Qualys Cloud Platform 1.34 (CS) API Notification 1
A new release of Qualys Cloud Platform 1.34 (CS) includes updated APIs, which are targeted for release in September 2024. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the upcoming API updates, allowing you to identify use cases that can leverage these updated APIs.
What’s New?
This release introduces TruRisk and QDS scoring to Qualys Container Security, updating relevant APIs to include new parameters such as riskScore
and qdsScore
. We have also added support for Harbor registries, with new APIs for managing registry data and scan schedules. Additionally, sensor profiles now include a Cluster profile type and support for tags. Registry scan status has been enhanced to show failed image counts along with existing metrics.
Supporting TruRisk and QDS Score
With this release, Qualys Container Security provides you TruRisk and QDS score. The TruRisk score is calculated when a new scan or re-scan of an asset happens. The responses of the following APIs are updated to support the TruRisk and QDS features. Some of the APIs responses show the following parameters – riskScore
, riskScoreCalculatedDate
, formulaUsed
, maxQdsScore
, qdsSeverity
, and qdsScore
.
Image APIs
- Fetch a List of Images in Your Account
GET /csapi/v1.3/images
- Fetch Image Details
GET /csapi/v1.3/images/{imageSha}
- Fetch a List of Images (Bulk API)
GET /csapi/v1.3/images/list
- Fetch Vulnerability Details for an Image
GET /csapi/v1.3/images/{imageSha}/vuln
Container APIs
- Fetch a List of Containers in Your Account
GET /csapi/v1.3/containers
- Fetch Container Details
GET /csapi/v1.3/containers/{ContainerSha}
- Fetch a Detailed Containers List
GET /csapi/v1.3/containers/list
- Fetch Vulnerability Details for a Container
GET /csapi/v1.3/containers/{containerSha}/vuln
Harbor Registry Support
With this release, a new registry and provider called Harbor
is introduced to support the Harbor registries. The following APIs are updated with this release.
- Fetch a List of Registries in Your Account
GET /csapi/v1.3/registry
- Fetch Details of a Registry
GET /csapi/v1.3/registry/{registryId}
- Create a Registry Scan Schedule
POST /csapi/v1.3/registry/{registryId}/schedule
- Create a Registry
POST /csapi/v1.3/registry/
- Update a Registry
PUT /csapi/v1.3/registry/{registryId}
Support Cluster Sensor in Sensor Profile
From this release, you can see a new profile type – Cluster
– present in your account under the Sensor Profiles page. The following APIs are updated with this release.
- Fetch Sensor Profiles Associated with a Sensor
GET /csapi/v1.3/sensors/profile/associate
- Create a Sensor Profile
POST /csapi/v1.3/sensorProfile
- Update a Sensor Profile
PUT /csapi/v1.3/sensorProfile/{sensorProfileId}
- Fetch Sensors Associated with a Sensor Profile
GET /csapi/v1.3/sensorProfile/sensor/associate
Support Sensor Tag in Sensor Profile
With this release, you can see tags associated with a sensor profile. The following API responses are updated to support this feature.
- Fetch a List of Sensors in Your Account
GET /csapi/v1.3/sensors
- Fetch Sensor Details
GET /csapi/v1.3/sensors/{sensorId}
- Fetch Sensor Profiles Associated with a Sensor
GET /csapi/v1.3/sensors/profile/associate
- Create a Sensor Profile
POST /csapi/v1.3/sensorProfile
- Fetch a List of Sensor Profiles
GET /csapi/v1.3/sensorProfile
- Fetch Details of a Sensor Profile
GET /csapi/v1.3/sensorProfile/{sensorProfileId}
- Update a Sensor Profile
PUT /csapi/v1.3/sensorProfile/{sensorProfileId}
- Fetch Registries Associated with a Sensor Profile
GET /csapi/v1.3/sensorProfile/{sensorProfileId}/registry
- Fetch Sensors Associated with a Sensor Profile
GET /csapi/v1.3/sensorProfile/{sensorProfileId}/sensors
- Fetch Sensors that Could be Associated with a Sensor Profile
GET /csapi/v1.3/sensorProfile/sensor/associate
Enhancement in Registry Scan Status
With this release, you can see the number of Failed images in a registry. Along with Scanned and Vulnerable image count of a registry, now you can also see Failed image count. To support this new feature, lastScannedBySensor
,scanErrorMessage
, totalFailedImages
, and pendingScanJobsCount
are the new parameters introduced in the Responses of some of the following APIs.
- Fetch a List of Images in your Account
GET /csapi/v1.3/images
- Fetch Image Details
GET /csapi/v1.3/images/{imageSha}
- Fetch a List of Registries in your Account
GET /csapi/v1.3/registry
- Fetch a List of Schedules Created for a Registry
GET /csapi/v1.3/registry/{registryId}/schedule
Please refer the release note here for more details: https://cdn2.qualys.com/docs/release-notes/qualys-container-security-1.34-api-release-notes.pdf