Queries container image vulnerabilities that are detected by Security Center.

To query the information about the latest detected container image vulnerabilities, call the StartImageVulScan operation. Wait 1 to 5 minutes until the call is successful, and call the DescribeImageVulList operation.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes DescribeImageVulList

The operation that you want to perform.

Set the value to DescribeImageVulList.

Lang String No zh

The natural language of the request and response. Valid values:

  • zh: Chinese
  • en: English
Type String No cve

The type of the vulnerability. Set the value to cve.

Uuids String No abcsdsda,dadadadada

The IDs of the assets. Separate multiple IDs with commas (,).

Name String No 313131

The name of the vulnerability.

AliasName String No Linux software vulnerabilities

The alias of the vulnerability.

StatusList String No 1

The status of the vulnerability. Valid values:

  • 1: unfixed
  • 7: fixed
Necessity String No asap

The priority to fix the vulnerability. Valid values:

  • asap: high. We recommend that you fix vulnerabilities that have the high priority at the earliest opportunity.
  • later: medium. You can fix vulnerabilities that have the medium priority based on your business requirements.
  • nntf: low. You can ignore vulnerabilities that have the low priority.
Dealed String No y

Specifies whether the vulnerability is handled. Valid values:

  • y: handled
  • n: unhandled
CurrentPage Integer No 1

The number of the page to return. Pages start from page 1. Default value: 1.

PageSize Integer No 20

The number of entries to return on each page. Default value: 20.

RepoRegionId String No cn-hangzhou

The region ID of the image repository.

RepoInstanceId String No xxxxx

The instance ID of the image repository.

RepoId String No xxxxx

The ID of the image repository.

RepoName String No libssh2

The name of the image.

RepoNamespace String No libssh2

The name of the namespace to which the image repository belongs.

RegionId String No cn-hangzhou

The region ID of the asset.

InstanceId String No 1-qeqewqweeqe

The instance ID of the asset.

Tag String No oval

The tag that is added to the image.

Digest String No ce19b6820b77560d3d8b75454e7

The digest of the image.

Response parameters

Parameter Type Example Description
CurrentPage Integer 1

The page number of the returned page. Pages start from page 1. Default value: 1.

PageSize Integer 20

The number of entries returned per page. Default value: 20.

RequestId String A3F532DD-1807-4EA0-A76A-B9A7

The ID of the request.

TotalCount Integer 15

The total number of vulnerabilities.

VulRecords Array of VulRecord

The information about the vulnerability.

AliasName String RHSA-2019:1884-medium: libssh2 security update

The alias of the vulnerability.

CanUpdate Boolean true

Indicates whether the information about the vulnerability can be modified. Valid values:

  • true
  • false
ExtendContentJson Struct

The extended information about the vulnerability.

Os String centos

The name of the operating system.

OsRelease String 7

The version of the operating system that supports the image.

RpmEntityList Array of RpmEntity

Details about RPM Package Manager (RPM) packages.

FullVersion String 1.4.3-12.el7_6.2

The complete version number.

Layer String b1f5b9420803ad0657cf21566e3e20acc08581e7f22991249ef3aa80b8b1c587

The layer of the image.

MatchDetail String libssh2 version less than 0:1.4.3-12.el7_6.3

The reason why the vulnerability is detected.

MatchList String libglib2.0-0 version less than 2.50.3-2+deb9u1

The rule that is used to detect the vulnerability.

Name String libssh2

The name of the RPM package.

Path String /usr/lib64/libssh2.so.1

The path of the software that has the vulnerability.

UpdateCmd String yum update libssh2

The command that is used to fix the vulnerability.

Version String 1.4.3

The version number.

FirstTs Long 1580808765000

The timestamp when the vulnerability was first detected.

ImageDigest String fffff

The digest of the image.

LastTs Long 1580808765000

The timestamp when the vulnerability was last detected.

Layers List ["b1f5b9420803ad0657cf21566e3e20acc08581e7f22991249ef3aa80b8b1c587"]

The layers of images.

ModifyTs Long 1580808765000

The timestamp when the vulnerability record was updated.

Name String oval:com.redhat.rhsa:def:2019

The name of the vulnerability.

Necessity String asap

The priority to fix the vulnerability. Valid values:

  • asap: high. We recommend that you fix vulnerabilities that have the high priority at the earliest opportunity.
  • later: medium. You can fix vulnerabilities that have the medium priority based on your business requirements.
  • nntf: low. You can ignore vulnerabilities that have the low priority.
PrimaryId Long 11

The ID of the vulnerability.

Related String CVE-2019-3862

The Common Vulnerabilities and Exposures (CVE) ID of the associated vulnerability.

Status Integer 1

The status of the vulnerability. Valid values:

  • 1: unfixed
  • 7: fixed
Tag String oval

The tag that is added to the container image vulnerability.

Type String cve

The type of the vulnerability. The value is fixed as cve.

Uuid String 13231fdafda

The UUID of the server.

Examples

Sample requests

http(s)://[Endpoint]/?Action=DescribeImageVulList
&<Common request parameters>

Sample success responses

XML format 

<DescribeImageVulListResponse>
      <TotalCount>15</TotalCount>
      <RequestId>A3F532DD-1807-4EA0-A76A-B9A7</RequestId>
      <PageSize>20</PageSize>
      <VulRecords>
            <Status>1</Status>
            <Type>cve</Type>
            <Uuid>13231fdafda</Uuid>
            <Related>CVE-2019-3862</Related>
            <ModifyTs>1580808765000</ModifyTs>
            <ImageDigest>fffff</ImageDigest>
            <AliasName>RHSA-2019:1884-medium: libssh2 security update</AliasName>
            <LastTs>1580808765000</LastTs>
            <Necessity>asap</Necessity>
            <Tag>oval</Tag>
            <PrimaryId>11</PrimaryId>
            <Name>oval:com.redhat.rhsa:def:2019</Name>
      </VulRecords>
      <VulRecords>
            <Layers>["b1f5b9420803ad0657cf21566e3e20acc08581e7f22991249ef3aa80b8b1c587"]</Layers>
      </VulRecords>
      <VulRecords>
            <ExtendContentJson>
                  <Os>centos</Os>
                  <RpmEntityList>
                        <Path>/usr/lib64/libssh2.so.1</Path>
                        <UpdateCmd>yum update libssh2</UpdateCmd>
                        <Version>1.4.3</Version>
                        <FullVersion>1.4.3-12.el7_6.2</FullVersion>
                        <MatchDetail>libssh2 version less than 0:1.4.3-12.el7_6.3</MatchDetail>
                        <Layer>b1f5b9420803ad0657cf21566e3e20acc08581e7f22991249ef3aa80b8b1c587</Layer>
                        <Name>libssh2</Name>
                  </RpmEntityList>
                  <OsRelease>7</OsRelease>
            </ExtendContentJson>
      </VulRecords>
      <CurrentPage>1</CurrentPage>
</DescribeImageVulListResponse>

JSON format 

{
	"TotalCount": "15",
	"RequestId": "A3F532DD-1807-4EA0-A76A-B9A7",
	"PageSize": "20",
	"VulRecords": [{
		"Status": "1",
		"Type": "cve",
		"Uuid": "13231fdafda",
		"Related": "CVE-2019-3862",
		"ModifyTs": "1580808765000",
		"ImageDigest": "fffff",
		"AliasName": "RHSA-2019:1884-medium: libssh2 security update",
		"LastTs": "1580808765000",
		"Necessity": "asap",
		"Tag": "oval",
		"PrimaryId": "11",
		"Name": "oval:com.redhat.rhsa:def:2019"
	}, {
		"Layers": "[\"b1f5b9420803ad0657cf21566e3e20acc08581e7f22991249ef3aa80b8b1c587\"]"
	}, {
		"ExtendContentJson": {
			"Os": "centos",
			"RpmEntityList": [{
				"Path": "/usr/lib64/libssh2.so.1",
				"UpdateCmd": "yum update libssh2",
				"Version": "1.4.3",
				"FullVersion": "1.4.3-12.el7_6.2",
				"MatchDetail": "libssh2 version less than 0:1.4.3-12.el7_6.3",
				"Layer": "b1f5b9420803ad0657cf21566e3e20acc08581e7f22991249ef3aa80b8b1c587",
				"Name": "libssh2"
			}],
			"OsRelease": "7"
		}
	}],
	"CurrentPage": "1"
}

Error codes

For a list of error codes, visit the API Error Center.