Container Security Release 1.44 API
June 30, 2026
Before understanding the API release highlights, refer to the Know Your Qualys API Server URL section to learn about the API server URL used in your API requests.
For these API Release Notes, we use <qualys_base_url> in the sample API requests.
With the Container Security 1.44 release, we have made the following enhancements in CS APIs.
- Enhancement in Sensor Profile
- Enhancement in Vulnerability Reports
- New Asset Type - Serverless Functions (AWS Lambda)
- New Asset Type - Code Repository Scan
- Enhancement in Registry Scan Status
- Enhancement in Secret Detector
- Compliance Posture of a Container
Enhancement in Sensor Profile
Previously, users had to configure the --perform-sca-scan sensor parameter and restart or reinstall the sensor to enable or disable SCA scanning. With this release, users can enable or disable SCA scanning directly from the Sensor Profile in the UI, eliminating the need for manual sensor-side configuration changes. To support this, the following API includes updates in the Sensor Profile.
- Fetch Details of a Sensor Profile
GET /csapi/v1.3/sensorProfile/{sensorProfileId} - Create a Sensor Profile
POST /csapi/v1.3/sensorProfile - Update Details of a Sensor Profile
PUT /csapi/v1.3/sensorProfile/{sensorProfileId}
Updated API: Fetch Details of a Sensor Profile
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/sensorProfile/{sensorProfileId} |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch Details of a Sensor ProfileSample: Fetch Details of a Sensor Profile
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/sensors/66f3f025-b1d0-42b5-b9e0-0c696dc10307' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
API Response
{
"profileId": "66f3f025-b1d0-42b5-b9e0-0c696dc10307",
"profileName": "Test_General_03",
"profileType": "General",
"description": "",
"createdBy": "quays_rq45",
"created": "1779777615284",
"updatedBy": "quays_rq45",
"updated": "1779777615284",
"associatedSensorsCount": 1,
"associatedRegistriesCount": 0,
"associatedSensors": [
"5c951644-2db3-42be-a634-48fef40c4714"
],
"associatedRegistries": null,
"config": {
"weeklyInactiveWindowSchedules": [],
"vulnerabilityManagement": {
"containerScanningInterval": 48,
"imageExclusionRegexList": [],
"scanningPolicy": "DynamicWithStaticScanningAsFallback",
"scaStatus": "ENABLE"
},
"performanceManagement": {
"maxNoOfArchivedLogFiles": 5,
"maxLogFileSize": 10,
"logSecurityLevel": "INFORMATION"
},
"runtimeSensor": "",
"ignoreProcesses": null
},
"tags": [],
"isVulnPropagation": false,
"awsFargateVulnPropagationConfig": null
}
Updated API: Create a Sensor Profile
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/sensorProfile |
| Method | POST |
| DTD XSD Changes | No |
Input ParametersInput Parameters
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| scaStatus | Mandatory | string | Indicates whether a vulnerability finding or QID is associated with Software Composition Analysis (SCA).
Possible values: ENABLE / DISABLE |
Sample: Create a Sensor ProfileSample: Create a Sensor Profile
API Request
curl -X 'POST' \
'<qualys_base_url>/csapi/v1.3/sensorProfile' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
{
"tags": [],
"profileName": "Test_General_03",
"profileType": "General",
"description": "",
"createdBy": "quays_rq45",
"created": "1709285999760",
"updatedBy": "quays_rq45",
"updated": "1709287020832",
"config": {
"weeklyInactiveWindowSchedules": [],
"vulnerabilityManagement": {
"scanningPolicy": "DynamicWithStaticScanningAsFallback",
"scaStatus": "ENABLE",
"containerScanningInterval": 48,
"imageExclusionRegexList": []
},
"performanceManagement": {
"logSecurityLevel": "INFORMATION",
"maxNoOfArchivedLogFiles": 5,
"maxLogFileSize": 10
},
"runtimeSensor": "",
"ignoreProcesses": null
},
"isVulnPropagation": null,
"associatedSensorIds": ["5c951644-2db3-42be-a634-48fef40c4714"],
"associatedRegistryIds": null,
"filter": ""
}
API Response
{
"profileUuid": "66f3f025-b1d0-42b5-b9e0-0c696dc10307"
}
Updated API: Update a Sensor Profile
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/sensorProfile/{sensorProfileId} |
| Method | PUT |
| DTD XSD Changes | No |
Input ParametersInput Parameters
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| scaStatus | Mandatory | string | Indicates whether a vulnerability finding or QID is associated with Software Composition Analysis (SCA).
Possible values: ENABLE / DISABLE |
Sample: Update a Sensor ProfileSample: Update a Sensor Profile
API Request
curl -X 'PUT' \
'<qualys_base_url>/csapi/v1.3/sensorProfile/4332115d-9677-4aab-ab5e-233a2f2b8248' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
{
"tags": [],
"profileId": "4332115d-9677-4aab-ab5e-233a2f2b8248",
"profileName": "Test_General",
"profileType": "General",
"description": "",
"createdBy": "quays_rq45",
"created": "1709285999760",
"updatedBy": "quays_rq45",
"updated": "1709287020832",
"config": {
"weeklyInactiveWindowSchedules": [],
"vulnerabilityManagement": {
"scanningPolicy": "DynamicWithStaticScanningAsFallback",
"scaStatus": "DISABLE",
"containerScanningInterval": 48,
"imageExclusionRegexList": []
},
"performanceManagement": {
"logSecurityLevel": "INFORMATION",
"maxNoOfArchivedLogFiles": 5,
"maxLogFileSize": 10
},
"runtimeSensor": "",
"ignoreProcesses": null
},
"isVulnPropagation": null,
"associatedSensorIds": ["a890e391-20e2-4134-a6d2-70333e737e60"],
"associatedRegistryIds": null,
"filter": ""
}
API Response
{
"profileUuid": "4332115d-9677-4aab-ab5e-233a2f2b8248"
}
Enhancement in Vulnerability Reports
Previously, SCA QIDs were included in reports by default, with no option to exclude them. With this release, users can choose to include or exclude SCA QIDs in reports, allowing greater control over report content. To support this, the following API includes updates in Vulnerability Reports.
- Fetch a List of Reports
GET /csapi/v1.3/reports - Create a Report Request
POST /csapi/v1.3/reports - Create a Report Schedule
POST /csapi/v1.3/reports/schedule
Updated API: Fetch a List of Reports
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/reports |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch a List of ReportsSample: Fetch a List of Reports
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/reports?pageNumber=1&pageSize=50&sort=status%3Adesc' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
API Response
{
"data": [
{
"name": "Test_Schedule",
"reportScheduleUuid": "d6eb5690-dfd9-11f0-876c-0548570c50d7",
"scheduledDatetime": "2025-12-23T08:31:55.000Z",
"templateName": "CS_IMAGE_VULNERABILITY",
"resourceId": "31504477-b97d-4b9a-8360-47974e91b39a",
"action": "CREATE",
"eventTime": "2025-12-23T10:00:00Z",
"eventEndTime": "2025-12-24T15:00:00Z",
"cronExpression": "0 0 10 1/1 * ? *",
"description": "",
"createdDateTime": "2025-12-23T08:31:55.000Z",
"nextFireTime": null,
"state": "COMPLETED",
"format": "csv",
"moduleCode": "CS",
"displayColumns": [
"imageId",
"tags",
"qid"
],
"emailNotification": 0,
"filter": "",
"reportScheduleDetails": {
"recurrenceType": "DAILY",
"selectedDayOfWeeks": null,
"monthlyType": null,
"ordinalDayOfMonth": 1,
"dayOfWeek": null,
"ordinalDayOfWeek": 0
},
"expireAfter": 7,
"recipient": "",
"customMessage": "",
"sendAsAttachment": 0,
"emailSubject": "",
"zip": 0,
"includeScaVuln": true
}
],
"count": 1,
"groups": null,
"aggs": null
}
Updated API: Create a Report Request
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/reports |
| Method | POST |
| DTD XSD Changes | No |
Input ParametersInput Parameters
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| includeScaVuln | Mandatory | string |
Indicates whether you can now opt in for SCA for the following templates:
Possible values: true / false |
Sample: Create a Report RequestSample: Create a Report Request
API Request
curl -X 'POST' \
'<qualys_base_url>/csapi/v1.3/reports' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d {
"name": "Hmm",
"description": "",
"templateName": "CS_IMAGES",
"filter": null,
"timezone": "Asia/Kolkata",
"format": "csv",
"reportScheduleDetails": null,
"expireAfter": 7,
"secondFilter": "",
"displayColumns": ["imageId", "tags", "qid"],
"zip": 0,
"emailNotification": 0,
"includeScaVuln": true
}
API Response
{
"reportUuid": "6c9f9c40-df2c-11f0-a6de-8fc0ae82011c"
}
Updated API: Create a Report Schedule
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /csapi/v1.3/reports/schedule |
| Method | POST |
| DTD XSD Changes | No |
Input ParametersInput Parameters
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| includeScaVuln | Mandatory | string | Indicates whether you can now opt in for SCA for the following templates:
Possible values: true / false |
Sample: Create a Report ScheduleSample: Create a Report Schedule
API Request
curl -X 'POST' \
"<qualys_base_url>/csapi/v1.3/reports/schedule/"
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d {
{
"name": "Hmm",
"description": "",
"templateName": "CS_IMAGES",
"filter": null,
"timezone": "Asia/Kolkata",
"format": "csv",
"reportScheduleDetails": null,
"expireAfter": 7,
"secondFilter": "",
"displayColumns": ["imageId", "tags", "qid"],
"zip": 0,
"emailNotification": 0,
"includeScaVuln": true
}
API Response
{
"reportUuid": "620a2490-c3cc-11ed-bf38-5563a478dc98"
}
New Asset Type - Serverless Function (AWS Lambda Scan)
Qualys Container Security now supports serverless functions as a new asset type. Users can view and manage scanned serverless function assets through dedicated views in the UI and gateway APIs. Scan results provide visibility into AWS serverless functions, including functions deployed using both Image and ZIP package types. To support this, we have introduced the following APIs.
- Fetch a List of Serverless Function
GET /csapi/v1.3/serverless-functions - Fetch Details of a Serverless Function
GET /csapi/v1.3/serverless-functions/{functionUuid} - Fetch Software Details of Serverless Function
GET /csapi/v1.3/serverless-functions/{functionUuid}/software - Fetch Vulnerability Stats in Serverless Function
GET /csapi/v1.3/serverless-functions/{functionUuid}/vuln/stats - Fetch a List of Serverless Function in Bulk
GET /csapi/v1.3/serverless-functions/list
New API: Fetch a List of Serverless Function
| New or Updated APIs | New |
|---|---|
| API Endpoint (New version) | /v1.3/serverless-functions |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch a List of Serverless FunctionSample: Fetch a List of Serverless Function
API Request
curl -X 'GET' \ '<qualys_base_url>/csapi/v1.3/serverless-functions?pageNo=1&pageSize=5&sort=lastScanned&limit=50' \ -H 'accept: application/json' \ -H 'Authorization: Bearer <token>'
API Response
{
"data": [
{
"customerUuid": "ea3bxxx3-3f77-7b40-8383-5723xxxx9",
"uuid": "ddbxxx0b1-ad88-3fe4-8056-4a3xxxx7df",
"functionId": "a17f60ce2570xxxd4ccd2f8610be29xxxxxab32c18bxx54895a4",
"cloudResourceId": "arn:aws:lambda:us-east-1:362990800442:function:test-test-1-zip:1",
"name": "test-1-zip",
"architecture": "x86_64",
"operatingSystem": null,
"functionUrl": "<function_url>/snapshots/362990800442/test-1-zip-649c5ae1-b794-070f3c859ae0?versionId=5frsfYzOF_mdd9p4mYE3A2xR_-Security-Token=IQSignat",
"runtime": "ruby3.3",
"entryPoint": "lambda_function.handler",
"imageUri": null,
"memoryAllocation": 128,
"artifactSize": 1000,
"environmentConfig": [
"API_KEY:TEST",
"DB_PASSWORD:XXXXX"
],
"packageType": "Zip",
"cloudProvider": "AWS",
"cloudAccountId": "362990800442",
"cloudRegion": "us-east-1",
"sourceTypes": [
"COMMAND_LINE"
],
"softwareCount": 0,
"vulnerabilityCount": 0,
"riskScore": 0,
"maxQdsScore": null,
"qdsSeverity": null,
"created": 1778583029405,
"updated": 1778583029405,
"lastScanned": 1778583029405,
"vulnerabilityStats": {
"severity5Count": null,
"severity4Count": null,
"severity3Count": null,
"severity2Count": null,
"severity1Count": null
}
},
{
"customerUuid": "eaxxxx3f3-3f77-7b40-8383-5xxxxb6d99",
"uuid": "a71ef18b-ca8f-3816-8ffa-26xxdfb90",
"functionId": "a671801befdabb25dxxxxd04458bb261244xxxxc360ce92bf1149",
"cloudResourceId": "arn:aws:lambda:us-west-2:362990800442:function:lambda-orchestrator",
"name": "lambda-orchestrator",
"architecture": "x86_64",
"operatingSystem": "Oracle Enterprise Linux 8.10",
"functionUrl": null,
"runtime": null,
"entryPoint": null,
"imageUri": "362990800442.dkr.ecr.us-west-2.amazonaws.com/cloud-operator:latest",
"memoryAllocation": 2048,
"artifactSize": null,
"environmentConfig": [
"ROLE_NAME:CloudOperatorRole",
"LAMBDA_SCAN_JOBS_TABLE:lambda-scan-jobs",
"SERVICE_ACCOUNT_ID:362990800442",
"TARGET_ACCOUNT_IDS:682437954104",
"QUALYS_POD:xx1",
"QUALYS_TOKEN:<token>",
"SCAN_SERVICE_ACCOUNT:true",
"ONBOARDED_ACCOUNTS_TABLE:onboarded-accounts",
"QSCANNER_PATH:/usr/local/bin/qscanner",
"LAMBDA_SQS_QUEUE_URL:https://sqs.us-west-2.amazonaws.com/362990800442/lambda-events",
"REGIONS:us-west-2,sa-east-1,us-east-1,us-east-2"
],
"packageType": "Image",
"cloudProvider": "AWS",
"cloudAccountId": "362990800442",
"cloudRegion": "us-west-2",
"sourceTypes": [
"COMMAND_LINE"
],
"softwareCount": 493,
"vulnerabilityCount": 5,
"riskScore": 76,
"maxQdsScore": 42,
"qdsSeverity": "MEDIUM",
"created": 1778580006518,
"updated": 1778583769597,
"lastScanned": 1778583769603,
"vulnerabilityStats": {
"severity5Count": 0,
"severity4Count": 2,
"severity3Count": 3,
"severity2Count": 0,
"severity1Count": 0
}
},
{
"customerUuid": "ea3xxxxf3-3f77-7b40-8383-5xxxx9",
"uuid": "866d9326-ce7a-3619-971c-8328d3943389",
"functionId": "fd528363e5a18b53180xxxx8fcca73f09bfd7xxxx5c3e7aca875f0dfc3",
"cloudResourceId": "arn:aws:lambda:ap-east-1:362990800442:function:qualys-util-scheduled-sfn-check",
"name": "qualys-util-scheduled-sfn-check",
"architecture": "x86_64",
"operatingSystem": null,
"functionUrl": "<function_url>/snapshots/362990800442/test-1-zip-649c5ae1-b794-070f3c859ae0?versionId=5frsfYzOF_mdd9p4mYE3A2xR_-Security-Token=IQSignat",
"runtime": "nodejs22.x",
"entryPoint": "index.handler",
"imageUri": null,
"memoryAllocation": 128,
"artifactSize": 1561,
"environmentConfig": [
"AWS_PARTITION:aws"
],
"packageType": "Zip",
"cloudProvider": "AWS",
"cloudAccountId": "362990800442",
"cloudRegion": "ap-east-1",
"sourceTypes": [
"COMMAND_LINE"
],
"softwareCount": 0,
"vulnerabilityCount": 0,
"riskScore": 0,
"maxQdsScore": null,
"qdsSeverity": null,
"created": 1778578733936,
"updated": 1779110391625,
"lastScanned": 1779110391625,
"vulnerabilityStats": {
"severity5Count": null,
"severity4Count": null,
"severity3Count": null,
"severity2Count": null,
"severity1Count": null
}
},
{
"customerUuid": "eaxx3f3-3f77-7b40-8xxx-5723xxxxd99",
"uuid": "e2bx76-8xxx3-30fd-9340-70xxx80",
"functionId": "77fe23ad69cxxxfc0da1bxxxxx687fa55bxxx5d343",
"cloudResourceId": "arn:aws:lambda:ap-east-1:362990800442:function:qualys-utils-create-inventory-scan-statuses",
"name": "qualys-utils-create-inventory-scan-statuses",
"architecture": "x86_64",
"operatingSystem": null,
"functionUrl": "<function_url>/snapshots/362990800442/test-1-zip-649c5ae1-b794-070f3c859ae0?versionId=5frsfYzOF_mdd9p4mYE3A2xR_-Security-Token=IQSignat",
"runtime": "nodejs22.x",
"entryPoint": "index.handler",
"imageUri": null,
"memoryAllocation": 128,
"artifactSize": 1584,
"environmentConfig": [
"AWS_PARTITION:aws",
"ScanStatusTableName:qualys-inventory-scan-status",
"ScanStatesPending:PENDING"
],
"packageType": "Zip",
"cloudProvider": "AWS",
"cloudAccountId": "362990800442",
"cloudRegion": "ap-east-1",
"sourceTypes": [
"COMMAND_LINE"
],
"softwareCount": 0,
"vulnerabilityCount": 0,
"riskScore": 0,
"maxQdsScore": null,
"qdsSeverity": null,
"created": 1778578733735,
"updated": 1779110391737,
"lastScanned": 1779110391737,
"vulnerabilityStats": {
"severity5Count": null,
"severity4Count": null,
"severity3Count": null,
"severity2Count": null,
"severity1Count": null
}
},
{
"customerUuid": "ea3xxx3-3f77-7b40-8383-5xxxxd99",
"uuid": "c025e742-5362-3173-8aac-4264d82b184b",
"functionId": "d01c26cfaab1b55a74cb991bfcxxxxxxe1b19a605f068f08f6",
"cloudResourceId": "arn:aws:lambda:ap-east-1:362990800442:function:qualys-utils-event-based-task-scheduler",
"name": "qualys-utils-event-based-task-scheduler",
"architecture": "x86_64",
"operatingSystem": null,
"functionUrl": "<function_url>/snapshots/362990800442/test-1-zip-649c5ae1-b794-070f3c859ae0?versionId=5frsfYzOF_mdd9p4mYE3A2xR_-Security-Token=IQSignat",
"runtime": "nodejs22.x",
"entryPoint": "index.handler",
"imageUri": null,
"memoryAllocation": 128,
"artifactSize": 4922,
"environmentConfig": [
"TASK_QUEUE:https://sqs.ap-east-1.amazonaws.com/362990800442/qualys-discovery-worker-tasks",
"SourceTableDiscoveryTask:EVENT_DISCOVERY_TASK",
"AWS_PARTITION:aws",
"QualysAppConfigTable:qualys-app-config",
"DISCOVERY_TASK_TABLE:qualys-discovery-task",
"SSMAccountsParameterName:/qualys/snapshot-scanner/account-config"
],
"packageType": "Zip",
"cloudProvider": "AWS",
"cloudAccountId": "362990800442",
"cloudRegion": "ap-east-1",
"sourceTypes": [
"COMMAND_LINE"
],
"softwareCount": 0,
"vulnerabilityCount": 0,
"riskScore": 0,
"maxQdsScore": null,
"qdsSeverity": null,
"created": 1778578733553,
"updated": 1779110391841,
"lastScanned": 1779110391841,
"vulnerabilityStats": {
"severity5Count": null,
"severity4Count": null,
"severity3Count": null,
"severity2Count": null,
"severity1Count": null
}
}
],
"count": 140
}
New API: Fetch Details of a Serverless Function
| New or Updated APIs | New |
|---|---|
| API Endpoint (New version) | /v1.3/serverless-functions/{functionUuid} |
| Method | GET |
| DTD XSD Changes | No |
Input ParametersInput Parameters
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| functionUuid | Mandatory | string | Specify the uuid of a serverless lambda function. |
Sample: Fetch Details of a Serverless FunctionSample: Fetch Details of a Serverless Function
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/serverless-functions/ddb090b1-ad88-3fe4-8056-4a3ac8d8c7df' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
API Response
{
"customerUuid": "ea3bxxx3-3f77-7b40-8383-5723xxxx99",
"uuid": "ddb090b1-ad88-3fe4-8056-4a3ac8d8c7df",
"functionId": "a17f60ce257xxxxxxxxxxxbd4ccd2f8610be293xxxxx8b54895a4",
"cloudResourceId": "arn:aws:lambda:us-east-1:362990800442:function:test-1-zip:1",
"name": "test-1-zip",
"architecture": "x86_64",
"operatingSystem": null,
"functionUrl": "<function_url>/snapshots/362990800442/test-1-zip-649c5ae1-b794-070f3c859ae0?versionId=5frsfYzOF_mdd9p4mYE3A2xR_-Security-Token=IQSignat",
"runtime": "ruby3.3",
"entryPoint": "lambda_function.handler",
"imageUri": null,
"memoryAllocation": 128,
"artifactSize": 1000,
"environmentConfig": [
"API_KEY:AKxxxxLE",
"DB_PASSWORD:Sxpxxxx"
],
"packageType": "Zip",
"cloudProvider": "AWS",
"cloudAccountId": "362990800442",
"cloudRegion": "us-east-1",
"sourceTypes": [
"COMMAND_LINE"
],
"softwareCount": 0,
"vulnerabilityCount": 0,
"riskScore": 0,
"maxQdsScore": null,
"qdsSeverity": null,
"created": 1778583029405,
"updated": 1778583029405,
"lastScanned": 1778583029405,
"firstFound": 1778583029405,
"scanTypes": [
"SCA"
],
"vulnerabilityStats": {
"severity5Count": null,
"severity4Count": null,
"severity3Count": null,
"severity2Count": null,
"severity1Count": null
},
"softwareList": [],
"vulnerabilityList": [],
"vulnSummary": null
}
New API: Fetch Software Details of Serverless Function
| New or Updated APIs | New |
|---|---|
| API Endpoint (New version) | /v1.3/serverless-functions/{functionUuid}/software |
| Method | GET |
| DTD XSD Changes | No |
Input ParametersInput Parameters
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| functionUuid | Mandatory | string | Specify the uuid of a serverless lambda function. |
| filter | optional | string | Filter the vulnerability details of scanned lambda function by providing a query using Qualys syntax. |
| sort | optional | string | Sort the results using a Qualys token. For example name: asc. |
Sample: Fetch Software Details of Serverless FunctionSample: Fetch Software Details of Serverless Function
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/serverless-functions/80a5dd43-5368-364c-9398-98a3fb2e2f4e/software' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
API Response
{
"data": [
{
"name": "charset-normalizer",
"version": "2.0.12",
"scanType": "SCA",
"packagePath": "charset_normalizer-2.0.12.dist-info/METADATA",
"fixVersion": null,
"vulnerabilities": {
"severity5Count": null,
"severity4Count": null,
"severity3Count": null,
"severity2Count": null,
"severity1Count": null
}
},
{
"name": "Werkzeug",
"version": "2.2.2",
"scanType": "SCA",
"packagePath": "Werkzeug-2.2.2.dist-info/METADATA",
"fixVersion": "3.1.5",
"vulnerabilities": {
"severity5Count": 0,
"severity4Count": 2,
"severity3Count": 2,
"severity2Count": 1,
"severity1Count": 0
}
},
{
"name": "certifi",
"version": "2022.12.7",
"scanType": "SCA",
"packagePath": "certifi-2022.12.7.dist-info/METADATA",
"fixVersion": "2024.7.4",
"vulnerabilities": {
"severity5Count": 0,
"severity4Count": 1,
"severity3Count": 0,
"severity2Count": 1,
"severity1Count": 0
}
},
{
"name": "urllib3",
"version": "1.26.14",
"scanType": "SCA",
"packagePath": "urllib3-1.26.14.dist-info/METADATA",
"fixVersion": "2.7.0",
"vulnerabilities": {
"severity5Count": 0,
"severity4Count": 4,
"severity3Count": 4,
"severity2Count": 0,
"severity1Count": 0
}
},
{
"name": "MarkupSafe",
"version": "3.0.3",
"scanType": "SCA",
"packagePath": "markupsafe-3.0.3.dist-info/METADATA",
"fixVersion": null,
"vulnerabilities": {
"severity5Count": null,
"severity4Count": null,
"severity3Count": null,
"severity2Count": null,
"severity1Count": null
}
},
{
"name": "idna",
"version": "3.14",
"scanType": "SCA",
"packagePath": "idna-3.14.dist-info/METADATA",
"fixVersion": null,
"vulnerabilities": {
"severity5Count": null,
"severity4Count": null,
"severity3Count": null,
"severity2Count": null,
"severity1Count": null
}
},
{
"name": "Jinja2",
"version": "3.0.3",
"scanType": "SCA",
"packagePath": "Jinja2-3.0.3.dist-info/METADATA",
"fixVersion": "3.1.6",
"vulnerabilities": {
"severity5Count": 0,
"severity4Count": 0,
"severity3Count": 2,
"severity2Count": 0,
"severity1Count": 0
}
},
{
"name": "requests",
"version": "2.28.0",
"scanType": "SCA",
"packagePath": "requests-2.28.0.dist-info/METADATA",
"fixVersion": "2.33.0",
"vulnerabilities": {
"severity5Count": 0,
"severity4Count": 0,
"severity3Count": 4,
"severity2Count": 0,
"severity1Count": 0
}
}
],
"count": 8
}
New API: Fetch Vulnerability stats in Serverless Function
| New or Updated APIs | New |
|---|---|
| API Endpoint (New version) | /v1.3/serverless-functions/{functionUuid}/vuln/stats |
| Method | GET |
| DTD XSD Changes | No |
Input ParametersInput Parameters
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| uuid | Mandatory | string | Specify the uuid of a serverless lambda function. |
| filter | optional | string | Filter the vulnerability details of scanned lambda function by providing a query using Qualys syntax. |
| sort | optional | string | Sort the results using a Qualys token. |
Sample: Fetch Vulnerability Stats in Serverless FunctionSample: Fetch Vulnerability Stats in Serverless Function
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/serverless-functions/80a5dd43-5368-364c-9398-98a3fb2e2f4e/vuln/stats' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
API Response
{
"data": [
{
"vulnerability": null,
"result": "#table cols=\"5\"\nPackage Installed_Version Required_Version Language Install_Path\njinja2 3.0.3 3.1.5 Python Jinja2-3.0.3.dist-info/METADATA",
"lastFound": "1779110802972",
"firstFound": "1778579116571",
"severity": 3,
"customerSeverity": 3,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 30,
"category": "SCA",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"CA-Windows Agent",
"CA-Linux Agent",
"SCA",
"CS-Windows",
"CS-Linux"
],
"product": [
"pip"
],
"vendor": [
"pip"
],
"cveids": [
"CVE-2024-56326"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": null,
"highLateralMovement": true,
"easyExploit": null,
"highDataLoss": null,
"noPatch": null,
"denialOfService": null,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null,
"wormable": null,
"predictedHighRisk": null,
"privilegeEscalation": null,
"unauthenticatedExploitation": null,
"remoteCodeExecution": null,
"ransomware": null,
"solorigateSunburst": null,
"cisaKnownExploitedVulns": null
},
"qid": 5002317,
"title": "Python (Pip) Security Update for jinja2 (GHSA-q2x7-8rv6-6q7h)",
"cvssInfo": {
"baseScore": "5.4",
"temporalScore": "4.0",
"accessVector": "Adjacent Network"
},
"cvss3Info": {
"baseScore": "7.8",
"temporalScore": "6.8"
},
"patchAvailable": true,
"published": 1735038671000,
"scanType": [
"SCA"
],
"qdsScore": 30,
"isExempted": false,
"vendorData": null,
"software": null,
"ageInDays": null,
"fixed": null,
"os": null
},
{
"vulnerability": null,
"result": "#table cols=\"5\"\nPackage Installed_Version Required_Version Language Install_Path\nwerkzeug 2.2.2 3.1.6 Python Werkzeug-2.2.2.dist-info/METADATA",
"lastFound": "1779110802995",
"firstFound": "1778579116600",
"severity": 3,
"customerSeverity": 3,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 30,
"category": "SCA",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"CA-Windows Agent",
"CA-Linux Agent",
"SCA",
"CS-Windows",
"CS-Linux"
],
"product": [
"pip"
],
"vendor": [
"pip"
],
"cveids": [
"CVE-2026-27199"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": true,
"highLateralMovement": true,
"easyExploit": null,
"highDataLoss": null,
"noPatch": null,
"denialOfService": null,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null,
"wormable": null,
"predictedHighRisk": null,
"privilegeEscalation": null,
"unauthenticatedExploitation": null,
"remoteCodeExecution": null,
"ransomware": null,
"solorigateSunburst": null,
"cisaKnownExploitedVulns": null
},
"qid": 5007887,
"title": "Python (Pip) Security Update for werkzeug (GHSA-29vq-49wr-vm6x)",
"cvssInfo": {
"baseScore": "5.4",
"temporalScore": "4.3",
"accessVector": "Adjacent Network"
},
"cvss3Info": {
"baseScore": "5.3",
"temporalScore": "4.8"
},
"patchAvailable": true,
"published": 1771589458000,
"scanType": [
"SCA"
],
"qdsScore": 37,
"isExempted": false,
"vendorData": null,
"software": null,
"ageInDays": null,
"fixed": null,
"os": null
},
{
"vulnerability": null,
"result": "#table cols=\"5\"\nPackage Installed_Version Required_Version Language Install_Path\nurllib3 1.26.14 2.7.0 Python urllib3-1.26.14.dist-info/METADATA",
"lastFound": "1779110802999",
"firstFound": "1779110802999",
"severity": 4,
"customerSeverity": 4,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 40,
"category": "SCA",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"CA-Windows Agent",
"CA-Linux Agent",
"SCA",
"CS-Windows",
"CS-Linux"
],
"product": [
"pip"
],
"vendor": [
"pip"
],
"cveids": [
"CVE-2026-44431"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": null,
"highLateralMovement": null,
"easyExploit": true,
"highDataLoss": null,
"noPatch": null,
"denialOfService": null,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null,
"wormable": null,
"predictedHighRisk": null,
"privilegeEscalation": null,
"unauthenticatedExploitation": null,
"remoteCodeExecution": null,
"ransomware": null,
"solorigateSunburst": null,
"cisaKnownExploitedVulns": null
},
"qid": 5012480,
"title": "Python (Pip) Security Update for urllib3 (GHSA-qccp-gfcp-xxvc)",
"cvssInfo": {
"baseScore": "5.0",
"temporalScore": "3.7",
"accessVector": "Network"
},
"cvss3Info": {
"baseScore": "5.3",
"temporalScore": "4.6"
},
"patchAvailable": true,
"published": 1778679888000,
"scanType": [
"SCA"
],
"qdsScore": 35,
"isExempted": false,
"vendorData": null,
"software": [
{
"name": "urllib3",
"version": "1.26.14",
"scanType": "SCA",
"packagePath": "urllib3-1.26.14.dist-info/METADATA",
"fixVersion": "2.7.0",
"vulnerabilities": null
}
],
"ageInDays": null,
"fixed": null,
"os": null
}
],
"vulnSummary": {
"confirmed": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 2,
"sev4Count": 7,
"sev3Count": 19
},
"potential": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 0,
"sev3Count": 0
},
"igs": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 0,
"sev3Count": 0
},
"patchAvailability": {
"confirmed": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 2,
"sev4Count": 7,
"sev3Count": 19
},
"potential": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 0,
"sev3Count": 0
},
"igs": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 0,
"sev3Count": 0
}
}
},
"driftReasonSummary": null
}
New API: Fetch a List of Serverless Functions in Bulk
| New or Updated APIs | New |
|---|---|
| API Endpoint (New version) | /v1.3/serverless-functions/list |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch a List of Serverless Function in BulkSample: Fetch a List of Serverless Function in Bulk
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/serverless-functions/list?limit=1' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
API Response
{
"data": [
{
"customerUuid": "ea3bxxxf3-3f77-7b40-8383-57xxxx99",
"uuid": "da7631c2-87a8-3894-9174-5330bcf5102b",
"functionId": "cb69b81489a5xxxxxxx7422aa86816bf1ae0fd2eda241ea77c5ffd",
"cloudResourceId": "arn:aws:lambda:us-east-1:362990800442:function:testconnection",
"name": "testconnection",
"architecture": "x86_64",
"operatingSystem": null,
"functionUrl": "<function_url>/snapshots/362990800442/test-1-zip-649c5ae1-b794-070f3c859ae0?versionId=5frsfYzOF_mdd9p4mYE3A2xR_-Security-Token=IQSignat",
"runtime": "nodejs16.x",
"entryPoint": "index.handler",
"imageUri": null,
"memoryAllocation": 128,
"artifactSize": 304,
"environmentConfig": null,
"packageType": "Zip",
"cloudProvider": "AWS",
"cloudAccountId": "362990800442",
"cloudRegion": "us-east-1",
"sourceTypes": [
"COMMAND_LINE"
],
"softwareCount": 0,
"vulnerabilityCount": 0,
"riskScore": 0,
"maxQdsScore": null,
"qdsSeverity": null,
"created": "1778498684369",
"updated": "1779110939291",
"lastScanned": "1779110939291",
"firstFound": "1778498684369",
"scanTypes": [
"SCA"
],
"software": [],
"vulnerabilities": []
}
],
"limit": 1
}
New Asset Type - Code Repository Scan
Qualys Container Security now supports Code as a separate asset type for code scan results. Scanned local and remote repositories can be viewed and managed from a centralized location through dedicated asset listing and details views, as well as gateway APIs. Users can access repository details such as branch information and commit hashes, improving visibility into scanned code assets. To support this, we introduced the following APIs.
- Fetch a List of Code Repository Scan
GET /csapi/v1.3/code - Fetch Details of a Code Repository Scan
GET /csapi/v1.3/code/{uuid} - Fetch Software Details of Code Repository Scan
GET /csapi/v1.3/code/{uuid}/software - Fetch a List of Vulnerabilities in Code Repository Scan
GET /csapi/v1.3/code/{codeId}/vuln - Fetch a List of Code Repository Scan in Bulk
GET /csapi/v1.3/v1.3/code/list - Fetch Compliance Details of Code Repository Scan
GET /csapi/v1.3/code/{codeId}/compliance
New API: Fetch a List of Code Repository Scan
| New or Updated APIs | New |
|---|---|
| API Endpoint (New version) | /v1.3/code |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch a List of Code Repository ScanSample: Fetch a List of Code Repository Scan
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/code?pageNumber=1&pageSize=50&sort=created%3Adesc' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
API Response
{
"data": [
{
"uuid": "42xxxxe4-1ddb-307e-bcb3-05axxxxbc7",
"codeId": "57f185787dc0f81xxxxxxxxfbf779a54a4a82xxxxxx60f1",
"repositoryUrl": "https://xxxx.com/run-llama/llama_index.git",
"repositoryName": "llama_index",
"branch": "main",
"commitHash": "9aa5ee5cd2a1ecff6ffa2a8cd6af46b87af674b9",
"commitTimestamp": "1780091579000",
"commitAuthor": "Nhat Minh",
"created": "1780495186664",
"updated": "1780495186664",
"lastScanned": null,
"softwareCount": null,
"vulnerabilityCount": null,
"vulnerabilityStats": {
"severity5Count": null,
"severity4Count": null,
"severity3Count": null,
"severity2Count": null,
"severity1Count": null
},
"riskScore": null,
"maxQdsScore": null,
"qdsSeverity": null,
"lastComplianceScanDate": "1780495186703",
"compliance": {
"failCount": 28,
"passCount": 37,
"skipCount": 32,
"errorCount": 32
}
},
{
"uuid": "97xxx7d-911f-3486-9b03-7b64xxx7",
"codeId": "9fdc37a995e57f461c4f4e74faxxxxx7a5864433647",
"repositoryUrl": "https://xxx.ixxxt.quxxxs.com/scm/cssen/qscanner-vscode-extension.git",
"repositoryName": "qscanner-vscode-extension",
"branch": "release/1.0.0",
"commitHash": "34de6d89b75cacc5df01228c00d3e239590a0f39",
"commitTimestamp": "1780313713000",
"commitAuthor": "abc",
"created": "1780482300968",
"updated": "1780482300968",
"lastScanned": "1780482301031",
"softwareCount": 121,
"vulnerabilityCount": 0,
"vulnerabilityStats": {
"severity5Count": 0,
"severity4Count": 0,
"severity3Count": 0,
"severity2Count": 0,
"severity1Count": 0
},
"riskScore": 0,
"maxQdsScore": null,
"qdsSeverity": null,
"lastComplianceScanDate": null,
"compliance": {
"failCount": null,
"passCount": null,
"skipCount": null,
"errorCount": null
}
},
{
"uuid": "f8c5a45a-14c2-3eb9-b4f3-733xxxxxe95e",
"codeId": "20dcf82f9a933c5667e0a0d28a2xxxxxxxxxxxx6d83c064",
"repositoryUrl": "https://xxxx.com/spxxg-pxxcts/spring-boot.git",
"repositoryName": "spring-boot",
"branch": "main",
"commitHash": "1d5dc3e3c812xxxxxxxxx10a5887728c116",
"commitTimestamp": "1780442062000",
"commitAuthor": "Phillip Webb",
"created": "1780481091452",
"updated": "1780487375292",
"lastScanned": "1780487376006",
"softwareCount": 575,
"vulnerabilityCount": 0,
"vulnerabilityStats": {
"severity5Count": 0,
"severity4Count": 0,
"severity3Count": 0,
"severity2Count": 0,
"severity1Count": 0
},
"riskScore": 0,
"maxQdsScore": null,
"qdsSeverity": null,
"lastComplianceScanDate": null,
"compliance": {
"failCount": null,
"passCount": null,
"skipCount": null,
"errorCount": null
}
},
{
"uuid": "8d7xxd-084c-3648-b112-f5axxxc6",
"codeId": "231c1a2cf55c85d149cc6xxxxxxxxxxxxx4d9f4a39fb26fdfc8",
"repositoryUrl": "https://xxx.com/mixxt/semantic-kernel.git",
"repositoryName": "semantic-kernel",
"branch": "main",
"commitHash": "32e904c017c33ebxxxxxxxxxxx6e61e2e7aea81c",
"commitTimestamp": "1779908384000",
"commitAuthor": "semenshi-m",
"created": "1780478594985",
"updated": "1780479834399",
"lastScanned": "1780479837260",
"softwareCount": 2415,
"vulnerabilityCount": 89,
"vulnerabilityStats": {
"severity5Count": 2,
"severity4Count": 31,
"severity3Count": 39,
"severity2Count": 16,
"severity1Count": 1
},
"riskScore": 164,
"maxQdsScore": 72,
"qdsSeverity": "HIGH",
"lastComplianceScanDate": null,
"compliance": {
"failCount": null,
"passCount": null,
"skipCount": null,
"errorCount": null
}
},
{
"uuid": "052ad00d-33cc-3ea1-9563-25xxxxxxxx35915",
"codeId": "524ea166fcc7d3c882ed2995d36d38xxxxxxxxxx503dff3ff327",
"repositoryUrl": "https://gxxxx.com/lxxxxn-ai/langchain.git",
"repositoryName": "langchain",
"branch": "master",
"commitHash": "eb2dabb8b7102fbedb33016dcf10fe475efde88e",
"commitTimestamp": "1780430556000",
"commitAuthor": "Mason Daugherty",
"created": "1780474360007",
"updated": "1780493765682",
"lastScanned": "1780493767199",
"softwareCount": 2261,
"vulnerabilityCount": 1,
"vulnerabilityStats": {
"severity5Count": 0,
"severity4Count": 1,
"severity3Count": 0,
"severity2Count": 0,
"severity1Count": 0
},
"riskScore": 42,
"maxQdsScore": 35,
"qdsSeverity": "LOW",
"lastComplianceScanDate": "1780493763916",
"compliance": {
"failCount": 23,
"passCount": 38,
"skipCount": 32,
"errorCount": 32
}
}
],
"count": 135
}
New API: Fetch Details of a Code Repository Scan
| New or Updated APIs | New |
|---|---|
| API Endpoint (New version) | /v1.3/code/{uuid} |
| Method | GET |
| DTD XSD Changes | No |
Input ParametersInput Parameters
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| uuid |
Mandatory | string | Specify the uuid value of an code asset. |
Sample: Fetch Details of a Code Repository ScanSample: Fetch Details of a Code Repository Scan
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/code/429c1ae4-1ddb-307e-bcb3-05aa98231bc7' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
API Response
{
"details": {
"uuid": "429c1ae4-1ddb-307e-bcb3-05aa9xxxxbc7",
"codeId": "57f185787dc0f8136ee0c6bbcfexxxxe06fbf779a54a4a826xxx760f1",
"repositoryUrl": "https://xxxb.com/run-llama/llama_xxxex.git",
"repositoryName": "llama_index",
"branch": "main",
"commitHash": "9aa5ee5cd2a1ecff6ffa2a8cd6af46b87af674b9",
"commitTimestamp": "1780091579000",
"commitAuthor": "Nhat Minh",
"created": "1780495186664",
"updated": "1780495186664",
"lastScanned": null,
"softwareCount": null,
"vulnerabilityCount": null,
"vulnerabilityStats": null,
"riskScore": null,
"maxQdsScore": null,
"qdsSeverity": null,
"lastComplianceScanDate": "1780495186664",
"assetName": "https://xxx.com/run-llama/llama_index.git",
"isModified": false,
"commitMessage": "perf: use a set instead of a list for within-batch dedup in Ingestion… (#21755)",
"commitAuthorEmail": "[email protected]",
"firstFound": "1780495186664",
"source": [
"COMMAND_LINE"
],
"scanTypes": [
"SCA"
],
"vulnerabilities": null,
"software": null,
"metadata": null,
"formulaUsed": null,
"riskScoreCalculatedDate": null
},
"vulnSummary": {
"confirmed": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 0,
"sev3Count": 0
},
"potential": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 0,
"sev3Count": 0
},
"igs": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 0,
"sev3Count": 0
},
"patchAvailability": {
"confirmed": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 0,
"sev3Count": 0
},
"potential": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 0,
"sev3Count": 0
},
"igs": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 0,
"sev3Count": 0
}
}
},
"complianceSummary": {
"failCount": 28,
"passCount": 37,
"skipCount": 32,
"errorCount": 32
}
}
New API: Fetch Software Details of Code Repository Scan
| New or Updated APIs | New |
|---|---|
| API Endpoint (New version) | /v1.3/code/{uuid}/software |
| Method | GET |
| DTD XSD Changes | No |
Input ParametersInput Parameters
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| uuid |
Mandatory | string | Specify the uuid value of an code asset. |
| filter |
Optional | string |
Filter the software details of a scanned code asset by providing a query using Qualys syntax. |
| sort |
Optional |
string |
Sort the results using a Qualys token. |
Sample: Fetch Software Details of Code Repository ScanSample: Fetch Software Details of Code Repository Scan
API Request
curl -X 'GET' \
'<qualys_base_ul>/csapi/v1.3/code/f2318ea4-a49f-3b1c-b34a-860cb1420141/software' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
API Response
{
"data": [
{
"name": "org.axxxhe.coxxons:commons-collections4",
"version": "4.1",
"scanType": "SCA",
"packagePath": "pom.xml",
"fixVersion": null,
"vulnerabilities": {
"severity5Count": null,
"severity4Count": null,
"severity3Count": null,
"severity2Count": null,
"severity1Count": null
}
},
{
"name": "gxxub.com/golang/protobuf",
"version": "v1.5.2",
"scanType": "SCA",
"packagePath": "go.mod",
"fixVersion": null,
"vulnerabilities": {
"severity5Count": null,
"severity4Count": null,
"severity3Count": null,
"severity2Count": null,
"severity1Count": null
}
},
{
"name": "goxxg.org/x/crypto",
"version": "v0.0.0-20210921155107-089bfa567519",
"scanType": "SCA",
"packagePath": "go.mod",
"fixVersion": "0.45.0",
"vulnerabilities": {
"severity5Count": 0,
"severity4Count": 3,
"severity3Count": 3,
"severity2Count": 0,
"severity1Count": 0
}
},
{
"name": "com.qxxxer:codescan-test",
"version": "1.0.0",
"scanType": "SCA",
"packagePath": "pom.xml",
"fixVersion": null,
"vulnerabilities": {
"severity5Count": null,
"severity4Count": null,
"severity3Count": null,
"severity2Count": null,
"severity1Count": null
}
},
{
"name": "xxxg.in/yaml.v2",
"version": "v2.4.0",
"scanType": "SCA",
"packagePath": "go.mod",
"fixVersion": null,
"vulnerabilities": {
"severity5Count": null,
"severity4Count": null,
"severity3Count": null,
"severity2Count": null,
"severity1Count": null
}
},
{
"name": "xxxub.com/ugorji/go/codec",
"version": "v1.2.7",
"scanType": "SCA",
"packagePath": "go.mod",
"fixVersion": null,
"vulnerabilities": {
"severity5Count": null,
"severity4Count": null,
"severity3Count": null,
"severity2Count": null,
"severity1Count": null
}
},
{
"name": "com.fxxxml.jaxxon.core:jxxxn-databind",
"version": "2.13.1",
"scanType": "SCA",
"packagePath": "pom.xml",
"fixVersion": "2.13.4.2",
"vulnerabilities": {
"severity5Count": 0,
"severity4Count": 3,
"severity3Count": 0,
"severity2Count": 0,
"severity1Count": 0
}
},
{
"name": "log4j:log4j",
"version": "1.2.17",
"scanType": "SCA",
"packagePath": "pom.xml",
"fixVersion": "2.0",
"vulnerabilities": {
"severity5Count": 3,
"severity4Count": 1,
"severity3Count": 1,
"severity2Count": 0,
"severity1Count": 0
}
},
{
"name": "gxxx.com/gin-gonic/gin",
"version": "v1.7.7",
"scanType": "SCA",
"packagePath": "go.mod",
"fixVersion": "1.9.1",
"vulnerabilities": {
"severity5Count": 0,
"severity4Count": 0,
"severity3Count": 2,
"severity2Count": 0,
"severity1Count": 0
}
}
],
"count": 9
}
New API: Fetch a List of Vulnerabilities in Code Repository Scan
| New or Updated APIs | New |
|---|---|
| API Endpoint (New version) | /v1.3/code/{codeId}/vuln/stats |
| Method | GET |
| DTD XSD Changes | No |
Input ParametersInput Parameters
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| uuid | Mandatory | string | Specify the uuid value of an code asset. |
| filter | Optional | string | Filter the vulnerability details of a scanned code asset by providing a query using Qualys syntax. |
| sort | Optional | string |
Sort the results using a Qualys token.
Default value: vulnerabilities.qid:asc |
Sample: Fetch a List of Vulnerabilities in Code Repository ScanSample: Fetch a List of Vulnerabilities in Code Repository Scan
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/code/524ea166fcc7d3c882ed2995d36d38c894975bec3991d290f83b503dff3ff327/vuln?sort=vulnerabilities.qid%3Aasc' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
API Response
{
"details": [
{
"vulnerability": null,
"result": null,
"lastFound": "1780493764136",
"firstFound": "1780493764136",
"severity": 4,
"customerSeverity": 4,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 40,
"category": "SCA",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"CA-Windows Agent",
"CA-Linux Agent",
"SCA",
"CS-Windows",
"CS-Linux"
],
"product": [
"pip"
],
"vendor": [
"pip"
],
"cveids": [
"CVE-2026-45134"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": null,
"highLateralMovement": null,
"easyExploit": true,
"highDataLoss": true,
"noPatch": null,
"denialOfService": null,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null,
"wormable": null,
"predictedHighRisk": null,
"privilegeEscalation": null,
"unauthenticatedExploitation": null,
"remoteCodeExecution": null,
"ransomware": null,
"solorigateSunburst": null,
"cisaKnownExploitedVulns": null
},
"qid": 5012561,
"title": "Python (Pip) Security Update for langchain (GHSA-3644-q5cj-c5c7)",
"cvssInfo": {
"baseScore": "8.5",
"temporalScore": "6.3",
"accessVector": "Network"
},
"cvss3Info": {
"baseScore": "7.1",
"temporalScore": "6.2"
},
"patchAvailable": true,
"published": 1778768258000,
"scanType": [
"SCA"
],
"qdsScore": 35,
"isExempted": false,
"vendorData": null,
"software": [
{
"name": "langchain-classic",
"version": "1.0.0",
"scanType": "SCA",
"packagePath": "libs/langchain_v1/uv.lock",
"fixVersion": "1.0.7",
"vulnerabilities": null
},
{
"name": "langsmith",
"version": "0.7.31",
"scanType": "SCA",
"packagePath": "libs/partners/huggingface/uv.lock",
"fixVersion": "0.8.0",
"vulnerabilities": null
}
],
"ageInDays": null,
"fixed": null,
"os": null
}
],
"vulnSummary": {
"confirmed": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 1,
"sev3Count": 0
},
"potential": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 0,
"sev3Count": 0
},
"igs": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 0,
"sev3Count": 0
},
"patchAvailability": {
"confirmed": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 1,
"sev3Count": 0
},
"potential": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 0,
"sev3Count": 0
},
"igs": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 0,
"sev3Count": 0
}
}
}
}
New API: Fetch a List of Code Repository Scan in Bulk
| New or Updated APIs | New |
|---|---|
| API Endpoint (New version) | /v1.3/code/list |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch a List of Code Repository Scan in BulkSample: Fetch a List of Code Repository Scan in Bulk
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/code/list?limit=2' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
API Response
{
"data": [{
"uuid": "d3xxb42-001b-37dd-9460-450xx0c",
"codeId": "2d8edxxxx7cbc852aba43de81fe180bff56",
"repositoryUrl": "https://xxxx.com/527515025/springBoot.git",
"repositoryName": "springBoot",
"branch": "master",
"assetName": "https://gitxxx.com/5xxx25/springBoot.git",
"isModified": null,
"commitHash": "8fadfc31240917e2e9xxxxxxe8d8f",
"commitTimestamp": "1585823884000",
"commitAuthor": "杨伊博",
"commitMessage": "modify c3p0 version",
"commitAuthorEmail": "[email protected]",
"created": "1778503268745",
"updated": "1778503268746",
"lastScanned": "1778503268950",
"firstFound": "1778503268745",
"source": ["COMMAND_LINE"],
"scanTypes": ["SCA"],
"softwareCount": 132,
"vulnerabilityCount": 80,
"vulnerabilityStats": null,
"vulnerabilities": ["vulnerability": null, "result": null, "lastFound": "1778503268780", "firstFound": "1778503268780", "severity": 4, "customerSeverity": 4, "port": null, "typeDetected": "CONFIRMED", "status": null, "risk": 40, "category": "SCA", "discoveryType": ["AUTHENTICATED"], "authType": ["UNIX_AUTH"], "supportedBy": ["CA-Windows Agent", "CA-Linux Agent", "SCA", "CS-Windows", "CS-Linux"], "product": ["maven"], "vendor": ["maven"], "cveids": ["CVE-2022-42004"], "threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": true,
"highLateralMovement": true,
"easyExploit": null,
"highDataLoss": null,
"noPatch": null,
"denialOfService": null,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null,
"wormable": null,
"predictedHighRisk": null,
"privilegeEscalation": null,
"unauthenticatedExploitation": null,
"remoteCodeExecution": null,
"ransomware": null,
"solorigateSunburst": null,
"cisaKnownExploitedVulns": null
}, "qid": 990283, "title": "Java (Maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-rgv9-q543-rqg4)", "cvssInfo": {
"baseScore": "5.4",
"temporalScore": "4.3",
"accessVector": "Adjacent Network"
}, "cvss3Info": {
"baseScore": "7.5",
"temporalScore": "6.7"
}, "patchAvailable": true, "published": 1670244105000, "scanType": ["SCA"], "qdsScore": 42, "isExempted": null, "vendorData": {
"rhsa": {
"id": null,
"severity": null,
"cve": [{
"id": "CVE-2022-42004",
"severity": "moderate",
"cvss2": {
"baseScore": null
},
"cvss3": {
"baseScore": 7.5
}
}]
}
}, "software": [{
"name": "com.fasterxml.jackson.core:jackson-databind",
"version": "2.9.9.1",
"scanType": "SCA",
"packagePath": "springboot-shiro2/pom.xml",
"fixVersion": "2.12.7.1",
"vulnerabilities": null
}, {
"name": "com.fasterxml.jackson.core:jackson-databind",
"version": "2.9.8",
"scanType": "SCA",
"packagePath": "abel-util/pom.xml",
"fixVersion": "2.12.7.1",
"vulnerabilities": null
}], "ageInDays": null, "fixed": null, "os": null
},
"vulnerability": null,
"result": null,
"lastFound": "1778503268938",
"firstFound": "1778503268938",
"severity": 2,
"customerSeverity": 2,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 20,
"category": "SCA",
"discoveryType": ["AUTHENTICATED"],
"authType": ["UNIX_AUTH"],
"supportedBy": ["CA-Windows Agent", "CA-Linux Agent", "SCA", "CS-Windows", "CS-Linux"],
"product": ["maven"],
"vendor": ["maven"],
"cveids": ["CVE-2024-38820"],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": true,
"highLateralMovement": true,
"easyExploit": null,
"highDataLoss": null,
"noPatch": null,
"denialOfService": null,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null,
"wormable": null,
"predictedHighRisk": null,
"privilegeEscalation": null,
"unauthenticatedExploitation": null,
"remoteCodeExecution": null,
"ransomware": null,
"solorigateSunburst": null,
"cisaKnownExploitedVulns": null
},
"qid": 5001309,
"title": "Java (Maven) Security Update for org.springframework:spring-context (GHSA-4gc7-5j7h-4qph)",
"cvssInfo": {
"baseScore": "5.4",
"temporalScore": "4.3",
"accessVector": "Adjacent Network"
},
"cvss3Info": {
"baseScore": "5.3",
"temporalScore": "4.8"
},
"patchAvailable": true,
"published": 1729601389000,
"scanType": ["SCA"],
"qdsScore": 37,
"isExempted": null,
"vendorData": null,
"software": [{
"name": "org.springframework:spring-web",
"version": "5.1.3.RELEASE",
"scanType": "SCA",
"packagePath": "abel-util/pom.xml",
"fixVersion": "6.1.14",
"vulnerabilities": null
}],
"ageInDays": null,
"fixed": null,
"os": null
}, {
"vulnerability": null,
"result": null,
"lastFound": "1778503268882",
"firstFound": "1778503268882",
"severity": 4,
"customerSeverity": 4,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 40,
"category": "SCA",
"discoveryType": ["AUTHENTICATED"],
"authType": ["UNIX_AUTH"],
"supportedBy": ["CA-Windows Agent", "CA-Linux Agent", "SCA", "CS-Windows", "CS-Linux"],
"product": ["maven"],
"vendor": ["java"],
"cveids": ["CVE-2020-36184"],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": true,
"highLateralMovement": null,
"easyExploit": null,
"highDataLoss": null,
"noPatch": null,
"denialOfService": null,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null,
"wormable": null,
"predictedHighRisk": null,
"privilegeEscalation": null,
"unauthenticatedExploitation": null,
"remoteCodeExecution": true,
"ransomware": null,
"solorigateSunburst": null,
"cisaKnownExploitedVulns": null
},
"qid": 986399,
"title": "Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-m6x4-97wx-4q27)",
"cvssInfo": {
"baseScore": "6.8",
"temporalScore": "5.3",
"accessVector": "Network"
},
"cvss3Info": {
"baseScore": "8.1",
"temporalScore": "7.3"
},
"patchAvailable": true,
"published": 1660137119000,
"scanType": ["SCA"],
"qdsScore": 42,
"isExempted": null,
"vendorData": {
"rhsa": {
"id": null,
"severity": null,
"cve": [{
"id": "CVE-2020-36184",
"severity": "important",
"cvss2": {
"baseScore": null
},
"cvss3": {
"baseScore": 8.1
}
}]
}
},
"software": [{
"name": "com.fasterxml.jackson.core:jackson-databind",
"version": "2.9.9.1",
"scanType": "SCA",
"packagePath": "springboot-shiro2/pom.xml",
"fixVersion": "2.9.10.8",
"vulnerabilities": null
}, {
"name": "com.fasterxml.jackson.core:jackson-databind",
"version": "2.9.8",
"scanType": "SCA",
"packagePath": "abel-util/pom.xml",
"fixVersion": "2.9.10.8",
"vulnerabilities": null
}],
"ageInDays": null,
"fixed": null,
"os": null
}, {
"vulnerability": null,
"result": null,
"lastFound": "1778503268786",
"firstFound": "1778503268786",
"severity": 4,
"customerSeverity": 4,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 40,
"category": "SCA",
"discoveryType": ["AUTHENTICATED"],
"authType": ["UNIX_AUTH"],
"supportedBy": ["CA-Windows Agent", "CA-Linux Agent", "SCA", "CS-Windows", "CS-Linux"],
"product": ["maven"],
"vendor": ["java"],
"cveids": ["CVE-2020-36182"],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": true,
"highLateralMovement": null,
"easyExploit": null,
"highDataLoss": null,
"noPatch": null,
"denialOfService": null,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null,
"wormable": null,
"predictedHighRisk": null,
"privilegeEscalation": null,
"unauthenticatedExploitation": null,
"remoteCodeExecution": true,
"ransomware": null,
"solorigateSunburst": null,
"cisaKnownExploitedVulns": null
},
"name": "com.abel:config",
"version": "1.0-SNAPSHOT",
"scanType": "SCA",
"packagePath": "springboot-springCloud/pom.xml",
"fixVersion": null,
"vulnerabilities": null
}],
"metadata": null,
"riskScore": 244,
"formulaUsed": "MIN (1000 , 2 * ( 1.0 * 73.06 * Pow(17,0.01) + 0.6 * 42.46 * Pow(48,0.01) + 0.4 * 36.08 * Pow(12,0.01) + 0.2 * 28.00 * Pow(3,0.01) ))",
"riskScoreCalculatedDate": "1778503268951",
"maxQdsScore": 100,
"qdsSeverity": "CRITICAL"
}], "limit": 1
}
New API: Fetch Compliance Details of Code Repository Scan
| New or Updated APIs | New |
|---|---|
| API Endpoint (New version) | /v1.3/code/{codeId}/compliance |
| Method | GET |
| DTD XSD Changes | No |
Input ParametersInput Parameters
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| codeId | Mandatory | string | Specify the CodeId value of an Code. |
| showOldCriticality | Optional | boolean | If true, return old criticality values; if false, return new criticality values. |
Sample: Fetch Compliance Details of Code Repository Scan Sample: Fetch Compliance Details of Code Repository Scan
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/code/fdeaa6a0810a419cab06ae9e262353a4b8c0c3edfb532abbb72ea58951c4bed4/compliance?showOldCriticality=false' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
API Response
{
"uuid": "c7b0xx8d-ddda-32cf-9a2e-86axxxx8d9",
"sha": null,
"customerUuid": "ea3xx3f3-3f77-7b40-8383-572xxxd99",
"created": "1780400835720",
"updated": "1780658436946",
"controls": [
{
"controlId": 48067,
"policies": [
{
"name": "PCI DSS 4.0",
"uuid": "82b6906a-58b2-5158-ae52-390a98fd0467"
}
],
"criticality": "CRITICAL",
"posture": "PASS",
"lastEvaluated": "1780658431385",
"statement": "Ensure no payment-card (PAN) literals appear in source code",
"findings": null,
"remediation": null,
"evidence": []
},
{
"controlId": 48088,
"policies": [
{
"name": "PCI DSS 4.0",
"uuid": "82b6906a-58b2-5158-ae52-390a98fd0467"
}
],
"criticality": "MEDIUM",
"posture": "SKIPPED",
"lastEvaluated": "1780658431384",
"statement": "Ensure public-facing endpoints are protected by a WAF",
"findings": null,
"remediation": "Deploy a WAF in front of payment-handling agent endpoints. Configure rules for common attack patterns.",
"evidence": []
},
{
"controlId": 48011,
"policies": [
{
"name": "NIST AI RMF 1.0",
"uuid": "80061ac3-a1dc-59aa-9e10-5019fb4e4d01"
},
{
"name": "EU AI Act",
"uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
}
],
"criticality": "MEDIUM",
"posture": "PASS",
"lastEvaluated": "1780658431385",
"statement": "Ensure an explainability mechanism is present and surfaced",
"findings": null,
"remediation": null,
"evidence": []
},
{
"name": "EU AI Act",
"uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
}
],
"criticality": "HIGH",
"posture": "FAIL",
"lastEvaluated": "1780658431384",
"statement": "Ensure PII is redacted from tool responses before re-injection",
"findings": null,
"remediation": "Scan tool responses before re-injection into LLM context: Presidio or equivalent between tool.call() and agent context update.",
"evidence": []
},
{
"controlId": 48090,
"policies": [
{
"name": "PCI DSS 4.0",
"uuid": "82b6906a-58b2-5158-ae52-390a98fd0467"
}
],
"criticality": "MEDIUM",
"posture": "SKIPPED",
"lastEvaluated": "1780658431384",
"statement": "Ensure an incident response plan exists and is ready to activate",
"findings": null,
"remediation": "Create an incident response plan covering AI agent failures, data breaches, and cardholder data exposure scenarios.",
"evidence": []
},
{
"controlId": 48023,
"policies": [
{
"name": "EU AI Act",
"uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
}
],
"criticality": "MEDIUM",
"posture": "PASS",
"lastEvaluated": "1780658431385",
"statement": "Ensure agent system prompts are documented and reviewable",
"findings": null,
"remediation": null,
"evidence": []
},
{
"controlId": 48091,
"policies": [
{
"name": "PCI DSS 4.0",
"uuid": "82b6906a-58b2-5158-ae52-390a98fd0467"
}
],
"criticality": "MEDIUM",
"posture": "SKIPPED",
"lastEvaluated": "1780658431384",
"statement": "Ensure third-party service providers' compliance is monitored periodically",
"findings": null,
"remediation": "Maintain LLM provider inventory with compliance status. Verify annually.",
"evidence": []
},
{
"controlId": 48097,
"policies": [
{
"name": "NIST AI RMF 1.0",
"uuid": "80061ac3-a1dc-59aa-9e10-5019fb4e4d01"
}
],
"criticality": "MEDIUM",
"posture": "SKIPPED",
"lastEvaluated": "1780658431384",
"statement": "Ensure business context and third-party AI components are documented",
"findings": null,
"remediation": "Document the AI system's business value, intended outcomes, and third-party AI components used. Conduct vendor due diligence (SOC 2 / ISO 27001 / DPA) at adoption time.",
"evidence": []
},
{
"controlId": 48062,
"policies": [
{
"name": "PCI DSS 4.0",
"uuid": "82b6906a-58b2-5158-ae52-390a98fd0467"
}
],
"criticality": "LOW",
"posture": "PASS",
"lastEvaluated": "1780658431385",
"statement": "Ensure prompts contain no payment-card-data keywords",
"findings": null,
"remediation": null,
"evidence": []
},
{
"controlId": 48037,
"policies": [
{
"name": "EU AI Act",
"uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
}
],
"criticality": "LOW",
"posture": "FAIL",
"lastEvaluated": "1780658431384",
"statement": "Ensure AI interaction is disclosed in documentation",
"findings": null,
"remediation": "Include AI disclosure in README, user-facing documentation, or system prompt (e.g., 'I am an AI assistant').",
"evidence": []
},
{
"controlId": 48008,
"policies": [
{
"name": "NIST AI RMF 1.0",
"uuid": "80061ac3-a1dc-59aa-9e10-5019fb4e4d01"
},
{
"name": "PCI DSS 4.0",
"uuid": "82b6906a-58b2-5158-ae52-390a98fd0467"
},
{
"name": "EU AI Act",
"uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
}
],
"criticality": "HIGH",
"posture": "FAIL",
"lastEvaluated": "1780658431385",
"statement": "Ensure no packages are installed or imported dynamically at runtime",
"findings": null,
"remediation": "Pre-install all dependencies in the container image. Use lock files (uv.lock, poetry.lock) with hash verification. Forbid runtime installs in production.",
"evidence": [
{
"File": null,
"Line": 0,
"EndLine": 0,
"Label": null
}
]
},
{
"controlId": 48014,
"policies": [
{
"name": "NIST AI RMF 1.0",
"uuid": "80061ac3-a1dc-59aa-9e10-5019fb4e4d01"
},
{
"name": "EU AI Act",
"uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
}
],
"criticality": "MEDIUM",
"posture": "PASS",
"lastEvaluated": "1780658431384",
"statement": "Ensure per-request input size is bounded",
"findings": null,
"remediation": null,
"evidence": []
},
{
"controlId": 48052,
"policies": [
{
"name": "EU AI Act",
"uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
}
],
"criticality": "MEDIUM",
"posture": "PASS",
"lastEvaluated": "1780658431385",
"statement": "Ensure model temperature is justified and bounded for the intended purpose",
"findings": null,
"remediation": null,
"evidence": []
},
{
"controlId": 48007,
"policies": [
{
"name": "PCI DSS 4.0",
"uuid": "82b6906a-58b2-5158-ae52-390a98fd0467"
},
{
"name": "EU AI Act",
"uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
}
],
"criticality": "MEDIUM",
"posture": "FAIL",
"lastEvaluated": "1780658431384",
"statement": "Ensure LLM output is escaped before HTML rendering",
"findings": null,
"remediation": "Escape all LLM output before HTML rendering. Use auto-escaping templates (Jinja autoescape, React default). Apply Content-Security-Policy headers.",
"evidence": [
{
"File": null,
"Line": 0,
"EndLine": 0,
"Label": null
}
]
},
{
"controlId": 48046,
"policies": [
{
"name": "EU AI Act",
"uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
}
],
"criticality": "HIGH",
"posture": "PASS",
"lastEvaluated": "1780658431385",
"statement": "Ensure tool invocations are logged",
"findings": null,
"remediation": null,
"evidence": []
},
{
"controlId": 48074,
"policies": [
{
"name": "EU AI Act",
"uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
}
],
"criticality": "MEDIUM",
"posture": "SKIPPED",
"lastEvaluated": "1780658431384",
"statement": "Ensure synthetic content is marked as artificially generated (manual review)",
"findings": null,
"remediation": "Verify by inspecting deployed system output (C2PA, SynthID, content credentials, metadata tags). Document marking implementation in system spec.",
"evidence": []
},
{
"controlId": 48042,
"policies": [
{
"name": "PCI DSS 4.0",
"uuid": "82b6906a-58b2-5158-ae52-390a98fd0467"
}
],
"criticality": "MEDIUM",
"posture": "FAIL",
"lastEvaluated": "1780658431385",
"statement": "Ensure per-agent credential scoping instead of a shared API key",
"findings": null,
"remediation": "Issue per-agent credentials: unique service account per agent role, scoped OAuth tokens, short-lived creds via STS. Document the credential-scope mapping per agent.",
"evidence": [
{
"File": null,
"Line": 0,
"EndLine": 0,
"Label": null
}
]
},
{
"controlId": 48049,
"policies": [
{
"name": "EU AI Act",
"uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
}
],
"criticality": "HIGH",
"posture": "FAIL",
"lastEvaluated": "1780658431384",
"statement": "Ensure persistent agent memory redacts PII",
"findings": null,
"remediation": "Run Presidio or equivalent on all memory writes. Store references/tokens instead of raw PII. Support per-subject erasure.",
"evidence": []
},
{
"controlId": 48053,
{
"controlId": 48015,
"policies": [
{
"name": "NIST AI RMF 1.0",
"uuid": "80061ac3-a1dc-59aa-9e10-5019fb4e4d01"
},
{
"name": "EU AI Act",
"uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
}
],
"criticality": "HIGH",
"posture": "PASS",
"lastEvaluated": "1780658431384",
"statement": "Ensure a shutdown/interrupt mechanism is available",
"findings": null,
"remediation": null,
"evidence": []
},
{
"controlId": 48063,
"policies": [
{
"name": "PCI DSS 4.0",
"uuid": "82b6906a-58b2-5158-ae52-390a98fd0467"
}
],
"criticality": "LOW",
"posture": "PASS",
"lastEvaluated": "1780658431385",
"statement": "Ensure prompts contain no sensitive-authentication-data (CVV/PIN/track) keywords",
"findings": null,
"remediation": null,
"evidence": []
},
{
"controlId": 48079,
"policies": [
{
"name": "EU AI Act",
"uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
}
],
"criticality": "MEDIUM",
"posture": "SKIPPED",
"lastEvaluated": "1780658431384",
"statement": "Ensure GPAI provider technical documentation is available",
"findings": null,
"remediation": "Ensure GPAI provider supplies model card, training data documentation, and copyright/TDM policy per Annex XI requirements.",
"evidence": []
},
{
"controlId": 48005,
"policies": [
{
"name": "PCI DSS 4.0",
"uuid": "82b6906a-58b2-5158-ae52-390a98fd0467"
},
{
"name": "EU AI Act",
"uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
}
],
"criticality": "HIGH",
"posture": "FAIL",
"lastEvaluated": "1780658431384",
"statement": "Ensure file paths are validated and not derived from LLM output",
"findings": null,
"remediation": "Validate paths against an allowlist. Use os.path.realpath() and assert the canonical path remains within the expected base directory.",
"evidence": [
{
"File": null,
"Line": 0,
"EndLine": 0,
"Label": null
}
]
},
{
"controlId": 48083,
"policies": [
{
"name": "PCI DSS 4.0",
"uuid": "82b6906a-58b2-5158-ae52-390a98fd0467"
}
],
"criticality": "MEDIUM",
"posture": "SKIPPED",
"lastEvaluated": "1780658431384",
"statement": "Ensure all privileged/administrative actions are logged with attribution",
"findings": null,
"remediation": "Log every tool/function-call invocation with parameters, timestamp, agent identity, and outcome. Use callback handlers or framework tool hooks.",
"evidence": []
},
{
"controlId": 48031,
"policies": [
{
"name": "EU AI Act",
"uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
}
],
"criticality": "MEDIUM",
"posture": "FAIL",
"lastEvaluated": "1780658431385",
"statement": "Ensure Azure Content Safety analysis is applied",
"findings": null,
"remediation": "Wire ContentSafetyClient (azure-ai-contentsafety) into the input/output flow. Use the AnalyzeTextOptions with the four standard categories (Hate/Self-Harm/Sexual/Violence).",
"evidence": [
{
"File": null,
"Line": 0,
"EndLine": 0,
"Label": null
}
]
},
{
"controlId": 48087,
"policies": [
{
"name": "PCI DSS 4.0",
"uuid": "82b6906a-58b2-5158-ae52-390a98fd0467"
}
],
"criticality": "MEDIUM",
"posture": "SKIPPED",
"lastEvaluated": "1780658431384",
"statement": "Ensure code is reviewed via SAST or manual review before release",
"findings": null,
"remediation": "Integrate SAST tools (Semgrep, CodeQL, aiscanner) into CI/CD pipeline. Conduct code reviews for all changes to payment-handling code.",
"evidence": []
},
{
"controlId": 48051,
"policies": [
{
"name": "EU AI Act",
"uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
}
],
"criticality": "MEDIUM",
"posture": "PASS",
"lastEvaluated": "1780658431384",
"statement": "Ensure model internals (logprobs/embeddings/attention) are not exposed",
"findings": null,
"remediation": null,
"evidence": []
},
{
"controlId": 48006,
"policies": [
{
"name": "PCI DSS 4.0",
"uuid": "82b6906a-58b2-5158-ae52-390a98fd0467"
},
{
"name": "EU AI Act",
"uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
}
],
"criticality": "HIGH",
"posture": "FAIL",
"lastEvaluated": "1780658431384",
"statement": "Ensure SQL is parameterized and never built from LLM output",
"findings": null,
"remediation": "Use parameterised queries (prepared statements). Never interpolate LLM output or untrusted strings into SQL.",
"evidence": [
{
"File": null,
"Line": 0,
"EndLine": 0,
"Label": null
}
]
},
{
"controlId": 48093,
"policies": [
{
"name": "NIST AI RMF 1.0",
"uuid": "80061ac3-a1dc-59aa-9e10-5019fb4e4d01"
}
],
"criticality": "MEDIUM",
"posture": "SKIPPED",
"lastEvaluated": "1780658431384",
"statement": "Ensure AI-specific incidents are tracked distinctly from generic incidents",
"findings": null,
"remediation": "Implement AI-specific incident tracking: log AI failures, near-misses, red-team findings. Feed back into risk register.",
"evidence": []
},
{
"controlId": 48045,
"policies": [
{
"name": "EU AI Act",
"uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
}
],
"criticality": "HIGH",
"posture": "PASS",
"lastEvaluated": "1780658431385",
"statement": "Ensure a logging framework is configured",
"findings": null,
"remediation": null,
"evidence": []
},
{
"controlId": 48058,
"policies": [
{
"name": "PCI DSS 4.0",
"uuid": "82b6906a-58b2-5158-ae52-390a98fd0467"
}
],
"criticality": "HIGH",
"posture": "PASS",
"lastEvaluated": "1780658431384",
"statement": "Ensure prompts contain no authentication-bypass instructions",
"findings": null,
"remediation": null,
"evidence": []
},
{
"controlId": 48070,
"policies": [
{
"name": "EU AI Act",
"uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
}
],
"criticality": "MEDIUM",
"posture": "SKIPPED",
"lastEvaluated": "1780658431385",
"statement": "Ensure the external systems the agent interacts with are documented",
"findings": null,
"remediation": "Document the external systems the AI system interacts with (MCP servers, APIs, data sources) per Annex IV §1(b).",
"evidence": []
},
{
"controlId": 48069,
"policies": [
{
"name": "EU AI Act",
"uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
}
],
"criticality": "MEDIUM",
"posture": "SKIPPED",
"lastEvaluated": "1780658431385",
"statement": "Ensure agent capabilities and human-oversight measures are documented",
"findings": null,
"remediation": "Document agent tool surface, capabilities, and the human-oversight measures in place per Article 14.",
"evidence": []
},
{
"controlId": 48099,
"policies": [
{
"name": "NIST AI RMF 1.0",
"uuid": "80061ac3-a1dc-59aa-9e10-5019fb4e4d01"
}
],
"criticality": "MEDIUM",
"posture": "SKIPPED",
"lastEvaluated": "1780658431385",
"statement": "Ensure third-party risks (vendors, models, MCP servers, vector DBs) are mapped",
"findings": null,
"remediation": "Maintain a register of third-party AI components (models, tools, MCP servers, vector DBs). Document risk per component and update on integration.",
"evidence": []
},
{
"controlId": 48092,
"policies": [
{
"name": "PCI DSS 4.0",
"uuid": "82b6906a-58b2-5158-ae52-390a98fd0467"
}
],
"criticality": "MEDIUM",
"posture": "SKIPPED",
"lastEvaluated": "1780658431385",
"statement": "Ensure payment-page tamper detection is in place",
"findings": null,
"remediation": "Implement Subresource Integrity (SRI) hashes and Content Security Policy (CSP) headers for all payment page scripts. Deploy change-detection monitoring on payment HTML and JavaScript assets. Alert on unauthorized modifications to payment page content.",
"evidence": []
},
{
"controlId": 48029,
"policies": [
{
"name": "EU AI Act",
"uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
}
],
"criticality": "MEDIUM",
"posture": "PASS",
"lastEvaluated": "1780658431384",
"statement": "Ensure Anthropic tools define an input_schema",
"findings": null,
"remediation": null,
"evidence": []
},
{
"controlId": 48003,
"policies": [
{
"name": "NIST AI RMF 1.0",
"uuid": "80061ac3-a1dc-59aa-9e10-5019fb4e4d01"
},
{
"name": "EU AI Act",
"uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
}
],
"criticality": "MEDIUM",
"posture": "PASS",
"lastEvaluated": "1780658431385",
"statement": "Ensure centralized observability is configured",
"findings": null,
"remediation": null,
"evidence": []
},
{
"controlId": 48078,
"policies": [
{
"name": "EU AI Act",
"uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
}
],
"criticality": "MEDIUM",
"posture": "SKIPPED",
"lastEvaluated": "1780658431385",
"statement": "Ensure a post-market monitoring system is in place",
"findings": null,
"remediation": "Establish monitoring for deployed AI agents: error rates, user feedback, performance drift, and incident tracking.",
"evidence": []
},
{
"controlId": 48030,
"policies": [
{
"name": "EU AI Act",
"uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
}
],
"criticality": "MEDIUM",
"posture": "FAIL",
"lastEvaluated": "1780658431384",
"statement": "Ensure Anthropic system instructions are isolated via the system parameter",
"findings": null,
"remediation": "Pass the system prompt via the dedicated system= parameter on messages.create; do not concatenate system instructions into the user message.",
"evidence": [
{
"File": null,
"Line": 0,
"EndLine": 0,
"Label": null
}
]
},
{
"controlId": 48020,
"policies": [
{
"name": "NIST AI RMF 1.0",
"uuid": "80061ac3-a1dc-59aa-9e10-5019fb4e4d01"
},
{
"name": "EU AI Act",
"uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
}
],
"criticality": "HIGH",
"posture": "FAIL",
"lastEvaluated": "1780658431384",
"statement": "Ensure adversarial/red-team testing is performed",
"findings": null,
"remediation": "Integrate adversarial testing: Garak (NVIDIA) for LLM attacks, Promptfoo in CI/CD, red-team exercises before releases.",
"evidence": []
},
{
"controlId": 48064,
"policies": [
{
"name": "EU AI Act",
"uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
}
],
"criticality": "HIGH",
"posture": "PASS",
"lastEvaluated": "1780658431384",
"statement": "Ensure no container/sandbox escape vectors are present",
"findings": null,
"remediation": null,
"evidence": []
},
{
"controlId": 48068,
"policies": [
{
"name": "EU AI Act",
"uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
}
],
"criticality": "CRITICAL",
"posture": "PASS",
"lastEvaluated": "1780658431385",
"statement": "Ensure HuggingFace models are not loaded with trust_remote_code=True",
"findings": null,
"remediation": null,
"evidence": []
}
],
"lastComplianceScanned": "1780658431565"
}
Enhancement in Registry Scan Status
Previously, Registry scan jobs used a single status field for all scan types. As a result, users could not easily see the status of individual scans, Secrets and Malware scan statuses were not tracked, and jobs could appear completed before all configured scans finished.
With this release, Registry scan jobs now track Vulnerability, PC (Middleware), Secrets, and Malware scans separately. Each scan type has its own status and error details, and scan types that are not enabled are marked as Not Configured. Job status is now based on the status of all configured scans, providing clear and accurate visibility into scan progress and completion.
- Fetch a List of Images to be Scanned for a Registry Schedule Job
GET /csapi/v1.3/registry/{registryId}/schedule/{scheduleId}/executions/{jobId}/images - Fetch a List of Executions Created for a Registry Schedule
GET /csapi/v1.3/registry/{registryId}/schedule/{scheduleId}/executions
Updated API: Fetch a List of Images to be Scanned for a Registry Schedule Job
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) |
v1.3/registry/{registryId}/schedule/{scheduleId}/executions/{jobId}/images |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch a List of Images to be Scanned for a Registry Schedule JobSample: Fetch a List of Images to be Scanned for a Registry Schedule Job
API Request
curl -X 'GET' \ '<qualys_base_url>/csapi/v1.3/registry/4337760c-07c7-4664-9b2e-a5ae7xxxx/schedule/1b861b2f-42ed-4340-a081-b6ad8d462e60/executions/5c5d10e4-c8c9-4d77-879f-c210c8ce55ba/images?pageNumber=1&pageSize=50' \ -H 'accept: application/json' \ -H 'Authorization: Bearer <token>'
API Response
{
"data": [
{
"imageId": "sha256:660f414xxxx78fab36077eaad1cb0bce5e0842b5ad5e34dxxxcf995391d3",
"repository": "qualysdockerhub/testvk",
"tags": "railsvk",
"scannedBy": "6f44b4f4-61bb-4377-9d0e-78b91581ca08",
"scanStart": "1780032147320",
"scanEnd": "1780032203228",
"scanErrors": [
{
"errorCode": "CMS-1331",
"errorMessage": "Requested scan type not configured",
"contextParams": {
"image": "registry-1.docker.io/qualysdockerhub/testvk@sha256:aec52fe81ff0e99d64174001fxxxxx9e1869756dec05c447f52a0fe637e7",
"sensorHostIpv4": "10.82.62.69",
"sensorHostname": "ip-10-82-62-69",
"sensorId": "6f44b4f4-61bb-4377-9d0e-78b91581ca08"
}
},
{
"errorCode": "CMS-1331",
"errorMessage": "Requested scan type not configured",
"contextParams": {
"image": "registry-1.docker.io/qualysdockerhub/testvk@sha256:aec52fe81ff0e99d64174001fbdf44c3bc9e1869756dec05c447f52a0fe637e7",
"sensorHostIpv4": "10.82.62.69",
"sensorHostname": "ip-10-82-62-69",
"sensorId": "6f44b4f4-61bb-4377-9d0e-78b91581ca08"
}
}
],
"status": "PartialSuccess",
"vulnScanStatus": "Completed",
"pcScanStatus": "Completed",
"secretsScanStatus": "Failed",
"malwareScanStatus": "Failed",
"vulnScanError": null,
"pcScanError": null,
"secretsScanError": {
"errorCode": "CMS-1331",
"errorMessage": "Requested scan type not configured",
"contextParams": {
"image": "registry-1.docker.io/qualysdockerhub/testvk@sha256:aec52fe81ff0e99d64174001fbdf44c3bc9e1869756dec05c447f52a0fe637e7",
"sensorHostIpv4": "10.82.62.69",
"sensorHostname": "ip-10-82-62-69",
"sensorId": "6f44b4f4-61bb-4377-9d0e-78b91581ca08"
}
},
"malwareScanError": {
"errorCode": "CMS-1331",
"errorMessage": "Requested scan type not configured",
"contextParams": {
"image": "registry-1.docker.io/qualysdockerhub/testvk@sha256:aec52fe81ff0e99d64174001fbdf44c3bc9e1869756dec05c447f52a0fe637e7",
"sensorHostIpv4": "10.82.62.69",
"sensorHostname": "ip-10-82-62-69",
"sensorId": "6f44b4f4-61bb-4377-9d0e-78b91581ca08"
}
},
"isContinuouslyAssessed": null
}
],
"count": 1
}
Updated API: Fetch a List of Executions Created for a Registry Schedule
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /v1.3/registry/{registryId}/schedule/{scheduleId}/executions |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch a List of Executions Created for a Registry ScheduleSample: Fetch a List of Executions Created for a Registry Schedule
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/registry/4337760c-07c7-4664-9b2e-a5ae70xxxa4/schedule/1b861b2f-42ed-4340-a081-b6ad8d462e60/executions?pageNumber=1&pageSize=50' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
API Response
{
"data": [
{
"jobUuid": "5c5xxxxe4-c8c9-4d77-879f-c210c8cxxxxba",
"createdTime": "1780031954429",
"listStartTime": "1780032013904",
"listEndTime": "1780032086028",
"scanStartTime": "1780032147237",
"scanEndTime": "1780032203272",
"listedBy": "7ff356df-6ae6-40a9-a02f-8fc2f499212f",
"listingErrors": null,
"status": "Finished",
"totalImages": 1,
"scannedImages": 0,
"failedImages": 0,
"inProgressImages": 0,
"queuedImages": 0,
"partiallyFailedImages": 1
}
],
"count": 1
}
Enhancement in Secret Detector
We have enhanced the global secret Exclude Blocks and global secret Allow Rules API in Secret Detector.
Exclude Block
Qualys Container Security's APIs enable defining content patterns to be excluded from secret scanning. By allowing known non-relevant content blocks to be skipped entirely, the API helps reduce unnecessary scanning, improves scan efficiency, and ensures that only relevant content is evaluated for potential secrets. To support this, below APIs are enhanced regarding exclude blcok.
- Fetch a List of Exclude Blocks
GET /csapi/v1.3/secretExcludeBlock - Fetch Details of an Exclude Block
GET /csapi/v1.3/secretExcludeBlock/{ruleId} - Create an Exclude Block
POST /csapi/v1.3/secretExcludeBlock/create - Update an Exclude Block
PUT /csapi/v1.3/secretExcludeBlock/{ruleId} - Delete Exclude Block
DELETE /csapi/v1.3/secretExcludeBlock/{ruleId}
New API: Fetch a List of Exclude Blocks
| New or Updated APIs | New |
|---|---|
| API Endpoint (New version) | /v1.3/secretExcludeBlock |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch a List of Exclude BlocksSample: Fetch a List of Exclude Blocks
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/secretExcludeBlock?pageNumber=1&pageSize=50&sort=created%3Adesc' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
API Response
{
"data": [
{
"ruleUuid": "4237bed5-ad82-4b73-9588-799dccb53989",
"description": "FO exclude block auto",
"regex": "KD9pKXRva2Vu",
"type": "custom",
"status": "Active",
"created": "1779942188881",
"updated": "1779942188881",
"createdBy": "apeks_ab7",
"updatedBy": "apeks_ab7" }
],
"count": 1,
"groups": {},
"aggs": null
}
New API: Fetch Details of an Exclude Block
| New or Updated APIs | New |
|---|---|
| API Endpoint (New version) | /v1.3/secretExcludeBlock/{ruleId} |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch Details of an Exclude BlockSample: Fetch Details of an Exclude Block
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/secretExcludeBlock/4237bed5-ad82-4b73-9588-799dccb53989' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
API Response
{
"ruleUuid": "4237bed5-ad82-4b73-9588-799dccb53989",
"description": "FO exclude block auto",
"regex": "KD9pKXRva2Vu",
"type": "custom",
"status": "Active",
"created": "1779942188881",
"updated": "1779942188881",
"createdBy": "apeks_ab7",
"updatedBy": "apeks_ab7"
}
New API: Create an Exclude Block
| New or Updated APIs | New |
|---|---|
| API Endpoint (New version) | /v1.3/secretExcludeBlock/create |
| Method | POST |
| DTD XSD Changes | No |
Input ParametersInput Parameters
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| regex | Mandatory | BASE64 encoded value |
Specify the encoded regex of the secret detector that you want to create. Provide regex of the Secret Detector. |
Sample: Create an Exclude BlockSample: Create an Exclude Block
API Request
curl -X 'POST' \
'<qualys_base_url>/csapi/v1.3/secretExcludeBlock/create' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '
{
"description": "FO exclude block auto",
"regex": "KD9pKXRva2Vu",
"status": "Active"
}
API Response
{
"Created exclude block": "42f8c8b3-333c-4792-b001-6c8e8e2ec87e"
}
New API: Update an Exclude Block
| New or Updated APIs | New |
|---|---|
| API Endpoint (New version) | /v1.3/secretExcludeBlock/{ruleId} |
| Method | PUT |
| DTD XSD Changes | No |
Input ParametersInput Parameters
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| regex | Mandatory | BASE64 encoded value |
Specify the encoded regex of the secret detector that you want to update. Provide regex of the Secret Detector. |
Sample: Update an Exclude BlockSample: Update an Exclude Block
API Request
curl -X 'PUT' \
'<qualys_base_url>/csapi/v1.3/secretExcludeBlock/4237bed5-ad82-4b73-9588-799dccb53989' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '
{
"description":
"FO exclude block auto updated",
"regex": "KD9pKXBhc3N3b3Jk",
"status": "Active"
}
API Response
{
"Updated exclude block": "4237bed5-ad82-4b73-9588-799dccb53989"
}
New API: Delete Exclude Block
| New or Updated APIs | New |
|---|---|
| API Endpoint (New version) | /v1.3/secretExcludeBlock/{ruleId} |
| Method | DELETE |
| DTD XSD Changes | No |
Input ParametersInput Parameters
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| ruleId | Mandatory | String | Specify the ID/UUID of the exclude block you want to delete. |
Sample: Delete Exclude BlockSample: Delete Exclude Block
API Request
curl -X 'DELETE' \
'<qualys_base_url>/csapi/v1.3/secretExcludeBlock/4237bed5-ad82-4b73-9588-799dccb53989' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
API Response
block deleted successfully
Allow Rules
Qualys Container Security supports configuring approved patterns, including regex and file paths, that must be excluded from secret detection findings. This helps minimize false positives and enables teams to focus on actionable security findings. Any scanned result that matches a configured allow rule is not identified as a secret.
- Fetch a List of Allow Rules
GET /csapi/v1.3/secretAllowRule - Fetch details of an Allow Rule
GET /csapi/v1.3/secretAllowRule/{ruleId} - Create an Allow Rule
POST /csapi/v1.3/secretAllowRule/create - Update an Allow Rule
PUT /csapi/v1.3/secretAllowRule/{ruleId} - Delete an Allow Rule
DELETE /csapi/v1.3/secretAllowRule/{ruleId}
New API: Fetch a List of Allow Rules
| New or Updated APIs | New |
|---|---|
| API Endpoint (New version) | /v1.3/secretAllowRule |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch a List of Allow RuleSample: Fetch a List of Allow Rule
API Request
curl -X 'GET' \ '<qualys_base_url>/csapi/v1.3/secretAllowRule?pageNumber=1&pageSize=50&sort=created%3Adesc' \ -H 'accept: application/json' \ -H 'Authorization: Bearer <token>'
API Response
{
"data": [
{
"ruleUuid": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"description": "System directories auto",
"regex": null,
"path": "XnVzclwvKD86c2hhcmV8aW5jbHVkZXxsaWJ8YmluKVwv",
"type": "custom",
"status": "Active",
"created": "1779942188881",
"updated": "1779942188881",
"createdBy": "apeks_ab7",
"updatedBy": "apeks_ab7"
}
],
"count": 1,
"groups": {},
"aggs": null
}
New API: Fetch Details of an Allow Rule
| New or Updated APIs | New |
|---|---|
| API Endpoint (New version) | /v1.3/secretAllowRule/{ruleId} |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch Details of an Allow RuleSample: Fetch Details of an Allow Rule
API Request
curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/secretAllowRule/a1b2c3d4-e5f6-7890-abcd-ef1234567890' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
API Response
{
"ruleUuid": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"description": "System directories auto",
"regex": null,
"path": "XnVzclwvKD86c2hhcmV8aW5jbHVkZXxsaWJ8YmluKVwv",
"type": "custom",
"status": "Active",
"created": "1779942188881",
"updated": "1779942188881",
"createdBy": "apeks_ab7",
"updatedBy": "apeks_ab7"
}
New API: Create an Allow Rule
| New or Updated APIs | New |
|---|---|
| API Endpoint (New version) | /v1.3/secretAllowRule/create |
| Method | POST |
| DTD XSD Changes | No |
Input ParametersInput Parameters
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| regex | Mandatory/Optional | BASE64 encoded value |
Specify the encoded regex of the secret detector that you want to create. Provide either regex or path of the Secret Detector. |
| path | Mandatory/Optional | BASE64 encoded value |
Specify the encoded path of the secret detector that you want to create. Provide either regex or path of the Secret Detector. |
Sample: Create an Allow RuleSample: Create an Allow Rule
API Request
curl -X 'POST' \
'<qualys_base_url>/csapi/v1.3/secretAllowRule/create' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \-d '
{
"description": "System directories auto",
"regex": null,
"path": "XnVzclwvKD86c2hhxxxxxbHVkZXxsaWJ8YmluKVwv",
"status": "Active"
}
API Response
{
"Created allow rule": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}
New API: Update an Allow Rule
| New or Updated APIs | New |
|---|---|
| API Endpoint (New version) | /v1.3/secretAllowRule/{ruleId} |
| Method | PUT |
| DTD XSD Changes | No |
Input ParametersInput Parameters
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| regex | Mandatory/Optional | BASE64 encoded value |
Specify the encoded regex of the secret detector that you want to update. Provide either regex or path of the Secret Detector. |
| path | Mandatory/Optional | BASE64 encoded value |
Specify the encoded path of the secret detector that you want to create. Provide either regex or path of the Secret Detector. |
Sample: Update an Allow RuleSample: Update an Allow Rule
API Request
curl -X 'PUT' \
<qualys_base_url>/csapi/v1.3/secretAllowRule/a1b2c3d4-e5f6-7890-abcd-ef1234567890' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '
{
"description": "System directories auto updated",
"regex": null,
"path": "XihvcHR8dmFyKVwv",
"status": "Active"
}
API Response
{
"Updated allow rule": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}
New API: Delete Allow Rule
| New or Updated APIs | New |
|---|---|
| API Endpoint (New version) | /v1.3/secretAllowRule/{ruleId} |
| Method | DELETE |
| DTD XSD Changes | No |
Input ParametersInput Parameters
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| ruleId | Mandatory | String | Specify the ID/UUID of the exclude block you want to delete. |
Sample: Delete an Allow RuleSample: Delete an Allow Rule
API Request
curl -X 'DELETE' \
'<qualys_base_url>/csapi/v1.3/secretAllowRule/a1b2c3d4-e5f6-7890-abcd-ef1234567890' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
API Response
rule deleted successfully
Compliance Posture for a Container
With this release, Qualys Container Security enhances compliance scanning capabilities by introducing new controls, removing outdated controls, and adding support for a SKIPPED posture for running containers in addition to container images. These enhancements provide increased visibility into container compliance posture, including runtime compliance assessment results.
This release expands compliance coverage with the addition of the following controls:
- Control ID 10805
- Control ID 19373
- Control ID 19374
- Control ID 19375
- Control ID 19376
- Control ID 19377
Removed Compliance Controls:
- Control ID 10810
- Control ID 10715
- Control ID 10808
New Compliance Posture - SKIPPED: Qualys Container Security reports controls with a SKIPPED posture when the required container or image data is unavailable for evaluation, providing additional visibility into compliance assessment results.
To enhance risk prioritization and improve clarity, this release updates the criticality levels as follows:
- LOW: Renamed from MINIMAL
- MEDIUM: Combines MEDIUM and SERIOUS
- HIGH: Combines CRITICAL and URGENT
The following API includes updated policy compliance details for containers.
Fetch Compliance Posture for a Container
/csapi/v1.3/containers/{containerSha}/compliance
Updated API: Fetch Compliance Posture for a Container
| New or Updated APIs | Updated |
|---|---|
| API Endpoint (New version) | /v1.3/containers/{containerSha}/compliance |
| Method | GET |
| DTD XSD Changes | No |
Sample: Fetch Compliance Posture for a ContainerSample: Fetch Compliance Posture for a Container
API Request
curl -X 'GET' \ '<qualys_base_url>/csapi/v1.3/containers/7ba409eeaf52cec8def68416270394d5a9dc6befbb915fdaf608edfb7aebd86f/compliance' \ -H 'accept: application/json' \ -H 'Authorization: Bearer <token>'
API Response
{
"uuid": "2808271b-5431-31e9-82f0-4b0f7xxxxd7",
"sha": "7ba409eeaf52cec8def68416270394d5a9dc6befbb9xxxxxaebd86f",
"customerUuid": "0c0fbabe-355c-5c7e-82c6-960dea056cc4",
"created": "1780548308000",
"updated": "1780563917402",
"controls": [
{
"controlId": 10856,
"policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
"technologyId": 283,
"criticality": "HIGH",
"posture": "PASS",
"lastEvaluated": "1780548346980",
"datapoints": [],
"statement": null,
"findings": []
},
{
"controlId": 10815,
"policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
"technologyId": 283,
"criticality": "MEDIUM",
"posture": "PASS",
"lastEvaluated": "1780548346980",
"datapoints": [],
"statement": null,
"findings": []
},
{
"controlId": 19376,
"policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
"technologyId": 283,
"criticality": "HIGH",
"posture": "PASS",
"lastEvaluated": "1780548346980",
"datapoints": [],
"statement": null,
"findings": []
},
{
"controlId": 10812,
"policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
"technologyId": 283,
"criticality": "MEDIUM",
"posture": "FAIL",
"lastEvaluated": "1780548346980",
"datapoints": [],
"statement": null,
"findings": [
"Container running without memory restrictions"
]
},
{
"controlId": 10825,
"policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
"technologyId": 283,
"criticality": "MEDIUM",
"posture": "FAIL",
"lastEvaluated": "1780548346980",
"datapoints": [],
"statement": null,
"findings": [
"Container running with root FS mounted R/W"
]
},
{
"controlId": 10802,
"policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
"technologyId": 283,
"criticality": "HIGH",
"posture": "FAIL",
"lastEvaluated": "1780548346980",
"datapoints": [],
"statement": null,
"findings": [
"Container running with default user (root)"
]
},
{
"controlId": 10807,
"policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
"technologyId": 283,
"criticality": "HIGH",
"posture": "PASS",
"lastEvaluated": "1780548346980",
"datapoints": [],
"statement": null,
"findings": []
},
{
"controlId": 10830,
"policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
"technologyId": 283,
"criticality": "MEDIUM",
"posture": "FAIL",
"lastEvaluated": "1780548346980",
"datapoints": [],
"statement": null,
"findings": [
"Health check not set"
]
},
{
"controlId": 10813,
"policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
"technologyId": 283,
"criticality": "MEDIUM",
"posture": "FAIL",
"lastEvaluated": "1780548346980",
"datapoints": [],
"statement": null,
"findings": [
"Container running without CPU restrictions"
]
},
{
"controlId": 10854,
"policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
"technologyId": 283,
"criticality": "MEDIUM",
"posture": "PASS",
"lastEvaluated": "1780548346980",
"datapoints": [],
"statement": null,
"findings": []
},
{
"controlId": 19373,
"policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
"technologyId": 283,
"criticality": "HIGH",
"posture": "PASS",
"lastEvaluated": "1780548346980",
"datapoints": [],
"statement": null,
"findings": []
},
{
"controlId": 10805,
"policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
"technologyId": 283,
"criticality": "MEDIUM",
"posture": "PASS",
"lastEvaluated": "1780548346980",
"datapoints": [],
"statement": null,
"findings": []
},
{
"controlId": 10828,
"policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
"technologyId": 283,
"criticality": "HIGH",
"posture": "PASS",
"lastEvaluated": "1780548346980",
"datapoints": [],
"statement": null,
"findings": []
},
{
"controlId": 10851,
"policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
"technologyId": 283,
"criticality": "MEDIUM",
"posture": "PASS",
"lastEvaluated": "1780548346980",
"datapoints": [],
"statement": null,
"findings": []
},
{
"controlId": 18990,
"policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
"technologyId": 283,
"criticality": "MEDIUM",
"posture": "PASS",
"lastEvaluated": "1780548346980",
"datapoints": [],
"statement": null,
"findings": []
},
{
"controlId": 10811,
"policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
"technologyId": 283,
"criticality": "HIGH",
"posture": "PASS",
"lastEvaluated": "1780548346980",
"datapoints": [],
"statement": null,
"findings": []
},
{
"controlId": 10829,
"policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
"technologyId": 283,
"criticality": "MEDIUM",
"posture": "FAIL",
"lastEvaluated": "1780548346980",
"datapoints": [],
"statement": null,
"findings": [
"PIDs limit not set"
]
},
{
"controlId": 10716,
"policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
"technologyId": 283,
"criticality": "MEDIUM",
"posture": "PASS",
"lastEvaluated": "1780548346980",
"datapoints": [],
"statement": null,
"findings": []
},
{
"controlId": 10857,
"policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
"technologyId": 283,
"criticality": "MEDIUM",
"posture": "PASS",
"lastEvaluated": "1780548346980",
"datapoints": [],
"statement": null,
"findings": []
},
{
"controlId": 19375,
"policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
"technologyId": 283,
"criticality": "MEDIUM",
"posture": "PASS",
"lastEvaluated": "1780548346980",
"datapoints": [],
"statement": null,
"findings": []
},
{
"controlId": 10858,
"policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
"technologyId": 283,
"criticality": "MEDIUM",
"posture": "PASS",
"lastEvaluated": "1780548346980",
"datapoints": [],
"statement": null,
"findings": []
},
{
"controlId": 19374,
"policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
"technologyId": 283,
"criticality": "LOW",
"posture": "PASS",
"lastEvaluated": "1780548346980",
"datapoints": [],
"statement": null,
"findings": []
},
{
"controlId": 10814,
"policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
"technologyId": 283,
"criticality": "MEDIUM",
"posture": "FAIL",
"lastEvaluated": "1780548346980",
"datapoints": [],
"statement": null,
"findings": [
"Expected restart policy is 5 retries on 'on-failure'. Detected: [no 0]"
]
},
{
"controlId": 10850,
"policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
"technologyId": 283,
"criticality": "MEDIUM",
"posture": "PASS",
"lastEvaluated": "1780548346980",
"datapoints": [],
"statement": null,
"findings": []
},
{
"controlId": 10855,
"policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
"technologyId": 283,
"criticality": "HIGH",
"posture": "FAIL",
"lastEvaluated": "1780548346980",
"datapoints": [],
"statement": null,
"findings": [
"Privileges not restricted"
]
},
{
"controlId": 19377,
"policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
"technologyId": 283,
"criticality": "MEDIUM",
"posture": "FAIL",
"lastEvaluated": "1780548346980",
"datapoints": [],
"statement": null,
"findings": [
"No SecurityOptions Found"
]
},
{
"controlId": 10809,
"policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
"technologyId": 283,
"criticality": "HIGH",
"posture": "PASS",
"lastEvaluated": "1780548346980",
"datapoints": [],
"statement": null,
"findings": []
}
],
"lastComplianceScanned": "1780548347135"
}