DescribeCanFixVulList - Security Center - Alibaba Cloud Documentation Center

Queries the list of fixable vulnerabilities.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Debug

Authorization information

There is currently no authorization information disclosed in the API.

Request parameters

Parameter	Type	Required	Description	Example
Type	string	Yes	The type of the vulnerability. Valid values: cve: system vulnerability sca: application vulnerability	cve
Uuids	string	No	The UUID of the image. Separate multiple UUIDs with commas (,).	d15df12472809c1c3b158606c0f1****
Name	string	No	The name of the vulnerability.	scan:AVD-2022-953356
AliasName	string	No	The alias of the vulnerability that is specified in Common Vulnerabilities and Exposures (CVE).	RHSA-2017:0184-Important: mysql security update
StatusList	string	No	The status of the vulnerability. Valid values: 1: The vulnerability is unfixed. 4: The vulnerability is being fixed. 7:The vulnerability is fixed.	1
Necessity	string	No	The priority to fix the vulnerability. Separate multiple priorities with commas (,). Valid values: asap: high later: medium nntf: low	asap,later,nntf
Dealed	string	No	Specifies whether the vulnerability is handled. Valid values: y: The vulnerability is handled. n: The vulnerability is not handled.	n
CurrentPage	integer	No	The page number. Pages start from page 1. Default value: 1.	1
PageSize	integer	No	The number of entries per page. Default value: 20.	20
RepoRegionId	string	No	The region ID of the image repository. Valid values: cn-beijing: China (Beijing) cn-zhangjiakou: China (Zhangjiakou) cn-hangzhou: China (Hangzhou) cn-shanghai: China (Shanghai) cn-shenzhen: China (Shenzhen) cn-hongkong: China (Hong Kong) ap-southeast-1: Singapore ap-southeast-5: Indonesia (Jakarta) us-east-1: US (Virginia) us-west-1: US (Silicon Valley) eu-central-1: Germany (Frankfurt) eu-west-1: UK (London) ap-south-1: India (Mumbai)	cn-hangzhou
RepoInstanceId	string	No	The ID of the container image. Note You can call the ListRepository operation of Container Registry and obtain the ID of the container image from InstanceId in the response.	cri-rv4nvbv8iju4****
RepoId	string	No	The ID of the image repository. Note You can call the ListRepository operation of Container Registry and obtain the ID of the image repository from RepoId in the response.	crr-avo7qp02simz2njo
RepoName	string	No	The name of the image repository. Note Fuzzy match is supported.	digital-account
RepoNamespace	string	No	The namespace to which the image repository belongs. Note Fuzzy match is supported.	ns-digital-dev
RegionId	string	No	The region ID of the image repository. Valid values: cn-beijing: China (Beijing) cn-zhangjiakou: China (Zhangjiakou) cn-hangzhou: China (Hangzhou) cn-shanghai: China (Shanghai) cn-shenzhen: China (Shenzhen) cn-hongkong: China (Hong Kong) ap-southeast-1: Singapore ap-southeast-5: Indonesia (Jakarta) us-east-1: US (Virginia) us-west-1: US (Silicon Valley) eu-central-1: Germany (Frankfurt) eu-west-1: UK (London) ap-south-1: India (Mumbai)	cn-hangzhou
InstanceId	string	No	The ID of the container image. Note You can call the ListRepository operation of Container Registry and obtain the ID of the container image from InstanceId in the response.	cri-rv4nvbv8iju4****
Tag	string	No	The tag to add to the image.	0.1.0
Digest	string	No	The unique identifier of the image.	8f0fbdb41d3d1ade4ffdf21558443f4c03342010563bb8c43ccc09594d50****
ClusterId	string	No	The cluster ID. Note You can call the DescribeGroupedContainerInstances operation to query the IDs of clusters.	c80f79959fd724a888e1187779b13****
ScanRange	array	No	The type of the asset that you want to scan. Valid values: image container
	string	No	The type of the asset that is scanned. Valid values: image container	image,container
ClusterName	string	No	The name of the cluster.	sas-test-cnnf
ContainerId	string	No	The container ID.	48a6d9a92435a13ad573372c3f3c63b7e04d106458141df9f92155709d5a****
Pod	string	No	The name of the container group.	22222-7xsqq
Namespace	string	No	The namespace of the cluster. Note You can call the GetOpaClusterNamespaceList operation to query the namespaces of clusters.	default
Image	string	No	The name of the image.	registry.cn-wulanchabu.aliyuncs.com/sas_test/huxin-test-001:nuxeo6-****

Response parameters

Parameter	Type	Description	Example
	object	PlainResult<List>
VulRecords	object []	The information about the vulnerability.
CanUpdate	boolean	Indicates whether the packages of the software that has the vulnerability can be upgraded by using Security Center. Valid values: true false	true
Type	string	The type of the vulnerability. Valid values: cve: system vulnerability sca: application vulnerability	cve
Status	integer	The status of the vulnerability. Valid values: 1: The vulnerability is unfixed. 4: The vulnerability is being fixed. 7: The vulnerability is fixed.	1
ModifyTs	long	The timestamp generated when the vulnerability status was modified. Unit: milliseconds.	1620404763000
ImageDigest	string	The unique identifier of the image.	8f0fbdb41d3d1ade4ffdf21558443f4c03342010563bb8c43ccc09594d50****
PrimaryId	long	The vulnerability ID.	782661
Tag	string	The tag that is added to the image.	latest
RepoNamespace	string	The namespace to which the image repository belongs.	3rdparty
RepoName	string	The name of the image repository.	varnish
Related	string	The CVE IDs related to the vulnerability. Multiple CVE IDs are separated by commas (,).	CVE-2017-7518,CVE-2017-12188
FirstTs	long	The timestamp generated when the vulnerability was first detected. Unit: milliseconds.	1620752053000
LastTs	long	The timestamp generated when the vulnerability was last detected. Unit: milliseconds.	1620404763000
Necessity	string	The priority to fix the vulnerability. Valid values: asap: high later: medium nntf: low Note We recommend that you fix high-level vulnerabilities as soon as possible.	asap,later,nntf
Uuid	string	The UUID of the container image.	0004a32a0305a7f6ab5ff9600d47****
AliasName	string	The alias of the vulnerability.	CVE-2018-25010:libwebp up to 1.0.0 ApplyFilter out-of-bounds read
Name	string	The name of the vulnerability.	debian:10:CVE-2019-9893
Layers	array	The image layers.
	string	The image layer.	["8f0fbdb41d3d1ade4ffdf21558443f4c03342010563bb8c43ccc09594d50****"]
ExtendContentJson	object	The extended information about the vulnerability.
OsRelease	string	The version of the operating system in the image.	10.9
Os	string	The name of the operating system.	debian
RpmEntityList	object []	The RPM packages.
MatchList	array	The rule that is used to detect the vulnerability.
	string	The rule that is used to detect the vulnerability.	["libstdc++ version less than 8.5.0-4.el8_5"]
Layer	string	The SHA-256 value of the digest of the image layer.	b1f5b9420803ad0657cf21566e3e20acc08581e7f22991249ef3aa80b8b1****
FullVersion	string	The complete version number of the software package.	3.10.0-693.2.2.el7
Version	string	The version number of the software package.	3.10.0
MatchDetail	string	The information about the detected vulnerability.	python-perf version less than 0:3.10.0-693.21.1.el7
Path	string	The path of the software that has the vulnerability.	/usr/lib64/python2.7/site-packages
Name	string	The name of the software package.	python-perf
UpdateCmd	string	The command that is used to fix the vulnerability.	apt-get update && apt-get install libseccomp2 --only-upgrade
CanFix	string	Indicates whether the vulnerability can be fixed in the Security Center console. Valid values: yes no	yes
ClusterId	string	The cluster ID.	c08d5fc1a329a4b88950a253d082f1****
ClusterName	string	The name of the cluster.	docker-law
Pod	string	The name of the container group.	22222-7xsqq
Namespace	string	The namespace.	test-002
Image	string	The name of the image.	registry.cn-wulanchabu.aliyuncs.com/sas_test/huxin-test-001:nuxeo6-conta****
ContainerId	string	The container ID.	04d20e98c8e2c93b7b864372084320a15a58c8671e53c972ce3a71d9c163****
InternetIp	string	The public IP address of the asset.	1.2.XX.XX
IntranetIp	string	The private IP address of the asset.	172.19.XX.XX
InstanceName	string	The name of the instance. The name must be 3 to 64 characters in length and can contain letters, digits, hyphens (-), and underscores (_).	testInstance
TargetId	string	The ID of the asset that is scanned.	300269
TargetName	string	The name of the asset that is scanned.	source-test-obj-XM0Ma
MaliciousSource	string	The source of the malicious file. Valid values: agentless image container	agentless
TargetType	string	The type of the asset that is scanned. Valid values: IMAGE ECS_IMAGE ECS_SNAPSHOT	ECS_IMAGE
ScanTime	long	The timestamp generated when the scan task was performed. Unit: milliseconds.	1649814050000
RequestId	string	The request ID.	1408FDB3-46F4-513C-9918-FE7D356DF048

Examples

Sample success responses

JSONformat

{
  "VulRecords": [
    {
      "CanUpdate": true,
      "Type": "cve",
      "Status": 1,
      "ModifyTs": 1620404763000,
      "ImageDigest": "8f0fbdb41d3d1ade4ffdf21558443f4c03342010563bb8c43ccc09594d50****",
      "PrimaryId": 782661,
      "Tag": "latest",
      "RepoNamespace": "3rdparty",
      "RepoName": "varnish",
      "Related": "CVE-2017-7518,CVE-2017-12188",
      "FirstTs": 1620752053000,
      "LastTs": 1620404763000,
      "Necessity": "asap,later,nntf",
      "Uuid": "0004a32a0305a7f6ab5ff9600d47****",
      "AliasName": "CVE-2018-25010:libwebp up to 1.0.0 ApplyFilter out-of-bounds read",
      "Name": "debian:10:CVE-2019-9893",
      "Layers": [
        "[\"8f0fbdb41d3d1ade4ffdf21558443f4c03342010563bb8c43ccc09594d50****\"]"
      ],
      "ExtendContentJson": {
        "OsRelease": "10.9",
        "Os": "debian",
        "RpmEntityList": [
          {
            "MatchList": [
              "[\"libstdc++ version less than 8.5.0-4.el8_5\"]"
            ],
            "Layer": "b1f5b9420803ad0657cf21566e3e20acc08581e7f22991249ef3aa80b8b1****",
            "FullVersion": "3.10.0-693.2.2.el7",
            "Version": "3.10.0",
            "MatchDetail": "python-perf version less than 0:3.10.0-693.21.1.el7",
            "Path": "/usr/lib64/python2.7/site-packages",
            "Name": "python-perf",
            "UpdateCmd": "apt-get update && apt-get install libseccomp2  --only-upgrade"
          }
        ]
      },
      "CanFix": "yes",
      "ClusterId": "c08d5fc1a329a4b88950a253d082f1****\n",
      "ClusterName": "docker-law\n",
      "Pod": "22222-7xsqq\n",
      "Namespace": "test-002\n",
      "Image": "registry.cn-wulanchabu.aliyuncs.com/sas_test/huxin-test-001:nuxeo6-conta****\n",
      "ContainerId": "04d20e98c8e2c93b7b864372084320a15a58c8671e53c972ce3a71d9c163****\n",
      "InternetIp": "1.2.XX.XX",
      "IntranetIp": "172.19.XX.XX",
      "InstanceName": "testInstance",
      "TargetId": "300269",
      "TargetName": "source-test-obj-XM0Ma",
      "MaliciousSource": "agentless",
      "TargetType": "ECS_IMAGE",
      "ScanTime": 1649814050000
    }
  ],
  "RequestId": "1408FDB3-46F4-513C-9918-FE7D356DF048"
}

Error codes

HTTP status code	Error code	Error message	Description
403	NoPermission	caller has no permission	You are not authorized to do this operation.
500	ServerError	ServerError	-

For a list of error codes, visit the Service error codes.