A new release of Qualys Enterprise TruRisk™ Platform (Container Security Release 1.42 API), scheduled in March 2026, includes updates to existing APIs. This API notification highlights recently released changes, enabling you to identify use cases that can benefit from the updated APIs.

What’s New

The CS 1.42 API release delivers significant improvements across reporting, vulnerability management, image lifecycle visibility, policy enforcement, sensor profiling, and container traceability.

New Report Templates – Images, Containers, Pods, & Vulnerability

Note that in all CS APIs mentioned in this document, DTD or XSD changes are not applicable.

Updated API: Fetch a List of Reports in your Account
Endpoint: GET /csapi/v1.3/reports
DTD or XSD changes: Not Applicable

Updated API: Create a Report Request
Endpoint: POST /csapi/v1.3/reports

Updated API: Create a Report Schedule
Endpoint: POST /csapi/v1.3/reports/schedule

Updated API: Update an Active Report Schedule
Endpoint: PUT /csapi/v1.3/reports/schedule/{reportingScheduleID}

Vulnerability View for Images

New API: Fetch a List of Vulnerabilities in Your Account
Endpoint: GET /csapi/v1.3/vulnerability

New API: Fetch Details of a Vulnerability
Endpoint: GET /csapi/v1.3/vulnerability/{Vulnerability UUID}

Software Lifecycle Details for Images

Updated API: Fetch Image Details
Endpoint: GET /csapi/v1.3/images/{imageSha}

Updated API: Fetch a List of Images (Bulk API)
Endpoint: GET /csapi/v1.3/images/list

Updated API: Fetch a List of Software Installed on an Image
Endpoint: GET /csapi/v1.3/images/{imageSha}/software

New Rules for Images – Unauthorized Author, Old Vulnerabilities, & New Deployment Scope

Updated API: Create a Centralized Policy
Endpoint: POST /csapi/v1.3/centralizedPolicy

Updated API: Update a Centralized Policy
Endpoint: PUT /csapi/v1.3/centralizedPolicy/{policyId}

Vulnerability Propagation in Sensor Profile

Updated API: Fetch a List of Sensor Profiles
Endpoint: GET /csapi/v1.3/sensorProfile

Updated API: Create a Sensor Profile
Endpoint: POST /csapi/v1.3/sensorProfile

Updated API: Update a Sensor Profile
Endpoint: PUT /csapi/v1.3/sensorProfile/{sensorProfileId}

New API: Update a Default Sensor Profile
Endpoint: PUT /csapi/v1.3/sensorProfile/updateDefault

Qualys Locator Path (QLP) for Container Grouping

Updated API: Fetch a List of Containers in Your Account
Endpoint: GET /csapi/v1.3/containers

Updated API: Fetch a List of Containers (Bulk API)
Endpoint: GET /csapi/v1.3/containers/list

Updated API: Show Details of a Container
Endpoint: GET /csapi/v1.3/containers/{containerSha}

Firstfound Field in Image APIs

Updated API: Fetch a List of Images in Your Account
Endpoint: GET /csapi/v1.3/images

Updated API: Fetch a List of Images (Bulk API)
Endpoint: GET /csapi/v1.3/images/list

Please refer to the detailed release notes here: https://docs.qualys.com/en/cs/release-notes/container_security/release_1_42_api.htm