Vulnerability Advisor for IBM Cloud Container Registry
Vulnerability Advisor checks the security status of container images that are provided by IBM®, third parties, or added to your organization's registry namespace.
The endpoint for the Vulnerability Advisor for IBM Cloud Container Registry API is in the format: https://<registry_dns_name>/va/api/v3 For example, the API endpoint for Dallas is: https://us.icr.io/va/api/v3 To find out about the available IBM Cloud Container Registry DNS names, see Regions.
For more information about Vulnerability Advisor, see Managing image security with Vulnerability Advisor.
For more information about IBM Cloud Container Registry, see About IBM Cloud Container Registry.
For more information about IBM Cloud Kubernetes Service, see Getting started with IBM Cloud Kubernetes Service.
Related APIs:
- IBM Cloud Container Registry API
- REST API for clusters, see Kubernetes service API
- REST API JSON for clusters
- REST API for logging in clusters, see IBM Cloud Kubernetes Service Logging API Logging API
- REST API for managing Ingress application load balancers in clusters, see IBM Cloud Container Service ALB API
Methods
Get the vulnerability assessment for the list of registry images that belong to a specific account.
GET /va/api/v3/report/accountCustom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
The IBM Cloud user authentication agent (UAA) or the IBM Cloud Identity & Access Management (IAM) JSON web token that you receive when you log into IBM Cloud. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
Query Parameters
The name of the repository for which you want to see the vulnerability assessments for the images in that repository. For example: registry.bluemix.net/namespace/image
When set to true, the returned list will contain IBM public images as well as the account images
When set to false, the returned list will not contain the private account images
A dictionary of image or container names as key and report.Report object as value
assessments
Status Code
The returned list might contain unscanned results for images in your account that haven't yet been scanned. Try again later. If this issue persists, contact support for help; see https://console.bluemix.net/docs/support/index.html#contacting-support
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
Get the vulnerability assessment status for the list of registry images that belong to a specific account.
GET /va/api/v3/report/account/statusCustom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
The IBM Cloud user authentication agent (UAA) or the IBM Cloud Identity & Access Management (IAM) JSON web token that you receive when you log into IBM Cloud. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
Query Parameters
The name of the repository for which you want to see the vulnerability assessments for the images in that repository. For example: registry.bluemix.net/namespace/image
When set to true, the returned list will contain IBM public images as well as the account images
When set to false, the returned list will not contain the private account images
List of image summaries.
Status Code
The returned list might contain unscanned results for images in your account that haven't yet been scanned. Try again later. If this issue persists, contact support for help; see https://console.bluemix.net/docs/support/index.html#contacting-support
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
Custom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
The IBM Cloud user authentication agent (UAA) or the IBM Cloud Identity & Access Management (IAM) JSON web token that you receive when you log into IBM Cloud. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
Path Parameters
The ID of the container such as 72b59af69b8919641b9d29c4b8956e769d17f01df17c884fe9814da67d50067f
The ID of the cluster that this container is deployed to
The name of the cluster that this container is deployed to
Possible configuration issues found in the docker object
Unique id of the report
The name of the image that this container was created from
The name of the pod that this container is deployed to
The scan time of the report as a UNIX timestamp
Overall vulnerability assessment status from: OK, WARN, FAIL, UNSUPPORTED, INCOMPLETE, UNSCANNED
Vulnerabilities found in the docker object at the scan time
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Your container hasn't been scanned yet. Try again later. If this issue persists, contact support for help; see https://console.bluemix.net/docs/support/index.html#contacting-support
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
Custom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
The IBM Cloud user authentication agent (UAA) or the IBM Cloud Identity & Access Management (IAM) JSON web token that you receive when you log into IBM Cloud. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
Path Parameters
Name of the image, for example: registry.bluemix.net/namespace/image:tag.
Constraints: Value must match regular expression
.*
The number of configuration issues found
The number of exempt configuration issues found
The number of exempt issues found
The number of exempt vulnerability issues found
The number of issues found
The scan time of the report as a UNIX timestamp
Overall vulnerability assessment status from: OK, WARN, FAIL, UNSUPPORTED, INCOMPLETE, UNSCANNED
The number of vulnerability issues found
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Your image hasn't been scanned yet. Try again later. If this issue persists, contact support for help; see https://console.bluemix.net/docs/support/index.html#contacting-support
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
Custom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
The IBM Cloud user authentication agent (UAA) or the IBM Cloud Identity & Access Management (IAM) JSON web token that you receive when you log into IBM Cloud. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
Path Parameters
Name of the image, for example: registry.bluemix.net/namespace/image:tag.
Constraints: Value must match regular expression
.*
Possible configuration issues found in the docker object
Unique id of the report
The scan time of the report as a UNIX timestamp
Overall vulnerability assessment status from: OK, WARN, FAIL, UNSUPPORTED, INCOMPLETE, UNSCANNED
Vulnerabilities found in the docker object at the scan time
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Your image hasn't been scanned yet. Try again later. If this issue persists, contact support for help; see https://console.bluemix.net/docs/support/index.html#contacting-support
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
Get the list of containers for this image that are running on clusters in this region and account
GET /va/api/v3/report/image/{name}/containersCustom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
The IBM Cloud user authentication agent (UAA) or the IBM Cloud Identity & Access Management (IAM) JSON web token that you receive when you log into IBM Cloud. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
Path Parameters
Name of the image, for example: registry.bluemix.net/namespace/image:tag.
Constraints: Value must match regular expression
.*
The name of the container's ancestor
The type of the container's ancestor such as 'deployment' or 'daemonset'
The name of the cluster this container is deployed on
The ID of the container
The name of the container
The name of the pod this container is deployed on
Status Code
The list of container IDs that are deployed for this image in this region and account
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
Submits a cluster snapshot to the Vulnerability Advisor backend
POST /va/api/v3/scan/cluster/{cluster-id}Custom Headers
An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
Account to authenticate
Path Parameters
ID of the cluster that the snapshot refers to
Cluster snapshot
Status Code
Accepted
BadRequest
Unauthorized
Forbidden
BadGateway
No Sample Response
Submits a frame for processing in the Vulnerability Advisor backend
POST /va/api/v3/scan/container/{container-id}Custom Headers
An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
Account to authenticate
Path Parameters
Docker ID of the container that the frame refers to
Frame contents
Status Code
Accepted
BadRequest
Unauthorized
Forbidden
BadGateway
No Sample Response
Custom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
Bluemix account GUID for this policy
ID of issue being exempted
Type of issue being exempted
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
Get an exemption that is specified for an account
GET /va/api/v3/exempt/image/issue/{issueType}/{issueID}Custom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
Path Parameters
Exemption type, e.g. 'cve' or 'sn' or 'configuration'. See /api/v2/exempt/types for more details.
Exemption ID, e.g. 'CVE-2018-9999'. See /api/v2/exempt/types for more details.
Bluemix account GUID for this policy
ID of issue being exempted
Type of issue being exempted
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
Create or update an exemption that is specified for an account
POST /va/api/v3/exempt/image/issue/{issueType}/{issueID}Custom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
Path Parameters
Exemption type, e.g. 'cve' or 'sn' or 'configuration'. See /api/v2/exempt/types for more details.
Exemption ID, e.g. 'CVE-2018-9999'. See /api/v2/exempt/types for more details.
Bluemix account GUID for this policy
ID of issue being exempted
Type of issue being exempted
Status Code
Created
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
Delete an exemption that is specified for an account
DELETE /va/api/v3/exempt/image/issue/{issueType}/{issueID}Custom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
Path Parameters
Exemption type, e.g. 'cve' or 'sn' or 'configuration'. See /api/v2/exempt/types for more details.
Exemption ID, e.g. 'CVE-2018-9999'. See /api/v2/exempt/types for more details.
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Exemption not found.
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
List the exemptions that are specified for a resource (account, registry namespace, repository, or image)
GET /va/api/v3/exempt/image/{resource}Custom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
Path Parameters
IBM Cloud Registry resource (namespace, namespace/repository, or namespace/repository:tag)
Constraints: Value must match regular expression
.*
Bluemix account GUID for this policy
ID of issue being exempted
Type of issue being exempted
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
Get an exemption that is specified for a resource (account, registry namespace, repository, or image)
GET /va/api/v3/exempt/image/{resource}/issue/{issueType}/{issueID}Custom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
Path Parameters
Exemption type, e.g. 'cve' or 'sn' or 'configuration'. See /api/v2/exempt/types for more details.
Exemption ID, e.g. 'CVE-2018-9999'. See /api/v2/exempt/types for more details.
IBM Cloud Registry resource (namespace, namespace/repository, or namespace/repository:tag)
Constraints: Value must match regular expression
.*
Bluemix account GUID for this policy
ID of issue being exempted
Type of issue being exempted
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
Create or update an exemption that is specified for a resource (account, registry namespace, repository, or image)
POST /va/api/v3/exempt/image/{resource}/issue/{issueType}/{issueID}Custom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
Path Parameters
Exemption type, e.g. 'cve' or 'sn' or 'configuration'. See /api/v2/exempt/types for more details.
Exemption ID, e.g. 'CVE-2018-9999'. See /api/v2/exempt/types for more details.
IBM Cloud Registry resource (namespace, namespace/repository, or namespace/repository:tag)
Constraints: Value must match regular expression
.*
Bluemix account GUID for this policy
ID of issue being exempted
Type of issue being exempted
Status Code
Created
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
Delete an exemption that is specified for a resource (account, registry namespace, repository, or image)
DELETE /va/api/v3/exempt/image/{resource}/issue/{issueType}/{issueID}Custom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
Path Parameters
Exemption type, e.g. 'cve' or 'sn' or 'configuration'. See /api/v2/exempt/types for more details.
Exemption ID, e.g. 'CVE-2018-9999'. See /api/v2/exempt/types for more details.
IBM Cloud Registry resource (namespace, namespace/repository, or namespace/repository:tag)
Constraints: Value must match regular expression
.*
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Exemption not found.
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
Custom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
Custom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
Bluemix account GUID for this policy
ID of issue being exempted
Type of issue being exempted
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
Custom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
Custom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
Path Parameters
IBM Cloud Registry resource (namespace, namespace/repository, or namespace/repository:tag)
Constraints: Value must match regular expression
.*
Query Parameters
Include scope on returned exemptions
Default:
false
Bluemix account GUID for this policy
ID of issue being exempted
Type of issue being exempted
Status Code
OK. If the includeScope query parameter is set to true this endpoint will return a list of exemptions that have an additional field 'scope' that describes the level at which the exemption is set (namespace, repository, tag)
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.
No Sample Response
Custom Headers
The unique ID for your IBM Cloud account. Run 'bx cr info' to get the ID of the target account.
An IBM Cloud IAM Bearer token for the Account. Run 'bx iam oauth-tokens' to retrieve your access token. This token includes the prefix 'Bearer'.
The preferred language code for this request.
List of images
Status Code
OK
A required header is missing. Add the header to the request and try again.
You are not authorized to view the requested resource, or your IBM Cloud bearer token is invalid. Run 'bx iam oauth-tokens' to retrieve your access token and try again. If this issue persists, contact your administrator to confirm that you have access to this resource.
You don't have authorization to access the specified namespace. Run 'bx cr namespaces' to list your namespaces. Check that your image is in one of your namespaces.
Internal server error.
Unable to authenticate with IBM Cloud. Try again later.