Qualys Cloud Platform 1.35 (CS) API Notification 1

Prabhas Gupte

A new release of Qualys Cloud Platform 1.35 (CS) includes new and updated APIs which is targeted for release in November 2024. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API changes, allowing you to identify use cases that can leverage this updated API.

What’s New?

In this release, several API enhancements have been introduced to improve reporting and container management. A new API allows updating active scheduled reports, with additional support for selecting the first detected field and attaching vulnerability reports via email. New APIs have also been added for downloading SBOM reports in SPDX and CycloneDX formats, and for listing and fetching details of Kubernetes pods and namespaces. Additionally, the release includes updates to various image, container, and sensor profile APIs, including the ability to view criticality scores and cloud/cluster information.

Report Enhancement

In this release, we have added below listed enhancements related to reports.

  • Ability to update the ‘Active’ scheduled report
  • Ability to select first detected field
  • Support vulnerability report attachment in an email

Accordingly, a new API has been added to update an active report schedule. Additionally, we have updated some APIs. A comprehensive list of APIs added or updated is as follows.

New API: Update an Active Report Schedule

PUT /csapi/v1.3/reports/schedule/{reportingScheduleID}

DTD XSD Changes: No

This API supports ability to update the ‘Active’ scheduled report, ability to select first detected field, as well as attaching vulnerability report in an email.

Updated API: Create a Report Request

POST /csapi/v1.3/reports

DTD XSD Changes: No

This API update supports ability to select first detected field, as well as attaching vulnerability report in an email.

Updated API: Create a Report Schedule

POST /csapi/v1.3/reports/schedule

DTD XSD Changes: No

This API update supports ability to select first detected field, as well as attaching vulnerability report in an email.

Updated API: Fetch a List of a Report Schedules

GET /csapi/v1.3/reports/schedules

DTD XSD Changes: No

This API update supports attaching vulnerability report in an email.

Updated API: Fetch a List of Reports

GET /csapi/v1.3/reports

DTD XSD Changes: No

This API update supports attaching vulnerability report in an email.

Ability to Download SBOM of an Image

With this release, you can download SBOM report in SPDX and CycloneDX (CDX) formats with the help of SBOM download API. For this, following new API is introduced to download the SBOM of the specified image.

New API: Fetch SBOM of an Image

GET /csapi/v1.3/images/{imageSha}/sbom/download

Support Cloud and Cluster Information in Container

With this release, Cluster and Cloud Provider information is available in the responses of the following APIs.

Updated API: Fetch a List of Containers in your Account

GET /csapi/v1.3/containers

DTD XSD Changes: No

Updated API: Fetch Container Details

GET /csapi/v1.3/containers/{containerSha}

DTD XSD Changes: No

Introducing ‘Runtime’ Sensor Profile

With CS 1.35 release, you can see your Container Runtime Sensor details in the below APIs. Their responses are updated accordingly.

Updated API: Fetch Sensor Profiles Associated with a Sensor

GET /csapi/v1.3/sensors/profile/associate

DTD XSD Changes: No

Updated API: Create a Sensor Profile

POST /csapi/v1.3/sensorProfile

DTD XSD Changes: No

Updated API: Update a Sensor Profile

PUT /csapi/v1.3/sensorProfile/{sensorProfileId}

DTD XSD Changes: No

Updated API: Fetch Sensors Associated with a Sensor Profile

GET /csapi/v1.3/sensorProfile/sensor/associate

DTD XSD Changes: No

List Cluster Sensor PODs and Namespaces

With CS 1.34 release, you can see your POD and Namespace details with the help of CS APIs. To enable this feature, the following new APIs are introduced.

New API: Fetch a List Of PODs in your Account

GET /csapi/v1.3/k8sResource/pod

New API: Fetch a List Of Namespaces in your Account

GET /csapi/v1.3/k8sResource/namespace

New API: Fetch Details of a Pod

GET /csapi/v1.3/k8sResource/pod/details/{podUid}

New API: Fetch Details of a Namespace

GET /csapi/v1.3/k8sResource/namespace/details/{namespaceUid}

Support Criticality Score in Trurisk

With this release, you will be able to see the Criticality score (criticality and its last updated time) in below APIs.

Image APIs

Updated API: Fetch a List of Images in your Account

GET /csapi/v1.3/images

DTD XSD Changes: No

Updated API: Fetch Images Details

GET /csapi/v1.3/images/{imageSha}

DTD XSD Changes: No

Updated API: Fetch a List of Images (Bulk API)

GET /csapi/v1.3/images/list

DTD XSD Changes: No

Container APIs

Updated API: Fetch a List of Containers in your Account

GET /csapi/v1.3/containers

DTD XSD Changes: No

Updated API: Fetch Containers Details

GET /csapi/v1.3/containers/{containerSha}

DTD XSD Changes: No

Updated API: Fetch a List of Containers (Bulk API)

GET /csapi/v1.3/containers/list

DTD XSD Changes: No

Please refer the release note here for more details: https://docs.qualys.com/en/cs/release-notes/container_security/release_1_35_api.htm

Share your Comments

Comments

Your email address will not be published. Required fields are marked *