Download Image Scan Results
GET/api/v33.01/images/download
x-prisma-cloud-target-env: {"permission":"monitorImages"}
Downloads image scan reports in CSV format.
This endpoint maps to Monitor > Compliance > Images > Deployed in the Console UI.
Consider the following available options to retrieve when you use the fields
query parameter:
- labels
- repoTag.repo
- repoTag.registry
- clusters
- hosts
- repoTag.tag
cURL Request
Refer to the following cURL command that generates a CSV file containing the scan reports:
$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
"https://<CONSOLE>/api/v<VERSION>/images/download" \
> images.csv
Refer to the following example cURL command that might be useful for developers:
$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
"https://<CONSOLE>/api/v<VERSION>/images/download?id={id}&layers=true" \
> images.csv
where an example {id}
is sha256:abd4f451ddb707c8e68a36d695456a515cdd6f9581b7a8348a380030a6fd7689
.
It takes an image ID as the input parameter, and generates a CSV file that lists all vulnerable packages in a given image, organized by layer, with both the affected and fixed versions.
A successful response displays the status of the download.
Request
Query Parameters
Offsets the result to a specific report count. Offset starts from 0.
Limit is the amount to fix.
Sorts the result using a key.
Sorts the result in reverse order.
Filters the result based on image IDs.
Filters the result based on hostnames.
Filters the result based on image repository names.
Filters the result based on image registry names.
List of fields to retrieve.
Filters the result based on image names.
Indicates whether the CVEs are mapped to a specific image layer. Default is false.
Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned. Default is false.
Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped. Default is false.
Filters the result based on whether an image is trusted or not trusted by a trusted image policy. Use filters: trusted or untrusted.
Filters the result based on cluster names.
Filters the result by compliance IDs.
Filters the result based on applied compliance rule name.
Filters the result based on whether the images are scanned by App-Embedded Defenders. Default is false.
Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level. Default is false.
Indicates whether to retrieve host names that are scanned by agentless scanner. Default is false.
Filters only images scanned by CSA.
Filters results by uaiID.
Possible values: [vulnerabilities,compliance,
]
Filters results by issue type.
Responses
- 200
- default
OK