Resolve Code Repos

POST 
/api/v32.04/coderepos-ci/evaluate

x-prisma-cloud-target-env: {"permission":"monitorCI","saas":true,"self-hosted":true}
x-public: true

Adds vulnerability data for the given code repository scan result.

Request

application/json

Body

_id string

Scan report ID in the database.

collections string (string)[]

List of matching code repo collections.

complianceRiskScore float

Code repository's compliance risk score. Used for sorting.

files object[]
Scan result for each manifest file in the repository.
Array [
dependencies object[]
Packages listed in the manifest file.
Array [
devDependency boolean
Indicates if this dependency is used only for the development of the package (true) or not (false).
lastResolved date-time
Date/time of the last version resolution. If the value is zero, it means the version is explicit and does not require resolving.
licenseSeverity string
Maximum severity of the detected licenses according to the compliance policy.
licenses license.SPDXLicense (string)[]
Possible values: [0BSD,AAL,ADSL,AFL-1.1,AFL-1.2,AFL-2.0,AFL-2.1,AFL-3.0,AGPL-1.0,AGPL-1.0-only,AGPL-1.0-or-later,AGPL-3.0,AGPL-3.0-only,AGPL-3.0-or-later,AMDPLPA,AML,AMPAS,ANTLR-PD,ANTLR-PD-fallback,APAFML,APL-1.0,APSL-1.0,APSL-1.1,APSL-1.2,APSL-2.0,Abstyles,Adobe-2006,Adobe-Glyph,Afmparse,Aladdin,Apache-1.0,Apache-1.1,Apache-2.0,Artistic-1.0,Artistic-1.0-Perl,Artistic-1.0-cl8,Artistic-2.0,BSD-1-Clause,BSD-2-Clause,BSD-2-Clause-FreeBSD,BSD-2-Clause-NetBSD,BSD-2-Clause-Patent,BSD-2-Clause-Views,BSD-3-Clause,BSD-3-Clause-Attribution,BSD-3-Clause-Clear,BSD-3-Clause-LBNL,BSD-3-Clause-No-Nuclear-License,BSD-3-Clause-No-Nuclear-License-2014,BSD-3-Clause-No-Nuclear-Warranty,BSD-3-Clause-Open-MPI,BSD-4-Clause,BSD-4-Clause-UC,BSD-Protection,BSD-Source-Code,BSL-1.0,BUSL-1.1,Bahyph,Barr,Beerware,BitTorrent-1.0,BitTorrent-1.1,BlueOak-1.0.0,Borceux,CAL-1.0,CAL-1.0-Combined-Work-Exception,CATOSL-1.1,CC-BY-1.0,CC-BY-2.0,CC-BY-2.5,CC-BY-3.0,CC-BY-3.0-AT,CC-BY-3.0-US,CC-BY-4.0,CC-BY-NC-1.0,CC-BY-NC-2.0,CC-BY-NC-2.5,CC-BY-NC-3.0,CC-BY-NC-4.0,CC-BY-NC-ND-1.0,CC-BY-NC-ND-2.0,CC-BY-NC-ND-2.5,CC-BY-NC-ND-3.0,CC-BY-NC-ND-3.0-IGO,CC-BY-NC-ND-4.0,CC-BY-NC-SA-1.0,CC-BY-NC-SA-2.0,CC-BY-NC-SA-2.5,CC-BY-NC-SA-3.0,CC-BY-NC-SA-4.0,CC-BY-ND-1.0,CC-BY-ND-2.0,CC-BY-ND-2.5,CC-BY-ND-3.0,CC-BY-ND-4.0,CC-BY-SA-1.0,CC-BY-SA-2.0,CC-BY-SA-2.0-UK,CC-BY-SA-2.5,CC-BY-SA-3.0,CC-BY-SA-3.0-AT,CC-BY-SA-4.0,CC-PDDC,CC0-1.0,CDDL-1.0,CDDL-1.1,CDLA-Permissive-1.0,CDLA-Sharing-1.0,CECILL-1.0,CECILL-1.1,CECILL-2.0,CECILL-2.1,CECILL-B,CECILL-C,CERN-OHL-1.1,CERN-OHL-1.2,CERN-OHL-P-2.0,CERN-OHL-S-2.0,CERN-OHL-W-2.0,CNRI-Jython,CNRI-Python,CNRI-Python-GPL-Compatible,CPAL-1.0,CPL-1.0,CPOL-1.02,CUA-OPL-1.0,Caldera,ClArtistic,Condor-1.1,Crossword,CrystalStacker,Cube,D-FSL-1.0,DOC,DSDP,Dotseqn,ECL-1.0,ECL-2.0,EFL-1.0,EFL-2.0,EPICS,EPL-1.0,EPL-2.0,EUDatagrid,EUPL-1.0,EUPL-1.1,EUPL-1.2,Entessa,ErlPL-1.1,Eurosym,FSFAP,FSFUL,FSFULLR,FTL,Fair,Frameworx-1.0,FreeImage,GFDL-1.1,GFDL-1.1-invariants-only,GFDL-1.1-invariants-or-later,GFDL-1.1-no-invariants-only,GFDL-1.1-no-invariants-or-later,GFDL-1.1-only,GFDL-1.1-or-later,GFDL-1.2,GFDL-1.2-invariants-only,GFDL-1.2-invariants-or-later,GFDL-1.2-no-invariants-only,GFDL-1.2-no-invariants-or-later,GFDL-1.2-only,GFDL-1.2-or-later,GFDL-1.3,GFDL-1.3-invariants-only,GFDL-1.3-invariants-or-later,GFDL-1.3-no-invariants-only,GFDL-1.3-no-invariants-or-later,GFDL-1.3-only,GFDL-1.3-or-later,GL2PS,GLWTPL,GPL-1.0,GPL-1.0+,GPL-1.0-only,GPL-1.0-or-later,GPL-2.0,GPL-2.0+,GPL-2.0-only,GPL-2.0-or-later,GPL-2.0-with-GCC-exception,GPL-2.0-with-autoconf-exception,GPL-2.0-with-bison-exception,GPL-2.0-with-classpath-exception,GPL-2.0-with-font-exception,GPL-3.0,GPL-3.0+,GPL-3.0-only,GPL-3.0-or-later,GPL-3.0-with-GCC-exception,GPL-3.0-with-autoconf-exception,Giftware,Glide,Glulxe,HPND,HPND-sell-variant,HTMLTIDY,HaskellReport,Hippocratic-2.1,IBM-pibs,ICU,IJG,IPA,IPL-1.0,ISC,ImageMagick,Imlib2,Info-ZIP,Intel,Intel-ACPI,Interbase-1.0,JPNIC,JSON,JasPer-2.0,LAL-1.2,LAL-1.3,LGPL-2.0,LGPL-2.0+,LGPL-2.0-only,LGPL-2.0-or-later,LGPL-2.1,LGPL-2.1+,LGPL-2.1-only,LGPL-2.1-or-later,LGPL-3.0,LGPL-3.0+,LGPL-3.0-only,LGPL-3.0-or-later,LGPLLR,LPL-1.0,LPL-1.02,LPPL-1.0,LPPL-1.1,LPPL-1.2,LPPL-1.3a,LPPL-1.3c,Latex2e,Leptonica,LiLiQ-P-1.1,LiLiQ-R-1.1,LiLiQ-Rplus-1.1,Libpng,Linux-OpenIB,MIT,MIT-0,MIT-CMU,MIT-advertising,MIT-enna,MIT-feh,MIT-open-group,MITNFA,MPL-1.0,MPL-1.1,MPL-2.0,MPL-2.0-no-copyleft-exception,MS-PL,MS-RL,MTLL,MakeIndex,MirOS,Motosoto,MulanPSL-1.0,MulanPSL-2.0,Multics,Mup,NASA-1.3,NBPL-1.0,NCGL-UK-2.0,NCSA,NGPL,NIST-PD,NIST-PD-fallback,NLOD-1.0,NLPL,NOSL,NPL-1.0,NPL-1.1,NPOSL-3.0,NRL,NTP,NTP-0,Naumen,Net-SNMP,NetCDF,Newsletr,Nokia,Noweb,Nunit,O-UDA-1.0,OCCT-PL,OCLC-2.0,ODC-By-1.0,ODbL-1.0,OFL-1.0,OFL-1.0-RFN,OFL-1.0-no-RFN,OFL-1.1,OFL-1.1-RFN,OFL-1.1-no-RFN,OGC-1.0,OGL-Canada-2.0,OGL-UK-1.0,OGL-UK-2.0,OGL-UK-3.0,OGTSL,OLDAP-1.1,OLDAP-1.2,OLDAP-1.3,OLDAP-1.4,OLDAP-2.0,OLDAP-2.0.1,OLDAP-2.1,OLDAP-2.2,OLDAP-2.2.1,OLDAP-2.2.2,OLDAP-2.3,OLDAP-2.4,OLDAP-2.5,OLDAP-2.6,OLDAP-2.7,OLDAP-2.8,OML,OPL-1.0,OSET-PL-2.1,OSL-1.0,OSL-1.1,OSL-2.0,OSL-2.1,OSL-3.0,OpenSSL,PDDL-1.0,PHP-3.0,PHP-3.01,PSF-2.0,Parity-6.0.0,Parity-7.0.0,Plexus,PolyForm-Noncommercial-1.0.0,PolyForm-Small-Business-1.0.0,PostgreSQL,Python-2.0,QPL-1.0,Qhull,RHeCos-1.1,RPL-1.1,RPL-1.5,RPSL-1.0,RSA-MD,RSCPL,Rdisc,Ruby,SAX-PD,SCEA,SGI-B-1.0,SGI-B-1.1,SGI-B-2.0,SHL-0.5,SHL-0.51,SISSL,SISSL-1.2,SMLNJ,SMPPL,SNIA,SPL-1.0,SSH-OpenSSH,SSH-short,SSPL-1.0,SWL,Saxpath,Sendmail,Sendmail-8.23,SimPL-2.0,Sleepycat,Spencer-86,Spencer-94,Spencer-99,StandardML-NJ,SugarCRM-1.1.3,TAPR-OHL-1.0,TCL,TCP-wrappers,TMate,TORQUE-1.1,TOSL,TU-Berlin-1.0,TU-Berlin-2.0,UCL-1.0,UPL-1.0,Unicode-DFS-2015,Unicode-DFS-2016,Unicode-TOU,Unlicense,VOSTROM,VSL-1.0,Vim,W3C,W3C-19980720,W3C-20150513,WTFPL,Watcom-1.0,Wsuipa,X11,XFree86-1.1,XSkat,Xerox,Xnet,YPL-1.0,YPL-1.1,ZPL-1.1,ZPL-2.0,ZPL-2.1,Zed,Zend-2.0,Zimbra-1.3,Zimbra-1.4,Zlib,blessing,bzip2-1.0.5,bzip2-1.0.6,copyleft-next-0.3.0,copyleft-next-0.3.1,curl,diffmark,dvipdfm,eCos-2.0,eGenix,etalab-2.0,gSOAP-1.3b,gnuplot,iMatix,libpng-2.0,libselinux-1.0,libtiff,mpich2,psfrag,psutils,wxWindows,xinetd,xpp,zlib-acknowledgement]
Detected licenses of the dependant package.
name string
Package name that the dependency refers to.
rawRequirement string
Line in which the package is declared.
unsupported boolean
Indicates if this package is unsupported by the remote package manager DB (e.g., due to a bad name or private package) (true) or not (false).
version string
Package version, either explicitly specified in a manifest or resolved by the scanner.
vulnerabilities object[]
Vulnerabilities in the package.
Array [
applicableRules string (string)[]
Rules applied on the package.
binaryPkgs string (string)[]
Names of the distro binary package names (packages which are built from the source of the package).
block boolean
Indicates if the vulnerability has a block effect (true) or not (false).
cause string
Additional information regarding the root cause for the vulnerability.
cri boolean
Indicates if this is a CRI-specific vulnerability (true) or not (false).
custom boolean
Indicates if the vulnerability is a custom vulnerability (e.g., openscap, sandbox) (true) or not (false).
cve string
CVE ID of the vulnerability (if applied).
cvss float
CVSS score of the vulnerability.
description string
Description of the vulnerability.
discovered date-time
Specifies the time of discovery for the vulnerability.
exploit vuln.ExploitType (string)
Possible values: [,exploit-db,exploit-windows,cisa-kev]
ExploitType represents the source of an exploit
exploits object[]
Exploits represents the exploits data found for a CVE
Array [
kind vuln.ExploitKind (string)
Possible values: [poc,in-the-wild]
ExploitKind represents the kind of the exploit
link string
Link is a link to information about the exploit.
source vuln.ExploitType (string)
Possible values: [,exploit-db,exploit-windows,cisa-kev]
ExploitType represents the source of an exploit
]
fixDate int64
Date/time when the vulnerability was fixed (in Unix time).
fixLink string
Link to the vendor's fixed-version information.
functionLayer string
Specifies the serverless layer ID in which the vulnerability was discovered.
gracePeriodDays integer
Number of grace days left for a vulnerability, based on the configured grace period. Nil if no block vulnerability rule applies.
id integer
ID of the violation.
layerTime int64
Date/time of the image layer to which the CVE belongs.
link string
Vendor link to the CVE.
packageName string
Name of the package that caused the vulnerability.
packageType vuln.PackageType (string)
Possible values: [nodejs,gem,python,jar,package,windows,binary,nuget,go,app,unknown]
PackageType describes the package type
packageVersion string
Version of the package that caused the vulnerability (or null).
published int64
Date/time when the vulnerability was published (in Unix time).
riskFactors object
RiskFactors maps the existence of vulnerability risk factors
property name* string (string)
secret object
Secret represents a secret found on the scanned workload
locationInFile string
LocationInFile is the line and offset in the file where the secret was found.
modifiedTime int64
ModifiedTime is the modification time of the file containing the secret.
path string
Path is the path of the file in which the secret was found.
snippet string
Snippet is the partial plain secret.
type vuln.SecretType (string)
Possible values: [AWS Access Key ID,AWS Secret Key,AWS MWS Auth Token,Azure Storage Account Access Key,Azure Service Principal,GCP Service Account Auth Key,Private Encryption Key,Public Encryption Key,PEM X509 Certificate Header,SSH Authorized Keys,Artifactory API Token,Artifactory Password,Basic Auth Credentials,Mailchimp Access Key,NPM Token,Slack Token,Slack Webhook,Square OAuth Secret,Notion Integration Token,Airtable API Key,Atlassian Oauth2 Keys,CircleCI Personal Token,Databricks Authentication Token,GitHub Token,GitLab Token,Google API key,Grafana Token,Python Package Index Key (PYPI),Typeform API Token,Scalr Token,Braintree Access Token,Braintree Payments Key,Paypal Token Key,Braintree Payments ID,Datadog Client Token,ClickUp Personal API Token,OpenAI API Key,Java DB Connectivity (JDBC),MongoDB,.Net SQL Server]
SecretType represents a secret type
severity string
Textual representation of the vulnerability's severity.
status string
Vendor status for the vulnerability.
templates vuln.ComplianceTemplate (string)[]
Possible values: [PCI,HIPAA,NIST SP 800-190,GDPR,DISA STIG]
List of templates with which the vulnerability is associated.
text string
Description of the violation.
title string
Compliance title.
twistlock boolean
Indicates if this is a Twistlock-specific vulnerability (true) or not (false).
type vuln.Type (string)
Possible values: [container,image,host_config,daemon_config,daemon_config_files,security_operations,k8s_master,k8s_worker,k8s_federation,linux,windows,istio,serverless,custom,docker_stig,openshift_master,openshift_worker,application_control_linux,gke_worker,image_malware,host_malware,aks_worker,eks_worker,image_secret,host_secret]
Type represents the vulnerability type
vecStr string
Textual representation of the metric values used to score the vulnerability.
vulnTagInfos object[]
Tag information for the vulnerability.
Array [
color common.Color (string)
Color is a hexadecimal representation of color code value
comment string
Tag comment in a specific vulnerability context.
name string
Name of the tag.
]
wildfireMalware object
WildFireMalware holds the data for WildFire malicious MD5
md5 string
MD5 is the hash of the malicious binary.
path string
Path is the path to malicious binary.
verdict string
Verdict is the malicious source like grayware, malware and phishing.
]
]
distribution object
Distribution counts the number of vulnerabilities per type
critical integer
.
high integer
.
low integer
.
medium integer
.
total integer
.
path string
Path to the file.
type vuln.PackageType (string)
Possible values: [nodejs,gem,python,jar,package,windows,binary,nuget,go,app,unknown]
PackageType describes the package type
]
pass boolean

Indicates whether the scan passed or failed.

repository object

Repository is the metadata for a code repository

build string

CI build.

defaultBranch string

Default branch in the repository, usually master.

digest string

Repository content digest. Used to indicate if the content of the repository has changed.

fullName string

Full name that represents the repository (/).

jobName string

CI job name.

name string

Repository name.

owner string

GitHub username or organization name of the repository's owner.

private boolean

Indicates if the repository is private (true) or not (false).

size integer

Size of the repository (in KB).

url string

URL is the repository address.

scanTime date-time

Date/time when this repository was last scanned. The results might be from the DB and not updated if the repository contents have not changed.

type shared.CodeRepoProviderType (string)

Possible values: [github,CI]

CodeRepoProviderType is the type of provider for the code repository, e.g., GitHub, GitLab etc

updateTime date-time

Date/time when this repository was last updated.

vulnInfo object

ImageInfo contains image information collected during image scan

Secrets string (string)[]

Secrets are paths to embedded secrets inside the image Note: capital letter JSON annotation is kept to avoid converting all images for backward-compatibility support.

allCompliance object

AllCompliance contains data regarding passed compliance checks

compliance object[]

Compliance are all the passed compliance checks.

Array [

applicableRules string (string)[]

Rules applied on the package.

binaryPkgs string (string)[]

Names of the distro binary package names (packages which are built from the source of the package).

block boolean

Indicates if the vulnerability has a block effect (true) or not (false).

cause string

Additional information regarding the root cause for the vulnerability.

cri boolean

Indicates if this is a CRI-specific vulnerability (true) or not (false).

custom boolean

Indicates if the vulnerability is a custom vulnerability (e.g., openscap, sandbox) (true) or not (false).

cve string

CVE ID of the vulnerability (if applied).

cvss float

CVSS score of the vulnerability.

description string

Description of the vulnerability.

discovered date-time

Specifies the time of discovery for the vulnerability.

exploit vuln.ExploitType (string)

Possible values: [,exploit-db,exploit-windows,cisa-kev]

ExploitType represents the source of an exploit

exploits object[]

Exploits represents the exploits data found for a CVE

Array [

kind vuln.ExploitKind (string)

Possible values: [poc,in-the-wild]

ExploitKind represents the kind of the exploit

link string

Link is a link to information about the exploit.

source vuln.ExploitType (string)

Possible values: [,exploit-db,exploit-windows,cisa-kev]

ExploitType represents the source of an exploit

]

fixDate int64

Date/time when the vulnerability was fixed (in Unix time).

fixLink string

Link to the vendor's fixed-version information.

functionLayer string

Specifies the serverless layer ID in which the vulnerability was discovered.

gracePeriodDays integer

Number of grace days left for a vulnerability, based on the configured grace period. Nil if no block vulnerability rule applies.

id integer

ID of the violation.

layerTime int64

Date/time of the image layer to which the CVE belongs.

link string

Vendor link to the CVE.

packageName string

Name of the package that caused the vulnerability.

packageType vuln.PackageType (string)

Possible values: [nodejs,gem,python,jar,package,windows,binary,nuget,go,app,unknown]

PackageType describes the package type

packageVersion string

Version of the package that caused the vulnerability (or null).

published int64

Date/time when the vulnerability was published (in Unix time).

riskFactors object

RiskFactors maps the existence of vulnerability risk factors

property name* string (string)

secret object

Secret represents a secret found on the scanned workload

locationInFile string

LocationInFile is the line and offset in the file where the secret was found.

modifiedTime int64

ModifiedTime is the modification time of the file containing the secret.

path string

Path is the path of the file in which the secret was found.

snippet string

Snippet is the partial plain secret.

type vuln.SecretType (string)

Possible values: [AWS Access Key ID,AWS Secret Key,AWS MWS Auth Token,Azure Storage Account Access Key,Azure Service Principal,GCP Service Account Auth Key,Private Encryption Key,Public Encryption Key,PEM X509 Certificate Header,SSH Authorized Keys,Artifactory API Token,Artifactory Password,Basic Auth Credentials,Mailchimp Access Key,NPM Token,Slack Token,Slack Webhook,Square OAuth Secret,Notion Integration Token,Airtable API Key,Atlassian Oauth2 Keys,CircleCI Personal Token,Databricks Authentication Token,GitHub Token,GitLab Token,Google API key,Grafana Token,Python Package Index Key (PYPI),Typeform API Token,Scalr Token,Braintree Access Token,Braintree Payments Key,Paypal Token Key,Braintree Payments ID,Datadog Client Token,ClickUp Personal API Token,OpenAI API Key,Java DB Connectivity (JDBC),MongoDB,.Net SQL Server]

SecretType represents a secret type

severity string

Textual representation of the vulnerability's severity.

status string

Vendor status for the vulnerability.

templates vuln.ComplianceTemplate (string)[]

Possible values: [PCI,HIPAA,NIST SP 800-190,GDPR,DISA STIG]

List of templates with which the vulnerability is associated.

text string

Description of the violation.

title string

Compliance title.

twistlock boolean

Indicates if this is a Twistlock-specific vulnerability (true) or not (false).

type vuln.Type (string)

Possible values: [container,image,host_config,daemon_config,daemon_config_files,security_operations,k8s_master,k8s_worker,k8s_federation,linux,windows,istio,serverless,custom,docker_stig,openshift_master,openshift_worker,application_control_linux,gke_worker,image_malware,host_malware,aks_worker,eks_worker,image_secret,host_secret]

Type represents the vulnerability type

vecStr string

Textual representation of the metric values used to score the vulnerability.

vulnTagInfos object[]

Tag information for the vulnerability.

Array [

color common.Color (string)

Color is a hexadecimal representation of color code value

comment string

Tag comment in a specific vulnerability context.

name string

Name of the tag.

]

wildfireMalware object

WildFireMalware holds the data for WildFire malicious MD5

md5 string

MD5 is the hash of the malicious binary.

path string

Path is the path to malicious binary.

verdict string

Verdict is the malicious source like grayware, malware and phishing.

]

enabled boolean

Enabled indicates whether passed compliance checks is enabled by policy.

applications object[]

Products in the image.

Array [

installedFromPackage boolean

Indicates that the app was installed as an OS package.

knownVulnerabilities integer

Total number of vulnerabilities for this application.

layerTime int64

Image layer to which the application belongs - layer creation time.

name string

Name of the application.

originPackageName string

OriginPackageName is the name of the app origin package.

path string

Path of the detected application.

service boolean

Service indicates whether the application is installed as a service.

version string

Version of the application.

]

baseImage string

Image’s base image name. Used when filtering the vulnerabilities by base images.

binaries object[]

Binaries in the image.

Array [

altered boolean

Indicates if the binary was installed from a package manager and modified/replaced (true) or not (false).

cveCount integer

Total number of CVEs for this specific binary.

deps string (string)[]

Third-party package files which are used by the binary.

fileMode integer

Represents the file's mode and permission bits.

functionLayer string

ID of the serverless layer in which the package was discovered.

md5 string

Md5 hashset of the binary.

missingPkg boolean

Indicates if this binary is not related to any package (true) or not (false).

name string

Name of the binary.

path string

Path is the path of the binary.

pkgRootDir string

Path for searching packages used by the binary.

services string (string)[]

Names of services which use the binary.

version string

Version of the binary.

]

cloudMetadata object

CloudMetadata is the metadata for a cloud provider managed asset (e.g., as part of AWS/GCP/Azure/OCI)

accountID string

Cloud account ID.

awsExecutionEnv string

AWS execution environment (e.g. EC2/Fargate).

image string

The name of the image the cloud managed host or container is based on.

labels object[]

Cloud provider metadata labels.

Array [

key string

Label key.

sourceName string

Source name (e.g., for a namespace, the source name can be 'twistlock').

sourceType common.ExternalLabelSourceType (string)

Possible values: [namespace,deployment,aws,azure,gcp,oci]

ExternalLabelSourceType indicates the source of the labels

timestamp date-time

Time when the label was fetched.

value string

Value of the label.

]

name string

Resource name.

provider common.CloudProvider (string)

Possible values: [aws,azure,gcp,alibaba,oci,others]

CloudProvider specifies the cloud provider name

region string

Resource's region.

resourceID string

Unique ID of the resource.

resourceURL string

Server-defined URL for the resource.

type string

Instance type.

vmID string

Azure unique vm ID.

vmImageID string

VMImageID holds the VM instance's image ID.

clusterType common.ClusterType (string)

Possible values: [AKS,ECS,EKS,GKE,Kubernetes]

ClusterType is the cluster type

clusters string (string)[]

Cluster names.

complianceDistribution object

Distribution counts the number of vulnerabilities per type

critical integer

.

high integer

.

low integer

.

medium integer

.

total integer

.

complianceIssues object[]

All the compliance issues.

Array [

applicableRules string (string)[]

Rules applied on the package.

binaryPkgs string (string)[]

Names of the distro binary package names (packages which are built from the source of the package).

block boolean

Indicates if the vulnerability has a block effect (true) or not (false).

cause string

Additional information regarding the root cause for the vulnerability.

cri boolean

Indicates if this is a CRI-specific vulnerability (true) or not (false).

custom boolean

Indicates if the vulnerability is a custom vulnerability (e.g., openscap, sandbox) (true) or not (false).

cve string

CVE ID of the vulnerability (if applied).

cvss float

CVSS score of the vulnerability.

description string

Description of the vulnerability.

discovered date-time

Specifies the time of discovery for the vulnerability.

exploit vuln.ExploitType (string)

Possible values: [,exploit-db,exploit-windows,cisa-kev]

ExploitType represents the source of an exploit

exploits object[]

Exploits represents the exploits data found for a CVE

Array [

kind vuln.ExploitKind (string)

Possible values: [poc,in-the-wild]

ExploitKind represents the kind of the exploit

link string

Link is a link to information about the exploit.

source vuln.ExploitType (string)

Possible values: [,exploit-db,exploit-windows,cisa-kev]

ExploitType represents the source of an exploit

]

fixDate int64

Date/time when the vulnerability was fixed (in Unix time).

fixLink string

Link to the vendor's fixed-version information.

functionLayer string

Specifies the serverless layer ID in which the vulnerability was discovered.

gracePeriodDays integer

Number of grace days left for a vulnerability, based on the configured grace period. Nil if no block vulnerability rule applies.

id integer

ID of the violation.

layerTime int64

Date/time of the image layer to which the CVE belongs.

link string

Vendor link to the CVE.

packageName string

Name of the package that caused the vulnerability.

packageType vuln.PackageType (string)

Possible values: [nodejs,gem,python,jar,package,windows,binary,nuget,go,app,unknown]

PackageType describes the package type

packageVersion string

Version of the package that caused the vulnerability (or null).

published int64

Date/time when the vulnerability was published (in Unix time).

riskFactors object

RiskFactors maps the existence of vulnerability risk factors

property name* string (string)

secret object

Secret represents a secret found on the scanned workload

locationInFile string

LocationInFile is the line and offset in the file where the secret was found.

modifiedTime int64

ModifiedTime is the modification time of the file containing the secret.

path string

Path is the path of the file in which the secret was found.

snippet string

Snippet is the partial plain secret.

type vuln.SecretType (string)

Possible values: [AWS Access Key ID,AWS Secret Key,AWS MWS Auth Token,Azure Storage Account Access Key,Azure Service Principal,GCP Service Account Auth Key,Private Encryption Key,Public Encryption Key,PEM X509 Certificate Header,SSH Authorized Keys,Artifactory API Token,Artifactory Password,Basic Auth Credentials,Mailchimp Access Key,NPM Token,Slack Token,Slack Webhook,Square OAuth Secret,Notion Integration Token,Airtable API Key,Atlassian Oauth2 Keys,CircleCI Personal Token,Databricks Authentication Token,GitHub Token,GitLab Token,Google API key,Grafana Token,Python Package Index Key (PYPI),Typeform API Token,Scalr Token,Braintree Access Token,Braintree Payments Key,Paypal Token Key,Braintree Payments ID,Datadog Client Token,ClickUp Personal API Token,OpenAI API Key,Java DB Connectivity (JDBC),MongoDB,.Net SQL Server]

SecretType represents a secret type

severity string

Textual representation of the vulnerability's severity.

status string

Vendor status for the vulnerability.

templates vuln.ComplianceTemplate (string)[]

Possible values: [PCI,HIPAA,NIST SP 800-190,GDPR,DISA STIG]

List of templates with which the vulnerability is associated.

text string

Description of the violation.

title string

Compliance title.

twistlock boolean

Indicates if this is a Twistlock-specific vulnerability (true) or not (false).

type vuln.Type (string)

Possible values: [container,image,host_config,daemon_config,daemon_config_files,security_operations,k8s_master,k8s_worker,k8s_federation,linux,windows,istio,serverless,custom,docker_stig,openshift_master,openshift_worker,application_control_linux,gke_worker,image_malware,host_malware,aks_worker,eks_worker,image_secret,host_secret]

Type represents the vulnerability type

vecStr string

Textual representation of the metric values used to score the vulnerability.

vulnTagInfos object[]

Tag information for the vulnerability.

Array [

color common.Color (string)

Color is a hexadecimal representation of color code value

comment string

Tag comment in a specific vulnerability context.

name string

Name of the tag.

]

wildfireMalware object

WildFireMalware holds the data for WildFire malicious MD5

md5 string

MD5 is the hash of the malicious binary.

path string

Path is the path to malicious binary.

verdict string

Verdict is the malicious source like grayware, malware and phishing.

]

complianceIssuesCount integer

Number of compliance issues.

complianceRiskScore float

Compliance risk score for the image.

compressed boolean

Compressed indicates if this image seems to be compressed - currently only relevant for buildah images.

compressedLayerTimes object

CompressedLayerTimes represent the compressed layer times of the image apps and pkgs

appTimes int64[]

.

pkgsTimes object[]

.

Array [

pkgTimes int64[]

.

pkgsType vuln.PackageType (string)

Possible values: [nodejs,gem,python,jar,package,windows,binary,nuget,go,app,unknown]

PackageType describes the package type

]

creationTime date-time

Specifies the time of creation for the latest version of the image.

distro string

Full name of the distribution.

ecsClusterName string

ECS cluster name.

externalLabels object[]

Kubernetes external labels of all containers running this image.

Array [

key string

Label key.

sourceName string

Source name (e.g., for a namespace, the source name can be 'twistlock').

sourceType common.ExternalLabelSourceType (string)

Possible values: [namespace,deployment,aws,azure,gcp,oci]

ExternalLabelSourceType indicates the source of the labels

timestamp date-time

Time when the label was fetched.

value string

Value of the label.

]

files object[]

Files in the container.

Array [

md5 string

Hash sum of the file using md5.

path string

Path of the file.

sha1 string

Hash sum of the file using SHA-1.

sha256 string

Hash sum of the file using SHA256.

]

firstScanTime date-time

Specifies the time of the scan for the first version of the image. This time is preserved even after the version update.

foundSecrets object[]

FoundSecrets are secrets with metadata that were found in the secrets' scan. Requires json tag for reporting secrets from image scan.

Array [

locationInFile string

LocationInFile is the line and offset in the file where the secret was found.

modifiedTime int64

ModifiedTime is the modification time of the file containing the secret.

path string

Path is the path of the file in which the secret was found.

snippet string

Snippet is the partial plain secret.

type vuln.SecretType (string)

Possible values: [AWS Access Key ID,AWS Secret Key,AWS MWS Auth Token,Azure Storage Account Access Key,Azure Service Principal,GCP Service Account Auth Key,Private Encryption Key,Public Encryption Key,PEM X509 Certificate Header,SSH Authorized Keys,Artifactory API Token,Artifactory Password,Basic Auth Credentials,Mailchimp Access Key,NPM Token,Slack Token,Slack Webhook,Square OAuth Secret,Notion Integration Token,Airtable API Key,Atlassian Oauth2 Keys,CircleCI Personal Token,Databricks Authentication Token,GitHub Token,GitLab Token,Google API key,Grafana Token,Python Package Index Key (PYPI),Typeform API Token,Scalr Token,Braintree Access Token,Braintree Payments Key,Paypal Token Key,Braintree Payments ID,Datadog Client Token,ClickUp Personal API Token,OpenAI API Key,Java DB Connectivity (JDBC),MongoDB,.Net SQL Server]

SecretType represents a secret type

]

history object[]

Docker image history.

Array [

baseLayer boolean

Indicates if this layer originated from the base image (true) or not (false).

created int64

Date/time when the image layer was created.

emptyLayer boolean

Indicates if this instruction didn't create a separate layer (true) or not (false).

id string

ID of the layer.

instruction string

Docker file instruction and arguments used to create this layer.

sizeBytes int64

Size of the layer (in bytes).

tags string (string)[]

Holds the image tags.

vulnerabilities object[]

Vulnerabilities which originated from this layer.

Array [

applicableRules string (string)[]

Rules applied on the package.

binaryPkgs string (string)[]

Names of the distro binary package names (packages which are built from the source of the package).

block boolean

Indicates if the vulnerability has a block effect (true) or not (false).

cause string

Additional information regarding the root cause for the vulnerability.

cri boolean

Indicates if this is a CRI-specific vulnerability (true) or not (false).

custom boolean

Indicates if the vulnerability is a custom vulnerability (e.g., openscap, sandbox) (true) or not (false).

cve string

CVE ID of the vulnerability (if applied).

cvss float

CVSS score of the vulnerability.

description string

Description of the vulnerability.

discovered date-time

Specifies the time of discovery for the vulnerability.

exploit vuln.ExploitType (string)

Possible values: [,exploit-db,exploit-windows,cisa-kev]

ExploitType represents the source of an exploit

exploits object[]

Exploits represents the exploits data found for a CVE

Array [

kind vuln.ExploitKind (string)

Possible values: [poc,in-the-wild]

ExploitKind represents the kind of the exploit

link string

Link is a link to information about the exploit.

source vuln.ExploitType (string)

Possible values: [,exploit-db,exploit-windows,cisa-kev]

ExploitType represents the source of an exploit

]

fixDate int64

Date/time when the vulnerability was fixed (in Unix time).

fixLink string

Link to the vendor's fixed-version information.

functionLayer string

Specifies the serverless layer ID in which the vulnerability was discovered.

gracePeriodDays integer

Number of grace days left for a vulnerability, based on the configured grace period. Nil if no block vulnerability rule applies.

id integer

ID of the violation.

layerTime int64

Date/time of the image layer to which the CVE belongs.

link string

Vendor link to the CVE.

packageName string

Name of the package that caused the vulnerability.

packageType vuln.PackageType (string)

Possible values: [nodejs,gem,python,jar,package,windows,binary,nuget,go,app,unknown]

PackageType describes the package type

packageVersion string

Version of the package that caused the vulnerability (or null).

published int64

Date/time when the vulnerability was published (in Unix time).

riskFactors object

RiskFactors maps the existence of vulnerability risk factors

property name* string (string)

secret object

Secret represents a secret found on the scanned workload

locationInFile string

LocationInFile is the line and offset in the file where the secret was found.

modifiedTime int64

ModifiedTime is the modification time of the file containing the secret.

path string

Path is the path of the file in which the secret was found.

snippet string

Snippet is the partial plain secret.

type vuln.SecretType (string)

Possible values: [AWS Access Key ID,AWS Secret Key,AWS MWS Auth Token,Azure Storage Account Access Key,Azure Service Principal,GCP Service Account Auth Key,Private Encryption Key,Public Encryption Key,PEM X509 Certificate Header,SSH Authorized Keys,Artifactory API Token,Artifactory Password,Basic Auth Credentials,Mailchimp Access Key,NPM Token,Slack Token,Slack Webhook,Square OAuth Secret,Notion Integration Token,Airtable API Key,Atlassian Oauth2 Keys,CircleCI Personal Token,Databricks Authentication Token,GitHub Token,GitLab Token,Google API key,Grafana Token,Python Package Index Key (PYPI),Typeform API Token,Scalr Token,Braintree Access Token,Braintree Payments Key,Paypal Token Key,Braintree Payments ID,Datadog Client Token,ClickUp Personal API Token,OpenAI API Key,Java DB Connectivity (JDBC),MongoDB,.Net SQL Server]

SecretType represents a secret type

severity string

Textual representation of the vulnerability's severity.

status string

Vendor status for the vulnerability.

templates vuln.ComplianceTemplate (string)[]

Possible values: [PCI,HIPAA,NIST SP 800-190,GDPR,DISA STIG]

List of templates with which the vulnerability is associated.

text string

Description of the violation.

title string

Compliance title.

twistlock boolean

Indicates if this is a Twistlock-specific vulnerability (true) or not (false).

type vuln.Type (string)

Possible values: [container,image,host_config,daemon_config,daemon_config_files,security_operations,k8s_master,k8s_worker,k8s_federation,linux,windows,istio,serverless,custom,docker_stig,openshift_master,openshift_worker,application_control_linux,gke_worker,image_malware,host_malware,aks_worker,eks_worker,image_secret,host_secret]

Type represents the vulnerability type

vecStr string

Textual representation of the metric values used to score the vulnerability.

vulnTagInfos object[]

Tag information for the vulnerability.

Array [

color common.Color (string)

Color is a hexadecimal representation of color code value

comment string

Tag comment in a specific vulnerability context.

name string

Name of the tag.

]

wildfireMalware object

WildFireMalware holds the data for WildFire malicious MD5

md5 string

MD5 is the hash of the malicious binary.

path string

Path is the path to malicious binary.

verdict string

Verdict is the malicious source like grayware, malware and phishing.

]

]

hostDevices object[]

Map from host network device name to IP address.

Array [

ip string

Network device IPv4 address.

name string

Network device name.

]

id string

Image ID.

image object

Image represents a container image

created date-time

Date/time when the image was created.

entrypoint string (string)[]

Combined entrypoint of the image (entrypoint + CMD).

env string (string)[]

Image environment variables.

healthcheck boolean

Indicates if health checks are enabled (true) or not (false).

history object[]

Holds the image history.

Array [

baseLayer boolean

Indicates if this layer originated from the base image (true) or not (false).

created int64

Date/time when the image layer was created.

emptyLayer boolean

Indicates if this instruction didn't create a separate layer (true) or not (false).

id string

ID of the layer.

instruction string

Docker file instruction and arguments used to create this layer.

sizeBytes int64

Size of the layer (in bytes).

tags string (string)[]

Holds the image tags.

vulnerabilities object[]

Vulnerabilities which originated from this layer.

Array [

applicableRules string (string)[]

Rules applied on the package.

binaryPkgs string (string)[]

Names of the distro binary package names (packages which are built from the source of the package).

block boolean

Indicates if the vulnerability has a block effect (true) or not (false).

cause string

Additional information regarding the root cause for the vulnerability.

cri boolean

Indicates if this is a CRI-specific vulnerability (true) or not (false).

custom boolean

Indicates if the vulnerability is a custom vulnerability (e.g., openscap, sandbox) (true) or not (false).

cve string

CVE ID of the vulnerability (if applied).

cvss float

CVSS score of the vulnerability.

description string

Description of the vulnerability.

discovered date-time

Specifies the time of discovery for the vulnerability.

exploit vuln.ExploitType (string)

Possible values: [,exploit-db,exploit-windows,cisa-kev]

ExploitType represents the source of an exploit

exploits object[]

Exploits represents the exploits data found for a CVE

Array [

kind vuln.ExploitKind (string)

Possible values: [poc,in-the-wild]

ExploitKind represents the kind of the exploit

link string

Link is a link to information about the exploit.

source vuln.ExploitType (string)

Possible values: [,exploit-db,exploit-windows,cisa-kev]

ExploitType represents the source of an exploit

]

fixDate int64

Date/time when the vulnerability was fixed (in Unix time).

fixLink string

Link to the vendor's fixed-version information.

functionLayer string

Specifies the serverless layer ID in which the vulnerability was discovered.

gracePeriodDays integer

Number of grace days left for a vulnerability, based on the configured grace period. Nil if no block vulnerability rule applies.

id integer

ID of the violation.

layerTime int64

Date/time of the image layer to which the CVE belongs.

link string

Vendor link to the CVE.

packageName string

Name of the package that caused the vulnerability.

packageType vuln.PackageType (string)

Possible values: [nodejs,gem,python,jar,package,windows,binary,nuget,go,app,unknown]

PackageType describes the package type

packageVersion string

Version of the package that caused the vulnerability (or null).

published int64

Date/time when the vulnerability was published (in Unix time).

riskFactors object

RiskFactors maps the existence of vulnerability risk factors

property name* string (string)

secret object

Secret represents a secret found on the scanned workload

locationInFile string

LocationInFile is the line and offset in the file where the secret was found.

modifiedTime int64

ModifiedTime is the modification time of the file containing the secret.

path string

Path is the path of the file in which the secret was found.

snippet string

Snippet is the partial plain secret.

type vuln.SecretType (string)

Possible values: [AWS Access Key ID,AWS Secret Key,AWS MWS Auth Token,Azure Storage Account Access Key,Azure Service Principal,GCP Service Account Auth Key,Private Encryption Key,Public Encryption Key,PEM X509 Certificate Header,SSH Authorized Keys,Artifactory API Token,Artifactory Password,Basic Auth Credentials,Mailchimp Access Key,NPM Token,Slack Token,Slack Webhook,Square OAuth Secret,Notion Integration Token,Airtable API Key,Atlassian Oauth2 Keys,CircleCI Personal Token,Databricks Authentication Token,GitHub Token,GitLab Token,Google API key,Grafana Token,Python Package Index Key (PYPI),Typeform API Token,Scalr Token,Braintree Access Token,Braintree Payments Key,Paypal Token Key,Braintree Payments ID,Datadog Client Token,ClickUp Personal API Token,OpenAI API Key,Java DB Connectivity (JDBC),MongoDB,.Net SQL Server]

SecretType represents a secret type

severity string

Textual representation of the vulnerability's severity.

status string

Vendor status for the vulnerability.

templates vuln.ComplianceTemplate (string)[]

Possible values: [PCI,HIPAA,NIST SP 800-190,GDPR,DISA STIG]

List of templates with which the vulnerability is associated.

text string

Description of the violation.

title string

Compliance title.

twistlock boolean

Indicates if this is a Twistlock-specific vulnerability (true) or not (false).

type vuln.Type (string)

Possible values: [container,image,host_config,daemon_config,daemon_config_files,security_operations,k8s_master,k8s_worker,k8s_federation,linux,windows,istio,serverless,custom,docker_stig,openshift_master,openshift_worker,application_control_linux,gke_worker,image_malware,host_malware,aks_worker,eks_worker,image_secret,host_secret]

Type represents the vulnerability type

vecStr string

Textual representation of the metric values used to score the vulnerability.

vulnTagInfos object[]

Tag information for the vulnerability.

Array [

color common.Color (string)

Color is a hexadecimal representation of color code value

comment string

Tag comment in a specific vulnerability context.

name string

Name of the tag.

]

wildfireMalware object

WildFireMalware holds the data for WildFire malicious MD5

md5 string

MD5 is the hash of the malicious binary.

path string

Path is the path to malicious binary.

verdict string

Verdict is the malicious source like grayware, malware and phishing.

]

]

id string

ID of the image.

labels object

Image labels.

property name* string (string)

layers string (string)[]

Image filesystem layers.

os string

Image os type.

repoDigest string (string)[]

Image repo digests.

repoTags string (string)[]

Image repo tags.

user string

Image user.

workingDir string

Base working directory of the image.

installedProducts object

InstalledProducts contains data regarding products running in environment TODO #34713: Swarm support was deprecated in Joule, remove swarm node/manager boolean (and related compliance) in Lagrange

agentless boolean

Agentless indicates whether the scan was performed with agentless approach.

apache string

Apache indicates the apache server version, empty in case apache not running.

awsCloud boolean

AWSCloud indicates whether AWS cloud is used.

clusterType common.ClusterType (string)

Possible values: [AKS,ECS,EKS,GKE,Kubernetes]

ClusterType is the cluster type

crio boolean

CRI indicates whether the container runtime is CRI (and not docker).

docker string

Docker represents the docker daemon version.

dockerEnterprise boolean

DockerEnterprise indicates whether the enterprise version of Docker is installed.

hasPackageManager boolean

HasPackageManager indicates whether package manager is installed on the OS.

k8sApiServer boolean

K8sAPIServer indicates whether a kubernetes API server is running.

k8sControllerManager boolean

K8sControllerManager indicates whether a kubernetes controller manager is running.

k8sEtcd boolean

K8sEtcd indicates whether etcd is running.

k8sFederationApiServer boolean

K8sFederationAPIServer indicates whether a federation API server is running.

k8sFederationControllerManager boolean

K8sFederationControllerManager indicates whether a federation controller manager is running.

k8sKubelet boolean

K8sKubelet indicates whether kubelet is running.

k8sProxy boolean

K8sProxy indicates whether a kubernetes proxy is running.

k8sScheduler boolean

K8sScheduler indicates whether the kubernetes scheduler is running.

kubernetes string

Kubernetes represents the kubernetes version.

managedClusterVersion string

ManagedClusterVersion is the version of the managed Kubernetes service, e.g. AKS/EKS/GKE/etc.

openshift boolean

Openshift indicates whether openshift is deployed.

openshiftVersion string

OpenshiftVersion represents the running openshift version.

osDistro string

OSDistro specifies the os distribution.

serverless boolean

Serverless indicates whether evaluated on a serverless environment.

swarmManager boolean

SwarmManager indicates whether a swarm manager is running.

swarmNode boolean

SwarmNode indicates whether the node is part of an active swarm.

isARM64 boolean

IsARM64 indicates if the architecture of the image is aarch64.

k8sClusterAddr string

Endpoint of the Kubernetes API server.

labels string (string)[]

Image labels.

layers string (string)[]

Image's filesystem layers. Each layer is a SHA256 digest of the filesystem diff See: https://windsock.io/explaining-docker-image-ids/.

missingDistroVulnCoverage boolean

Indicates if the image OS is covered in the IS (true) or not (false).

namespaces string (string)[]

k8s namespaces of all the containers running this image.

osDistro string

Name of the OS distribution.

osDistroRelease string

OS distribution release.

osDistroVersion string

OS distribution version.

packageManager boolean

Indicates if the package manager is installed for the OS.

packages object[]

Packages which exist in the image.

Array [

pkgs object[]

List of packages.

Array [

binaryIdx int16 (integer)[]

Indexes of the top binaries which use the package.

binaryPkgs string (string)[]

Names of the distro binary packages (packages which are built on the source of the package).

cveCount integer

Total number of CVEs for this specific package.

defaultGem boolean

DefaultGem indicates this is a gem default package (and not a bundled package).

files object[]

List of package-related files and their hashes. Only included when the appropriate scan option is set.

Array [

md5 string

Hash sum of the file using md5.

path string

Path of the file.

sha1 string

Hash sum of the file using SHA-1.

sha256 string

Hash sum of the file using SHA256.

]

functionLayer string

ID of the serverless layer in which the package was discovered.

goPkg boolean

GoPkg indicates this is a Go package (and not module).

jarIdentifier string

JarIdentifier holds an additional identification detail of a JAR package.

layerTime int64

Image layer to which the package belongs (layer creation time).

license string

License information for the package.

name string

Name of the package.

originPackageName string

OriginPackageName is the name of the third-party origin package.

osPackage boolean

OSPackage indicates that a python/java package was installed as an OS package.

path string

Full package path (e.g., JAR or Node.js package path).

purl string

PURL is a package URL identifier for this package.

securityRepoPkg boolean

SecurityRepoPkg determines if this package is available in a security repository.

symbols string (string)[]

Symbols contains names of vulnerable functions that are linked in the executable binary, empty if the entire package is vulnerable.

version string

Package version.

]

pkgsType vuln.PackageType (string)

Possible values: [nodejs,gem,python,jar,package,windows,binary,nuget,go,app,unknown]

PackageType describes the package type

]

pushTime date-time

PushTime is the image push time to the registry.

redHatNonRPMImage boolean

RedHatNonRPMImage indicates whether the image is a Red Hat image with non-RPM content.

registryNamespace string

IBM cloud namespace to which the image belongs.

registryTags string (string)[]

RegistryTags are the tags of the registry this image is stored.

registryType string

RegistryType indicates the registry type where the image is stored.

repoDigests string (string)[]

Digests of the image. Used for content trust (notary). Has one digest per tag.

repoTag object

ImageTag represents an image repository and its associated tag or registry digest

digest string

Image digest (requires V2 or later registry).

id string

ID of the image.

registry string

Registry name to which the image belongs.

repo string

Repository name to which the image belongs.

tag string

Image tag.

rhelRepos string (string)[]

RhelRepositories are the (RPM) repositories IDs from which the packages in this image were installed Used for matching vulnerabilities by Red Hat CPEs.

riskFactors object

RiskFactors maps the existence of vulnerability risk factors

property name* string (string)

scanBuildDate string

Scanner build date that published the image.

scanVersion string

Scanner version that published the image.

secretScanMetrics object

SecretScanMetrics represents metrics collected during secret scan

failedScans int64

FailedScans represents number of failed scans caused by scanner errors.

foundSecrets integer

FoundSecrets represents number of detected secrets.

scanTime int64

ScanTime represents cumulative secret scan time in microseconds.

scanTimeouts int64

ScanTimeouts represents number of failed scans caused by timeout.

scannedFileSize int64

ScannedFileSize represents accumulated size of scanned files.

scannedFiles int64

ScannedFiles represents number of text files scanned for secrets.

totalBytes int64

TotalBytes represents accumulated file size.

totalFiles int64

TotalFiles represents number of files read for secrets.

totalTime int64

TotalTime represents the total time in microseconds.

typesCount object

TypesCount represents distribution of secrets by its type.

property name* int (integer)

startupBinaries object[]

Binaries which are expected to run when the container is created from this image.

Array [

altered boolean

Indicates if the binary was installed from a package manager and modified/replaced (true) or not (false).

cveCount integer

Total number of CVEs for this specific binary.

deps string (string)[]

Third-party package files which are used by the binary.

fileMode integer

Represents the file's mode and permission bits.

functionLayer string

ID of the serverless layer in which the package was discovered.

md5 string

Md5 hashset of the binary.

missingPkg boolean

Indicates if this binary is not related to any package (true) or not (false).

name string

Name of the binary.

path string

Path is the path of the binary.

pkgRootDir string

Path for searching packages used by the binary.

services string (string)[]

Names of services which use the binary.

version string

Version of the binary.

]

tags object[]

Tags associated with the given image.

Array [

digest string

Image digest (requires V2 or later registry).

id string

ID of the image.

registry string

Registry name to which the image belongs.

repo string

Repository name to which the image belongs.

tag string

Image tag.

]

topLayer string

SHA256 of the image's last layer that is the last element of the Layers field.

twistlockImage boolean

Indicates if the image is a Twistlock image (true) or not (false).

vulnerabilities object[]

CVE vulnerabilities of the image.

Array [

applicableRules string (string)[]

Rules applied on the package.

binaryPkgs string (string)[]

Names of the distro binary package names (packages which are built from the source of the package).

block boolean

Indicates if the vulnerability has a block effect (true) or not (false).

cause string

Additional information regarding the root cause for the vulnerability.

cri boolean

Indicates if this is a CRI-specific vulnerability (true) or not (false).

custom boolean

Indicates if the vulnerability is a custom vulnerability (e.g., openscap, sandbox) (true) or not (false).

cve string

CVE ID of the vulnerability (if applied).

cvss float

CVSS score of the vulnerability.

description string

Description of the vulnerability.

discovered date-time

Specifies the time of discovery for the vulnerability.

exploit vuln.ExploitType (string)

Possible values: [,exploit-db,exploit-windows,cisa-kev]

ExploitType represents the source of an exploit

exploits object[]

Exploits represents the exploits data found for a CVE

Array [

kind vuln.ExploitKind (string)

Possible values: [poc,in-the-wild]

ExploitKind represents the kind of the exploit

link string

Link is a link to information about the exploit.

source vuln.ExploitType (string)

Possible values: [,exploit-db,exploit-windows,cisa-kev]

ExploitType represents the source of an exploit

]

fixDate int64

Date/time when the vulnerability was fixed (in Unix time).

fixLink string

Link to the vendor's fixed-version information.

functionLayer string

Specifies the serverless layer ID in which the vulnerability was discovered.

gracePeriodDays integer

Number of grace days left for a vulnerability, based on the configured grace period. Nil if no block vulnerability rule applies.

id integer

ID of the violation.

layerTime int64

Date/time of the image layer to which the CVE belongs.

link string

Vendor link to the CVE.

packageName string

Name of the package that caused the vulnerability.

packageType vuln.PackageType (string)

Possible values: [nodejs,gem,python,jar,package,windows,binary,nuget,go,app,unknown]

PackageType describes the package type

packageVersion string

Version of the package that caused the vulnerability (or null).

published int64

Date/time when the vulnerability was published (in Unix time).

riskFactors object

RiskFactors maps the existence of vulnerability risk factors

property name* string (string)

secret object

Secret represents a secret found on the scanned workload

locationInFile string

LocationInFile is the line and offset in the file where the secret was found.

modifiedTime int64

ModifiedTime is the modification time of the file containing the secret.

path string

Path is the path of the file in which the secret was found.

snippet string

Snippet is the partial plain secret.

type vuln.SecretType (string)

Possible values: [AWS Access Key ID,AWS Secret Key,AWS MWS Auth Token,Azure Storage Account Access Key,Azure Service Principal,GCP Service Account Auth Key,Private Encryption Key,Public Encryption Key,PEM X509 Certificate Header,SSH Authorized Keys,Artifactory API Token,Artifactory Password,Basic Auth Credentials,Mailchimp Access Key,NPM Token,Slack Token,Slack Webhook,Square OAuth Secret,Notion Integration Token,Airtable API Key,Atlassian Oauth2 Keys,CircleCI Personal Token,Databricks Authentication Token,GitHub Token,GitLab Token,Google API key,Grafana Token,Python Package Index Key (PYPI),Typeform API Token,Scalr Token,Braintree Access Token,Braintree Payments Key,Paypal Token Key,Braintree Payments ID,Datadog Client Token,ClickUp Personal API Token,OpenAI API Key,Java DB Connectivity (JDBC),MongoDB,.Net SQL Server]

SecretType represents a secret type

severity string

Textual representation of the vulnerability's severity.

status string

Vendor status for the vulnerability.

templates vuln.ComplianceTemplate (string)[]

Possible values: [PCI,HIPAA,NIST SP 800-190,GDPR,DISA STIG]

List of templates with which the vulnerability is associated.

text string

Description of the violation.

title string

Compliance title.

twistlock boolean

Indicates if this is a Twistlock-specific vulnerability (true) or not (false).

type vuln.Type (string)

Possible values: [container,image,host_config,daemon_config,daemon_config_files,security_operations,k8s_master,k8s_worker,k8s_federation,linux,windows,istio,serverless,custom,docker_stig,openshift_master,openshift_worker,application_control_linux,gke_worker,image_malware,host_malware,aks_worker,eks_worker,image_secret,host_secret]

Type represents the vulnerability type

vecStr string

Textual representation of the metric values used to score the vulnerability.

vulnTagInfos object[]

Tag information for the vulnerability.

Array [

color common.Color (string)

Color is a hexadecimal representation of color code value

comment string

Tag comment in a specific vulnerability context.

name string

Name of the tag.

]

wildfireMalware object

WildFireMalware holds the data for WildFire malicious MD5

md5 string

MD5 is the hash of the malicious binary.

path string

Path is the path to malicious binary.

verdict string

Verdict is the malicious source like grayware, malware and phishing.

]

vulnerabilitiesCount integer

Total number of vulnerabilities.

vulnerabilityDistribution object

Distribution counts the number of vulnerabilities per type

critical integer

.

high integer

.

low integer

.

medium integer

.

total integer

.

vulnerabilityRiskScore float

Image's CVE risk score.

vulnerabilityRiskScore float

Code repository's CVE risk score. Used for sorting.

vulnerableFiles integer

Counts how many files have vulnerabilities. Vulnerability info is calculated on demand.

Responses

200

ScanResult holds a specific repository data

application/json

Schema

Schema

_id string

Scan report ID in the database.

collections string (string)[]

List of matching code repo collections.

complianceRiskScore float

Code repository's compliance risk score. Used for sorting.

files object[]
Scan result for each manifest file in the repository.
Array [
dependencies object[]
Packages listed in the manifest file.
Array [
devDependency boolean
Indicates if this dependency is used only for the development of the package (true) or not (false).
lastResolved date-time
Date/time of the last version resolution. If the value is zero, it means the version is explicit and does not require resolving.
licenseSeverity string
Maximum severity of the detected licenses according to the compliance policy.
licenses license.SPDXLicense (string)[]
Possible values: [0BSD,AAL,ADSL,AFL-1.1,AFL-1.2,AFL-2.0,AFL-2.1,AFL-3.0,AGPL-1.0,AGPL-1.0-only,AGPL-1.0-or-later,AGPL-3.0,AGPL-3.0-only,AGPL-3.0-or-later,AMDPLPA,AML,AMPAS,ANTLR-PD,ANTLR-PD-fallback,APAFML,APL-1.0,APSL-1.0,APSL-1.1,APSL-1.2,APSL-2.0,Abstyles,Adobe-2006,Adobe-Glyph,Afmparse,Aladdin,Apache-1.0,Apache-1.1,Apache-2.0,Artistic-1.0,Artistic-1.0-Perl,Artistic-1.0-cl8,Artistic-2.0,BSD-1-Clause,BSD-2-Clause,BSD-2-Clause-FreeBSD,BSD-2-Clause-NetBSD,BSD-2-Clause-Patent,BSD-2-Clause-Views,BSD-3-Clause,BSD-3-Clause-Attribution,BSD-3-Clause-Clear,BSD-3-Clause-LBNL,BSD-3-Clause-No-Nuclear-License,BSD-3-Clause-No-Nuclear-License-2014,BSD-3-Clause-No-Nuclear-Warranty,BSD-3-Clause-Open-MPI,BSD-4-Clause,BSD-4-Clause-UC,BSD-Protection,BSD-Source-Code,BSL-1.0,BUSL-1.1,Bahyph,Barr,Beerware,BitTorrent-1.0,BitTorrent-1.1,BlueOak-1.0.0,Borceux,CAL-1.0,CAL-1.0-Combined-Work-Exception,CATOSL-1.1,CC-BY-1.0,CC-BY-2.0,CC-BY-2.5,CC-BY-3.0,CC-BY-3.0-AT,CC-BY-3.0-US,CC-BY-4.0,CC-BY-NC-1.0,CC-BY-NC-2.0,CC-BY-NC-2.5,CC-BY-NC-3.0,CC-BY-NC-4.0,CC-BY-NC-ND-1.0,CC-BY-NC-ND-2.0,CC-BY-NC-ND-2.5,CC-BY-NC-ND-3.0,CC-BY-NC-ND-3.0-IGO,CC-BY-NC-ND-4.0,CC-BY-NC-SA-1.0,CC-BY-NC-SA-2.0,CC-BY-NC-SA-2.5,CC-BY-NC-SA-3.0,CC-BY-NC-SA-4.0,CC-BY-ND-1.0,CC-BY-ND-2.0,CC-BY-ND-2.5,CC-BY-ND-3.0,CC-BY-ND-4.0,CC-BY-SA-1.0,CC-BY-SA-2.0,CC-BY-SA-2.0-UK,CC-BY-SA-2.5,CC-BY-SA-3.0,CC-BY-SA-3.0-AT,CC-BY-SA-4.0,CC-PDDC,CC0-1.0,CDDL-1.0,CDDL-1.1,CDLA-Permissive-1.0,CDLA-Sharing-1.0,CECILL-1.0,CECILL-1.1,CECILL-2.0,CECILL-2.1,CECILL-B,CECILL-C,CERN-OHL-1.1,CERN-OHL-1.2,CERN-OHL-P-2.0,CERN-OHL-S-2.0,CERN-OHL-W-2.0,CNRI-Jython,CNRI-Python,CNRI-Python-GPL-Compatible,CPAL-1.0,CPL-1.0,CPOL-1.02,CUA-OPL-1.0,Caldera,ClArtistic,Condor-1.1,Crossword,CrystalStacker,Cube,D-FSL-1.0,DOC,DSDP,Dotseqn,ECL-1.0,ECL-2.0,EFL-1.0,EFL-2.0,EPICS,EPL-1.0,EPL-2.0,EUDatagrid,EUPL-1.0,EUPL-1.1,EUPL-1.2,Entessa,ErlPL-1.1,Eurosym,FSFAP,FSFUL,FSFULLR,FTL,Fair,Frameworx-1.0,FreeImage,GFDL-1.1,GFDL-1.1-invariants-only,GFDL-1.1-invariants-or-later,GFDL-1.1-no-invariants-only,GFDL-1.1-no-invariants-or-later,GFDL-1.1-only,GFDL-1.1-or-later,GFDL-1.2,GFDL-1.2-invariants-only,GFDL-1.2-invariants-or-later,GFDL-1.2-no-invariants-only,GFDL-1.2-no-invariants-or-later,GFDL-1.2-only,GFDL-1.2-or-later,GFDL-1.3,GFDL-1.3-invariants-only,GFDL-1.3-invariants-or-later,GFDL-1.3-no-invariants-only,GFDL-1.3-no-invariants-or-later,GFDL-1.3-only,GFDL-1.3-or-later,GL2PS,GLWTPL,GPL-1.0,GPL-1.0+,GPL-1.0-only,GPL-1.0-or-later,GPL-2.0,GPL-2.0+,GPL-2.0-only,GPL-2.0-or-later,GPL-2.0-with-GCC-exception,GPL-2.0-with-autoconf-exception,GPL-2.0-with-bison-exception,GPL-2.0-with-classpath-exception,GPL-2.0-with-font-exception,GPL-3.0,GPL-3.0+,GPL-3.0-only,GPL-3.0-or-later,GPL-3.0-with-GCC-exception,GPL-3.0-with-autoconf-exception,Giftware,Glide,Glulxe,HPND,HPND-sell-variant,HTMLTIDY,HaskellReport,Hippocratic-2.1,IBM-pibs,ICU,IJG,IPA,IPL-1.0,ISC,ImageMagick,Imlib2,Info-ZIP,Intel,Intel-ACPI,Interbase-1.0,JPNIC,JSON,JasPer-2.0,LAL-1.2,LAL-1.3,LGPL-2.0,LGPL-2.0+,LGPL-2.0-only,LGPL-2.0-or-later,LGPL-2.1,LGPL-2.1+,LGPL-2.1-only,LGPL-2.1-or-later,LGPL-3.0,LGPL-3.0+,LGPL-3.0-only,LGPL-3.0-or-later,LGPLLR,LPL-1.0,LPL-1.02,LPPL-1.0,LPPL-1.1,LPPL-1.2,LPPL-1.3a,LPPL-1.3c,Latex2e,Leptonica,LiLiQ-P-1.1,LiLiQ-R-1.1,LiLiQ-Rplus-1.1,Libpng,Linux-OpenIB,MIT,MIT-0,MIT-CMU,MIT-advertising,MIT-enna,MIT-feh,MIT-open-group,MITNFA,MPL-1.0,MPL-1.1,MPL-2.0,MPL-2.0-no-copyleft-exception,MS-PL,MS-RL,MTLL,MakeIndex,MirOS,Motosoto,MulanPSL-1.0,MulanPSL-2.0,Multics,Mup,NASA-1.3,NBPL-1.0,NCGL-UK-2.0,NCSA,NGPL,NIST-PD,NIST-PD-fallback,NLOD-1.0,NLPL,NOSL,NPL-1.0,NPL-1.1,NPOSL-3.0,NRL,NTP,NTP-0,Naumen,Net-SNMP,NetCDF,Newsletr,Nokia,Noweb,Nunit,O-UDA-1.0,OCCT-PL,OCLC-2.0,ODC-By-1.0,ODbL-1.0,OFL-1.0,OFL-1.0-RFN,OFL-1.0-no-RFN,OFL-1.1,OFL-1.1-RFN,OFL-1.1-no-RFN,OGC-1.0,OGL-Canada-2.0,OGL-UK-1.0,OGL-UK-2.0,OGL-UK-3.0,OGTSL,OLDAP-1.1,OLDAP-1.2,OLDAP-1.3,OLDAP-1.4,OLDAP-2.0,OLDAP-2.0.1,OLDAP-2.1,OLDAP-2.2,OLDAP-2.2.1,OLDAP-2.2.2,OLDAP-2.3,OLDAP-2.4,OLDAP-2.5,OLDAP-2.6,OLDAP-2.7,OLDAP-2.8,OML,OPL-1.0,OSET-PL-2.1,OSL-1.0,OSL-1.1,OSL-2.0,OSL-2.1,OSL-3.0,OpenSSL,PDDL-1.0,PHP-3.0,PHP-3.01,PSF-2.0,Parity-6.0.0,Parity-7.0.0,Plexus,PolyForm-Noncommercial-1.0.0,PolyForm-Small-Business-1.0.0,PostgreSQL,Python-2.0,QPL-1.0,Qhull,RHeCos-1.1,RPL-1.1,RPL-1.5,RPSL-1.0,RSA-MD,RSCPL,Rdisc,Ruby,SAX-PD,SCEA,SGI-B-1.0,SGI-B-1.1,SGI-B-2.0,SHL-0.5,SHL-0.51,SISSL,SISSL-1.2,SMLNJ,SMPPL,SNIA,SPL-1.0,SSH-OpenSSH,SSH-short,SSPL-1.0,SWL,Saxpath,Sendmail,Sendmail-8.23,SimPL-2.0,Sleepycat,Spencer-86,Spencer-94,Spencer-99,StandardML-NJ,SugarCRM-1.1.3,TAPR-OHL-1.0,TCL,TCP-wrappers,TMate,TORQUE-1.1,TOSL,TU-Berlin-1.0,TU-Berlin-2.0,UCL-1.0,UPL-1.0,Unicode-DFS-2015,Unicode-DFS-2016,Unicode-TOU,Unlicense,VOSTROM,VSL-1.0,Vim,W3C,W3C-19980720,W3C-20150513,WTFPL,Watcom-1.0,Wsuipa,X11,XFree86-1.1,XSkat,Xerox,Xnet,YPL-1.0,YPL-1.1,ZPL-1.1,ZPL-2.0,ZPL-2.1,Zed,Zend-2.0,Zimbra-1.3,Zimbra-1.4,Zlib,blessing,bzip2-1.0.5,bzip2-1.0.6,copyleft-next-0.3.0,copyleft-next-0.3.1,curl,diffmark,dvipdfm,eCos-2.0,eGenix,etalab-2.0,gSOAP-1.3b,gnuplot,iMatix,libpng-2.0,libselinux-1.0,libtiff,mpich2,psfrag,psutils,wxWindows,xinetd,xpp,zlib-acknowledgement]
Detected licenses of the dependant package.
name string
Package name that the dependency refers to.
rawRequirement string
Line in which the package is declared.
unsupported boolean
Indicates if this package is unsupported by the remote package manager DB (e.g., due to a bad name or private package) (true) or not (false).
version string
Package version, either explicitly specified in a manifest or resolved by the scanner.
vulnerabilities object[]
Vulnerabilities in the package.
Array [
applicableRules string (string)[]
Rules applied on the package.
binaryPkgs string (string)[]
Names of the distro binary package names (packages which are built from the source of the package).
block boolean
Indicates if the vulnerability has a block effect (true) or not (false).
cause string
Additional information regarding the root cause for the vulnerability.
cri boolean
Indicates if this is a CRI-specific vulnerability (true) or not (false).
custom boolean
Indicates if the vulnerability is a custom vulnerability (e.g., openscap, sandbox) (true) or not (false).
cve string
CVE ID of the vulnerability (if applied).
cvss float
CVSS score of the vulnerability.
description string
Description of the vulnerability.
discovered date-time
Specifies the time of discovery for the vulnerability.
exploit vuln.ExploitType (string)
Possible values: [,exploit-db,exploit-windows,cisa-kev]
ExploitType represents the source of an exploit
exploits object[]
Exploits represents the exploits data found for a CVE
Array [
kind vuln.ExploitKind (string)
Possible values: [poc,in-the-wild]
ExploitKind represents the kind of the exploit
link string
Link is a link to information about the exploit.
source vuln.ExploitType (string)
Possible values: [,exploit-db,exploit-windows,cisa-kev]
ExploitType represents the source of an exploit
]
fixDate int64
Date/time when the vulnerability was fixed (in Unix time).
fixLink string
Link to the vendor's fixed-version information.
functionLayer string
Specifies the serverless layer ID in which the vulnerability was discovered.
gracePeriodDays integer
Number of grace days left for a vulnerability, based on the configured grace period. Nil if no block vulnerability rule applies.
id integer
ID of the violation.
layerTime int64
Date/time of the image layer to which the CVE belongs.
link string
Vendor link to the CVE.
packageName string
Name of the package that caused the vulnerability.
packageType vuln.PackageType (string)
Possible values: [nodejs,gem,python,jar,package,windows,binary,nuget,go,app,unknown]
PackageType describes the package type
packageVersion string
Version of the package that caused the vulnerability (or null).
published int64
Date/time when the vulnerability was published (in Unix time).
riskFactors object
RiskFactors maps the existence of vulnerability risk factors
property name* string (string)
secret object
Secret represents a secret found on the scanned workload
locationInFile string
LocationInFile is the line and offset in the file where the secret was found.
modifiedTime int64
ModifiedTime is the modification time of the file containing the secret.
path string
Path is the path of the file in which the secret was found.
snippet string
Snippet is the partial plain secret.
type vuln.SecretType (string)
Possible values: [AWS Access Key ID,AWS Secret Key,AWS MWS Auth Token,Azure Storage Account Access Key,Azure Service Principal,GCP Service Account Auth Key,Private Encryption Key,Public Encryption Key,PEM X509 Certificate Header,SSH Authorized Keys,Artifactory API Token,Artifactory Password,Basic Auth Credentials,Mailchimp Access Key,NPM Token,Slack Token,Slack Webhook,Square OAuth Secret,Notion Integration Token,Airtable API Key,Atlassian Oauth2 Keys,CircleCI Personal Token,Databricks Authentication Token,GitHub Token,GitLab Token,Google API key,Grafana Token,Python Package Index Key (PYPI),Typeform API Token,Scalr Token,Braintree Access Token,Braintree Payments Key,Paypal Token Key,Braintree Payments ID,Datadog Client Token,ClickUp Personal API Token,OpenAI API Key,Java DB Connectivity (JDBC),MongoDB,.Net SQL Server]
SecretType represents a secret type
severity string
Textual representation of the vulnerability's severity.
status string
Vendor status for the vulnerability.
templates vuln.ComplianceTemplate (string)[]
Possible values: [PCI,HIPAA,NIST SP 800-190,GDPR,DISA STIG]
List of templates with which the vulnerability is associated.
text string
Description of the violation.
title string
Compliance title.
twistlock boolean
Indicates if this is a Twistlock-specific vulnerability (true) or not (false).
type vuln.Type (string)
Possible values: [container,image,host_config,daemon_config,daemon_config_files,security_operations,k8s_master,k8s_worker,k8s_federation,linux,windows,istio,serverless,custom,docker_stig,openshift_master,openshift_worker,application_control_linux,gke_worker,image_malware,host_malware,aks_worker,eks_worker,image_secret,host_secret]
Type represents the vulnerability type
vecStr string
Textual representation of the metric values used to score the vulnerability.
vulnTagInfos object[]
Tag information for the vulnerability.
Array [
color common.Color (string)
Color is a hexadecimal representation of color code value
comment string
Tag comment in a specific vulnerability context.
name string
Name of the tag.
]
wildfireMalware object
WildFireMalware holds the data for WildFire malicious MD5
md5 string
MD5 is the hash of the malicious binary.
path string
Path is the path to malicious binary.
verdict string
Verdict is the malicious source like grayware, malware and phishing.
]
]
distribution object
Distribution counts the number of vulnerabilities per type
critical integer
.
high integer
.
low integer
.
medium integer
.
total integer
.
path string
Path to the file.
type vuln.PackageType (string)
Possible values: [nodejs,gem,python,jar,package,windows,binary,nuget,go,app,unknown]
PackageType describes the package type
]
pass boolean

Indicates whether the scan passed or failed.

repository object

Repository is the metadata for a code repository

build string

CI build.

defaultBranch string

Default branch in the repository, usually master.

digest string

Repository content digest. Used to indicate if the content of the repository has changed.

fullName string

Full name that represents the repository (/).

jobName string

CI job name.

name string

Repository name.

owner string

GitHub username or organization name of the repository's owner.

private boolean

Indicates if the repository is private (true) or not (false).

size integer

Size of the repository (in KB).

url string

URL is the repository address.

scanTime date-time

Date/time when this repository was last scanned. The results might be from the DB and not updated if the repository contents have not changed.

type shared.CodeRepoProviderType (string)

Possible values: [github,CI]

CodeRepoProviderType is the type of provider for the code repository, e.g., GitHub, GitLab etc

updateTime date-time

Date/time when this repository was last updated.

vulnInfo object

ImageInfo contains image information collected during image scan

Secrets string (string)[]

Secrets are paths to embedded secrets inside the image Note: capital letter JSON annotation is kept to avoid converting all images for backward-compatibility support.

allCompliance object

AllCompliance contains data regarding passed compliance checks

compliance object[]

Compliance are all the passed compliance checks.

Array [

applicableRules string (string)[]

Rules applied on the package.

binaryPkgs string (string)[]

Names of the distro binary package names (packages which are built from the source of the package).

block boolean

Indicates if the vulnerability has a block effect (true) or not (false).

cause string

Additional information regarding the root cause for the vulnerability.

cri boolean

Indicates if this is a CRI-specific vulnerability (true) or not (false).

custom boolean

Indicates if the vulnerability is a custom vulnerability (e.g., openscap, sandbox) (true) or not (false).

cve string

CVE ID of the vulnerability (if applied).

cvss float

CVSS score of the vulnerability.

description string

Description of the vulnerability.

discovered date-time

Specifies the time of discovery for the vulnerability.

exploit vuln.ExploitType (string)

Possible values: [,exploit-db,exploit-windows,cisa-kev]

ExploitType represents the source of an exploit

exploits object[]

Exploits represents the exploits data found for a CVE

Array [

kind vuln.ExploitKind (string)

Possible values: [poc,in-the-wild]

ExploitKind represents the kind of the exploit

link string

Link is a link to information about the exploit.

source vuln.ExploitType (string)

Possible values: [,exploit-db,exploit-windows,cisa-kev]

ExploitType represents the source of an exploit

]

fixDate int64

Date/time when the vulnerability was fixed (in Unix time).

fixLink string

Link to the vendor's fixed-version information.

functionLayer string

Specifies the serverless layer ID in which the vulnerability was discovered.

gracePeriodDays integer

Number of grace days left for a vulnerability, based on the configured grace period. Nil if no block vulnerability rule applies.

id integer

ID of the violation.

layerTime int64

Date/time of the image layer to which the CVE belongs.

link string

Vendor link to the CVE.

packageName string

Name of the package that caused the vulnerability.

packageType vuln.PackageType (string)

Possible values: [nodejs,gem,python,jar,package,windows,binary,nuget,go,app,unknown]

PackageType describes the package type

packageVersion string

Version of the package that caused the vulnerability (or null).

published int64

Date/time when the vulnerability was published (in Unix time).

riskFactors object

RiskFactors maps the existence of vulnerability risk factors

property name* string (string)

secret object

Secret represents a secret found on the scanned workload

locationInFile string

LocationInFile is the line and offset in the file where the secret was found.

modifiedTime int64

ModifiedTime is the modification time of the file containing the secret.

path string

Path is the path of the file in which the secret was found.

snippet string

Snippet is the partial plain secret.

type vuln.SecretType (string)

Possible values: [AWS Access Key ID,AWS Secret Key,AWS MWS Auth Token,Azure Storage Account Access Key,Azure Service Principal,GCP Service Account Auth Key,Private Encryption Key,Public Encryption Key,PEM X509 Certificate Header,SSH Authorized Keys,Artifactory API Token,Artifactory Password,Basic Auth Credentials,Mailchimp Access Key,NPM Token,Slack Token,Slack Webhook,Square OAuth Secret,Notion Integration Token,Airtable API Key,Atlassian Oauth2 Keys,CircleCI Personal Token,Databricks Authentication Token,GitHub Token,GitLab Token,Google API key,Grafana Token,Python Package Index Key (PYPI),Typeform API Token,Scalr Token,Braintree Access Token,Braintree Payments Key,Paypal Token Key,Braintree Payments ID,Datadog Client Token,ClickUp Personal API Token,OpenAI API Key,Java DB Connectivity (JDBC),MongoDB,.Net SQL Server]

SecretType represents a secret type

severity string

Textual representation of the vulnerability's severity.

status string

Vendor status for the vulnerability.

templates vuln.ComplianceTemplate (string)[]

Possible values: [PCI,HIPAA,NIST SP 800-190,GDPR,DISA STIG]

List of templates with which the vulnerability is associated.

text string

Description of the violation.

title string

Compliance title.

twistlock boolean

Indicates if this is a Twistlock-specific vulnerability (true) or not (false).

type vuln.Type (string)

Possible values: [container,image,host_config,daemon_config,daemon_config_files,security_operations,k8s_master,k8s_worker,k8s_federation,linux,windows,istio,serverless,custom,docker_stig,openshift_master,openshift_worker,application_control_linux,gke_worker,image_malware,host_malware,aks_worker,eks_worker,image_secret,host_secret]

Type represents the vulnerability type

vecStr string

Textual representation of the metric values used to score the vulnerability.

vulnTagInfos object[]

Tag information for the vulnerability.

Array [

color common.Color (string)

Color is a hexadecimal representation of color code value

comment string

Tag comment in a specific vulnerability context.

name string

Name of the tag.

]

wildfireMalware object

WildFireMalware holds the data for WildFire malicious MD5

md5 string

MD5 is the hash of the malicious binary.

path string

Path is the path to malicious binary.

verdict string

Verdict is the malicious source like grayware, malware and phishing.

]

enabled boolean

Enabled indicates whether passed compliance checks is enabled by policy.

applications object[]

Products in the image.

Array [

installedFromPackage boolean

Indicates that the app was installed as an OS package.

knownVulnerabilities integer

Total number of vulnerabilities for this application.

layerTime int64

Image layer to which the application belongs - layer creation time.

name string

Name of the application.

originPackageName string

OriginPackageName is the name of the app origin package.

path string

Path of the detected application.

service boolean

Service indicates whether the application is installed as a service.

version string

Version of the application.

]

baseImage string

Image’s base image name. Used when filtering the vulnerabilities by base images.

binaries object[]

Binaries in the image.

Array [

altered boolean

Indicates if the binary was installed from a package manager and modified/replaced (true) or not (false).

cveCount integer

Total number of CVEs for this specific binary.

deps string (string)[]

Third-party package files which are used by the binary.

fileMode integer

Represents the file's mode and permission bits.

functionLayer string

ID of the serverless layer in which the package was discovered.

md5 string

Md5 hashset of the binary.

missingPkg boolean

Indicates if this binary is not related to any package (true) or not (false).

name string

Name of the binary.

path string

Path is the path of the binary.

pkgRootDir string

Path for searching packages used by the binary.

services string (string)[]

Names of services which use the binary.

version string

Version of the binary.

]

cloudMetadata object

CloudMetadata is the metadata for a cloud provider managed asset (e.g., as part of AWS/GCP/Azure/OCI)

accountID string

Cloud account ID.

awsExecutionEnv string

AWS execution environment (e.g. EC2/Fargate).

image string

The name of the image the cloud managed host or container is based on.

labels object[]

Cloud provider metadata labels.

Array [

key string

Label key.

sourceName string

Source name (e.g., for a namespace, the source name can be 'twistlock').

sourceType common.ExternalLabelSourceType (string)

Possible values: [namespace,deployment,aws,azure,gcp,oci]

ExternalLabelSourceType indicates the source of the labels

timestamp date-time

Time when the label was fetched.

value string

Value of the label.

]

name string

Resource name.

provider common.CloudProvider (string)

Possible values: [aws,azure,gcp,alibaba,oci,others]

CloudProvider specifies the cloud provider name

region string

Resource's region.

resourceID string

Unique ID of the resource.

resourceURL string

Server-defined URL for the resource.

type string

Instance type.

vmID string

Azure unique vm ID.

vmImageID string

VMImageID holds the VM instance's image ID.

clusterType common.ClusterType (string)

Possible values: [AKS,ECS,EKS,GKE,Kubernetes]

ClusterType is the cluster type

clusters string (string)[]

Cluster names.

complianceDistribution object

Distribution counts the number of vulnerabilities per type

critical integer

.

high integer

.

low integer

.

medium integer

.

total integer

.

complianceIssues object[]

All the compliance issues.

Array [

applicableRules string (string)[]

Rules applied on the package.

binaryPkgs string (string)[]

Names of the distro binary package names (packages which are built from the source of the package).

block boolean

Indicates if the vulnerability has a block effect (true) or not (false).

cause string

Additional information regarding the root cause for the vulnerability.

cri boolean

Indicates if this is a CRI-specific vulnerability (true) or not (false).

custom boolean

Indicates if the vulnerability is a custom vulnerability (e.g., openscap, sandbox) (true) or not (false).

cve string

CVE ID of the vulnerability (if applied).

cvss float

CVSS score of the vulnerability.

description string

Description of the vulnerability.

discovered date-time

Specifies the time of discovery for the vulnerability.

exploit vuln.ExploitType (string)

Possible values: [,exploit-db,exploit-windows,cisa-kev]

ExploitType represents the source of an exploit

exploits object[]

Exploits represents the exploits data found for a CVE

Array [

kind vuln.ExploitKind (string)

Possible values: [poc,in-the-wild]

ExploitKind represents the kind of the exploit

link string

Link is a link to information about the exploit.

source vuln.ExploitType (string)

Possible values: [,exploit-db,exploit-windows,cisa-kev]

ExploitType represents the source of an exploit

]

fixDate int64

Date/time when the vulnerability was fixed (in Unix time).

fixLink string

Link to the vendor's fixed-version information.

functionLayer string

Specifies the serverless layer ID in which the vulnerability was discovered.

gracePeriodDays integer

Number of grace days left for a vulnerability, based on the configured grace period. Nil if no block vulnerability rule applies.

id integer

ID of the violation.

layerTime int64

Date/time of the image layer to which the CVE belongs.

link string

Vendor link to the CVE.

packageName string

Name of the package that caused the vulnerability.

packageType vuln.PackageType (string)

Possible values: [nodejs,gem,python,jar,package,windows,binary,nuget,go,app,unknown]

PackageType describes the package type

packageVersion string

Version of the package that caused the vulnerability (or null).

published int64

Date/time when the vulnerability was published (in Unix time).

riskFactors object

RiskFactors maps the existence of vulnerability risk factors

property name* string (string)

secret object

Secret represents a secret found on the scanned workload

locationInFile string

LocationInFile is the line and offset in the file where the secret was found.

modifiedTime int64

ModifiedTime is the modification time of the file containing the secret.

path string

Path is the path of the file in which the secret was found.

snippet string

Snippet is the partial plain secret.

type vuln.SecretType (string)

Possible values: [AWS Access Key ID,AWS Secret Key,AWS MWS Auth Token,Azure Storage Account Access Key,Azure Service Principal,GCP Service Account Auth Key,Private Encryption Key,Public Encryption Key,PEM X509 Certificate Header,SSH Authorized Keys,Artifactory API Token,Artifactory Password,Basic Auth Credentials,Mailchimp Access Key,NPM Token,Slack Token,Slack Webhook,Square OAuth Secret,Notion Integration Token,Airtable API Key,Atlassian Oauth2 Keys,CircleCI Personal Token,Databricks Authentication Token,GitHub Token,GitLab Token,Google API key,Grafana Token,Python Package Index Key (PYPI),Typeform API Token,Scalr Token,Braintree Access Token,Braintree Payments Key,Paypal Token Key,Braintree Payments ID,Datadog Client Token,ClickUp Personal API Token,OpenAI API Key,Java DB Connectivity (JDBC),MongoDB,.Net SQL Server]

SecretType represents a secret type

severity string

Textual representation of the vulnerability's severity.

status string

Vendor status for the vulnerability.

templates vuln.ComplianceTemplate (string)[]

Possible values: [PCI,HIPAA,NIST SP 800-190,GDPR,DISA STIG]

List of templates with which the vulnerability is associated.

text string

Description of the violation.

title string

Compliance title.

twistlock boolean

Indicates if this is a Twistlock-specific vulnerability (true) or not (false).

type vuln.Type (string)

Possible values: [container,image,host_config,daemon_config,daemon_config_files,security_operations,k8s_master,k8s_worker,k8s_federation,linux,windows,istio,serverless,custom,docker_stig,openshift_master,openshift_worker,application_control_linux,gke_worker,image_malware,host_malware,aks_worker,eks_worker,image_secret,host_secret]

Type represents the vulnerability type

vecStr string

Textual representation of the metric values used to score the vulnerability.

vulnTagInfos object[]

Tag information for the vulnerability.

Array [

color common.Color (string)

Color is a hexadecimal representation of color code value

comment string

Tag comment in a specific vulnerability context.

name string

Name of the tag.

]

wildfireMalware object

WildFireMalware holds the data for WildFire malicious MD5

md5 string

MD5 is the hash of the malicious binary.

path string

Path is the path to malicious binary.

verdict string

Verdict is the malicious source like grayware, malware and phishing.

]

complianceIssuesCount integer

Number of compliance issues.

complianceRiskScore float

Compliance risk score for the image.

compressed boolean

Compressed indicates if this image seems to be compressed - currently only relevant for buildah images.

compressedLayerTimes object

CompressedLayerTimes represent the compressed layer times of the image apps and pkgs

appTimes int64[]

.

pkgsTimes object[]

.

Array [

pkgTimes int64[]

.

pkgsType vuln.PackageType (string)

Possible values: [nodejs,gem,python,jar,package,windows,binary,nuget,go,app,unknown]

PackageType describes the package type

]

creationTime date-time

Specifies the time of creation for the latest version of the image.

distro string

Full name of the distribution.

ecsClusterName string

ECS cluster name.

externalLabels object[]

Kubernetes external labels of all containers running this image.

Array [

key string

Label key.

sourceName string

Source name (e.g., for a namespace, the source name can be 'twistlock').

sourceType common.ExternalLabelSourceType (string)

Possible values: [namespace,deployment,aws,azure,gcp,oci]

ExternalLabelSourceType indicates the source of the labels

timestamp date-time

Time when the label was fetched.

value string

Value of the label.

]

files object[]

Files in the container.

Array [

md5 string

Hash sum of the file using md5.

path string

Path of the file.

sha1 string

Hash sum of the file using SHA-1.

sha256 string

Hash sum of the file using SHA256.

]

firstScanTime date-time

Specifies the time of the scan for the first version of the image. This time is preserved even after the version update.

foundSecrets object[]

FoundSecrets are secrets with metadata that were found in the secrets' scan. Requires json tag for reporting secrets from image scan.

Array [

locationInFile string

LocationInFile is the line and offset in the file where the secret was found.

modifiedTime int64

ModifiedTime is the modification time of the file containing the secret.

path string

Path is the path of the file in which the secret was found.

snippet string

Snippet is the partial plain secret.

type vuln.SecretType (string)

Possible values: [AWS Access Key ID,AWS Secret Key,AWS MWS Auth Token,Azure Storage Account Access Key,Azure Service Principal,GCP Service Account Auth Key,Private Encryption Key,Public Encryption Key,PEM X509 Certificate Header,SSH Authorized Keys,Artifactory API Token,Artifactory Password,Basic Auth Credentials,Mailchimp Access Key,NPM Token,Slack Token,Slack Webhook,Square OAuth Secret,Notion Integration Token,Airtable API Key,Atlassian Oauth2 Keys,CircleCI Personal Token,Databricks Authentication Token,GitHub Token,GitLab Token,Google API key,Grafana Token,Python Package Index Key (PYPI),Typeform API Token,Scalr Token,Braintree Access Token,Braintree Payments Key,Paypal Token Key,Braintree Payments ID,Datadog Client Token,ClickUp Personal API Token,OpenAI API Key,Java DB Connectivity (JDBC),MongoDB,.Net SQL Server]

SecretType represents a secret type

]

history object[]

Docker image history.

Array [

baseLayer boolean

Indicates if this layer originated from the base image (true) or not (false).

created int64

Date/time when the image layer was created.

emptyLayer boolean

Indicates if this instruction didn't create a separate layer (true) or not (false).

id string

ID of the layer.

instruction string

Docker file instruction and arguments used to create this layer.

sizeBytes int64

Size of the layer (in bytes).

tags string (string)[]

Holds the image tags.

vulnerabilities object[]

Vulnerabilities which originated from this layer.

Array [

applicableRules string (string)[]

Rules applied on the package.

binaryPkgs string (string)[]

Names of the distro binary package names (packages which are built from the source of the package).

block boolean

Indicates if the vulnerability has a block effect (true) or not (false).

cause string

Additional information regarding the root cause for the vulnerability.

cri boolean

Indicates if this is a CRI-specific vulnerability (true) or not (false).

custom boolean

Indicates if the vulnerability is a custom vulnerability (e.g., openscap, sandbox) (true) or not (false).

cve string

CVE ID of the vulnerability (if applied).

cvss float

CVSS score of the vulnerability.

description string

Description of the vulnerability.

discovered date-time

Specifies the time of discovery for the vulnerability.

exploit vuln.ExploitType (string)

Possible values: [,exploit-db,exploit-windows,cisa-kev]

ExploitType represents the source of an exploit

exploits object[]

Exploits represents the exploits data found for a CVE

Array [

kind vuln.ExploitKind (string)

Possible values: [poc,in-the-wild]

ExploitKind represents the kind of the exploit

link string

Link is a link to information about the exploit.

source vuln.ExploitType (string)

Possible values: [,exploit-db,exploit-windows,cisa-kev]

ExploitType represents the source of an exploit

]

fixDate int64

Date/time when the vulnerability was fixed (in Unix time).

fixLink string

Link to the vendor's fixed-version information.

functionLayer string

Specifies the serverless layer ID in which the vulnerability was discovered.

gracePeriodDays integer

Number of grace days left for a vulnerability, based on the configured grace period. Nil if no block vulnerability rule applies.

id integer

ID of the violation.

layerTime int64

Date/time of the image layer to which the CVE belongs.

link string

Vendor link to the CVE.

packageName string

Name of the package that caused the vulnerability.

packageType vuln.PackageType (string)

Possible values: [nodejs,gem,python,jar,package,windows,binary,nuget,go,app,unknown]

PackageType describes the package type

packageVersion string

Version of the package that caused the vulnerability (or null).

published int64

Date/time when the vulnerability was published (in Unix time).

riskFactors object

RiskFactors maps the existence of vulnerability risk factors

property name* string (string)

secret object

Secret represents a secret found on the scanned workload

locationInFile string

LocationInFile is the line and offset in the file where the secret was found.

modifiedTime int64

ModifiedTime is the modification time of the file containing the secret.

path string

Path is the path of the file in which the secret was found.

snippet string

Snippet is the partial plain secret.

type vuln.SecretType (string)

Possible values: [AWS Access Key ID,AWS Secret Key,AWS MWS Auth Token,Azure Storage Account Access Key,Azure Service Principal,GCP Service Account Auth Key,Private Encryption Key,Public Encryption Key,PEM X509 Certificate Header,SSH Authorized Keys,Artifactory API Token,Artifactory Password,Basic Auth Credentials,Mailchimp Access Key,NPM Token,Slack Token,Slack Webhook,Square OAuth Secret,Notion Integration Token,Airtable API Key,Atlassian Oauth2 Keys,CircleCI Personal Token,Databricks Authentication Token,GitHub Token,GitLab Token,Google API key,Grafana Token,Python Package Index Key (PYPI),Typeform API Token,Scalr Token,Braintree Access Token,Braintree Payments Key,Paypal Token Key,Braintree Payments ID,Datadog Client Token,ClickUp Personal API Token,OpenAI API Key,Java DB Connectivity (JDBC),MongoDB,.Net SQL Server]

SecretType represents a secret type

severity string

Textual representation of the vulnerability's severity.

status string

Vendor status for the vulnerability.

templates vuln.ComplianceTemplate (string)[]

Possible values: [PCI,HIPAA,NIST SP 800-190,GDPR,DISA STIG]

List of templates with which the vulnerability is associated.

text string

Description of the violation.

title string

Compliance title.

twistlock boolean

Indicates if this is a Twistlock-specific vulnerability (true) or not (false).

type vuln.Type (string)

Possible values: [container,image,host_config,daemon_config,daemon_config_files,security_operations,k8s_master,k8s_worker,k8s_federation,linux,windows,istio,serverless,custom,docker_stig,openshift_master,openshift_worker,application_control_linux,gke_worker,image_malware,host_malware,aks_worker,eks_worker,image_secret,host_secret]

Type represents the vulnerability type

vecStr string

Textual representation of the metric values used to score the vulnerability.

vulnTagInfos object[]

Tag information for the vulnerability.

Array [

color common.Color (string)

Color is a hexadecimal representation of color code value

comment string

Tag comment in a specific vulnerability context.

name string

Name of the tag.

]

wildfireMalware object

WildFireMalware holds the data for WildFire malicious MD5

md5 string

MD5 is the hash of the malicious binary.

path string

Path is the path to malicious binary.

verdict string

Verdict is the malicious source like grayware, malware and phishing.

]

]

hostDevices object[]

Map from host network device name to IP address.

Array [

ip string

Network device IPv4 address.

name string

Network device name.

]

id string

Image ID.

image object

Image represents a container image

created date-time

Date/time when the image was created.

entrypoint string (string)[]

Combined entrypoint of the image (entrypoint + CMD).

env string (string)[]

Image environment variables.

healthcheck boolean

Indicates if health checks are enabled (true) or not (false).

history object[]

Holds the image history.

Array [

baseLayer boolean

Indicates if this layer originated from the base image (true) or not (false).

created int64

Date/time when the image layer was created.

emptyLayer boolean

Indicates if this instruction didn't create a separate layer (true) or not (false).

id string

ID of the layer.

instruction string

Docker file instruction and arguments used to create this layer.

sizeBytes int64

Size of the layer (in bytes).

tags string (string)[]

Holds the image tags.

vulnerabilities object[]

Vulnerabilities which originated from this layer.

Array [

applicableRules string (string)[]

Rules applied on the package.

binaryPkgs string (string)[]

Names of the distro binary package names (packages which are built from the source of the package).

block boolean

Indicates if the vulnerability has a block effect (true) or not (false).

cause string

Additional information regarding the root cause for the vulnerability.

cri boolean

Indicates if this is a CRI-specific vulnerability (true) or not (false).

custom boolean

Indicates if the vulnerability is a custom vulnerability (e.g., openscap, sandbox) (true) or not (false).

cve string

CVE ID of the vulnerability (if applied).

cvss float

CVSS score of the vulnerability.

description string

Description of the vulnerability.

discovered date-time

Specifies the time of discovery for the vulnerability.

exploit vuln.ExploitType (string)

Possible values: [,exploit-db,exploit-windows,cisa-kev]

ExploitType represents the source of an exploit

exploits object[]

Exploits represents the exploits data found for a CVE

Array [

kind vuln.ExploitKind (string)

Possible values: [poc,in-the-wild]

ExploitKind represents the kind of the exploit

link string

Link is a link to information about the exploit.

source vuln.ExploitType (string)

Possible values: [,exploit-db,exploit-windows,cisa-kev]

ExploitType represents the source of an exploit

]

fixDate int64

Date/time when the vulnerability was fixed (in Unix time).

fixLink string

Link to the vendor's fixed-version information.

functionLayer string

Specifies the serverless layer ID in which the vulnerability was discovered.

gracePeriodDays integer

Number of grace days left for a vulnerability, based on the configured grace period. Nil if no block vulnerability rule applies.

id integer

ID of the violation.

layerTime int64

Date/time of the image layer to which the CVE belongs.

link string

Vendor link to the CVE.

packageName string

Name of the package that caused the vulnerability.

packageType vuln.PackageType (string)

Possible values: [nodejs,gem,python,jar,package,windows,binary,nuget,go,app,unknown]

PackageType describes the package type

packageVersion string

Version of the package that caused the vulnerability (or null).

published int64

Date/time when the vulnerability was published (in Unix time).

riskFactors object

RiskFactors maps the existence of vulnerability risk factors

property name* string (string)

secret object

Secret represents a secret found on the scanned workload

locationInFile string

LocationInFile is the line and offset in the file where the secret was found.

modifiedTime int64

ModifiedTime is the modification time of the file containing the secret.

path string

Path is the path of the file in which the secret was found.

snippet string

Snippet is the partial plain secret.

type vuln.SecretType (string)

Possible values: [AWS Access Key ID,AWS Secret Key,AWS MWS Auth Token,Azure Storage Account Access Key,Azure Service Principal,GCP Service Account Auth Key,Private Encryption Key,Public Encryption Key,PEM X509 Certificate Header,SSH Authorized Keys,Artifactory API Token,Artifactory Password,Basic Auth Credentials,Mailchimp Access Key,NPM Token,Slack Token,Slack Webhook,Square OAuth Secret,Notion Integration Token,Airtable API Key,Atlassian Oauth2 Keys,CircleCI Personal Token,Databricks Authentication Token,GitHub Token,GitLab Token,Google API key,Grafana Token,Python Package Index Key (PYPI),Typeform API Token,Scalr Token,Braintree Access Token,Braintree Payments Key,Paypal Token Key,Braintree Payments ID,Datadog Client Token,ClickUp Personal API Token,OpenAI API Key,Java DB Connectivity (JDBC),MongoDB,.Net SQL Server]

SecretType represents a secret type

severity string

Textual representation of the vulnerability's severity.

status string

Vendor status for the vulnerability.

templates vuln.ComplianceTemplate (string)[]

Possible values: [PCI,HIPAA,NIST SP 800-190,GDPR,DISA STIG]

List of templates with which the vulnerability is associated.

text string

Description of the violation.

title string

Compliance title.

twistlock boolean

Indicates if this is a Twistlock-specific vulnerability (true) or not (false).

type vuln.Type (string)

Possible values: [container,image,host_config,daemon_config,daemon_config_files,security_operations,k8s_master,k8s_worker,k8s_federation,linux,windows,istio,serverless,custom,docker_stig,openshift_master,openshift_worker,application_control_linux,gke_worker,image_malware,host_malware,aks_worker,eks_worker,image_secret,host_secret]

Type represents the vulnerability type

vecStr string

Textual representation of the metric values used to score the vulnerability.

vulnTagInfos object[]

Tag information for the vulnerability.

Array [

color common.Color (string)

Color is a hexadecimal representation of color code value

comment string

Tag comment in a specific vulnerability context.

name string

Name of the tag.

]

wildfireMalware object

WildFireMalware holds the data for WildFire malicious MD5

md5 string

MD5 is the hash of the malicious binary.

path string

Path is the path to malicious binary.

verdict string

Verdict is the malicious source like grayware, malware and phishing.

]

]

id string

ID of the image.

labels object

Image labels.

property name* string (string)

layers string (string)[]

Image filesystem layers.

os string

Image os type.

repoDigest string (string)[]

Image repo digests.

repoTags string (string)[]

Image repo tags.

user string

Image user.

workingDir string

Base working directory of the image.

installedProducts object

InstalledProducts contains data regarding products running in environment TODO #34713: Swarm support was deprecated in Joule, remove swarm node/manager boolean (and related compliance) in Lagrange

agentless boolean

Agentless indicates whether the scan was performed with agentless approach.

apache string

Apache indicates the apache server version, empty in case apache not running.

awsCloud boolean

AWSCloud indicates whether AWS cloud is used.

clusterType common.ClusterType (string)

Possible values: [AKS,ECS,EKS,GKE,Kubernetes]

ClusterType is the cluster type

crio boolean

CRI indicates whether the container runtime is CRI (and not docker).

docker string

Docker represents the docker daemon version.

dockerEnterprise boolean

DockerEnterprise indicates whether the enterprise version of Docker is installed.

hasPackageManager boolean

HasPackageManager indicates whether package manager is installed on the OS.

k8sApiServer boolean

K8sAPIServer indicates whether a kubernetes API server is running.

k8sControllerManager boolean

K8sControllerManager indicates whether a kubernetes controller manager is running.

k8sEtcd boolean

K8sEtcd indicates whether etcd is running.

k8sFederationApiServer boolean

K8sFederationAPIServer indicates whether a federation API server is running.

k8sFederationControllerManager boolean

K8sFederationControllerManager indicates whether a federation controller manager is running.

k8sKubelet boolean

K8sKubelet indicates whether kubelet is running.

k8sProxy boolean

K8sProxy indicates whether a kubernetes proxy is running.

k8sScheduler boolean

K8sScheduler indicates whether the kubernetes scheduler is running.

kubernetes string

Kubernetes represents the kubernetes version.

managedClusterVersion string

ManagedClusterVersion is the version of the managed Kubernetes service, e.g. AKS/EKS/GKE/etc.

openshift boolean

Openshift indicates whether openshift is deployed.

openshiftVersion string

OpenshiftVersion represents the running openshift version.

osDistro string

OSDistro specifies the os distribution.

serverless boolean

Serverless indicates whether evaluated on a serverless environment.

swarmManager boolean

SwarmManager indicates whether a swarm manager is running.

swarmNode boolean

SwarmNode indicates whether the node is part of an active swarm.

isARM64 boolean

IsARM64 indicates if the architecture of the image is aarch64.

k8sClusterAddr string

Endpoint of the Kubernetes API server.

labels string (string)[]

Image labels.

layers string (string)[]

Image's filesystem layers. Each layer is a SHA256 digest of the filesystem diff See: https://windsock.io/explaining-docker-image-ids/.

missingDistroVulnCoverage boolean

Indicates if the image OS is covered in the IS (true) or not (false).

namespaces string (string)[]

k8s namespaces of all the containers running this image.

osDistro string

Name of the OS distribution.

osDistroRelease string

OS distribution release.

osDistroVersion string

OS distribution version.

packageManager boolean

Indicates if the package manager is installed for the OS.

packages object[]

Packages which exist in the image.

Array [

pkgs object[]

List of packages.

Array [

binaryIdx int16 (integer)[]

Indexes of the top binaries which use the package.

binaryPkgs string (string)[]

Names of the distro binary packages (packages which are built on the source of the package).

cveCount integer

Total number of CVEs for this specific package.

defaultGem boolean

DefaultGem indicates this is a gem default package (and not a bundled package).

files object[]

List of package-related files and their hashes. Only included when the appropriate scan option is set.

Array [

md5 string

Hash sum of the file using md5.

path string

Path of the file.

sha1 string

Hash sum of the file using SHA-1.

sha256 string

Hash sum of the file using SHA256.

]

functionLayer string

ID of the serverless layer in which the package was discovered.

goPkg boolean

GoPkg indicates this is a Go package (and not module).

jarIdentifier string

JarIdentifier holds an additional identification detail of a JAR package.

layerTime int64

Image layer to which the package belongs (layer creation time).

license string

License information for the package.

name string

Name of the package.

originPackageName string

OriginPackageName is the name of the third-party origin package.

osPackage boolean

OSPackage indicates that a python/java package was installed as an OS package.

path string

Full package path (e.g., JAR or Node.js package path).

purl string

PURL is a package URL identifier for this package.

securityRepoPkg boolean

SecurityRepoPkg determines if this package is available in a security repository.

symbols string (string)[]

Symbols contains names of vulnerable functions that are linked in the executable binary, empty if the entire package is vulnerable.

version string

Package version.

]

pkgsType vuln.PackageType (string)

Possible values: [nodejs,gem,python,jar,package,windows,binary,nuget,go,app,unknown]

PackageType describes the package type

]

pushTime date-time

PushTime is the image push time to the registry.

redHatNonRPMImage boolean

RedHatNonRPMImage indicates whether the image is a Red Hat image with non-RPM content.

registryNamespace string

IBM cloud namespace to which the image belongs.

registryTags string (string)[]

RegistryTags are the tags of the registry this image is stored.

registryType string

RegistryType indicates the registry type where the image is stored.

repoDigests string (string)[]

Digests of the image. Used for content trust (notary). Has one digest per tag.

repoTag object

ImageTag represents an image repository and its associated tag or registry digest

digest string

Image digest (requires V2 or later registry).

id string

ID of the image.

registry string

Registry name to which the image belongs.

repo string

Repository name to which the image belongs.

tag string

Image tag.

rhelRepos string (string)[]

RhelRepositories are the (RPM) repositories IDs from which the packages in this image were installed Used for matching vulnerabilities by Red Hat CPEs.

riskFactors object

RiskFactors maps the existence of vulnerability risk factors

property name* string (string)

scanBuildDate string

Scanner build date that published the image.

scanVersion string

Scanner version that published the image.

secretScanMetrics object

SecretScanMetrics represents metrics collected during secret scan

failedScans int64

FailedScans represents number of failed scans caused by scanner errors.

foundSecrets integer

FoundSecrets represents number of detected secrets.

scanTime int64

ScanTime represents cumulative secret scan time in microseconds.

scanTimeouts int64

ScanTimeouts represents number of failed scans caused by timeout.

scannedFileSize int64

ScannedFileSize represents accumulated size of scanned files.

scannedFiles int64

ScannedFiles represents number of text files scanned for secrets.

totalBytes int64

TotalBytes represents accumulated file size.

totalFiles int64

TotalFiles represents number of files read for secrets.

totalTime int64

TotalTime represents the total time in microseconds.

typesCount object

TypesCount represents distribution of secrets by its type.

property name* int (integer)

startupBinaries object[]

Binaries which are expected to run when the container is created from this image.

Array [

altered boolean

Indicates if the binary was installed from a package manager and modified/replaced (true) or not (false).

cveCount integer

Total number of CVEs for this specific binary.

deps string (string)[]

Third-party package files which are used by the binary.

fileMode integer

Represents the file's mode and permission bits.

functionLayer string

ID of the serverless layer in which the package was discovered.

md5 string

Md5 hashset of the binary.

missingPkg boolean

Indicates if this binary is not related to any package (true) or not (false).

name string

Name of the binary.

path string

Path is the path of the binary.

pkgRootDir string

Path for searching packages used by the binary.

services string (string)[]

Names of services which use the binary.

version string

Version of the binary.

]

tags object[]

Tags associated with the given image.

Array [

digest string

Image digest (requires V2 or later registry).

id string

ID of the image.

registry string

Registry name to which the image belongs.

repo string

Repository name to which the image belongs.

tag string

Image tag.

]

topLayer string

SHA256 of the image's last layer that is the last element of the Layers field.

twistlockImage boolean

Indicates if the image is a Twistlock image (true) or not (false).

vulnerabilities object[]

CVE vulnerabilities of the image.

Array [

applicableRules string (string)[]

Rules applied on the package.

binaryPkgs string (string)[]

Names of the distro binary package names (packages which are built from the source of the package).

block boolean

Indicates if the vulnerability has a block effect (true) or not (false).

cause string

Additional information regarding the root cause for the vulnerability.

cri boolean

Indicates if this is a CRI-specific vulnerability (true) or not (false).

custom boolean

Indicates if the vulnerability is a custom vulnerability (e.g., openscap, sandbox) (true) or not (false).

cve string

CVE ID of the vulnerability (if applied).

cvss float

CVSS score of the vulnerability.

description string

Description of the vulnerability.

discovered date-time

Specifies the time of discovery for the vulnerability.

exploit vuln.ExploitType (string)

Possible values: [,exploit-db,exploit-windows,cisa-kev]

ExploitType represents the source of an exploit

exploits object[]

Exploits represents the exploits data found for a CVE

Array [

kind vuln.ExploitKind (string)

Possible values: [poc,in-the-wild]

ExploitKind represents the kind of the exploit

link string

Link is a link to information about the exploit.

source vuln.ExploitType (string)

Possible values: [,exploit-db,exploit-windows,cisa-kev]

ExploitType represents the source of an exploit

]

fixDate int64

Date/time when the vulnerability was fixed (in Unix time).

fixLink string

Link to the vendor's fixed-version information.

functionLayer string

Specifies the serverless layer ID in which the vulnerability was discovered.

gracePeriodDays integer

Number of grace days left for a vulnerability, based on the configured grace period. Nil if no block vulnerability rule applies.

id integer

ID of the violation.

layerTime int64

Date/time of the image layer to which the CVE belongs.

link string

Vendor link to the CVE.

packageName string

Name of the package that caused the vulnerability.

packageType vuln.PackageType (string)

Possible values: [nodejs,gem,python,jar,package,windows,binary,nuget,go,app,unknown]

PackageType describes the package type

packageVersion string

Version of the package that caused the vulnerability (or null).

published int64

Date/time when the vulnerability was published (in Unix time).

riskFactors object

RiskFactors maps the existence of vulnerability risk factors

property name* string (string)

secret object

Secret represents a secret found on the scanned workload

locationInFile string

LocationInFile is the line and offset in the file where the secret was found.

modifiedTime int64

ModifiedTime is the modification time of the file containing the secret.

path string

Path is the path of the file in which the secret was found.

snippet string

Snippet is the partial plain secret.

type vuln.SecretType (string)

Possible values: [AWS Access Key ID,AWS Secret Key,AWS MWS Auth Token,Azure Storage Account Access Key,Azure Service Principal,GCP Service Account Auth Key,Private Encryption Key,Public Encryption Key,PEM X509 Certificate Header,SSH Authorized Keys,Artifactory API Token,Artifactory Password,Basic Auth Credentials,Mailchimp Access Key,NPM Token,Slack Token,Slack Webhook,Square OAuth Secret,Notion Integration Token,Airtable API Key,Atlassian Oauth2 Keys,CircleCI Personal Token,Databricks Authentication Token,GitHub Token,GitLab Token,Google API key,Grafana Token,Python Package Index Key (PYPI),Typeform API Token,Scalr Token,Braintree Access Token,Braintree Payments Key,Paypal Token Key,Braintree Payments ID,Datadog Client Token,ClickUp Personal API Token,OpenAI API Key,Java DB Connectivity (JDBC),MongoDB,.Net SQL Server]

SecretType represents a secret type

severity string

Textual representation of the vulnerability's severity.

status string

Vendor status for the vulnerability.

templates vuln.ComplianceTemplate (string)[]

Possible values: [PCI,HIPAA,NIST SP 800-190,GDPR,DISA STIG]

List of templates with which the vulnerability is associated.

text string

Description of the violation.

title string

Compliance title.

twistlock boolean

Indicates if this is a Twistlock-specific vulnerability (true) or not (false).

type vuln.Type (string)

Possible values: [container,image,host_config,daemon_config,daemon_config_files,security_operations,k8s_master,k8s_worker,k8s_federation,linux,windows,istio,serverless,custom,docker_stig,openshift_master,openshift_worker,application_control_linux,gke_worker,image_malware,host_malware,aks_worker,eks_worker,image_secret,host_secret]

Type represents the vulnerability type

vecStr string

Textual representation of the metric values used to score the vulnerability.

vulnTagInfos object[]

Tag information for the vulnerability.

Array [

color common.Color (string)

Color is a hexadecimal representation of color code value

comment string

Tag comment in a specific vulnerability context.

name string

Name of the tag.

]

wildfireMalware object

WildFireMalware holds the data for WildFire malicious MD5

md5 string

MD5 is the hash of the malicious binary.

path string

Path is the path to malicious binary.

verdict string

Verdict is the malicious source like grayware, malware and phishing.

]

vulnerabilitiesCount integer

Total number of vulnerabilities.

vulnerabilityDistribution object

Distribution counts the number of vulnerabilities per type

critical integer

.

high integer

.

low integer

.

medium integer

.

total integer

.

vulnerabilityRiskScore float

Image's CVE risk score.

vulnerabilityRiskScore float

Code repository's CVE risk score. Used for sorting.

vulnerableFiles integer

Counts how many files have vulnerabilities. Vulnerability info is calculated on demand.

Example (from schema)

{
  "_id": "string",
  "collections": [
    "string"
  ],
  "complianceRiskScore": 0,
  "files": [
    {
      "dependencies": [
        {
          "devDependency": true,
          "lastResolved": "2024-04-19T21:44:44.374Z",
          "licenseSeverity": "string",
          "licenses": [
            [
              "0BSD",
              "AAL",
              "ADSL",
              "AFL-1.1",
              "AFL-1.2",
              "AFL-2.0",
              "AFL-2.1",
              "AFL-3.0",
              "AGPL-1.0",
              "AGPL-1.0-only",
              "AGPL-1.0-or-later",
              "AGPL-3.0",
              "AGPL-3.0-only",
              "AGPL-3.0-or-later",
              "AMDPLPA",
              "AML",
              "AMPAS",
              "ANTLR-PD",
              "ANTLR-PD-fallback",
              "APAFML",
              "APL-1.0",
              "APSL-1.0",
              "APSL-1.1",
              "APSL-1.2",
              "APSL-2.0",
              "Abstyles",
              "Adobe-2006",
              "Adobe-Glyph",
              "Afmparse",
              "Aladdin",
              "Apache-1.0",
              "Apache-1.1",
              "Apache-2.0",
              "Artistic-1.0",
              "Artistic-1.0-Perl",
              "Artistic-1.0-cl8",
              "Artistic-2.0",
              "BSD-1-Clause",
              "BSD-2-Clause",
              "BSD-2-Clause-FreeBSD",
              "BSD-2-Clause-NetBSD",
              "BSD-2-Clause-Patent",
              "BSD-2-Clause-Views",
              "BSD-3-Clause",
              "BSD-3-Clause-Attribution",
              "BSD-3-Clause-Clear",
              "BSD-3-Clause-LBNL",
              "BSD-3-Clause-No-Nuclear-License",
              "BSD-3-Clause-No-Nuclear-License-2014",
              "BSD-3-Clause-No-Nuclear-Warranty",
              "BSD-3-Clause-Open-MPI",
              "BSD-4-Clause",
              "BSD-4-Clause-UC",
              "BSD-Protection",
              "BSD-Source-Code",
              "BSL-1.0",
              "BUSL-1.1",
              "Bahyph",
              "Barr",
              "Beerware",
              "BitTorrent-1.0",
              "BitTorrent-1.1",
              "BlueOak-1.0.0",
              "Borceux",
              "CAL-1.0",
              "CAL-1.0-Combined-Work-Exception",
              "CATOSL-1.1",
              "CC-BY-1.0",
              "CC-BY-2.0",
              "CC-BY-2.5",
              "CC-BY-3.0",
              "CC-BY-3.0-AT",
              "CC-BY-3.0-US",
              "CC-BY-4.0",
              "CC-BY-NC-1.0",
              "CC-BY-NC-2.0",
              "CC-BY-NC-2.5",
              "CC-BY-NC-3.0",
              "CC-BY-NC-4.0",
              "CC-BY-NC-ND-1.0",
              "CC-BY-NC-ND-2.0",
              "CC-BY-NC-ND-2.5",
              "CC-BY-NC-ND-3.0",
              "CC-BY-NC-ND-3.0-IGO",
              "CC-BY-NC-ND-4.0",
              "CC-BY-NC-SA-1.0",
              "CC-BY-NC-SA-2.0",
              "CC-BY-NC-SA-2.5",
              "CC-BY-NC-SA-3.0",
              "CC-BY-NC-SA-4.0",
              "CC-BY-ND-1.0",
              "CC-BY-ND-2.0",
              "CC-BY-ND-2.5",
              "CC-BY-ND-3.0",
              "CC-BY-ND-4.0",
              "CC-BY-SA-1.0",
              "CC-BY-SA-2.0",
              "CC-BY-SA-2.0-UK",
              "CC-BY-SA-2.5",
              "CC-BY-SA-3.0",
              "CC-BY-SA-3.0-AT",
              "CC-BY-SA-4.0",
              "CC-PDDC",
              "CC0-1.0",
              "CDDL-1.0",
              "CDDL-1.1",
              "CDLA-Permissive-1.0",
              "CDLA-Sharing-1.0",
              "CECILL-1.0",
              "CECILL-1.1",
              "CECILL-2.0",
              "CECILL-2.1",
              "CECILL-B",
              "CECILL-C",
              "CERN-OHL-1.1",
              "CERN-OHL-1.2",
              "CERN-OHL-P-2.0",
              "CERN-OHL-S-2.0",
              "CERN-OHL-W-2.0",
              "CNRI-Jython",
              "CNRI-Python",
              "CNRI-Python-GPL-Compatible",
              "CPAL-1.0",
              "CPL-1.0",
              "CPOL-1.02",
              "CUA-OPL-1.0",
              "Caldera",
              "ClArtistic",
              "Condor-1.1",
              "Crossword",
              "CrystalStacker",
              "Cube",
              "D-FSL-1.0",
              "DOC",
              "DSDP",
              "Dotseqn",
              "ECL-1.0",
              "ECL-2.0",
              "EFL-1.0",
              "EFL-2.0",
              "EPICS",
              "EPL-1.0",
              "EPL-2.0",
              "EUDatagrid",
              "EUPL-1.0",
              "EUPL-1.1",
              "EUPL-1.2",
              "Entessa",
              "ErlPL-1.1",
              "Eurosym",
              "FSFAP",
              "FSFUL",
              "FSFULLR",
              "FTL",
              "Fair",
              "Frameworx-1.0",
              "FreeImage",
              "GFDL-1.1",
              "GFDL-1.1-invariants-only",
              "GFDL-1.1-invariants-or-later",
              "GFDL-1.1-no-invariants-only",
              "GFDL-1.1-no-invariants-or-later",
              "GFDL-1.1-only",
              "GFDL-1.1-or-later",
              "GFDL-1.2",
              "GFDL-1.2-invariants-only",
              "GFDL-1.2-invariants-or-later",
              "GFDL-1.2-no-invariants-only",
              "GFDL-1.2-no-invariants-or-later",
              "GFDL-1.2-only",
              "GFDL-1.2-or-later",
              "GFDL-1.3",
              "GFDL-1.3-invariants-only",
              "GFDL-1.3-invariants-or-later",
              "GFDL-1.3-no-invariants-only",
              "GFDL-1.3-no-invariants-or-later",
              "GFDL-1.3-only",
              "GFDL-1.3-or-later",
              "GL2PS",
              "GLWTPL",
              "GPL-1.0",
              "GPL-1.0+",
              "GPL-1.0-only",
              "GPL-1.0-or-later",
              "GPL-2.0",
              "GPL-2.0+",
              "GPL-2.0-only",
              "GPL-2.0-or-later",
              "GPL-2.0-with-GCC-exception",
              "GPL-2.0-with-autoconf-exception",
              "GPL-2.0-with-bison-exception",
              "GPL-2.0-with-classpath-exception",
              "GPL-2.0-with-font-exception",
              "GPL-3.0",
              "GPL-3.0+",
              "GPL-3.0-only",
              "GPL-3.0-or-later",
              "GPL-3.0-with-GCC-exception",
              "GPL-3.0-with-autoconf-exception",
              "Giftware",
              "Glide",
              "Glulxe",
              "HPND",
              "HPND-sell-variant",
              "HTMLTIDY",
              "HaskellReport",
              "Hippocratic-2.1",
              "IBM-pibs",
              "ICU",
              "IJG",
              "IPA",
              "IPL-1.0",
              "ISC",
              "ImageMagick",
              "Imlib2",
              "Info-ZIP",
              "Intel",
              "Intel-ACPI",
              "Interbase-1.0",
              "JPNIC",
              "JSON",
              "JasPer-2.0",
              "LAL-1.2",
              "LAL-1.3",
              "LGPL-2.0",
              "LGPL-2.0+",
              "LGPL-2.0-only",
              "LGPL-2.0-or-later",
              "LGPL-2.1",
              "LGPL-2.1+",
              "LGPL-2.1-only",
              "LGPL-2.1-or-later",
              "LGPL-3.0",
              "LGPL-3.0+",
              "LGPL-3.0-only",
              "LGPL-3.0-or-later",
              "LGPLLR",
              "LPL-1.0",
              "LPL-1.02",
              "LPPL-1.0",
              "LPPL-1.1",
              "LPPL-1.2",
              "LPPL-1.3a",
              "LPPL-1.3c",
              "Latex2e",
              "Leptonica",
              "LiLiQ-P-1.1",
              "LiLiQ-R-1.1",
              "LiLiQ-Rplus-1.1",
              "Libpng",
              "Linux-OpenIB",
              "MIT",
              "MIT-0",
              "MIT-CMU",
              "MIT-advertising",
              "MIT-enna",
              "MIT-feh",
              "MIT-open-group",
              "MITNFA",
              "MPL-1.0",
              "MPL-1.1",
              "MPL-2.0",
              "MPL-2.0-no-copyleft-exception",
              "MS-PL",
              "MS-RL",
              "MTLL",
              "MakeIndex",
              "MirOS",
              "Motosoto",
              "MulanPSL-1.0",
              "MulanPSL-2.0",
              "Multics",
              "Mup",
              "NASA-1.3",
              "NBPL-1.0",
              "NCGL-UK-2.0",
              "NCSA",
              "NGPL",
              "NIST-PD",
              "NIST-PD-fallback",
              "NLOD-1.0",
              "NLPL",
              "NOSL",
              "NPL-1.0",
              "NPL-1.1",
              "NPOSL-3.0",
              "NRL",
              "NTP",
              "NTP-0",
              "Naumen",
              "Net-SNMP",
              "NetCDF",
              "Newsletr",
              "Nokia",
              "Noweb",
              "Nunit",
              "O-UDA-1.0",
              "OCCT-PL",
              "OCLC-2.0",
              "ODC-By-1.0",
              "ODbL-1.0",
              "OFL-1.0",
              "OFL-1.0-RFN",
              "OFL-1.0-no-RFN",
              "OFL-1.1",
              "OFL-1.1-RFN",
              "OFL-1.1-no-RFN",
              "OGC-1.0",
              "OGL-Canada-2.0",
              "OGL-UK-1.0",
              "OGL-UK-2.0",
              "OGL-UK-3.0",
              "OGTSL",
              "OLDAP-1.1",
              "OLDAP-1.2",
              "OLDAP-1.3",
              "OLDAP-1.4",
              "OLDAP-2.0",
              "OLDAP-2.0.1",
              "OLDAP-2.1",
              "OLDAP-2.2",
              "OLDAP-2.2.1",
              "OLDAP-2.2.2",
              "OLDAP-2.3",
              "OLDAP-2.4",
              "OLDAP-2.5",
              "OLDAP-2.6",
              "OLDAP-2.7",
              "OLDAP-2.8",
              "OML",
              "OPL-1.0",
              "OSET-PL-2.1",
              "OSL-1.0",
              "OSL-1.1",
              "OSL-2.0",
              "OSL-2.1",
              "OSL-3.0",
              "OpenSSL",
              "PDDL-1.0",
              "PHP-3.0",
              "PHP-3.01",
              "PSF-2.0",
              "Parity-6.0.0",
              "Parity-7.0.0",
              "Plexus",
              "PolyForm-Noncommercial-1.0.0",
              "PolyForm-Small-Business-1.0.0",
              "PostgreSQL",
              "Python-2.0",
              "QPL-1.0",
              "Qhull",
              "RHeCos-1.1",
              "RPL-1.1",
              "RPL-1.5",
              "RPSL-1.0",
              "RSA-MD",
              "RSCPL",
              "Rdisc",
              "Ruby",
              "SAX-PD",
              "SCEA",
              "SGI-B-1.0",
              "SGI-B-1.1",
              "SGI-B-2.0",
              "SHL-0.5",
              "SHL-0.51",
              "SISSL",
              "SISSL-1.2",
              "SMLNJ",
              "SMPPL",
              "SNIA",
              "SPL-1.0",
              "SSH-OpenSSH",
              "SSH-short",
              "SSPL-1.0",
              "SWL",
              "Saxpath",
              "Sendmail",
              "Sendmail-8.23",
              "SimPL-2.0",
              "Sleepycat",
              "Spencer-86",
              "Spencer-94",
              "Spencer-99",
              "StandardML-NJ",
              "SugarCRM-1.1.3",
              "TAPR-OHL-1.0",
              "TCL",
              "TCP-wrappers",
              "TMate",
              "TORQUE-1.1",
              "TOSL",
              "TU-Berlin-1.0",
              "TU-Berlin-2.0",
              "UCL-1.0",
              "UPL-1.0",
              "Unicode-DFS-2015",
              "Unicode-DFS-2016",
              "Unicode-TOU",
              "Unlicense",
              "VOSTROM",
              "VSL-1.0",
              "Vim",
              "W3C",
              "W3C-19980720",
              "W3C-20150513",
              "WTFPL",
              "Watcom-1.0",
              "Wsuipa",
              "X11",
              "XFree86-1.1",
              "XSkat",
              "Xerox",
              "Xnet",
              "YPL-1.0",
              "YPL-1.1",
              "ZPL-1.1",
              "ZPL-2.0",
              "ZPL-2.1",
              "Zed",
              "Zend-2.0",
              "Zimbra-1.3",
              "Zimbra-1.4",
              "Zlib",
              "blessing",
              "bzip2-1.0.5",
              "bzip2-1.0.6",
              "copyleft-next-0.3.0",
              "copyleft-next-0.3.1",
              "curl",
              "diffmark",
              "dvipdfm",
              "eCos-2.0",
              "eGenix",
              "etalab-2.0",
              "gSOAP-1.3b",
              "gnuplot",
              "iMatix",
              "libpng-2.0",
              "libselinux-1.0",
              "libtiff",
              "mpich2",
              "psfrag",
              "psutils",
              "wxWindows",
              "xinetd",
              "xpp",
              "zlib-acknowledgement"
            ]
          ],
          "name": "string",
          "rawRequirement": "string",
          "unsupported": true,
          "version": "string",
          "vulnerabilities": [
            {
              "applicableRules": [
                "string"
              ],
              "binaryPkgs": [
                "string"
              ],
              "block": true,
              "cause": "string",
              "cri": true,
              "custom": true,
              "cve": "string",
              "cvss": 0,
              "description": "string",
              "discovered": "2024-04-19T21:44:44.375Z",
              "exploit": [
                "",
                "exploit-db",
                "exploit-windows",
                "cisa-kev"
              ],
              "exploits": [
                {
                  "kind": [
                    "poc",
                    "in-the-wild"
                  ],
                  "link": "string",
                  "source": [
                    "",
                    "exploit-db",
                    "exploit-windows",
                    "cisa-kev"
                  ]
                }
              ],
              "fixDate": 0,
              "fixLink": "string",
              "functionLayer": "string",
              "gracePeriodDays": 0,
              "id": 0,
              "layerTime": 0,
              "link": "string",
              "packageName": "string",
              "packageType": [
                "nodejs",
                "gem",
                "python",
                "jar",
                "package",
                "windows",
                "binary",
                "nuget",
                "go",
                "app",
                "unknown"
              ],
              "packageVersion": "string",
              "published": 0,
              "riskFactors": {},
              "secret": {
                "locationInFile": "string",
                "modifiedTime": 0,
                "path": "string",
                "snippet": "string",
                "type": [
                  "AWS Access Key ID",
                  "AWS Secret Key",
                  "AWS MWS Auth Token",
                  "Azure Storage Account Access Key",
                  "Azure Service Principal",
                  "GCP Service Account Auth Key",
                  "Private Encryption Key",
                  "Public Encryption Key",
                  "PEM X509 Certificate Header",
                  "SSH Authorized Keys",
                  "Artifactory API Token",
                  "Artifactory Password",
                  "Basic Auth Credentials",
                  "Mailchimp Access Key",
                  "NPM Token",
                  "Slack Token",
                  "Slack Webhook",
                  "Square OAuth Secret",
                  "Notion Integration Token",
                  "Airtable API Key",
                  "Atlassian Oauth2 Keys",
                  "CircleCI Personal Token",
                  "Databricks Authentication Token",
                  "GitHub Token",
                  "GitLab Token",
                  "Google API key",
                  "Grafana Token",
                  "Python Package Index Key (PYPI)",
                  "Typeform API Token",
                  "Scalr Token",
                  "Braintree Access Token",
                  "Braintree Payments Key",
                  "Paypal Token Key",
                  "Braintree Payments ID",
                  "Datadog Client Token",
                  "ClickUp Personal API Token",
                  "OpenAI API Key",
                  "Java DB Connectivity (JDBC)",
                  "MongoDB",
                  ".Net SQL Server"
                ]
              },
              "severity": "string",
              "status": "string",
              "templates": [
                [
                  "PCI",
                  "HIPAA",
                  "NIST SP 800-190",
                  "GDPR",
                  "DISA STIG"
                ]
              ],
              "text": "string",
              "title": "string",
              "twistlock": true,
              "type": [
                "container",
                "image",
                "host_config",
                "daemon_config",
                "daemon_config_files",
                "security_operations",
                "k8s_master",
                "k8s_worker",
                "k8s_federation",
                "linux",
                "windows",
                "istio",
                "serverless",
                "custom",
                "docker_stig",
                "openshift_master",
                "openshift_worker",
                "application_control_linux",
                "gke_worker",
                "image_malware",
                "host_malware",
                "aks_worker",
                "eks_worker",
                "image_secret",
                "host_secret"
              ],
              "vecStr": "string",
              "vulnTagInfos": [
                {
                  "color": "string",
                  "comment": "string",
                  "name": "string"
                }
              ],
              "wildfireMalware": {
                "md5": "string",
                "path": "string",
                "verdict": "string"
              }
            }
          ]
        }
      ],
      "distribution": {
        "critical": 0,
        "high": 0,
        "low": 0,
        "medium": 0,
        "total": 0
      },
      "path": "string",
      "type": [
        "nodejs",
        "gem",
        "python",
        "jar",
        "package",
        "windows",
        "binary",
        "nuget",
        "go",
        "app",
        "unknown"
      ]
    }
  ],
  "pass": true,
  "repository": {
    "build": "string",
    "defaultBranch": "string",
    "digest": "string",
    "fullName": "string",
    "jobName": "string",
    "name": "string",
    "owner": "string",
    "private": true,
    "size": 0,
    "url": "string"
  },
  "scanTime": "2024-04-19T21:44:44.375Z",
  "type": [
    "github",
    "CI"
  ],
  "updateTime": "2024-04-19T21:44:44.375Z",
  "vulnInfo": {
    "Secrets": [
      "string"
    ],
    "allCompliance": {
      "compliance": [
        {
          "applicableRules": [
            "string"
          ],
          "binaryPkgs": [
            "string"
          ],
          "block": true,
          "cause": "string",
          "cri": true,
          "custom": true,
          "cve": "string",
          "cvss": 0,
          "description": "string",
          "discovered": "2024-04-19T21:44:44.376Z",
          "exploit": [
            "",
            "exploit-db",
            "exploit-windows",
            "cisa-kev"
          ],
          "exploits": [
            {
              "kind": [
                "poc",
                "in-the-wild"
              ],
              "link": "string",
              "source": [
                "",
                "exploit-db",
                "exploit-windows",
                "cisa-kev"
              ]
            }
          ],
          "fixDate": 0,
          "fixLink": "string",
          "functionLayer": "string",
          "gracePeriodDays": 0,
          "id": 0,
          "layerTime": 0,
          "link": "string",
          "packageName": "string",
          "packageType": [
            "nodejs",
            "gem",
            "python",
            "jar",
            "package",
            "windows",
            "binary",
            "nuget",
            "go",
            "app",
            "unknown"
          ],
          "packageVersion": "string",
          "published": 0,
          "riskFactors": {},
          "secret": {
            "locationInFile": "string",
            "modifiedTime": 0,
            "path": "string",
            "snippet": "string",
            "type": [
              "AWS Access Key ID",
              "AWS Secret Key",
              "AWS MWS Auth Token",
              "Azure Storage Account Access Key",
              "Azure Service Principal",
              "GCP Service Account Auth Key",
              "Private Encryption Key",
              "Public Encryption Key",
              "PEM X509 Certificate Header",
              "SSH Authorized Keys",
              "Artifactory API Token",
              "Artifactory Password",
              "Basic Auth Credentials",
              "Mailchimp Access Key",
              "NPM Token",
              "Slack Token",
              "Slack Webhook",
              "Square OAuth Secret",
              "Notion Integration Token",
              "Airtable API Key",
              "Atlassian Oauth2 Keys",
              "CircleCI Personal Token",
              "Databricks Authentication Token",
              "GitHub Token",
              "GitLab Token",
              "Google API key",
              "Grafana Token",
              "Python Package Index Key (PYPI)",
              "Typeform API Token",
              "Scalr Token",
              "Braintree Access Token",
              "Braintree Payments Key",
              "Paypal Token Key",
              "Braintree Payments ID",
              "Datadog Client Token",
              "ClickUp Personal API Token",
              "OpenAI API Key",
              "Java DB Connectivity (JDBC)",
              "MongoDB",
              ".Net SQL Server"
            ]
          },
          "severity": "string",
          "status": "string",
          "templates": [
            [
              "PCI",
              "HIPAA",
              "NIST SP 800-190",
              "GDPR",
              "DISA STIG"
            ]
          ],
          "text": "string",
          "title": "string",
          "twistlock": true,
          "type": [
            "container",
            "image",
            "host_config",
            "daemon_config",
            "daemon_config_files",
            "security_operations",
            "k8s_master",
            "k8s_worker",
            "k8s_federation",
            "linux",
            "windows",
            "istio",
            "serverless",
            "custom",
            "docker_stig",
            "openshift_master",
            "openshift_worker",
            "application_control_linux",
            "gke_worker",
            "image_malware",
            "host_malware",
            "aks_worker",
            "eks_worker",
            "image_secret",
            "host_secret"
          ],
          "vecStr": "string",
          "vulnTagInfos": [
            {
              "color": "string",
              "comment": "string",
              "name": "string"
            }
          ],
          "wildfireMalware": {
            "md5": "string",
            "path": "string",
            "verdict": "string"
          }
        }
      ],
      "enabled": true
    },
    "applications": [
      {
        "installedFromPackage": true,
        "knownVulnerabilities": 0,
        "layerTime": 0,
        "name": "string",
        "originPackageName": "string",
        "path": "string",
        "service": true,
        "version": "string"
      }
    ],
    "baseImage": "string",
    "binaries": [
      {
        "altered": true,
        "cveCount": 0,
        "deps": [
          "string"
        ],
        "fileMode": 0,
        "functionLayer": "string",
        "md5": "string",
        "missingPkg": true,
        "name": "string",
        "path": "string",
        "pkgRootDir": "string",
        "services": [
          "string"
        ],
        "version": "string"
      }
    ],
    "cloudMetadata": {
      "accountID": "string",
      "awsExecutionEnv": "string",
      "image": "string",
      "labels": [
        {
          "key": "string",
          "sourceName": "string",
          "sourceType": [
            "namespace",
            "deployment",
            "aws",
            "azure",
            "gcp",
            "oci"
          ],
          "timestamp": "2024-04-19T21:44:44.376Z",
          "value": "string"
        }
      ],
      "name": "string",
      "provider": [
        "aws",
        "azure",
        "gcp",
        "alibaba",
        "oci",
        "others"
      ],
      "region": "string",
      "resourceID": "string",
      "resourceURL": "string",
      "type": "string",
      "vmID": "string",
      "vmImageID": "string"
    },
    "clusterType": [
      "AKS",
      "ECS",
      "EKS",
      "GKE",
      "Kubernetes"
    ],
    "clusters": [
      "string"
    ],
    "complianceDistribution": {
      "critical": 0,
      "high": 0,
      "low": 0,
      "medium": 0,
      "total": 0
    },
    "complianceIssues": [
      {
        "applicableRules": [
          "string"
        ],
        "binaryPkgs": [
          "string"
        ],
        "block": true,
        "cause": "string",
        "cri": true,
        "custom": true,
        "cve": "string",
        "cvss": 0,
        "description": "string",
        "discovered": "2024-04-19T21:44:44.376Z",
        "exploit": [
          "",
          "exploit-db",
          "exploit-windows",
          "cisa-kev"
        ],
        "exploits": [
          {
            "kind": [
              "poc",
              "in-the-wild"
            ],
            "link": "string",
            "source": [
              "",
              "exploit-db",
              "exploit-windows",
              "cisa-kev"
            ]
          }
        ],
        "fixDate": 0,
        "fixLink": "string",
        "functionLayer": "string",
        "gracePeriodDays": 0,
        "id": 0,
        "layerTime": 0,
        "link": "string",
        "packageName": "string",
        "packageType": [
          "nodejs",
          "gem",
          "python",
          "jar",
          "package",
          "windows",
          "binary",
          "nuget",
          "go",
          "app",
          "unknown"
        ],
        "packageVersion": "string",
        "published": 0,
        "riskFactors": {},
        "secret": {
          "locationInFile": "string",
          "modifiedTime": 0,
          "path": "string",
          "snippet": "string",
          "type": [
            "AWS Access Key ID",
            "AWS Secret Key",
            "AWS MWS Auth Token",
            "Azure Storage Account Access Key",
            "Azure Service Principal",
            "GCP Service Account Auth Key",
            "Private Encryption Key",
            "Public Encryption Key",
            "PEM X509 Certificate Header",
            "SSH Authorized Keys",
            "Artifactory API Token",
            "Artifactory Password",
            "Basic Auth Credentials",
            "Mailchimp Access Key",
            "NPM Token",
            "Slack Token",
            "Slack Webhook",
            "Square OAuth Secret",
            "Notion Integration Token",
            "Airtable API Key",
            "Atlassian Oauth2 Keys",
            "CircleCI Personal Token",
            "Databricks Authentication Token",
            "GitHub Token",
            "GitLab Token",
            "Google API key",
            "Grafana Token",
            "Python Package Index Key (PYPI)",
            "Typeform API Token",
            "Scalr Token",
            "Braintree Access Token",
            "Braintree Payments Key",
            "Paypal Token Key",
            "Braintree Payments ID",
            "Datadog Client Token",
            "ClickUp Personal API Token",
            "OpenAI API Key",
            "Java DB Connectivity (JDBC)",
            "MongoDB",
            ".Net SQL Server"
          ]
        },
        "severity": "string",
        "status": "string",
        "templates": [
          [
            "PCI",
            "HIPAA",
            "NIST SP 800-190",
            "GDPR",
            "DISA STIG"
          ]
        ],
        "text": "string",
        "title": "string",
        "twistlock": true,
        "type": [
          "container",
          "image",
          "host_config",
          "daemon_config",
          "daemon_config_files",
          "security_operations",
          "k8s_master",
          "k8s_worker",
          "k8s_federation",
          "linux",
          "windows",
          "istio",
          "serverless",
          "custom",
          "docker_stig",
          "openshift_master",
          "openshift_worker",
          "application_control_linux",
          "gke_worker",
          "image_malware",
          "host_malware",
          "aks_worker",
          "eks_worker",
          "image_secret",
          "host_secret"
        ],
        "vecStr": "string",
        "vulnTagInfos": [
          {
            "color": "string",
            "comment": "string",
            "name": "string"
          }
        ],
        "wildfireMalware": {
          "md5": "string",
          "path": "string",
          "verdict": "string"
        }
      }
    ],
    "complianceIssuesCount": 0,
    "complianceRiskScore": 0,
    "compressed": true,
    "compressedLayerTimes": {
      "appTimes": [
        0
      ],
      "pkgsTimes": [
        {
          "pkgTimes": [
            0
          ],
          "pkgsType": [
            "nodejs",
            "gem",
            "python",
            "jar",
            "package",
            "windows",
            "binary",
            "nuget",
            "go",
            "app",
            "unknown"
          ]
        }
      ]
    },
    "creationTime": "2024-04-19T21:44:44.376Z",
    "distro": "string",
    "ecsClusterName": "string",
    "externalLabels": [
      {
        "key": "string",
        "sourceName": "string",
        "sourceType": [
          "namespace",
          "deployment",
          "aws",
          "azure",
          "gcp",
          "oci"
        ],
        "timestamp": "2024-04-19T21:44:44.377Z",
        "value": "string"
      }
    ],
    "files": [
      {
        "md5": "string",
        "path": "string",
        "sha1": "string",
        "sha256": "string"
      }
    ],
    "firstScanTime": "2024-04-19T21:44:44.377Z",
    "foundSecrets": [
      {
        "locationInFile": "string",
        "modifiedTime": 0,
        "path": "string",
        "snippet": "string",
        "type": [
          "AWS Access Key ID",
          "AWS Secret Key",
          "AWS MWS Auth Token",
          "Azure Storage Account Access Key",
          "Azure Service Principal",
          "GCP Service Account Auth Key",
          "Private Encryption Key",
          "Public Encryption Key",
          "PEM X509 Certificate Header",
          "SSH Authorized Keys",
          "Artifactory API Token",
          "Artifactory Password",
          "Basic Auth Credentials",
          "Mailchimp Access Key",
          "NPM Token",
          "Slack Token",
          "Slack Webhook",
          "Square OAuth Secret",
          "Notion Integration Token",
          "Airtable API Key",
          "Atlassian Oauth2 Keys",
          "CircleCI Personal Token",
          "Databricks Authentication Token",
          "GitHub Token",
          "GitLab Token",
          "Google API key",
          "Grafana Token",
          "Python Package Index Key (PYPI)",
          "Typeform API Token",
          "Scalr Token",
          "Braintree Access Token",
          "Braintree Payments Key",
          "Paypal Token Key",
          "Braintree Payments ID",
          "Datadog Client Token",
          "ClickUp Personal API Token",
          "OpenAI API Key",
          "Java DB Connectivity (JDBC)",
          "MongoDB",
          ".Net SQL Server"
        ]
      }
    ],
    "history": [
      {
        "baseLayer": true,
        "created": 0,
        "emptyLayer": true,
        "id": "string",
        "instruction": "string",
        "sizeBytes": 0,
        "tags": [
          "string"
        ],
        "vulnerabilities": [
          {
            "applicableRules": [
              "string"
            ],
            "binaryPkgs": [
              "string"
            ],
            "block": true,
            "cause": "string",
            "cri": true,
            "custom": true,
            "cve": "string",
            "cvss": 0,
            "description": "string",
            "discovered": "2024-04-19T21:44:44.377Z",
            "exploit": [
              "",
              "exploit-db",
              "exploit-windows",
              "cisa-kev"
            ],
            "exploits": [
              {
                "kind": [
                  "poc",
                  "in-the-wild"
                ],
                "link": "string",
                "source": [
                  "",
                  "exploit-db",
                  "exploit-windows",
                  "cisa-kev"
                ]
              }
            ],
            "fixDate": 0,
            "fixLink": "string",
            "functionLayer": "string",
            "gracePeriodDays": 0,
            "id": 0,
            "layerTime": 0,
            "link": "string",
            "packageName": "string",
            "packageType": [
              "nodejs",
              "gem",
              "python",
              "jar",
              "package",
              "windows",
              "binary",
              "nuget",
              "go",
              "app",
              "unknown"
            ],
            "packageVersion": "string",
            "published": 0,
            "riskFactors": {},
            "secret": {
              "locationInFile": "string",
              "modifiedTime": 0,
              "path": "string",
              "snippet": "string",
              "type": [
                "AWS Access Key ID",
                "AWS Secret Key",
                "AWS MWS Auth Token",
                "Azure Storage Account Access Key",
                "Azure Service Principal",
                "GCP Service Account Auth Key",
                "Private Encryption Key",
                "Public Encryption Key",
                "PEM X509 Certificate Header",
                "SSH Authorized Keys",
                "Artifactory API Token",
                "Artifactory Password",
                "Basic Auth Credentials",
                "Mailchimp Access Key",
                "NPM Token",
                "Slack Token",
                "Slack Webhook",
                "Square OAuth Secret",
                "Notion Integration Token",
                "Airtable API Key",
                "Atlassian Oauth2 Keys",
                "CircleCI Personal Token",
                "Databricks Authentication Token",
                "GitHub Token",
                "GitLab Token",
                "Google API key",
                "Grafana Token",
                "Python Package Index Key (PYPI)",
                "Typeform API Token",
                "Scalr Token",
                "Braintree Access Token",
                "Braintree Payments Key",
                "Paypal Token Key",
                "Braintree Payments ID",
                "Datadog Client Token",
                "ClickUp Personal API Token",
                "OpenAI API Key",
                "Java DB Connectivity (JDBC)",
                "MongoDB",
                ".Net SQL Server"
              ]
            },
            "severity": "string",
            "status": "string",
            "templates": [
              [
                "PCI",
                "HIPAA",
                "NIST SP 800-190",
                "GDPR",
                "DISA STIG"
              ]
            ],
            "text": "string",
            "title": "string",
            "twistlock": true,
            "type": [
              "container",
              "image",
              "host_config",
              "daemon_config",
              "daemon_config_files",
              "security_operations",
              "k8s_master",
              "k8s_worker",
              "k8s_federation",
              "linux",
              "windows",
              "istio",
              "serverless",
              "custom",
              "docker_stig",
              "openshift_master",
              "openshift_worker",
              "application_control_linux",
              "gke_worker",
              "image_malware",
              "host_malware",
              "aks_worker",
              "eks_worker",
              "image_secret",
              "host_secret"
            ],
            "vecStr": "string",
            "vulnTagInfos": [
              {
                "color": "string",
                "comment": "string",
                "name": "string"
              }
            ],
            "wildfireMalware": {
              "md5": "string",
              "path": "string",
              "verdict": "string"
            }
          }
        ]
      }
    ],
    "hostDevices": [
      {
        "ip": "string",
        "name": "string"
      }
    ],
    "id": "string",
    "image": {
      "created": "2024-04-19T21:44:44.377Z",
      "entrypoint": [
        "string"
      ],
      "env": [
        "string"
      ],
      "healthcheck": true,
      "history": [
        {
          "baseLayer": true,
          "created": 0,
          "emptyLayer": true,
          "id": "string",
          "instruction": "string",
          "sizeBytes": 0,
          "tags": [
            "string"
          ],
          "vulnerabilities": [
            {
              "applicableRules": [
                "string"
              ],
              "binaryPkgs": [
                "string"
              ],
              "block": true,
              "cause": "string",
              "cri": true,
              "custom": true,
              "cve": "string",
              "cvss": 0,
              "description": "string",
              "discovered": "2024-04-19T21:44:44.377Z",
              "exploit": [
                "",
                "exploit-db",
                "exploit-windows",
                "cisa-kev"
              ],
              "exploits": [
                {
                  "kind": [
                    "poc",
                    "in-the-wild"
                  ],
                  "link": "string",
                  "source": [
                    "",
                    "exploit-db",
                    "exploit-windows",
                    "cisa-kev"
                  ]
                }
              ],
              "fixDate": 0,
              "fixLink": "string",
              "functionLayer": "string",
              "gracePeriodDays": 0,
              "id": 0,
              "layerTime": 0,
              "link": "string",
              "packageName": "string",
              "packageType": [
                "nodejs",
                "gem",
                "python",
                "jar",
                "package",
                "windows",
                "binary",
                "nuget",
                "go",
                "app",
                "unknown"
              ],
              "packageVersion": "string",
              "published": 0,
              "riskFactors": {},
              "secret": {
                "locationInFile": "string",
                "modifiedTime": 0,
                "path": "string",
                "snippet": "string",
                "type": [
                  "AWS Access Key ID",
                  "AWS Secret Key",
                  "AWS MWS Auth Token",
                  "Azure Storage Account Access Key",
                  "Azure Service Principal",
                  "GCP Service Account Auth Key",
                  "Private Encryption Key",
                  "Public Encryption Key",
                  "PEM X509 Certificate Header",
                  "SSH Authorized Keys",
                  "Artifactory API Token",
                  "Artifactory Password",
                  "Basic Auth Credentials",
                  "Mailchimp Access Key",
                  "NPM Token",
                  "Slack Token",
                  "Slack Webhook",
                  "Square OAuth Secret",
                  "Notion Integration Token",
                  "Airtable API Key",
                  "Atlassian Oauth2 Keys",
                  "CircleCI Personal Token",
                  "Databricks Authentication Token",
                  "GitHub Token",
                  "GitLab Token",
                  "Google API key",
                  "Grafana Token",
                  "Python Package Index Key (PYPI)",
                  "Typeform API Token",
                  "Scalr Token",
                  "Braintree Access Token",
                  "Braintree Payments Key",
                  "Paypal Token Key",
                  "Braintree Payments ID",
                  "Datadog Client Token",
                  "ClickUp Personal API Token",
                  "OpenAI API Key",
                  "Java DB Connectivity (JDBC)",
                  "MongoDB",
                  ".Net SQL Server"
                ]
              },
              "severity": "string",
              "status": "string",
              "templates": [
                [
                  "PCI",
                  "HIPAA",
                  "NIST SP 800-190",
                  "GDPR",
                  "DISA STIG"
                ]
              ],
              "text": "string",
              "title": "string",
              "twistlock": true,
              "type": [
                "container",
                "image",
                "host_config",
                "daemon_config",
                "daemon_config_files",
                "security_operations",
                "k8s_master",
                "k8s_worker",
                "k8s_federation",
                "linux",
                "windows",
                "istio",
                "serverless",
                "custom",
                "docker_stig",
                "openshift_master",
                "openshift_worker",
                "application_control_linux",
                "gke_worker",
                "image_malware",
                "host_malware",
                "aks_worker",
                "eks_worker",
                "image_secret",
                "host_secret"
              ],
              "vecStr": "string",
              "vulnTagInfos": [
                {
                  "color": "string",
                  "comment": "string",
                  "name": "string"
                }
              ],
              "wildfireMalware": {
                "md5": "string",
                "path": "string",
                "verdict": "string"
              }
            }
          ]
        }
      ],
      "id": "string",
      "labels": {},
      "layers": [
        "string"
      ],
      "os": "string",
      "repoDigest": [
        "string"
      ],
      "repoTags": [
        "string"
      ],
      "user": "string",
      "workingDir": "string"
    },
    "installedProducts": {
      "agentless": true,
      "apache": "string",
      "awsCloud": true,
      "clusterType": [
        "AKS",
        "ECS",
        "EKS",
        "GKE",
        "Kubernetes"
      ],
      "crio": true,
      "docker": "string",
      "dockerEnterprise": true,
      "hasPackageManager": true,
      "k8sApiServer": true,
      "k8sControllerManager": true,
      "k8sEtcd": true,
      "k8sFederationApiServer": true,
      "k8sFederationControllerManager": true,
      "k8sKubelet": true,
      "k8sProxy": true,
      "k8sScheduler": true,
      "kubernetes": "string",
      "managedClusterVersion": "string",
      "openshift": true,
      "openshiftVersion": "string",
      "osDistro": "string",
      "serverless": true,
      "swarmManager": true,
      "swarmNode": true
    },
    "isARM64": true,
    "k8sClusterAddr": "string",
    "labels": [
      "string"
    ],
    "layers": [
      "string"
    ],
    "missingDistroVulnCoverage": true,
    "namespaces": [
      "string"
    ],
    "osDistro": "string",
    "osDistroRelease": "string",
    "osDistroVersion": "string",
    "packageManager": true,
    "packages": [
      {
        "pkgs": [
          {
            "binaryIdx": [
              0
            ],
            "binaryPkgs": [
              "string"
            ],
            "cveCount": 0,
            "defaultGem": true,
            "files": [
              {
                "md5": "string",
                "path": "string",
                "sha1": "string",
                "sha256": "string"
              }
            ],
            "functionLayer": "string",
            "goPkg": true,
            "jarIdentifier": "string",
            "layerTime": 0,
            "license": "string",
            "name": "string",
            "originPackageName": "string",
            "osPackage": true,
            "path": "string",
            "purl": "string",
            "securityRepoPkg": true,
            "symbols": [
              "string"
            ],
            "version": "string"
          }
        ],
        "pkgsType": [
          "nodejs",
          "gem",
          "python",
          "jar",
          "package",
          "windows",
          "binary",
          "nuget",
          "go",
          "app",
          "unknown"
        ]
      }
    ],
    "pushTime": "2024-04-19T21:44:44.378Z",
    "redHatNonRPMImage": true,
    "registryNamespace": "string",
    "registryTags": [
      "string"
    ],
    "registryType": "string",
    "repoDigests": [
      "string"
    ],
    "repoTag": {
      "digest": "string",
      "id": "string",
      "registry": "string",
      "repo": "string",
      "tag": "string"
    },
    "rhelRepos": [
      "string"
    ],
    "riskFactors": {},
    "scanBuildDate": "string",
    "scanVersion": "string",
    "secretScanMetrics": {
      "failedScans": 0,
      "foundSecrets": 0,
      "scanTime": 0,
      "scanTimeouts": 0,
      "scannedFileSize": 0,
      "scannedFiles": 0,
      "totalBytes": 0,
      "totalFiles": 0,
      "totalTime": 0,
      "typesCount": {}
    },
    "startupBinaries": [
      {
        "altered": true,
        "cveCount": 0,
        "deps": [
          "string"
        ],
        "fileMode": 0,
        "functionLayer": "string",
        "md5": "string",
        "missingPkg": true,
        "name": "string",
        "path": "string",
        "pkgRootDir": "string",
        "services": [
          "string"
        ],
        "version": "string"
      }
    ],
    "tags": [
      {
        "digest": "string",
        "id": "string",
        "registry": "string",
        "repo": "string",
        "tag": "string"
      }
    ],
    "topLayer": "string",
    "twistlockImage": true,
    "vulnerabilities": [
      {
        "applicableRules": [
          "string"
        ],
        "binaryPkgs": [
          "string"
        ],
        "block": true,
        "cause": "string",
        "cri": true,
        "custom": true,
        "cve": "string",
        "cvss": 0,
        "description": "string",
        "discovered": "2024-04-19T21:44:44.378Z",
        "exploit": [
          "",
          "exploit-db",
          "exploit-windows",
          "cisa-kev"
        ],
        "exploits": [
          {
            "kind": [
              "poc",
              "in-the-wild"
            ],
            "link": "string",
            "source": [
              "",
              "exploit-db",
              "exploit-windows",
              "cisa-kev"
            ]
          }
        ],
        "fixDate": 0,
        "fixLink": "string",
        "functionLayer": "string",
        "gracePeriodDays": 0,
        "id": 0,
        "layerTime": 0,
        "link": "string",
        "packageName": "string",
        "packageType": [
          "nodejs",
          "gem",
          "python",
          "jar",
          "package",
          "windows",
          "binary",
          "nuget",
          "go",
          "app",
          "unknown"
        ],
        "packageVersion": "string",
        "published": 0,
        "riskFactors": {},
        "secret": {
          "locationInFile": "string",
          "modifiedTime": 0,
          "path": "string",
          "snippet": "string",
          "type": [
            "AWS Access Key ID",
            "AWS Secret Key",
            "AWS MWS Auth Token",
            "Azure Storage Account Access Key",
            "Azure Service Principal",
            "GCP Service Account Auth Key",
            "Private Encryption Key",
            "Public Encryption Key",
            "PEM X509 Certificate Header",
            "SSH Authorized Keys",
            "Artifactory API Token",
            "Artifactory Password",
            "Basic Auth Credentials",
            "Mailchimp Access Key",
            "NPM Token",
            "Slack Token",
            "Slack Webhook",
            "Square OAuth Secret",
            "Notion Integration Token",
            "Airtable API Key",
            "Atlassian Oauth2 Keys",
            "CircleCI Personal Token",
            "Databricks Authentication Token",
            "GitHub Token",
            "GitLab Token",
            "Google API key",
            "Grafana Token",
            "Python Package Index Key (PYPI)",
            "Typeform API Token",
            "Scalr Token",
            "Braintree Access Token",
            "Braintree Payments Key",
            "Paypal Token Key",
            "Braintree Payments ID",
            "Datadog Client Token",
            "ClickUp Personal API Token",
            "OpenAI API Key",
            "Java DB Connectivity (JDBC)",
            "MongoDB",
            ".Net SQL Server"
          ]
        },
        "severity": "string",
        "status": "string",
        "templates": [
          [
            "PCI",
            "HIPAA",
            "NIST SP 800-190",
            "GDPR",
            "DISA STIG"
          ]
        ],
        "text": "string",
        "title": "string",
        "twistlock": true,
        "type": [
          "container",
          "image",
          "host_config",
          "daemon_config",
          "daemon_config_files",
          "security_operations",
          "k8s_master",
          "k8s_worker",
          "k8s_federation",
          "linux",
          "windows",
          "istio",
          "serverless",
          "custom",
          "docker_stig",
          "openshift_master",
          "openshift_worker",
          "application_control_linux",
          "gke_worker",
          "image_malware",
          "host_malware",
          "aks_worker",
          "eks_worker",
          "image_secret",
          "host_secret"
        ],
        "vecStr": "string",
        "vulnTagInfos": [
          {
            "color": "string",
            "comment": "string",
            "name": "string"
          }
        ],
        "wildfireMalware": {
          "md5": "string",
          "path": "string",
          "verdict": "string"
        }
      }
    ],
    "vulnerabilitiesCount": 0,
    "vulnerabilityDistribution": {
      "critical": 0,
      "high": 0,
      "low": 0,
      "medium": 0,
      "total": 0
    },
    "vulnerabilityRiskScore": 0
  },
  "vulnerabilityRiskScore": 0,
  "vulnerableFiles": 0
}

default

Loading...