DescribeImageSensitiveFileByKey - Security Center - Alibaba Cloud Documentation Center

Queries the sensitive files in an image.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Debug

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Associated operation
yundun-sas:DescribeImageSensitiveFileByKey	Read	All Resources *	none	none

Request parameters

Parameter	Type	Required	Description	Example
SensitiveFileKey	string	No	The type of alerts for the sensitive files. Valid values: npm_token: Node Package Manager (NPM) access token ftp_cfg: FTP configuration google_oauth_key: Google OAuth key planetscale_passwd: PlanetScale password github_ssh_key: Github SSH key msbuild_publish_profile: MSBuild publish profile fastly_cdn_token: Fastly CDN token ssh_private_key: SSH private key aws_cli: Amazon Web Services (AWS) CLI credentials cpanel_proftpd: cPanel ProFTPD credentials postgresql_passwd: PostgreSQL password discord_client_cred: Discord client credentials rails_database: Rails database configuration aws_access_key: AWS Access Key esmtp_cfg :Extended Simple Mail Transfer Protocol (ESMTP) configuration docker_registry_cfg: Docker image repository configuration pem: Privacy-Enhanced Mail (PEM) common_cred: common credentials sftp_cfg: Secure File Transfer Protocol (SFTP) connection configuration grafana_token: Grafana token slack_token: Slack token ec_private_key: EC private key pypi_token: Python Package Index (PyPI) token finicity_token: Finicity token k8s_client_key: Kubernetes private key git_cfg: Git configuration django_key: Django key jenkins_ssh: Jenkins SSH configuration file openssh_private_key: OpenSSL private key square_oauth: OAuth credential for Square typeform_token: Typeform token common_database_cfg: general database connection configuration wordpress_database_cfg: WordPress database configuration googlecloud_api_key: API key for Google Cloud vscode_sftp: VSCode SFTP configuration apache_htpasswd: Apache htpasswd planetscale_token: PlanetScale token contentful_preview_token: preview token for Contentful php_database_cfg: database password for a PHP application atom_remote_sync: Atom remote synchronization configuration aws_session_token: AWS session token atom_sftp_cfg: Atom SFTP configuration asana_client_private_key: Asana client key tencentcloud_ak: secret ID of a third-party cloud rsa_private_key: Rivest-Shamir-Adleman (RSA) private key github_personal_token: personal access token for GitHub pgp: Pretty Good Privacy (PGP) encrypted file stripe_skpk: Stripe secret key square_token: Square access token rails_carrierwave: Rails Carrierwave credential dbeaver_database_cfg: DBeaver database configuration robomongo_cred: Robomongo credentials github_oauth_token: OAuth access token for GitHub pulumi_token: Pulumi token ventrilo_voip: Ventrilo VoIP server configuration macos_keychain: macOS Keychain amazon_mws_token: Amazon MWS token dynatrace_token: Dynatrace token java_keystore: Java KeyStore (JKS) microsoft_sdf: Microsoft SQL Server Compact Edition (CE) database kubernetes_dashboard_cred: user credentials for Kubernetes Dashboard atlassian_token: Atlassian token rdp: remote desktop protocol (RDP) mailgun_key: Mailgun webhook signing key mailchimp_api_key: API key for Mailchimp netrc_cfg: .netrc configuration file openvpn_cfg: OpenVPN configuration github_refresh_token: GitHub refresh token salesforce: Salesforce credentials salesforce: Sendinblue credentials pkcs_private_key: PKCS#12 key rubyonrails_passwd: Ruby on Rails password file filezilla_ftp: FileZilla FTP configuration databricks_token: Databricks token gitLab_personal_toke: personal access token for GitLab rails_master_key: Rails master key sqlite: SQLite3 or SQLite database firefox_logins: Firefox logon configuration mailgun_private_token: Mailgun private token joomla_cfg: Joomla configuration hashicorp_terraform_token: HashiCorp Terraform token jetbrains_ides: JetBrains IDEs configuration heroku_api_key: Heroku API key messagebird_token: MessageBird token messagebird_token: MessageBird token hashicorp_vault_token: HashiCorp Vault token pgp_private_key: PGP private key sshpasswd: SSH password huaweicloud_ak: secret access key of a third-party cloud aws_s3cmd: AWS S3cmd configuration php_config: PHP configuration common_private_key: private key of a common type microsoft_mdf: Microsoft SQL Server database mediawiki_cfg: MediaWiki configuration jenkins_cred: Jenkins credentials rubygems_cred: RubyGems credentials clojars_token: Clojars token phoenix_web_passwd: Phoenix web credentials puttygen_private_key: PuTTYgen private key google_oauth_token: Google OAuth access token rubyonrails_cfg: Ruby On Rails database configuration lob_api_key: Lob API key pkcs_cred: PKCS#12 certificate otr_private_key: Off-the-Record Messaging (OTR) private key contentful_delivery_token: delivery token for Contentful digital_ocean_tugboat: DigitalOcean Tugboat configuration dsa_private_key: Digital Signature Algorithm (DSA) private key rails_app_token: Rails app token git_cred: Git user credential newrelic_api_key: User API key for New Relic github_hub: hub configuration for storing GitHub tokens rubygem: Rubygem Token	google_oauth_key
ImageUuid	string	No	The UUID of the image.	0083a31ccf7c10367a6e783e8601****
ScanRange	array	No	The type of the asset that you want to scan. Valid values: image container
	string	No	The type of the asset that you want to scan. Valid values: image container	image
Lang	string	No	The language of the content within the request and response. Default value: zh. Valid values: zh: Chinese en: English	zh
CurrentPage	integer	No	The number of the page to return. Default value: 1.	1
PageSize	integer	No	The number of entries to return on each page. Default value: 20.	20

Response parameters

Parameter	Type	Description	Example
	object	The response parameters.
SensitiveFileList	object []	The information about the sensitive files.
FilePath	string	The file path.	/usr/lib/abc.txt
LayerDigest	string	The digest of the image.	0083a31cc0083a31ccf7c10367a6e783e8601e290f7c10367a6e783e860****
Promt	string	The sensitive content.	AKPIDteow289f9s************
Advice	string	The suggestion.	Assess risks based on business conditions, remove risky content, and rebuild image
RiskLevel	string	The risk level. Valid values: high medium low	low
SensitiveFileKey	string	The type of the alert for the sensitive file. Valid values: npm_token: NPM access token ftp_cfg: FTP configuration google_oauth_key: Google OAuth key planetscale_passwd: PlanetScale password github_ssh_key: Github SSH key msbuild_publish_profile: MSBuild publish profile fastly_cdn_token: Fastly CDN token ssh_private_key: SSH private key aws_cli: Amazon Web Services (AWS) CLI credential cpanel_proftpd: cPanel ProFTPD credential postgresql_passwd: PostgreSQL password file discord_client_cred: Discord client credential rails_database: Rails database configuration aws_access_key: AWS Access Key esmtp_cfg: Extended Simple Mail Transfer Protocol (ESMTP) configuration docker_registry_cfg: configuration of a Docker image repository pem: Privacy-Enhanced Mail (PEM) common_cred: common credential sftp_cfg: configuration of connection over Secure File Transfer Protocol (SFTP) grafana_token: Grafana token slack_token: Slack token ec_private_key: Elliptic Curve (EC) private key pypi_token: Python Package Index (PyPI) token finicity_token: Finicity token k8s_client_key: private key for the Kubernetes client git_cfg: Git configuration django_key: Django key jenkins_ssh: SSH configuration file for Jenkins openssh_private_key: OpenSSH private key square_oauth: Square OAuth credential typeform_token: Typeform token common_database_cfg: configuration of general database connection wordpress_database_cfg: WordPress database configuration googlecloud_api_key: API key for Google Cloud vscode_sftp: VSCode SFTP configuration apache_htpasswd: Apache htpasswd planetscale_token: PlanetScale token contentful_preview_token: preview token for Contentful php_database_cfg: database password for a PHP application atom_remote_sync: Atom remote synchronization configuration aws_session_token: AWS session token atom_sftp_cfg: Atom SFTP configuration asana_client_private_key: Asana client key tencentcloud_ak: secret ID of a third-party cloud rsa_private_key: Rivest-Shamir-Adleman (RSA) private key github_personal_token: personal access token for GitHub pgp: Pretty Good Privacy (PGP) encrypted file stripe_skpk: Stripe secret key square_token: Square access token rails_carrierwave: Rails Carrierwave credential dbeaver_database_cfg: DBeaver database configuration robomongo_cred: RoboMongo credential github_oauth_token: OAuth access token for GitHub pulumi_token: Pulumi token ventrilo_voip: configuration of a Ventrilo VoIP server macos_keychain: macOS Keychain amazon_mws_token: Amazon MWS token dynatrace_token: Dynatrace token java_keystore: Java KeyStore (JKS) microsoft_sdf: Microsoft SQL Server Compact Edition (CE) database kubernetes_dashboard_cred: user credential for Kubernetes Dashboard atlassian_token: Atlassian token rdp: remote desktop protocol (RDP) mailgun_key: Mailgun webhook signing key mailchimp_api_key: API key for Mailchimp netrc_cfg: netrc configuration file openvpn_cfg: configuration of the OpenVPN client github_refresh_token: GitHub refresh token salesforce: Salesforce credential salesforce: Sendinblue token pkcs_private_key: PKCS#12 private key rubyonrails_passwd: Ruby on Rails password file filezilla_ftp: FileZilla FTP configuration databricks_token: Databricks token gitLab_personal_toke: personal access token for GitLab rails_master_key: Rails master key sqlite: SQLite3 or SQLite database firefox_logins: Firefox logon configuration mailgun_private_token: Mailgun private token joomla_cfg: Joomla configuration hashicorp_terraform_token: HashiCorp Terraform token jetbrains_ides: JetBrains IDEs configuration heroku_api_key: API key for Heroku messagebird_token: MessageBird token github_app_token: Github app token hashicorp_vault_token: HashiCorp Vault token pgp_private_key: PGP private key sshpasswd: SSH password huaweicloud_ak: secret access key of a third-party cloud aws_s3cmd: AWS S3cmd configuration php_config: PHP configuration common_private_key: common private key microsoft_mdf: Microsoft SQL Server database mediawiki_cfg: MediaWiki configuration jenkins_cred: Jenkins credential rubygems_cred: RubyGems credential clojars_token: Clojars token phoenix_web_passwd: Phoenix web credential puttygen_private_key: PuTTYgen private key google_oauth_token: Google OAuth access token rubyonrails_cfg: Ruby On Rails database configuration lob_api_key: Lob API key for Lob pkcs_cred: PKCS#12 certificate otr_private_key: Off-the-Record Messaging (OTR) private key contentful_delivery_token: Contentful delivery token digital_ocean_tugboat: DigitalOcean Tugboat configuration dsa_private_key: Digital Signature Algorithm (DSA) private key rails_app_token: app token for Rails git_cred: Git user credential newrelic_api_key: User API key for New Relic github_hub: hub configuration for storing GitHub tokens rubygem: Rubygem Token	google_oauth_key
SensitiveFileName	string	The name of the alert type for the sensitive file.	Google OAuth Key
FirstScanTime	long	The timestamp generated when the first scan was performed. Unit: milliseconds.	1663321552000
LastScanTime	long	The timestamp when the last scan was performed. Unit: milliseconds.	1663691592000
Description	string	The description of the sensitive file.	Verify the validity of the leaked AK.
Md5	string	The MD5 value of the sensitive file.	b484b0dff093f358897486b58266****
PageInfo	object	The pagination information.
CurrentPage	integer	The page number of the returned page.	1
PageSize	integer	The number of entries returned per page.	20
TotalCount	integer	The total number of entries returned.	100
Count	integer	The number of entries returned on the current page.	2
LastRowKey	string	The key of the last data entry.	CAESGgoSChAKDGNvbXBsZXRlVGltZRABCgQiAggAGAAiQAoJAGYXFWIAAAAACjMDLgAAADFTNzMyZDMwMzAzMDM1Mzc3Njc4MzA2ODY5NmI2YTY1Nzg2NTcxNjE2NDc4NjE=
Success	boolean	Indicates whether the request was successful. Valid values: true: The request was successful. false: The request failed.	true
Code	string	The status code returned. If the 200 status code is returned, the request was successful.	200
Message	string	The error message returned.	successful
RequestId	string	The ID of the request, which is used to locate and troubleshoot issues.	CE500770-42D3-442E-9DDD-156E0F9F3B45
HttpStatusCode	integer	The HTTP status code returned.	200

Examples

Sample success responses

JSONformat

{
  "SensitiveFileList": [
    {
      "FilePath": "/usr/lib/abc.txt",
      "LayerDigest": "0083a31cc0083a31ccf7c10367a6e783e8601e290f7c10367a6e783e860****",
      "Promt": "AKPIDteow289f9s************",
      "Advice": "Assess risks based on business conditions, remove risky content, and rebuild image",
      "RiskLevel": "low",
      "SensitiveFileKey": "google_oauth_key",
      "SensitiveFileName": "Google OAuth Key",
      "FirstScanTime": 1663321552000,
      "LastScanTime": 1663691592000,
      "Description": "Verify the validity of the leaked AK.",
      "Md5": "b484b0dff093f358897486b58266****"
    }
  ],
  "PageInfo": {
    "CurrentPage": 1,
    "PageSize": 20,
    "TotalCount": 100,
    "Count": 2,
    "LastRowKey": "CAESGgoSChAKDGNvbXBsZXRlVGltZRABCgQiAggAGAAiQAoJAGYXFWIAAAAACjMDLgAAADFTNzMyZDMwMzAzMDM1Mzc3Njc4MzA2ODY5NmI2YTY1Nzg2NTcxNjE2NDc4NjE="
  },
  "Success": true,
  "Code": "200",
  "Message": "successful",
  "RequestId": "CE500770-42D3-442E-9DDD-156E0F9F3B45",
  "HttpStatusCode": 200
}

Error codes

HTTP status code	Error code	Error message	Description
403	NoPermission	caller has no permission	You are not authorized to do this operation.
500	ServerError	ServerError	-

For a list of error codes, visit the Service error codes.

Change history

Change time

Summary of changes

Operation

2023-10-17

The Error code has changed. The response structure of the API has changed

see changesets

Change item	Change content
Error Codes	The Error code has changed.
	delete Error Codes: 500
Output Parameters	The response structure of the API has changed.