The responses of IaC Scan APIs are in JSON format. In command line interface (CLI), the output is defaulted to tabular display. CLI can output JSON response with additional input parameter for format.
The response in JSON format has the following elements.
|
Element |
Description |
|---|---|
|
scanUuid |
Unique identifier for the respective IaC scan |
|
scanDate |
Date when the scan was triggered. |
|
name |
Name of the IaC scan. |
|
status |
Scan status. The values are: SUBMITTED, PROCESSING, or FINISHED. |
|
tags |
Tags from input. |
|
result |
This is a nested result which has details of findings. Refer next table for more details. |
The "result" element has below sub-elements.
|
Sub-Element |
Description |
|---|---|
|
checkType |
Type of check implemented on respective IaC templates. For example:terraform, terraform_plan, and so on. |
|
results |
Nested result structure which has details such as passed, failed, skipped checks, and parsing errors. Refer next table for further details. |
|
summary |
Summarizes count of passed, failed, skipped checks, and parsing errors. For failed checks it shows stats about count of high, medium, log criticalities. |
Each “results” element has below sub-elements.
|
Sub-Element |
Description |
|---|---|
|
passedChecks |
Lists all passed checks for IaC scan |
|
failedChecks |
Lists all failed checks for IaC scan |
|
skippedChecks |
Lists all skipped checks for IaC scan |
|
parsingErrors |
For the issues of parsing IaC templates, this section lists file names. |
Each of passed, failed and skipped checks have evidence in response containing below fields.
|
Sub-Element |
Description |
|---|---|
|
checkId |
An identifier of the check which was evaluated. |
|
checkName |
Description of check which was evaluated. |
|
criticality |
The criticality of the check and finding. |
|
cvControl |
Qualys TotalCloud control (run time). It has CID and Description |
|
checkResult |
It can either be PASSED, FAILED or SKIPPED. It also shows evaluated key for the respective check |
|
codeBlock |
The code block showing evidence in result. |
|
filePath |
Location of relative path of the template that was scanned. |
|
fileLineRange |
Line numbers impacted in respective IaC template. |
|
repoFilePath |
Location of relative path of the template that was scanned |
|
resource |
IaC template resource that was scanned. |
|
callerFilePath |
If Terraform templates use modules, the evaluated code block is added. If called from other, sections are added to this field. |
|
callerFileLineRange |
If Terraform templates use modules, the line numbers of caller are added to this field. |
|
remediation |
The remediation steps for customer's actions. |