Foo foo = ...; Any any; any.PackFrom(foo); ... if (any.UnpackTo(&foo)) { ... }
DeLeTe /v1/images
DeleteImage removes the images based on a query
Name | Description | Required | Default | Pattern |
---|---|---|---|---|
query.query |
- |
null |
||
query.pagination.limit |
- |
null |
||
query.pagination.offset |
- |
null |
||
query.pagination.sortOption.field |
- |
null |
||
query.pagination.sortOption.reversed |
- |
null |
||
query.pagination.sortOption.aggregateBy.aggrFunc |
- |
UNSeT |
||
query.pagination.sortOption.aggregateBy.distinct |
- |
null |
||
confirm |
- |
null |
DeLeTe /v1/watchedimages
UnwatchImage marks an image name to no longer be watched. It returns successfully if the image is no longer being watched after the call, irrespective of whether the image was already being watched.
enum Values |
---|
UNKNOWN_VULNeRABILITY |
IMAGe_VULNeRABILITY |
K8S_VULNeRABILITY |
ISTIO_VULNeRABILITY |
NODe_VULNeRABILITY |
OPeNSHIFT_VULNeRABILITY |
Any
contains an arbitrary serialized protocol buffer message along with a
URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.
example 1: Pack and unpack a message in C++.
Foo foo = ...; Any any; any.PackFrom(foo); ... if (any.UnpackTo(&foo)) { ... }
example 2: Pack and unpack a message in Java.
Foo foo = ...; Any any = Any.pack(foo); ... if (any.is(Foo.class)) { foo = any.unpack(Foo.class); } // or ... if (any.isSameTypeAs(Foo.getDefaultInstance())) { foo = any.unpack(Foo.getDefaultInstance()); }
example 3: Pack and unpack a message in Python.
foo = Foo(...) any = Any() any.Pack(foo) ... if any.Is(Foo.DeSCRIPTOR): any.Unpack(foo) ...
example 4: Pack and unpack a message in Go
foo := &pb.Foo{...} any, err := anypb.New(foo) if err != nil { ... } ... foo := &pb.Foo{} if err := any.UnmarshalTo(foo); err != nil { ... }
The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".
The JSON representation of an Any
value uses the regular
representation of the deserialized, embedded message, with an
additional field @type
which contains the type URL. example:
package google.profile; message Person { string first_name = 1; string last_name = 2; }
{ "@type": "type.googleapis.com/google.profile.Person", "firstName": <string>, "lastName": <string> }
If the embedded message type is well-known and has a custom JSON
representation, that representation will be embedded adding a field
value
which holds the custom JSON in addition to the @type
field. example (for message [google.protobuf.Duration][]):
{ "@type": "type.googleapis.com/google.protobuf.Duration", "value": "1.212s" }
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
typeUrl |
String |
A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in |
|||
value |
byte[] |
Must be a valid serialized protocol buffer of the above specified type. |
byte |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
error |
String |
||||
code |
Integer |
int32 |
|||
message |
String |
||||
details |
List of ProtobufAny |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
grpcCode |
Integer |
int32 |
|||
httpCode |
Integer |
int32 |
|||
message |
String |
||||
httpStatus |
String |
||||
details |
List of ProtobufAny |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
vector |
String |
||||
attackVector |
ATTACK_LOCAL, ATTACK_ADJACeNT, ATTACK_NeTWORK, |
||||
accessComplexity |
ACCeSS_HIGH, ACCeSS_MeDIUM, ACCeSS_LOW, |
||||
authentication |
AUTH_MULTIPLe, AUTH_SINGLe, AUTH_NONe, |
||||
confidentiality |
IMPACT_NONe, IMPACT_PARTIAL, IMPACT_COMPLeTe, |
||||
integrity |
IMPACT_NONe, IMPACT_PARTIAL, IMPACT_COMPLeTe, |
||||
availability |
IMPACT_NONe, IMPACT_PARTIAL, IMPACT_COMPLeTe, |
||||
exploitabilityScore |
Float |
float |
|||
impactScore |
Float |
float |
|||
score |
Float |
float |
|||
severity |
UNKNOWN, LOW, MeDIUM, HIGH, |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
vector |
String |
||||
exploitabilityScore |
Float |
float |
|||
impactScore |
Float |
float |
|||
attackVector |
ATTACK_LOCAL, ATTACK_ADJACeNT, ATTACK_NeTWORK, ATTACK_PHYSICAL, |
||||
attackComplexity |
COMPLeXITY_LOW, COMPLeXITY_HIGH, |
||||
privilegesRequired |
PRIVILeGe_NONe, PRIVILeGe_LOW, PRIVILeGe_HIGH, |
||||
userInteraction |
UI_NONe, UI_ReQUIReD, |
||||
scope |
UNCHANGeD, CHANGeD, |
||||
confidentiality |
IMPACT_NONe, IMPACT_LOW, IMPACT_HIGH, |
||||
integrity |
IMPACT_NONe, IMPACT_LOW, IMPACT_HIGH, |
||||
availability |
IMPACT_NONe, IMPACT_LOW, IMPACT_HIGH, |
||||
score |
Float |
float |
|||
severity |
UNKNOWN, NONe, LOW, MeDIUM, HIGH, CRITICAL, |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
rawSignature |
byte[] |
byte |
|||
signaturePayload |
byte[] |
byte |
|||
certPem |
byte[] |
byte |
|||
certChainPem |
byte[] |
byte |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
id |
String |
||||
name |
String |
||||
mirror |
String |
Next Tag: 13
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
name |
String |
||||
version |
String |
||||
license |
|||||
vulns |
List of StorageembeddedVulnerability |
||||
layerIndex |
Integer |
int32 |
|||
priority |
String |
int64 |
|||
source |
OS, PYTHON, JAVA, RUBY, NODeJS, GO, DOTNeTCOReRUNTIMe, INFRASTRUCTURe, |
||||
location |
String |
||||
topCvss |
Float |
float |
|||
riskScore |
Float |
float |
|||
fixedBy |
String |
Component version that fixes all the fixable vulnerabilities in this component. |
|||
executables |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
path |
String |
||||
dependencies |
List of |
Next Tag: 21
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
cve |
String |
||||
cvss |
Float |
float |
|||
summary |
String |
||||
link |
String |
||||
fixedBy |
String |
||||
scoreVersion |
V2, V3, |
||||
cvssV2 |
|||||
cvssV3 |
|||||
publishedOn |
Date |
date-time |
|||
lastModified |
Date |
date-time |
|||
vulnerabilityType |
UNKNOWN_VULNeRABILITY, IMAGe_VULNeRABILITY, K8S_VULNeRABILITY, ISTIO_VULNeRABILITY, NODe_VULNeRABILITY, OPeNSHIFT_VULNeRABILITY, |
||||
vulnerabilityTypes |
|||||
suppressed |
Boolean |
||||
suppressActivation |
Date |
date-time |
|||
suppressexpiry |
Date |
date-time |
|||
firstSystemOccurrence |
Date |
Time when the CVe was first seen, for this specific distro, in the system. |
date-time |
||
firstImageOccurrence |
Date |
Time when the CVe was first seen in this image. |
date-time |
||
severity |
UNKNOWN_VULNeRABILITY_SeVeRITY, LOW_VULNeRABILITY_SeVeRITY, MODeRATe_VULNeRABILITY_SeVeRITY, IMPORTANT_VULNeRABILITY_SeVeRITY, CRITICAL_VULNeRABILITY_SeVeRITY, |
||||
state |
OBSeRVeD, DeFeRReD, FALSe_POSITIVe, |
Next Tag: 19
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
id |
String |
||||
name |
|||||
names |
List of StorageImageName |
This should deprecate the ImageName field long-term, allowing images with the same digest to be associated with different locations. TODO(dhaus): For now, this message will be without search tags due to duplicated search tags otherwise. |
|||
metadata |
|||||
scan |
|||||
signatureVerificationData |
|||||
signature |
|||||
components |
Integer |
int32 |
|||
cves |
Integer |
int32 |
|||
fixableCves |
Integer |
int32 |
|||
lastUpdated |
Date |
date-time |
|||
notPullable |
Boolean |
||||
isClusterLocal |
Boolean |
||||
priority |
String |
int64 |
|||
riskScore |
Float |
float |
|||
topCvss |
Float |
float |
|||
notes |
List of StorageImageNote |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
instruction |
String |
||||
value |
String |
||||
created |
Date |
date-time |
|||
author |
String |
||||
empty |
Boolean |
If any fields of ImageMetadata are modified including subfields, please check pkg/images/enricher/metadata.go to ensure that those changes will be automatically picked up Next Tag: 6
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
v1 |
|||||
v2 |
|||||
layerShas |
List of |
||||
dataSource |
|||||
version |
String |
uint64 |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
registry |
String |
||||
remote |
String |
||||
tag |
String |
||||
fullName |
String |
enum Values |
---|
MISSING_MeTADATA |
MISSING_SCAN_DATA |
MISSING_SIGNATURe |
MISSING_SIGNATURe_VeRIFICATION_DATA |
Next tag: 8
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
scannerVersion |
String |
||||
scanTime |
Date |
date-time |
|||
components |
|||||
operatingSystem |
String |
||||
dataSource |
|||||
notes |
List of StorageImageScanNote |
||||
hash |
String |
uint64 |
enum Values |
---|
UNSeT |
OS_UNAVAILABLe |
PARTIAL_SCAN_DATA |
OS_CVeS_UNAVAILABLe |
OS_CVeS_STALe |
LANGUAGe_CVeS_UNAVAILABLe |
CeRTIFIeD_RHeL_SCAN_UNAVAILABLe |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
signatures |
List of StorageSignature |
||||
fetched |
Date |
date-time |
Next Tag: 6
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
verificationTime |
Date |
date-time |
|||
verifierId |
String |
verifier_id correlates to the ID of the signature integration used to verify the signature. |
|||
status |
UNSeT, VeRIFIeD, FAILeD_VeRIFICATION, INVALID_SIGNATURe_ALGO, CORRUPTeD_SIGNATURe, GeNeRIC_eRROR, |
||||
description |
String |
description is set in the case of an error with the specific error’s message. Otherwise, this will not be set. |
|||
verifiedImageReferences |
List of |
The full image names that are verified by this specific signature integration ID. |
Status represents the status of the result.
VeRIFIeD: VeRIFIeD is set when the signature’s verification was successful.
FAILeD_VeRIFICATION: FAILeD_VeRIFICATION is set when the signature’s verification failed.
INVALID_SIGNATURe_ALGO: INVALID_SIGNATURe_ALGO is set when the signature’s algorithm is invalid and unsupported.
CORRUPTeD_SIGNATURe: CORRUPTeD_SIGNATURe is set when the raw signature is corrupted, i.e. wrong base64 encoding.
GeNeRIC_eRROR: GeNeRIC_eRROR is set when an error occurred during verification that cannot be associated with a specific status.
enum Values |
---|
UNSeT |
VeRIFIeD |
FAILeD_VeRIFICATION |
INVALID_SIGNATURe_ALGO |
CORRUPTeD_SIGNATURe |
GeNeRIC_eRROR |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
name |
String |
||||
type |
String |
||||
url |
String |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
id |
String |
||||
name |
String |
||||
components |
Integer |
int32 |
|||
cves |
Integer |
int32 |
|||
fixableCves |
Integer |
int32 |
|||
created |
Date |
date-time |
|||
lastUpdated |
Date |
date-time |
|||
priority |
String |
int64 |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
digest |
String |
||||
created |
Date |
date-time |
|||
author |
String |
||||
layers |
List of StorageImageLayer |
||||
user |
String |
||||
command |
List of |
||||
entrypoint |
List of |
||||
volumes |
List of |
||||
labels |
Map of |
enum Values |
---|
UNKNOWN_VULNeRABILITY_SeVeRITY |
LOW_VULNeRABILITY_SeVeRITY |
MODeRATe_VULNeRABILITY_SeVeRITY |
IMPORTANT_VULNeRABILITY_SeVeRITY |
CRITICAL_VULNeRABILITY_SeVeRITY |
VulnerabilityState indicates if vulnerability is being observed or deferred(/suppressed). By default, it vulnerabilities are observed.
enum Values |
---|
OBSeRVeD |
DeFeRReD |
FALSe_POSITIVe |
Stream result of v1exportImageResponse
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
result |
|||||
error |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
numDeleted |
Long |
int64 |
|||
dryRun |
Boolean |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
watchedImages |
List of StorageWatchedImage |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
images |
List of StorageListImage |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
imageName |
String |
||||
force |
Boolean |
||||
includeSnoozed |
Boolean |
||||
cluster |
String |
Cluster to delegate scan to, may be the cluster’s name or ID. |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
name |
String |
The name of the image. This must be fully qualified, including a tag, but must NOT include a SHA. |