Qualys Enterprise TruRisk™ Platform (VM, PC Release 10.38.3) API Notification
Table of Contents
- Whats New?
- Scans API: Support for Google Cloud Platform Instance-Based Scans for IPv4
- Added Active Directory Support to VMware NSX Authentication
- Download Saved Report API: Enhanced Scan Report Output for Host Based and Scan Based Reports
- Host Detection List API: Extended EOL Timelines
- Extended EOL Timelines for API Endpoints
A new release of Qualys Enterprise TruRisk™ Platform (VM, PC Release 10.38.3), which is released in May 2026, includes updates to an existing API. This API notification highlights recently released changes, enabling you to identify use cases that can benefit from the updated APIs.
What’s New?
Scans API: Support for Google Cloud Platform Instance-Based Scans for IPv4
POST /api/3.0/fo/scan/cloud/internal/job/
DTD or XSD changes: No
Cloud Internal Scan now supports instance-based scans on Google Cloud Platform. You can now create and update internal scans for Assets in GCP Cloud. Earlier, GCP supported only perimeter scans, while AWS EC2 and Azure supported both internal and perimeter scans. With this enhancement, you can now perform internal scans on GCP instances to gain deeper vulnerability visibility and enhanced security coverage for GCP environments or assets.
Note: Only Manager, Unit Manager, and Scanner role users have permission to launch GCP internal scans.
Added Active Directory Support to VMware NSX Authentication
POST /api/3.0/fo/auth/nsx
DTD or XSD changes: Yes
You can now use Active Directory (AD) support with HashiCorp Vault when you create, update, list, and delete VMware NSX authentication records for authenticated scans of VMware NSX environments. This enables you to securely retrieve AD credentials from Vault.
Download Saved Report API: Enhanced Scan Report Output for Host Based and Scan Based Reports
POST /api/2.0/fo/report/ and /api/3.0/fo/report/
DTD or XSD changes: Yes
The DTD output for Host‑Based and Scan‑Based reports now includes additional vulnerability metadata in both the API versions (V2.0 and V3.0). When you generate the report using this API, the following elements are now available in the DTD output to support improved risk prioritization and better visibility into vulnerabilities detected through Deep Scan.
- Host Based report includes the following elements:
- DEEP_SCAN_RESULT – Indicates findings detected through Deep Scan.
- CVE_IDs – Supports vulnerability identification, which includes kernel live patching.
- Host Based and Scan Based report include the element CVSS4_BASE, which provides CVSS V4 base score information.
When you generate Host‑Based or Scan‑Based reports in the CSV format, the following new columns are available:
- CVSS4 Base
- Deep Scan Results
Host Detection List API: Extended EOL Timelines
With this release, we have extended the End of Life (EOL) dates for VM detection API from June 2026 to June 2027.
The updated timeline provides an additional year of stability, allowing you to continue using existing integrations without any immediate migration efforts and more time to plan and adopt upgraded versions of the API.
Extended EOL Timelines for API Endpoints
With this release, the End of Life (EOL) timelines have been extended from June 2026 to December 2026 for a set of APIs that were previously scheduled for deprecation in June 2026.
The updated timeline provides additional time for you to transition from the legacy APIs to the recommended newer versions.
For more details, please refer to the release notes here: https://docs.qualys.com/en/vm/release-notes/qweb/release_10_38_3_api.htm