Introduction
Vulnerability Advisor checks the security status of container images that are provided by IBM®, third parties, or added to your organization's registry namespace.
For more information about Vulnerability Advisor, see Managing image security with Vulnerability Advisor.
For more information about IBM Cloud Container Registry, see About IBM Cloud Container Registry.
For more information about IBM Cloud Kubernetes Service, see Getting started with IBM Cloud Kubernetes Service.
Endpoint URL
The endpoint for the Vulnerability Advisor for IBM Cloud Container Registry API is in the format: https://<registry_dns_name>/va/api/v3 For example, the API endpoint for Dallas is: https://us.icr.io/va/api/v3 To find out about the available IBM Cloud Container Registry DNS names, see Regions.
Authentication
Access to IBM Cloud Container Registry and Vulnerability Advisor is controlled by using IBM Cloud Identity and Access Management (IAM), which provides a unified approach to managing user identities and access control across your IBM Cloud services and applications.
This API requires IBM Cloud Identity and Access Management (IAM) authentication. You must pass an IAM token in the Authorization header of the request. You can retrieve your IAM access token, which is prefixed with Bearer, by running the ibmcloud iam oauth-tokens command. You must also set the Account header to the unique ID for your IBM Cloud account. You can retrieve your Account ID by running the ibmcloud account show command.
To call each method, you must be assigned a role that includes the required IAM actions. Each method lists the associated action. For more information about IAM actions and how they map to roles, see Managing access for IBM Cloud Container Registry.
Event tracking
You can monitor API activity within your account by using the IBM Cloud Activity Tracker with LogDNA service. Whenever an API method is called, an event is generated that you can then track and audit from within Activity Tracker with LogDNA. The specific event type is listed for each individual method. For more information about how to track IBM Cloud Container Registry activity, see Auditing the events for Container Registry.
For more information about IAM actions and Activity Tracker actions by API method, see IAM and Activity Tracker actions by API .
Vulnerability report status codes
The following table shows the vulnerability report status codes.
| Code | Description |
|---|---|
OK |
No security issues were found in the image. |
FAIL |
The scan found one or more potential security issues or vulnerabilities in the image that are outside the scope of all exemptions. |
WARN |
The scan found one or more potential security issues or vulnerabilities in the image. However all of the issues are within the scope of one or more exemptions. |
UNSUPPORTED |
The scan found no supported operating system (OS) distribution and no active configuration issues in the image. |
INCOMPLETE |
The image is being scanned and the final vulnerability status is not determined. |
UNSCANNED |
A vulnerability assessment for the image could not be found. |
Methods
Get the vulnerability assessment for all images
Get the vulnerability assessment for the list of registry images that belong to a specific account.
GET /va/api/v3/report/account
Request
Custom Headers
The unique ID for your IBM Cloud account. Run 'ibmcloud cr info' to get the ID of the target account.
The preferred language code for this request.
Query Parameters
The name of the repository for which you want to see the vulnerability assessments for the images in that repository. For example: us.icr.io/namespace/image
When set to true, the returned list will contain IBM public images as well as the account images. If not set, or set to false, the list will only contain the account images.
When set to false, the returned list will not contain the private account images. If not set, or set to true, the list will contain the private account images.
Response
A dictionary of image names as key and report.Report object as value
assessments
Status Code
The returned list might contain unscanned results for images in your account that haven't yet been scanned. Try again later. If this issue persists, contact support for help; see https://cloud.ibm.com/docs/get-support?topic=get-support-using-avatar
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'ibmcloud iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'ibmcloud cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
An internal server error occurred
This service is unavailable at the moment. Try again later.
Unable to authenticate with IBM Cloud. Try again later.
{ "assessments": { "us.icr.io/birds/grebe:crested": { "id": "12345678-130f-423f-a521-16f787651234", "scan_time": 1594050648, "status": "UNSUPPORTED", "vulnerabilities": [], "configuration_issues": [] }, "us.icr.io/birds/woodpecker:green": { "id": "12345678-130f-423f-a521-16f787654321", "scan_time": 1594148866, "status": "WARN", "vulnerabilities": [ { "cve_id": "CVE-2019-99999", "summary": "This is a CVE.", "cve_exempt": true, "exempt_status": "exempt", "security_notice_count": 1, "exempt_security_notice_count": 0, "total_security_notice_count": 1, "security_notices": [ { "notice_id": "ALPINE-CVE-2019-99999", "notice": "", "notice_exempt": false, "summary": "This is a summary.", "vulnerable_packages": [ { "description": "Description of vulnerability to package", "corrective_action": "Upgrade the offending packahe", "fix_version": "0.0.1", "installed_version": "0.0.0", "package_name": "package" } ] } ] } ], "configuration_issues": [] } } }
Get vulnerability assessment status for all images
Get the vulnerability assessment status for the list of registry images that belong to a specific account.
GET /va/api/v3/report/account/status
Request
Custom Headers
The unique ID for your IBM Cloud account. Run 'ibmcloud cr info' to get the ID of the target account.
The preferred language code for this request.
Query Parameters
The name of the repository for which you want to see the vulnerability assessments for the images in that repository. For example: us.icr.io/namespace/image
When set to true, the returned list will contain IBM public images as well as the account images. If not set, or set to false, the list will only contain the account images.
When set to false, the returned list will not contain the private account images. If not set, or set to true, the list will contain the private account images.
Response
List of image summaries.
Status Code
The returned list might contain unscanned results for images in your account that haven't yet been scanned. Try again later. If this issue persists, contact support for help; see https://cloud.ibm.com/docs/get-support?topic=get-support-using-avatar
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'ibmcloud iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'ibmcloud cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
An internal server error occurred
This service is unavailable at the moment. Try again later.
Unable to authenticate with IBM Cloud. Try again later.
{ "images": [ { "name": "us.icr.io/birds/woodpecker:green", "created_time": 1515532258, "status": "FAIL", "scan_time": 1594031816, "issue_count": 2, "exempt_issue_count": 1, "vulnerability_count": 2, "exempt_vulnerability_count": 1, "configuration_issue_count": 0, "exempt_configuration_issue_count": 0 }, { "name": "us.icr.io/birds/grebe:crested", "created_time": 1546305670, "status": "UNSUPPORTED", "scan_time": 1594389126, "issue_count": 0, "exempt_issue_count": 0, "vulnerability_count": 0, "exempt_vulnerability_count": 0, "configuration_issue_count": 0, "exempt_configuration_issue_count": 0 } ] }
Get vulnerability status
Get the overall vulnerability status for a registry image.
GET /va/api/v3/report/image/status/{name}Request
Custom Headers
The unique ID for your IBM Cloud account. Run 'ibmcloud cr info' to get the ID of the target account.
The preferred language code for this request.
Path Parameters
Name of the image, for example: us.icr.io/namespace/repository:tag.
Constraints: Value must match regular expression
.*
Response
The number of configuration issues found
The number of exempt configuration issues found
The number of exempt issues found
The number of exempt vulnerability issues found
The number of issues found
The scan time of the report as a UNIX timestamp
Overall vulnerability assessment status from: OK, WARN, FAIL, UNSUPPORTED, INCOMPLETE, UNSCANNED. For descriptions of these statuses see: https://cloud.ibm.com/apidocs/container-registry/va#getting-started-vulnerability-report-status-codes
The number of vulnerability issues found
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'ibmcloud iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'ibmcloud cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Your image hasn't been scanned yet. Try again later. If this issue persists, contact support for help; see https://cloud.ibm.com/docs/get-support?topic=get-support-using-avatar
An internal server error occurred
This service is unavailable at the moment. Try again later.
Unable to authenticate with IBM Cloud. Try again later.
{ "name": "us.icr.io/birds/woodpecker:green", "created_time": 1515532258, "status": "FAIL", "scan_time": 1594031816, "issue_count": 2, "exempt_issue_count": 1, "vulnerability_count": 2, "exempt_vulnerability_count": 1, "configuration_issue_count": 0, "exempt_configuration_issue_count": 0 }
Get vulnerability assessment status
Get the vulnerability assessment for a registry image.
GET /va/api/v3/report/image/{name}Request
Custom Headers
The unique ID for your IBM Cloud account. Run 'ibmcloud cr info' to get the ID of the target account.
The preferred language code for this request.
Path Parameters
Name of the image, for example: us.icr.io/namespace/repository:tag.
Constraints: Value must match regular expression
.*
Response
Possible configuration issues found in the docker object
Unique id of the report
The scan time of the report as a UNIX timestamp
Overall vulnerability assessment status from: OK, WARN, FAIL, UNSUPPORTED, INCOMPLETE, UNSCANNED. For descriptions of these statuses see: https://cloud.ibm.com/apidocs/container-registry/va#getting-started-vulnerability-report-status-codes
Vulnerabilities found in the docker object at the scan time
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'ibmcloud iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'ibmcloud cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Your image hasn't been scanned yet. Try again later. If this issue persists, contact support for help; see https://cloud.ibm.com/docs/get-support?topic=get-support-using-avatar
An internal server error occurred
This service is unavailable at the moment. Try again later.
Unable to authenticate with IBM Cloud. Try again later.
{ "id": "12345678-130f-423f-a521-16f787654321", "scan_time": 1594148866, "status": "WARN", "vulnerabilities": [ { "cve_id": "CVE-2019-99999", "summary": "This is a CVE.", "cve_exempt": true, "exempt_status": "exempt", "security_notice_count": 1, "exempt_security_notice_count": 0, "total_security_notice_count": 1, "security_notices": [ { "notice_id": "ALPINE-CVE-2019-99999", "notice": "", "notice_exempt": false, "summary": "This is a summary.", "vulnerable_packages": [ { "description": "Description of vulnerability to package", "corrective_action": "Upgrade the offending packahe", "fix_version": "0.0.1", "installed_version": "0.0.0", "package_name": "package" } ] } ] } ], "configuration_issues": [] }
List account level exemptions
List the exemptions that are specified with account level scope.
GET /va/api/v3/exempt/image
Request
Custom Headers
The unique ID for your IBM Cloud account. Run 'ibmcloud cr info' to get the ID of the target account.
The preferred language code for this request.
Response
The unique ID for the IBM Cloud account for this policy
ID of issue being exempted
Type of issue being exempted
Details of the level of IBM Cloud Registry resource the exemption applies to
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'ibmcloud iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'ibmcloud cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
An internal server error occurred
This service is unavailable at the moment. Try again later.
Unable to authenticate with IBM Cloud. Try again later.
[ { "issue_type": "cve", "issue_id": "CVE-2019-99999", "account_id": "79c6d1c71fb1cbedc38ffc251ba2ffff", "scope": { "scope_type": "image", "namespace": "", "repository": "", "tag": "" } } ]
Get an account level exemption
Get details of an exemption that is specified with account level scope.
GET /va/api/v3/exempt/image/issue/{issueType}/{issueID}Request
Custom Headers
The unique ID for your IBM Cloud account. Run 'ibmcloud cr info' to get the ID of the target account.
The preferred language code for this request.
Path Parameters
Exemption type, e.g. 'cve' or 'sn' or 'configuration'. See /va/api/v3/exempt/types for more details.
Exemption ID, e.g. 'CVE-2018-9999'. See /va/api/v3/exempt/types for more details.
Constraints: Value must match regular expression
.*
Response
The unique ID for the IBM Cloud account for this policy
ID of issue being exempted
Type of issue being exempted
Details of the level of IBM Cloud Registry resource the exemption applies to
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'ibmcloud iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'ibmcloud cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
An internal server error occurred
This service is unavailable at the moment. Try again later.
Unable to authenticate with IBM Cloud. Try again later.
{ "issue_type": "cve", "issue_id": "CVE-2019-99999", "account_id": "79c6d1c71fb1cbedc38ffc251ba2ffff", "scope": { "scope_type": "image", "namespace": "", "repository": "", "tag": "" } }
Create or update an account level exemption
Create or update an exemption that is specified with account level scope.
POST /va/api/v3/exempt/image/issue/{issueType}/{issueID}Request
Custom Headers
The unique ID for your IBM Cloud account. Run 'ibmcloud cr info' to get the ID of the target account.
The preferred language code for this request.
Path Parameters
Exemption type, e.g. 'cve' or 'sn' or 'configuration'. See /va/api/v3/exempt/types for more details.
Exemption ID, e.g. 'CVE-2018-9999'. See /va/api/v3/exempt/types for more details.
Constraints: Value must match regular expression
.*
Response
The unique ID for the IBM Cloud account for this policy
ID of issue being exempted
Type of issue being exempted
Details of the level of IBM Cloud Registry resource the exemption applies to
Status Code
Created
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'ibmcloud iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'ibmcloud cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
An internal server error occurred
This service is unavailable at the moment. Try again later.
Unable to authenticate with IBM Cloud. Try again later.
{ "issue_type": "cve", "issue_id": "CVE-2019-99999", "account_id": "79c6d1c71fb1cbedc38ffc251ba2ffff", "scope": { "scope_type": "image", "namespace": "", "repository": "", "tag": "" } }
Delete an account level exemption
Delete an exemption that is specified with account level scope.
DELETE /va/api/v3/exempt/image/issue/{issueType}/{issueID}Request
Custom Headers
The unique ID for your IBM Cloud account. Run 'ibmcloud cr info' to get the ID of the target account.
The preferred language code for this request.
Path Parameters
Exemption type, e.g. 'cve' or 'sn' or 'configuration'. See /va/api/v3/exempt/types for more details.
Exemption ID, e.g. 'CVE-2018-9999'. See /va/api/v3/exempt/types for more details.
Constraints: Value must match regular expression
.*
Response
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'ibmcloud iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'ibmcloud cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Exemption not found.
An internal server error occurred
This service is unavailable at the moment. Try again later.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
List resource exemptions
List the exemptions that are specified for a resource (account, registry namespace, repository, or image).
GET /va/api/v3/exempt/image/{resource}Request
Custom Headers
The unique ID for your IBM Cloud account. Run 'ibmcloud cr info' to get the ID of the target account.
The preferred language code for this request.
Path Parameters
IBM Cloud Registry resource (namespace, namespace/repository, namespace/repository:tag, or namespace/repository@sha256:hash)
Constraints: Value must match regular expression
.*
Response
The unique ID for the IBM Cloud account for this policy
ID of issue being exempted
Type of issue being exempted
Details of the level of IBM Cloud Registry resource the exemption applies to
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'ibmcloud iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'ibmcloud cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
An internal server error occurred
This service is unavailable at the moment. Try again later.
Unable to authenticate with IBM Cloud. Try again later.
[ { "issue_type": "cve", "issue_id": "CVE-2019-99999", "account_id": "79c6d1c71fb1cbedc38ffc251ba2ffff", "scope": { "scope_type": "image", "namespace": "birds", "repository": "", "tag": "" } } ]
Get details of a resource exemption
Get an exemption that is specified for a resource (account, registry namespace, repository, or image).
GET /va/api/v3/exempt/image/{resource}/issue/{issueType}/{issueID}Request
Custom Headers
The unique ID for your IBM Cloud account. Run 'ibmcloud cr info' to get the ID of the target account.
The preferred language code for this request.
Path Parameters
IBM Cloud Registry resource (namespace, namespace/repository, namespace/repository:tag, or namespace/repository@sha256:hash)
Constraints: Value must match regular expression
.*Exemption type, e.g. 'cve' or 'sn' or 'configuration'. See /va/api/v3/exempt/types for more details.
Exemption ID, e.g. 'CVE-2018-9999'. See /va/api/v3/exempt/types for more details.
Constraints: Value must match regular expression
.*
Response
The unique ID for the IBM Cloud account for this policy
ID of issue being exempted
Type of issue being exempted
Details of the level of IBM Cloud Registry resource the exemption applies to
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'ibmcloud iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'ibmcloud cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
An internal server error occurred
This service is unavailable at the moment. Try again later.
Unable to authenticate with IBM Cloud. Try again later.
{ "issue_type": "cve", "issue_id": "CVE-2019-99999", "account_id": "79c6d1c71fb1cbedc38ffc251ba2ffff", "scope": { "scope_type": "image", "namespace": "birds", "repository": "", "tag": "" } }
Create or update a resource exemption
Create or update an exemption that is specified for a resource (account, registry namespace, repository, or image).
POST /va/api/v3/exempt/image/{resource}/issue/{issueType}/{issueID}Request
Custom Headers
The unique ID for your IBM Cloud account. Run 'ibmcloud cr info' to get the ID of the target account.
The preferred language code for this request.
Path Parameters
IBM Cloud Registry resource (namespace, namespace/repository, namespace/repository:tag, or namespace/repository@sha256:hash)
Constraints: Value must match regular expression
.*Exemption type, e.g. 'cve' or 'sn' or 'configuration'. See /va/api/v3/exempt/types for more details.
Exemption ID, e.g. 'CVE-2018-9999'. See /va/api/v3/exempt/types for more details.
Constraints: Value must match regular expression
.*
Response
The unique ID for the IBM Cloud account for this policy
ID of issue being exempted
Type of issue being exempted
Details of the level of IBM Cloud Registry resource the exemption applies to
Status Code
Created
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'ibmcloud iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'ibmcloud cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
An internal server error occurred
This service is unavailable at the moment. Try again later.
Unable to authenticate with IBM Cloud. Try again later.
{ "issue_type": "cve", "issue_id": "CVE-2019-99999", "account_id": "79c6d1c71fb1cbedc38ffc251ba2ffff", "scope": { "scope_type": "image", "namespace": "birds", "repository": "", "tag": "" } }
Delete a resource exemption
Delete an exemption that is specified for a resource (account, registry namespace, repository, or image).
DELETE /va/api/v3/exempt/image/{resource}/issue/{issueType}/{issueID}Request
Custom Headers
The unique ID for your IBM Cloud account. Run 'ibmcloud cr info' to get the ID of the target account.
The preferred language code for this request.
Path Parameters
IBM Cloud Registry resource (namespace, namespace/repository, namespace/repository:tag, or namespace/repository@sha256:hash)
Constraints: Value must match regular expression
.*Exemption type, e.g. 'cve' or 'sn' or 'configuration'. See /va/api/v3/exempt/types for more details.
Exemption ID, e.g. 'CVE-2018-9999'. See /va/api/v3/exempt/types for more details.
Constraints: Value must match regular expression
.*
Response
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'ibmcloud iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'ibmcloud cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Exemption not found.
An internal server error occurred
This service is unavailable at the moment. Try again later.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
Request
Custom Headers
The unique ID for your IBM Cloud account. Run 'ibmcloud cr info' to get the ID of the target account.
The preferred language code for this request.
Response
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'ibmcloud iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'ibmcloud cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
An internal server error occurred
This service is unavailable at the moment. Try again later.
Unable to authenticate with IBM Cloud. Try again later.
[ { "identifier": "cve", "display_name": "CVE", "validation_regex": "^(?:CVE-(?:\\d){4}-(?:\\d){4,})$" }, { "identifier": "sn", "display_name": "Security Notice", "validation_regex": "^(?:(?:RHSA-(?:\\d){4}:(?:\\d){4})|(?:DSA-(?:\\d){3,}-(?:\\d){1,})|(?:usn-(?:\\d){1,}-(?:\\d){1,})|(?:ALPINE-(?:CVE-(?:\\d){4}-(?:\\d){4,})))$" }, { "identifier": "configuration", "display_name": "Configuration Issue", "validation_regex": "^(?:(?:system_configuration:Linux\\.(?:\\d){1,2}-\\d-[a-z])|(?:application_configuration:(?:(?:[a-zA-Z/](?:(?:(?:[a-zA-Z0-9-_/])+)?[a-zA-Z0-9])?)(?:\\.(?:[a-zA-Z/](?:(?:(?:[a-zA-Z0-9-_/])+)?[a-zA-Z0-9])?))+)))$" } ]
List all exemptions
List all of the exemptions in the given account.
GET /va/api/v3/exemptions/account
Request
Custom Headers
The unique ID for your IBM Cloud account. Run 'ibmcloud cr info' to get the ID of the target account.
The preferred language code for this request.
Response
The unique ID for the IBM Cloud account for this policy
ID of issue being exempted
Type of issue being exempted
Details of the level of IBM Cloud Registry resource the exemption applies to
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'ibmcloud iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'ibmcloud cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
An internal server error occurred
This service is unavailable at the moment. Try again later.
Unable to authenticate with IBM Cloud. Try again later.
[ { "issue_type": "cve", "issue_id": "CVE-2019-99999", "account_id": "79c6d1c71fb1cbedc38ffc251ba2ffff", "scope": { "scope_type": "image", "namespace": "", "repository": "", "tag": "" } }, { "issue_type": "cve", "issue_id": "CVE-2019-11111", "account_id": "79c6d1c71fb1cbedc38ffc251ba2ffff", "scope": { "scope_type": "image", "namespace": "birds", "repository": "", "tag": "" } } ]
Delete all exemptions
Delete all of the exemptions in the given account.
POST /va/api/v3/exemptions/deleteAll
Request
Custom Headers
The unique ID for your IBM Cloud account. Run 'ibmcloud cr info' to get the ID of the target account.
The preferred language code for this request.
Response
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'ibmcloud iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'ibmcloud cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
An internal server error occurred
This service is unavailable at the moment. Try again later.
Unable to authenticate with IBM Cloud. Try again later.
{ "number_of_exemptions_deleted": 2 }
List image exemptions
List all of the exemptions for an image.
GET /va/api/v3/exemptions/image/{resource}Request
Custom Headers
The unique ID for your IBM Cloud account. Run 'ibmcloud cr info' to get the ID of the target account.
The preferred language code for this request.
Path Parameters
IBM Cloud Registry resource (namespace, namespace/repository, namespace/repository:tag, or namespace/repository@sha256:hash)
Constraints: Value must match regular expression
.*
Query Parameters
Include scope on returned exemptions
Default:
false
Response
The unique ID for the IBM Cloud account for this policy
ID of issue being exempted
Type of issue being exempted
Details of the level of IBM Cloud Registry resource the exemption applies to
Status Code
OK. If the includeScope query parameter is set to true this endpoint will return a list of exemptions that have an additional field 'scope' that describes the level at which the exemption is set (namespace, repository, tag)
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'ibmcloud iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'ibmcloud cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
An internal server error occurred
This service is unavailable at the moment. Try again later.
Unable to authenticate with IBM Cloud. Try again later.
[ { "issue_type": "cve", "issue_id": "CVE-2019-99999", "account_id": "79c6d1c71fb1cbedc38ffc251ba2ffff" } ]
List exemptions for images
List the exemptions for the given list of images.
POST /va/api/v3/exemptions/images
Request
Custom Headers
The unique ID for your IBM Cloud account. Run 'ibmcloud cr info' to get the ID of the target account.
The preferred language code for this request.
List of images
Response
The unique ID for the IBM Cloud account for this policy
ID of issue being exempted
Type of issue being exempted
Details of the level of IBM Cloud Registry resource the exemption applies to
any property
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'ibmcloud iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'ibmcloud cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
An internal server error occurred
This service is unavailable at the moment. Try again later.
Unable to authenticate with IBM Cloud. Try again later.
{ "us.icr.io/birds/woodpecker:green": [ { "issue_type": "cve", "issue_id": "CVE-2019-99999", "account_id": "79c6d1c71fb1cbedc38ffc251ba2ffff" } ], "us.icr.io/birds/grebe:crested": [ { "issue_type": "cve", "issue_id": "CVE-2019-11111", "account_id": "79c6d1c71fb1cbedc38ffc251ba2ffff" } ] }