Security Center:DescribeImageListBySensitiveFile - Security Center

Queries images that contain sensitive files.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-sas:DescribeImageListBySensitiveFile

get

*All Resource

*

None

Request parameters

Parameter	Type	Required	Description	Example
SensitiveFileKey	string	No	The type of the sensitive file. Valid values: npm_token: NPM access token ftp_cfg: FTP configuration google_oauth_key: Google OAuth key planetscale_passwd: PlanetScale password github_ssh_key: GitHub SSH key msbuild_publish_profile: MSBuild publish profile fastly_cdn_token: Fastly CDN token ssh_private_key: SSH private key aws_cli: AWS CLI credentials cpanel_proftpd: cPanel ProFTPd credentials postgresql_passwd: PostgreSQL password file discord_client_cred: Discord client credentials rails_database: Rails database configuration aws_access_key: AWS access key esmtp_cfg: ESMTP mail server configuration docker_registry_cfg: Docker registry configuration pem: PEM common_cred: common credentials sftp_cfg: SFTP connection configuration grafana_token: Grafana token slack_token: Slack token ec_private_key: EC private key pypi_token: PyPI upload token finicity_token: Finicity platform token k8s_client_key: Kubernetes client private key git_cfg: Git configuration django_key: Django key jenkins_ssh: Jenkins SSH configuration file openssh_private_key: OpenSSH private key square_oauth: Square OAuth credentials typeform_token: Typeform token common_database_cfg: generic database connection configuration wordpress_database_cfg: WordPress database configuration googlecloud_api_key: Google Cloud API key vscode_sftp: VSCode SFTP configuration apache_htpasswd: Apache htpasswd planetscale_token: PlanetScale token contentful_preview_token: Contentful preview token php_database_cfg: PHP application database password atom_remote_sync: Atom remote sync configuration aws_session_token: AWS session token atom_sftp_cfg: Atom SFTP configuration asana_client_private_key: Asana client private key tencentcloud_ak: Tencent Cloud SecretId rsa_private_key: RSA private key github_personal_token: GitHub personal access token pgp: PGP encrypted file stripe_skpk: Stripe secret key square_token: Square access token rails_carrierwave: Rails CarrierWave file upload credentials dbeaver_database_cfg: DBeaver database configuration robomongo_cred: Robomongo credentials github_oauth_token: GitHub OAuth access token pulumi_token: Pulumi token ventrilo_voip: Ventrilo VoIP server configuration macos_keychain: macOS Keychain amazon_mws_token: Amazon MWS token dynatrace_token: Dynatrace token java_keystore: Java Keystore microsoft_sdf: Microsoft SQL CE database kubernetes_dashboard_cred: Kubernetes Dashboard user credentials atlassian_token: Atlassian token rdp: Remote Desktop Connection (RDP) mailgun_key: Mailgun webhook signing key mailchimp_api_key: Mailchimp API key netrc_cfg: .netrc configuration file openvpn_cfg: OpenVPN client configuration github_refresh_token: GitHub refresh token salesforce: Salesforce credentials sendinblue: Sendinblue token pkcs_private_key: PKCS#12 key rubyonrails_passwd: Ruby on Rails password file filezilla_ftp: FileZilla FTP configuration databricks_token: Databricks token gitlab_personal_token: GitLab personal access token rails_master_key: Rails master key sqlite: SQLite3/SQLite database firefox_logins: Firefox logins configuration mailgun_private_token: Mailgun private token joomla_cfg: Joomla configuration hashicorp_terraform_token: HashiCorp Terraform token jetbrains_ides: JetBrains IDEs configuration heroku_api_key: Heroku API key messagebird_token: MessageBird token github_app_token: GitHub App token hashicorp_vault_token: HashiCorp Vault token pgp_private_key: PGP private key sshpasswd: SSH password huaweicloud_ak: HUAWEI CLOUD Secret Access Key php_config: PHP configuration common_private_key: common private key type microsoft_mdf: Microsoft SQL database mediawiki_cfg: MediaWiki configuration jenkins_cred: Jenkins credentials rubygems_cred: RubyGems credentials clojars_token: Clojars token phoenix_web_passwd: Phoenix Web credentials puttygen_private_key: PuTTYgen private key google_oauth_token: Google OAuth access token rubyonrails_cfg: Ruby on Rails database configuration lob_api_key: Lob API key pkcs_cred: PKCS#12 certificate otr_private_key: OTR private key contentful_delivery_token: Contentful delivery token digital_ocean_tugboat: DigitalOcean Tugboat configuration dsa_private_key: DSA private key rails_app_token: Rails app token git_cred: Git user credentials newrelic_api_key: New Relic user API key github_hub: The hub configuration file that stores the GitHub token rubygem: Rubygem token rubygem: Rubygem token	sshpasswd
ScanRange	array	No	The scan scope. Valid values: image: image container: container
	string	No	The scan scope. Valid values: image: image container: container	image
Lang	string	No	The language of the content in the request and response. Default value: zh. Valid values: zh: Chinese en: English	zh
CurrentPage	integer	No	The page number. Pages start from page 1. Default value: 1.	1
PageSize	integer	No	The number of entries per page. Default value: 20.	20
RiskLevel	string	No	The risk level of the file. Separate multiple risk levels with commas (,). Valid values: high: high medium: medium low: low	high
RepoInstanceId	string	No	The ID of the image repository instance. Note You can call the ListRepository operation of Container Registry to query the IDs of image repository instances. The ID is displayed in the InstanceId response parameter.	i-qewqrqcsadf****
RepoName	string	No	The name of the image repository. Note Fuzzy search is supported.	harbor-image-v001
RepoNamespace	string	No	The namespace to which the image repository belongs. Note Fuzzy search is supported.	libssh2
ImageDigest	string	No	The digest of the image. Note Fuzzy search is supported.	v005
Status	string	No	The status of the sensitive file. Valid values: 0: unhandled 1: ignored 2: false positive	0

Response elements

Element	Type	Description	Example
	object	Information about the affected images.
ImageInfos	array<object>	An array of images.
	object	The information about the image.
Uuid	string	The unique identifier of the image.	f58681174f944623345379e23b7b****
RegionId	string	The ID of the region in which the image resides.	cn-hangzhou
InstanceId	string	The ID of the image instance.	cri-a595qp31knh9****
RepoNamespace	string	The namespace of the image repository.	libssh2
RepoName	string	The name of the image repository.	opa-test
Digest	string	The digest of the image.	v005
Tag	string	The tag of the image.	nuxeo6
FirstScanTime	integer	The timestamp of the first scan. Unit: milliseconds.	1649814050000
LastScanTime	integer	The timestamp of the last scan. Unit: milliseconds.	1649814050000
RiskLevel	string	The risk level of the image. Valid values: high: high medium: medium low: low	low
Status	string	The status of the sensitive file. Valid values: 0: unhandled 1: ignored 2: false positive	0
InstanceName	string	The name of the instance.	sec-NessusSc
PageInfo	object	The pagination information.
CurrentPage	integer	The page number of the returned page.	1
PageSize	integer	The number of entries per page. Default value: 20.	20
TotalCount	integer	The total number of entries.	83
Count	integer	The number of entries returned on the current page.	4
LastRowKey	string	The key of the last entry on the current page.	CAESGgoSChAKDGNvbXBsZXRlVGltZRABCgQiAggAGAAiQAoJAGYXFWIAAAAACjMDLgAAADFTNzMyZDMwMzAzMDM1Mzc3Njc4MzA2ODY5NmI2YTY1Nzg2NTcxNjE2NDc4NjE=
Success	boolean	Indicates whether the request was successful. Valid values: true: The request was successful. false: The request failed.	true
Code	string	The result code. The value 200 indicates that the request was successful. For more information about other error codes, see the "Error codes" section of this topic.	200
Message	string	The returned message.	successful
RequestId	string	The ID of the request, which is used to locate and troubleshoot issues.	E0C5C07F-1576-509A-AE44-1C36B8445B37
HttpStatusCode	integer	The HTTP status code.	200

Examples

Success response

JSON format

{
  "ImageInfos": [
    {
      "Uuid": "f58681174f944623345379e23b7b****",
      "RegionId": "cn-hangzhou",
      "InstanceId": "cri-a595qp31knh9****",
      "RepoNamespace": "libssh2",
      "RepoName": "opa-test",
      "Digest": "v005",
      "Tag": "nuxeo6",
      "FirstScanTime": 1649814050000,
      "LastScanTime": 1649814050000,
      "RiskLevel": "low",
      "Status": "0",
      "InstanceName": "sec-NessusSc"
    }
  ],
  "PageInfo": {
    "CurrentPage": 1,
    "PageSize": 20,
    "TotalCount": 83,
    "Count": 4,
    "LastRowKey": "CAESGgoSChAKDGNvbXBsZXRlVGltZRABCgQiAggAGAAiQAoJAGYXFWIAAAAACjMDLgAAADFTNzMyZDMwMzAzMDM1Mzc3Njc4MzA2ODY5NmI2YTY1Nzg2NTcxNjE2NDc4NjE="
  },
  "Success": true,
  "Code": "200",
  "Message": "successful",
  "RequestId": "E0C5C07F-1576-509A-AE44-1C36B8445B37",
  "HttpStatusCode": 200
}

Error codes

HTTP status code	Error code	Error message	Description
500	ServerError	ServerError
403	NoPermission	caller has no permission	You are not authorized to do this operation.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.