Introduction
Vulnerability Advisor checks the security status of container images that are provided by IBM®, third parties, or added to your organization's registry namespace.
For more information about Vulnerability Advisor, see Managing image security with Vulnerability Advisor.
For more information about IBM Cloud Container Registry, see About IBM Cloud Container Registry.
For more information about IBM Cloud Kubernetes Service, see Getting started with IBM Cloud Kubernetes Service.
Endpoint URL
The endpoint for the Vulnerability Advisor for IBM Cloud Container Registry API is in the format: https://<registry_dns_name>/va/api/v3 For example, the API endpoint for Dallas is: https://us.icr.io/va/api/v3 To find out about the available IBM Cloud Container Registry DNS names, see Regions.
Authentication
Access to IBM Cloud Container Registry and Vulnerability Advisor is controlled by using IBM Cloud Identity and Access Management (IAM), which provides a unified approach to managing user identities and access control across your IBM Cloud services and applications.
This API requires IBM Cloud Identity and Access Management (IAM) authentication. You must pass an IAM token in the Authorization header of the request. You can retrieve your IAM access token, which is prefixed with Bearer, by running the ibmcloud iam oauth-tokens command. You must also set the Account header to the unique ID for your IBM Cloud account. You can retrieve your Account ID by running the ibmcloud account show command.
Related APIs
- IBM Cloud Container Registry API
- REST API for clusters, see Kubernetes service API
- REST API JSON for clusters
- REST API for logging in clusters, see IBM Cloud Kubernetes Service Logging API Logging API
- REST API for managing Ingress application load balancers in clusters, see IBM Cloud Container Service ALB API
Methods
Get the vulnerability assessment for the list of registry images that belong to a specific account.
GET /va/api/v3/report/accountRequest
Custom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
The IBM Cloud user authentication agent (UAA) or the IBM Cloud Identity & Access Management (IAM) JSON web token that you receive when you log into IBM Cloud. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
Query Parameters
The name of the repository for which you want to see the vulnerability assessments for the images in that repository. For example: registry.bluemix.net/namespace/image
When set to true, the returned list will contain IBM public images as well as the account images
When set to false, the returned list will not contain the private account images
Response
A dictionary of image names as key and report.Report object as value
assessments
Status Code
The returned list might contain unscanned results for images in your account that haven't yet been scanned. Try again later. If this issue persists, contact support for help; see https://console.bluemix.net/docs/support/index.html#contacting-support
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
Get the vulnerability assessment status for the list of registry images that belong to a specific account.
GET /va/api/v3/report/account/statusRequest
Custom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
The IBM Cloud user authentication agent (UAA) or the IBM Cloud Identity & Access Management (IAM) JSON web token that you receive when you log into IBM Cloud. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
Query Parameters
The name of the repository for which you want to see the vulnerability assessments for the images in that repository. For example: registry.bluemix.net/namespace/image
When set to true, the returned list will contain IBM public images as well as the account images
When set to false, the returned list will not contain the private account images
Response
List of image summaries.
Status Code
The returned list might contain unscanned results for images in your account that haven't yet been scanned. Try again later. If this issue persists, contact support for help; see https://console.bluemix.net/docs/support/index.html#contacting-support
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
Request
Custom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
The IBM Cloud user authentication agent (UAA) or the IBM Cloud Identity & Access Management (IAM) JSON web token that you receive when you log into IBM Cloud. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
Path Parameters
Name of the image, for example: registry.bluemix.net/namespace/image:tag.
Constraints: Value must match regular expression
.*
Response
The number of configuration issues found
The number of exempt configuration issues found
The number of exempt issues found
The number of exempt vulnerability issues found
The number of issues found
The scan time of the report as a UNIX timestamp
Overall vulnerability assessment status from: OK, WARN, FAIL, UNSUPPORTED, INCOMPLETE, UNSCANNED
The number of vulnerability issues found
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Your image hasn't been scanned yet. Try again later. If this issue persists, contact support for help; see https://console.bluemix.net/docs/support/index.html#contacting-support
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
Request
Custom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
The IBM Cloud user authentication agent (UAA) or the IBM Cloud Identity & Access Management (IAM) JSON web token that you receive when you log into IBM Cloud. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
Path Parameters
Name of the image, for example: registry.bluemix.net/namespace/image:tag.
Constraints: Value must match regular expression
.*
Response
Possible configuration issues found in the docker object
Unique id of the report
The scan time of the report as a UNIX timestamp
Overall vulnerability assessment status from: OK, WARN, FAIL, UNSUPPORTED, INCOMPLETE, UNSCANNED
Vulnerabilities found in the docker object at the scan time
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Your image hasn't been scanned yet. Try again later. If this issue persists, contact support for help; see https://console.bluemix.net/docs/support/index.html#contacting-support
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
Request
Custom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
Response
Bluemix account GUID for this policy
ID of issue being exempted
Type of issue being exempted
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
Get an exemption that is specified for an account
GET /va/api/v3/exempt/image/issue/{issueType}/{issueID}Request
Custom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
Path Parameters
Exemption type, e.g. 'cve' or 'sn' or 'configuration'. See /api/v2/exempt/types for more details.
Exemption ID, e.g. 'CVE-2018-9999'. See /api/v2/exempt/types for more details.
Constraints: Value must match regular expression
.*
Response
Bluemix account GUID for this policy
ID of issue being exempted
Type of issue being exempted
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
Create or update an exemption that is specified for an account
POST /va/api/v3/exempt/image/issue/{issueType}/{issueID}Request
Custom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
Path Parameters
Exemption type, e.g. 'cve' or 'sn' or 'configuration'. See /api/v2/exempt/types for more details.
Exemption ID, e.g. 'CVE-2018-9999'. See /api/v2/exempt/types for more details.
Constraints: Value must match regular expression
.*
Response
Bluemix account GUID for this policy
ID of issue being exempted
Type of issue being exempted
Status Code
Created
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
Delete an exemption that is specified for an account
DELETE /va/api/v3/exempt/image/issue/{issueType}/{issueID}Request
Custom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
Path Parameters
Exemption type, e.g. 'cve' or 'sn' or 'configuration'. See /api/v2/exempt/types for more details.
Exemption ID, e.g. 'CVE-2018-9999'. See /api/v2/exempt/types for more details.
Constraints: Value must match regular expression
.*
Response
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Exemption not found.
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
List the exemptions that are specified for a resource (account, registry namespace, repository, or image)
GET /va/api/v3/exempt/image/{resource}Request
Custom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
Path Parameters
IBM Cloud Registry resource (namespace, namespace/repository, or namespace/repository:tag)
Constraints: Value must match regular expression
.*
Response
Bluemix account GUID for this policy
ID of issue being exempted
Type of issue being exempted
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
Get an exemption that is specified for a resource (account, registry namespace, repository, or image)
GET /va/api/v3/exempt/image/{resource}/issue/{issueType}/{issueID}Request
Custom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
Path Parameters
Exemption type, e.g. 'cve' or 'sn' or 'configuration'. See /api/v2/exempt/types for more details.
Exemption ID, e.g. 'CVE-2018-9999'. See /api/v2/exempt/types for more details.
Constraints: Value must match regular expression
.*IBM Cloud Registry resource (namespace, namespace/repository, or namespace/repository:tag)
Constraints: Value must match regular expression
.*
Response
Bluemix account GUID for this policy
ID of issue being exempted
Type of issue being exempted
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
Create or update an exemption that is specified for a resource (account, registry namespace, repository, or image)
POST /va/api/v3/exempt/image/{resource}/issue/{issueType}/{issueID}Request
Custom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
Path Parameters
Exemption type, e.g. 'cve' or 'sn' or 'configuration'. See /api/v2/exempt/types for more details.
Exemption ID, e.g. 'CVE-2018-9999'. See /api/v2/exempt/types for more details.
Constraints: Value must match regular expression
.*IBM Cloud Registry resource (namespace, namespace/repository, or namespace/repository:tag)
Constraints: Value must match regular expression
.*
Response
Bluemix account GUID for this policy
ID of issue being exempted
Type of issue being exempted
Status Code
Created
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
Delete an exemption that is specified for a resource (account, registry namespace, repository, or image)
DELETE /va/api/v3/exempt/image/{resource}/issue/{issueType}/{issueID}Request
Custom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
Path Parameters
Exemption type, e.g. 'cve' or 'sn' or 'configuration'. See /api/v2/exempt/types for more details.
Exemption ID, e.g. 'CVE-2018-9999'. See /api/v2/exempt/types for more details.
Constraints: Value must match regular expression
.*IBM Cloud Registry resource (namespace, namespace/repository, or namespace/repository:tag)
Constraints: Value must match regular expression
.*
Response
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Exemption not found.
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
Request
Custom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
Response
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
Request
Custom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
Response
Bluemix account GUID for this policy
ID of issue being exempted
Type of issue being exempted
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
Request
Custom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
Response
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
Request
Custom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
Path Parameters
IBM Cloud Registry resource (namespace, namespace/repository, or namespace/repository:tag)
Constraints: Value must match regular expression
.*
Query Parameters
Include scope on returned exemptions
Default:
false
Response
Bluemix account GUID for this policy
ID of issue being exempted
Type of issue being exempted
Status Code
OK. If the includeScope query parameter is set to true this endpoint will return a list of exemptions that have an additional field 'scope' that describes the level at which the exemption is set (namespace, repository, tag)
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
Request
Custom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
List of images
Response
Bluemix account GUID for this policy
ID of issue being exempted
Type of issue being exempted
any property
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.