You can trigger an IaC scan. Provide a name and upload the IaC configuration file to be scanned. Once the scan is triggered, it goes into Submitted state. Once the scan is completed (Finished state), the response provides a unique Scan UUID that you can use to view the scan results.
Note: We support only 10 concurrent scans to be executed in parallel.
|
Parameter |
Mandatory/Optional | Data Type |
Description |
|---|---|---|---|
|
name |
Mandatory | String |
Provide a name for the IaC scan you would want to trigger. Note: Double quotes are not allowed. |
|
file |
Mandatory |
Upload an IaC configuration file with maximum size of 10MB. For valid file formats, refer to Template Support. |
|
|
showOnlyFailedControls |
Optional | Boolean |
Set this flag to true to include only the failed controls in the IaC scan result. |
|
tags=[{'key':'value'}] |
Optional | String |
Name of the tags. The cloud assets are tagged with specified tag are included in the scan. |
|
policyName |
Optional | String |
Specify the name of the policy in the request. Use the policy name to restrict the evaluation of controls during the scan. Only the controls associated with the specified policy are evaluated during the scan. If PolicyName parameter is empty, the IaC Scan API scans the template for all the controls that are applicable to resources in the template and return the scan results accordingly. |
API request
curl -X POST
"https://<QualysBaseURL>/cloudview-api/rest/v1/iac/scan"
-H "authorization: Basic XXXXXXXXXXXXXXXXXXXXXXXXXXX="
-H "Content-Type: multipart/form-data"
-F "file=@security-group.tf"
-F "name=DemoTemplate"
-F "policyName=AZURE Infrastructure as Code Security Best Practices
Policy"
-F "showOnlyFailedControls=false"
-F "tags=[{"Key":"Value"}]"
Response
{
"scanUuid": "337a21ef-3c53-43bf-aed6-46f04e1c542d"
}