Qualys Cloud Platform 1.35 (CS) API Notification 1
A new release of Qualys Cloud Platform 1.35 (CS) includes new and updated APIs which is targeted for release in November 2024. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API changes, allowing you to identify use cases that can leverage this updated API.
What’s New?
In this release, several API enhancements have been introduced to improve reporting and container management. A new API allows updating active scheduled reports, with additional support for selecting the first detected field and attaching vulnerability reports via email. New APIs have also been added for downloading SBOM reports in SPDX
and CycloneDX
formats, and for listing and fetching details of Kubernetes pods and namespaces. Additionally, the release includes updates to various image, container, and sensor profile APIs, including the ability to view criticality scores and cloud/cluster information.
Report Enhancement
In this release, we have added below listed enhancements related to reports.
- Ability to update the ‘Active’ scheduled report
- Ability to select first detected field
- Support vulnerability report attachment in an email
Accordingly, a new API has been added to update an active report schedule. Additionally, we have updated some APIs. A comprehensive list of APIs added or updated is as follows.
New API: Update an Active Report Schedule
PUT /csapi/v1.3/reports/schedule/{reportingScheduleID}
DTD XSD Changes: No
This API supports ability to update the ‘Active’ scheduled report, ability to select first detected field, as well as attaching vulnerability report in an email.
Updated API: Create a Report Request
POST /csapi/v1.3/reports
DTD XSD Changes: No
This API update supports ability to select first detected field, as well as attaching vulnerability report in an email.
Updated API: Create a Report Schedule
POST /csapi/v1.3/reports/schedule
DTD XSD Changes: No
This API update supports ability to select first detected field, as well as attaching vulnerability report in an email.
Updated API: Fetch a List of a Report Schedules
GET /csapi/v1.3/reports/schedules
DTD XSD Changes: No
This API update supports attaching vulnerability report in an email.
Updated API: Fetch a List of Reports
GET /csapi/v1.3/reports
DTD XSD Changes: No
This API update supports attaching vulnerability report in an email.
Ability to Download SBOM of an Image
With this release, you can download SBOM report in SPDX and CycloneDX (CDX) formats with the help of SBOM download API. For this, following new API is introduced to download the SBOM of the specified image.
New API: Fetch SBOM of an Image
GET /csapi/v1.3/images/{imageSha}/sbom/download
Support Cloud and Cluster Information in Container
With this release, Cluster and Cloud Provider information is available in the responses of the following APIs.
Updated API: Fetch a List of Containers in your Account
GET /csapi/v1.3/containers
DTD XSD Changes: No
Updated API: Fetch Container Details
GET /csapi/v1.3/containers/{containerSha}
DTD XSD Changes: No
Introducing ‘Runtime’ Sensor Profile
With CS 1.35 release, you can see your Container Runtime Sensor details in the below APIs. Their responses are updated accordingly.
Updated API: Fetch Sensor Profiles Associated with a Sensor
GET /csapi/v1.3/sensors/profile/associate
DTD XSD Changes: No
Updated API: Create a Sensor Profile
POST /csapi/v1.3/sensorProfile
DTD XSD Changes: No
Updated API: Update a Sensor Profile
PUT /csapi/v1.3/sensorProfile/{sensorProfileId}
DTD XSD Changes: No
Updated API: Fetch Sensors Associated with a Sensor Profile
GET /csapi/v1.3/sensorProfile/sensor/associate
DTD XSD Changes: No
List Cluster Sensor PODs and Namespaces
With CS 1.34 release, you can see your POD and Namespace details with the help of CS APIs. To enable this feature, the following new APIs are introduced.
New API: Fetch a List Of PODs in your Account
GET /csapi/v1.3/k8sResource/pod
New API: Fetch a List Of Namespaces in your Account
GET /csapi/v1.3/k8sResource/namespace
New API: Fetch Details of a Pod
GET /csapi/v1.3/k8sResource/pod/details/{podUid}
New API: Fetch Details of a Namespace
GET /csapi/v1.3/k8sResource/namespace/details/{namespaceUid}
Support Criticality Score in Trurisk
With this release, you will be able to see the Criticality score (criticality and its last updated time) in below APIs.
Image APIs
Updated API: Fetch a List of Images in your Account
GET /csapi/v1.3/images
DTD XSD Changes: No
Updated API: Fetch Images Details
GET /csapi/v1.3/images/{imageSha}
DTD XSD Changes: No
Updated API: Fetch a List of Images (Bulk API)
GET /csapi/v1.3/images/list
DTD XSD Changes: No
Container APIs
Updated API: Fetch a List of Containers in your Account
GET /csapi/v1.3/containers
DTD XSD Changes: No
Updated API: Fetch Containers Details
GET /csapi/v1.3/containers/{containerSha}
DTD XSD Changes: No
Updated API: Fetch a List of Containers (Bulk API)
GET /csapi/v1.3/containers/list
DTD XSD Changes: No
Please refer the release note here for more details: https://docs.qualys.com/en/cs/release-notes/container_security/release_1_35_api.htm