Get Trusted Repository, Image, and Registry
GET/api/v32.07/trust/data
x-prisma-cloud-target-env: {"permission":"policyContainers"}
Returns the trusted registries, repositories, and images.
cURL Request
Refer to the following example cURL command:
$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
https://<CONSOLE>/api/v<VERSION>/trust/data
cURL Response
Refer to the following example response:
$ {
"policy": {
"_id": "trust",
"enabled": false,
"rules": [
{
"modified": "2023-05-11T09:24:33.936Z",
"owner": "ss",
"name": "Copy of combined",
"previousName": "",
"disabled": true,
"allowedGroups": [
"by_cluster"
],
"deniedGroups": [
"by_host"
],
"collections": [
{
"hosts": [
"ss-ubu2204-dock-0905t072802-cont-def-pre-lngcon443.c.example-247119.internal"
],
"images": [
"*"
],
"labels": [
"*"
],
"containers": [
"*"
],
"functions": [
"*"
],
"namespaces": [
"*"
],
"appIDs": [
"*"
],
"accountIDs": [
"*"
],
"codeRepos": [
"*"
],
"clusters": [
"*"
],
"name": "trust_by_host",
"owner": "ss",
"modified": "2023-05-11T09:17:17.556Z",
"color": "#D64CA8",
"system": false,
"prisma": false
}
],
"effect": "alert"
},
{
"modified": "2023-05-11T09:24:13.952Z",
"owner": "ss",
"name": "combined",
"previousName": "",
"disabled": true,
"allowedGroups": [
"by_cluster"
],
"deniedGroups": [
"by_host"
],
"collections": [
{
"hosts": [
"jen-ubu2204-dock-0905t072802-cont-def-pre-lngcon443.c.twistlock-test-247119.internal"
],
"images": [
"*"
],
"labels": [
"*"
],
"containers": [
"*"
],
"functions": [
"*"
],
"namespaces": [
"*"
],
"appIDs": [
"*"
],
"accountIDs": [
"*"
],
"codeRepos": [
"*"
],
"clusters": [
"*"
],
"name": "trust_by_host",
"owner": "ss",
"modified": "2023-05-11T09:17:17.556Z",
"color": "#D64CA8",
"system": false,
"prisma": false
}
],
"effect": "alert"
},
{
"modified": "2023-05-10T19:05:27.651Z",
"owner": "ss",
"name": "Default - alert all",
"previousName": "",
"collections": [
{
"hosts": [
"*"
],
"images": [
"*"
],
"labels": [
"*"
],
"containers": [
"*"
],
"functions": [
"*"
],
"namespaces": [
"*"
],
"appIDs": [
"*"
],
"accountIDs": [
"*"
],
"codeRepos": [
"*"
],
"clusters": [
"*"
],
"name": "All",
"owner": "system",
"modified": "2023-05-09T07:00:08.761Z",
"color": "#3FA2F7",
"description": "System - all resources collection",
"system": true,
"prisma": false
}
],
"effect": "alert"
}
]
},
"groups": [
{
"modified": "2023-05-10T19:08:34.893Z",
"owner": "mbarash",
"name": "",
"previousName": "",
"_id": "by_host",
"images": [
"alpine:*"
]
},
{
"modified": "2023-05-10T19:16:46.886Z",
"owner": "ss",
"name": "",
"previousName": "",
"_id": "by_cluster",
"images": [
"registry.k8s.io/etcd:*"
]
},
{
"modified": "2023-05-11T09:11:54.683Z",
"owner": "ss",
"name": "",
"previousName": "",
"_id": "by_image",
"images": [
"node:*"
]
},
{
"modified": "2023-05-11T09:21:23.54Z",
"owner": "ss",
"name": "",
"previousName": "",
"_id": "by_registry",
"images": [
"mcr.azk8s.cn/*"
]
},
{
"modified": "2023-05-11T09:22:13.522Z",
"owner": "ss",
"name": "",
"previousName": "",
"_id": "by_repository",
"images": [
"python:*"
]
},
{
"modified": "2023-05-11T09:22:47.854Z",
"owner": "ss",
"name": "",
"previousName": "",
"_id": "bu_layer_automated",
"layers": [
"sha256:a0d44e5352dcb84bca48b6ee3d30a9ec91b5e6eb6793747e06d2454d360a9338",
"sha256:5ad177daa048ca8b354b9ad03deac863ff519a2860a35dc9fdc0011619aacc3c",
"sha256:543bb037d9827e706ea0ee9277e56ff916439a114fa56c520ac7dcaf6daae84a",
"sha256:efd3b1563a816d85c6414e0c139691df720c34d6f65abaa19819d37b11459b40",
"sha256:bc30bde5a6578b9643d05dd47105414777adadaf5df93b493eff1785e1e07328",
"sha256:77e7191206a99af5cf1718885fb45262c2e2da30ad650c5868dfa3c54739c24a",
"sha256:4fcf730353158873699670f97f2556942ff470c360539ff9283d80c72f275030",
"sha256:d1a8d814c41eab7ee00b94a9184f081bf4c36721d559c5b349b9653bd473d8a0"
]
},
{
"modified": "2023-05-11T09:23:21.338Z",
"owner": "ss",
"name": "",
"previousName": "",
"_id": "by_manual_manual",
"layers": [
"sha256:05f4935ad90ae437375c64090af07a6232bfeffc9f311e3e315919627c542ac9",
"sha256:5aea01ea0a0f088b7844c169b9b8fd5ea034a21b4aa075ae3c54a1cb64138b93",
"sha256:d8183b2c9c73e92b3569c8c77f05a245d1d4a58c3d3f23e740ea4f69c5e8d8f4",
"sha256:ee50c22fdf6c99affec8690f7ef820f0e8cd19f4ece9a32503cdcf59a391514d"
]
},
{
"modified": "2023-05-11T12:41:27.885Z",
"owner": "ss",
"name": "",
"previousName": "",
"_id": "ss_test",
"images": [
"kuku:*",
"example/cves:*"
]
}
]
}
Responses
- 200
- default
Data holds the image trust data
- application/json
- Schema
- Example (from schema)
Schema
- Array [
- ]
- Array [
- Array [
- ]
- ]
groups object[]
Groups are the trust groups.
Name of the group.
Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).
Image names or IDs (e.g., docker.io/library/ubuntu:16.04 / SHA264@...).
Filesystem layers. The image is trusted if its layers have a prefix of the trusted groups layer in the same order.
Specifies the date and time when the rule was last modified.
Name of the rule.
Describes any noteworthy points for a rule. You can include any text.
User who created or last modified the rule.
Previous name of the rule. Required for rule renaming.
policy object
Policy represents the trust policy
ID is the trust group policy ID.
Enabled indicates whether the policy is enabled.
rules object[]
Rules is the list of rules in the policy.
AllowedGroups are the ids of the groups that are whitelisted by this rule.
PolicyBlockMsg represent the block message in a Policy
collections object[]
Collections is a list of collections the rule applies to.
List of account IDs.
List of application IDs.
List of Kubernetes cluster names.
Color is a hexadecimal representation of color code value
List of containers.
Free-form text.
List of functions.
List of hosts.
List of images.
List of labels.
Datetime when the collection was last modified.
Collection name. Must be unique.
List of Kubernetes namespaces.
User who created or last modified the collection.
Indicates whether this collection originates from Prisma Cloud.
Indicates whether this collection was created by the system (i.e., a non user) (true) or a real user (false).
DeniedGroups are the ids of the groups that are blacklisted by this rule.
Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).
Possible values: [ignore,alert,block
]
Effect specifies relevant action for a vulnerability
Specifies the date and time when the rule was last modified.
Name of the rule.
Describes any noteworthy points for a rule. You can include any text.
User who created or last modified the rule.
Previous name of the rule. Required for rule renaming.
{
"groups": [
{
"_id": "string",
"disabled": true,
"images": [
"string"
],
"layers": [
"string"
],
"modified": "2024-07-29T15:51:28.071Z",
"name": "string",
"notes": "string",
"owner": "string",
"previousName": "string"
}
],
"policy": {
"_id": "string",
"enabled": true,
"rules": [
{
"allowedGroups": [
"string"
],
"blockMsg": "string",
"collections": [
{
"accountIDs": [
"string"
],
"appIDs": [
"string"
],
"clusters": [
"string"
],
"color": "string",
"containers": [
"string"
],
"description": "string",
"functions": [
"string"
],
"hosts": [
"string"
],
"images": [
"string"
],
"labels": [
"string"
],
"modified": "2024-07-29T15:51:28.071Z",
"name": "string",
"namespaces": [
"string"
],
"owner": "string",
"prisma": true,
"system": true
}
],
"deniedGroups": [
"string"
],
"disabled": true,
"effect": [
"ignore",
"alert",
"block"
],
"modified": "2024-07-29T15:51:28.071Z",
"name": "string",
"notes": "string",
"owner": "string",
"previousName": "string"
}
]
}
}