Vulnerability Advisor for IBM Cloud Container Registry

Introduction

Vulnerability Advisor checks the security status of container images that are provided by IBM®, third parties, or added to your organization's registry namespace.

For more information about Vulnerability Advisor, see Managing image security with Vulnerability Advisor.

For more information about IBM Cloud Container Registry, see About IBM Cloud Container Registry.

For more information about IBM Cloud Kubernetes Service, see Getting started with IBM Cloud Kubernetes Service.

Endpoint URL

The endpoint for the Vulnerability Advisor for IBM Cloud Container Registry API is in the format: https://<registry_dns_name>/va/api/v3 For example, the API endpoint for Dallas is: https://us.icr.io/va/api/v3 To find out about the available IBM Cloud Container Registry DNS names, see Regions.

Error handling

The Vulnerabiliy Advisor service uses standard HTTP response codes to indicate whether a method completed successfully. A 200 response always indicates success. A 400 type response indicates a failure, and a 500 type response usually indicates an internal system error.

Authentication

Access to IBM Cloud Container Registry and Vulnerability Advisor is controlled by using IBM Cloud Identity and Access Management (IAM), which provides a unified approach to managing user identities and access control across your IBM Cloud services and applications.

This API requires IBM Cloud Identity and Access Management (IAM) authentication. You must pass an IAM token in the Authorization header of the request. You can retrieve your IAM access token, which is prefixed with Bearer, by running the ibmcloud iam oauth-tokens command. You must also set the Account header to the unique ID for your IBM Cloud account. You can retrieve your Account ID by running the ibmcloud account show command.

Methods

Get the vulnerability assessment for the list of registry images that belong to a specific account.

GET /va/api/v3/report/account

Request

Custom Headers

  • The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.

  • The IBM Cloud user authentication agent (UAA) or the IBM Cloud Identity & Access Management (IAM) JSON web token that you receive when you log into IBM Cloud. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.

  • The preferred language code for this request.

Query Parameters

  • The name of the repository for which you want to see the vulnerability assessments for the images in that repository. For example: registry.bluemix.net/namespace/image

  • When set to true, the returned list will contain IBM public images as well as the account images

  • When set to false, the returned list will not contain the private account images

Response

Status Code

  • The returned list might contain unscanned results for images in your account that haven't yet been scanned. Try again later. If this issue persists, contact support for help; see https://console.bluemix.net/docs/support/index.html#contacting-support

  • A required header is missing. Add the header to the request and try again.

  • You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.

  • You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.

  • Internal server error.

  • Unable to authenticate with IBM Cloud. Try again later.

No Sample Response

This method does not specify any sample responses.

Get the vulnerability assessment status for the list of registry images that belong to a specific account.

GET /va/api/v3/report/account/status

Request

Custom Headers

  • The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.

  • The IBM Cloud user authentication agent (UAA) or the IBM Cloud Identity & Access Management (IAM) JSON web token that you receive when you log into IBM Cloud. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.

  • The preferred language code for this request.

Query Parameters

  • The name of the repository for which you want to see the vulnerability assessments for the images in that repository. For example: registry.bluemix.net/namespace/image

  • When set to true, the returned list will contain IBM public images as well as the account images

  • When set to false, the returned list will not contain the private account images

Response

Status Code

  • The returned list might contain unscanned results for images in your account that haven't yet been scanned. Try again later. If this issue persists, contact support for help; see https://console.bluemix.net/docs/support/index.html#contacting-support

  • A required header is missing. Add the header to the request and try again.

  • You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.

  • You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.

  • Internal server error.

  • Unable to authenticate with IBM Cloud. Try again later.

No Sample Response

This method does not specify any sample responses.

Get the overall vulnerability status for a registry image.

GET /va/api/v3/report/image/status/{name}

Request

Custom Headers

  • The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.

  • The IBM Cloud user authentication agent (UAA) or the IBM Cloud Identity & Access Management (IAM) JSON web token that you receive when you log into IBM Cloud. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.

  • The preferred language code for this request.

Path Parameters

  • Name of the image, for example: registry.bluemix.net/namespace/image:tag.

    Constraints: Value must match regular expression .*

Response

Status Code

  • OK

  • A required header is missing. Add the header to the request and try again.

  • You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.

  • You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.

  • Your image hasn't been scanned yet. Try again later. If this issue persists, contact support for help; see https://console.bluemix.net/docs/support/index.html#contacting-support

  • Internal server error.

  • Unable to authenticate with IBM Cloud. Try again later.

No Sample Response

This method does not specify any sample responses.

Get the vulnerability assessment for a registry image.

GET /va/api/v3/report/image/{name}

Request

Custom Headers

  • The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.

  • The IBM Cloud user authentication agent (UAA) or the IBM Cloud Identity & Access Management (IAM) JSON web token that you receive when you log into IBM Cloud. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.

  • The preferred language code for this request.

Path Parameters

  • Name of the image, for example: registry.bluemix.net/namespace/image:tag.

    Constraints: Value must match regular expression .*

Response

Status Code

  • OK

  • A required header is missing. Add the header to the request and try again.

  • You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.

  • You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.

  • Your image hasn't been scanned yet. Try again later. If this issue persists, contact support for help; see https://console.bluemix.net/docs/support/index.html#contacting-support

  • Internal server error.

  • Unable to authenticate with IBM Cloud. Try again later.

No Sample Response

This method does not specify any sample responses.

List the exemptions that are specified for an account

GET /va/api/v3/exempt/image

Request

Custom Headers

  • The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.

  • An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.

  • The preferred language code for this request.

Response

Status Code

  • OK

  • A required header is missing. Add the header to the request and try again.

  • You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.

  • You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.

  • Internal server error.

  • Unable to authenticate with IBM Cloud. Try again later.

No Sample Response

This method does not specify any sample responses.

Get an exemption that is specified for an account

GET /va/api/v3/exempt/image/issue/{issueType}/{issueID}

Request

Custom Headers

  • The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.

  • An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.

  • The preferred language code for this request.

Path Parameters

  • Exemption type, e.g. 'cve' or 'sn' or 'configuration'. See /api/v2/exempt/types for more details.

  • Exemption ID, e.g. 'CVE-2018-9999'. See /api/v2/exempt/types for more details.

    Constraints: Value must match regular expression .*

Response

Status Code

  • OK

  • A required header is missing. Add the header to the request and try again.

  • You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.

  • You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.

  • Internal server error.

  • Unable to authenticate with IBM Cloud. Try again later.

No Sample Response

This method does not specify any sample responses.

Create or update an exemption that is specified for an account

POST /va/api/v3/exempt/image/issue/{issueType}/{issueID}

Request

Custom Headers

  • The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.

  • An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.

  • The preferred language code for this request.

Path Parameters

  • Exemption type, e.g. 'cve' or 'sn' or 'configuration'. See /api/v2/exempt/types for more details.

  • Exemption ID, e.g. 'CVE-2018-9999'. See /api/v2/exempt/types for more details.

    Constraints: Value must match regular expression .*

Response

Status Code

  • Created

  • A required header is missing. Add the header to the request and try again.

  • You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.

  • You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.

  • Internal server error.

  • Unable to authenticate with IBM Cloud. Try again later.

No Sample Response

This method does not specify any sample responses.

Delete an exemption that is specified for an account

DELETE /va/api/v3/exempt/image/issue/{issueType}/{issueID}

Request

Custom Headers

  • The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.

  • An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.

  • The preferred language code for this request.

Path Parameters

  • Exemption type, e.g. 'cve' or 'sn' or 'configuration'. See /api/v2/exempt/types for more details.

  • Exemption ID, e.g. 'CVE-2018-9999'. See /api/v2/exempt/types for more details.

    Constraints: Value must match regular expression .*

Response

Status Code

  • OK

  • A required header is missing. Add the header to the request and try again.

  • You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.

  • You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.

  • Exemption not found.

  • Internal server error.

  • Unable to authenticate with IBM Cloud. Try again later.

No Sample Response

This method does not specify any sample responses.

List the exemptions that are specified for a resource (account, registry namespace, repository, or image)

GET /va/api/v3/exempt/image/{resource}

Request

Custom Headers

  • The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.

  • An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.

  • The preferred language code for this request.

Path Parameters

  • IBM Cloud Registry resource (namespace, namespace/repository, or namespace/repository:tag)

    Constraints: Value must match regular expression .*

Response

Status Code

  • OK

  • A required header is missing. Add the header to the request and try again.

  • You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.

  • You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.

  • Internal server error.

  • Unable to authenticate with IBM Cloud. Try again later.

No Sample Response

This method does not specify any sample responses.

Get an exemption that is specified for a resource (account, registry namespace, repository, or image)

GET /va/api/v3/exempt/image/{resource}/issue/{issueType}/{issueID}

Request

Custom Headers

  • The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.

  • An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.

  • The preferred language code for this request.

Path Parameters

  • Exemption type, e.g. 'cve' or 'sn' or 'configuration'. See /api/v2/exempt/types for more details.

  • Exemption ID, e.g. 'CVE-2018-9999'. See /api/v2/exempt/types for more details.

    Constraints: Value must match regular expression .*

  • IBM Cloud Registry resource (namespace, namespace/repository, or namespace/repository:tag)

    Constraints: Value must match regular expression .*

Response

Status Code

  • OK

  • A required header is missing. Add the header to the request and try again.

  • You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.

  • You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.

  • Internal server error.

  • Unable to authenticate with IBM Cloud. Try again later.

No Sample Response

This method does not specify any sample responses.

Create or update an exemption that is specified for a resource (account, registry namespace, repository, or image)

POST /va/api/v3/exempt/image/{resource}/issue/{issueType}/{issueID}

Request

Custom Headers

  • The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.

  • An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.

  • The preferred language code for this request.

Path Parameters

  • Exemption type, e.g. 'cve' or 'sn' or 'configuration'. See /api/v2/exempt/types for more details.

  • Exemption ID, e.g. 'CVE-2018-9999'. See /api/v2/exempt/types for more details.

    Constraints: Value must match regular expression .*

  • IBM Cloud Registry resource (namespace, namespace/repository, or namespace/repository:tag)

    Constraints: Value must match regular expression .*

Response

Status Code

  • Created

  • A required header is missing. Add the header to the request and try again.

  • You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.

  • You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.

  • Internal server error.

  • Unable to authenticate with IBM Cloud. Try again later.

No Sample Response

This method does not specify any sample responses.

Delete an exemption that is specified for a resource (account, registry namespace, repository, or image)

DELETE /va/api/v3/exempt/image/{resource}/issue/{issueType}/{issueID}

Request

Custom Headers

  • The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.

  • An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.

  • The preferred language code for this request.

Path Parameters

  • Exemption type, e.g. 'cve' or 'sn' or 'configuration'. See /api/v2/exempt/types for more details.

  • Exemption ID, e.g. 'CVE-2018-9999'. See /api/v2/exempt/types for more details.

    Constraints: Value must match regular expression .*

  • IBM Cloud Registry resource (namespace, namespace/repository, or namespace/repository:tag)

    Constraints: Value must match regular expression .*

Response

Status Code

  • OK

  • A required header is missing. Add the header to the request and try again.

  • You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.

  • You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.

  • Exemption not found.

  • Internal server error.

  • Unable to authenticate with IBM Cloud. Try again later.

No Sample Response

This method does not specify any sample responses.

List the types of exemption

GET /va/api/v3/exempt/types

Request

Custom Headers

  • The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.

  • An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.

  • The preferred language code for this request.

Response

Status Code

  • OK

  • A required header is missing. Add the header to the request and try again.

  • You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.

  • You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.

  • Internal server error.

  • Unable to authenticate with IBM Cloud. Try again later.

No Sample Response

This method does not specify any sample responses.

List all of the exemptions in the given account

GET /va/api/v3/exemptions/account

Request

Custom Headers

  • The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.

  • An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.

  • The preferred language code for this request.

Response

Status Code

  • OK

  • A required header is missing. Add the header to the request and try again.

  • You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.

  • You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.

  • Internal server error.

  • Unable to authenticate with IBM Cloud. Try again later.

No Sample Response

This method does not specify any sample responses.

Delete all of the exemptions in the given account

POST /va/api/v3/exemptions/deleteAll

Request

Custom Headers

  • The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.

  • An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.

  • The preferred language code for this request.

Response

Status Code

  • OK

  • A required header is missing. Add the header to the request and try again.

  • You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.

  • You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.

  • Internal server error.

  • Unable to authenticate with IBM Cloud. Try again later.

No Sample Response

This method does not specify any sample responses.

List all of the exemptions for an image

GET /va/api/v3/exemptions/image/{resource}

Request

Custom Headers

  • The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.

  • An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.

  • The preferred language code for this request.

Path Parameters

  • IBM Cloud Registry resource (namespace, namespace/repository, or namespace/repository:tag)

    Constraints: Value must match regular expression .*

Query Parameters

  • Include scope on returned exemptions

    Default: false

Response

Status Code

  • OK. If the includeScope query parameter is set to true this endpoint will return a list of exemptions that have an additional field 'scope' that describes the level at which the exemption is set (namespace, repository, tag)

  • A required header is missing. Add the header to the request and try again.

  • You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.

  • You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.

  • Internal server error.

  • Unable to authenticate with IBM Cloud. Try again later.

No Sample Response

This method does not specify any sample responses.

List the exemptions for the given list of images

POST /va/api/v3/exemptions/images

Request

Custom Headers

  • The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.

  • An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.

  • The preferred language code for this request.

List of images

Response

Status Code

  • OK

  • A required header is missing. Add the header to the request and try again.

  • You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.

  • You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.

  • Internal server error.

  • Unable to authenticate with IBM Cloud. Try again later.

No Sample Response

This method does not specify any sample responses.