Skip to main content

Download Image Scan Results



x-prisma-cloud-target-env: {"permission":"monitorImages","saas":true,"self-hosted":true}
x-public: true

Downloads image scan reports in CSV format.

This endpoint maps to Monitor > Compliance > Images > Deployed in the Console UI.

Consider the following available options to retrieve when you use the fields query parameter:

  • labels
  • repoTag.repo
  • repoTag.registry
  • clusters
  • hosts
  • repoTag.tag

cURL Request

Refer to the following cURL command that generates a CSV file containing the scan reports:

$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
"https://<CONSOLE>/api/v<VERSION>/images/download" \
> images.csv

Refer to the following example cURL command that might be useful for developers:

$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
"https://<CONSOLE>/api/v<VERSION>/images/download?id={id}&layers=true" \
> images.csv

where an example {id} is sha256:abd4f451ddb707c8e68a36d695456a515cdd6f9581b7a8348a380030a6fd7689.

It takes an image ID as the input parameter, and generates a CSV file that lists all vulnerable packages in a given image, organized by layer, with both the affected and fixed versions.

A successful response displays the status of the download.


Query Parameters

    offset integer

    Offsets the result to a specific report count. Offset starts from 0.

    limit integer

    Limit is the amount to fix.

    sort string

    Sorts the result using a key.

    reverse boolean

    Sorts the result in reverse order.

    id string[]

    Filters the result based on image IDs.

    hostname string[]

    Filters the result based on hostnames.

    repository string[]

    Filters the result based on image repository names.

    registry string[]

    Filters the result based on image registry names.

    fields string[]

    List of fields to retrieve.

    name string[]

    Filters the result based on image names.

    layers boolean

    Indicates whether the CVEs are mapped to a specific image layer. Default is false.

    filterBaseImage boolean

    Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned. Default is false.

    compact boolean

    Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped. Default is false.

    trustStatuses string[]

    Filters the result based on whether an image is trusted or not trusted by a trusted image policy. Use filters: trusted or untrusted.

    clusters string[]

    Filters the result based on cluster names.

    complianceIDs int[]

    Filters the result by compliance IDs.

    complianceRuleName string

    Filters the result based on applied compliance rule name.

    appEmbedded boolean

    Filters the result based on whether the images are scanned by App-Embedded Defenders. Default is false.

    normalizedSeverity boolean

    Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level. Default is false.

    agentless boolean

    Indicates whether to retrieve host names that are scanned by agentless scanner. Default is false.

    csa boolean

    Filters only images scanned by CSA.

    uaiID string

    Filters results by uaiID.

    issueType string

    Possible values: [vulnerabilities,compliance,]

    Filters results by issue type.