Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 30. ImageService

30.1. ExportImages
Copy link

GET /v1/export/images

30.1.1. Description
Copy link

30.1.2. Parameters
Copy link

30.1.2.1. Query Parameters
Copy link

Expand
NameDescriptionRequiredDefaultPattern

timeout

 

-

null

 

query

 

-

null

 

30.1.3. Return Type
Copy link

Stream_result_of_v1ExportImageResponse

30.1.4. Content Type
Copy link

  • application/json

30.1.5. Responses
Copy link

Expand
Table 30.1. HTTP Response Codes
CodeMessageDatatype

200

A successful response.(streaming responses)

Stream_result_of_v1ExportImageResponse

0

An unexpected error response.

RuntimeError

30.1.6. Samples
Copy link

30.1.7. Common object reference
Copy link

30.1.7.1. CVSSV2AccessComplexity
Copy link

Expand
Enum Values

ACCESS_HIGH

ACCESS_MEDIUM

ACCESS_LOW

30.1.7.2. CVSSV2Authentication
Copy link

Expand
Enum Values

AUTH_MULTIPLE

AUTH_SINGLE

AUTH_NONE

30.1.7.3. CVSSV3Complexity
Copy link

Expand
Enum Values

COMPLEXITY_LOW

COMPLEXITY_HIGH

30.1.7.4. CVSSV3Privileges
Copy link

Expand
Enum Values

PRIVILEGE_NONE

PRIVILEGE_LOW

PRIVILEGE_HIGH

30.1.7.5. CVSSV3UserInteraction
Copy link

Expand
Enum Values

UI_NONE

UI_REQUIRED

30.1.7.6. EmbeddedVulnerabilityVulnerabilityType
Copy link

Expand
Enum Values

UNKNOWN_VULNERABILITY

IMAGE_VULNERABILITY

K8S_VULNERABILITY

ISTIO_VULNERABILITY

NODE_VULNERABILITY

OPENSHIFT_VULNERABILITY

30.1.7.7. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
 
Example 3: Pack and unpack a message in Python.
 
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
 
Example 4: Pack and unpack a message in Go
 
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

30.1.7.7.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
 
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Expand
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

30.1.7.8. RuntimeError
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  

30.1.7.9. RuntimeStreamError
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

grpcCode

  

Integer

 

int32

httpCode

  

Integer

 

int32

message

  

String

  

httpStatus

  

String

  

details

  

List of ProtobufAny

  

30.1.7.10. StorageCVSSV2
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

vector

  

String

  

attackVector

  

StorageCVSSV2AttackVector

 

ATTACK_LOCAL, ATTACK_ADJACENT, ATTACK_NETWORK,

accessComplexity

  

CVSSV2AccessComplexity

 

ACCESS_HIGH, ACCESS_MEDIUM, ACCESS_LOW,

authentication

  

CVSSV2Authentication

 

AUTH_MULTIPLE, AUTH_SINGLE, AUTH_NONE,

confidentiality

  

StorageCVSSV2Impact

 

IMPACT_NONE, IMPACT_PARTIAL, IMPACT_COMPLETE,

integrity

  

StorageCVSSV2Impact

 

IMPACT_NONE, IMPACT_PARTIAL, IMPACT_COMPLETE,

availability

  

StorageCVSSV2Impact

 

IMPACT_NONE, IMPACT_PARTIAL, IMPACT_COMPLETE,

exploitabilityScore

  

Float

 

float

impactScore

  

Float

 

float

score

  

Float

 

float

severity

  

StorageCVSSV2Severity

 

UNKNOWN, LOW, MEDIUM, HIGH,

30.1.7.11. StorageCVSSV2AttackVector
Copy link

Expand
Enum Values

ATTACK_LOCAL

ATTACK_ADJACENT

ATTACK_NETWORK

30.1.7.12. StorageCVSSV2Impact
Copy link

Expand
Enum Values

IMPACT_NONE

IMPACT_PARTIAL

IMPACT_COMPLETE

30.1.7.13. StorageCVSSV2Severity
Copy link

Expand
Enum Values

UNKNOWN

LOW

MEDIUM

HIGH

30.1.7.14. StorageCVSSV3
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

vector

  

String

  

exploitabilityScore

  

Float

 

float

impactScore

  

Float

 

float

attackVector

  

StorageCVSSV3AttackVector

 

ATTACK_LOCAL, ATTACK_ADJACENT, ATTACK_NETWORK, ATTACK_PHYSICAL,

attackComplexity

  

CVSSV3Complexity

 

COMPLEXITY_LOW, COMPLEXITY_HIGH,

privilegesRequired

  

CVSSV3Privileges

 

PRIVILEGE_NONE, PRIVILEGE_LOW, PRIVILEGE_HIGH,

userInteraction

  

CVSSV3UserInteraction

 

UI_NONE, UI_REQUIRED,

scope

  

StorageCVSSV3Scope

 

UNCHANGED, CHANGED,

confidentiality

  

StorageCVSSV3Impact

 

IMPACT_NONE, IMPACT_LOW, IMPACT_HIGH,

integrity

  

StorageCVSSV3Impact

 

IMPACT_NONE, IMPACT_LOW, IMPACT_HIGH,

availability

  

StorageCVSSV3Impact

 

IMPACT_NONE, IMPACT_LOW, IMPACT_HIGH,

score

  

Float

 

float

severity

  

StorageCVSSV3Severity

 

UNKNOWN, NONE, LOW, MEDIUM, HIGH, CRITICAL,

30.1.7.15. StorageCVSSV3AttackVector
Copy link

Expand
Enum Values

ATTACK_LOCAL

ATTACK_ADJACENT

ATTACK_NETWORK

ATTACK_PHYSICAL

30.1.7.16. StorageCVSSV3Impact
Copy link

Expand
Enum Values

IMPACT_NONE

IMPACT_LOW

IMPACT_HIGH

30.1.7.17. StorageCVSSV3Scope
Copy link

Expand
Enum Values

UNCHANGED

CHANGED

30.1.7.18. StorageCVSSV3Severity
Copy link

Expand
Enum Values

UNKNOWN

NONE

LOW

MEDIUM

HIGH

CRITICAL

30.1.7.19. StorageCosignSignature
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

rawSignature

  

byte[]

 

byte

signaturePayload

  

byte[]

 

byte

certPem

  

byte[]

 

byte

certChainPem

  

byte[]

 

byte

30.1.7.20. StorageDataSource
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

mirror

  

String

  

30.1.7.21. StorageEmbeddedImageScanComponent
Copy link

Next Tag: 13
Expand
Field NameRequiredNullableTypeDescriptionFormat

name

  

String

  

version

  

String

  

license

  

StorageLicense

  

vulns

  

List of StorageEmbeddedVulnerability

  

layerIndex

  

Integer

 

int32

priority

  

String

 

int64

source

  

StorageSourceType

 

OS, PYTHON, JAVA, RUBY, NODEJS, GO, DOTNETCORERUNTIME, INFRASTRUCTURE,

location

  

String

  

topCvss

  

Float

 

float

riskScore

  

Float

 

float

fixedBy

  

String

Component version that fixes all the fixable vulnerabilities in this component.

 

executables

  

List of StorageEmbeddedImageScanComponentExecutable

  
Expand
Field NameRequiredNullableTypeDescriptionFormat

path

  

String

  

dependencies

  

List of string

  

30.1.7.23. StorageEmbeddedVulnerability
Copy link

Next Tag: 21
Expand
Field NameRequiredNullableTypeDescriptionFormat

cve

  

String

  

cvss

  

Float

 

float

summary

  

String

  

link

  

String

  

fixedBy

  

String

  

scoreVersion

  

StorageEmbeddedVulnerabilityScoreVersion

 

V2, V3,

cvssV2

  

StorageCVSSV2

  

cvssV3

  

StorageCVSSV3

  

publishedOn

  

Date

 

date-time

lastModified

  

Date

 

date-time

vulnerabilityType

  

EmbeddedVulnerabilityVulnerabilityType

 

UNKNOWN_VULNERABILITY, IMAGE_VULNERABILITY, K8S_VULNERABILITY, ISTIO_VULNERABILITY, NODE_VULNERABILITY, OPENSHIFT_VULNERABILITY,

vulnerabilityTypes

  

List of EmbeddedVulnerabilityVulnerabilityType

  

suppressed

  

Boolean

  

suppressActivation

  

Date

 

date-time

suppressExpiry

  

Date

 

date-time

firstSystemOccurrence

  

Date

Time when the CVE was first seen, for this specific distro, in the system.

date-time

firstImageOccurrence

  

Date

Time when the CVE was first seen in this image.

date-time

severity

  

StorageVulnerabilitySeverity

 

UNKNOWN_VULNERABILITY_SEVERITY, LOW_VULNERABILITY_SEVERITY, MODERATE_VULNERABILITY_SEVERITY, IMPORTANT_VULNERABILITY_SEVERITY, CRITICAL_VULNERABILITY_SEVERITY,

state

  

StorageVulnerabilityState

 

OBSERVED, DEFERRED, FALSE_POSITIVE,

Expand
Enum Values

V2

V3

30.1.7.25. StorageImage
Copy link

Next Tag: 19
Expand
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

StorageImageName

  

names

  

List of StorageImageName

This should deprecate the ImageName field long-term, allowing images with the same digest to be associated with different locations. TODO(dhaus): For now, this message will be without search tags due to duplicated search tags otherwise.

 

metadata

  

StorageImageMetadata

  

scan

  

StorageImageScan

  

signatureVerificationData

  

StorageImageSignatureVerificationData

  

signature

  

StorageImageSignature

  

components

  

Integer

 

int32

cves

  

Integer

 

int32

fixableCves

  

Integer

 

int32

lastUpdated

  

Date

 

date-time

notPullable

  

Boolean

  

isClusterLocal

  

Boolean

  

priority

  

String

 

int64

riskScore

  

Float

 

float

topCvss

  

Float

 

float

notes

  

List of StorageImageNote

  

30.1.7.26. StorageImageLayer
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

instruction

  

String

  

value

  

String

  

created

  

Date

 

date-time

author

  

String

  

empty

  

Boolean

  

30.1.7.27. StorageImageMetadata
Copy link

If any fields of ImageMetadata are modified including subfields, please check pkg/images/enricher/metadata.go to ensure that those changes will be automatically picked up Next Tag: 6
Expand
Field NameRequiredNullableTypeDescriptionFormat

v1

  

StorageV1Metadata

  

v2

  

StorageV2Metadata

  

layerShas

  

List of string

  

dataSource

  

StorageDataSource

  

version

  

String

 

uint64

30.1.7.28. StorageImageName
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

registry

  

String

  

remote

  

String

  

tag

  

String

  

fullName

  

String

  

30.1.7.29. StorageImageNote
Copy link

Expand
Enum Values

MISSING_METADATA

MISSING_SCAN_DATA

MISSING_SIGNATURE

MISSING_SIGNATURE_VERIFICATION_DATA

30.1.7.30. StorageImageScan
Copy link

Next tag: 8
Expand
Field NameRequiredNullableTypeDescriptionFormat

scannerVersion

  

String

  

scanTime

  

Date

 

date-time

components

  

List of StorageEmbeddedImageScanComponent

  

operatingSystem

  

String

  

dataSource

  

StorageDataSource

  

notes

  

List of StorageImageScanNote

  

hash

  

String

 

uint64

30.1.7.31. StorageImageScanNote
Copy link

Expand
Enum Values

UNSET

OS_UNAVAILABLE

PARTIAL_SCAN_DATA

OS_CVES_UNAVAILABLE

OS_CVES_STALE

LANGUAGE_CVES_UNAVAILABLE

CERTIFIED_RHEL_SCAN_UNAVAILABLE

30.1.7.32. StorageImageSignature
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

signatures

  

List of StorageSignature

  

fetched

  

Date

 

date-time

30.1.7.33. StorageImageSignatureVerificationData
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

results

  

List of StorageImageSignatureVerificationResult

  

30.1.7.34. StorageImageSignatureVerificationResult
Copy link

Next Tag: 6
Expand
Field NameRequiredNullableTypeDescriptionFormat

verificationTime

  

Date

 

date-time

verifierId

  

String

verifier_id correlates to the ID of the signature integration used to verify the signature.

 

status

  

StorageImageSignatureVerificationResultStatus

 

UNSET, VERIFIED, FAILED_VERIFICATION, INVALID_SIGNATURE_ALGO, CORRUPTED_SIGNATURE, GENERIC_ERROR,

description

  

String

description is set in the case of an error with the specific error’s message. Otherwise, this will not be set.

 

verifiedImageReferences

  

List of string

The full image names that are verified by this specific signature integration ID.

 

Status represents the status of the result.

  • VERIFIED: VERIFIED is set when the signature’s verification was successful.
  • FAILED_VERIFICATION: FAILED_VERIFICATION is set when the signature’s verification failed.
  • INVALID_SIGNATURE_ALGO: INVALID_SIGNATURE_ALGO is set when the signature’s algorithm is invalid and unsupported.
  • CORRUPTED_SIGNATURE: CORRUPTED_SIGNATURE is set when the raw signature is corrupted, i.e. wrong base64 encoding.
  • GENERIC_ERROR: GENERIC_ERROR is set when an error occurred during verification that cannot be associated with a specific status.
Expand
Enum Values

UNSET

VERIFIED

FAILED_VERIFICATION

INVALID_SIGNATURE_ALGO

CORRUPTED_SIGNATURE

GENERIC_ERROR

30.1.7.36. StorageLicense
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

name

  

String

  

type

  

String

  

url

  

String

  

30.1.7.37. StorageSignature
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

cosign

  

StorageCosignSignature

  

30.1.7.38. StorageSourceType
Copy link

Expand
Enum Values

OS

PYTHON

JAVA

RUBY

NODEJS

GO

DOTNETCORERUNTIME

INFRASTRUCTURE

30.1.7.39. StorageV1Metadata
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

digest

  

String

  

created

  

Date

 

date-time

author

  

String

  

layers

  

List of StorageImageLayer

  

user

  

String

  

command

  

List of string

  

entrypoint

  

List of string

  

volumes

  

List of string

  

labels

  

Map of string

  

30.1.7.40. StorageV2Metadata
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

digest

  

String

  

30.1.7.41. StorageVulnerabilitySeverity
Copy link

Expand
Enum Values

UNKNOWN_VULNERABILITY_SEVERITY

LOW_VULNERABILITY_SEVERITY

MODERATE_VULNERABILITY_SEVERITY

IMPORTANT_VULNERABILITY_SEVERITY

CRITICAL_VULNERABILITY_SEVERITY

30.1.7.42. StorageVulnerabilityState
Copy link

VulnerabilityState indicates if vulnerability is being observed or deferred(/suppressed). By default, it vulnerabilities are observed.

Expand
Enum Values

OBSERVED

DEFERRED

FALSE_POSITIVE

30.1.7.43. StreamResultOfV1ExportImageResponse
Copy link

Stream result of v1ExportImageResponse
Expand
Field NameRequiredNullableTypeDescriptionFormat

result

  

V1ExportImageResponse

  

error

  

RuntimeStreamError

  

30.1.7.44. V1ExportImageResponse
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

image

  

StorageImage

  

30.2. InvalidateScanAndRegistryCaches
Copy link

GET /v1/images/cache/invalidate

InvalidateScanAndRegistryCaches removes the image metadata cache.

30.2.1. Description
Copy link

30.2.2. Parameters
Copy link

30.2.3. Return Type
Copy link

Object

30.2.4. Content Type
Copy link

  • application/json

30.2.5. Responses
Copy link

Expand
Table 30.2. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

Object

0

An unexpected error response.

RuntimeError

30.2.6. Samples
Copy link

30.2.7. Common object reference
Copy link

30.2.7.1. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
 
Example 3: Pack and unpack a message in Python.
 
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
 
Example 4: Pack and unpack a message in Go
 
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

30.2.7.1.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
 
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Expand
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

30.2.7.2. RuntimeError
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  

30.3. CountImages
Copy link

GET /v1/imagescount

CountImages returns a count of images that match the input query.

30.3.1. Description
Copy link

30.3.2. Parameters
Copy link

30.3.2.1. Query Parameters
Copy link

Expand
NameDescriptionRequiredDefaultPattern

query

 

-

null

 

pagination.limit

 

-

null

 

pagination.offset

 

-

null

 

pagination.sortOption.field

 

-

null

 

pagination.sortOption.reversed

 

-

null

 

pagination.sortOption.aggregateBy.aggrFunc

 

-

UNSET

 

pagination.sortOption.aggregateBy.distinct

 

-

null

 

30.3.3. Return Type
Copy link

V1CountImagesResponse

30.3.4. Content Type
Copy link

  • application/json

30.3.5. Responses
Copy link

Expand
Table 30.3. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1CountImagesResponse

0

An unexpected error response.

RuntimeError

30.3.6. Samples
Copy link

30.3.7. Common object reference
Copy link

30.3.7.1. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
 
Example 3: Pack and unpack a message in Python.
 
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
 
Example 4: Pack and unpack a message in Go
 
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

30.3.7.1.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
 
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Expand
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

30.3.7.2. RuntimeError
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  

30.3.7.3. V1CountImagesResponse
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

count

  

Integer

 

int32

30.4. DeleteImages
Copy link

DELETE /v1/images

DeleteImage removes the images based on a query

30.4.1. Description
Copy link

30.4.2. Parameters
Copy link

30.4.2.1. Query Parameters
Copy link

Expand
NameDescriptionRequiredDefaultPattern

query.query

 

-

null

 

query.pagination.limit

 

-

null

 

query.pagination.offset

 

-

null

 

query.pagination.sortOption.field

 

-

null

 

query.pagination.sortOption.reversed

 

-

null

 

query.pagination.sortOption.aggregateBy.aggrFunc

 

-

UNSET

 

query.pagination.sortOption.aggregateBy.distinct

 

-

null

 

confirm

 

-

null

 

30.4.3. Return Type
Copy link

V1DeleteImagesResponse

30.4.4. Content Type
Copy link

  • application/json

30.4.5. Responses
Copy link

Expand
Table 30.4. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1DeleteImagesResponse

0

An unexpected error response.

RuntimeError

30.4.6. Samples
Copy link

30.4.7. Common object reference
Copy link

30.4.7.1. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
 
Example 3: Pack and unpack a message in Python.
 
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
 
Example 4: Pack and unpack a message in Go
 
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

30.4.7.1.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
 
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Expand
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

30.4.7.2. RuntimeError
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  

30.4.7.3. V1DeleteImagesResponse
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

numDeleted

  

Long

 

int64

dryRun

  

Boolean

  

30.5. ListImages
Copy link

GET /v1/images

ListImages returns all the images that match the input query.

30.5.1. Description
Copy link

30.5.2. Parameters
Copy link

30.5.2.1. Query Parameters
Copy link

Expand
NameDescriptionRequiredDefaultPattern

query

 

-

null

 

pagination.limit

 

-

null

 

pagination.offset

 

-

null

 

pagination.sortOption.field

 

-

null

 

pagination.sortOption.reversed

 

-

null

 

pagination.sortOption.aggregateBy.aggrFunc

 

-

UNSET

 

pagination.sortOption.aggregateBy.distinct

 

-

null

 

30.5.3. Return Type
Copy link

V1ListImagesResponse

30.5.4. Content Type
Copy link

  • application/json

30.5.5. Responses
Copy link

Expand
Table 30.5. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1ListImagesResponse

0

An unexpected error response.

RuntimeError

30.5.6. Samples
Copy link

30.5.7. Common object reference
Copy link

30.5.7.1. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
 
Example 3: Pack and unpack a message in Python.
 
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
 
Example 4: Pack and unpack a message in Go
 
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

30.5.7.1.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
 
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Expand
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

30.5.7.2. RuntimeError
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  

30.5.7.3. StorageListImage
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

components

  

Integer

 

int32

cves

  

Integer

 

int32

fixableCves

  

Integer

 

int32

created

  

Date

 

date-time

lastUpdated

  

Date

 

date-time

priority

  

String

 

int64

30.5.7.4. V1ListImagesResponse
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

images

  

List of StorageListImage

  

30.6. GetImage
Copy link

GET /v1/images/{id}

GetImage returns the image given its ID.

30.6.1. Description
Copy link

30.6.2. Parameters
Copy link

30.6.2.1. Path Parameters
Copy link

Expand
NameDescriptionRequiredDefaultPattern

id

 

X

null

 

30.6.2.2. Query Parameters
Copy link

Expand
NameDescriptionRequiredDefaultPattern

includeSnoozed

 

-

null

 

stripDescription

 

-

null

 

30.6.3. Return Type
Copy link

StorageImage

30.6.4. Content Type
Copy link

  • application/json

30.6.5. Responses
Copy link

Expand
Table 30.6. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

StorageImage

0

An unexpected error response.

RuntimeError

30.6.6. Samples
Copy link

30.6.7. Common object reference
Copy link

30.6.7.1. CVSSV2AccessComplexity
Copy link

Expand
Enum Values

ACCESS_HIGH

ACCESS_MEDIUM

ACCESS_LOW

30.6.7.2. CVSSV2Authentication
Copy link

Expand
Enum Values

AUTH_MULTIPLE

AUTH_SINGLE

AUTH_NONE

30.6.7.3. CVSSV3Complexity
Copy link

Expand
Enum Values

COMPLEXITY_LOW

COMPLEXITY_HIGH

30.6.7.4. CVSSV3Privileges
Copy link

Expand
Enum Values

PRIVILEGE_NONE

PRIVILEGE_LOW

PRIVILEGE_HIGH

30.6.7.5. CVSSV3UserInteraction
Copy link

Expand
Enum Values

UI_NONE

UI_REQUIRED

30.6.7.6. EmbeddedVulnerabilityVulnerabilityType
Copy link

Expand
Enum Values

UNKNOWN_VULNERABILITY

IMAGE_VULNERABILITY

K8S_VULNERABILITY

ISTIO_VULNERABILITY

NODE_VULNERABILITY

OPENSHIFT_VULNERABILITY

30.6.7.7. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
 
Example 3: Pack and unpack a message in Python.
 
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
 
Example 4: Pack and unpack a message in Go
 
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

30.6.7.7.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
 
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Expand
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

30.6.7.8. RuntimeError
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  

30.6.7.9. StorageCVSSV2
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

vector

  

String

  

attackVector

  

StorageCVSSV2AttackVector

 

ATTACK_LOCAL, ATTACK_ADJACENT, ATTACK_NETWORK,

accessComplexity

  

CVSSV2AccessComplexity

 

ACCESS_HIGH, ACCESS_MEDIUM, ACCESS_LOW,

authentication

  

CVSSV2Authentication

 

AUTH_MULTIPLE, AUTH_SINGLE, AUTH_NONE,

confidentiality

  

StorageCVSSV2Impact

 

IMPACT_NONE, IMPACT_PARTIAL, IMPACT_COMPLETE,

integrity

  

StorageCVSSV2Impact

 

IMPACT_NONE, IMPACT_PARTIAL, IMPACT_COMPLETE,

availability

  

StorageCVSSV2Impact

 

IMPACT_NONE, IMPACT_PARTIAL, IMPACT_COMPLETE,

exploitabilityScore

  

Float

 

float

impactScore

  

Float

 

float

score

  

Float

 

float

severity

  

StorageCVSSV2Severity

 

UNKNOWN, LOW, MEDIUM, HIGH,

30.6.7.10. StorageCVSSV2AttackVector
Copy link

Expand
Enum Values

ATTACK_LOCAL

ATTACK_ADJACENT

ATTACK_NETWORK

30.6.7.11. StorageCVSSV2Impact
Copy link

Expand
Enum Values

IMPACT_NONE

IMPACT_PARTIAL

IMPACT_COMPLETE

30.6.7.12. StorageCVSSV2Severity
Copy link

Expand
Enum Values

UNKNOWN

LOW

MEDIUM

HIGH

30.6.7.13. StorageCVSSV3
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

vector

  

String

  

exploitabilityScore

  

Float

 

float

impactScore

  

Float

 

float

attackVector

  

StorageCVSSV3AttackVector

 

ATTACK_LOCAL, ATTACK_ADJACENT, ATTACK_NETWORK, ATTACK_PHYSICAL,

attackComplexity

  

CVSSV3Complexity

 

COMPLEXITY_LOW, COMPLEXITY_HIGH,

privilegesRequired

  

CVSSV3Privileges

 

PRIVILEGE_NONE, PRIVILEGE_LOW, PRIVILEGE_HIGH,

userInteraction

  

CVSSV3UserInteraction

 

UI_NONE, UI_REQUIRED,

scope

  

StorageCVSSV3Scope

 

UNCHANGED, CHANGED,

confidentiality

  

StorageCVSSV3Impact

 

IMPACT_NONE, IMPACT_LOW, IMPACT_HIGH,

integrity

  

StorageCVSSV3Impact

 

IMPACT_NONE, IMPACT_LOW, IMPACT_HIGH,

availability

  

StorageCVSSV3Impact

 

IMPACT_NONE, IMPACT_LOW, IMPACT_HIGH,

score

  

Float

 

float

severity

  

StorageCVSSV3Severity

 

UNKNOWN, NONE, LOW, MEDIUM, HIGH, CRITICAL,

30.6.7.14. StorageCVSSV3AttackVector
Copy link

Expand
Enum Values

ATTACK_LOCAL

ATTACK_ADJACENT

ATTACK_NETWORK

ATTACK_PHYSICAL

30.6.7.15. StorageCVSSV3Impact
Copy link

Expand
Enum Values

IMPACT_NONE

IMPACT_LOW

IMPACT_HIGH

30.6.7.16. StorageCVSSV3Scope
Copy link

Expand
Enum Values

UNCHANGED

CHANGED

30.6.7.17. StorageCVSSV3Severity
Copy link

Expand
Enum Values

UNKNOWN

NONE

LOW

MEDIUM

HIGH

CRITICAL

30.6.7.18. StorageCosignSignature
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

rawSignature

  

byte[]

 

byte

signaturePayload

  

byte[]

 

byte

certPem

  

byte[]

 

byte

certChainPem

  

byte[]

 

byte

30.6.7.19. StorageDataSource
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

mirror

  

String

  

30.6.7.20. StorageEmbeddedImageScanComponent
Copy link

Next Tag: 13
Expand
Field NameRequiredNullableTypeDescriptionFormat

name

  

String

  

version

  

String

  

license

  

StorageLicense

  

vulns

  

List of StorageEmbeddedVulnerability

  

layerIndex

  

Integer

 

int32

priority

  

String

 

int64

source

  

StorageSourceType

 

OS, PYTHON, JAVA, RUBY, NODEJS, GO, DOTNETCORERUNTIME, INFRASTRUCTURE,

location

  

String

  

topCvss

  

Float

 

float

riskScore

  

Float

 

float

fixedBy

  

String

Component version that fixes all the fixable vulnerabilities in this component.

 

executables

  

List of StorageEmbeddedImageScanComponentExecutable

  
Expand
Field NameRequiredNullableTypeDescriptionFormat

path

  

String

  

dependencies

  

List of string

  

30.6.7.22. StorageEmbeddedVulnerability
Copy link

Next Tag: 21
Expand
Field NameRequiredNullableTypeDescriptionFormat

cve

  

String

  

cvss

  

Float

 

float

summary

  

String

  

link

  

String

  

fixedBy

  

String

  

scoreVersion

  

StorageEmbeddedVulnerabilityScoreVersion

 

V2, V3,

cvssV2

  

StorageCVSSV2

  

cvssV3

  

StorageCVSSV3

  

publishedOn

  

Date

 

date-time

lastModified

  

Date

 

date-time

vulnerabilityType

  

EmbeddedVulnerabilityVulnerabilityType

 

UNKNOWN_VULNERABILITY, IMAGE_VULNERABILITY, K8S_VULNERABILITY, ISTIO_VULNERABILITY, NODE_VULNERABILITY, OPENSHIFT_VULNERABILITY,

vulnerabilityTypes

  

List of EmbeddedVulnerabilityVulnerabilityType

  

suppressed

  

Boolean

  

suppressActivation

  

Date

 

date-time

suppressExpiry

  

Date

 

date-time

firstSystemOccurrence

  

Date

Time when the CVE was first seen, for this specific distro, in the system.

date-time

firstImageOccurrence

  

Date

Time when the CVE was first seen in this image.

date-time

severity

  

StorageVulnerabilitySeverity

 

UNKNOWN_VULNERABILITY_SEVERITY, LOW_VULNERABILITY_SEVERITY, MODERATE_VULNERABILITY_SEVERITY, IMPORTANT_VULNERABILITY_SEVERITY, CRITICAL_VULNERABILITY_SEVERITY,

state

  

StorageVulnerabilityState

 

OBSERVED, DEFERRED, FALSE_POSITIVE,

Expand
Enum Values

V2

V3

30.6.7.24. StorageImage
Copy link

Next Tag: 19
Expand
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

StorageImageName

  

names

  

List of StorageImageName

This should deprecate the ImageName field long-term, allowing images with the same digest to be associated with different locations. TODO(dhaus): For now, this message will be without search tags due to duplicated search tags otherwise.

 

metadata

  

StorageImageMetadata

  

scan

  

StorageImageScan

  

signatureVerificationData

  

StorageImageSignatureVerificationData

  

signature

  

StorageImageSignature

  

components

  

Integer

 

int32

cves

  

Integer

 

int32

fixableCves

  

Integer

 

int32

lastUpdated

  

Date

 

date-time

notPullable

  

Boolean

  

isClusterLocal

  

Boolean

  

priority

  

String

 

int64

riskScore

  

Float

 

float

topCvss

  

Float

 

float

notes

  

List of StorageImageNote

  

30.6.7.25. StorageImageLayer
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

instruction

  

String

  

value

  

String

  

created

  

Date

 

date-time

author

  

String

  

empty

  

Boolean

  

30.6.7.26. StorageImageMetadata
Copy link

If any fields of ImageMetadata are modified including subfields, please check pkg/images/enricher/metadata.go to ensure that those changes will be automatically picked up Next Tag: 6
Expand
Field NameRequiredNullableTypeDescriptionFormat

v1

  

StorageV1Metadata

  

v2

  

StorageV2Metadata

  

layerShas

  

List of string

  

dataSource

  

StorageDataSource

  

version

  

String

 

uint64

30.6.7.27. StorageImageName
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

registry

  

String

  

remote

  

String

  

tag

  

String

  

fullName

  

String

  

30.6.7.28. StorageImageNote
Copy link

Expand
Enum Values

MISSING_METADATA

MISSING_SCAN_DATA

MISSING_SIGNATURE

MISSING_SIGNATURE_VERIFICATION_DATA

30.6.7.29. StorageImageScan
Copy link

Next tag: 8
Expand
Field NameRequiredNullableTypeDescriptionFormat

scannerVersion

  

String

  

scanTime

  

Date

 

date-time

components

  

List of StorageEmbeddedImageScanComponent

  

operatingSystem

  

String

  

dataSource

  

StorageDataSource

  

notes

  

List of StorageImageScanNote

  

hash

  

String

 

uint64

30.6.7.30. StorageImageScanNote
Copy link

Expand
Enum Values

UNSET

OS_UNAVAILABLE

PARTIAL_SCAN_DATA

OS_CVES_UNAVAILABLE

OS_CVES_STALE

LANGUAGE_CVES_UNAVAILABLE

CERTIFIED_RHEL_SCAN_UNAVAILABLE

30.6.7.31. StorageImageSignature
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

signatures

  

List of StorageSignature

  

fetched

  

Date

 

date-time

30.6.7.32. StorageImageSignatureVerificationData
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

results

  

List of StorageImageSignatureVerificationResult

  

30.6.7.33. StorageImageSignatureVerificationResult
Copy link

Next Tag: 6
Expand
Field NameRequiredNullableTypeDescriptionFormat

verificationTime

  

Date

 

date-time

verifierId

  

String

verifier_id correlates to the ID of the signature integration used to verify the signature.

 

status

  

StorageImageSignatureVerificationResultStatus

 

UNSET, VERIFIED, FAILED_VERIFICATION, INVALID_SIGNATURE_ALGO, CORRUPTED_SIGNATURE, GENERIC_ERROR,

description

  

String

description is set in the case of an error with the specific error’s message. Otherwise, this will not be set.

 

verifiedImageReferences

  

List of string

The full image names that are verified by this specific signature integration ID.

 

Status represents the status of the result.

  • VERIFIED: VERIFIED is set when the signature’s verification was successful.
  • FAILED_VERIFICATION: FAILED_VERIFICATION is set when the signature’s verification failed.
  • INVALID_SIGNATURE_ALGO: INVALID_SIGNATURE_ALGO is set when the signature’s algorithm is invalid and unsupported.
  • CORRUPTED_SIGNATURE: CORRUPTED_SIGNATURE is set when the raw signature is corrupted, i.e. wrong base64 encoding.
  • GENERIC_ERROR: GENERIC_ERROR is set when an error occurred during verification that cannot be associated with a specific status.
Expand
Enum Values

UNSET

VERIFIED

FAILED_VERIFICATION

INVALID_SIGNATURE_ALGO

CORRUPTED_SIGNATURE

GENERIC_ERROR

30.6.7.35. StorageLicense
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

name

  

String

  

type

  

String

  

url

  

String

  

30.6.7.36. StorageSignature
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

cosign

  

StorageCosignSignature

  

30.6.7.37. StorageSourceType
Copy link

Expand
Enum Values

OS

PYTHON

JAVA

RUBY

NODEJS

GO

DOTNETCORERUNTIME

INFRASTRUCTURE

30.6.7.38. StorageV1Metadata
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

digest

  

String

  

created

  

Date

 

date-time

author

  

String

  

layers

  

List of StorageImageLayer

  

user

  

String

  

command

  

List of string

  

entrypoint

  

List of string

  

volumes

  

List of string

  

labels

  

Map of string

  

30.6.7.39. StorageV2Metadata
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

digest

  

String

  

30.6.7.40. StorageVulnerabilitySeverity
Copy link

Expand
Enum Values

UNKNOWN_VULNERABILITY_SEVERITY

LOW_VULNERABILITY_SEVERITY

MODERATE_VULNERABILITY_SEVERITY

IMPORTANT_VULNERABILITY_SEVERITY

CRITICAL_VULNERABILITY_SEVERITY

30.6.7.41. StorageVulnerabilityState
Copy link

VulnerabilityState indicates if vulnerability is being observed or deferred(/suppressed). By default, it vulnerabilities are observed.

Expand
Enum Values

OBSERVED

DEFERRED

FALSE_POSITIVE

30.7. ScanImage
Copy link

POST /v1/images/scan

ScanImage scans a single image and returns the result

30.7.1. Description
Copy link

30.7.2. Parameters
Copy link

30.7.2.1. Body Parameter
Copy link

Expand
NameDescriptionRequiredDefaultPattern

body

V1ScanImageRequest

X

  

30.7.3. Return Type
Copy link

StorageImage

30.7.4. Content Type
Copy link

  • application/json

30.7.5. Responses
Copy link

Expand
Table 30.7. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

StorageImage

0

An unexpected error response.

RuntimeError

30.7.6. Samples
Copy link

30.7.7. Common object reference
Copy link

30.7.7.1. CVSSV2AccessComplexity
Copy link

Expand
Enum Values

ACCESS_HIGH

ACCESS_MEDIUM

ACCESS_LOW

30.7.7.2. CVSSV2Authentication
Copy link

Expand
Enum Values

AUTH_MULTIPLE

AUTH_SINGLE

AUTH_NONE

30.7.7.3. CVSSV3Complexity
Copy link

Expand
Enum Values

COMPLEXITY_LOW

COMPLEXITY_HIGH

30.7.7.4. CVSSV3Privileges
Copy link

Expand
Enum Values

PRIVILEGE_NONE

PRIVILEGE_LOW

PRIVILEGE_HIGH

30.7.7.5. CVSSV3UserInteraction
Copy link

Expand
Enum Values

UI_NONE

UI_REQUIRED

30.7.7.6. EmbeddedVulnerabilityVulnerabilityType
Copy link

Expand
Enum Values

UNKNOWN_VULNERABILITY

IMAGE_VULNERABILITY

K8S_VULNERABILITY

ISTIO_VULNERABILITY

NODE_VULNERABILITY

OPENSHIFT_VULNERABILITY

30.7.7.7. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
 
Example 3: Pack and unpack a message in Python.
 
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
 
Example 4: Pack and unpack a message in Go
 
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

30.7.7.7.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
 
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Expand
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

30.7.7.8. RuntimeError
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  

30.7.7.9. StorageCVSSV2
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

vector

  

String

  

attackVector

  

StorageCVSSV2AttackVector

 

ATTACK_LOCAL, ATTACK_ADJACENT, ATTACK_NETWORK,

accessComplexity

  

CVSSV2AccessComplexity

 

ACCESS_HIGH, ACCESS_MEDIUM, ACCESS_LOW,

authentication

  

CVSSV2Authentication

 

AUTH_MULTIPLE, AUTH_SINGLE, AUTH_NONE,

confidentiality

  

StorageCVSSV2Impact

 

IMPACT_NONE, IMPACT_PARTIAL, IMPACT_COMPLETE,

integrity

  

StorageCVSSV2Impact

 

IMPACT_NONE, IMPACT_PARTIAL, IMPACT_COMPLETE,

availability

  

StorageCVSSV2Impact

 

IMPACT_NONE, IMPACT_PARTIAL, IMPACT_COMPLETE,

exploitabilityScore

  

Float

 

float

impactScore

  

Float

 

float

score

  

Float

 

float

severity

  

StorageCVSSV2Severity

 

UNKNOWN, LOW, MEDIUM, HIGH,

30.7.7.10. StorageCVSSV2AttackVector
Copy link

Expand
Enum Values

ATTACK_LOCAL

ATTACK_ADJACENT

ATTACK_NETWORK

30.7.7.11. StorageCVSSV2Impact
Copy link

Expand
Enum Values

IMPACT_NONE

IMPACT_PARTIAL

IMPACT_COMPLETE

30.7.7.12. StorageCVSSV2Severity
Copy link

Expand
Enum Values

UNKNOWN

LOW

MEDIUM

HIGH

30.7.7.13. StorageCVSSV3
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

vector

  

String

  

exploitabilityScore

  

Float

 

float

impactScore

  

Float

 

float

attackVector

  

StorageCVSSV3AttackVector

 

ATTACK_LOCAL, ATTACK_ADJACENT, ATTACK_NETWORK, ATTACK_PHYSICAL,

attackComplexity

  

CVSSV3Complexity

 

COMPLEXITY_LOW, COMPLEXITY_HIGH,

privilegesRequired

  

CVSSV3Privileges

 

PRIVILEGE_NONE, PRIVILEGE_LOW, PRIVILEGE_HIGH,

userInteraction

  

CVSSV3UserInteraction

 

UI_NONE, UI_REQUIRED,

scope

  

StorageCVSSV3Scope

 

UNCHANGED, CHANGED,

confidentiality

  

StorageCVSSV3Impact

 

IMPACT_NONE, IMPACT_LOW, IMPACT_HIGH,

integrity

  

StorageCVSSV3Impact

 

IMPACT_NONE, IMPACT_LOW, IMPACT_HIGH,

availability

  

StorageCVSSV3Impact

 

IMPACT_NONE, IMPACT_LOW, IMPACT_HIGH,

score

  

Float

 

float

severity

  

StorageCVSSV3Severity

 

UNKNOWN, NONE, LOW, MEDIUM, HIGH, CRITICAL,

30.7.7.14. StorageCVSSV3AttackVector
Copy link

Expand
Enum Values

ATTACK_LOCAL

ATTACK_ADJACENT

ATTACK_NETWORK

ATTACK_PHYSICAL

30.7.7.15. StorageCVSSV3Impact
Copy link

Expand
Enum Values

IMPACT_NONE

IMPACT_LOW

IMPACT_HIGH

30.7.7.16. StorageCVSSV3Scope
Copy link

Expand
Enum Values

UNCHANGED

CHANGED

30.7.7.17. StorageCVSSV3Severity
Copy link

Expand
Enum Values

UNKNOWN

NONE

LOW

MEDIUM

HIGH

CRITICAL

30.7.7.18. StorageCosignSignature
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

rawSignature

  

byte[]

 

byte

signaturePayload

  

byte[]

 

byte

certPem

  

byte[]

 

byte

certChainPem

  

byte[]

 

byte

30.7.7.19. StorageDataSource
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

mirror

  

String

  

30.7.7.20. StorageEmbeddedImageScanComponent
Copy link

Next Tag: 13
Expand
Field NameRequiredNullableTypeDescriptionFormat

name

  

String

  

version

  

String

  

license

  

StorageLicense

  

vulns

  

List of StorageEmbeddedVulnerability

  

layerIndex

  

Integer

 

int32

priority

  

String

 

int64

source

  

StorageSourceType

 

OS, PYTHON, JAVA, RUBY, NODEJS, GO, DOTNETCORERUNTIME, INFRASTRUCTURE,

location

  

String

  

topCvss

  

Float

 

float

riskScore

  

Float

 

float

fixedBy

  

String

Component version that fixes all the fixable vulnerabilities in this component.

 

executables

  

List of StorageEmbeddedImageScanComponentExecutable

  
Expand
Field NameRequiredNullableTypeDescriptionFormat

path

  

String

  

dependencies

  

List of string

  

30.7.7.22. StorageEmbeddedVulnerability
Copy link

Next Tag: 21
Expand
Field NameRequiredNullableTypeDescriptionFormat

cve

  

String

  

cvss

  

Float

 

float

summary

  

String

  

link

  

String

  

fixedBy

  

String

  

scoreVersion

  

StorageEmbeddedVulnerabilityScoreVersion

 

V2, V3,

cvssV2

  

StorageCVSSV2

  

cvssV3

  

StorageCVSSV3

  

publishedOn

  

Date

 

date-time

lastModified

  

Date

 

date-time

vulnerabilityType

  

EmbeddedVulnerabilityVulnerabilityType

 

UNKNOWN_VULNERABILITY, IMAGE_VULNERABILITY, K8S_VULNERABILITY, ISTIO_VULNERABILITY, NODE_VULNERABILITY, OPENSHIFT_VULNERABILITY,

vulnerabilityTypes

  

List of EmbeddedVulnerabilityVulnerabilityType

  

suppressed

  

Boolean

  

suppressActivation

  

Date

 

date-time

suppressExpiry

  

Date

 

date-time

firstSystemOccurrence

  

Date

Time when the CVE was first seen, for this specific distro, in the system.

date-time

firstImageOccurrence

  

Date

Time when the CVE was first seen in this image.

date-time

severity

  

StorageVulnerabilitySeverity

 

UNKNOWN_VULNERABILITY_SEVERITY, LOW_VULNERABILITY_SEVERITY, MODERATE_VULNERABILITY_SEVERITY, IMPORTANT_VULNERABILITY_SEVERITY, CRITICAL_VULNERABILITY_SEVERITY,

state

  

StorageVulnerabilityState

 

OBSERVED, DEFERRED, FALSE_POSITIVE,

Expand
Enum Values

V2

V3

30.7.7.24. StorageImage
Copy link

Next Tag: 19
Expand
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

StorageImageName

  

names

  

List of StorageImageName

This should deprecate the ImageName field long-term, allowing images with the same digest to be associated with different locations. TODO(dhaus): For now, this message will be without search tags due to duplicated search tags otherwise.

 

metadata

  

StorageImageMetadata

  

scan

  

StorageImageScan

  

signatureVerificationData

  

StorageImageSignatureVerificationData

  

signature

  

StorageImageSignature

  

components

  

Integer

 

int32

cves

  

Integer

 

int32

fixableCves

  

Integer

 

int32

lastUpdated

  

Date

 

date-time

notPullable

  

Boolean

  

isClusterLocal

  

Boolean

  

priority

  

String

 

int64

riskScore

  

Float

 

float

topCvss

  

Float

 

float

notes

  

List of StorageImageNote

  

30.7.7.25. StorageImageLayer
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

instruction

  

String

  

value

  

String

  

created

  

Date

 

date-time

author

  

String

  

empty

  

Boolean

  

30.7.7.26. StorageImageMetadata
Copy link

If any fields of ImageMetadata are modified including subfields, please check pkg/images/enricher/metadata.go to ensure that those changes will be automatically picked up Next Tag: 6
Expand
Field NameRequiredNullableTypeDescriptionFormat

v1

  

StorageV1Metadata

  

v2

  

StorageV2Metadata

  

layerShas

  

List of string

  

dataSource

  

StorageDataSource

  

version

  

String

 

uint64

30.7.7.27. StorageImageName
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

registry

  

String

  

remote

  

String

  

tag

  

String

  

fullName

  

String

  

30.7.7.28. StorageImageNote
Copy link

Expand
Enum Values

MISSING_METADATA

MISSING_SCAN_DATA

MISSING_SIGNATURE

MISSING_SIGNATURE_VERIFICATION_DATA

30.7.7.29. StorageImageScan
Copy link

Next tag: 8
Expand
Field NameRequiredNullableTypeDescriptionFormat

scannerVersion

  

String

  

scanTime

  

Date

 

date-time

components

  

List of StorageEmbeddedImageScanComponent

  

operatingSystem

  

String

  

dataSource

  

StorageDataSource

  

notes

  

List of StorageImageScanNote

  

hash

  

String

 

uint64

30.7.7.30. StorageImageScanNote
Copy link

Expand
Enum Values

UNSET

OS_UNAVAILABLE

PARTIAL_SCAN_DATA

OS_CVES_UNAVAILABLE

OS_CVES_STALE

LANGUAGE_CVES_UNAVAILABLE

CERTIFIED_RHEL_SCAN_UNAVAILABLE

30.7.7.31. StorageImageSignature
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

signatures

  

List of StorageSignature

  

fetched

  

Date

 

date-time

30.7.7.32. StorageImageSignatureVerificationData
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

results

  

List of StorageImageSignatureVerificationResult

  

30.7.7.33. StorageImageSignatureVerificationResult
Copy link

Next Tag: 6
Expand
Field NameRequiredNullableTypeDescriptionFormat

verificationTime

  

Date

 

date-time

verifierId

  

String

verifier_id correlates to the ID of the signature integration used to verify the signature.

 

status

  

StorageImageSignatureVerificationResultStatus

 

UNSET, VERIFIED, FAILED_VERIFICATION, INVALID_SIGNATURE_ALGO, CORRUPTED_SIGNATURE, GENERIC_ERROR,

description

  

String

description is set in the case of an error with the specific error’s message. Otherwise, this will not be set.

 

verifiedImageReferences

  

List of string

The full image names that are verified by this specific signature integration ID.

 

Status represents the status of the result.

  • VERIFIED: VERIFIED is set when the signature’s verification was successful.
  • FAILED_VERIFICATION: FAILED_VERIFICATION is set when the signature’s verification failed.
  • INVALID_SIGNATURE_ALGO: INVALID_SIGNATURE_ALGO is set when the signature’s algorithm is invalid and unsupported.
  • CORRUPTED_SIGNATURE: CORRUPTED_SIGNATURE is set when the raw signature is corrupted, i.e. wrong base64 encoding.
  • GENERIC_ERROR: GENERIC_ERROR is set when an error occurred during verification that cannot be associated with a specific status.
Expand
Enum Values

UNSET

VERIFIED

FAILED_VERIFICATION

INVALID_SIGNATURE_ALGO

CORRUPTED_SIGNATURE

GENERIC_ERROR

30.7.7.35. StorageLicense
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

name

  

String

  

type

  

String

  

url

  

String

  

30.7.7.36. StorageSignature
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

cosign

  

StorageCosignSignature

  

30.7.7.37. StorageSourceType
Copy link

Expand
Enum Values

OS

PYTHON

JAVA

RUBY

NODEJS

GO

DOTNETCORERUNTIME

INFRASTRUCTURE

30.7.7.38. StorageV1Metadata
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

digest

  

String

  

created

  

Date

 

date-time

author

  

String

  

layers

  

List of StorageImageLayer

  

user

  

String

  

command

  

List of string

  

entrypoint

  

List of string

  

volumes

  

List of string

  

labels

  

Map of string

  

30.7.7.39. StorageV2Metadata
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

digest

  

String

  

30.7.7.40. StorageVulnerabilitySeverity
Copy link

Expand
Enum Values

UNKNOWN_VULNERABILITY_SEVERITY

LOW_VULNERABILITY_SEVERITY

MODERATE_VULNERABILITY_SEVERITY

IMPORTANT_VULNERABILITY_SEVERITY

CRITICAL_VULNERABILITY_SEVERITY

30.7.7.41. StorageVulnerabilityState
Copy link

VulnerabilityState indicates if vulnerability is being observed or deferred(/suppressed). By default, it vulnerabilities are observed.

Expand
Enum Values

OBSERVED

DEFERRED

FALSE_POSITIVE

30.7.7.42. V1ScanImageRequest
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

imageName

  

String

  

force

  

Boolean

  

includeSnoozed

  

Boolean

  

cluster

  

String

Cluster to delegate scan to, may be the cluster’s name or ID.

 

30.8. UnwatchImage
Copy link

DELETE /v1/watchedimages

UnwatchImage marks an image name to no longer be watched. It returns successfully if the image is no longer being watched after the call, irrespective of whether the image was already being watched.

30.8.1. Description
Copy link

30.8.2. Parameters
Copy link

30.8.2.1. Query Parameters
Copy link

Expand
NameDescriptionRequiredDefaultPattern

name

The name of the image to unwatch. Should match the name of a previously watched image.

-

null

 

30.8.3. Return Type
Copy link

Object

30.8.4. Content Type
Copy link

  • application/json

30.8.5. Responses
Copy link

Expand
Table 30.8. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

Object

0

An unexpected error response.

RuntimeError

30.8.6. Samples
Copy link

30.8.7. Common object reference
Copy link

30.8.7.1. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
 
Example 3: Pack and unpack a message in Python.
 
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
 
Example 4: Pack and unpack a message in Go
 
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

30.8.7.1.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
 
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Expand
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

30.8.7.2. RuntimeError
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  

30.9. GetWatchedImages
Copy link

GET /v1/watchedimages

GetWatchedImages returns the list of image names that are currently being watched.

30.9.1. Description
Copy link

30.9.2. Parameters
Copy link

30.9.3. Return Type
Copy link

V1GetWatchedImagesResponse

30.9.4. Content Type
Copy link

  • application/json

30.9.5. Responses
Copy link

Expand
Table 30.9. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1GetWatchedImagesResponse

0

An unexpected error response.

RuntimeError

30.9.6. Samples
Copy link

30.9.7. Common object reference
Copy link

30.9.7.1. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
 
Example 3: Pack and unpack a message in Python.
 
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
 
Example 4: Pack and unpack a message in Go
 
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

30.9.7.1.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
 
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Expand
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

30.9.7.2. RuntimeError
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  

30.9.7.3. StorageWatchedImage
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

name

  

String

  

30.9.7.4. V1GetWatchedImagesResponse
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

watchedImages

  

List of StorageWatchedImage

  

30.10. WatchImage
Copy link

POST /v1/watchedimages

WatchImage marks an image name as to be watched.

30.10.1. Description
Copy link

30.10.2. Parameters
Copy link

30.10.2.1. Body Parameter
Copy link

Expand
NameDescriptionRequiredDefaultPattern

body

V1WatchImageRequest

X

  

30.10.3. Return Type
Copy link

V1WatchImageResponse

30.10.4. Content Type
Copy link

  • application/json

30.10.5. Responses
Copy link

Expand
Table 30.10. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1WatchImageResponse

0

An unexpected error response.

RuntimeError

30.10.6. Samples
Copy link

30.10.7. Common object reference
Copy link

30.10.7.1. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
 
Example 3: Pack and unpack a message in Python.
 
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
 
Example 4: Pack and unpack a message in Go
 
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

30.10.7.1.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
 
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Expand
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

30.10.7.2. RuntimeError
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  

30.10.7.3. V1WatchImageRequest
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

name

  

String

The name of the image. This must be fully qualified, including a tag, but must NOT include a SHA.

 

30.10.7.4. V1WatchImageResponse
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

normalizedName

  

String

  

errorType

  

WatchImageResponseErrorType

 

NO_ERROR, INVALID_IMAGE_NAME, NO_VALID_INTEGRATION, SCAN_FAILED,

errorMessage

  

String

Only set if error_type is NOT equal to \"NO_ERROR\".

 

30.10.7.5. WatchImageResponseErrorType
Copy link

Expand
Enum Values

NO_ERROR

INVALID_IMAGE_NAME

NO_VALID_INTEGRATION

SCAN_FAILED

Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Legal Notice

Theme

© 2026 Red HatBack to top