": "Test-Compliance related rules",
"description": "Test policy",
"centralizedPolicyRules": [
{
"name": "Block known compliance using Controls",
"type": "IMAGESCAN_VULN_RESTRICTED_CIDS",
"isEnabled": true,
"stopProcessing": false,
"order": 0,
"kind": "IMAGE_SECURITY",
"metaData": {
"values": [
10826,
19378,
19386,
19388,
19511
]
},
"action": "FAIL"
},
{
"name": "Limit Compliance using Criticality",
"type": "IMAGESCAN_VULN_CONTROL_CRITICALITYCOUNT",
"isEnabled": true,
"stopProcessing": false,
"order": 0,
"kind": "IMAGE_SECURITY",
"metaData": {
"value": "MEDIUM",
"operator": "GREATER_THAN",
"threshold": 1
},
"action": "FAIL"
}
],
"exclusionPolicyRules": [
{
"isEnabled": true,
"order": 0,
"sortOrder": 0,
"stopProcessing": false,
"kind": "EXCLUSION",
"action": "FAIL",
"metaData": {
"values": [
19386,
19378
]
},
"name": "Exclude CIDs",
"type": "EX_IMAGESCAN_VULN_CIDS"
}
],
"policyMode": "ACTIVE",
"policyType": "CICD",
"isDefault": false,
"tagIds": [
"b3b02b72-c74c-4b5a-82a5-12c52b0a7d86",
"5d877004-14df-490b-b522-89cc51a1e1e6",
"2f5afc01-8148-4576-b39c-22232ae85632"
],
"k8sFilters": []
}'
API Response
{
"uuid": "f0c6ebef-1246-4d61-be1b-0c11075aaebb"
}
Sample: Create K8S Admission Controller PolicySample: Create K8S Admission Controller Policy
API Request
curl -X 'POST' \
'<qualys_base_url>/csapi/v1.3/centralizedPolicy' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '{
"policyName": "Test policy",
"description": "Custom",
"policyType": "K8S_ADMISSION_CONTROLLER",
"centralizedPolicyRules": [
{
"name": "Limit Compliance using Criticality",
"type": "IMAGESCAN_VULN_CONTROL_CRITICALITYCOUNT",
"isEnabled": true,
"stopProcessing": false,
"order": 0,
"kind": "IMAGE_SECURITY",
"metaData": {
"value": "HIGH",
"operator": "GREATER_THAN_OR_EQUAL",
"threshold": 2
},
"action": "FAIL"
},
{
"name": "Block known compliance using Controls",
"type": "IMAGESCAN_VULN_RESTRICTED_CIDS",
"isEnabled": true,
"stopProcessing": false,
"order": 0,
"kind": "IMAGE_SECURITY",
"metaData": {
"values": [
10826,
19378,
19386,
19388,
19511
]
},
"action": "FAIL"
}
],
"exclusionPolicyRules": [],
"version": 1,
"isDefault": false,
"policyMode": "ACTIVE",
"tagIds": null,
"excludedTagIds": null,
"k8sFilters": [
{
"cluster": null,
"namespace": {
"namespaceUuid": null,
"namespaceValue": "default",
"clusterUid": "957e3031-c6d1-4a00-9c7e-6406e1bc3bcb"
},
"deployment": null
}
]
}
API Response
{
"uuid": "6299630e-dd72-45a4-87c0-ce0f4be3cd2c"
}
Updated API: Update a Centralized Policy
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/centralizedPolicy/{policyId} |
| Method | PUT |
| DTD XSD Changes | No |
Input ParametersInput Parameters
We have added the following new rules while creating the policy.
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| centralizedPolicyRules name |
Mandatory | string | We have introduced 2 new rules.
|
| centralizedPolicyRules: type |
Mandatory | string | Specify the type of policy rule
|
Sample: Update a Centralized PolicySample: Update a Centralized Policy
API Request
curl -X 'PUT' \
'<qualys_base_url>/csapi/v1.3/centralizedPolicy/f0c6ebef-1246-4d61-be1b-0c11075aaebb' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
{
"policyName": "Test-Compliance related rules-update",
"description": "Test policy-update",
"centralizedPolicyRules": [
{
"name": "Block known compliance using Controls",
"type": "IMAGESCAN_VULN_RESTRICTED_CIDS",
"isEnabled": true,
"stopProcessing": false,
"order": 0,
"kind": "IMAGE_SECURITY",
"metaData": {
"values": [
19378,
19386,
19388,
19511
]
},
"action": "FAIL"
},
{
"name": "Limit Compliance using Criticality",
"type": "IMAGESCAN_VULN_CONTROL_CRITICALITYCOUNT",
"isEnabled": true,
"stopProcessing": false,
"order": 0,
"kind": "IMAGE_SECURITY",
"metaData": {
"value": "LOW",
"operator": "GREATER_THAN",
"threshold": 1
},
"action": "FAIL"
}
],
"exclusionPolicyRules": [
{
"isEnabled": true,
"order": 0,
"sortOrder": 0,
"stopProcessing": false,
"kind": "EXCLUSION",
"action": "FAIL",
"metaData": {
"values": [
19378
]
},
"name": "Exclude CIDs",
"type": "EX_IMAGESCAN_VULN_CIDS"
}
],
"policyMode": "ACTIVE",
"policyType": "CICD",
"isDefault": false,
"tagIds": [
"b3b02b72-c74c-4b5a-82a5-12c52b0a7d86",
"5d877004-14df-490b-b522-89cc51a1e1e6",
"2f5afc01-8148-4576-b39c-22232ae85632"
],
"k8sFilters": []
}
API Response
{
"policyUUID ": "f0c6ebef-1246-4d61-be1b-0c11075aaebb"
}
Sample: Update K8S Admission Controller PolicySample: Update K8S Admission Controller Policy
API Request
curl -X 'PUT' \
'<qualys_base_url>/csapi/v1.3/centralizedPolicy/99984c3a-a4d2-43b3-b4db-72f5107fc2c6' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '{
"uuid": "99984c3a-a4d2-43b3-b4db-72f5107fc2c6",
"policyName": "TEST",
"policyType": "K8S_ADMISSION_CONTROLLER",
"policyMode": "ACTIVE",
"policyBehavior": "BLOCK",
"description": "test",
"createdBy": "john_doe",
"created": "1763643523314",
"updatedBy": "john_doe",
"updated": "1774864017030",
"centralizedPolicyRules": [
{
"name": "Rule fort CID criticality",
"isEnabled": true,
"type": "IMAGESCAN_VULN_CONTROL_CRITICALITYCOUNT",
"kind": "IMAGE_SECURITY",
"metaData": {
"operator": "GREATER_THAN",
"threshold": 5,
"value": "MEDIUM"
}
},
{
"name": "Rule for cid",
"isEnabled": true,
"type": "IMAGESCAN_VULN_RESTRICTED_CIDS",
"kind": "IMAGE_SECURITY",
"metaData": {
"values": [
10826,
19511
]
}
}
],
"exclusionPolicyRules": [],
"version": 12,
"isDefault": false,
"tagIds": null,
"excludedTagIds": null,
"k8sFilters": [
{
"cluster": {
"clusterUid": "957e3031-c6d1-4a00-9c7e-6406e1bc3bcb",
"clusterName": "ekstest"
},
"namespace": null,
"deployment": null
},
{
"cluster": {
"clusterUid": "31a27441-45fa-4e34-a55c-62300a0fe661",
"clusterName": "COMPTEST/qa/check"
},
"namespace": null,
"deployment": null
}
],
"excludedK8sFilters": null
}'
API Response
{
"policyUUID ": "99984c3a-a4d2-43b3-b4db-72f5107fc2c6"
}
Introduced New Report Template - Image Softwares
With this release, Qualys Container Security has introduced the new Image Softwares report template (CS_IMAGE_SOFTWARE_DETAILS). You can use this template to fetch the list of reports, create a report request and a report schedule, and update the active report schedule.
The following APIs are updated with Image Softwares.
- Fetch a List of Reports in your Account
GET /csapi/v1.3/reports - Create a Report Request
POST /csapi/v1.3/reports - Create a Report Schedule
POST /csapi/v1.3/reports/schedule - Update an Active Report Schedule
PUT /csapi/v1.3/reports/schedule/{reportingSchedulingID}
Updated API: Fetch a List of Reports in Your Account
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/reports |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch a List of Reports in Your AccountSample: Fetch a List of Reports in Your Account
The sample below shows the request and response for getting the CS_Image_Softwares report.
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/reports?filter=report.name%3APost_API_test&pageNumber=1&pageSize=50&sort=status%3Adesc' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
API Response
In the response below, see the new 'templateName' - CS_IMAGE_SOFTWARE_DETAILS used while getting a list of reports.
{
"data": [
{
"reportUuid": "f64841c0-2420-11f1-a10e-63ad41ec1bb5",
"createdAt": "2026-03-20T05:52:21.000Z",
"reportName": "Post_API_test",
"description": "test",
"fileFormat": "csv",
"templateName": "CS_IMAGE_SOFTWARE_DETAILS",
"status": "COMPLETED",
"isScheduled": 0,
"filter": "{\"filter\": \"\",\"secondFilter\": \"not software.lifecycle.eol is null\"}",
"displayColumns": [
"name",
"version",
"fixVersion",
"eolDate",
"eosDate",
"imageId",
"imageSha",
"softwareName",
"softwareVersion"
],
"expireOn": "2026-03-27T05:52:21.000Z",
"emailNotification": 0,
"recipient": "",
"emailSubject": "",
"customMessage": "",
"sendAsAttachment": 0,
"fileZipped": 0,
"expireAfter": 7
}
],
"count": 1
}
Updated API: Create a Report Request
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/reports |
| Method | POST |
| DTD XSD Changes | No |
Input ParametersInput Parameters
The following table shows the updated or new input parameters.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| templateName | Mandatory | string | Specify the report template name. With this release, the new report template CS_IMAGE_SOFTWARE_DETAILS is introduced. |
Sample: Create a Report Request Sample: Create a Report Request
The sample below shows the request and response for creating CS_IMAGE_SOFTWARE_DETAILS report.
API Request
curl -X 'POST' \
'<qualys_base_url>/csapi/v1.3/reports' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '{
"name": "Post_API_test",
"description": "test",
"templateName": "CS_IMAGE_SOFTWARE_DETAILS",
"filter": "{\"filter\": \"\",\"secondFilter\": \"not software.lifecycle.eol is null\"}",
"reportScheduleDetails": null,
"expireAfter": 7,
"displayColumns": [
"name",
"version",
"fixVersion",
"eolDate",
"eosDate",
"imageId",
"imageSha"
],
"zip": 0,
"emailNotification": 0
}'
API Response
{
"reportUuid": "f64841c0-2420-11f1-a10e-63ad41ec1bb5"
}
Updated API: Create a Report Schedule
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/reports/schedule |
| Method | POST |
| DTD XSD Changes | No |
Input ParametersInput Parameters
The following table shows the updated or new input parameters.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| templateName | Mandatory | string | Specify the name of the report template. With this release, the new report CS_IMAGE_SOFTWARE_DETAILS templates is introduced. |
Sample: Create a Report ScheduleSample: Create a Report Schedule
The sample below shows the request and response for creating CS_IMAGE_SOFTWARE_DETAILS report schedule.
API Request
curl -X 'POST' \
'<qualys_base_url>/csapi/v1.3/reports/schedule' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '{
"name": "test_api_schedules",
"description": "",
"templateName": "CS_IMAGE_SOFTWARE_DETAILS",
"filter": "{\"filter\": \"\",\"secondFilter\": \"software.lifecycle.eol:[now .. now+3m]\"}",
"timezone": "Universal",
"format": "csv",
"reportScheduleDetails": {
"recurrenceType": "DAILY",
"selectedDayOfWeeks": null,
"monthlyType": null,
"ordinalDayOfMonth": 1,
"dayOfWeek": null,
"ordinalDayOfWeek": null
},
"expireAfter": 7,
"displayColumns": [
"name",
"version",
"fixVersion",
"eolDate",
"eosDate",
"imageId",
"imageSha"
],
"zip": 0,
"emailNotification": 0,
"eventEndTime": "2026-03-21T12:41:00Z",
"action": "CREATE",
"eventTime": "2026-03-20T11:41:00Z"
}'
API Response
{
"scheduleUuid": "81b918d0-2424-11f1-a10e-63ad41ec1bb5"
}
Updated API: Update an Active Report Schedule
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/reports/schedule/{reportingScheduleID} |
| Method | PUT |
| DTD XSD Changes | No |
Input ParametersInput Parameters
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| templateName | Mandatory | string | Specify the name of the report template. With this release, the new report template CS_IMAGE_SOFTWARE_DETAILS is introduced. |
Sample: Update an Active Report ScheduleSample: Update an Active Report Schedule
The sample below shows the request and response for updating CS_IMAGE_SOFTWARE_DETAILS report schedule.
API Request
curl -X 'PUT' \
'<qualys_base_url>/csapi/v1.3/reports/schedule/81b918d0-2424-11f1-a10e-63ad41ec1bb5' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '{
"name": "test_api_schedules",
"description": "",
"templateName": "CS_IMAGE_SOFTWARE_DETAILS",
"filter": "{\"filter\": \"\",\"secondFilter\": \"software.lifecycle.eol:[now .. now+3m]\"}",
"timezone": "Universal",
"format": "csv",
"reportScheduleDetails": {
"recurrenceType": "DAILY",
"selectedDayOfWeeks": null,
"monthlyType": null,
"ordinalDayOfMonth": 1,
"dayOfWeek": null,
"ordinalDayOfWeek": null
},
"expireAfter": 7,
"displayColumns": [
"name",
"version",
"eolDate",
"eosDate",
"imageId"
],
"zip": 0,
"emailNotification": 0,
"eventEndTime": "2026-03-21T12:41:00Z",
"action": "CREATE",
"eventTime": "2026-03-20T11:41:00Z"
}'
API Response
{
"message": "Details updated successfully for reportScheduleId 81b918d0-2424-11f1-a10e-63ad41ec1bb5"
}
Improvement in Dynamic Tags
Previously, the dynamic tags could be created by using Container Security APIs. You can now use the following APIs to update or delete these tags.
- Update Dynamic Tags
PUT /csapi/v1.3/tag/update - Delete Tag
DELETE /csapi/v1.3/tag/delete
New API: Update Dynamic Tag
| New or Updated APIs | New |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/tag/update |
| Method | PUT |
| DTD XSD Changes | No |
Input ParametersInput Parameters
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| entityTypeToAdd | Mandatory | array of objects | This is used to specify new entity-type rules to the configuration. It accepts a list of entity definitions, where each entry specifies the entity type and the rule to apply to it. |
| entityTypeRuleToUpdate | Mandatory | object (Key-value pairs) | This is used to update existing rules for specific entity types. Each key represents an entity type, and its value is the corresponding rule expression. |
| entityType | Mandatory | string | Type of entity (e.g., IMAGE, CONTAINER) |
| rule | Mandatory | string | Rule expression associated with the entity |
Provide only one parameter at a time, either entityTypeToAdd or entityTypeRuleToUpdate.
Sample: Update Dynamic TagSample: Update Dynamic Tag
The sample below shows the request and response for updating the dynamic tag.
API Request to update entityTypeToAdd
curl -X 'PUT' \
'<qualys_base_url>/csapi/v1.3/tag/update' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '{
"name": "ai_test1",
"reevaluate": true,
"entityTypeToAdd": [
{
"entityType": "CONTAINER",
"rule": "container.state:RUNNING"
}
]
}'
API Response
{
"tagId": 163606266,
"name": "ai_test1",
"backgroundColor": null,
"foregroundColor": null,
"icon": null,
"criticalityScore": null,
"entityTagInfo": [
{
"entityType": "image",
"dynamicTagRule": "image.source:GENERAL "
},
{
"entityType": "container",
"dynamicTagRule": "container.state:RUNNING"
}
]
}
API Request to update entityTypeRuleToUpdate
curl -X 'PUT' \
'<qualys_base_url>/csapi/v1.3/tag/update' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '{
"name": "ai_test1",
"reevaluate": true,
"entityTypeRuleToUpdate": {
"image": "image.imageId:b6a9d6f1254e",
"container": "container.state:DELETED"
}
}'
API Response
{
"tagId": 163606266,
"name": "ai_test1",
"backgroundColor": null,
"foregroundColor": null,
"icon": null,
"criticalityScore": null,
"entityTagInfo": [
{
"entityType": "image",
"dynamicTagRule": "image.imageId:b6a9d6f1254e"
},
{
"entityType": "container",
"dynamicTagRule": "container.state:DELETED"
}
]
}
New API: Delete Tag
| New or Updated APIs | New |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/tag/delete |
| Method | DELETE |
| DTD XSD Changes | No |
Input ParametersInput Parameters
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| tagName | Mandatory | string | Mention the name of the tag you want to delete. |
Sample: Delete TagSample: Delete Tag
The sample below shows the request and response for deleting the dynamic tag.
API Request
curl -X 'DELETE' \
'<qualys_base_url>/csapi/v1.3/tag/delete?tagName=static_1' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
API Response
Tag deleted successfully