Container Security Release 1.44 API

June 30, 2026

Before understanding the API release highlights, refer to the Know Your Qualys API Server URL section to learn about the API server URL used in your API requests.

For these API Release Notes, we use <qualys_base_url> in the sample API requests. 

With the Container Security 1.44 release, we have made the following enhancements in CS APIs.

Enhancement in Sensor Profile

Previously, users had to configure the --perform-sca-scan sensor parameter and restart or reinstall the sensor to enable or disable SCA scanning. With this release, users can enable or disable SCA scanning directly from the Sensor Profile in the UI, eliminating the need for manual sensor-side configuration changes. To support this, the following API includes updates in the Sensor Profile.

Updated API: Fetch Details of a Sensor Profile

New or Updated APIs Updated
API Endpoint (New version) /csapi/v1.3/sensorProfile/{sensorProfileId}
Method GET
DTD XSD Changes No
Sample: Fetch Details of a Sensor ProfileSample: Fetch Details of a Sensor Profile

API Request

 curl -X 'GET' \
  '<qualys_base_url>/csapi/v1.3/sensors/66f3f025-b1d0-42b5-b9e0-0c696dc10307' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>'

API Response 
 

 {
  "profileId": "66f3f025-b1d0-42b5-b9e0-0c696dc10307",
  "profileName": "Test_General_03",
  "profileType": "General",
  "description": "",
  "createdBy": "quays_rq45",
  "created": "1779777615284",
  "updatedBy": "quays_rq45",
  "updated": "1779777615284",
  "associatedSensorsCount": 1,
  "associatedRegistriesCount": 0,
  "associatedSensors": [
    "5c951644-2db3-42be-a634-48fef40c4714"
  ],
  "associatedRegistries": null,
  "config": {
    "weeklyInactiveWindowSchedules": [],
    "vulnerabilityManagement": {
      "containerScanningInterval": 48,
      "imageExclusionRegexList": [],
      "scanningPolicy": "DynamicWithStaticScanningAsFallback",
      "scaStatus": "ENABLE"
    },
    "performanceManagement": {
      "maxNoOfArchivedLogFiles": 5,
      "maxLogFileSize": 10,
      "logSecurityLevel": "INFORMATION"
    },
    "runtimeSensor": "",
    "ignoreProcesses": null
  },
  "tags": [],
  "isVulnPropagation": false,
  "awsFargateVulnPropagationConfig": null

Updated API: Create a Sensor Profile

New or Updated APIs Updated
API Endpoint (New version) /csapi/v1.3/sensorProfile
Method POST
DTD XSD Changes No
Input ParametersInput Parameters
Parameter Mandatory/Optional Data Type Description
scaStatus Mandatory string Indicates whether a vulnerability finding or QID is associated with Software Composition Analysis (SCA).

Possible values: ENABLE / DISABLE

Sample: Create a Sensor ProfileSample: Create a Sensor Profile

API Request

 curl -X 'POST' \
  '<qualys_base_url>/csapi/v1.3/sensorProfile' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>' \
{
    "tags": [],
    "profileName": "Test_General_03",
    "profileType": "General",
    "description": "",
    "createdBy": "quays_rq45",
    "created": "1709285999760",
    "updatedBy": "quays_rq45",
    "updated": "1709287020832",
    "config": {
        "weeklyInactiveWindowSchedules": [],
        "vulnerabilityManagement": {
            "scanningPolicy": "DynamicWithStaticScanningAsFallback",
            "scaStatus": "ENABLE",
            "containerScanningInterval": 48,
            "imageExclusionRegexList": []
        },
        "performanceManagement": {
            "logSecurityLevel": "INFORMATION",
            "maxNoOfArchivedLogFiles": 5,
            "maxLogFileSize": 10
        },
        "runtimeSensor": "",
        "ignoreProcesses": null
    },
    "isVulnPropagation": null,
    "associatedSensorIds": ["5c951644-2db3-42be-a634-48fef40c4714"],
    "associatedRegistryIds": null,
    "filter": ""
}

API Response 
 

{
  "profileUuid": "66f3f025-b1d0-42b5-b9e0-0c696dc10307"

Updated API: Update a Sensor Profile

New or Updated APIs Updated
API Endpoint (New version) /csapi/v1.3/sensorProfile/{sensorProfileId}
Method PUT
DTD XSD Changes No
Input ParametersInput Parameters
Parameter Mandatory/Optional Data Type Description
scaStatus Mandatory string Indicates whether a vulnerability finding or QID is associated with Software Composition Analysis (SCA).

Possible values: ENABLE / DISABLE

Sample: Update a Sensor ProfileSample: Update a Sensor Profile

API Request

curl -X 'PUT' \
  '<qualys_base_url>/csapi/v1.3/sensorProfile/4332115d-9677-4aab-ab5e-233a2f2b8248' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>' \
{
    "tags": [],
    "profileId": "4332115d-9677-4aab-ab5e-233a2f2b8248",
    "profileName": "Test_General",
    "profileType": "General",
    "description": "",
    "createdBy": "quays_rq45",
    "created": "1709285999760",
    "updatedBy": "quays_rq45",
    "updated": "1709287020832",
    "config": {
        "weeklyInactiveWindowSchedules": [],
        "vulnerabilityManagement": {
            "scanningPolicy": "DynamicWithStaticScanningAsFallback",
            "scaStatus": "DISABLE",
            "containerScanningInterval": 48,
            "imageExclusionRegexList": []
        },
        "performanceManagement": {
            "logSecurityLevel": "INFORMATION",
            "maxNoOfArchivedLogFiles": 5,
            "maxLogFileSize": 10
        },
        "runtimeSensor": "",
        "ignoreProcesses": null
    },
    "isVulnPropagation": null,
    "associatedSensorIds": ["a890e391-20e2-4134-a6d2-70333e737e60"],
    "associatedRegistryIds": null,
    "filter": ""
}

API Response 
 

{
  "profileUuid": "4332115d-9677-4aab-ab5e-233a2f2b8248"

Enhancement in Vulnerability Reports

Previously, SCA QIDs were included in reports by default, with no option to exclude them. With this release, users can choose to include or exclude SCA QIDs in reports, allowing greater control over report content. To support this, the following API includes updates in Vulnerability Reports.

Updated API: Fetch a List of Reports

New or Updated APIs Updated
API Endpoint (New version) /csapi/v1.3/reports
Method GET
DTD XSD Changes No
Sample: Fetch a List of ReportsSample: Fetch a List of Reports

API Request

 curl -X 'GET' \
  '<qualys_base_url>/csapi/v1.3/reports?pageNumber=1&pageSize=50&sort=status%3Adesc' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>'

API Response 
 

{
  "data": [
    {
      "name": "Test_Schedule",
      "reportScheduleUuid": "d6eb5690-dfd9-11f0-876c-0548570c50d7",
      "scheduledDatetime": "2025-12-23T08:31:55.000Z",
      "templateName": "CS_IMAGE_VULNERABILITY",
      "resourceId": "31504477-b97d-4b9a-8360-47974e91b39a",
      "action": "CREATE",
      "eventTime": "2025-12-23T10:00:00Z",
      "eventEndTime": "2025-12-24T15:00:00Z",
      "cronExpression": "0 0 10 1/1 * ? *",
      "description": "",
      "createdDateTime": "2025-12-23T08:31:55.000Z",
      "nextFireTime": null,
      "state": "COMPLETED",
      "format": "csv",
      "moduleCode": "CS",
      "displayColumns": [
        "imageId",
        "tags",
        "qid"
      ],
      "emailNotification": 0,
      "filter": "",
      "reportScheduleDetails": {
        "recurrenceType": "DAILY",
        "selectedDayOfWeeks": null,
        "monthlyType": null,
        "ordinalDayOfMonth": 1,
        "dayOfWeek": null,
        "ordinalDayOfWeek": 0
      },
      "expireAfter": 7,
      "recipient": "",
      "customMessage": "",
      "sendAsAttachment": 0,
      "emailSubject": "",
      "zip": 0,
      "includeScaVuln": true
    }
  ],
  "count": 1,
  "groups": null,
  "aggs": null

Updated API: Create a Report Request

New or Updated APIs Updated
API Endpoint (New version) /csapi/v1.3/reports
Method POST
DTD XSD Changes No
Input ParametersInput Parameters
Parameter Mandatory/Optional Data Type Description
includeScaVuln Mandatory string Indicates whether you can now opt in for SCA for the following templates:
  • CS_IMAGES
  • CS_CONTAINERS

Possible values: true / false

Sample: Create a Report RequestSample: Create a Report Request

API Request

 curl -X 'POST' \
  '<qualys_base_url>/csapi/v1.3/reports' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>' \
  -H 'Content-Type: application/json' \
  -d {
    "name": "Hmm",
    "description": "",
    "templateName": "CS_IMAGES",
    "filter": null,
    "timezone": "Asia/Kolkata",
    "format": "csv",
    "reportScheduleDetails": null,
    "expireAfter": 7,
    "secondFilter": "",
    "displayColumns": ["imageId", "tags", "qid"],
    "zip": 0,
    "emailNotification": 0,
    "includeScaVuln": true
}

API Response 
 


  "reportUuid": "6c9f9c40-df2c-11f0-a6de-8fc0ae82011c" 
}

Updated API: Create a Report Schedule

New or Updated APIs Updated
API Endpoint (New version) /csapi/v1.3/reports/schedule
Method POST
DTD XSD Changes No
Input ParametersInput Parameters
Parameter Mandatory/Optional Data Type Description
includeScaVuln Mandatory string Indicates whether you can now opt in for SCA for the following templates:
  • CS_IMAGES
  • CS_CONTAINERS

Possible values: true / false

Sample: Create a Report ScheduleSample: Create a Report Schedule

API Request

curl -X 'POST' \
"<qualys_base_url>/csapi/v1.3/reports/schedule/"
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>' \
  -H 'Content-Type: application/json' \
  -d { 
 {
    "name": "Hmm",
    "description": "",
    "templateName": "CS_IMAGES",
    "filter": null,
    "timezone": "Asia/Kolkata",
    "format": "csv",
    "reportScheduleDetails": null,
    "expireAfter": 7,
    "secondFilter": "",
    "displayColumns": ["imageId", "tags", "qid"],
    "zip": 0,
    "emailNotification": 0,
    "includeScaVuln": true
}

API Response  

{
  "reportUuid": "620a2490-c3cc-11ed-bf38-5563a478dc98"
}

New Asset Type - Serverless Function (AWS Lambda Scan)

Qualys Container Security now supports serverless functions as a new asset type. Users can view and manage scanned serverless function assets through dedicated views in the UI and gateway APIs. Scan results provide visibility into AWS serverless functions, including functions deployed using both Image and ZIP package types. To support this, we have introduced the following APIs. 

New API: Fetch a List of Serverless Function

New or Updated APIs New
API Endpoint (New version) /v1.3/serverless-functions
Method GET
DTD XSD Changes No
Sample: Fetch a List of Serverless FunctionSample: Fetch a List of Serverless Function

API Request

curl -X 'GET' \
  '<qualys_base_url>/csapi/v1.3/serverless-functions?pageNo=1&pageSize=5&sort=lastScanned&limit=50' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>' 

API Response 

{
  "data": [
    {
      "customerUuid": "ea3bxxx3-3f77-7b40-8383-5723xxxx9",
      "uuid": "ddbxxx0b1-ad88-3fe4-8056-4a3xxxx7df",
      "functionId": "a17f60ce2570xxxd4ccd2f8610be29xxxxxab32c18bxx54895a4",
      "cloudResourceId": "arn:aws:lambda:us-east-1:362990800442:function:test-test-1-zip:1",
      "name": "test-1-zip",
      "architecture": "x86_64",
      "operatingSystem": null,
      "functionUrl": "<function_url>/snapshots/362990800442/test-1-zip-649c5ae1-b794-070f3c859ae0?versionId=5frsfYzOF_mdd9p4mYE3A2xR_-Security-Token=IQSignat",
      "runtime": "ruby3.3",
      "entryPoint": "lambda_function.handler",
      "imageUri": null,
      "memoryAllocation": 128,
      "artifactSize": 1000,
      "environmentConfig": [
        "API_KEY:TEST",
        "DB_PASSWORD:XXXXX"
      ],
      "packageType": "Zip",
      "cloudProvider": "AWS",
      "cloudAccountId": "362990800442",
      "cloudRegion": "us-east-1",
      "sourceTypes": [
        "COMMAND_LINE"
      ],
      "softwareCount": 0,
      "vulnerabilityCount": 0,
      "riskScore": 0,
      "maxQdsScore": null,
      "qdsSeverity": null,
      "created": 1778583029405,
      "updated": 1778583029405,
      "lastScanned": 1778583029405,
      "vulnerabilityStats": {
        "severity5Count": null,
        "severity4Count": null,
        "severity3Count": null,
        "severity2Count": null,
        "severity1Count": null
      }
    },
    {
      "customerUuid": "eaxxxx3f3-3f77-7b40-8383-5xxxxb6d99",
      "uuid": "a71ef18b-ca8f-3816-8ffa-26xxdfb90",
      "functionId": "a671801befdabb25dxxxxd04458bb261244xxxxc360ce92bf1149",
      "cloudResourceId": "arn:aws:lambda:us-west-2:362990800442:function:lambda-orchestrator",
      "name": "lambda-orchestrator",
      "architecture": "x86_64",
      "operatingSystem": "Oracle Enterprise Linux 8.10",
      "functionUrl": null,
      "runtime": null,
      "entryPoint": null,
      "imageUri": "362990800442.dkr.ecr.us-west-2.amazonaws.com/cloud-operator:latest",
      "memoryAllocation": 2048,
      "artifactSize": null,
      "environmentConfig": [
        "ROLE_NAME:CloudOperatorRole",
        "LAMBDA_SCAN_JOBS_TABLE:lambda-scan-jobs",
        "SERVICE_ACCOUNT_ID:362990800442",
        "TARGET_ACCOUNT_IDS:682437954104",
        "QUALYS_POD:xx1",
        "QUALYS_TOKEN:<token>",
        "SCAN_SERVICE_ACCOUNT:true",
        "ONBOARDED_ACCOUNTS_TABLE:onboarded-accounts",
        "QSCANNER_PATH:/usr/local/bin/qscanner",
        "LAMBDA_SQS_QUEUE_URL:https://sqs.us-west-2.amazonaws.com/362990800442/lambda-events",
        "REGIONS:us-west-2,sa-east-1,us-east-1,us-east-2"
      ],
      "packageType": "Image",
      "cloudProvider": "AWS",
      "cloudAccountId": "362990800442",
      "cloudRegion": "us-west-2",
      "sourceTypes": [
        "COMMAND_LINE"
      ],
      "softwareCount": 493,
      "vulnerabilityCount": 5,
      "riskScore": 76,
      "maxQdsScore": 42,
      "qdsSeverity": "MEDIUM",
      "created": 1778580006518,
      "updated": 1778583769597,
      "lastScanned": 1778583769603,
      "vulnerabilityStats": {
        "severity5Count": 0,
        "severity4Count": 2,
        "severity3Count": 3,
        "severity2Count": 0,
        "severity1Count": 0
      }
    },
    {
      "customerUuid": "ea3xxxxf3-3f77-7b40-8383-5xxxx9",
      "uuid": "866d9326-ce7a-3619-971c-8328d3943389",
      "functionId": "fd528363e5a18b53180xxxx8fcca73f09bfd7xxxx5c3e7aca875f0dfc3",
      "cloudResourceId": "arn:aws:lambda:ap-east-1:362990800442:function:qualys-util-scheduled-sfn-check",
      "name": "qualys-util-scheduled-sfn-check",
      "architecture": "x86_64",
      "operatingSystem": null,
      "functionUrl": "<function_url>/snapshots/362990800442/test-1-zip-649c5ae1-b794-070f3c859ae0?versionId=5frsfYzOF_mdd9p4mYE3A2xR_-Security-Token=IQSignat",
      "runtime": "nodejs22.x",
      "entryPoint": "index.handler",
      "imageUri": null,
      "memoryAllocation": 128,
      "artifactSize": 1561,
      "environmentConfig": [
        "AWS_PARTITION:aws"
      ],
      "packageType": "Zip",
      "cloudProvider": "AWS",
      "cloudAccountId": "362990800442",
      "cloudRegion": "ap-east-1",
      "sourceTypes": [
        "COMMAND_LINE"
      ],
      "softwareCount": 0,
      "vulnerabilityCount": 0,
      "riskScore": 0,
      "maxQdsScore": null,
      "qdsSeverity": null,
      "created": 1778578733936,
      "updated": 1779110391625,
      "lastScanned": 1779110391625,
      "vulnerabilityStats": {
        "severity5Count": null,
        "severity4Count": null,
        "severity3Count": null,
        "severity2Count": null,
        "severity1Count": null
      }
    },
    {
      "customerUuid": "eaxx3f3-3f77-7b40-8xxx-5723xxxxd99",
      "uuid": "e2bx76-8xxx3-30fd-9340-70xxx80",
      "functionId": "77fe23ad69cxxxfc0da1bxxxxx687fa55bxxx5d343",
      "cloudResourceId": "arn:aws:lambda:ap-east-1:362990800442:function:qualys-utils-create-inventory-scan-statuses",
      "name": "qualys-utils-create-inventory-scan-statuses",
      "architecture": "x86_64",
      "operatingSystem": null,
      "functionUrl": "<function_url>/snapshots/362990800442/test-1-zip-649c5ae1-b794-070f3c859ae0?versionId=5frsfYzOF_mdd9p4mYE3A2xR_-Security-Token=IQSignat",
      "runtime": "nodejs22.x",
      "entryPoint": "index.handler",
      "imageUri": null,
      "memoryAllocation": 128,
      "artifactSize": 1584,
      "environmentConfig": [
        "AWS_PARTITION:aws",
        "ScanStatusTableName:qualys-inventory-scan-status",
        "ScanStatesPending:PENDING"
      ],
      "packageType": "Zip",
      "cloudProvider": "AWS",
      "cloudAccountId": "362990800442",
      "cloudRegion": "ap-east-1",
      "sourceTypes": [
        "COMMAND_LINE"
      ],
      "softwareCount": 0,
      "vulnerabilityCount": 0,
      "riskScore": 0,
      "maxQdsScore": null,
      "qdsSeverity": null,
      "created": 1778578733735,
      "updated": 1779110391737,
      "lastScanned": 1779110391737,
      "vulnerabilityStats": {
        "severity5Count": null,
        "severity4Count": null,
        "severity3Count": null,
        "severity2Count": null,
        "severity1Count": null
      }
    },
    {
      "customerUuid": "ea3xxx3-3f77-7b40-8383-5xxxxd99",
      "uuid": "c025e742-5362-3173-8aac-4264d82b184b",
      "functionId": "d01c26cfaab1b55a74cb991bfcxxxxxxe1b19a605f068f08f6",
      "cloudResourceId": "arn:aws:lambda:ap-east-1:362990800442:function:qualys-utils-event-based-task-scheduler",
      "name": "qualys-utils-event-based-task-scheduler",
      "architecture": "x86_64",
      "operatingSystem": null,
      "functionUrl": "<function_url>/snapshots/362990800442/test-1-zip-649c5ae1-b794-070f3c859ae0?versionId=5frsfYzOF_mdd9p4mYE3A2xR_-Security-Token=IQSignat",
      "runtime": "nodejs22.x",
      "entryPoint": "index.handler",
      "imageUri": null,
      "memoryAllocation": 128,
      "artifactSize": 4922,
      "environmentConfig": [
        "TASK_QUEUE:https://sqs.ap-east-1.amazonaws.com/362990800442/qualys-discovery-worker-tasks",
        "SourceTableDiscoveryTask:EVENT_DISCOVERY_TASK",
        "AWS_PARTITION:aws",
        "QualysAppConfigTable:qualys-app-config",
        "DISCOVERY_TASK_TABLE:qualys-discovery-task",
        "SSMAccountsParameterName:/qualys/snapshot-scanner/account-config"
      ],
      "packageType": "Zip",
      "cloudProvider": "AWS",
      "cloudAccountId": "362990800442",
      "cloudRegion": "ap-east-1",
      "sourceTypes": [
        "COMMAND_LINE"
      ],
      "softwareCount": 0,
      "vulnerabilityCount": 0,
      "riskScore": 0,
      "maxQdsScore": null,
      "qdsSeverity": null,
      "created": 1778578733553,
      "updated": 1779110391841,
      "lastScanned": 1779110391841,
      "vulnerabilityStats": {
        "severity5Count": null,
        "severity4Count": null,
        "severity3Count": null,
        "severity2Count": null,
        "severity1Count": null
      }
    }
  ],
  "count": 140

New API: Fetch Details of a Serverless Function

New or Updated APIs New
API Endpoint (New version) /v1.3/serverless-functions/{functionUuid}
Method GET
DTD XSD Changes No
Input ParametersInput Parameters
Parameter Mandatory/Optional Data Type Description
functionUuid Mandatory string Specify the uuid of a serverless lambda function.
Sample: Fetch Details of a Serverless FunctionSample: Fetch Details of a Serverless Function

API Request

curl -X 'GET' \
  '<qualys_base_url>/csapi/v1.3/serverless-functions/ddb090b1-ad88-3fe4-8056-4a3ac8d8c7df' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>' 

API Response 

{
  "customerUuid": "ea3bxxx3-3f77-7b40-8383-5723xxxx99",
  "uuid": "ddb090b1-ad88-3fe4-8056-4a3ac8d8c7df",
  "functionId": "a17f60ce257xxxxxxxxxxxbd4ccd2f8610be293xxxxx8b54895a4",
  "cloudResourceId": "arn:aws:lambda:us-east-1:362990800442:function:test-1-zip:1",
  "name": "test-1-zip",
  "architecture": "x86_64",
  "operatingSystem": null,
  "functionUrl": "<function_url>/snapshots/362990800442/test-1-zip-649c5ae1-b794-070f3c859ae0?versionId=5frsfYzOF_mdd9p4mYE3A2xR_-Security-Token=IQSignat",
  "runtime": "ruby3.3",
  "entryPoint": "lambda_function.handler",
  "imageUri": null,
  "memoryAllocation": 128,
  "artifactSize": 1000,
  "environmentConfig": [
    "API_KEY:AKxxxxLE",
    "DB_PASSWORD:Sxpxxxx"
  ],
  "packageType": "Zip",
  "cloudProvider": "AWS",
  "cloudAccountId": "362990800442",
  "cloudRegion": "us-east-1",
  "sourceTypes": [
    "COMMAND_LINE"
  ],
  "softwareCount": 0,
  "vulnerabilityCount": 0,
  "riskScore": 0,
  "maxQdsScore": null,
  "qdsSeverity": null,
  "created": 1778583029405,
  "updated": 1778583029405,
  "lastScanned": 1778583029405,
  "firstFound": 1778583029405,
  "scanTypes": [
    "SCA"
  ],
  "vulnerabilityStats": {
    "severity5Count": null,
    "severity4Count": null,
    "severity3Count": null,
    "severity2Count": null,
    "severity1Count": null
  },
  "softwareList": [],
  "vulnerabilityList": [],
  "vulnSummary": null

New API: Fetch Software Details of Serverless Function

New or Updated APIs New
API Endpoint (New version) /v1.3/serverless-functions/{functionUuid}/software
Method GET
DTD XSD Changes No
Input ParametersInput Parameters
Parameter Mandatory/Optional Data Type Description
functionUuid Mandatory string Specify the uuid of a serverless lambda function.
filter optional string Filter the vulnerability details of scanned lambda function by providing a query using Qualys syntax.
sort optional string Sort the results using a Qualys token. For example name: asc.
Sample: Fetch Software Details of Serverless FunctionSample: Fetch Software Details of Serverless Function

API Request

curl -X 'GET' \
  '<qualys_base_url>/csapi/v1.3/serverless-functions/80a5dd43-5368-364c-9398-98a3fb2e2f4e/software' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>' 

API Response 

{
  "data": [
    {
      "name": "charset-normalizer",
      "version": "2.0.12",
      "scanType": "SCA",
      "packagePath": "charset_normalizer-2.0.12.dist-info/METADATA",
      "fixVersion": null,
      "vulnerabilities": {
        "severity5Count": null,
        "severity4Count": null,
        "severity3Count": null,
        "severity2Count": null,
        "severity1Count": null
      }
    },
    {
      "name": "Werkzeug",
      "version": "2.2.2",
      "scanType": "SCA",
      "packagePath": "Werkzeug-2.2.2.dist-info/METADATA",
      "fixVersion": "3.1.5",
      "vulnerabilities": {
        "severity5Count": 0,
        "severity4Count": 2,
        "severity3Count": 2,
        "severity2Count": 1,
        "severity1Count": 0
      }
    },
    {
      "name": "certifi",
      "version": "2022.12.7",
      "scanType": "SCA",
      "packagePath": "certifi-2022.12.7.dist-info/METADATA",
      "fixVersion": "2024.7.4",
      "vulnerabilities": {
        "severity5Count": 0,
        "severity4Count": 1,
        "severity3Count": 0,
        "severity2Count": 1,
        "severity1Count": 0
      }
    },
    {
      "name": "urllib3",
      "version": "1.26.14",
      "scanType": "SCA",
      "packagePath": "urllib3-1.26.14.dist-info/METADATA",
      "fixVersion": "2.7.0",
      "vulnerabilities": {
        "severity5Count": 0,
        "severity4Count": 4,
        "severity3Count": 4,
        "severity2Count": 0,
        "severity1Count": 0
      }
    },
    {
      "name": "MarkupSafe",
      "version": "3.0.3",
      "scanType": "SCA",
      "packagePath": "markupsafe-3.0.3.dist-info/METADATA",
      "fixVersion": null,
      "vulnerabilities": {
        "severity5Count": null,
        "severity4Count": null,
        "severity3Count": null,
        "severity2Count": null,
        "severity1Count": null
      }
    },
    {
      "name": "idna",
      "version": "3.14",
      "scanType": "SCA",
      "packagePath": "idna-3.14.dist-info/METADATA",
      "fixVersion": null,
      "vulnerabilities": {
        "severity5Count": null,
        "severity4Count": null,
        "severity3Count": null,
        "severity2Count": null,
        "severity1Count": null
      }
    },
    {
      "name": "Jinja2",
      "version": "3.0.3",
      "scanType": "SCA",
      "packagePath": "Jinja2-3.0.3.dist-info/METADATA",
      "fixVersion": "3.1.6",
      "vulnerabilities": {
        "severity5Count": 0,
        "severity4Count": 0,
        "severity3Count": 2,
        "severity2Count": 0,
        "severity1Count": 0
      }
    },
    {
      "name": "requests",
      "version": "2.28.0",
      "scanType": "SCA",
      "packagePath": "requests-2.28.0.dist-info/METADATA",
      "fixVersion": "2.33.0",
      "vulnerabilities": {
        "severity5Count": 0,
        "severity4Count": 0,
        "severity3Count": 4,
        "severity2Count": 0,
        "severity1Count": 0
      }
    }
  ],
  "count": 8

New API: Fetch Vulnerability stats in Serverless Function

New or Updated APIs New
API Endpoint (New version) /v1.3/serverless-functions/{functionUuid}/vuln/stats
Method GET
DTD XSD Changes No
Input ParametersInput Parameters
Parameter Mandatory/Optional Data Type Description
uuid Mandatory string Specify the uuid of a serverless lambda function.
filter optional string Filter the vulnerability details of scanned lambda function by providing a query using Qualys syntax.
sort optional string Sort the results using a Qualys token. 

Sample: Fetch Vulnerability Stats in Serverless FunctionSample: Fetch Vulnerability Stats in Serverless Function

API Request

curl -X 'GET' \
  '<qualys_base_url>/csapi/v1.3/serverless-functions/80a5dd43-5368-364c-9398-98a3fb2e2f4e/vuln/stats' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>' 

API Response 

{
  "data": [
    {
      "vulnerability": null,
      "result": "#table cols=\"5\"\nPackage Installed_Version Required_Version Language Install_Path\njinja2 3.0.3 3.1.5 Python Jinja2-3.0.3.dist-info/METADATA",
      "lastFound": "1779110802972",
      "firstFound": "1778579116571",
      "severity": 3,
      "customerSeverity": 3,
      "port": null,
      "typeDetected": "CONFIRMED",
      "status": null,
      "risk": 30,
      "category": "SCA",
      "discoveryType": [
        "AUTHENTICATED"
      ],
      "authType": [
        "UNIX_AUTH"
      ],
      "supportedBy": [
        "CA-Windows Agent",
        "CA-Linux Agent",
        "SCA",
        "CS-Windows",
        "CS-Linux"
      ],
      "product": [
        "pip"
      ],
      "vendor": [
        "pip"
      ],
      "cveids": [
        "CVE-2024-56326"
      ],
      "threatIntel": {
        "activeAttacks": null,
        "zeroDay": null,
        "publicExploit": null,
        "highLateralMovement": true,
        "easyExploit": null,
        "highDataLoss": null,
        "noPatch": null,
        "denialOfService": null,
        "malware": null,
        "exploitKit": null,
        "publicExploitNames": null,
        "malwareNames": null,
        "exploitKitNames": null,
        "wormable": null,
        "predictedHighRisk": null,
        "privilegeEscalation": null,
        "unauthenticatedExploitation": null,
        "remoteCodeExecution": null,
        "ransomware": null,
        "solorigateSunburst": null,
        "cisaKnownExploitedVulns": null
      },
      "qid": 5002317,
      "title": "Python (Pip) Security Update for jinja2 (GHSA-q2x7-8rv6-6q7h)",
      "cvssInfo": {
        "baseScore": "5.4",
        "temporalScore": "4.0",
        "accessVector": "Adjacent Network"
      },
      "cvss3Info": {
        "baseScore": "7.8",
        "temporalScore": "6.8"
      },
      "patchAvailable": true,
      "published": 1735038671000,
      "scanType": [
        "SCA"
      ],
      "qdsScore": 30,
      "isExempted": false,
      "vendorData": null,
      "software": null,
      "ageInDays": null,
      "fixed": null,
      "os": null
    },
    {
      "vulnerability": null,
      "result": "#table cols=\"5\"\nPackage Installed_Version Required_Version Language Install_Path\nwerkzeug 2.2.2 3.1.6 Python Werkzeug-2.2.2.dist-info/METADATA",
      "lastFound": "1779110802995",
      "firstFound": "1778579116600",
      "severity": 3,
      "customerSeverity": 3,
      "port": null,
      "typeDetected": "CONFIRMED",
      "status": null,
      "risk": 30,
      "category": "SCA",
      "discoveryType": [
        "AUTHENTICATED"
      ],
      "authType": [
        "UNIX_AUTH"
      ],
      "supportedBy": [
        "CA-Windows Agent",
        "CA-Linux Agent",
        "SCA",
        "CS-Windows",
        "CS-Linux"
      ],
      "product": [
        "pip"
      ],
      "vendor": [
        "pip"
      ],
      "cveids": [
        "CVE-2026-27199"
      ],
      "threatIntel": {
        "activeAttacks": null,
        "zeroDay": null,
        "publicExploit": true,
        "highLateralMovement": true,
        "easyExploit": null,
        "highDataLoss": null,
        "noPatch": null,
        "denialOfService": null,
        "malware": null,
        "exploitKit": null,
        "publicExploitNames": null,
        "malwareNames": null,
        "exploitKitNames": null,
        "wormable": null,
        "predictedHighRisk": null,
        "privilegeEscalation": null,
        "unauthenticatedExploitation": null,
        "remoteCodeExecution": null,
        "ransomware": null,
        "solorigateSunburst": null,
        "cisaKnownExploitedVulns": null
      },
      "qid": 5007887,
      "title": "Python (Pip) Security Update for werkzeug (GHSA-29vq-49wr-vm6x)",
      "cvssInfo": {
        "baseScore": "5.4",
        "temporalScore": "4.3",
        "accessVector": "Adjacent Network"
      },
      "cvss3Info": {
        "baseScore": "5.3",
        "temporalScore": "4.8"
      },
      "patchAvailable": true,
      "published": 1771589458000,
      "scanType": [
        "SCA"
      ],
      "qdsScore": 37,
      "isExempted": false,
      "vendorData": null,
      "software": null,
      "ageInDays": null,
      "fixed": null,
      "os": null
    },
    {
      "vulnerability": null,
      "result": "#table cols=\"5\"\nPackage Installed_Version Required_Version Language Install_Path\nurllib3 1.26.14 2.7.0 Python urllib3-1.26.14.dist-info/METADATA",
      "lastFound": "1779110802999",
      "firstFound": "1779110802999",
      "severity": 4,
      "customerSeverity": 4,
      "port": null,
      "typeDetected": "CONFIRMED",
      "status": null,
      "risk": 40,
      "category": "SCA",
      "discoveryType": [
        "AUTHENTICATED"
      ],
      "authType": [
        "UNIX_AUTH"
      ],
      "supportedBy": [
        "CA-Windows Agent",
        "CA-Linux Agent",
        "SCA",
        "CS-Windows",
        "CS-Linux"
      ],
      "product": [
        "pip"
      ],
      "vendor": [
        "pip"
      ],
      "cveids": [
        "CVE-2026-44431"
      ],
      "threatIntel": {
        "activeAttacks": null,
        "zeroDay": null,
        "publicExploit": null,
        "highLateralMovement": null,
        "easyExploit": true,
        "highDataLoss": null,
        "noPatch": null,
        "denialOfService": null,
        "malware": null,
        "exploitKit": null,
        "publicExploitNames": null,
        "malwareNames": null,
        "exploitKitNames": null,
        "wormable": null,
        "predictedHighRisk": null,
        "privilegeEscalation": null,
        "unauthenticatedExploitation": null,
        "remoteCodeExecution": null,
        "ransomware": null,
        "solorigateSunburst": null,
        "cisaKnownExploitedVulns": null
      },
      "qid": 5012480,
      "title": "Python (Pip) Security Update for urllib3 (GHSA-qccp-gfcp-xxvc)",
      "cvssInfo": {
        "baseScore": "5.0",
        "temporalScore": "3.7",
        "accessVector": "Network"
      },
      "cvss3Info": {
        "baseScore": "5.3",
        "temporalScore": "4.6"
      },
      "patchAvailable": true,
      "published": 1778679888000,
      "scanType": [
        "SCA"
      ],
      "qdsScore": 35,
      "isExempted": false,
      "vendorData": null,
      "software": [
        {
          "name": "urllib3",
          "version": "1.26.14",
          "scanType": "SCA",
          "packagePath": "urllib3-1.26.14.dist-info/METADATA",
          "fixVersion": "2.7.0",
          "vulnerabilities": null
        }
      ],
      "ageInDays": null,
      "fixed": null,
      "os": null
    }
  ],
  "vulnSummary": {
    "confirmed": {
      "sev1Count": 0,
      "sev5Count": 0,
      "sev2Count": 2,
      "sev4Count": 7,
      "sev3Count": 19
    },
    "potential": {
      "sev1Count": 0,
      "sev5Count": 0,
      "sev2Count": 0,
      "sev4Count": 0,
      "sev3Count": 0
    },
    "igs": {
      "sev1Count": 0,
      "sev5Count": 0,
      "sev2Count": 0,
      "sev4Count": 0,
      "sev3Count": 0
    },
    "patchAvailability": {
      "confirmed": {
        "sev1Count": 0,
        "sev5Count": 0,
        "sev2Count": 2,
        "sev4Count": 7,
        "sev3Count": 19
      },
      "potential": {
        "sev1Count": 0,
        "sev5Count": 0,
        "sev2Count": 0,
        "sev4Count": 0,
        "sev3Count": 0
      },
      "igs": {
        "sev1Count": 0,
        "sev5Count": 0,
        "sev2Count": 0,
        "sev4Count": 0,
        "sev3Count": 0
      }
    }
  },
  "driftReasonSummary": null

New API: Fetch a List of Serverless Functions in Bulk

New or Updated APIs New
API Endpoint (New version) /v1.3/serverless-functions/list
Method GET
DTD XSD Changes No
Sample: Fetch a List of Serverless Function in BulkSample: Fetch a List of Serverless Function in Bulk

API Request

curl -X 'GET' \
  '<qualys_base_url>/csapi/v1.3/serverless-functions/list?limit=1' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>' 

API Response 

 {
  "data": [
    {
      "customerUuid": "ea3bxxxf3-3f77-7b40-8383-57xxxx99",
      "uuid": "da7631c2-87a8-3894-9174-5330bcf5102b",
      "functionId": "cb69b81489a5xxxxxxx7422aa86816bf1ae0fd2eda241ea77c5ffd",
      "cloudResourceId": "arn:aws:lambda:us-east-1:362990800442:function:testconnection",
      "name": "testconnection",
      "architecture": "x86_64",
      "operatingSystem": null,
      "functionUrl": "<function_url>/snapshots/362990800442/test-1-zip-649c5ae1-b794-070f3c859ae0?versionId=5frsfYzOF_mdd9p4mYE3A2xR_-Security-Token=IQSignat",
      "runtime": "nodejs16.x",
      "entryPoint": "index.handler",
      "imageUri": null,
      "memoryAllocation": 128,
      "artifactSize": 304,
      "environmentConfig": null,
      "packageType": "Zip",
      "cloudProvider": "AWS",
      "cloudAccountId": "362990800442",
      "cloudRegion": "us-east-1",
      "sourceTypes": [
        "COMMAND_LINE"
      ],
      "softwareCount": 0,
      "vulnerabilityCount": 0,
      "riskScore": 0,
      "maxQdsScore": null,
      "qdsSeverity": null,
      "created": "1778498684369",
      "updated": "1779110939291",
      "lastScanned": "1779110939291",
      "firstFound": "1778498684369",
      "scanTypes": [
        "SCA"
      ],
      "software": [],
      "vulnerabilities": []
    }
  ],
  "limit": 1

New Asset Type - Code Repository Scan

Qualys Container Security now supports Code as a separate asset type for code scan results. Scanned local and remote repositories can be viewed and managed from a centralized location through dedicated asset listing and details views, as well as gateway APIs. Users can access repository details such as branch information and commit hashes, improving visibility into scanned code assets. To support this, we introduced the following APIs. 

New API: Fetch a List of Code Repository Scan

New or Updated APIs New
API Endpoint (New version) /v1.3/code
Method GET
DTD XSD Changes No
Sample: Fetch a List of Code Repository ScanSample: Fetch a List of Code Repository Scan

API Request

curl -X 'GET' \
  '<qualys_base_url>/csapi/v1.3/code?pageNumber=1&pageSize=50&sort=created%3Adesc' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>' 

API Response 

{
  "data": [
    {
      "uuid": "42xxxxe4-1ddb-307e-bcb3-05axxxxbc7",
      "codeId": "57f185787dc0f81xxxxxxxxfbf779a54a4a82xxxxxx60f1",
      "repositoryUrl": "https://xxxx.com/run-llama/llama_index.git",
      "repositoryName": "llama_index",
      "branch": "main",
      "commitHash": "9aa5ee5cd2a1ecff6ffa2a8cd6af46b87af674b9",
      "commitTimestamp": "1780091579000",
      "commitAuthor": "Nhat Minh",
      "created": "1780495186664",
      "updated": "1780495186664",
      "lastScanned": null,
      "softwareCount": null,
      "vulnerabilityCount": null,
      "vulnerabilityStats": {
        "severity5Count": null,
        "severity4Count": null,
        "severity3Count": null,
        "severity2Count": null,
        "severity1Count": null
      },
      "riskScore": null,
      "maxQdsScore": null,
      "qdsSeverity": null,
      "lastComplianceScanDate": "1780495186703",
      "compliance": {
        "failCount": 28,
        "passCount": 37,
        "skipCount": 32,
        "errorCount": 32
      }
    },
    {
      "uuid": "97xxx7d-911f-3486-9b03-7b64xxx7",
      "codeId": "9fdc37a995e57f461c4f4e74faxxxxx7a5864433647",
      "repositoryUrl": "https://xxx.ixxxt.quxxxs.com/scm/cssen/qscanner-vscode-extension.git",
      "repositoryName": "qscanner-vscode-extension",
      "branch": "release/1.0.0",
      "commitHash": "34de6d89b75cacc5df01228c00d3e239590a0f39",
      "commitTimestamp": "1780313713000",
      "commitAuthor": "abc",
      "created": "1780482300968",
      "updated": "1780482300968",
      "lastScanned": "1780482301031",
      "softwareCount": 121,
      "vulnerabilityCount": 0,
      "vulnerabilityStats": {
        "severity5Count": 0,
        "severity4Count": 0,
        "severity3Count": 0,
        "severity2Count": 0,
        "severity1Count": 0
      },
      "riskScore": 0,
      "maxQdsScore": null,
      "qdsSeverity": null,
      "lastComplianceScanDate": null,
      "compliance": {
        "failCount": null,
        "passCount": null,
        "skipCount": null,
        "errorCount": null
      }
    },
    {
      "uuid": "f8c5a45a-14c2-3eb9-b4f3-733xxxxxe95e",
      "codeId": "20dcf82f9a933c5667e0a0d28a2xxxxxxxxxxxx6d83c064",
      "repositoryUrl": "https://xxxx.com/spxxg-pxxcts/spring-boot.git",
      "repositoryName": "spring-boot",
      "branch": "main",
      "commitHash": "1d5dc3e3c812xxxxxxxxx10a5887728c116",
      "commitTimestamp": "1780442062000",
      "commitAuthor": "Phillip Webb",
      "created": "1780481091452",
      "updated": "1780487375292",
      "lastScanned": "1780487376006",
      "softwareCount": 575,
      "vulnerabilityCount": 0,
      "vulnerabilityStats": {
        "severity5Count": 0,
        "severity4Count": 0,
        "severity3Count": 0,
        "severity2Count": 0,
        "severity1Count": 0
      },
      "riskScore": 0,
      "maxQdsScore": null,
      "qdsSeverity": null,
      "lastComplianceScanDate": null,
      "compliance": {
        "failCount": null,
        "passCount": null,
        "skipCount": null,
        "errorCount": null
      }
    },
    {
      "uuid": "8d7xxd-084c-3648-b112-f5axxxc6",
      "codeId": "231c1a2cf55c85d149cc6xxxxxxxxxxxxx4d9f4a39fb26fdfc8",
      "repositoryUrl": "https://xxx.com/mixxt/semantic-kernel.git",
      "repositoryName": "semantic-kernel",
      "branch": "main",
      "commitHash": "32e904c017c33ebxxxxxxxxxxx6e61e2e7aea81c",
      "commitTimestamp": "1779908384000",
      "commitAuthor": "semenshi-m",
      "created": "1780478594985",
      "updated": "1780479834399",
      "lastScanned": "1780479837260",
      "softwareCount": 2415,
      "vulnerabilityCount": 89,
      "vulnerabilityStats": {
        "severity5Count": 2,
        "severity4Count": 31,
        "severity3Count": 39,
        "severity2Count": 16,
        "severity1Count": 1
      },
      "riskScore": 164,
      "maxQdsScore": 72,
      "qdsSeverity": "HIGH",
      "lastComplianceScanDate": null,
      "compliance": {
        "failCount": null,
        "passCount": null,
        "skipCount": null,
        "errorCount": null
      }
    },
    {
      "uuid": "052ad00d-33cc-3ea1-9563-25xxxxxxxx35915",
      "codeId": "524ea166fcc7d3c882ed2995d36d38xxxxxxxxxx503dff3ff327",
      "repositoryUrl": "https://gxxxx.com/lxxxxn-ai/langchain.git",
      "repositoryName": "langchain",
      "branch": "master",
      "commitHash": "eb2dabb8b7102fbedb33016dcf10fe475efde88e",
      "commitTimestamp": "1780430556000",
      "commitAuthor": "Mason Daugherty",
      "created": "1780474360007",
      "updated": "1780493765682",
      "lastScanned": "1780493767199",
      "softwareCount": 2261,
      "vulnerabilityCount": 1,
      "vulnerabilityStats": {
        "severity5Count": 0,
        "severity4Count": 1,
        "severity3Count": 0,
        "severity2Count": 0,
        "severity1Count": 0
      },
      "riskScore": 42,
      "maxQdsScore": 35,
      "qdsSeverity": "LOW",
      "lastComplianceScanDate": "1780493763916",
      "compliance": {
        "failCount": 23,
        "passCount": 38,
        "skipCount": 32,
        "errorCount": 32
      }
    }
  ],
  "count": 135

New API: Fetch Details of a Code Repository Scan

New or Updated APIs New
API Endpoint (New version) /v1.3/code/{uuid}
Method GET
DTD XSD Changes No
Input ParametersInput Parameters
Parameter Mandatory/Optional Data Type Description
uuid
Mandatory string Specify the uuid value of an code asset.
Sample: Fetch Details of a Code Repository ScanSample: Fetch Details of a Code Repository Scan

API Request

curl -X 'GET' \
  '<qualys_base_url>/csapi/v1.3/code/429c1ae4-1ddb-307e-bcb3-05aa98231bc7' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>' 

API Response 

{
  "details": {
    "uuid": "429c1ae4-1ddb-307e-bcb3-05aa9xxxxbc7",
    "codeId": "57f185787dc0f8136ee0c6bbcfexxxxe06fbf779a54a4a826xxx760f1",
    "repositoryUrl": "https://xxxb.com/run-llama/llama_xxxex.git",
    "repositoryName": "llama_index",
    "branch": "main",
    "commitHash": "9aa5ee5cd2a1ecff6ffa2a8cd6af46b87af674b9",
    "commitTimestamp": "1780091579000",
    "commitAuthor": "Nhat Minh",
    "created": "1780495186664",
    "updated": "1780495186664",
    "lastScanned": null,
    "softwareCount": null,
    "vulnerabilityCount": null,
    "vulnerabilityStats": null,
    "riskScore": null,
    "maxQdsScore": null,
    "qdsSeverity": null,
    "lastComplianceScanDate": "1780495186664",
    "assetName": "https://xxx.com/run-llama/llama_index.git",
    "isModified": false,
    "commitMessage": "perf: use a set instead of a list for within-batch dedup in Ingestion… (#21755)",
    "commitAuthorEmail": "[email protected]",
    "firstFound": "1780495186664",
    "source": [
      "COMMAND_LINE"
    ],
    "scanTypes": [
      "SCA"
    ],
    "vulnerabilities": null,
    "software": null,
    "metadata": null,
    "formulaUsed": null,
    "riskScoreCalculatedDate": null
  },
  "vulnSummary": {
    "confirmed": {
      "sev1Count": 0,
      "sev5Count": 0,
      "sev2Count": 0,
      "sev4Count": 0,
      "sev3Count": 0
    },
    "potential": {
      "sev1Count": 0,
      "sev5Count": 0,
      "sev2Count": 0,
      "sev4Count": 0,
      "sev3Count": 0
    },
    "igs": {
      "sev1Count": 0,
      "sev5Count": 0,
      "sev2Count": 0,
      "sev4Count": 0,
      "sev3Count": 0
    },
    "patchAvailability": {
      "confirmed": {
        "sev1Count": 0,
        "sev5Count": 0,
        "sev2Count": 0,
        "sev4Count": 0,
        "sev3Count": 0
      },
      "potential": {
        "sev1Count": 0,
        "sev5Count": 0,
        "sev2Count": 0,
        "sev4Count": 0,
        "sev3Count": 0
      },
      "igs": {
        "sev1Count": 0,
        "sev5Count": 0,
        "sev2Count": 0,
        "sev4Count": 0,
        "sev3Count": 0
      }
    }
  },
  "complianceSummary": {
    "failCount": 28,
    "passCount": 37,
    "skipCount": 32,
    "errorCount": 32
  }

New API: Fetch Software Details of Code Repository Scan

New or Updated APIs New
API Endpoint (New version) /v1.3/code/{uuid}/software
Method GET
DTD XSD Changes No
Input ParametersInput Parameters
Parameter Mandatory/Optional Data Type Description
uuid
Mandatory string Specify the uuid value of an code asset.
filter
Optional string
Filter the software details of a scanned code asset by providing a query using Qualys syntax.
sort
Optional
string
Sort the results using a Qualys token.
Sample: Fetch Software Details of Code Repository ScanSample: Fetch Software Details of Code Repository Scan

API Request

curl -X 'GET' \
  '<qualys_base_ul>/csapi/v1.3/code/f2318ea4-a49f-3b1c-b34a-860cb1420141/software' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>' 

API Response 

{
  "data": [
    {
      "name": "org.axxxhe.coxxons:commons-collections4",
      "version": "4.1",
      "scanType": "SCA",
      "packagePath": "pom.xml",
      "fixVersion": null,
      "vulnerabilities": {
        "severity5Count": null,
        "severity4Count": null,
        "severity3Count": null,
        "severity2Count": null,
        "severity1Count": null
      }
    },
    {
      "name": "gxxub.com/golang/protobuf",
      "version": "v1.5.2",
      "scanType": "SCA",
      "packagePath": "go.mod",
      "fixVersion": null,
      "vulnerabilities": {
        "severity5Count": null,
        "severity4Count": null,
        "severity3Count": null,
        "severity2Count": null,
        "severity1Count": null
      }
    },
    {
      "name": "goxxg.org/x/crypto",
      "version": "v0.0.0-20210921155107-089bfa567519",
      "scanType": "SCA",
      "packagePath": "go.mod",
      "fixVersion": "0.45.0",
      "vulnerabilities": {
        "severity5Count": 0,
        "severity4Count": 3,
        "severity3Count": 3,
        "severity2Count": 0,
        "severity1Count": 0
      }
    },
    {
      "name": "com.qxxxer:codescan-test",
      "version": "1.0.0",
      "scanType": "SCA",
      "packagePath": "pom.xml",
      "fixVersion": null,
      "vulnerabilities": {
        "severity5Count": null,
        "severity4Count": null,
        "severity3Count": null,
        "severity2Count": null,
        "severity1Count": null
      }
    },
    {
      "name": "xxxg.in/yaml.v2",
      "version": "v2.4.0",
      "scanType": "SCA",
      "packagePath": "go.mod",
      "fixVersion": null,
      "vulnerabilities": {
        "severity5Count": null,
        "severity4Count": null,
        "severity3Count": null,
        "severity2Count": null,
        "severity1Count": null
      }
    },
    {
      "name": "xxxub.com/ugorji/go/codec",
      "version": "v1.2.7",
      "scanType": "SCA",
      "packagePath": "go.mod",
      "fixVersion": null,
      "vulnerabilities": {
        "severity5Count": null,
        "severity4Count": null,
        "severity3Count": null,
        "severity2Count": null,
        "severity1Count": null
      }
    },
    {
      "name": "com.fxxxml.jaxxon.core:jxxxn-databind",
      "version": "2.13.1",
      "scanType": "SCA",
      "packagePath": "pom.xml",
      "fixVersion": "2.13.4.2",
      "vulnerabilities": {
        "severity5Count": 0,
        "severity4Count": 3,
        "severity3Count": 0,
        "severity2Count": 0,
        "severity1Count": 0
      }
    },
    {
      "name": "log4j:log4j",
      "version": "1.2.17",
      "scanType": "SCA",
      "packagePath": "pom.xml",
      "fixVersion": "2.0",
      "vulnerabilities": {
        "severity5Count": 3,
        "severity4Count": 1,
        "severity3Count": 1,
        "severity2Count": 0,
        "severity1Count": 0
      }
    },
    {
      "name": "gxxx.com/gin-gonic/gin",
      "version": "v1.7.7",
      "scanType": "SCA",
      "packagePath": "go.mod",
      "fixVersion": "1.9.1",
      "vulnerabilities": {
        "severity5Count": 0,
        "severity4Count": 0,
        "severity3Count": 2,
        "severity2Count": 0,
        "severity1Count": 0
      }
    }
  ],
  "count": 9

New API: Fetch a List of Vulnerabilities in Code Repository Scan

New or Updated APIs New
API Endpoint (New version) /v1.3/code/{codeId}/vuln/stats
Method GET
DTD XSD Changes No
Input ParametersInput Parameters
Parameter Mandatory/Optional Data Type Description
uuid Mandatory string Specify the uuid value of an code asset.
filter Optional string Filter the vulnerability details of a scanned code asset by providing a query using Qualys syntax.
sort Optional string Sort the results using a Qualys token.

Default value: vulnerabilities.qid:asc

Sample: Fetch a List of Vulnerabilities in Code Repository ScanSample: Fetch a List of Vulnerabilities in Code Repository Scan

API Request

curl -X 'GET' \
  '<qualys_base_url>/csapi/v1.3/code/524ea166fcc7d3c882ed2995d36d38c894975bec3991d290f83b503dff3ff327/vuln?sort=vulnerabilities.qid%3Aasc' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>'

API Response 

{
  "details": [
    {
      "vulnerability": null,
      "result": null,
      "lastFound": "1780493764136",
      "firstFound": "1780493764136",
      "severity": 4,
      "customerSeverity": 4,
      "port": null,
      "typeDetected": "CONFIRMED",
      "status": null,
      "risk": 40,
      "category": "SCA",
      "discoveryType": [
        "AUTHENTICATED"
      ],
      "authType": [
        "UNIX_AUTH"
      ],
      "supportedBy": [
        "CA-Windows Agent",
        "CA-Linux Agent",
        "SCA",
        "CS-Windows",
        "CS-Linux"
      ],
      "product": [
        "pip"
      ],
      "vendor": [
        "pip"
      ],
      "cveids": [
        "CVE-2026-45134"
      ],
      "threatIntel": {
        "activeAttacks": null,
        "zeroDay": null,
        "publicExploit": null,
        "highLateralMovement": null,
        "easyExploit": true,
        "highDataLoss": true,
        "noPatch": null,
        "denialOfService": null,
        "malware": null,
        "exploitKit": null,
        "publicExploitNames": null,
        "malwareNames": null,
        "exploitKitNames": null,
        "wormable": null,
        "predictedHighRisk": null,
        "privilegeEscalation": null,
        "unauthenticatedExploitation": null,
        "remoteCodeExecution": null,
        "ransomware": null,
        "solorigateSunburst": null,
        "cisaKnownExploitedVulns": null
      },
      "qid": 5012561,
      "title": "Python (Pip) Security Update for langchain (GHSA-3644-q5cj-c5c7)",
      "cvssInfo": {
        "baseScore": "8.5",
        "temporalScore": "6.3",
        "accessVector": "Network"
      },
      "cvss3Info": {
        "baseScore": "7.1",
        "temporalScore": "6.2"
      },
      "patchAvailable": true,
      "published": 1778768258000,
      "scanType": [
        "SCA"
      ],
      "qdsScore": 35,
      "isExempted": false,
      "vendorData": null,
      "software": [
        {
          "name": "langchain-classic",
          "version": "1.0.0",
          "scanType": "SCA",
          "packagePath": "libs/langchain_v1/uv.lock",
          "fixVersion": "1.0.7",
          "vulnerabilities": null
        },
        {
          "name": "langsmith",
          "version": "0.7.31",
          "scanType": "SCA",
          "packagePath": "libs/partners/huggingface/uv.lock",
          "fixVersion": "0.8.0",
          "vulnerabilities": null
        }
      ],
      "ageInDays": null,
      "fixed": null,
      "os": null
    }
  ],
  "vulnSummary": {
    "confirmed": {
      "sev1Count": 0,
      "sev5Count": 0,
      "sev2Count": 0,
      "sev4Count": 1,
      "sev3Count": 0
    },
    "potential": {
      "sev1Count": 0,
      "sev5Count": 0,
      "sev2Count": 0,
      "sev4Count": 0,
      "sev3Count": 0
    },
    "igs": {
      "sev1Count": 0,
      "sev5Count": 0,
      "sev2Count": 0,
      "sev4Count": 0,
      "sev3Count": 0
    },
    "patchAvailability": {
      "confirmed": {
        "sev1Count": 0,
        "sev5Count": 0,
        "sev2Count": 0,
        "sev4Count": 1,
        "sev3Count": 0
      },
      "potential": {
        "sev1Count": 0,
        "sev5Count": 0,
        "sev2Count": 0,
        "sev4Count": 0,
        "sev3Count": 0
      },
      "igs": {
        "sev1Count": 0,
        "sev5Count": 0,
        "sev2Count": 0,
        "sev4Count": 0,
        "sev3Count": 0
      }
    }
  }

New API: Fetch a List of Code Repository Scan in Bulk

New or Updated APIs New
API Endpoint (New version) /v1.3/code/list
Method GET
DTD XSD Changes No
Sample: Fetch a List of Code Repository Scan in BulkSample: Fetch a List of Code Repository Scan in Bulk

API Request

curl -X 'GET' \
  '<qualys_base_url>/csapi/v1.3/code/list?limit=2' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>' 

API Response 

{
    "data": [{
        "uuid": "d3xxb42-001b-37dd-9460-450xx0c",
        "codeId": "2d8edxxxx7cbc852aba43de81fe180bff56",
        "repositoryUrl": "https://xxxx.com/527515025/springBoot.git",
        "repositoryName": "springBoot",
        "branch": "master",
        "assetName": "https://gitxxx.com/5xxx25/springBoot.git",
        "isModified": null,
        "commitHash": "8fadfc31240917e2e9xxxxxxe8d8f",
        "commitTimestamp": "1585823884000",
        "commitAuthor": "杨伊博",
        "commitMessage": "modify c3p0 version",
        "commitAuthorEmail": "[email protected]",
        "created": "1778503268745",
        "updated": "1778503268746",
        "lastScanned": "1778503268950",
        "firstFound": "1778503268745",
        "source": ["COMMAND_LINE"],
        "scanTypes": ["SCA"],
        "softwareCount": 132,
        "vulnerabilityCount": 80,
        "vulnerabilityStats": null,
        "vulnerabilities": ["vulnerability": null, "result": null, "lastFound": "1778503268780", "firstFound": "1778503268780", "severity": 4, "customerSeverity": 4, "port": null, "typeDetected": "CONFIRMED", "status": null, "risk": 40, "category": "SCA", "discoveryType": ["AUTHENTICATED"], "authType": ["UNIX_AUTH"], "supportedBy": ["CA-Windows Agent", "CA-Linux Agent", "SCA", "CS-Windows", "CS-Linux"], "product": ["maven"], "vendor": ["maven"], "cveids": ["CVE-2022-42004"], "threatIntel": {
                "activeAttacks": null,
                "zeroDay": null,
                "publicExploit": true,
                "highLateralMovement": true,
                "easyExploit": null,
                "highDataLoss": null,
                "noPatch": null,
                "denialOfService": null,
                "malware": null,
                "exploitKit": null,
                "publicExploitNames": null,
                "malwareNames": null,
                "exploitKitNames": null,
                "wormable": null,
                "predictedHighRisk": null,
                "privilegeEscalation": null,
                "unauthenticatedExploitation": null,
                "remoteCodeExecution": null,
                "ransomware": null,
                "solorigateSunburst": null,
                "cisaKnownExploitedVulns": null
            }, "qid": 990283, "title": "Java (Maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-rgv9-q543-rqg4)", "cvssInfo": {
                "baseScore": "5.4",
                "temporalScore": "4.3",
                "accessVector": "Adjacent Network"
            }, "cvss3Info": {
                "baseScore": "7.5",
                "temporalScore": "6.7"
            }, "patchAvailable": true, "published": 1670244105000, "scanType": ["SCA"], "qdsScore": 42, "isExempted": null, "vendorData": {
                "rhsa": {
                    "id": null,
                    "severity": null,
                    "cve": [{
                        "id": "CVE-2022-42004",
                        "severity": "moderate",
                        "cvss2": {
                            "baseScore": null
                        },
                        "cvss3": {
                            "baseScore": 7.5
                        }
                    }]
                }
            }, "software": [{
                "name": "com.fasterxml.jackson.core:jackson-databind",
                "version": "2.9.9.1",
                "scanType": "SCA",
                "packagePath": "springboot-shiro2/pom.xml",
                "fixVersion": "2.12.7.1",
                "vulnerabilities": null
            }, {
                "name": "com.fasterxml.jackson.core:jackson-databind",
                "version": "2.9.8",
                "scanType": "SCA",
                "packagePath": "abel-util/pom.xml",
                "fixVersion": "2.12.7.1",
                "vulnerabilities": null
            }], "ageInDays": null, "fixed": null, "os": null
        },
        "vulnerability": null,
        "result": null,
        "lastFound": "1778503268938",
        "firstFound": "1778503268938",
        "severity": 2,
        "customerSeverity": 2,
        "port": null,
        "typeDetected": "CONFIRMED",
        "status": null,
        "risk": 20,
        "category": "SCA",
        "discoveryType": ["AUTHENTICATED"],
        "authType": ["UNIX_AUTH"],
        "supportedBy": ["CA-Windows Agent", "CA-Linux Agent", "SCA", "CS-Windows", "CS-Linux"],
        "product": ["maven"],
        "vendor": ["maven"],
        "cveids": ["CVE-2024-38820"],
        "threatIntel": {
            "activeAttacks": null,
            "zeroDay": null,
            "publicExploit": true,
            "highLateralMovement": true,
            "easyExploit": null,
            "highDataLoss": null,
            "noPatch": null,
            "denialOfService": null,
            "malware": null,
            "exploitKit": null,
            "publicExploitNames": null,
            "malwareNames": null,
            "exploitKitNames": null,
            "wormable": null,
            "predictedHighRisk": null,
            "privilegeEscalation": null,
            "unauthenticatedExploitation": null,
            "remoteCodeExecution": null,
            "ransomware": null,
            "solorigateSunburst": null,
            "cisaKnownExploitedVulns": null
        },
        "qid": 5001309,
        "title": "Java (Maven) Security Update for org.springframework:spring-context (GHSA-4gc7-5j7h-4qph)",
        "cvssInfo": {
            "baseScore": "5.4",
            "temporalScore": "4.3",
            "accessVector": "Adjacent Network"
        },
        "cvss3Info": {
            "baseScore": "5.3",
            "temporalScore": "4.8"
        },
        "patchAvailable": true,
        "published": 1729601389000,
        "scanType": ["SCA"],
        "qdsScore": 37,
        "isExempted": null,
        "vendorData": null,
        "software": [{
            "name": "org.springframework:spring-web",
            "version": "5.1.3.RELEASE",
            "scanType": "SCA",
            "packagePath": "abel-util/pom.xml",
            "fixVersion": "6.1.14",
            "vulnerabilities": null
        }],
        "ageInDays": null,
        "fixed": null,
        "os": null
    }, {
        "vulnerability": null,
        "result": null,
        "lastFound": "1778503268882",
        "firstFound": "1778503268882",
        "severity": 4,
        "customerSeverity": 4,
        "port": null,
        "typeDetected": "CONFIRMED",
        "status": null,
        "risk": 40,
        "category": "SCA",
        "discoveryType": ["AUTHENTICATED"],
        "authType": ["UNIX_AUTH"],
        "supportedBy": ["CA-Windows Agent", "CA-Linux Agent", "SCA", "CS-Windows", "CS-Linux"],
        "product": ["maven"],
        "vendor": ["java"],
        "cveids": ["CVE-2020-36184"],
        "threatIntel": {
            "activeAttacks": null,
            "zeroDay": null,
            "publicExploit": true,
            "highLateralMovement": null,
            "easyExploit": null,
            "highDataLoss": null,
            "noPatch": null,
            "denialOfService": null,
            "malware": null,
            "exploitKit": null,
            "publicExploitNames": null,
            "malwareNames": null,
            "exploitKitNames": null,
            "wormable": null,
            "predictedHighRisk": null,
            "privilegeEscalation": null,
            "unauthenticatedExploitation": null,
            "remoteCodeExecution": true,
            "ransomware": null,
            "solorigateSunburst": null,
            "cisaKnownExploitedVulns": null
        },
        "qid": 986399,
        "title": "Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-m6x4-97wx-4q27)",
        "cvssInfo": {
            "baseScore": "6.8",
            "temporalScore": "5.3",
            "accessVector": "Network"
        },
        "cvss3Info": {
            "baseScore": "8.1",
            "temporalScore": "7.3"
        },
        "patchAvailable": true,
        "published": 1660137119000,
        "scanType": ["SCA"],
        "qdsScore": 42,
        "isExempted": null,
        "vendorData": {
            "rhsa": {
                "id": null,
                "severity": null,
                "cve": [{
                    "id": "CVE-2020-36184",
                    "severity": "important",
                    "cvss2": {
                        "baseScore": null
                    },
                    "cvss3": {
                        "baseScore": 8.1
                    }
                }]
            }
        },
        "software": [{
            "name": "com.fasterxml.jackson.core:jackson-databind",
            "version": "2.9.9.1",
            "scanType": "SCA",
            "packagePath": "springboot-shiro2/pom.xml",
            "fixVersion": "2.9.10.8",
            "vulnerabilities": null
        }, {
            "name": "com.fasterxml.jackson.core:jackson-databind",
            "version": "2.9.8",
            "scanType": "SCA",
            "packagePath": "abel-util/pom.xml",
            "fixVersion": "2.9.10.8",
            "vulnerabilities": null
        }],
        "ageInDays": null,
        "fixed": null,
        "os": null
    }, {
        "vulnerability": null,
        "result": null,
        "lastFound": "1778503268786",
        "firstFound": "1778503268786",
        "severity": 4,
        "customerSeverity": 4,
        "port": null,
        "typeDetected": "CONFIRMED",
        "status": null,
        "risk": 40,
        "category": "SCA",
        "discoveryType": ["AUTHENTICATED"],
        "authType": ["UNIX_AUTH"],
        "supportedBy": ["CA-Windows Agent", "CA-Linux Agent", "SCA", "CS-Windows", "CS-Linux"],
        "product": ["maven"],
        "vendor": ["java"],
        "cveids": ["CVE-2020-36182"],
        "threatIntel": {
            "activeAttacks": null,
            "zeroDay": null,
            "publicExploit": true,
            "highLateralMovement": null,
            "easyExploit": null,
            "highDataLoss": null,
            "noPatch": null,
            "denialOfService": null,
            "malware": null,
            "exploitKit": null,
            "publicExploitNames": null,
            "malwareNames": null,
            "exploitKitNames": null,
            "wormable": null,
            "predictedHighRisk": null,
            "privilegeEscalation": null,
            "unauthenticatedExploitation": null,
            "remoteCodeExecution": true,
            "ransomware": null,
            "solorigateSunburst": null,
            "cisaKnownExploitedVulns": null
        },
        "name": "com.abel:config",
        "version": "1.0-SNAPSHOT",
        "scanType": "SCA",
        "packagePath": "springboot-springCloud/pom.xml",
        "fixVersion": null,
        "vulnerabilities": null
    }],
    "metadata": null,
    "riskScore": 244,
    "formulaUsed": "MIN (1000 , 2 * ( 1.0 * 73.06 * Pow(17,0.01) + 0.6 * 42.46 * Pow(48,0.01) + 0.4 * 36.08 * Pow(12,0.01) +  0.2 * 28.00 * Pow(3,0.01) ))",
    "riskScoreCalculatedDate": "1778503268951",
    "maxQdsScore": 100,
    "qdsSeverity": "CRITICAL"
}], "limit": 1
}
     

New API: Fetch Compliance Details of Code Repository Scan 

New or Updated APIs New
API Endpoint (New version) /v1.3/code/{codeId}/compliance
Method GET
DTD XSD Changes No
Input ParametersInput Parameters
Parameter Mandatory/Optional Data Type Description
codeId Mandatory string Specify the CodeId value of an Code.
showOldCriticality Optional boolean If true, return old criticality values; if false, return new criticality values.
Sample: Fetch Compliance Details of Code Repository Scan Sample: Fetch Compliance Details of Code Repository Scan 

API Request

curl -X 'GET' \
  '<qualys_base_url>/csapi/v1.3/code/fdeaa6a0810a419cab06ae9e262353a4b8c0c3edfb532abbb72ea58951c4bed4/compliance?showOldCriticality=false' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>'

API Response 

{
  "uuid": "c7b0xx8d-ddda-32cf-9a2e-86axxxx8d9",
  "sha": null,
  "customerUuid": "ea3xx3f3-3f77-7b40-8383-572xxxd99",
  "created": "1780400835720",
  "updated": "1780658436946",
  "controls": [
    {
      "controlId": 48067,
      "policies": [
        {
          "name": "PCI DSS 4.0",
          "uuid": "82b6906a-58b2-5158-ae52-390a98fd0467"
        }
      ],
      "criticality": "CRITICAL",
      "posture": "PASS",
      "lastEvaluated": "1780658431385",
      "statement": "Ensure no payment-card (PAN) literals appear in source code",
      "findings": null,
      "remediation": null,
      "evidence": []
    },
    {
      "controlId": 48088,
      "policies": [
        {
          "name": "PCI DSS 4.0",
          "uuid": "82b6906a-58b2-5158-ae52-390a98fd0467"
        }
      ],
      "criticality": "MEDIUM",
      "posture": "SKIPPED",
      "lastEvaluated": "1780658431384",
      "statement": "Ensure public-facing endpoints are protected by a WAF",
      "findings": null,
      "remediation": "Deploy a WAF in front of payment-handling agent endpoints. Configure rules for common attack patterns.",
      "evidence": []
    },
    {
      "controlId": 48011,
      "policies": [
        {
          "name": "NIST AI RMF 1.0",
          "uuid": "80061ac3-a1dc-59aa-9e10-5019fb4e4d01"
        },
        {
          "name": "EU AI Act",
          "uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
        }
      ],
      "criticality": "MEDIUM",
      "posture": "PASS",
      "lastEvaluated": "1780658431385",
      "statement": "Ensure an explainability mechanism is present and surfaced",
      "findings": null,
      "remediation": null,
      "evidence": []
    },
        {
          "name": "EU AI Act",
          "uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
        }
      ],
      "criticality": "HIGH",
      "posture": "FAIL",
      "lastEvaluated": "1780658431384",
      "statement": "Ensure PII is redacted from tool responses before re-injection",
      "findings": null,
      "remediation": "Scan tool responses before re-injection into LLM context: Presidio or equivalent between tool.call() and agent context update.",
      "evidence": []
    },
    {
      "controlId": 48090,
      "policies": [
        {
          "name": "PCI DSS 4.0",
          "uuid": "82b6906a-58b2-5158-ae52-390a98fd0467"
        }
      ],
      "criticality": "MEDIUM",
      "posture": "SKIPPED",
      "lastEvaluated": "1780658431384",
      "statement": "Ensure an incident response plan exists and is ready to activate",
      "findings": null,
      "remediation": "Create an incident response plan covering AI agent failures, data breaches, and cardholder data exposure scenarios.",
      "evidence": []
    },
    {
      "controlId": 48023,
      "policies": [
        {
          "name": "EU AI Act",
          "uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
        }
      ],
      "criticality": "MEDIUM",
      "posture": "PASS",
      "lastEvaluated": "1780658431385",
      "statement": "Ensure agent system prompts are documented and reviewable",
      "findings": null,
      "remediation": null,
      "evidence": []
    },
    {
      "controlId": 48091,
      "policies": [
        {
          "name": "PCI DSS 4.0",
          "uuid": "82b6906a-58b2-5158-ae52-390a98fd0467"
        }
      ],
      "criticality": "MEDIUM",
      "posture": "SKIPPED",
      "lastEvaluated": "1780658431384",
      "statement": "Ensure third-party service providers' compliance is monitored periodically",
      "findings": null,
      "remediation": "Maintain LLM provider inventory with compliance status. Verify annually.",
      "evidence": []
    },
    {
      "controlId": 48097,
      "policies": [
        {
          "name": "NIST AI RMF 1.0",
          "uuid": "80061ac3-a1dc-59aa-9e10-5019fb4e4d01"
        }
      ],
      "criticality": "MEDIUM",
      "posture": "SKIPPED",
      "lastEvaluated": "1780658431384",
      "statement": "Ensure business context and third-party AI components are documented",
      "findings": null,
      "remediation": "Document the AI system's business value, intended outcomes, and third-party AI components used. Conduct vendor due diligence (SOC 2 / ISO 27001 / DPA) at adoption time.",
      "evidence": []
    },
    {
      "controlId": 48062,
      "policies": [
        {
          "name": "PCI DSS 4.0",
          "uuid": "82b6906a-58b2-5158-ae52-390a98fd0467"
        }
      ],
      "criticality": "LOW",
      "posture": "PASS",
      "lastEvaluated": "1780658431385",
      "statement": "Ensure prompts contain no payment-card-data keywords",
      "findings": null,
      "remediation": null,
      "evidence": []
    },
    {
      "controlId": 48037,
      "policies": [
        {
          "name": "EU AI Act",
          "uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
        }
      ],
      "criticality": "LOW",
      "posture": "FAIL",
      "lastEvaluated": "1780658431384",
      "statement": "Ensure AI interaction is disclosed in documentation",
      "findings": null,
      "remediation": "Include AI disclosure in README, user-facing documentation, or system prompt (e.g., 'I am an AI assistant').",
      "evidence": []
    },
    {
      "controlId": 48008,
      "policies": [
        {
          "name": "NIST AI RMF 1.0",
          "uuid": "80061ac3-a1dc-59aa-9e10-5019fb4e4d01"
        },
        {
          "name": "PCI DSS 4.0",
          "uuid": "82b6906a-58b2-5158-ae52-390a98fd0467"
        },
        {
          "name": "EU AI Act",
          "uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
        }
      ],
      "criticality": "HIGH",
      "posture": "FAIL",
      "lastEvaluated": "1780658431385",
      "statement": "Ensure no packages are installed or imported dynamically at runtime",
      "findings": null,
      "remediation": "Pre-install all dependencies in the container image. Use lock files (uv.lock, poetry.lock) with hash verification. Forbid runtime installs in production.",
      "evidence": [
        {
          "File": null,
          "Line": 0,
          "EndLine": 0,
          "Label": null
        }
      ]
    },
    {
      "controlId": 48014,
      "policies": [
        {
          "name": "NIST AI RMF 1.0",
          "uuid": "80061ac3-a1dc-59aa-9e10-5019fb4e4d01"
        },
        {
          "name": "EU AI Act",
          "uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
        }
      ],
      "criticality": "MEDIUM",
      "posture": "PASS",
      "lastEvaluated": "1780658431384",
      "statement": "Ensure per-request input size is bounded",
      "findings": null,
      "remediation": null,
      "evidence": []
    },
    {
      "controlId": 48052,
      "policies": [
        {
          "name": "EU AI Act",
          "uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
        }
      ],
      "criticality": "MEDIUM",
      "posture": "PASS",
      "lastEvaluated": "1780658431385",
      "statement": "Ensure model temperature is justified and bounded for the intended purpose",
      "findings": null,
      "remediation": null,
      "evidence": []
    },
    {
      "controlId": 48007,
      "policies": [
        {
          "name": "PCI DSS 4.0",
          "uuid": "82b6906a-58b2-5158-ae52-390a98fd0467"
        },
        {
          "name": "EU AI Act",
          "uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
        }
      ],
      "criticality": "MEDIUM",
      "posture": "FAIL",
      "lastEvaluated": "1780658431384",
      "statement": "Ensure LLM output is escaped before HTML rendering",
      "findings": null,
      "remediation": "Escape all LLM output before HTML rendering. Use auto-escaping templates (Jinja autoescape, React default). Apply Content-Security-Policy headers.",
      "evidence": [
        {
          "File": null,
          "Line": 0,
          "EndLine": 0,
          "Label": null
        }
      ]
    },
    {
      "controlId": 48046,
      "policies": [
        {
          "name": "EU AI Act",
          "uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
        }
      ],
      "criticality": "HIGH",
      "posture": "PASS",
      "lastEvaluated": "1780658431385",
      "statement": "Ensure tool invocations are logged",
      "findings": null,
      "remediation": null,
      "evidence": []
    },
    {
      "controlId": 48074,
      "policies": [
        {
          "name": "EU AI Act",
          "uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
        }
      ],
      "criticality": "MEDIUM",
      "posture": "SKIPPED",
      "lastEvaluated": "1780658431384",
      "statement": "Ensure synthetic content is marked as artificially generated (manual review)",
      "findings": null,
      "remediation": "Verify by inspecting deployed system output (C2PA, SynthID, content credentials, metadata tags). Document marking implementation in system spec.",
      "evidence": []
    },
    {
      "controlId": 48042,
      "policies": [
        {
          "name": "PCI DSS 4.0",
          "uuid": "82b6906a-58b2-5158-ae52-390a98fd0467"
        }
      ],
      "criticality": "MEDIUM",
      "posture": "FAIL",
      "lastEvaluated": "1780658431385",
      "statement": "Ensure per-agent credential scoping instead of a shared API key",
      "findings": null,
      "remediation": "Issue per-agent credentials: unique service account per agent role, scoped OAuth tokens, short-lived creds via STS. Document the credential-scope mapping per agent.",
      "evidence": [
        {
          "File": null,
          "Line": 0,
          "EndLine": 0,
          "Label": null
        }
      ]
    },
    {
      "controlId": 48049,
      "policies": [
        {
          "name": "EU AI Act",
          "uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
        }
      ],
      "criticality": "HIGH",
      "posture": "FAIL",
      "lastEvaluated": "1780658431384",
      "statement": "Ensure persistent agent memory redacts PII",
      "findings": null,
      "remediation": "Run Presidio or equivalent on all memory writes. Store references/tokens instead of raw PII. Support per-subject erasure.",
      "evidence": []
    },
    {
      "controlId": 48053,
   
    {
      "controlId": 48015,
      "policies": [
        {
          "name": "NIST AI RMF 1.0",
          "uuid": "80061ac3-a1dc-59aa-9e10-5019fb4e4d01"
        },
        {
          "name": "EU AI Act",
          "uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
        }
      ],
      "criticality": "HIGH",
      "posture": "PASS",
      "lastEvaluated": "1780658431384",
      "statement": "Ensure a shutdown/interrupt mechanism is available",
      "findings": null,
      "remediation": null,
      "evidence": []
    },
    {
      "controlId": 48063,
      "policies": [
        {
          "name": "PCI DSS 4.0",
          "uuid": "82b6906a-58b2-5158-ae52-390a98fd0467"
        }
      ],
      "criticality": "LOW",
      "posture": "PASS",
      "lastEvaluated": "1780658431385",
      "statement": "Ensure prompts contain no sensitive-authentication-data (CVV/PIN/track) keywords",
      "findings": null,
      "remediation": null,
      "evidence": []
    },
    {
      "controlId": 48079,
      "policies": [
        {
          "name": "EU AI Act",
          "uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
        }
      ],
      "criticality": "MEDIUM",
      "posture": "SKIPPED",
      "lastEvaluated": "1780658431384",
      "statement": "Ensure GPAI provider technical documentation is available",
      "findings": null,
      "remediation": "Ensure GPAI provider supplies model card, training data documentation, and copyright/TDM policy per Annex XI requirements.",
      "evidence": []
    },
    {
      "controlId": 48005,
      "policies": [
        {
          "name": "PCI DSS 4.0",
          "uuid": "82b6906a-58b2-5158-ae52-390a98fd0467"
        },
        {
          "name": "EU AI Act",
          "uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
        }
      ],
      "criticality": "HIGH",
      "posture": "FAIL",
      "lastEvaluated": "1780658431384",
      "statement": "Ensure file paths are validated and not derived from LLM output",
      "findings": null,
      "remediation": "Validate paths against an allowlist. Use os.path.realpath() and assert the canonical path remains within the expected base directory.",
      "evidence": [
        {
          "File": null,
          "Line": 0,
          "EndLine": 0,
          "Label": null
        }
      ]
    },
    {
      "controlId": 48083,
      "policies": [
        {
          "name": "PCI DSS 4.0",
          "uuid": "82b6906a-58b2-5158-ae52-390a98fd0467"
        }
      ],
      "criticality": "MEDIUM",
      "posture": "SKIPPED",
      "lastEvaluated": "1780658431384",
      "statement": "Ensure all privileged/administrative actions are logged with attribution",
      "findings": null,
      "remediation": "Log every tool/function-call invocation with parameters, timestamp, agent identity, and outcome. Use callback handlers or framework tool hooks.",
      "evidence": []
    },
    {
      "controlId": 48031,
      "policies": [
        {
          "name": "EU AI Act",
          "uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
        }
      ],
      "criticality": "MEDIUM",
      "posture": "FAIL",
      "lastEvaluated": "1780658431385",
      "statement": "Ensure Azure Content Safety analysis is applied",
      "findings": null,
      "remediation": "Wire ContentSafetyClient (azure-ai-contentsafety) into the input/output flow. Use the AnalyzeTextOptions with the four standard categories (Hate/Self-Harm/Sexual/Violence).",
      "evidence": [
        {
          "File": null,
          "Line": 0,
          "EndLine": 0,
          "Label": null
        }
      ]
    },
    {
      "controlId": 48087,
      "policies": [
        {
          "name": "PCI DSS 4.0",
          "uuid": "82b6906a-58b2-5158-ae52-390a98fd0467"
        }
      ],
      "criticality": "MEDIUM",
      "posture": "SKIPPED",
      "lastEvaluated": "1780658431384",
      "statement": "Ensure code is reviewed via SAST or manual review before release",
      "findings": null,
      "remediation": "Integrate SAST tools (Semgrep, CodeQL, aiscanner) into CI/CD pipeline. Conduct code reviews for all changes to payment-handling code.",
      "evidence": []
    },
    {
      "controlId": 48051,
      "policies": [
        {
          "name": "EU AI Act",
          "uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
        }
      ],
      "criticality": "MEDIUM",
      "posture": "PASS",
      "lastEvaluated": "1780658431384",
      "statement": "Ensure model internals (logprobs/embeddings/attention) are not exposed",
      "findings": null,
      "remediation": null,
      "evidence": []
    },
    {
      "controlId": 48006,
      "policies": [
        {
          "name": "PCI DSS 4.0",
          "uuid": "82b6906a-58b2-5158-ae52-390a98fd0467"
        },
        {
          "name": "EU AI Act",
          "uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
        }
      ],
      "criticality": "HIGH",
      "posture": "FAIL",
      "lastEvaluated": "1780658431384",
      "statement": "Ensure SQL is parameterized and never built from LLM output",
      "findings": null,
      "remediation": "Use parameterised queries (prepared statements). Never interpolate LLM output or untrusted strings into SQL.",
      "evidence": [
        {
          "File": null,
          "Line": 0,
          "EndLine": 0,
          "Label": null
        }
      ]
    },
    {
      "controlId": 48093,
      "policies": [
        {
          "name": "NIST AI RMF 1.0",
          "uuid": "80061ac3-a1dc-59aa-9e10-5019fb4e4d01"
        }
      ],
      "criticality": "MEDIUM",
      "posture": "SKIPPED",
      "lastEvaluated": "1780658431384",
      "statement": "Ensure AI-specific incidents are tracked distinctly from generic incidents",
      "findings": null,
      "remediation": "Implement AI-specific incident tracking: log AI failures, near-misses, red-team findings. Feed back into risk register.",
      "evidence": []
    },
    {
      "controlId": 48045,
      "policies": [
        {
          "name": "EU AI Act",
          "uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
        }
      ],
      "criticality": "HIGH",
      "posture": "PASS",
      "lastEvaluated": "1780658431385",
      "statement": "Ensure a logging framework is configured",
      "findings": null,
      "remediation": null,
      "evidence": []
    },
    {
      "controlId": 48058,
      "policies": [
        {
          "name": "PCI DSS 4.0",
          "uuid": "82b6906a-58b2-5158-ae52-390a98fd0467"
        }
      ],
      "criticality": "HIGH",
      "posture": "PASS",
      "lastEvaluated": "1780658431384",
      "statement": "Ensure prompts contain no authentication-bypass instructions",
      "findings": null,
      "remediation": null,
      "evidence": []
    },
    {
      "controlId": 48070,
      "policies": [
        {
          "name": "EU AI Act",
          "uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
        }
      ],
      "criticality": "MEDIUM",
      "posture": "SKIPPED",
      "lastEvaluated": "1780658431385",
      "statement": "Ensure the external systems the agent interacts with are documented",
      "findings": null,
      "remediation": "Document the external systems the AI system interacts with (MCP servers, APIs, data sources) per Annex IV §1(b).",
      "evidence": []
    },
    {
      "controlId": 48069,
      "policies": [
        {
          "name": "EU AI Act",
          "uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
        }
      ],
      "criticality": "MEDIUM",
      "posture": "SKIPPED",
      "lastEvaluated": "1780658431385",
      "statement": "Ensure agent capabilities and human-oversight measures are documented",
      "findings": null,
      "remediation": "Document agent tool surface, capabilities, and the human-oversight measures in place per Article 14.",
      "evidence": []
    },
    {
      "controlId": 48099,
      "policies": [
        {
          "name": "NIST AI RMF 1.0",
          "uuid": "80061ac3-a1dc-59aa-9e10-5019fb4e4d01"
        }
      ],
      "criticality": "MEDIUM",
      "posture": "SKIPPED",
      "lastEvaluated": "1780658431385",
      "statement": "Ensure third-party risks (vendors, models, MCP servers, vector DBs) are mapped",
      "findings": null,
      "remediation": "Maintain a register of third-party AI components (models, tools, MCP servers, vector DBs). Document risk per component and update on integration.",
      "evidence": []
    },
    {
      "controlId": 48092,
      "policies": [
        {
          "name": "PCI DSS 4.0",
          "uuid": "82b6906a-58b2-5158-ae52-390a98fd0467"
        }
      ],
      "criticality": "MEDIUM",
      "posture": "SKIPPED",
      "lastEvaluated": "1780658431385",
      "statement": "Ensure payment-page tamper detection is in place",
      "findings": null,
      "remediation": "Implement Subresource Integrity (SRI) hashes and Content Security Policy (CSP) headers for all payment page scripts. Deploy change-detection monitoring on payment HTML and JavaScript assets. Alert on unauthorized modifications to payment page content.",
      "evidence": []
    },
    {
      "controlId": 48029,
      "policies": [
        {
          "name": "EU AI Act",
          "uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
        }
      ],
      "criticality": "MEDIUM",
      "posture": "PASS",
      "lastEvaluated": "1780658431384",
      "statement": "Ensure Anthropic tools define an input_schema",
      "findings": null,
      "remediation": null,
      "evidence": []
    },
    {
      "controlId": 48003,
      "policies": [
        {
          "name": "NIST AI RMF 1.0",
          "uuid": "80061ac3-a1dc-59aa-9e10-5019fb4e4d01"
        },
        {
          "name": "EU AI Act",
          "uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
        }
      ],
      "criticality": "MEDIUM",
      "posture": "PASS",
      "lastEvaluated": "1780658431385",
      "statement": "Ensure centralized observability is configured",
      "findings": null,
      "remediation": null,
      "evidence": []
    },
    {
      "controlId": 48078,
      "policies": [
        {
          "name": "EU AI Act",
          "uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
        }
      ],
      "criticality": "MEDIUM",
      "posture": "SKIPPED",
      "lastEvaluated": "1780658431385",
      "statement": "Ensure a post-market monitoring system is in place",
      "findings": null,
      "remediation": "Establish monitoring for deployed AI agents: error rates, user feedback, performance drift, and incident tracking.",
      "evidence": []
    },
    {
      "controlId": 48030,
      "policies": [
        {
          "name": "EU AI Act",
          "uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
        }
      ],
      "criticality": "MEDIUM",
      "posture": "FAIL",
      "lastEvaluated": "1780658431384",
      "statement": "Ensure Anthropic system instructions are isolated via the system parameter",
      "findings": null,
      "remediation": "Pass the system prompt via the dedicated system= parameter on messages.create; do not concatenate system instructions into the user message.",
      "evidence": [
        {
          "File": null,
          "Line": 0,
          "EndLine": 0,
          "Label": null
        }
      ]
    },
    {
      "controlId": 48020,
      "policies": [
        {
          "name": "NIST AI RMF 1.0",
          "uuid": "80061ac3-a1dc-59aa-9e10-5019fb4e4d01"
        },
        {
          "name": "EU AI Act",
          "uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
        }
      ],
      "criticality": "HIGH",
      "posture": "FAIL",
      "lastEvaluated": "1780658431384",
      "statement": "Ensure adversarial/red-team testing is performed",
      "findings": null,
      "remediation": "Integrate adversarial testing: Garak (NVIDIA) for LLM attacks, Promptfoo in CI/CD, red-team exercises before releases.",
      "evidence": []
    },
    {
      "controlId": 48064,
      "policies": [
        {
          "name": "EU AI Act",
          "uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
        }
      ],
      "criticality": "HIGH",
      "posture": "PASS",
      "lastEvaluated": "1780658431384",
      "statement": "Ensure no container/sandbox escape vectors are present",
      "findings": null,
      "remediation": null,
      "evidence": []
    },
    {
      "controlId": 48068,
      "policies": [
        {
          "name": "EU AI Act",
          "uuid": "a7dfdb87-4580-5f04-803a-588d2f350bb8"
        }
      ],
      "criticality": "CRITICAL",
      "posture": "PASS",
      "lastEvaluated": "1780658431385",
      "statement": "Ensure HuggingFace models are not loaded with trust_remote_code=True",
      "findings": null,
      "remediation": null,
      "evidence": []
    }
  ],
  "lastComplianceScanned": "1780658431565"
}

Enhancement in Registry Scan Status

Previously, Registry scan jobs used a single status field for all scan types. As a result, users could not easily see the status of individual scans, Secrets and Malware scan statuses were not tracked, and jobs could appear completed before all configured scans finished.

With this release, Registry scan jobs now track Vulnerability, PC (Middleware), Secrets, and Malware scans separately. Each scan type has its own status and error details, and scan types that are not enabled are marked as Not Configured. Job status is now based on the status of all configured scans, providing clear and accurate visibility into scan progress and completion.

Updated API: Fetch a List of Images to be Scanned for a Registry Schedule Job

New or Updated APIs Updated
API Endpoint (New version)

v1.3/registry/{registryId}/schedule/{scheduleId}/executions/{jobId}/images

Method GET
DTD XSD Changes No
Sample: Fetch a List of Images to be Scanned for a Registry Schedule JobSample: Fetch a List of Images to be Scanned for a Registry Schedule Job

API Request

curl -X 'GET' \
  '<qualys_base_url>/csapi/v1.3/registry/4337760c-07c7-4664-9b2e-a5ae7xxxx/schedule/1b861b2f-42ed-4340-a081-b6ad8d462e60/executions/5c5d10e4-c8c9-4d77-879f-c210c8ce55ba/images?pageNumber=1&pageSize=50' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>'    
    

API Response 

{
  "data": [
    {
      "imageId": "sha256:660f414xxxx78fab36077eaad1cb0bce5e0842b5ad5e34dxxxcf995391d3",
      "repository": "qualysdockerhub/testvk",
      "tags": "railsvk",
      "scannedBy": "6f44b4f4-61bb-4377-9d0e-78b91581ca08",
      "scanStart": "1780032147320",
      "scanEnd": "1780032203228",
      "scanErrors": [
        {
          "errorCode": "CMS-1331",
          "errorMessage": "Requested scan type not configured",
          "contextParams": {
            "image": "registry-1.docker.io/qualysdockerhub/testvk@sha256:aec52fe81ff0e99d64174001fxxxxx9e1869756dec05c447f52a0fe637e7",
            "sensorHostIpv4": "10.82.62.69",
            "sensorHostname": "ip-10-82-62-69",
            "sensorId": "6f44b4f4-61bb-4377-9d0e-78b91581ca08"
          }
        },
        {
          "errorCode": "CMS-1331",
          "errorMessage": "Requested scan type not configured",
          "contextParams": {
            "image": "registry-1.docker.io/qualysdockerhub/testvk@sha256:aec52fe81ff0e99d64174001fbdf44c3bc9e1869756dec05c447f52a0fe637e7",
            "sensorHostIpv4": "10.82.62.69",
            "sensorHostname": "ip-10-82-62-69",
            "sensorId": "6f44b4f4-61bb-4377-9d0e-78b91581ca08"
          }
        }
      ],
      "status": "PartialSuccess",
      "vulnScanStatus": "Completed",
      "pcScanStatus": "Completed",
      "secretsScanStatus": "Failed",
      "malwareScanStatus": "Failed",
      "vulnScanError": null,
      "pcScanError": null,
      "secretsScanError": {
        "errorCode": "CMS-1331",
        "errorMessage": "Requested scan type not configured",
        "contextParams": {
          "image": "registry-1.docker.io/qualysdockerhub/testvk@sha256:aec52fe81ff0e99d64174001fbdf44c3bc9e1869756dec05c447f52a0fe637e7",
          "sensorHostIpv4": "10.82.62.69",
          "sensorHostname": "ip-10-82-62-69",
          "sensorId": "6f44b4f4-61bb-4377-9d0e-78b91581ca08"
        }
      },
      "malwareScanError": {
        "errorCode": "CMS-1331",
        "errorMessage": "Requested scan type not configured",
        "contextParams": {
          "image": "registry-1.docker.io/qualysdockerhub/testvk@sha256:aec52fe81ff0e99d64174001fbdf44c3bc9e1869756dec05c447f52a0fe637e7",
          "sensorHostIpv4": "10.82.62.69",
          "sensorHostname": "ip-10-82-62-69",
          "sensorId": "6f44b4f4-61bb-4377-9d0e-78b91581ca08"
        }
      },
      "isContinuouslyAssessed": null
    }
  ],
  "count": 1
}

Updated API: Fetch a List of Executions Created for a Registry Schedule

New or Updated APIs Updated
API Endpoint (New version) /v1.3/registry/{registryId}/schedule/{scheduleId}/executions
Method GET
DTD XSD Changes No
Sample: Fetch a List of Executions Created for a Registry ScheduleSample: Fetch a List of Executions Created for a Registry Schedule

API Request

curl -X 'GET' \
  '<qualys_base_url>/csapi/v1.3/registry/4337760c-07c7-4664-9b2e-a5ae70xxxa4/schedule/1b861b2f-42ed-4340-a081-b6ad8d462e60/executions?pageNumber=1&pageSize=50' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>'

API Response 

{
  "data": [
    {
      "jobUuid": "5c5xxxxe4-c8c9-4d77-879f-c210c8cxxxxba",
      "createdTime": "1780031954429",
      "listStartTime": "1780032013904",
      "listEndTime": "1780032086028",
      "scanStartTime": "1780032147237",
      "scanEndTime": "1780032203272",
      "listedBy": "7ff356df-6ae6-40a9-a02f-8fc2f499212f",
      "listingErrors": null,
      "status": "Finished",
      "totalImages": 1,
      "scannedImages": 0,
      "failedImages": 0,
      "inProgressImages": 0,
      "queuedImages": 0,
      "partiallyFailedImages": 1
    }
  ],
  "count": 1
}

Enhancement in Secret Detector

We have enhanced the global secret Exclude Blocks and global secret Allow Rules API in Secret Detector.

Exclude Block

Qualys Container Security's APIs enable defining content patterns to be excluded from secret scanning. By allowing known non-relevant content blocks to be skipped entirely, the API helps reduce unnecessary scanning, improves scan efficiency, and ensures that only relevant content is evaluated for potential secrets. To support this, below APIs are enhanced regarding exclude blcok.

New API: Fetch a List of Exclude Blocks

New or Updated APIs New
API Endpoint (New version) /v1.3/secretExcludeBlock
Method GET
DTD XSD Changes No
Sample: Fetch a List of Exclude BlocksSample: Fetch a List of Exclude Blocks

API Request

curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/secretExcludeBlock?pageNumber=1&pageSize=50&sort=created%3Adesc' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'

API Response 

{
"data": [


    "ruleUuid": "4237bed5-ad82-4b73-9588-799dccb53989", 
    "description": "FO exclude block auto", 
    "regex": "KD9pKXRva2Vu", 
    "type": "custom", 
    "status": "Active", 
    "created": "1779942188881", 
    "updated": "1779942188881", 
    "createdBy": "apeks_ab7", 
    "updatedBy": "apeks_ab7" }
],
"count": 1,
"groups": {},
"aggs": null
}

New API: Fetch Details of an Exclude Block

New or Updated APIs New
API Endpoint (New version) /v1.3/secretExcludeBlock/{ruleId}
Method GET
DTD XSD Changes No
Sample: Fetch Details of an Exclude BlockSample: Fetch Details of an Exclude Block

API Request

curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/secretExcludeBlock/4237bed5-ad82-4b73-9588-799dccb53989' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'

API Response 

{
"ruleUuid": "4237bed5-ad82-4b73-9588-799dccb53989",
"description": "FO exclude block auto",
"regex": "KD9pKXRva2Vu",
"type": "custom",
"status": "Active",
"created": "1779942188881",
"updated": "1779942188881",
"createdBy": "apeks_ab7",
"updatedBy": "apeks_ab7"
}

New API: Create an Exclude Block

New or Updated APIs New
API Endpoint (New version) /v1.3/secretExcludeBlock/create
Method POST
DTD XSD Changes No
Input ParametersInput Parameters
Parameter Mandatory/Optional Data Type Description
regex Mandatory BASE64 encoded value

Specify the encoded regex of the secret detector that you want to create.
The valid encoding format - Base 64 (ISO-8859-1 Character Set)

Provide regex of the Secret Detector.

Sample: Create an Exclude BlockSample: Create an Exclude Block

API Request

curl -X 'POST' \
'<qualys_base_url>/csapi/v1.3/secretExcludeBlock/create' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '
{ 
    "description": "FO exclude block auto", 
    "regex": "KD9pKXRva2Vu", 
    "status": "Active" 
}

API Response 

{
"Created exclude block": "42f8c8b3-333c-4792-b001-6c8e8e2ec87e"
}

New API: Update an Exclude Block

New or Updated APIs New
API Endpoint (New version) /v1.3/secretExcludeBlock/{ruleId}
Method PUT
DTD XSD Changes No
Input ParametersInput Parameters
Parameter Mandatory/Optional Data Type Description
regex Mandatory BASE64 encoded value

Specify the encoded regex of the secret detector that you want to update.
The valid encoding format - Base 64 (ISO-8859-1 Character Set)

Provide regex of the Secret Detector.

Sample: Update an Exclude BlockSample: Update an Exclude Block

API Request

curl -X 'PUT' \
'<qualys_base_url>/csapi/v1.3/secretExcludeBlock/4237bed5-ad82-4b73-9588-799dccb53989' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '
{ 
    "description": 
    "FO exclude block auto updated", 
    "regex": "KD9pKXBhc3N3b3Jk", 
    "status": "Active" 
}

API Response 


{
"Updated exclude block": "4237bed5-ad82-4b73-9588-799dccb53989"
}

New API: Delete Exclude Block

New or Updated APIs New
API Endpoint (New version) /v1.3/secretExcludeBlock/{ruleId}
Method DELETE
DTD XSD Changes No
Input ParametersInput Parameters
Parameter Mandatory/Optional Data Type Description
ruleId Mandatory String Specify the ID/UUID of the exclude block you want to delete.
Sample: Delete Exclude BlockSample: Delete Exclude Block

API Request


curl -X 'DELETE' \
'<qualys_base_url>/csapi/v1.3/secretExcludeBlock/4237bed5-ad82-4b73-9588-799dccb53989' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'

API Response 

block deleted successfully
     

Allow Rules

Qualys Container Security supports configuring approved patterns, including regex and file paths, that must be excluded from secret detection findings. This helps minimize false positives and enables teams to focus on actionable security findings. Any scanned result that matches a configured allow rule is not identified as a secret.

New API: Fetch a List of Allow Rules

New or Updated APIs New
API Endpoint (New version) /v1.3/secretAllowRule
Method GET
DTD XSD Changes No
Sample: Fetch a List of Allow RuleSample: Fetch a List of Allow Rule

API Request

curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/secretAllowRule?pageNumber=1&pageSize=50&sort=created%3Adesc' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'

API Response 

{
"data": [
{ 
    "ruleUuid": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", 
    "description": "System directories auto", 
    "regex": null, 
    "path": "XnVzclwvKD86c2hhcmV8aW5jbHVkZXxsaWJ8YmluKVwv", 
    "type": "custom", 
    "status": "Active", 
    "created": "1779942188881", 
    "updated": "1779942188881", 
    "createdBy": "apeks_ab7", 
    "updatedBy": "apeks_ab7" 
}
],
"count": 1,
"groups": {},
"aggs": null
}

New API: Fetch Details of an Allow Rule 

New or Updated APIs New
API Endpoint (New version) /v1.3/secretAllowRule/{ruleId}
Method GET
DTD XSD Changes No
Sample: Fetch Details of an Allow RuleSample: Fetch Details of an Allow Rule

API Request

curl -X 'GET' \
'<qualys_base_url>/csapi/v1.3/secretAllowRule/a1b2c3d4-e5f6-7890-abcd-ef1234567890' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'

API Response 

{
"ruleUuid": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"description": "System directories auto",
"regex": null,
"path": "XnVzclwvKD86c2hhcmV8aW5jbHVkZXxsaWJ8YmluKVwv",
"type": "custom",
"status": "Active",
"created": "1779942188881",
"updated": "1779942188881",
"createdBy": "apeks_ab7",
"updatedBy": "apeks_ab7"
}

New API: Create an Allow Rule

New or Updated APIs New
API Endpoint (New version) /v1.3/secretAllowRule/create
Method POST
DTD XSD Changes No
Input ParametersInput Parameters
Parameter Mandatory/Optional Data Type Description
regex Mandatory/Optional BASE64 encoded value

Specify the encoded regex of the secret detector that you want to create.
The valid encoding format - Base 64 (ISO-8859-1 Character Set)

Provide either regex or path of the Secret Detector.

path Mandatory/Optional BASE64 encoded value

Specify the encoded path of the secret detector that you want to create.
The valid encoding format - Base 64 (ISO-8859-1 Character Set)

Provide either regex or path of the Secret Detector.

Sample: Create an Allow RuleSample: Create an Allow Rule

API Request

curl -X 'POST' \
'<qualys_base_url>/csapi/v1.3/secretAllowRule/create' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \-d '

"description": "System directories auto", 
"regex": null, 
"path": "XnVzclwvKD86c2hhxxxxxbHVkZXxsaWJ8YmluKVwv", 
"status": "Active" 
}

API Response 

{
"Created allow rule": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}

New API: Update an Allow Rule

New or Updated APIs New
API Endpoint (New version) /v1.3/secretAllowRule/{ruleId}
Method PUT
DTD XSD Changes No
Input ParametersInput Parameters
Parameter Mandatory/Optional Data Type Description
regex Mandatory/Optional BASE64 encoded value

Specify the encoded regex of the secret detector that you want to update.
The valid encoding format - Base 64 (ISO-8859-1 Character Set)

Provide either regex or path of the Secret Detector.

path Mandatory/Optional BASE64 encoded value

Specify the encoded path of the secret detector that you want to create.
The valid encoding format - Base 64 (ISO-8859-1 Character Set)

Provide either regex or path of the Secret Detector.

Sample: Update an Allow RuleSample: Update an Allow Rule

API Request

curl -X 'PUT' \
<qualys_base_url>/csapi/v1.3/secretAllowRule/a1b2c3d4-e5f6-7890-abcd-ef1234567890' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '
{ 
"description": "System directories auto updated", 
"regex": null, 
"path": "XihvcHR8dmFyKVwv", 
"status": "Active" 
}

API Response 

{
"Updated allow rule": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}

New API: Delete Allow Rule

New or Updated APIs New
API Endpoint (New version) /v1.3/secretAllowRule/{ruleId}
Method DELETE
DTD XSD Changes No
Input ParametersInput Parameters
Parameter Mandatory/Optional Data Type Description
ruleId Mandatory String Specify the ID/UUID of the exclude block you want to delete.
Sample: Delete an Allow RuleSample: Delete an Allow Rule

API Request

curl -X 'DELETE' \
'<qualys_base_url>/csapi/v1.3/secretAllowRule/a1b2c3d4-e5f6-7890-abcd-ef1234567890' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'

API Response 

 rule deleted successfully
     

Compliance Posture for a Container

With this release, Qualys Container Security enhances compliance scanning capabilities by introducing new controls, removing outdated controls, and adding support for a SKIPPED posture for running containers in addition to container images. These enhancements provide increased visibility into container compliance posture, including runtime compliance assessment results.

This release expands compliance coverage with the addition of the following controls:

  1. Control ID 10805
  2. Control ID 19373
  3. Control ID 19374
  4. Control ID 19375 
  5. Control ID 19376
  6. Control ID 19377

Removed Compliance Controls:

  1. Control ID 10810
  2. Control ID 10715
  3. Control ID 10808

New Compliance Posture - SKIPPED: Qualys Container Security reports controls with a SKIPPED posture when the required container or image data is unavailable for evaluation, providing additional visibility into compliance assessment results.

To enhance risk prioritization and improve clarity, this release updates the criticality levels as follows:

  • LOW: Renamed from MINIMAL
  • MEDIUM: Combines MEDIUM and SERIOUS
  • HIGH: Combines CRITICAL and URGENT

The following API includes updated policy compliance details for containers.

Fetch Compliance Posture for a Container
GET /csapi/v1.3/containers/{containerSha}/compliance

Updated API: Fetch Compliance Posture for a Container

New or Updated APIs Updated
API Endpoint (New version) /v1.3/containers/{containerSha}/compliance
Method GET
DTD XSD Changes No
Sample: Fetch Compliance Posture for a ContainerSample: Fetch Compliance Posture for a Container

API Request

curl -X 'GET' \
  '<qualys_base_url>/csapi/v1.3/containers/7ba409eeaf52cec8def68416270394d5a9dc6befbb915fdaf608edfb7aebd86f/compliance' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>' 

API Response 
 

 {
  "uuid": "2808271b-5431-31e9-82f0-4b0f7xxxxd7",
  "sha": "7ba409eeaf52cec8def68416270394d5a9dc6befbb9xxxxxaebd86f",
  "customerUuid": "0c0fbabe-355c-5c7e-82c6-960dea056cc4",
  "created": "1780548308000",
  "updated": "1780563917402",
  "controls": [
    {
      "controlId": 10856,
      "policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
      "technologyId": 283,
      "criticality": "HIGH",
      "posture": "PASS",
      "lastEvaluated": "1780548346980",
      "datapoints": [],
      "statement": null,
      "findings": []
    },
    {
      "controlId": 10815,
      "policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
      "technologyId": 283,
      "criticality": "MEDIUM",
      "posture": "PASS",
      "lastEvaluated": "1780548346980",
      "datapoints": [],
      "statement": null,
      "findings": []
    },
    {
      "controlId": 19376,
      "policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
      "technologyId": 283,
      "criticality": "HIGH",
      "posture": "PASS",
      "lastEvaluated": "1780548346980",
      "datapoints": [],
      "statement": null,
      "findings": []
    },
    {
      "controlId": 10812,
      "policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
      "technologyId": 283,
      "criticality": "MEDIUM",
      "posture": "FAIL",
      "lastEvaluated": "1780548346980",
      "datapoints": [],
      "statement": null,
      "findings": [
        "Container running without memory restrictions"
      ]
    },
    {
      "controlId": 10825,
      "policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
      "technologyId": 283,
      "criticality": "MEDIUM",
      "posture": "FAIL",
      "lastEvaluated": "1780548346980",
      "datapoints": [],
      "statement": null,
      "findings": [
        "Container running with root FS mounted R/W"
      ]
    },
    {
      "controlId": 10802,
      "policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
      "technologyId": 283,
      "criticality": "HIGH",
      "posture": "FAIL",
      "lastEvaluated": "1780548346980",
      "datapoints": [],
      "statement": null,
      "findings": [
        "Container running with default user (root)"
      ]
    },
    {
      "controlId": 10807,
      "policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
      "technologyId": 283,
      "criticality": "HIGH",
      "posture": "PASS",
      "lastEvaluated": "1780548346980",
      "datapoints": [],
      "statement": null,
      "findings": []
    },
    {
      "controlId": 10830,
      "policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
      "technologyId": 283,
      "criticality": "MEDIUM",
      "posture": "FAIL",
      "lastEvaluated": "1780548346980",
      "datapoints": [],
      "statement": null,
      "findings": [
        "Health check not set"
      ]
    },
    {
      "controlId": 10813,
      "policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
      "technologyId": 283,
      "criticality": "MEDIUM",
      "posture": "FAIL",
      "lastEvaluated": "1780548346980",
      "datapoints": [],
      "statement": null,
      "findings": [
        "Container running without CPU restrictions"
      ]
    },
    {
      "controlId": 10854,
      "policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
      "technologyId": 283,
      "criticality": "MEDIUM",
      "posture": "PASS",
      "lastEvaluated": "1780548346980",
      "datapoints": [],
      "statement": null,
      "findings": []
    },
    {
      "controlId": 19373,
      "policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
      "technologyId": 283,
      "criticality": "HIGH",
      "posture": "PASS",
      "lastEvaluated": "1780548346980",
      "datapoints": [],
      "statement": null,
      "findings": []
    },
    {
      "controlId": 10805,
      "policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
      "technologyId": 283,
      "criticality": "MEDIUM",
      "posture": "PASS",
      "lastEvaluated": "1780548346980",
      "datapoints": [],
      "statement": null,
      "findings": []
    },
    {
      "controlId": 10828,
      "policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
      "technologyId": 283,
      "criticality": "HIGH",
      "posture": "PASS",
      "lastEvaluated": "1780548346980",
      "datapoints": [],
      "statement": null,
      "findings": []
    },
    {
      "controlId": 10851,
      "policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
      "technologyId": 283,
      "criticality": "MEDIUM",
      "posture": "PASS",
      "lastEvaluated": "1780548346980",
      "datapoints": [],
      "statement": null,
      "findings": []
    },
    {
      "controlId": 18990,
      "policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
      "technologyId": 283,
      "criticality": "MEDIUM",
      "posture": "PASS",
      "lastEvaluated": "1780548346980",
      "datapoints": [],
      "statement": null,
      "findings": []
    },
    {
      "controlId": 10811,
      "policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
      "technologyId": 283,
      "criticality": "HIGH",
      "posture": "PASS",
      "lastEvaluated": "1780548346980",
      "datapoints": [],
      "statement": null,
      "findings": []
    },
    {
      "controlId": 10829,
      "policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
      "technologyId": 283,
      "criticality": "MEDIUM",
      "posture": "FAIL",
      "lastEvaluated": "1780548346980",
      "datapoints": [],
      "statement": null,
      "findings": [
        "PIDs limit not set"
      ]
    },
    {
      "controlId": 10716,
      "policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
      "technologyId": 283,
      "criticality": "MEDIUM",
      "posture": "PASS",
      "lastEvaluated": "1780548346980",
      "datapoints": [],
      "statement": null,
      "findings": []
    },
    {
      "controlId": 10857,
      "policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
      "technologyId": 283,
      "criticality": "MEDIUM",
      "posture": "PASS",
      "lastEvaluated": "1780548346980",
      "datapoints": [],
      "statement": null,
      "findings": []
    },
    {
      "controlId": 19375,
      "policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
      "technologyId": 283,
      "criticality": "MEDIUM",
      "posture": "PASS",
      "lastEvaluated": "1780548346980",
      "datapoints": [],
      "statement": null,
      "findings": []
    },
    {
      "controlId": 10858,
      "policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
      "technologyId": 283,
      "criticality": "MEDIUM",
      "posture": "PASS",
      "lastEvaluated": "1780548346980",
      "datapoints": [],
      "statement": null,
      "findings": []
    },
    {
      "controlId": 19374,
      "policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
      "technologyId": 283,
      "criticality": "LOW",
      "posture": "PASS",
      "lastEvaluated": "1780548346980",
      "datapoints": [],
      "statement": null,
      "findings": []
    },
    {
      "controlId": 10814,
      "policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
      "technologyId": 283,
      "criticality": "MEDIUM",
      "posture": "FAIL",
      "lastEvaluated": "1780548346980",
      "datapoints": [],
      "statement": null,
      "findings": [
        "Expected restart policy is 5 retries on 'on-failure'. Detected: [no 0]"
      ]
    },
    {
      "controlId": 10850,
      "policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
      "technologyId": 283,
      "criticality": "MEDIUM",
      "posture": "PASS",
      "lastEvaluated": "1780548346980",
      "datapoints": [],
      "statement": null,
      "findings": []
    },
    {
      "controlId": 10855,
      "policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
      "technologyId": 283,
      "criticality": "HIGH",
      "posture": "FAIL",
      "lastEvaluated": "1780548346980",
      "datapoints": [],
      "statement": null,
      "findings": [
        "Privileges not restricted"
      ]
    },
    {
      "controlId": 19377,
      "policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
      "technologyId": 283,
      "criticality": "MEDIUM",
      "posture": "FAIL",
      "lastEvaluated": "1780548346980",
      "datapoints": [],
      "statement": null,
      "findings": [
        "No SecurityOptions Found"
      ]
    },
    {
      "controlId": 10809,
      "policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3",
      "technologyId": 283,
      "criticality": "HIGH",
      "posture": "PASS",
      "lastEvaluated": "1780548346980",
      "datapoints": [],
      "statement": null,
      "findings": []
    }
  ],
  "lastComplianceScanned": "1780548347135"
}