Qualys Enterprise TruRisk™ Platform 1.37 (CS) API Notification 1
A new release of Qualys Enterprise TruRisk™ Platform 1.37 (CS) includes updated APIs, which is targeted for release in March 2025. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the upcoming API changes, allowing you to identify use cases that can leverage these APIs.
What’s New?
In this release, we have introduced several API enhancements to improve security and flexibility. You can now identify vulnerabilities at the image layer level for deeper insights and enable or disable vulnerability exceptions as needed. We have also added support for RedHat-certified scanning in images and containers, along with a new host architecture column in container reports for better data visibility.
Ability to Identify Vulnerabilities per Image Layer
In this release, the response section of below listed Image APIs is updated to show the Layer SHA (layerSha) of the images having the same vulnerability.
Updated API: Fetch Image Details
GET /csapi/v1.3/images/{imageSha}
DTD XSD Changes: No
Updated API: Fetch Vulnerability Details for an Image
GET /csapi/v1.3/images/{imageSha}/vuln
DTD XSD Changes: No
Updated API: Fetch a List of Images (Bulk API)
GET /csapi/v1.3/images/list
DTD XSD Changes: No
Updated API: Fetch a List of Software Installed in an Image
GET /csapi/v1.3/images/{imageSha}/software
DTD XSD Changes: No
Support RedHat Vulnerability Scanner certification Images and Containers
From this release, the Container Security now supports RedHat Vulnerability Scanner certification. Following APIs are updated to include RedHat Security Advisory (RHSA) information in the responses.
Updated API: Fetch Image Details
GET /csapi/v1.3/images/{imageSha}
DTD XSD Changes: No
Updated API: Fetch Vulnerability Details for an Image
GET /csapi/v1.3/images/{imageSha}/vuln
DTD XSD Changes: No
Updated API: Fetch Container Details
GET /csapi/v1.3/containers/{containerSha}
DTD XSD Changes: No
Updated API: Fetch Vulnerability Details of a Container
GET /csapi/v1.3/containers/{containerSha}/vuln
DTD XSD Changes: No
Ability to Enable or Disable Vulnerability Exception
with this release, CS has introduced applyException optional parameter in vulnerability details APIs to enable or disable the exceptions. You will also see a new column is qid exempted in Image and container reports. The following APIs are updated to support this feature.
Updated API: Fetch Image Details
GET /csapi/v1.3/images/{imageSha}
DTD XSD Changes: No
Updated API: Fetch Vulnerability Details for an Image
GET /csapi/v1.3/images/{imageSha}/vuln
DTD XSD Changes: No
Updated API: Fetch Container Details
GET /csapi/v1.3/containers/{containerSha}
DTD XSD Changes: No
Updated API: Fetch Vulnerability Details for a Container
GET /csapi/v1.3/containers/{containerSha}/vuln
DTD XSD Changes: No
Updated API: Create a Report Request
POST /csapi/v1.3/reports
DTD XSD Changes: No
Updated API: Create a Report Schedule
POST /csapi/v1.3/reports/schedule
DTD XSD Changes: No
Updated API: Update an Active Report Schedule
PUT /csapi/v1.3/reports/schedule/{reportingScheduleID}
DTD XSD Changes: No
Updated API: Fetch a List of Reports
GET /csapi/v1.3/reports/schedule
DTD XSD Changes: No
Support Host Architecture Column in Container Reports
With this release, CS provides a new column hostArchitecture in Container reports that shows the Host Architecture used. The following APIs are updated with this change.
Updated API: Update an Active Report Schedule
PUT/csapi/v1.3/reports/schedule/{reportingScheduleID}
DTD XSD Changes: No
Updated API: Create a Report Schedule
POST /csapi/v1.3/reports/schedule
DTD XSD Changes: No
Updated API: Create a Report Request
POST /csapi/v1.3/reports
DTD XSD Changes: No
Updated API: Fetch a List of Reports
GET /csapi/v1.3/reports
DTD XSD Changes: No
For more details, please refer the release note here: https://docs.qualys.com/en/cs/release-notes/container_security/release_1_37_api.htm
