Qualys Cloud Platform 1.33 (CS) API Notification 1
Last updated on: May 31, 2024
A new release of Qualys Cloud Platform 1.33 (CS) includes updated APIs which is targeted for release in May 2024. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the upcoming APIs, allowing you to identify use cases that can leverage these updated APIs.
What’s New
This release introduces new APIs for Kubernetes Clusters and Admission Controllers, allowing you to manage Clusters and Admission Controllers, view details, and update settings efficiently. Additionally, relevant APIs are updated to support centralized policies for Kubernetes Admission Controllers, enabling the creation and assignment of policies for enhanced control. CRS 1.0 is deprecated in this release, with associated APIs and documentation being phased out. Along with these, we have introduced new APIs to tag your Container Security assets.
Kubernetes Admission Controller
In this release, we have introduced new APIs to effectively work with your Kubernetes Clusters and Admission Controllers.
New API: Show a list of Kubernetes Clusters
GET /csapi/v1.3/k8sClusters
This API shows you a list of Kubernetes Clusters in your account.
New API: Show Details of a Kubernetes Cluster
GET /csapi/v1.3/k8sClusters/{clusterUid}
This API helps you see the details of the specified cluster.
New API: Update the Registry UUID of a Kubernetes Cluster
PUT /csapi/v1.3/k8sClusters/{clusterUid}
With this API, you can update the registry details of the specified k8s cluster.
New API: Show Details of a Kubernetes Admission Controller
GET /csapi/v1.3/k8sAdmissionControllers/{uuid}
This API shows you k8s Admission controller details of the specified uuid.
New API: Update Enforcement Action of a Kubernetes Admission Controller
PUT /csapi/v1.3/k8sAdmissionController/{uuid}
With this API, you can validate your action against the policies specified in the Admission Controller. You can update the enforcementAction parameter of the specified k8s admission controller to either allow your action to be passed, irrespective of the assigned policy, or you can validate the action against the assigned policy and based on that either allow or deny your action.
Centralized Policies for Kubernetes Admission Controller
With this release, you can now create and assign Centralized policy to your K8s Admission Controller. The following APIs are updated with this release.
Create a Centralized Policy
POST /csapi/v1.3/centralizedPolicy
With this release, a new policy type called K8S_Admission_Controller is introduced along with k8sFilters in the request to provide cluster and namespace details.
Show a list of Centralized Policies
GET /csapi/v1.3/centralizedPolicy
This API provides a list of all centralized policies present in your account. With this release, you can also see Kubernetes Admission Controller policies. You will see a new policyType called K8S_ADMISSION_CONTROLLER.
Show Details of a Centralized Policy
GET /csapi/v1.3/centralizedPolicy/{policyId}
With this release, a new policy type called K8S_Admission_Controller is introduced along with k8sFilters in the response to provide cluster and namespace details.
Delete a Centralized Policy
DELETE /csapi/v1.3/centralizedPolicy/{policyId}
With this API, now you can delete a Kubernetes Admission Controller type policies as well.
Update a Centralized Policy
PUT /csapi/v1.3/centralizedPolicy/{policyId}
With this API, you can mark a policy as Active or Inactive. You need to provide k8sFilters parameter in the request.
Show Details of the Default Centralized Policy
GET /csapi/v1.3/centralizedPolicy/defaultPolicy/{policyType}
This API shows details of the default centralized policy. It will now also support policies of K8S_ADMISSION_CONTROLLER type.
Update the Policy Mode of a Centralized Policy
PUT /csapi/v1.3/centralizedPolicy/{policyId}/mode
With this API, you can mark a Kubernetes Admission Controller policy as Active or Inactive.
CRS 1.0 Deprecation
With this release, Container Runtime Security (CRS) 1.0 is getting deprecated. Please refer to the CRS 1.0 End of Life Notification for more details.
This deprecation will also result in its associated CRS APIs getting deprecated. The following entities are getting deprecated along with this release.
- CRS API Gateway (Already Deprecated) https://gateway.p04.eng.sjc01.qualys.com/apidocs/csapi/v1.3/runtime#/
- CRS User Guide https://cdn2.qualys.com/docs/qualys-container-runtime-security-user-guide.pdf
- CRS API Guide Qualys Container Runtime Security APIs https://docs.qualys.com/en/cs/crs-api/#t=Get_Started%2Fget_started.htm
Asset Tagging
With this release, you can assign and manage static tags of an asset (image, container). With the help of these static tags, you can categorize and organize your images and containers. The following APIs are introduced with this release.
New API: Assign Tags to an Asset
POST /csapi/v1.3/tag/assign
This API allows you to assign one or more tags to an image or a container.
New API: Assign Multiple Tags to Multiple Assets
POST /csapi/v1.3/tag/assign/bulk
This API allows you to assign one or more tags to multiple images or containers.
New API: Remove Tags Assigned to Assets
POST /csapi/v1.3/tag/remove
This API is used to remove one or more tags from an asset.
New API: Validate Asset Tags
POST /csapi/v1.3/tag/exist
This API is used to validate an asset tag.
Active Images
With this update, you can view the most recent update time of the images within your cluster. This enhancement is aimed at assisting you in prioritizing which images require vulnerability fixes. We have introduced a new input parameter named imageInUse in the APIs listed below. This parameter allows you to retrieve the images utilized within a specified timeframe. Additionally, the response now includes a lastUsedDate parameter, indicating the latest time the specified image was used.
Updated API: Fetch a List of Images in Your Account
GET /csapi/v1.3/images
Updated API: Fetch a List of Images (Bulk API)
GET /csapi/v1.3/images/list
Updated API: Fetch Image Details
GET /csapi/v1.3/images/{imageSha}
Please refer the detailed release note here: https://cdn2.qualys.com/docs/release-notes/qualys-container-security-1.33-api-release-notes.pdf
