Skip to main content

Download Image Scan Results



x-prisma-cloud-target-env: {"permission":"monitorImages","saas":true,"self-hosted":true}
x-public: true

Downloads image scan reports in CSV format.

This endpoint maps to Monitor > Compliance > Images > Deployed in the Console UI.

Consider the following available options to retrieve when you use the fields query parameter:

  • labels
  • repoTag.repo
  • repoTag.registry
  • clusters
  • hosts
  • repoTag.tag

cURL Request

Refer to the following cURL command that generates a CSV file containing the scan reports:

$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
"https://<CONSOLE>/api/v<VERSION>/images/download" \
> images.csv

Refer to the following example cURL command that might be useful for developers:

$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
"https://<CONSOLE>/api/v<VERSION>/images/download?id={id}&layers=true" \
> images.csv

where an example {id} is sha256:abd4f451ddb707c8e68a36d695456a515cdd6f9581b7a8348a380030a6fd7689.

It takes an image ID as the input parameter, and generates a CSV file that lists all vulnerable packages in a given image, organized by layer, with both the affected and fixed versions.

A successful response displays the status of the download.


Query Parameters

    offset integer

    Offsets the result to a specific report count. Offset starts from 0.

    limit integer

    Number of reports to retrieve in a page. For PCCE, the maximum limit is 250. For PCEE, the maximum limit is 50. The default value is 50.

    search string

    Retrieves the result for a search term.

    sort string

    Sorts the result using a key. Refer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.

    reverse boolean

    Sorts the result in reverse order.

    collections string[]

    Filters the result based on collection names that you have defined in Prisma Cloud Compute.

    provider string[]

    Scopes the query by cloud provider.

    accountIDs string[]

    Filters the result based on cloud account IDs.

    resourceIDs string[]

    Scopes the query by resource ID.

    region string[]

    Scopes the query by cloud region.

    fields string[]

    Retrieves the fields that you need in a report. Use the list of fields you want to retrieve. By default, the result shows all fields of data.

    id string[]

    Filters the result based on image IDs.

    hostname string[]

    Filters the result based on hostnames.

    repository string[]

    Filters the result based on image repository names.

    registry string[]

    Filters the result based on image registry names.

    name string[]

    Filters the result based on image names.

    layers boolean

    Indicates whether the CVEs are mapped to a specific image layer. Default is false.

    filterBaseImage boolean

    Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned. Default is false.

    compact boolean

    Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped. Default is false.

    trustStatuses string[]

    Filters the result based on whether an image is trusted or not trusted by a trusted image policy. Use filters: trusted or untrusted.

    clusters string[]

    Filters the result based on cluster names.

    complianceIDs int[]

    Filters the result by compliance IDs.

    appEmbedded boolean

    Filters the result based on whether the images are scanned by App-Embedded Defenders. Default is false.

    normalizedSeverity boolean

    Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level. Default is false.

    agentless boolean

    Indicates whether to retrieve host names that are scanned by agentless scanner. Default is false.