All Products
Search
Document Center

Security Center:DescribeImageSensitiveFileByKey

Last Updated:Jun 16, 2026

Queries the sensitive files of an image.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

  • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

  • API: The API that you can call to perform the action.

  • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

  • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

    • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

    • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

  • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

  • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-sas:DescribeImageSensitiveFileByKey

get

*All Resource

*

None None

Request parameters

Parameter

Type

Required

Description

Example

SensitiveFileKey

string

No

The sensitive file alerting type. Valid values:

  • npm_token: NPM access token

  • ftp_cfg: FTP configuration

  • google_oauth_key: Google OAuth Key

  • planetscale_passwd: Planetscale password

  • github_ssh_key: Github SSH key

  • msbuild_publish_profile: MSBuild publish profile

  • fastly_cdn_token: Fastly CDN token

  • ssh_private_key: SSH private key

  • aws_cli: AWS CLI credentials

  • cpanel_proftpd: cPanel ProFTPd credentials

  • postgresql_passwd: PostgreSQL password file

  • discord_client_cred: Discord client credentials

  • rails_database: Rails database configuration

  • aws_access_key: AWS Access Key

  • esmtp_cfg: ESMTP mail server configuration

  • docker_registry_cfg: Docker image repository configuration

  • pem: PEM

  • common_cred: common credentials

  • sftp_cfg: SFTP connection configuration

  • grafana_token: Grafana token

  • slack_token: Slack Token

  • ec_private_key: EC private key

  • pypi_token: PyPI upload token

  • finicity_token: Finicity platform token

  • k8s_client_key: Kubernetes client private key

  • git_cfg: Git configuration

  • django_key: Django key

  • jenkins_ssh: Jenkins SSH configuration file

  • openssh_private_key: OPENSSH private key

  • square_oauth: Square OAuth credentials

  • typeform_token: Typeform token

  • common_database_cfg: common database connection configuration

  • wordpress_database_cfg: WordPress database configuration

  • googlecloud_api_key: Google Cloud API Key

  • vscode_sftp: VSCode SFTP configuration

  • apache_htpasswd: Apache htpasswd

  • planetscale_token: Planetscale token

  • contentful_preview_token: Contentful Preview token

  • php_database_cfg: PHP application database password

  • atom_remote_sync: Atom remote synchronization configuration

  • aws_session_token: AWS session token

  • atom_sftp_cfg: Atom SFTP configuration

  • asana_client_private_key: Asana client private key

  • tencentcloud_ak: third-party cloud SecretId

  • rsa_private_key: RSA private key

  • github_personal_token: Github Personal access token

  • pgp: PGP encrypt file

  • stripe_skpk: Stripe Secret Key

  • square_token: Square access token

  • rails_carrierwave: Rails Carrierwave file upload credentials

  • dbeaver_database_cfg: DBeaver database configuration

  • robomongo_cred: Robomongo credentials

  • github_oauth_token: Github OAuth access token

  • pulumi_token: Pulumi token

  • ventrilo_voip: Ventrilo VoIP Server configuration

  • macos_keychain: macOS Keychain

  • amazon_mws_token: Amazon MWS Token

  • dynatrace_token: Dynatrace token

  • java_keystore: Java KeyStore

  • microsoft_sdf: Microsoft SQL CE database

  • kubernetes_dashboard_cred: Kubernetes Dashboard user credentials

  • atlassian_token: Atlassian token

  • rdp: Remote Desktop Protocol (RDP) connection

  • mailgun_key: Mailgun Webhook Signing Key

  • mailchimp_api_key: Mailchimp API Key

  • netrc_cfg: .netrc configuration file

  • openvpn_cfg: OpenVPN client configuration

  • github_refresh_token: Github Refresh Token

  • salesforce: Salesforce credentials

  • sendinblue: Sendinblue token

  • pkcs_private_key: PKCS#12 key

  • rubyonrails_passwd: Ruby on Rails password file

  • filezilla_ftp: FileZilla FTP configuration

  • databricks_token: Databricks token

  • gitLab_personal_token: GitLab Personal access token

  • rails_master_key: Rails Master Key

  • sqlite: SQLite3/SQLite database

  • firefox_logins: Firefox logon configuration

  • mailgun_private_token: Mailgun Private token

  • joomla_cfg: Joomla configuration

  • hashicorp_terraform_token: Hashicorp Terraform Token

  • jetbrains_ides: Jetbrains IDEs configuration

  • heroku_api_key: Heroku API key

  • messagebird_token: MessageBird token

  • github_app_token: Github App Token

  • hashicorp_vault_token: Hashicorp Vault Token

  • pgp_private_key: PGP private key

  • sshpasswd: SSH password

  • huaweicloud_ak: third-party cloud Secret Access Key

  • aws_s3cmd: AWS S3cmd configuration

  • php_config: PHP configuration

  • common_private_key: common private key types

  • microsoft_mdf: Microsoft SQL database

  • mediawiki_cfg: MediaWiki configuration

  • jenkins_cred: Jenkins credentials

  • rubygems_cred: Rubygems credentials

  • clojars_token: Clojars token

  • phoenix_web_passwd: Phoenix Web credentials

  • puttygen_private_key: PuTTYgen private key

  • google_oauth_token: Google OAuth access token

  • rubyonrails_cfg: Ruby On Rails database configuration

  • lob_api_key: Lob API Key

  • pkcs_cred: PKCS#12 certificate

  • otr_private_key: OTR private key

  • contentful_delivery_token: Contentful Delivery token

  • digital_ocean_tugboat: Digital Ocean Tugboat configuration

  • dsa_private_key: DSA private key

  • rails_app_token: Rails App token

  • git_cred: Git user credentials

  • newrelic_api_key: New Relic User API Key

  • github_hub: hub configuration that stores Github tokens

  • rubygem: Rubygem token

google_oauth_key

ImageUuid

string

No

The UUID of the image.

0083a31ccf7c10367a6e783e8601****

ScanRange

array

No

The scan scope. Valid values:

  • image: Image.

  • container: Container.

string

No

The scan scope. Valid values:

  • image: Image.

  • container: Container.

image

Lang

string

No

The language of the content in the request and response. Default value: zh. Valid values:

  • zh: Chinese.

  • en: English.

zh

CurrentPage

integer

No

The page number of the page to return. Default value: 1.

1

PageSize

integer

No

The maximum number of entries per page in paging query. Default value: 20.

20

Response elements

Element

Type

Description

Example

object

The response for querying sensitive files of an image.

SensitiveFileList

array<object>

The list of sensitive files in the image.

object

The sensitive file information.

FilePath

string

The file path.

/usr/lib/abc.txt

LayerDigest

string

The digest of the image layer.

0083a31cc0083a31ccf7c10367a6e783e8601e290f7c10367a6e783e860****

Promt

string

The sensitive content.

AKPIDteow289f9s************

Advice

string

The suggestion.

Assess risks based on business conditions, remove risky content, and rebuild image

RiskLevel

string

The risk level. Valid values:

  • high: High.

  • medium: Medium.

  • low: Low.

low

SensitiveFileKey

string

The sensitive file alerting type. Valid values:

  • npm_token: NPM access token

  • ftp_cfg: FTP configuration

  • google_oauth_key: Google OAuth Key

  • planetscale_passwd: Planetscale password

  • github_ssh_key: Github SSH key

  • msbuild_publish_profile: MSBuild publish profile

  • fastly_cdn_token: Fastly CDN token

  • ssh_private_key: SSH private key

  • aws_cli: AWS CLI credentials

  • cpanel_proftpd: cPanel ProFTPd credentials

  • postgresql_passwd: PostgreSQL password file

  • discord_client_cred: Discord client credentials

  • rails_database: Rails database configuration

  • aws_access_key: AWS Access Key

  • esmtp_cfg: ESMTP mail server configuration

  • docker_registry_cfg: Docker image repository configuration

  • pem: PEM

  • common_cred: common credentials

  • sftp_cfg: SFTP connection configuration

  • grafana_token: Grafana token

  • slack_token: Slack Token

  • ec_private_key: EC private key

  • pypi_token: PyPI upload token

  • finicity_token: Finicity platform token

  • k8s_client_key: Kubernetes client private key

  • git_cfg: Git configuration

  • django_key: Django key

  • jenkins_ssh: Jenkins SSH configuration file

  • openssh_private_key: OPENSSH private key

  • square_oauth: Square OAuth credentials

  • typeform_token: Typeform token

  • common_database_cfg: common database connection configuration

  • wordpress_database_cfg: WordPress database configuration

  • googlecloud_api_key: Google Cloud API Key

  • vscode_sftp: VSCode SFTP configuration

  • apache_htpasswd: Apache htpasswd

  • planetscale_token: Planetscale token

  • contentful_preview_token: Contentful Preview token

  • php_database_cfg: PHP application database password

  • atom_remote_sync: Atom remote synchronization configuration

  • aws_session_token: AWS session token

  • atom_sftp_cfg: Atom SFTP configuration

  • asana_client_private_key: Asana client private key

  • tencentcloud_ak: third-party cloud SecretId

  • rsa_private_key: RSA private key

  • github_personal_token: Github Personal access token

  • pgp: PGP encrypt file

  • stripe_skpk: Stripe Secret Key

  • square_token: Square access token

  • rails_carrierwave: Rails Carrierwave file upload credentials

  • dbeaver_database_cfg: DBeaver database configuration

  • robomongo_cred: Robomongo credentials

  • github_oauth_token: Github OAuth access token

  • pulumi_token: Pulumi token

  • ventrilo_voip: Ventrilo VoIP Server configuration

  • macos_keychain: macOS Keychain

  • amazon_mws_token: Amazon MWS Token

  • dynatrace_token: Dynatrace token

  • java_keystore: Java KeyStore

  • microsoft_sdf: Microsoft SQL CE database

  • kubernetes_dashboard_cred: Kubernetes Dashboard user credentials

  • atlassian_token: Atlassian token

  • rdp: Remote Desktop Protocol (RDP) connection

  • mailgun_key: Mailgun Webhook Signing Key

  • mailchimp_api_key: Mailchimp API Key

  • netrc_cfg: .netrc configuration file

  • openvpn_cfg: OpenVPN client configuration

  • github_refresh_token: Github Refresh Token

  • salesforce: Salesforce credentials

  • sendinblue: Sendinblue token

  • pkcs_private_key: PKCS#12 key

  • rubyonrails_passwd: Ruby on Rails password file

  • filezilla_ftp: FileZilla FTP configuration

  • databricks_token: Databricks token

  • gitLab_personal_token: GitLab Personal access token

  • rails_master_key: Rails Master Key

  • sqlite: SQLite3/SQLite database

  • firefox_logins: Firefox logon configuration

  • mailgun_private_token: Mailgun Private token

  • joomla_cfg: Joomla configuration

  • hashicorp_terraform_token: Hashicorp Terraform Token

  • jetbrains_ides: Jetbrains IDEs configuration

  • heroku_api_key: Heroku API key

  • messagebird_token: MessageBird token

  • github_app_token: Github App Token

  • hashicorp_vault_token: Hashicorp Vault Token

  • pgp_private_key: PGP private key

  • sshpasswd: SSH password

  • huaweicloud_ak: third-party cloud Secret Access Key

  • aws_s3cmd: AWS S3cmd configuration

  • php_config: PHP configuration

  • common_private_key: common private key types

  • microsoft_mdf: Microsoft SQL database

  • mediawiki_cfg: MediaWiki configuration

  • jenkins_cred: Jenkins credentials

  • rubygems_cred: Rubygems credentials

  • clojars_token: Clojars token

  • phoenix_web_passwd: Phoenix Web credentials

  • puttygen_private_key: PuTTYgen private key

  • google_oauth_token: Google OAuth access token

  • rubyonrails_cfg: Ruby On Rails database configuration

  • lob_api_key: Lob API Key

  • pkcs_cred: PKCS#12 certificate

  • otr_private_key: OTR private key

  • contentful_delivery_token: Contentful Delivery token

  • digital_ocean_tugboat: Digital Ocean Tugboat configuration

  • dsa_private_key: DSA private key

  • rails_app_token: Rails App token

  • git_cred: Git user credentials

  • newrelic_api_key: New Relic User API Key

  • github_hub: hub configuration that stores Github tokens

  • rubygem: Rubygem token

google_oauth_key

SensitiveFileName

string

The name of the sensitive file alerting type.

Google OAuth Key

FirstScanTime

integer

The timestamp of the first scan. Unit: milliseconds.

1663321552000

LastScanTime

integer

The timestamp of the most recent scan. Unit: milliseconds.

1663691592000

Description

string

The description of the sensitive file.

Verify the validity of the leaked AK.

Md5

string

The MD5 hash value of the sensitive file.

b484b0dff093f358897486b58266****

PageInfo

object

The pagination information of the query result.

CurrentPage

integer

The page number of the current page in the paging query.

1

PageSize

integer

The maximum number of entries per page in the paging query.

20

TotalCount

integer

The total number of entries returned.

100

Count

integer

The number of entries on the current page.

2

LastRowKey

string

The key of the last entry.

CAESGgoSChAKDGNvbXBsZXRlVGltZRABCgQiAggAGAAiQAoJAGYXFWIAAAAACjMDLgAAADFTNzMyZDMwMzAzMDM1Mzc3Njc4MzA2ODY5NmI2YTY1Nzg2NTcxNjE2NDc4NjE=

Success

boolean

The status of the query result. Valid values:

  • true: Successful.

  • false: Failed.

true

Code

string

The service status code. A value of 200 indicates that the request was successful.

200

Message

string

The detailed information about the error code.

successful

RequestId

string

The request ID, which is a unique identifier generated by Alibaba Cloud for the request. You can use this ID to troubleshoot issues.

CE500770-42D3-442E-9DDD-156E0F9F3B45

HttpStatusCode

integer

The HTTP status code.

200

Examples

Success response

JSON format

{
  "SensitiveFileList": [
    {
      "FilePath": "/usr/lib/abc.txt",
      "LayerDigest": "0083a31cc0083a31ccf7c10367a6e783e8601e290f7c10367a6e783e860****",
      "Promt": "AKPIDteow289f9s************",
      "Advice": "Assess risks based on business conditions, remove risky content, and rebuild image",
      "RiskLevel": "low",
      "SensitiveFileKey": "google_oauth_key",
      "SensitiveFileName": "Google OAuth Key",
      "FirstScanTime": 1663321552000,
      "LastScanTime": 1663691592000,
      "Description": "Verify the validity of the leaked AK.",
      "Md5": "b484b0dff093f358897486b58266****"
    }
  ],
  "PageInfo": {
    "CurrentPage": 1,
    "PageSize": 20,
    "TotalCount": 100,
    "Count": 2,
    "LastRowKey": "CAESGgoSChAKDGNvbXBsZXRlVGltZRABCgQiAggAGAAiQAoJAGYXFWIAAAAACjMDLgAAADFTNzMyZDMwMzAzMDM1Mzc3Njc4MzA2ODY5NmI2YTY1Nzg2NTcxNjE2NDc4NjE="
  },
  "Success": true,
  "Code": "200",
  "Message": "successful",
  "RequestId": "CE500770-42D3-442E-9DDD-156E0F9F3B45",
  "HttpStatusCode": 200
}

Error codes

HTTP status code

Error code

Error message

Description

500 ServerError ServerError
403 NoPermission caller has no permission

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.