All Products
Search
Document Center

Security Center:DescribeImageVulList

Last Updated:Jun 16, 2026

Queries the details of vulnerabilities detected by image security scans and the list of container images affected by the vulnerabilities.

Operation description

To view the latest container image vulnerability information, call the PublicCreateImageScanTask operation to create an image scan task first, wait 1 to 5 minutes, and then call this operation to view the container image vulnerability list.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

  • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

  • API: The API that you can call to perform the action.

  • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

  • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

    • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

    • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

  • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

  • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-sas:DescribeImageVulList

get

*All Resource

*

None None

Request parameters

Parameter

Type

Required

Description

Example

Lang

string

No

The language type of the request and response messages. Default value: zh. Valid values:

  • zh: Chinese

  • en: English.

zh

Type

string

Yes

The type of vulnerability to query. Set the value to cve, which indicates container image vulnerabilities.

cve

Uuids

string

No

The UUIDs of asset instances. Separate multiple UUIDs with commas (,).

0004a32a0305a7f6ab5ff9600d47****

Name

string

No

The name of the vulnerability to query.

debian:10:CVE-2019-9893

AliasName

string

No

The alias of the vulnerability to query.

High severity vulnerability that affects org.eclipse.jetty:jetty-server

StatusList

string

No

The fix status of the vulnerability. Valid values:

  • 1: unfixed

  • 4: being fixed

  • 7: fixed.

1

Necessity

string

No

The priority level of vulnerability fixing. Valid values:

  • asap: high-priority vulnerability

  • later: medium-priority vulnerability

  • nntf: low-priority vulnerability.

asap

Dealed

string

No

Specifies whether the vulnerability has been handled. Valid values:

  • y: handled

  • n: not handled.

y

CurrentPage

integer

No

The page number of the page to return in a paginated query. Default value: 1, which indicates the first page.

1

PageSize

integer

No

Settings for the number of vulnerabilities to display on each page in a paged query. Default value: 10, which indicates that 10 vulnerabilities are displayed on each page.

10

RepoRegionId

string

No

The region ID of the container image repository.

cn-hangzhou

RepoInstanceId

string

No

The instance ID of the container image repository.

i-qewqrqcsadf****

RepoId

string

No

The ID of the container image repository.

qew****

RepoName

string

No

The name of the container image repository.

libssh2

RepoNamespace

string

No

The namespace of the container image repository.

libssh2

RepoName

string

No

The name of the container image repository.

libssh2

RegionId

string

No

The region ID of the instance.

cn-hangzhou

InstanceId

string

No

The ID of the asset instance.

1-qeqewqw****

RepoId

string

No

The ID of the container image repository.

qew****

Tag

string

No

The tag of the container image.

oval

Digest

string

No

The unique identifier of the container image.

8f0fbdb41d3d1ade4ffdf21558443f4c03342010563bb8c43ccc09594d507012

ClusterId

string

No

The ID of the container cluster.

cc20a1024011c44b6a8710d6f8b****

ScanRange

array

No

The collection of scan ranges.

string

No

The scan range. Valid values:

  • container: container

  • image: image.

container

ClusterName

string

No

The name of the cluster.

docker-law

ContainerId

string

No

The ID of the container.

c08d5fc1a329a4b88950a253d082f****

Pod

string

No

The pod.

22222-7xsqq

Namespace

string

No

The namespace.

test-002

Image

string

No

The name of the container image.

registry.cn-wulanchabu.aliyuncs.com/sas_test/huxin-test-001:nuxeo6-****

RuleTag

string

No

The vulnerability tag. Valid values:

  • AI: vulnerability related to AI components.

AI

Response elements

Element

Type

Description

Example

object

CurrentPage

integer

The page number of the current page in a paged query.

1

RequestId

string

The request ID, which is a unique identifier generated by Alibaba Cloud for the request. You can use this ID to troubleshoot issues.

D6B20156-49B0-5CF0-B14D-7ECA4B50DAAB

PageSize

integer

The number of vulnerabilities displayed on each page in a paged query. Default value: 10.

10

TotalCount

integer

The total number of vulnerabilities returned.

1

VulRecords

array<object>

The list of vulnerability information.

array<object>

The vulnerability information.

CanUpdate

boolean

Indicates whether the software package that causes the vulnerability can be upgraded through Security Center. Valid values:

  • true: Supported.

  • false: Not supported.

true

Type

string

The type of vulnerability queried. The value is fixed as cve, which indicates container image vulnerabilities.

cve

Status

integer

The fix status of the vulnerability. Valid values:

  • 1: unfixed

  • 7: fixed.

1

ModifyTs

integer

The timestamp when the vulnerability record was last updated. Unit: milliseconds.

1580808765000

ImageDigest

string

The unique identifier of the container image.

8f0fbdb41d3d1ade4ffdf21558443f4c03342010563bb8c43ccc09594d507012

PrimaryId

integer

The ID of the vulnerability.

782661

Tag

string

The tag of the container image vulnerability.

oval

RepoNamespace

string

The namespace of the container image repository.

default

RepoName

string

The name of the container image repository.

varnish

Related

string

The details of the related vulnerability.

CVE-2019-9893

FirstTs

integer

The timestamp of the first scan. Unit: milliseconds.

1620752053000

LastTs

integer

The timestamp of the latest scan. Unit: milliseconds.

1631779996000

Necessity

string

The priority level of vulnerability fixing. Valid values:

  • asap: high-priority vulnerability

  • later: medium-priority vulnerability

  • nntf: low-priority vulnerability.

asap

Uuid

string

The UUID of the server.

0004a32a0305a7f6ab5ff9600d47****

AliasName

string

The alias of the vulnerability.

CVE-2018-25010:libwebp up to 1.0.0 ApplyFilter out-of-bounds read

Name

string

The name of the vulnerability.

debian:10:CVE-2019-9893

Layers

array

The list of container image layers.

string

The list of container image layers.

["null"]

ExtendContentJson

object

The extended content of the vulnerability information.

OsRelease

string

The version of the operating system in the image.

10.9

Os

string

The name of the operating system.

debian

RpmEntityList

array<object>

The details of the package of the software that has the vulnerability.

object

MatchList

array

The details of the rule that is used to detect the vulnerability.

["libseccomp2 version less than equals 2.3.3-4"]

string

The details of the rule that is used to detect the vulnerability. The details of multiple rules are separated by commas (,).

["libstdc++ version less than 8.5.0-4.el8_5"]

Layer

string

The SHA-256 value of the digest of the image layer.

b1f5b9420803ad0657cf21566e3e20acc08581e7f22991249ef3aa80b8b1c587

FullVersion

string

The complete version number of the package.

2.3.3-4

Version

string

The version number of the package.

2.3.3-4

MatchDetail

string

The reason why the vulnerability is detected.

libseccomp2 version less than equals 2.3.3-4

Path

string

The path of the software that has the vulnerability.

/usr/lib64/libssh2.so.1

Name

string

The name of the software package.

libseccomp2

UpdateCmd

string

The command that is used to fix the vulnerability.

apt-get update && apt-get install libseccomp2 --only-upgrade

CanFix

string

Indicates whether the vulnerability can be fixed from the console. Valid values:

  • yes: can be fixed

  • no: cannot be fixed.

yes

ClusterId

string

The ID of the cluster.

c08d5fc1a329a4b88950a253d082f1****

ClusterName

string

The name of the cluster.

docker-law

Pod

string

The pod.

22222-7xsqq

Namespace

string

The namespace.

test-002

Image

string

The name of the image.

registry.cn-wulanchabu.aliyuncs.com/sas_test/huxin-test-001:nuxeo6-conta****

ContainerId

string

The ID of the container.

04d20e98c8e2c93b7b864372084320a15a58c8671e53c972ce3a71d9c163****

InternetIp

string

The public IP address of the server.

1.2.XX.XX

IntranetIp

string

The private IP address of the server.

172.19.XX.XX

InstanceName

string

The name of the asset instance.

testInstance

TargetId

string

The ID of the scan target.

m-bp17m0pc0xprzbwo****

TargetName

string

The name of the scan target.

source-test-obj-XM0Ma

MaliciousSource

string

The source of the malicious file. Valid values:

  • agentless: agentless detection

  • image: image

  • container: container.

agentless

TargetType

string

The object type of the scan target. Valid values:

  • ECS_IMAGE: image.

  • ECS_SNAPSHOT: snapshot.

ECS_IMAGE

ScanTime

integer

The timestamp of the scan. Unit: milliseconds.

1649814050000

RuleTag

string

The vulnerability tag. Valid values:

  • AI: vulnerability related to AI components.

AI

Examples

Success response

JSON format

{
  "CurrentPage": 1,
  "RequestId": "D6B20156-49B0-5CF0-B14D-7ECA4B50DAAB",
  "PageSize": 10,
  "TotalCount": 1,
  "VulRecords": [
    {
      "CanUpdate": true,
      "Type": "cve",
      "Status": 1,
      "ModifyTs": 1580808765000,
      "ImageDigest": "8f0fbdb41d3d1ade4ffdf21558443f4c03342010563bb8c43ccc09594d507012",
      "PrimaryId": 782661,
      "Tag": "oval",
      "RepoNamespace": "default",
      "RepoName": "varnish",
      "Related": "CVE-2019-9893",
      "FirstTs": 1620752053000,
      "LastTs": 1631779996000,
      "Necessity": "asap",
      "Uuid": "0004a32a0305a7f6ab5ff9600d47****",
      "AliasName": "CVE-2018-25010:libwebp up to 1.0.0 ApplyFilter out-of-bounds read",
      "Name": "debian:10:CVE-2019-9893",
      "Layers": [
        "[\"null\"]"
      ],
      "ExtendContentJson": {
        "OsRelease": "10.9",
        "Os": "debian",
        "RpmEntityList": [
          {
            "MatchList": [
              "[\"libstdc++ version less than 8.5.0-4.el8_5\"]"
            ],
            "Layer": "b1f5b9420803ad0657cf21566e3e20acc08581e7f22991249ef3aa80b8b1c587",
            "FullVersion": "2.3.3-4",
            "Version": "2.3.3-4",
            "MatchDetail": "libseccomp2 version less than equals 2.3.3-4",
            "Path": "/usr/lib64/libssh2.so.1",
            "Name": "libseccomp2",
            "UpdateCmd": "apt-get update && apt-get install libseccomp2  --only-upgrade"
          }
        ]
      },
      "CanFix": "yes",
      "ClusterId": "c08d5fc1a329a4b88950a253d082f1****\n",
      "ClusterName": "docker-law\n",
      "Pod": "22222-7xsqq\n",
      "Namespace": "test-002\n",
      "Image": "registry.cn-wulanchabu.aliyuncs.com/sas_test/huxin-test-001:nuxeo6-conta****\n",
      "ContainerId": "04d20e98c8e2c93b7b864372084320a15a58c8671e53c972ce3a71d9c163****\n",
      "InternetIp": "1.2.XX.XX",
      "IntranetIp": "172.19.XX.XX",
      "InstanceName": "testInstance",
      "TargetId": "m-bp17m0pc0xprzbwo****",
      "TargetName": "source-test-obj-XM0Ma",
      "MaliciousSource": "agentless",
      "TargetType": "ECS_IMAGE",
      "ScanTime": 1649814050000,
      "RuleTag": "AI"
    }
  ]
}

Error codes

HTTP status code

Error code

Error message

Description

500 ServerError ServerError
403 NoPermission caller has no permission

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.