Resolve Images

x-prisma-cloud-target-env: {"permission":"monitorCI","saas":true,"self-hosted":true}
x-public: true

ResolveImages adds vulnerability data for the given images

application/json

Request Body

images object[]
Images is the list of image to resolve.
Array [
Secrets string[]
Secrets are paths to embedded secrets inside the image Note: capital letter JSON annotation is kept to avoid converting all images for backward-compatibility support.
_id string
Image identifier (image ID or repo:tag).
agentless boolean
Agentless indicates that the host was scanned with the agentless scanner.
allCompliance object
AllCompliance contains data regarding passed compliance checks
compliance object[]
Compliance are all the passed compliance checks.
Array [
applicableRules string[]
Rules applied on the package.
binaryPkgs string[]
Names of the distro binary package names (packages which are built from the source of the package).
block boolean
Indicates if the vulnerability has a block effect (true) or not (false).
cause string
Additional information regarding the root cause for the vulnerability.
cri boolean
Indicates if this is a CRI-specific vulnerability (true) or not (false).
custom boolean
Indicates if the vulnerability is a custom vulnerability (e.g., openscap, sandbox) (true) or not (false).
cve string
CVE ID of the vulnerability (if applied).
cvss float
CVSS score of the vulnerability.
description string
Description of the vulnerability.
discovered date-time
Specifies the time of discovery for the vulnerability.
exploit vuln.ExploitType
Possible values: [,exploit-db,exploit-windows,cisa-kev]
ExploitType represents the source of an exploit
exploits object[]
Exploits represents the exploits data found for a CVE
Array [
kind vuln.ExploitKind
Possible values: [poc,in-the-wild]
ExploitKind represents the kind of the exploit
link string
Link is a link to information about the exploit.
source vuln.ExploitType
Possible values: [,exploit-db,exploit-windows,cisa-kev]
ExploitType represents the source of an exploit
]
fixDate int64
Date/time when the vulnerability was fixed (in Unix time).
fixLink string
Link to the vendor's fixed-version information.
functionLayer string
Specifies the serverless layer ID in which the vulnerability was discovered.
gracePeriodDays integer
Number of grace days left for a vulnerability, based on the configured grace period. Nil if no block vulnerability rule applies.
id integer
ID of the violation.
layerTime int64
Date/time of the image layer to which the CVE belongs.
link string
Vendor link to the CVE.
packageName string
Name of the package that caused the vulnerability.
packageVersion string
Version of the package that caused the vulnerability (or null).
published int64
Date/time when the vulnerability was published (in Unix time).
riskFactors object
RiskFactors maps the existence of vulnerability risk factors
property name* string
severity string
Textual representation of the vulnerability's severity.
status string
Vendor status for the vulnerability.
templates vuln.ComplianceTemplate[]
Possible values: [PCI,HIPAA,NIST SP 800-190,GDPR,DISA STIG]
List of templates with which the vulnerability is associated.
text string
Description of the violation.
title string
Compliance title.
twistlock boolean
Indicates if this is a Twistlock-specific vulnerability (true) or not (false).
type vuln.Type
Possible values: [container,image,host_config,daemon_config,daemon_config_files,security_operations,k8s_master,k8s_worker,k8s_federation,linux,windows,istio,serverless,custom,docker_stig,openshift_master,openshift_worker,application_control_linux]
Type represents the vulnerability type
vecStr string
Textual representation of the metric values used to score the vulnerability.
vulnTagInfos object[]
Tag information for the vulnerability.
Array [
color common.Color
Color is a hexadecimal representation of color code value
comment string
Tag comment in a specific vulnerability context.
name string
Name of the tag.
]
]
enabled boolean
Enabled indicates whether passed compliance checks is enabled by policy.
appEmbedded boolean
Indicates that this image was scanned by an App-Embedded Defender.
applications object[]
Products in the image.
Array [
installedFromPackage boolean
Indicates that the app was installed as an OS package.
knownVulnerabilities integer
Total number of vulnerabilities for this application.
layerTime int64
Image layer to which the application belongs - layer creation time.
name string
Name of the application.
path string
Path of the detected application.
service boolean
Service indicates whether the application is installed as a service.
version string
Version of the application.
]
baseImage string
Image’s base image name. Used when filtering the vulnerabilities by base images.
binaries object[]
Binaries in the image.
Array [
altered boolean
Indicates if the binary was installed from a package manager and modified/replaced (true) or not (false).
cveCount integer
Total number of CVEs for this specific binary.
deps string[]
Third-party package files which are used by the binary.
functionLayer string
ID of the serverless layer in which the package was discovered.
md5 string
Md5 hashset of the binary.
missingPkg boolean
Indicates if this binary is not related to any package (true) or not (false).
name string
Name of the binary.
path string
Relative path of the binary inside the container.
pkgRootDir string
Path for searching packages used by the binary.
services string[]
Names of services which use the binary.
version string
Version of the binary.
]
cloudMetadata object
CloudMetadata is the metadata for an instance running in a cloud provider (AWS/GCP/Azure)
accountID string
Cloud account ID.
awsExecutionEnv string
AWS execution environment (e.g. EC2/Fargate).
image string
Image name.
labels object[]
Cloud provider metadata labels.
Array [
key string
Label key.
sourceName string
Source name (e.g., for a namespace, the source name can be 'twistlock').
sourceType common.ExternalLabelSourceType
Possible values: [namespace,deployment,aws,azure,gcp,oci]
ExternalLabelSourceType indicates the source of the labels
timestamp date-time
Time when the label was fetched.
value string
Value of the label.
]
name string
Instance name.
provider common.CloudProvider
Possible values: [aws,azure,gcp,alibaba,oci,others]
CloudProvider specifies the cloud provider name
region string
Instance region.
resourceID string
Unique ID of the resource.
resourceURL string
Server-defined URL for the resource.
type string
Instance type.
vmID string
Azure unique vm ID.
vmImageID string
VMImageID holds the VM image ID.
clusterType common.ClusterType
Possible values: [AKS,ECS,EKS,GKE,Kubernetes]
ClusterType is the cluster type
clusters string[]
Cluster names.
collections string[]
Collections to which this result applies.
complianceDistribution object
Distribution counts the number of vulnerabilities per type
critical integer
.
high integer
.
low integer
.
medium integer
.
total integer
.
complianceIssues object[]
All the compliance issues.
Array [
applicableRules string[]
Rules applied on the package.
binaryPkgs string[]
Names of the distro binary package names (packages which are built from the source of the package).
block boolean
Indicates if the vulnerability has a block effect (true) or not (false).
cause string
Additional information regarding the root cause for the vulnerability.
cri boolean
Indicates if this is a CRI-specific vulnerability (true) or not (false).
custom boolean
Indicates if the vulnerability is a custom vulnerability (e.g., openscap, sandbox) (true) or not (false).
cve string
CVE ID of the vulnerability (if applied).
cvss float
CVSS score of the vulnerability.
description string
Description of the vulnerability.
discovered date-time
Specifies the time of discovery for the vulnerability.
exploit vuln.ExploitType
Possible values: [,exploit-db,exploit-windows,cisa-kev]
ExploitType represents the source of an exploit
exploits object[]
Exploits represents the exploits data found for a CVE
Array [
kind vuln.ExploitKind
Possible values: [poc,in-the-wild]
ExploitKind represents the kind of the exploit
link string
Link is a link to information about the exploit.
source vuln.ExploitType
Possible values: [,exploit-db,exploit-windows,cisa-kev]
ExploitType represents the source of an exploit
]
fixDate int64
Date/time when the vulnerability was fixed (in Unix time).
fixLink string
Link to the vendor's fixed-version information.
functionLayer string
Specifies the serverless layer ID in which the vulnerability was discovered.
gracePeriodDays integer
Number of grace days left for a vulnerability, based on the configured grace period. Nil if no block vulnerability rule applies.
id integer
ID of the violation.
layerTime int64
Date/time of the image layer to which the CVE belongs.
link string
Vendor link to the CVE.
packageName string
Name of the package that caused the vulnerability.
packageVersion string
Version of the package that caused the vulnerability (or null).
published int64
Date/time when the vulnerability was published (in Unix time).
riskFactors object
RiskFactors maps the existence of vulnerability risk factors
property name* string
severity string
Textual representation of the vulnerability's severity.
status string
Vendor status for the vulnerability.
templates vuln.ComplianceTemplate[]
Possible values: [PCI,HIPAA,NIST SP 800-190,GDPR,DISA STIG]
List of templates with which the vulnerability is associated.
text string
Description of the violation.
title string
Compliance title.
twistlock boolean
Indicates if this is a Twistlock-specific vulnerability (true) or not (false).
type vuln.Type
Possible values: [container,image,host_config,daemon_config,daemon_config_files,security_operations,k8s_master,k8s_worker,k8s_federation,linux,windows,istio,serverless,custom,docker_stig,openshift_master,openshift_worker,application_control_linux]
Type represents the vulnerability type
vecStr string
Textual representation of the metric values used to score the vulnerability.
vulnTagInfos object[]
Tag information for the vulnerability.
Array [
color common.Color
Color is a hexadecimal representation of color code value
comment string
Tag comment in a specific vulnerability context.
name string
Name of the tag.
]
]
complianceIssuesCount integer
Number of compliance issues.
complianceRiskScore float
Compliance risk score for the image.
creationTime date-time
Specifies the time of creation for the latest version of the image.
distro string
Full name of the distribution.
ecsClusterName string
ECS cluster name.
err string
Description of an error that occurred during image health scan.
externalLabels object[]
Kubernetes external labels of all containers running this image.
Array [
key string
Label key.
sourceName string
Source name (e.g., for a namespace, the source name can be 'twistlock').
sourceType common.ExternalLabelSourceType
Possible values: [namespace,deployment,aws,azure,gcp,oci]
ExternalLabelSourceType indicates the source of the labels
timestamp date-time
Time when the label was fetched.
value string
Value of the label.
]
files object[]
Files in the container.
Array [
md5 string
Hash sum of the file using md5.
path string
Path of the file.
sha1 string
Hash sum of the file using SHA-1.
sha256 string
Hash sum of the file using SHA256.
]
firewallProtection object
ProtectionStatus describes the status of the WAAS protection
enabled boolean
Enabled indicates if WAAS proxy protection is enabled (true) or not (false).
outOfBandMode waas.OutOfBandMode
Possible values: [,Observation,Protection]
OutOfBandMode holds the app firewall out-of-band mode
ports int[]
Ports indicates http open ports associated with the container.
supported boolean
Supported indicates if WAAS protection is supported (true) or not (false).
tlsPorts int[]
TLSPorts indicates https open ports associated with the container.
unprotectedProcesses object[]
UnprotectedProcesses holds the processes that support HTTP/HTTPS without WAAS protection.
Array [
port integer
Port is the process port.
process string
Process is the process name.
tls boolean
TLS is the port TLS indication.
]
firstScanTime date-time
Specifies the time of the scan for the first version of the image. This time is preserved even after the version update.
history object[]
Docker image history.
Array [
baseLayer boolean
Indicates if this layer originated from the base image (true) or not (false).
created int64
Date/time when the image layer was created.
emptyLayer boolean
Indicates if this instruction didn't create a separate layer (true) or not (false).
id string
ID of the layer.
instruction string
Docker file instruction and arguments used to create this layer.
sizeBytes int64
Size of the layer (in bytes).
tags string[]
Holds the image tags.
vulnerabilities object[]
Vulnerabilities which originated from this layer.
Array [
applicableRules string[]
Rules applied on the package.
binaryPkgs string[]
Names of the distro binary package names (packages which are built from the source of the package).
block boolean
Indicates if the vulnerability has a block effect (true) or not (false).
cause string
Additional information regarding the root cause for the vulnerability.
cri boolean
Indicates if this is a CRI-specific vulnerability (true) or not (false).
custom boolean
Indicates if the vulnerability is a custom vulnerability (e.g., openscap, sandbox) (true) or not (false).
cve string
CVE ID of the vulnerability (if applied).
cvss float
CVSS score of the vulnerability.
description string
Description of the vulnerability.
discovered date-time
Specifies the time of discovery for the vulnerability.
exploit vuln.ExploitType
Possible values: [,exploit-db,exploit-windows,cisa-kev]
ExploitType represents the source of an exploit
exploits object[]
Exploits represents the exploits data found for a CVE
Array [
kind vuln.ExploitKind
Possible values: [poc,in-the-wild]
ExploitKind represents the kind of the exploit
link string
Link is a link to information about the exploit.
source vuln.ExploitType
Possible values: [,exploit-db,exploit-windows,cisa-kev]
ExploitType represents the source of an exploit
]
fixDate int64
Date/time when the vulnerability was fixed (in Unix time).
fixLink string
Link to the vendor's fixed-version information.
functionLayer string
Specifies the serverless layer ID in which the vulnerability was discovered.
gracePeriodDays integer
Number of grace days left for a vulnerability, based on the configured grace period. Nil if no block vulnerability rule applies.
id integer
ID of the violation.
layerTime int64
Date/time of the image layer to which the CVE belongs.
link string
Vendor link to the CVE.
packageName string
Name of the package that caused the vulnerability.
packageVersion string
Version of the package that caused the vulnerability (or null).
published int64
Date/time when the vulnerability was published (in Unix time).
riskFactors object
RiskFactors maps the existence of vulnerability risk factors
property name* string
severity string
Textual representation of the vulnerability's severity.
status string
Vendor status for the vulnerability.
templates vuln.ComplianceTemplate[]
Possible values: [PCI,HIPAA,NIST SP 800-190,GDPR,DISA STIG]
List of templates with which the vulnerability is associated.
text string
Description of the violation.
title string
Compliance title.
twistlock boolean
Indicates if this is a Twistlock-specific vulnerability (true) or not (false).
type vuln.Type
Possible values: [container,image,host_config,daemon_config,daemon_config_files,security_operations,k8s_master,k8s_worker,k8s_federation,linux,windows,istio,serverless,custom,docker_stig,openshift_master,openshift_worker,application_control_linux]
Type represents the vulnerability type
vecStr string
Textual representation of the metric values used to score the vulnerability.
vulnTagInfos object[]
Tag information for the vulnerability.
Array [
color common.Color
Color is a hexadecimal representation of color code value
comment string
Tag comment in a specific vulnerability context.
name string
Name of the tag.
]
]
]
hostDevices object[]
Map from host network device name to IP address.
Array [
ip string
Network device IPv4 address.
name string
Network device name.
]
hostRuntimeEnabled boolean
HostRuntimeEnabled indicates if any runtime rule applies to the host.
hostname string
Name of the host that was scanned.
hosts object
ImageHosts is a fast index for image scan results metadata per host
property name* object (shared.ImageHost)
ImageHost holds information about image scan result per host
accountID string
AccountID is the cloud account ID the image is associated with.
agentless boolean
Agentless indicates if the image was scanned as part of an agentless scan.
agentlessScanID integer
AgentlessScanID is the ID of the agentless scan in which the result was received.
appEmbedded boolean
AppEmbedded indicates if the host is an app embedded host.
cluster string
Cluster is the cluster on which the image is deployed.
modified date-time
Modified is the last scan time.
namespaces string[]
Namespaces are the namespaces on which the image is deployed.
id string
Image ID.
image object
Image represents a container image
created date-time
Date/time when the image was created.
entrypoint string[]
Combined entrypoint of the image (entrypoint + CMD).
env string[]
Image environment variables.
healthcheck boolean
Indicates if health checks are enabled (true) or not (false).
history object[]
Holds the image history.
Array [
baseLayer boolean
Indicates if this layer originated from the base image (true) or not (false).
created int64
Date/time when the image layer was created.
emptyLayer boolean
Indicates if this instruction didn't create a separate layer (true) or not (false).
id string
ID of the layer.
instruction string
Docker file instruction and arguments used to create this layer.
sizeBytes int64
Size of the layer (in bytes).
tags string[]
Holds the image tags.
vulnerabilities object[]
Vulnerabilities which originated from this layer.
Array [
applicableRules string[]
Rules applied on the package.
binaryPkgs string[]
Names of the distro binary package names (packages which are built from the source of the package).
block boolean
Indicates if the vulnerability has a block effect (true) or not (false).
cause string
Additional information regarding the root cause for the vulnerability.
cri boolean
Indicates if this is a CRI-specific vulnerability (true) or not (false).
custom boolean
Indicates if the vulnerability is a custom vulnerability (e.g., openscap, sandbox) (true) or not (false).
cve string
CVE ID of the vulnerability (if applied).
cvss float
CVSS score of the vulnerability.
description string
Description of the vulnerability.
discovered date-time
Specifies the time of discovery for the vulnerability.
exploit vuln.ExploitType
Possible values: [,exploit-db,exploit-windows,cisa-kev]
ExploitType represents the source of an exploit
exploits object[]
Exploits represents the exploits data found for a CVE
Array [
kind vuln.ExploitKind
Possible values: [poc,in-the-wild]
ExploitKind represents the kind of the exploit
link string
Link is a link to information about the exploit.
source vuln.ExploitType
Possible values: [,exploit-db,exploit-windows,cisa-kev]
ExploitType represents the source of an exploit
]
fixDate int64
Date/time when the vulnerability was fixed (in Unix time).
fixLink string
Link to the vendor's fixed-version information.
functionLayer string
Specifies the serverless layer ID in which the vulnerability was discovered.
gracePeriodDays integer
Number of grace days left for a vulnerability, based on the configured grace period. Nil if no block vulnerability rule applies.
id integer
ID of the violation.
layerTime int64
Date/time of the image layer to which the CVE belongs.
link string
Vendor link to the CVE.
packageName string
Name of the package that caused the vulnerability.
packageVersion string
Version of the package that caused the vulnerability (or null).
published int64
Date/time when the vulnerability was published (in Unix time).
riskFactors object
RiskFactors maps the existence of vulnerability risk factors
property name* string
severity string
Textual representation of the vulnerability's severity.
status string
Vendor status for the vulnerability.
templates vuln.ComplianceTemplate[]
Possible values: [PCI,HIPAA,NIST SP 800-190,GDPR,DISA STIG]
List of templates with which the vulnerability is associated.
text string
Description of the violation.
title string
Compliance title.
twistlock boolean
Indicates if this is a Twistlock-specific vulnerability (true) or not (false).
type vuln.Type
Possible values: [container,image,host_config,daemon_config,daemon_config_files,security_operations,k8s_master,k8s_worker,k8s_federation,linux,windows,istio,serverless,custom,docker_stig,openshift_master,openshift_worker,application_control_linux]
Type represents the vulnerability type
vecStr string
Textual representation of the metric values used to score the vulnerability.
vulnTagInfos object[]
Tag information for the vulnerability.
Array [
color common.Color
Color is a hexadecimal representation of color code value
comment string
Tag comment in a specific vulnerability context.
name string
Name of the tag.
]
]
]
id string
ID of the image.
labels object
Image labels.
property name* string
layers string[]
Image filesystem layers.
os string
Image os type.
repoDigest string[]
Image repo digests.
repoTags string[]
Image repo tags.
user string
Image user.
workingDir string
Base working directory of the image.
installedProducts object
InstalledProducts contains data regarding products running in environment TODO #34713: Swarm support was deprecated in Joule, remove swarm node/manager boolean (and related compliance) in Lagrange
agentless boolean
Agentless indicates whether the scan was performed with agentless approach.
apache string
Apache indicates the apache server version, empty in case apache not running.
awsCloud boolean
AWSCloud indicates whether AWS cloud is used.
crio boolean
CRI indicates whether the container runtime is CRI (and not docker).
docker string
Docker represents the docker daemon version.
dockerEnterprise boolean
DockerEnterprise indicates whether the enterprise version of Docker is installed.
hasPackageManager boolean
HasPackageManager indicates whether package manager is installed on the OS.
k8sApiServer boolean
K8sAPIServer indicates whether a kubernetes API server is running.
k8sControllerManager boolean
K8sControllerManager indicates whether a kubernetes controller manager is running.
k8sEtcd boolean
K8sEtcd indicates whether etcd is running.
k8sFederationApiServer boolean
K8sFederationAPIServer indicates whether a federation API server is running.
k8sFederationControllerManager boolean
K8sFederationControllerManager indicates whether a federation controller manager is running.
k8sKubelet boolean
K8sKubelet indicates whether kubelet is running.
k8sProxy boolean
K8sProxy indicates whether a kubernetes proxy is running.
k8sScheduler boolean
K8sScheduler indicates whether the kubernetes scheduler is running.
kubernetes string
Kubernetes represents the kubernetes version.
openshift boolean
Openshift indicates whether openshift is deployed.
openshiftVersion string
OpenshiftVersion represents the running openshift version.
osDistro string
OSDistro specifies the os distribution.
serverless boolean
Serverless indicates whether evaluated on a serverless environment.
swarmManager boolean
SwarmManager indicates whether a swarm manager is running.
swarmNode boolean
SwarmNode indicates whether the node is part of an active swarm.
instances object[]
Details about each occurrence of the image (tag + host).
Array [
host string
.
image string
.
modified date-time
.
registry string
.
repo string
.
tag string
.
]
isARM64 boolean
IsARM64 indicates if the architecture of the image is aarch64.
k8sClusterAddr string
Endpoint of the Kubernetes API server.
labels string[]
Image labels.
layers string[]
Image's filesystem layers. Each layer is a SHA256 digest of the filesystem diff See: https://windsock.io/explaining-docker-image-ids/.
missingDistroVulnCoverage boolean
Indicates if the image OS is covered in the IS (true) or not (false).
namespaces string[]
k8s namespaces of all the containers running this image.
osDistro string
Name of the OS distribution.
osDistroRelease string
OS distribution release.
osDistroVersion string
OS distribution version.
packageCorrelationDone boolean
PackageCorrelationDone indicates that the correlation to OS packages has been done.
packageManager boolean
Indicates if the package manager is installed for the OS.
packages object[]
Packages which exist in the image.
Array [
pkgs object[]
List of packages.
Array [
binaryIdx int16[]
Indexes of the top binaries which use the package.
binaryPkgs string[]
Names of the distro binary packages (packages which are built on the source of the package).
cveCount integer
Total number of CVEs for this specific package.
defaultGem boolean
DefaultGem indicates this is a gem default package (and not a bundled package).
files object[]
List of package-related files and their hashes. Only included when the appropriate scan option is set.
Array [
md5 string
Hash sum of the file using md5.
path string
Path of the file.
sha1 string
Hash sum of the file using SHA-1.
sha256 string
Hash sum of the file using SHA256.
]
functionLayer string
ID of the serverless layer in which the package was discovered.
goPkg boolean
GoPkg indicates this is a Go package (and not module).
jarIdentifier string
JarIdentifier holds an additional identification detail of a JAR package.
layerTime int64
Image layer to which the package belongs (layer creation time).
license string
License information for the package.
name string
Name of the package.
osPackage boolean
OSPackage indicates that a python/java package was installed as an OS package.
path string
Full package path (e.g., JAR or Node.js package path).
version string
Package version.
]
pkgsType vuln.PackageType
Possible values: [nodejs,gem,python,jar,package,windows,binary,nuget,go]
PackageType describes the package type
]
pullDuration int64
PullDuration is the time it took to pull the image.
pushTime date-time
PushTime is the image push time to the registry.
registryNamespace string
IBM cloud namespace to which the image belongs.
registryType string
RegistryType indicates the registry type where the image is stored.
repoDigests string[]
Digests of the image. Used for content trust (notary). Has one digest per tag.
repoTag object
ImageTag represents an image repository and its associated tag or registry digest
digest string
Image digest (requires V2 or later registry).
id string
ID of the image.
registry string
Registry name to which the image belongs.
repo string
Repository name to which the image belongs.
tag string
Image tag.
rhelRepos string[]
RhelRepositories are the (RPM) repositories IDs from which the packages in this image were installed Used for matching vulnerabilities by Red Hat CPEs.
riskFactors object
RiskFactors maps the existence of vulnerability risk factors
property name* string
scanBuildDate string
Scanner build date that published the image.
scanDuration int64
ScanDuration is the total time it took to scan the image.
scanID integer
ScanID is the ID of the scan.
scanTime date-time
Specifies the time of the last scan of the image.
scanVersion string
Scanner version that published the image.
startupBinaries object[]
Binaries which are expected to run when the container is created from this image.
Array [
altered boolean
Indicates if the binary was installed from a package manager and modified/replaced (true) or not (false).
cveCount integer
Total number of CVEs for this specific binary.
deps string[]
Third-party package files which are used by the binary.
functionLayer string
ID of the serverless layer in which the package was discovered.
md5 string
Md5 hashset of the binary.
missingPkg boolean
Indicates if this binary is not related to any package (true) or not (false).
name string
Name of the binary.
path string
Relative path of the binary inside the container.
pkgRootDir string
Path for searching packages used by the binary.
services string[]
Names of services which use the binary.
version string
Version of the binary.
]
stopped boolean
Stopped indicates whether the host was running during the agentless scan.
tags object[]
Tags associated with the given image.
Array [
digest string
Image digest (requires V2 or later registry).
id string
ID of the image.
registry string
Registry name to which the image belongs.
repo string
Repository name to which the image belongs.
tag string
Image tag.
]
topLayer string
SHA256 of the image's last layer that is the last element of the Layers field.
trustResult object
ImageResult represents an aggregated image trust result
groups object[]
Trust groups which apply to the image.
Array [
_id string
Name of the group.
disabled boolean
Indicates if the rule is currently disabled (true) or not (false).
images string[]
Image names or IDs (e.g., docker.io/library/ubuntu:16.04 / SHA264@...).
layers string[]
Filesystem layers. The image is trusted if its layers have a prefix of the trusted groups layer in the same order.
modified date-time
Datetime when the rule was last modified.
name string
Name of the rule.
notes string
Free-form text.
owner string
User who created or last modified the rule.
previousName string
Previous name of the rule. Required for rule renaming.
]
hostsStatuses object[]
Image trust status on each host. Can be set to "trusted" or "untrusted".
Array [
host string
Host name.
status trust.Status
Possible values: [trusted,untrusted]
Status is the trust status for an image
]
trustStatus trust.Status
Possible values: [trusted,untrusted]
Status is the trust status for an image
twistlockImage boolean
Indicates if the image is a Twistlock image (true) or not (false).
type shared.ScanType
Possible values: [image,ciImage,container,host,agentlessHost,registry,serverlessScan,ciServerless,vm,tas,ciTas,cloudDiscovery,serverlessRadar,serverlessAutoDeploy,hostAutoDeploy,codeRepo,ciCodeRepo]
ScanType displays the components for an ongoing scan
vulnerabilities object[]
CVE vulnerabilities of the image.
Array [
applicableRules string[]
Rules applied on the package.
binaryPkgs string[]
Names of the distro binary package names (packages which are built from the source of the package).
block boolean
Indicates if the vulnerability has a block effect (true) or not (false).
cause string
Additional information regarding the root cause for the vulnerability.
cri boolean
Indicates if this is a CRI-specific vulnerability (true) or not (false).
custom boolean
Indicates if the vulnerability is a custom vulnerability (e.g., openscap, sandbox) (true) or not (false).
cve string
CVE ID of the vulnerability (if applied).
cvss float
CVSS score of the vulnerability.
description string
Description of the vulnerability.
discovered date-time
Specifies the time of discovery for the vulnerability.
exploit vuln.ExploitType
Possible values: [,exploit-db,exploit-windows,cisa-kev]
ExploitType represents the source of an exploit
exploits object[]
Exploits represents the exploits data found for a CVE
Array [
kind vuln.ExploitKind
Possible values: [poc,in-the-wild]
ExploitKind represents the kind of the exploit
link string
Link is a link to information about the exploit.
source vuln.ExploitType
Possible values: [,exploit-db,exploit-windows,cisa-kev]
ExploitType represents the source of an exploit
]
fixDate int64
Date/time when the vulnerability was fixed (in Unix time).
fixLink string
Link to the vendor's fixed-version information.
functionLayer string
Specifies the serverless layer ID in which the vulnerability was discovered.
gracePeriodDays integer
Number of grace days left for a vulnerability, based on the configured grace period. Nil if no block vulnerability rule applies.
id integer
ID of the violation.
layerTime int64
Date/time of the image layer to which the CVE belongs.
link string
Vendor link to the CVE.
packageName string
Name of the package that caused the vulnerability.
packageVersion string
Version of the package that caused the vulnerability (or null).
published int64
Date/time when the vulnerability was published (in Unix time).
riskFactors object
RiskFactors maps the existence of vulnerability risk factors
property name* string
severity string
Textual representation of the vulnerability's severity.
status string
Vendor status for the vulnerability.
templates vuln.ComplianceTemplate[]
Possible values: [PCI,HIPAA,NIST SP 800-190,GDPR,DISA STIG]
List of templates with which the vulnerability is associated.
text string
Description of the violation.
title string
Compliance title.
twistlock boolean
Indicates if this is a Twistlock-specific vulnerability (true) or not (false).
type vuln.Type
Possible values: [container,image,host_config,daemon_config,daemon_config_files,security_operations,k8s_master,k8s_worker,k8s_federation,linux,windows,istio,serverless,custom,docker_stig,openshift_master,openshift_worker,application_control_linux]
Type represents the vulnerability type
vecStr string
Textual representation of the metric values used to score the vulnerability.
vulnTagInfos object[]
Tag information for the vulnerability.
Array [
color common.Color
Color is a hexadecimal representation of color code value
comment string
Tag comment in a specific vulnerability context.
name string
Name of the tag.
]
]
vulnerabilitiesCount integer
Total number of vulnerabilities.
vulnerabilityDistribution object
Distribution counts the number of vulnerabilities per type
critical integer
.
high integer
.
low integer
.
medium integer
.
total integer
.
vulnerabilityRiskScore float
Image's CVE risk score.
wildFireUsage object
Usage holds wildfire usage stats, period for the usage varies with context
bytes int64
Bytes is the total number of bytes uploaded to the WildFire API.
queries int64
Queries is the number of queries to the WildFire API.
uploads int64
Uploads is the number of uploads to the WildFire API.
]

Responses

200
default

ResolveImagesResp represents the images resolution API output

application/json

Schema
Example (from schema)

Schema

images object[]
Images is the list of images that were resolved.
Array [
Secrets string[]
Secrets are paths to embedded secrets inside the image Note: capital letter JSON annotation is kept to avoid converting all images for backward-compatibility support.
_id string
Image identifier (image ID or repo:tag).
agentless boolean
Agentless indicates that the host was scanned with the agentless scanner.
allCompliance object
AllCompliance contains data regarding passed compliance checks
compliance object[]
Compliance are all the passed compliance checks.
Array [
applicableRules string[]
Rules applied on the package.
binaryPkgs string[]
Names of the distro binary package names (packages which are built from the source of the package).
block boolean
Indicates if the vulnerability has a block effect (true) or not (false).
cause string
Additional information regarding the root cause for the vulnerability.
cri boolean
Indicates if this is a CRI-specific vulnerability (true) or not (false).
custom boolean
Indicates if the vulnerability is a custom vulnerability (e.g., openscap, sandbox) (true) or not (false).
cve string
CVE ID of the vulnerability (if applied).
cvss float
CVSS score of the vulnerability.
description string
Description of the vulnerability.
discovered date-time
Specifies the time of discovery for the vulnerability.
exploit vuln.ExploitType
Possible values: [,exploit-db,exploit-windows,cisa-kev]
ExploitType represents the source of an exploit
exploits object[]
Exploits represents the exploits data found for a CVE
Array [
kind vuln.ExploitKind
Possible values: [poc,in-the-wild]
ExploitKind represents the kind of the exploit
link string
Link is a link to information about the exploit.
source vuln.ExploitType
Possible values: [,exploit-db,exploit-windows,cisa-kev]
ExploitType represents the source of an exploit
]
fixDate int64
Date/time when the vulnerability was fixed (in Unix time).
fixLink string
Link to the vendor's fixed-version information.
functionLayer string
Specifies the serverless layer ID in which the vulnerability was discovered.
gracePeriodDays integer
Number of grace days left for a vulnerability, based on the configured grace period. Nil if no block vulnerability rule applies.
id integer
ID of the violation.
layerTime int64
Date/time of the image layer to which the CVE belongs.
link string
Vendor link to the CVE.
packageName string
Name of the package that caused the vulnerability.
packageVersion string
Version of the package that caused the vulnerability (or null).
published int64
Date/time when the vulnerability was published (in Unix time).
riskFactors object
RiskFactors maps the existence of vulnerability risk factors
property name* string
severity string
Textual representation of the vulnerability's severity.
status string
Vendor status for the vulnerability.
templates vuln.ComplianceTemplate[]
Possible values: [PCI,HIPAA,NIST SP 800-190,GDPR,DISA STIG]
List of templates with which the vulnerability is associated.
text string
Description of the violation.
title string
Compliance title.
twistlock boolean
Indicates if this is a Twistlock-specific vulnerability (true) or not (false).
type vuln.Type
Possible values: [container,image,host_config,daemon_config,daemon_config_files,security_operations,k8s_master,k8s_worker,k8s_federation,linux,windows,istio,serverless,custom,docker_stig,openshift_master,openshift_worker,application_control_linux]
Type represents the vulnerability type
vecStr string
Textual representation of the metric values used to score the vulnerability.
vulnTagInfos object[]
Tag information for the vulnerability.
Array [
color common.Color
Color is a hexadecimal representation of color code value
comment string
Tag comment in a specific vulnerability context.
name string
Name of the tag.
]
]
enabled boolean
Enabled indicates whether passed compliance checks is enabled by policy.
appEmbedded boolean
Indicates that this image was scanned by an App-Embedded Defender.
applications object[]
Products in the image.
Array [
installedFromPackage boolean
Indicates that the app was installed as an OS package.
knownVulnerabilities integer
Total number of vulnerabilities for this application.
layerTime int64
Image layer to which the application belongs - layer creation time.
name string
Name of the application.
path string
Path of the detected application.
service boolean
Service indicates whether the application is installed as a service.
version string
Version of the application.
]
baseImage string
Image’s base image name. Used when filtering the vulnerabilities by base images.
binaries object[]
Binaries in the image.
Array [
altered boolean
Indicates if the binary was installed from a package manager and modified/replaced (true) or not (false).
cveCount integer
Total number of CVEs for this specific binary.
deps string[]
Third-party package files which are used by the binary.
functionLayer string
ID of the serverless layer in which the package was discovered.
md5 string
Md5 hashset of the binary.
missingPkg boolean
Indicates if this binary is not related to any package (true) or not (false).
name string
Name of the binary.
path string
Relative path of the binary inside the container.
pkgRootDir string
Path for searching packages used by the binary.
services string[]
Names of services which use the binary.
version string
Version of the binary.
]
cloudMetadata object
CloudMetadata is the metadata for an instance running in a cloud provider (AWS/GCP/Azure)
accountID string
Cloud account ID.
awsExecutionEnv string
AWS execution environment (e.g. EC2/Fargate).
image string
Image name.
labels object[]
Cloud provider metadata labels.
Array [
key string
Label key.
sourceName string
Source name (e.g., for a namespace, the source name can be 'twistlock').
sourceType common.ExternalLabelSourceType
Possible values: [namespace,deployment,aws,azure,gcp,oci]
ExternalLabelSourceType indicates the source of the labels
timestamp date-time
Time when the label was fetched.
value string
Value of the label.
]
name string
Instance name.
provider common.CloudProvider
Possible values: [aws,azure,gcp,alibaba,oci,others]
CloudProvider specifies the cloud provider name
region string
Instance region.
resourceID string
Unique ID of the resource.
resourceURL string
Server-defined URL for the resource.
type string
Instance type.
vmID string
Azure unique vm ID.
vmImageID string
VMImageID holds the VM image ID.
clusterType common.ClusterType
Possible values: [AKS,ECS,EKS,GKE,Kubernetes]
ClusterType is the cluster type
clusters string[]
Cluster names.
collections string[]
Collections to which this result applies.
complianceDistribution object
Distribution counts the number of vulnerabilities per type
critical integer
.
high integer
.
low integer
.
medium integer
.
total integer
.
complianceIssues object[]
All the compliance issues.
Array [
applicableRules string[]
Rules applied on the package.
binaryPkgs string[]
Names of the distro binary package names (packages which are built from the source of the package).
block boolean
Indicates if the vulnerability has a block effect (true) or not (false).
cause string
Additional information regarding the root cause for the vulnerability.
cri boolean
Indicates if this is a CRI-specific vulnerability (true) or not (false).
custom boolean
Indicates if the vulnerability is a custom vulnerability (e.g., openscap, sandbox) (true) or not (false).
cve string
CVE ID of the vulnerability (if applied).
cvss float
CVSS score of the vulnerability.
description string
Description of the vulnerability.
discovered date-time
Specifies the time of discovery for the vulnerability.
exploit vuln.ExploitType
Possible values: [,exploit-db,exploit-windows,cisa-kev]
ExploitType represents the source of an exploit
exploits object[]
Exploits represents the exploits data found for a CVE
Array [
kind vuln.ExploitKind
Possible values: [poc,in-the-wild]
ExploitKind represents the kind of the exploit
link string
Link is a link to information about the exploit.
source vuln.ExploitType
Possible values: [,exploit-db,exploit-windows,cisa-kev]
ExploitType represents the source of an exploit
]
fixDate int64
Date/time when the vulnerability was fixed (in Unix time).
fixLink string
Link to the vendor's fixed-version information.
functionLayer string
Specifies the serverless layer ID in which the vulnerability was discovered.
gracePeriodDays integer
Number of grace days left for a vulnerability, based on the configured grace period. Nil if no block vulnerability rule applies.
id integer
ID of the violation.
layerTime int64
Date/time of the image layer to which the CVE belongs.
link string
Vendor link to the CVE.
packageName string
Name of the package that caused the vulnerability.
packageVersion string
Version of the package that caused the vulnerability (or null).
published int64
Date/time when the vulnerability was published (in Unix time).
riskFactors object
RiskFactors maps the existence of vulnerability risk factors
property name* string
severity string
Textual representation of the vulnerability's severity.
status string
Vendor status for the vulnerability.
templates vuln.ComplianceTemplate[]
Possible values: [PCI,HIPAA,NIST SP 800-190,GDPR,DISA STIG]
List of templates with which the vulnerability is associated.
text string
Description of the violation.
title string
Compliance title.
twistlock boolean
Indicates if this is a Twistlock-specific vulnerability (true) or not (false).
type vuln.Type
Possible values: [container,image,host_config,daemon_config,daemon_config_files,security_operations,k8s_master,k8s_worker,k8s_federation,linux,windows,istio,serverless,custom,docker_stig,openshift_master,openshift_worker,application_control_linux]
Type represents the vulnerability type
vecStr string
Textual representation of the metric values used to score the vulnerability.
vulnTagInfos object[]
Tag information for the vulnerability.
Array [
color common.Color
Color is a hexadecimal representation of color code value
comment string
Tag comment in a specific vulnerability context.
name string
Name of the tag.
]
]
complianceIssuesCount integer
Number of compliance issues.
complianceRiskScore float
Compliance risk score for the image.
creationTime date-time
Specifies the time of creation for the latest version of the image.
distro string
Full name of the distribution.
ecsClusterName string
ECS cluster name.
err string
Description of an error that occurred during image health scan.
externalLabels object[]
Kubernetes external labels of all containers running this image.
Array [
key string
Label key.
sourceName string
Source name (e.g., for a namespace, the source name can be 'twistlock').
sourceType common.ExternalLabelSourceType
Possible values: [namespace,deployment,aws,azure,gcp,oci]
ExternalLabelSourceType indicates the source of the labels
timestamp date-time
Time when the label was fetched.
value string
Value of the label.
]
files object[]
Files in the container.
Array [
md5 string
Hash sum of the file using md5.
path string
Path of the file.
sha1 string
Hash sum of the file using SHA-1.
sha256 string
Hash sum of the file using SHA256.
]
firewallProtection object
ProtectionStatus describes the status of the WAAS protection
enabled boolean
Enabled indicates if WAAS proxy protection is enabled (true) or not (false).
outOfBandMode waas.OutOfBandMode
Possible values: [,Observation,Protection]
OutOfBandMode holds the app firewall out-of-band mode
ports int[]
Ports indicates http open ports associated with the container.
supported boolean
Supported indicates if WAAS protection is supported (true) or not (false).
tlsPorts int[]
TLSPorts indicates https open ports associated with the container.
unprotectedProcesses object[]
UnprotectedProcesses holds the processes that support HTTP/HTTPS without WAAS protection.
Array [
port integer
Port is the process port.
process string
Process is the process name.
tls boolean
TLS is the port TLS indication.
]
firstScanTime date-time
Specifies the time of the scan for the first version of the image. This time is preserved even after the version update.
history object[]
Docker image history.
Array [
baseLayer boolean
Indicates if this layer originated from the base image (true) or not (false).
created int64
Date/time when the image layer was created.
emptyLayer boolean
Indicates if this instruction didn't create a separate layer (true) or not (false).
id string
ID of the layer.
instruction string
Docker file instruction and arguments used to create this layer.
sizeBytes int64
Size of the layer (in bytes).
tags string[]
Holds the image tags.
vulnerabilities object[]
Vulnerabilities which originated from this layer.
Array [
applicableRules string[]
Rules applied on the package.
binaryPkgs string[]
Names of the distro binary package names (packages which are built from the source of the package).
block boolean
Indicates if the vulnerability has a block effect (true) or not (false).
cause string
Additional information regarding the root cause for the vulnerability.
cri boolean
Indicates if this is a CRI-specific vulnerability (true) or not (false).
custom boolean
Indicates if the vulnerability is a custom vulnerability (e.g., openscap, sandbox) (true) or not (false).
cve string
CVE ID of the vulnerability (if applied).
cvss float
CVSS score of the vulnerability.
description string
Description of the vulnerability.
discovered date-time
Specifies the time of discovery for the vulnerability.
exploit vuln.ExploitType
Possible values: [,exploit-db,exploit-windows,cisa-kev]
ExploitType represents the source of an exploit
exploits object[]
Exploits represents the exploits data found for a CVE
Array [
kind vuln.ExploitKind
Possible values: [poc,in-the-wild]
ExploitKind represents the kind of the exploit
link string
Link is a link to information about the exploit.
source vuln.ExploitType
Possible values: [,exploit-db,exploit-windows,cisa-kev]
ExploitType represents the source of an exploit
]
fixDate int64
Date/time when the vulnerability was fixed (in Unix time).
fixLink string
Link to the vendor's fixed-version information.
functionLayer string
Specifies the serverless layer ID in which the vulnerability was discovered.
gracePeriodDays integer
Number of grace days left for a vulnerability, based on the configured grace period. Nil if no block vulnerability rule applies.
id integer
ID of the violation.
layerTime int64
Date/time of the image layer to which the CVE belongs.
link string
Vendor link to the CVE.
packageName string
Name of the package that caused the vulnerability.
packageVersion string
Version of the package that caused the vulnerability (or null).
published int64
Date/time when the vulnerability was published (in Unix time).
riskFactors object
RiskFactors maps the existence of vulnerability risk factors
property name* string
severity string
Textual representation of the vulnerability's severity.
status string
Vendor status for the vulnerability.
templates vuln.ComplianceTemplate[]
Possible values: [PCI,HIPAA,NIST SP 800-190,GDPR,DISA STIG]
List of templates with which the vulnerability is associated.
text string
Description of the violation.
title string
Compliance title.
twistlock boolean
Indicates if this is a Twistlock-specific vulnerability (true) or not (false).
type vuln.Type
Possible values: [container,image,host_config,daemon_config,daemon_config_files,security_operations,k8s_master,k8s_worker,k8s_federation,linux,windows,istio,serverless,custom,docker_stig,openshift_master,openshift_worker,application_control_linux]
Type represents the vulnerability type
vecStr string
Textual representation of the metric values used to score the vulnerability.
vulnTagInfos object[]
Tag information for the vulnerability.
Array [
color common.Color
Color is a hexadecimal representation of color code value
comment string
Tag comment in a specific vulnerability context.
name string
Name of the tag.
]
]
]
hostDevices object[]
Map from host network device name to IP address.
Array [
ip string
Network device IPv4 address.
name string
Network device name.
]
hostRuntimeEnabled boolean
HostRuntimeEnabled indicates if any runtime rule applies to the host.
hostname string
Name of the host that was scanned.
hosts object
ImageHosts is a fast index for image scan results metadata per host
property name* object (shared.ImageHost)
ImageHost holds information about image scan result per host
accountID string
AccountID is the cloud account ID the image is associated with.
agentless boolean
Agentless indicates if the image was scanned as part of an agentless scan.
agentlessScanID integer
AgentlessScanID is the ID of the agentless scan in which the result was received.
appEmbedded boolean
AppEmbedded indicates if the host is an app embedded host.
cluster string
Cluster is the cluster on which the image is deployed.
modified date-time
Modified is the last scan time.
namespaces string[]
Namespaces are the namespaces on which the image is deployed.
id string
Image ID.
image object
Image represents a container image
created date-time
Date/time when the image was created.
entrypoint string[]
Combined entrypoint of the image (entrypoint + CMD).
env string[]
Image environment variables.
healthcheck boolean
Indicates if health checks are enabled (true) or not (false).
history object[]
Holds the image history.
Array [
baseLayer boolean
Indicates if this layer originated from the base image (true) or not (false).
created int64
Date/time when the image layer was created.
emptyLayer boolean
Indicates if this instruction didn't create a separate layer (true) or not (false).
id string
ID of the layer.
instruction string
Docker file instruction and arguments used to create this layer.
sizeBytes int64
Size of the layer (in bytes).
tags string[]
Holds the image tags.
vulnerabilities object[]
Vulnerabilities which originated from this layer.
Array [
applicableRules string[]
Rules applied on the package.
binaryPkgs string[]
Names of the distro binary package names (packages which are built from the source of the package).
block boolean
Indicates if the vulnerability has a block effect (true) or not (false).
cause string
Additional information regarding the root cause for the vulnerability.
cri boolean
Indicates if this is a CRI-specific vulnerability (true) or not (false).
custom boolean
Indicates if the vulnerability is a custom vulnerability (e.g., openscap, sandbox) (true) or not (false).
cve string
CVE ID of the vulnerability (if applied).
cvss float
CVSS score of the vulnerability.
description string
Description of the vulnerability.
discovered date-time
Specifies the time of discovery for the vulnerability.
exploit vuln.ExploitType
Possible values: [,exploit-db,exploit-windows,cisa-kev]
ExploitType represents the source of an exploit
exploits object[]
Exploits represents the exploits data found for a CVE
Array [
kind vuln.ExploitKind
Possible values: [poc,in-the-wild]
ExploitKind represents the kind of the exploit
link string
Link is a link to information about the exploit.
source vuln.ExploitType
Possible values: [,exploit-db,exploit-windows,cisa-kev]
ExploitType represents the source of an exploit
]
fixDate int64
Date/time when the vulnerability was fixed (in Unix time).
fixLink string
Link to the vendor's fixed-version information.
functionLayer string
Specifies the serverless layer ID in which the vulnerability was discovered.
gracePeriodDays integer
Number of grace days left for a vulnerability, based on the configured grace period. Nil if no block vulnerability rule applies.
id integer
ID of the violation.
layerTime int64
Date/time of the image layer to which the CVE belongs.
link string
Vendor link to the CVE.
packageName string
Name of the package that caused the vulnerability.
packageVersion string
Version of the package that caused the vulnerability (or null).
published int64
Date/time when the vulnerability was published (in Unix time).
riskFactors object
RiskFactors maps the existence of vulnerability risk factors
property name* string
severity string
Textual representation of the vulnerability's severity.
status string
Vendor status for the vulnerability.
templates vuln.ComplianceTemplate[]
Possible values: [PCI,HIPAA,NIST SP 800-190,GDPR,DISA STIG]
List of templates with which the vulnerability is associated.
text string
Description of the violation.
title string
Compliance title.
twistlock boolean
Indicates if this is a Twistlock-specific vulnerability (true) or not (false).
type vuln.Type
Possible values: [container,image,host_config,daemon_config,daemon_config_files,security_operations,k8s_master,k8s_worker,k8s_federation,linux,windows,istio,serverless,custom,docker_stig,openshift_master,openshift_worker,application_control_linux]
Type represents the vulnerability type
vecStr string
Textual representation of the metric values used to score the vulnerability.
vulnTagInfos object[]
Tag information for the vulnerability.
Array [
color common.Color
Color is a hexadecimal representation of color code value
comment string
Tag comment in a specific vulnerability context.
name string
Name of the tag.
]
]
]
id string
ID of the image.
labels object
Image labels.
property name* string
layers string[]
Image filesystem layers.
os string
Image os type.
repoDigest string[]
Image repo digests.
repoTags string[]
Image repo tags.
user string
Image user.
workingDir string
Base working directory of the image.
installedProducts object
InstalledProducts contains data regarding products running in environment TODO #34713: Swarm support was deprecated in Joule, remove swarm node/manager boolean (and related compliance) in Lagrange
agentless boolean
Agentless indicates whether the scan was performed with agentless approach.
apache string
Apache indicates the apache server version, empty in case apache not running.
awsCloud boolean
AWSCloud indicates whether AWS cloud is used.
crio boolean
CRI indicates whether the container runtime is CRI (and not docker).
docker string
Docker represents the docker daemon version.
dockerEnterprise boolean
DockerEnterprise indicates whether the enterprise version of Docker is installed.
hasPackageManager boolean
HasPackageManager indicates whether package manager is installed on the OS.
k8sApiServer boolean
K8sAPIServer indicates whether a kubernetes API server is running.
k8sControllerManager boolean
K8sControllerManager indicates whether a kubernetes controller manager is running.
k8sEtcd boolean
K8sEtcd indicates whether etcd is running.
k8sFederationApiServer boolean
K8sFederationAPIServer indicates whether a federation API server is running.
k8sFederationControllerManager boolean
K8sFederationControllerManager indicates whether a federation controller manager is running.
k8sKubelet boolean
K8sKubelet indicates whether kubelet is running.
k8sProxy boolean
K8sProxy indicates whether a kubernetes proxy is running.
k8sScheduler boolean
K8sScheduler indicates whether the kubernetes scheduler is running.
kubernetes string
Kubernetes represents the kubernetes version.
openshift boolean
Openshift indicates whether openshift is deployed.
openshiftVersion string
OpenshiftVersion represents the running openshift version.
osDistro string
OSDistro specifies the os distribution.
serverless boolean
Serverless indicates whether evaluated on a serverless environment.
swarmManager boolean
SwarmManager indicates whether a swarm manager is running.
swarmNode boolean
SwarmNode indicates whether the node is part of an active swarm.
instances object[]
Details about each occurrence of the image (tag + host).
Array [
host string
.
image string
.
modified date-time
.
registry string
.
repo string
.
tag string
.
]
isARM64 boolean
IsARM64 indicates if the architecture of the image is aarch64.
k8sClusterAddr string
Endpoint of the Kubernetes API server.
labels string[]
Image labels.
layers string[]
Image's filesystem layers. Each layer is a SHA256 digest of the filesystem diff See: https://windsock.io/explaining-docker-image-ids/.
missingDistroVulnCoverage boolean
Indicates if the image OS is covered in the IS (true) or not (false).
namespaces string[]
k8s namespaces of all the containers running this image.
osDistro string
Name of the OS distribution.
osDistroRelease string
OS distribution release.
osDistroVersion string
OS distribution version.
packageCorrelationDone boolean
PackageCorrelationDone indicates that the correlation to OS packages has been done.
packageManager boolean
Indicates if the package manager is installed for the OS.
packages object[]
Packages which exist in the image.
Array [
pkgs object[]
List of packages.
Array [
binaryIdx int16[]
Indexes of the top binaries which use the package.
binaryPkgs string[]
Names of the distro binary packages (packages which are built on the source of the package).
cveCount integer
Total number of CVEs for this specific package.
defaultGem boolean
DefaultGem indicates this is a gem default package (and not a bundled package).
files object[]
List of package-related files and their hashes. Only included when the appropriate scan option is set.
Array [
md5 string
Hash sum of the file using md5.
path string
Path of the file.
sha1 string
Hash sum of the file using SHA-1.
sha256 string
Hash sum of the file using SHA256.
]
functionLayer string
ID of the serverless layer in which the package was discovered.
goPkg boolean
GoPkg indicates this is a Go package (and not module).
jarIdentifier string
JarIdentifier holds an additional identification detail of a JAR package.
layerTime int64
Image layer to which the package belongs (layer creation time).
license string
License information for the package.
name string
Name of the package.
osPackage boolean
OSPackage indicates that a python/java package was installed as an OS package.
path string
Full package path (e.g., JAR or Node.js package path).
version string
Package version.
]
pkgsType vuln.PackageType
Possible values: [nodejs,gem,python,jar,package,windows,binary,nuget,go]
PackageType describes the package type
]
pullDuration int64
PullDuration is the time it took to pull the image.
pushTime date-time
PushTime is the image push time to the registry.
registryNamespace string
IBM cloud namespace to which the image belongs.
registryType string
RegistryType indicates the registry type where the image is stored.
repoDigests string[]
Digests of the image. Used for content trust (notary). Has one digest per tag.
repoTag object
ImageTag represents an image repository and its associated tag or registry digest
digest string
Image digest (requires V2 or later registry).
id string
ID of the image.
registry string
Registry name to which the image belongs.
repo string
Repository name to which the image belongs.
tag string
Image tag.
rhelRepos string[]
RhelRepositories are the (RPM) repositories IDs from which the packages in this image were installed Used for matching vulnerabilities by Red Hat CPEs.
riskFactors object
RiskFactors maps the existence of vulnerability risk factors
property name* string
scanBuildDate string
Scanner build date that published the image.
scanDuration int64
ScanDuration is the total time it took to scan the image.
scanID integer
ScanID is the ID of the scan.
scanTime date-time
Specifies the time of the last scan of the image.
scanVersion string
Scanner version that published the image.
startupBinaries object[]
Binaries which are expected to run when the container is created from this image.
Array [
altered boolean
Indicates if the binary was installed from a package manager and modified/replaced (true) or not (false).
cveCount integer
Total number of CVEs for this specific binary.
deps string[]
Third-party package files which are used by the binary.
functionLayer string
ID of the serverless layer in which the package was discovered.
md5 string
Md5 hashset of the binary.
missingPkg boolean
Indicates if this binary is not related to any package (true) or not (false).
name string
Name of the binary.
path string
Relative path of the binary inside the container.
pkgRootDir string
Path for searching packages used by the binary.
services string[]
Names of services which use the binary.
version string
Version of the binary.
]
stopped boolean
Stopped indicates whether the host was running during the agentless scan.
tags object[]
Tags associated with the given image.
Array [
digest string
Image digest (requires V2 or later registry).
id string
ID of the image.
registry string
Registry name to which the image belongs.
repo string
Repository name to which the image belongs.
tag string
Image tag.
]
topLayer string
SHA256 of the image's last layer that is the last element of the Layers field.
trustResult object
ImageResult represents an aggregated image trust result
groups object[]
Trust groups which apply to the image.
Array [
_id string
Name of the group.
disabled boolean
Indicates if the rule is currently disabled (true) or not (false).
images string[]
Image names or IDs (e.g., docker.io/library/ubuntu:16.04 / SHA264@...).
layers string[]
Filesystem layers. The image is trusted if its layers have a prefix of the trusted groups layer in the same order.
modified date-time
Datetime when the rule was last modified.
name string
Name of the rule.
notes string
Free-form text.
owner string
User who created or last modified the rule.
previousName string
Previous name of the rule. Required for rule renaming.
]
hostsStatuses object[]
Image trust status on each host. Can be set to "trusted" or "untrusted".
Array [
host string
Host name.
status trust.Status
Possible values: [trusted,untrusted]
Status is the trust status for an image
]
trustStatus trust.Status
Possible values: [trusted,untrusted]
Status is the trust status for an image
twistlockImage boolean
Indicates if the image is a Twistlock image (true) or not (false).
type shared.ScanType
Possible values: [image,ciImage,container,host,agentlessHost,registry,serverlessScan,ciServerless,vm,tas,ciTas,cloudDiscovery,serverlessRadar,serverlessAutoDeploy,hostAutoDeploy,codeRepo,ciCodeRepo]
ScanType displays the components for an ongoing scan
vulnerabilities object[]
CVE vulnerabilities of the image.
Array [
applicableRules string[]
Rules applied on the package.
binaryPkgs string[]
Names of the distro binary package names (packages which are built from the source of the package).
block boolean
Indicates if the vulnerability has a block effect (true) or not (false).
cause string
Additional information regarding the root cause for the vulnerability.
cri boolean
Indicates if this is a CRI-specific vulnerability (true) or not (false).
custom boolean
Indicates if the vulnerability is a custom vulnerability (e.g., openscap, sandbox) (true) or not (false).
cve string
CVE ID of the vulnerability (if applied).
cvss float
CVSS score of the vulnerability.
description string
Description of the vulnerability.
discovered date-time
Specifies the time of discovery for the vulnerability.
exploit vuln.ExploitType
Possible values: [,exploit-db,exploit-windows,cisa-kev]
ExploitType represents the source of an exploit
exploits object[]
Exploits represents the exploits data found for a CVE
Array [
kind vuln.ExploitKind
Possible values: [poc,in-the-wild]
ExploitKind represents the kind of the exploit
link string
Link is a link to information about the exploit.
source vuln.ExploitType
Possible values: [,exploit-db,exploit-windows,cisa-kev]
ExploitType represents the source of an exploit
]
fixDate int64
Date/time when the vulnerability was fixed (in Unix time).
fixLink string
Link to the vendor's fixed-version information.
functionLayer string
Specifies the serverless layer ID in which the vulnerability was discovered.
gracePeriodDays integer
Number of grace days left for a vulnerability, based on the configured grace period. Nil if no block vulnerability rule applies.
id integer
ID of the violation.
layerTime int64
Date/time of the image layer to which the CVE belongs.
link string
Vendor link to the CVE.
packageName string
Name of the package that caused the vulnerability.
packageVersion string
Version of the package that caused the vulnerability (or null).
published int64
Date/time when the vulnerability was published (in Unix time).
riskFactors object
RiskFactors maps the existence of vulnerability risk factors
property name* string
severity string
Textual representation of the vulnerability's severity.
status string
Vendor status for the vulnerability.
templates vuln.ComplianceTemplate[]
Possible values: [PCI,HIPAA,NIST SP 800-190,GDPR,DISA STIG]
List of templates with which the vulnerability is associated.
text string
Description of the violation.
title string
Compliance title.
twistlock boolean
Indicates if this is a Twistlock-specific vulnerability (true) or not (false).
type vuln.Type
Possible values: [container,image,host_config,daemon_config,daemon_config_files,security_operations,k8s_master,k8s_worker,k8s_federation,linux,windows,istio,serverless,custom,docker_stig,openshift_master,openshift_worker,application_control_linux]
Type represents the vulnerability type
vecStr string
Textual representation of the metric values used to score the vulnerability.
vulnTagInfos object[]
Tag information for the vulnerability.
Array [
color common.Color
Color is a hexadecimal representation of color code value
comment string
Tag comment in a specific vulnerability context.
name string
Name of the tag.
]
]
vulnerabilitiesCount integer
Total number of vulnerabilities.
vulnerabilityDistribution object
Distribution counts the number of vulnerabilities per type
critical integer
.
high integer
.
low integer
.
medium integer
.
total integer
.
vulnerabilityRiskScore float
Image's CVE risk score.
wildFireUsage object
Usage holds wildfire usage stats, period for the usage varies with context
bytes int64
Bytes is the total number of bytes uploaded to the WildFire API.
queries int64
Queries is the number of queries to the WildFire API.
uploads int64
Uploads is the number of uploads to the WildFire API.
]

{
  "images": [
    {
      "Secrets": [
        "string"
      ],
      "_id": "string",
      "agentless": true,
      "allCompliance": {
        "compliance": [
          {
            "applicableRules": [
              "string"
            ],
            "binaryPkgs": [
              "string"
            ],
            "block": true,
            "cause": "string",
            "cri": true,
            "custom": true,
            "cve": "string",
            "cvss": 0,
            "description": "string",
            "discovered": "2023-05-27T04:01:51.171Z",
            "exploit": [
              "",
              "exploit-db",
              "exploit-windows",
              "cisa-kev"
            ],
            "exploits": [
              {
                "kind": [
                  "poc",
                  "in-the-wild"
                ],
                "link": "string",
                "source": [
                  "",
                  "exploit-db",
                  "exploit-windows",
                  "cisa-kev"
                ]
              }
            ],
            "fixDate": 0,
            "fixLink": "string",
            "functionLayer": "string",
            "gracePeriodDays": 0,
            "id": 0,
            "layerTime": 0,
            "link": "string",
            "packageName": "string",
            "packageVersion": "string",
            "published": 0,
            "riskFactors": {},
            "severity": "string",
            "status": "string",
            "templates": [
              [
                "PCI",
                "HIPAA",
                "NIST SP 800-190",
                "GDPR",
                "DISA STIG"
              ]
            ],
            "text": "string",
            "title": "string",
            "twistlock": true,
            "type": [
              "container",
              "image",
              "host_config",
              "daemon_config",
              "daemon_config_files",
              "security_operations",
              "k8s_master",
              "k8s_worker",
              "k8s_federation",
              "linux",
              "windows",
              "istio",
              "serverless",
              "custom",
              "docker_stig",
              "openshift_master",
              "openshift_worker",
              "application_control_linux"
            ],
            "vecStr": "string",
            "vulnTagInfos": [
              {
                "color": "string",
                "comment": "string",
                "name": "string"
              }
            ]
          }
        ],
        "enabled": true
      },
      "appEmbedded": true,
      "applications": [
        {
          "installedFromPackage": true,
          "knownVulnerabilities": 0,
          "layerTime": 0,
          "name": "string",
          "path": "string",
          "service": true,
          "version": "string"
        }
      ],
      "baseImage": "string",
      "binaries": [
        {
          "altered": true,
          "cveCount": 0,
          "deps": [
            "string"
          ],
          "functionLayer": "string",
          "md5": "string",
          "missingPkg": true,
          "name": "string",
          "path": "string",
          "pkgRootDir": "string",
          "services": [
            "string"
          ],
          "version": "string"
        }
      ],
      "cloudMetadata": {
        "accountID": "string",
        "awsExecutionEnv": "string",
        "image": "string",
        "labels": [
          {
            "key": "string",
            "sourceName": "string",
            "sourceType": [
              "namespace",
              "deployment",
              "aws",
              "azure",
              "gcp",
              "oci"
            ],
            "timestamp": "2023-05-27T04:01:51.172Z",
            "value": "string"
          }
        ],
        "name": "string",
        "provider": [
          "aws",
          "azure",
          "gcp",
          "alibaba",
          "oci",
          "others"
        ],
        "region": "string",
        "resourceID": "string",
        "resourceURL": "string",
        "type": "string",
        "vmID": "string",
        "vmImageID": "string"
      },
      "clusterType": [
        "AKS",
        "ECS",
        "EKS",
        "GKE",
        "Kubernetes"
      ],
      "clusters": [
        "string"
      ],
      "collections": [
        "string"
      ],
      "complianceDistribution": {
        "critical": 0,
        "high": 0,
        "low": 0,
        "medium": 0,
        "total": 0
      },
      "complianceIssues": [
        {
          "applicableRules": [
            "string"
          ],
          "binaryPkgs": [
            "string"
          ],
          "block": true,
          "cause": "string",
          "cri": true,
          "custom": true,
          "cve": "string",
          "cvss": 0,
          "description": "string",
          "discovered": "2023-05-27T04:01:51.172Z",
          "exploit": [
            "",
            "exploit-db",
            "exploit-windows",
            "cisa-kev"
          ],
          "exploits": [
            {
              "kind": [
                "poc",
                "in-the-wild"
              ],
              "link": "string",
              "source": [
                "",
                "exploit-db",
                "exploit-windows",
                "cisa-kev"
              ]
            }
          ],
          "fixDate": 0,
          "fixLink": "string",
          "functionLayer": "string",
          "gracePeriodDays": 0,
          "id": 0,
          "layerTime": 0,
          "link": "string",
          "packageName": "string",
          "packageVersion": "string",
          "published": 0,
          "riskFactors": {},
          "severity": "string",
          "status": "string",
          "templates": [
            [
              "PCI",
              "HIPAA",
              "NIST SP 800-190",
              "GDPR",
              "DISA STIG"
            ]
          ],
          "text": "string",
          "title": "string",
          "twistlock": true,
          "type": [
            "container",
            "image",
            "host_config",
            "daemon_config",
            "daemon_config_files",
            "security_operations",
            "k8s_master",
            "k8s_worker",
            "k8s_federation",
            "linux",
            "windows",
            "istio",
            "serverless",
            "custom",
            "docker_stig",
            "openshift_master",
            "openshift_worker",
            "application_control_linux"
          ],
          "vecStr": "string",
          "vulnTagInfos": [
            {
              "color": "string",
              "comment": "string",
              "name": "string"
            }
          ]
        }
      ],
      "complianceIssuesCount": 0,
      "complianceRiskScore": 0,
      "creationTime": "2023-05-27T04:01:51.172Z",
      "distro": "string",
      "ecsClusterName": "string",
      "err": "string",
      "externalLabels": [
        {
          "key": "string",
          "sourceName": "string",
          "sourceType": [
            "namespace",
            "deployment",
            "aws",
            "azure",
            "gcp",
            "oci"
          ],
          "timestamp": "2023-05-27T04:01:51.172Z",
          "value": "string"
        }
      ],
      "files": [
        {
          "md5": "string",
          "path": "string",
          "sha1": "string",
          "sha256": "string"
        }
      ],
      "firewallProtection": {
        "enabled": true,
        "outOfBandMode": [
          "",
          "Observation",
          "Protection"
        ],
        "ports": [
          0
        ],
        "supported": true,
        "tlsPorts": [
          0
        ],
        "unprotectedProcesses": [
          {
            "port": 0,
            "process": "string",
            "tls": true
          }
        ]
      },
      "firstScanTime": "2023-05-27T04:01:51.172Z",
      "history": [
        {
          "baseLayer": true,
          "created": 0,
          "emptyLayer": true,
          "id": "string",
          "instruction": "string",
          "sizeBytes": 0,
          "tags": [
            "string"
          ],
          "vulnerabilities": [
            {
              "applicableRules": [
                "string"
              ],
              "binaryPkgs": [
                "string"
              ],
              "block": true,
              "cause": "string",
              "cri": true,
              "custom": true,
              "cve": "string",
              "cvss": 0,
              "description": "string",
              "discovered": "2023-05-27T04:01:51.172Z",
              "exploit": [
                "",
                "exploit-db",
                "exploit-windows",
                "cisa-kev"
              ],
              "exploits": [
                {
                  "kind": [
                    "poc",
                    "in-the-wild"
                  ],
                  "link": "string",
                  "source": [
                    "",
                    "exploit-db",
                    "exploit-windows",
                    "cisa-kev"
                  ]
                }
              ],
              "fixDate": 0,
              "fixLink": "string",
              "functionLayer": "string",
              "gracePeriodDays": 0,
              "id": 0,
              "layerTime": 0,
              "link": "string",
              "packageName": "string",
              "packageVersion": "string",
              "published": 0,
              "riskFactors": {},
              "severity": "string",
              "status": "string",
              "templates": [
                [
                  "PCI",
                  "HIPAA",
                  "NIST SP 800-190",
                  "GDPR",
                  "DISA STIG"
                ]
              ],
              "text": "string",
              "title": "string",
              "twistlock": true,
              "type": [
                "container",
                "image",
                "host_config",
                "daemon_config",
                "daemon_config_files",
                "security_operations",
                "k8s_master",
                "k8s_worker",
                "k8s_federation",
                "linux",
                "windows",
                "istio",
                "serverless",
                "custom",
                "docker_stig",
                "openshift_master",
                "openshift_worker",
                "application_control_linux"
              ],
              "vecStr": "string",
              "vulnTagInfos": [
                {
                  "color": "string",
                  "comment": "string",
                  "name": "string"
                }
              ]
            }
          ]
        }
      ],
      "hostDevices": [
        {
          "ip": "string",
          "name": "string"
        }
      ],
      "hostRuntimeEnabled": true,
      "hostname": "string",
      "hosts": {},
      "id": "string",
      "image": {
        "created": "2023-05-27T04:01:51.172Z",
        "entrypoint": [
          "string"
        ],
        "env": [
          "string"
        ],
        "healthcheck": true,
        "history": [
          {
            "baseLayer": true,
            "created": 0,
            "emptyLayer": true,
            "id": "string",
            "instruction": "string",
            "sizeBytes": 0,
            "tags": [
              "string"
            ],
            "vulnerabilities": [
              {
                "applicableRules": [
                  "string"
                ],
                "binaryPkgs": [
                  "string"
                ],
                "block": true,
                "cause": "string",
                "cri": true,
                "custom": true,
                "cve": "string",
                "cvss": 0,
                "description": "string",
                "discovered": "2023-05-27T04:01:51.173Z",
                "exploit": [
                  "",
                  "exploit-db",
                  "exploit-windows",
                  "cisa-kev"
                ],
                "exploits": [
                  {
                    "kind": [
                      "poc",
                      "in-the-wild"
                    ],
                    "link": "string",
                    "source": [
                      "",
                      "exploit-db",
                      "exploit-windows",
                      "cisa-kev"
                    ]
                  }
                ],
                "fixDate": 0,
                "fixLink": "string",
                "functionLayer": "string",
                "gracePeriodDays": 0,
                "id": 0,
                "layerTime": 0,
                "link": "string",
                "packageName": "string",
                "packageVersion": "string",
                "published": 0,
                "riskFactors": {},
                "severity": "string",
                "status": "string",
                "templates": [
                  [
                    "PCI",
                    "HIPAA",
                    "NIST SP 800-190",
                    "GDPR",
                    "DISA STIG"
                  ]
                ],
                "text": "string",
                "title": "string",
                "twistlock": true,
                "type": [
                  "container",
                  "image",
                  "host_config",
                  "daemon_config",
                  "daemon_config_files",
                  "security_operations",
                  "k8s_master",
                  "k8s_worker",
                  "k8s_federation",
                  "linux",
                  "windows",
                  "istio",
                  "serverless",
                  "custom",
                  "docker_stig",
                  "openshift_master",
                  "openshift_worker",
                  "application_control_linux"
                ],
                "vecStr": "string",
                "vulnTagInfos": [
                  {
                    "color": "string",
                    "comment": "string",
                    "name": "string"
                  }
                ]
              }
            ]
          }
        ],
        "id": "string",
        "labels": {},
        "layers": [
          "string"
        ],
        "os": "string",
        "repoDigest": [
          "string"
        ],
        "repoTags": [
          "string"
        ],
        "user": "string",
        "workingDir": "string"
      },
      "installedProducts": {
        "agentless": true,
        "apache": "string",
        "awsCloud": true,
        "crio": true,
        "docker": "string",
        "dockerEnterprise": true,
        "hasPackageManager": true,
        "k8sApiServer": true,
        "k8sControllerManager": true,
        "k8sEtcd": true,
        "k8sFederationApiServer": true,
        "k8sFederationControllerManager": true,
        "k8sKubelet": true,
        "k8sProxy": true,
        "k8sScheduler": true,
        "kubernetes": "string",
        "openshift": true,
        "openshiftVersion": "string",
        "osDistro": "string",
        "serverless": true,
        "swarmManager": true,
        "swarmNode": true
      },
      "instances": [
        {
          "host": "string",
          "image": "string",
          "modified": "2023-05-27T04:01:51.173Z",
          "registry": "string",
          "repo": "string",
          "tag": "string"
        }
      ],
      "isARM64": true,
      "k8sClusterAddr": "string",
      "labels": [
        "string"
      ],
      "layers": [
        "string"
      ],
      "missingDistroVulnCoverage": true,
      "namespaces": [
        "string"
      ],
      "osDistro": "string",
      "osDistroRelease": "string",
      "osDistroVersion": "string",
      "packageCorrelationDone": true,
      "packageManager": true,
      "packages": [
        {
          "pkgs": [
            {
              "binaryIdx": [
                0
              ],
              "binaryPkgs": [
                "string"
              ],
              "cveCount": 0,
              "defaultGem": true,
              "files": [
                {
                  "md5": "string",
                  "path": "string",
                  "sha1": "string",
                  "sha256": "string"
                }
              ],
              "functionLayer": "string",
              "goPkg": true,
              "jarIdentifier": "string",
              "layerTime": 0,
              "license": "string",
              "name": "string",
              "osPackage": true,
              "path": "string",
              "version": "string"
            }
          ],
          "pkgsType": [
            "nodejs",
            "gem",
            "python",
            "jar",
            "package",
            "windows",
            "binary",
            "nuget",
            "go"
          ]
        }
      ],
      "pullDuration": 0,
      "pushTime": "2023-05-27T04:01:51.173Z",
      "registryNamespace": "string",
      "registryType": "string",
      "repoDigests": [
        "string"
      ],
      "repoTag": {
        "digest": "string",
        "id": "string",
        "registry": "string",
        "repo": "string",
        "tag": "string"
      },
      "rhelRepos": [
        "string"
      ],
      "riskFactors": {},
      "scanBuildDate": "string",
      "scanDuration": 0,
      "scanID": 0,
      "scanTime": "2023-05-27T04:01:51.173Z",
      "scanVersion": "string",
      "startupBinaries": [
        {
          "altered": true,
          "cveCount": 0,
          "deps": [
            "string"
          ],
          "functionLayer": "string",
          "md5": "string",
          "missingPkg": true,
          "name": "string",
          "path": "string",
          "pkgRootDir": "string",
          "services": [
            "string"
          ],
          "version": "string"
        }
      ],
      "stopped": true,
      "tags": [
        {
          "digest": "string",
          "id": "string",
          "registry": "string",
          "repo": "string",
          "tag": "string"
        }
      ],
      "topLayer": "string",
      "trustResult": {
        "groups": [
          {
            "_id": "string",
            "disabled": true,
            "images": [
              "string"
            ],
            "layers": [
              "string"
            ],
            "modified": "2023-05-27T04:01:51.173Z",
            "name": "string",
            "notes": "string",
            "owner": "string",
            "previousName": "string"
          }
        ],
        "hostsStatuses": [
          {
            "host": "string",
            "status": [
              "trusted",
              "untrusted"
            ]
          }
        ]
      },
      "trustStatus": [
        "trusted",
        "untrusted"
      ],
      "twistlockImage": true,
      "type": [
        "image",
        "ciImage",
        "container",
        "host",
        "agentlessHost",
        "registry",
        "serverlessScan",
        "ciServerless",
        "vm",
        "tas",
        "ciTas",
        "cloudDiscovery",
        "serverlessRadar",
        "serverlessAutoDeploy",
        "hostAutoDeploy",
        "codeRepo",
        "ciCodeRepo"
      ],
      "vulnerabilities": [
        {
          "applicableRules": [
            "string"
          ],
          "binaryPkgs": [
            "string"
          ],
          "block": true,
          "cause": "string",
          "cri": true,
          "custom": true,
          "cve": "string",
          "cvss": 0,
          "description": "string",
          "discovered": "2023-05-27T04:01:51.173Z",
          "exploit": [
            "",
            "exploit-db",
            "exploit-windows",
            "cisa-kev"
          ],
          "exploits": [
            {
              "kind": [
                "poc",
                "in-the-wild"
              ],
              "link": "string",
              "source": [
                "",
                "exploit-db",
                "exploit-windows",
                "cisa-kev"
              ]
            }
          ],
          "fixDate": 0,
          "fixLink": "string",
          "functionLayer": "string",
          "gracePeriodDays": 0,
          "id": 0,
          "layerTime": 0,
          "link": "string",
          "packageName": "string",
          "packageVersion": "string",
          "published": 0,
          "riskFactors": {},
          "severity": "string",
          "status": "string",
          "templates": [
            [
              "PCI",
              "HIPAA",
              "NIST SP 800-190",
              "GDPR",
              "DISA STIG"
            ]
          ],
          "text": "string",
          "title": "string",
          "twistlock": true,
          "type": [
            "container",
            "image",
            "host_config",
            "daemon_config",
            "daemon_config_files",
            "security_operations",
            "k8s_master",
            "k8s_worker",
            "k8s_federation",
            "linux",
            "windows",
            "istio",
            "serverless",
            "custom",
            "docker_stig",
            "openshift_master",
            "openshift_worker",
            "application_control_linux"
          ],
          "vecStr": "string",
          "vulnTagInfos": [
            {
              "color": "string",
              "comment": "string",
              "name": "string"
            }
          ]
        }
      ],
      "vulnerabilitiesCount": 0,
      "vulnerabilityDistribution": {
        "critical": 0,
        "high": 0,
        "low": 0,
        "medium": 0,
        "total": 0
      },
      "vulnerabilityRiskScore": 0,
      "wildFireUsage": {
        "bytes": 0,
        "queries": 0,
        "uploads": 0
      }
    }
  ]
}

Resolve Images​

Resolve Images