Skip to main content

Download Image Scan Results

x-prisma-cloud-target-env: {"permission":"monitorImages","saas":true,"self-hosted":true}
x-public: true

Downloads image scan reports in CSV format.

This endpoint maps to Monitor > Compliance > Images > Deployed in the Console UI.

Consider the following available options to retrieve when you use the fields query parameter:

  • labels
  • repoTag.repo
  • repoTag.registry
  • clusters
  • hosts
  • repoTag.tag

cURL Request

Refer to the following cURL command that generates a CSV file containing the scan reports:

$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
"https://<CONSOLE>/api/v<VERSION>/images/download" \
> images.csv

Refer to the following example cURL command that might be useful for developers:

$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
"https://<CONSOLE>/api/v<VERSION>/images/download?id={id}&layers=true" \
> images.csv

where an example {id} is sha256:abd4f451ddb707c8e68a36d695456a515cdd6f9581b7a8348a380030a6fd7689.

It takes an image ID as the input parameter, and generates a CSV file that lists all vulnerable packages in a given image, organized by layer, with both the affected and fixed versions.

A successful response displays the status of the download.

Query Parameters
  • offset integer

    Offsets the result to a specific report count. Offset starts from 0.

  • limit integer

    Number of reports to retrieve in a page. For PCCE, the maximum limit is 250. For PCEE, the maximum limit is 50. The default value is 50.

  • search string

    Retrieves the result for a search term.

  • sort string

    Sorts the result using a key. Refer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.

  • reverse boolean

    Sorts the result in reverse order.

  • collections string[]

    Filters the result based on collection names that you have defined in Prisma Cloud Compute.

  • provider string[]

    Scopes the query by cloud provider.

  • accountIDs string[]

    Filters the result based on cloud account IDs.

  • resourceIDs string[]

    Scopes the query by resource ID.

  • region string[]

    Scopes the query by cloud region.

  • fields string[]

    Retrieves the fields that you need in a report. Use the list of fields you want to retrieve. By default, the result shows all fields of data.

  • id string[]

    Filters the result based on image IDs.

  • hostname string[]

    Filters the result based on hostnames.

  • repository string[]

    Filters the result based on image repository names.

  • registry string[]

    Filters the result based on image registry names.

  • name string[]

    Filters the result based on image names.

  • layers boolean

    Indicates whether the CVEs are mapped to a specific image layer. Default is false.

  • filterBaseImage boolean

    Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned. Default is false.

  • compact boolean

    Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped. Default is false.

  • trustStatuses string[]

    Filters the result based on whether an image is trusted or not trusted by a trusted image policy. Use filters: trusted or untrusted.

  • clusters string[]

    Filters the result based on cluster names.

  • complianceIDs int[]

    Filters the result by compliance IDs.

  • appEmbedded boolean

    Filters the result based on whether the images are scanned by App-Embedded Defenders. Default is false.

  • normalizedSeverity boolean

    Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level. Default is false.

  • agentless boolean

    Indicates whether to retrieve host names that are scanned by agentless scanner. Default is false.