Queries the details of vulnerabilities detected by image security scans and the list of container images affected by the vulnerabilities.
Operation description
To view the latest container image vulnerability information, call the PublicCreateImageScanTask operation to create an image scan task first, wait 1 to 5 minutes, and then call this operation to view the container image vulnerability list.
Try it now
Test
RAM authorization
|
Action |
Access level |
Resource type |
Condition key |
Dependent action |
|
yundun-sas:DescribeImageVulList |
get |
*All Resource
|
None | None |
Request parameters
|
Parameter |
Type |
Required |
Description |
Example |
| Lang |
string |
No |
The language type of the request and response messages. Default value: zh. Valid values:
|
zh |
| Type |
string |
Yes |
The type of vulnerability to query. Set the value to cve, which indicates container image vulnerabilities. |
cve |
| Uuids |
string |
No |
The UUIDs of asset instances. Separate multiple UUIDs with commas (,). |
0004a32a0305a7f6ab5ff9600d47**** |
| Name |
string |
No |
The name of the vulnerability to query. |
debian:10:CVE-2019-9893 |
| AliasName |
string |
No |
The alias of the vulnerability to query. |
High severity vulnerability that affects org.eclipse.jetty:jetty-server |
| StatusList |
string |
No |
The fix status of the vulnerability. Valid values:
|
1 |
| Necessity |
string |
No |
The priority level of vulnerability fixing. Valid values:
|
asap |
| Dealed |
string |
No |
Specifies whether the vulnerability has been handled. Valid values:
|
y |
| CurrentPage |
integer |
No |
The page number of the page to return in a paginated query. Default value: 1, which indicates the first page. |
1 |
| PageSize |
integer |
No |
Settings for the number of vulnerabilities to display on each page in a paged query. Default value: 10, which indicates that 10 vulnerabilities are displayed on each page. |
10 |
| RepoRegionId |
string |
No |
The region ID of the container image repository. |
cn-hangzhou |
| RepoInstanceId |
string |
No |
The instance ID of the container image repository. |
i-qewqrqcsadf**** |
| RepoId |
string |
No |
The ID of the container image repository. |
qew**** |
| RepoName |
string |
No |
The name of the container image repository. |
libssh2 |
| RepoNamespace |
string |
No |
The namespace of the container image repository. |
libssh2 |
| RepoName |
string |
No |
The name of the container image repository. |
libssh2 |
| RegionId |
string |
No |
The region ID of the instance. |
cn-hangzhou |
| InstanceId |
string |
No |
The ID of the asset instance. |
1-qeqewqw**** |
| RepoId |
string |
No |
The ID of the container image repository. |
qew**** |
| Tag |
string |
No |
The tag of the container image. |
oval |
| Digest |
string |
No |
The unique identifier of the container image. |
8f0fbdb41d3d1ade4ffdf21558443f4c03342010563bb8c43ccc09594d507012 |
| ClusterId |
string |
No |
The ID of the container cluster. |
cc20a1024011c44b6a8710d6f8b**** |
| ScanRange |
array |
No |
The collection of scan ranges. |
|
|
string |
No |
The scan range. Valid values:
|
container |
|
| ClusterName |
string |
No |
The name of the cluster. |
docker-law |
| ContainerId |
string |
No |
The ID of the container. |
c08d5fc1a329a4b88950a253d082f**** |
| Pod |
string |
No |
The pod. |
22222-7xsqq |
| Namespace |
string |
No |
The namespace. |
test-002 |
| Image |
string |
No |
The name of the container image. |
registry.cn-wulanchabu.aliyuncs.com/sas_test/huxin-test-001:nuxeo6-**** |
| RuleTag |
string |
No |
The vulnerability tag. Valid values:
|
AI |
Response elements
|
Element |
Type |
Description |
Example |
|
object |
|||
| CurrentPage |
integer |
The page number of the current page in a paged query. |
1 |
| RequestId |
string |
The request ID, which is a unique identifier generated by Alibaba Cloud for the request. You can use this ID to troubleshoot issues. |
D6B20156-49B0-5CF0-B14D-7ECA4B50DAAB |
| PageSize |
integer |
The number of vulnerabilities displayed on each page in a paged query. Default value: 10. |
10 |
| TotalCount |
integer |
The total number of vulnerabilities returned. |
1 |
| VulRecords |
array<object> |
The list of vulnerability information. |
|
|
array<object> |
The vulnerability information. |
||
| CanUpdate |
boolean |
Indicates whether the software package that causes the vulnerability can be upgraded through Security Center. Valid values:
|
true |
| Type |
string |
The type of vulnerability queried. The value is fixed as cve, which indicates container image vulnerabilities. |
cve |
| Status |
integer |
The fix status of the vulnerability. Valid values:
|
1 |
| ModifyTs |
integer |
The timestamp when the vulnerability record was last updated. Unit: milliseconds. |
1580808765000 |
| ImageDigest |
string |
The unique identifier of the container image. |
8f0fbdb41d3d1ade4ffdf21558443f4c03342010563bb8c43ccc09594d507012 |
| PrimaryId |
integer |
The ID of the vulnerability. |
782661 |
| Tag |
string |
The tag of the container image vulnerability. |
oval |
| RepoNamespace |
string |
The namespace of the container image repository. |
default |
| RepoName |
string |
The name of the container image repository. |
varnish |
| Related |
string |
The details of the related vulnerability. |
CVE-2019-9893 |
| FirstTs |
integer |
The timestamp of the first scan. Unit: milliseconds. |
1620752053000 |
| LastTs |
integer |
The timestamp of the latest scan. Unit: milliseconds. |
1631779996000 |
| Necessity |
string |
The priority level of vulnerability fixing. Valid values:
|
asap |
| Uuid |
string |
The UUID of the server. |
0004a32a0305a7f6ab5ff9600d47**** |
| AliasName |
string |
The alias of the vulnerability. |
CVE-2018-25010:libwebp up to 1.0.0 ApplyFilter out-of-bounds read |
| Name |
string |
The name of the vulnerability. |
debian:10:CVE-2019-9893 |
| Layers |
array |
The list of container image layers. |
|
|
string |
The list of container image layers. |
["null"] |
|
| ExtendContentJson |
object |
The extended content of the vulnerability information. |
|
| OsRelease |
string |
The version of the operating system in the image. |
10.9 |
| Os |
string |
The name of the operating system. |
debian |
| RpmEntityList |
array<object> |
The details of the package of the software that has the vulnerability. |
|
|
object |
|||
| MatchList |
array |
The details of the rule that is used to detect the vulnerability. |
["libseccomp2 version less than equals 2.3.3-4"] |
|
string |
The details of the rule that is used to detect the vulnerability. The details of multiple rules are separated by commas (,). |
["libstdc++ version less than 8.5.0-4.el8_5"] |
|
| Layer |
string |
The SHA-256 value of the digest of the image layer. |
b1f5b9420803ad0657cf21566e3e20acc08581e7f22991249ef3aa80b8b1c587 |
| FullVersion |
string |
The complete version number of the package. |
2.3.3-4 |
| Version |
string |
The version number of the package. |
2.3.3-4 |
| MatchDetail |
string |
The reason why the vulnerability is detected. |
libseccomp2 version less than equals 2.3.3-4 |
| Path |
string |
The path of the software that has the vulnerability. |
/usr/lib64/libssh2.so.1 |
| Name |
string |
The name of the software package. |
libseccomp2 |
| UpdateCmd |
string |
The command that is used to fix the vulnerability. |
apt-get update && apt-get install libseccomp2 --only-upgrade |
| CanFix |
string |
Indicates whether the vulnerability can be fixed from the console. Valid values:
|
yes |
| ClusterId |
string |
The ID of the cluster. |
c08d5fc1a329a4b88950a253d082f1**** |
| ClusterName |
string |
The name of the cluster. |
docker-law |
| Pod |
string |
The pod. |
22222-7xsqq |
| Namespace |
string |
The namespace. |
test-002 |
| Image |
string |
The name of the image. |
registry.cn-wulanchabu.aliyuncs.com/sas_test/huxin-test-001:nuxeo6-conta**** |
| ContainerId |
string |
The ID of the container. |
04d20e98c8e2c93b7b864372084320a15a58c8671e53c972ce3a71d9c163**** |
| InternetIp |
string |
The public IP address of the server. |
1.2.XX.XX |
| IntranetIp |
string |
The private IP address of the server. |
172.19.XX.XX |
| InstanceName |
string |
The name of the asset instance. |
testInstance |
| TargetId |
string |
The ID of the scan target. |
m-bp17m0pc0xprzbwo**** |
| TargetName |
string |
The name of the scan target. |
source-test-obj-XM0Ma |
| MaliciousSource |
string |
The source of the malicious file. Valid values:
|
agentless |
| TargetType |
string |
The object type of the scan target. Valid values:
|
ECS_IMAGE |
| ScanTime |
integer |
The timestamp of the scan. Unit: milliseconds. |
1649814050000 |
| RuleTag |
string |
The vulnerability tag. Valid values:
|
AI |
Examples
Success response
JSON format
{
"CurrentPage": 1,
"RequestId": "D6B20156-49B0-5CF0-B14D-7ECA4B50DAAB",
"PageSize": 10,
"TotalCount": 1,
"VulRecords": [
{
"CanUpdate": true,
"Type": "cve",
"Status": 1,
"ModifyTs": 1580808765000,
"ImageDigest": "8f0fbdb41d3d1ade4ffdf21558443f4c03342010563bb8c43ccc09594d507012",
"PrimaryId": 782661,
"Tag": "oval",
"RepoNamespace": "default",
"RepoName": "varnish",
"Related": "CVE-2019-9893",
"FirstTs": 1620752053000,
"LastTs": 1631779996000,
"Necessity": "asap",
"Uuid": "0004a32a0305a7f6ab5ff9600d47****",
"AliasName": "CVE-2018-25010:libwebp up to 1.0.0 ApplyFilter out-of-bounds read",
"Name": "debian:10:CVE-2019-9893",
"Layers": [
"[\"null\"]"
],
"ExtendContentJson": {
"OsRelease": "10.9",
"Os": "debian",
"RpmEntityList": [
{
"MatchList": [
"[\"libstdc++ version less than 8.5.0-4.el8_5\"]"
],
"Layer": "b1f5b9420803ad0657cf21566e3e20acc08581e7f22991249ef3aa80b8b1c587",
"FullVersion": "2.3.3-4",
"Version": "2.3.3-4",
"MatchDetail": "libseccomp2 version less than equals 2.3.3-4",
"Path": "/usr/lib64/libssh2.so.1",
"Name": "libseccomp2",
"UpdateCmd": "apt-get update && apt-get install libseccomp2 --only-upgrade"
}
]
},
"CanFix": "yes",
"ClusterId": "c08d5fc1a329a4b88950a253d082f1****\n",
"ClusterName": "docker-law\n",
"Pod": "22222-7xsqq\n",
"Namespace": "test-002\n",
"Image": "registry.cn-wulanchabu.aliyuncs.com/sas_test/huxin-test-001:nuxeo6-conta****\n",
"ContainerId": "04d20e98c8e2c93b7b864372084320a15a58c8671e53c972ce3a71d9c163****\n",
"InternetIp": "1.2.XX.XX",
"IntranetIp": "172.19.XX.XX",
"InstanceName": "testInstance",
"TargetId": "m-bp17m0pc0xprzbwo****",
"TargetName": "source-test-obj-XM0Ma",
"MaliciousSource": "agentless",
"TargetType": "ECS_IMAGE",
"ScanTime": 1649814050000,
"RuleTag": "AI"
}
]
}
Error codes
|
HTTP status code |
Error code |
Error message |
Description |
|---|---|---|---|
| 500 | ServerError | ServerError | |
| 403 | NoPermission | caller has no permission |
See Error Codes for a complete list.
Release notes
See Release Notes for a complete list.