Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 63. VulnMgmtService

63.1. VulnMgmtExportWorkloads
Copy link

GET /v1/export/vuln-mgmt/workloads

Streams vulnerability data upon request. Each entry consists of a deployment and the associated container images.

63.1.1. Description
Copy link

The response is structured as: {\"result\": {\"deployment\": {…​}, \"images\": […​]}} …​ {\"result\": {\"deployment\": {…​}, \"images\": […​]}}

63.1.2. Parameters
Copy link

63.1.2.1. Query Parameters
Copy link

Expand
NameDescriptionRequiredDefaultPattern

timeout

Request timeout in seconds.

-

null

 

query

Query to constrain the deployments for which vulnerability data is returned. The queries contain pairs of `Search Option:Value` separated by `+` signs. For HTTP requests the query should be quoted. For example > curl "$ROX_ENDPOINT/v1/export/vuln-mgmt/workloads?query=Deployment%3Ascanner%2BNamespace%3Astackrox" queries vulnerability data for all scanner deployments in the stackrox namespace. See https://docs.openshift.com/acs/operating/search-filter.html for more information.

-

null

 

63.1.3. Return Type
Copy link

Stream_result_of_v1VulnMgmtExportWorkloadsResponse

63.1.4. Content Type
Copy link

  • application/json

63.1.5. Responses
Copy link

Expand
Table 63.1. HTTP Response Codes
CodeMessageDatatype

200

A successful response.(streaming responses)

Stream_result_of_v1VulnMgmtExportWorkloadsResponse

0

An unexpected error response.

RuntimeError

63.1.6. Samples
Copy link

63.1.7. Common object reference
Copy link

63.1.7.1. CVSSV2AccessComplexity
Copy link

Expand
Enum Values

ACCESS_HIGH

ACCESS_MEDIUM

ACCESS_LOW

63.1.7.2. CVSSV2Authentication
Copy link

Expand
Enum Values

AUTH_MULTIPLE

AUTH_SINGLE

AUTH_NONE

63.1.7.3. CVSSV3Complexity
Copy link

Expand
Enum Values

COMPLEXITY_LOW

COMPLEXITY_HIGH

63.1.7.4. CVSSV3Privileges
Copy link

Expand
Enum Values

PRIVILEGE_NONE

PRIVILEGE_LOW

PRIVILEGE_HIGH

63.1.7.5. CVSSV3UserInteraction
Copy link

Expand
Enum Values

UI_NONE

UI_REQUIRED

63.1.7.6. ContainerConfigEnvironmentConfig
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

key

  

String

  

value

  

String

  

envVarSource

  

EnvironmentConfigEnvVarSource

 

UNSET, RAW, SECRET_KEY, CONFIG_MAP_KEY, FIELD, RESOURCE_FIELD, UNKNOWN,

63.1.7.7. EmbeddedVulnerabilityVulnerabilityType
Copy link

Expand
Enum Values

UNKNOWN_VULNERABILITY

IMAGE_VULNERABILITY

K8S_VULNERABILITY

ISTIO_VULNERABILITY

NODE_VULNERABILITY

OPENSHIFT_VULNERABILITY

63.1.7.8. EnvironmentConfigEnvVarSource
Copy link

For any update to EnvVarSource, please also update 'ui/src/messages/common.js'
Expand
Enum Values

UNSET

RAW

SECRET_KEY

CONFIG_MAP_KEY

FIELD

RESOURCE_FIELD

UNKNOWN

63.1.7.9. PortConfigExposureInfo
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

level

  

PortConfigExposureLevel

 

UNSET, EXTERNAL, NODE, INTERNAL, HOST, ROUTE,

serviceName

  

String

  

serviceId

  

String

  

serviceClusterIp

  

String

  

servicePort

  

Integer

 

int32

nodePort

  

Integer

 

int32

externalIps

  

List of string

  

externalHostnames

  

List of string

  

63.1.7.10. PortConfigExposureLevel
Copy link

Expand
Enum Values

UNSET

EXTERNAL

NODE

INTERNAL

HOST

ROUTE

63.1.7.11. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
 
Example 3: Pack and unpack a message in Python.
 
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
 
Example 4: Pack and unpack a message in Go
 
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

63.1.7.11.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
 
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Expand
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

63.1.7.12. RuntimeError
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  

63.1.7.13. RuntimeStreamError
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

grpcCode

  

Integer

 

int32

httpCode

  

Integer

 

int32

message

  

String

  

httpStatus

  

String

  

details

  

List of ProtobufAny

  

63.1.7.14. SeccompProfileProfileType
Copy link

Expand
Enum Values

UNCONFINED

RUNTIME_DEFAULT

LOCALHOST

63.1.7.15. SecurityContextSELinux
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

user

  

String

  

role

  

String

  

type

  

String

  

level

  

String

  

63.1.7.16. SecurityContextSeccompProfile
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

type

  

SeccompProfileProfileType

 

UNCONFINED, RUNTIME_DEFAULT, LOCALHOST,

localhostProfile

  

String

  

63.1.7.17. StorageCVSSV2
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

vector

  

String

  

attackVector

  

StorageCVSSV2AttackVector

 

ATTACK_LOCAL, ATTACK_ADJACENT, ATTACK_NETWORK,

accessComplexity

  

CVSSV2AccessComplexity

 

ACCESS_HIGH, ACCESS_MEDIUM, ACCESS_LOW,

authentication

  

CVSSV2Authentication

 

AUTH_MULTIPLE, AUTH_SINGLE, AUTH_NONE,

confidentiality

  

StorageCVSSV2Impact

 

IMPACT_NONE, IMPACT_PARTIAL, IMPACT_COMPLETE,

integrity

  

StorageCVSSV2Impact

 

IMPACT_NONE, IMPACT_PARTIAL, IMPACT_COMPLETE,

availability

  

StorageCVSSV2Impact

 

IMPACT_NONE, IMPACT_PARTIAL, IMPACT_COMPLETE,

exploitabilityScore

  

Float

 

float

impactScore

  

Float

 

float

score

  

Float

 

float

severity

  

StorageCVSSV2Severity

 

UNKNOWN, LOW, MEDIUM, HIGH,

63.1.7.18. StorageCVSSV2AttackVector
Copy link

Expand
Enum Values

ATTACK_LOCAL

ATTACK_ADJACENT

ATTACK_NETWORK

63.1.7.19. StorageCVSSV2Impact
Copy link

Expand
Enum Values

IMPACT_NONE

IMPACT_PARTIAL

IMPACT_COMPLETE

63.1.7.20. StorageCVSSV2Severity
Copy link

Expand
Enum Values

UNKNOWN

LOW

MEDIUM

HIGH

63.1.7.21. StorageCVSSV3
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

vector

  

String

  

exploitabilityScore

  

Float

 

float

impactScore

  

Float

 

float

attackVector

  

StorageCVSSV3AttackVector

 

ATTACK_LOCAL, ATTACK_ADJACENT, ATTACK_NETWORK, ATTACK_PHYSICAL,

attackComplexity

  

CVSSV3Complexity

 

COMPLEXITY_LOW, COMPLEXITY_HIGH,

privilegesRequired

  

CVSSV3Privileges

 

PRIVILEGE_NONE, PRIVILEGE_LOW, PRIVILEGE_HIGH,

userInteraction

  

CVSSV3UserInteraction

 

UI_NONE, UI_REQUIRED,

scope

  

StorageCVSSV3Scope

 

UNCHANGED, CHANGED,

confidentiality

  

StorageCVSSV3Impact

 

IMPACT_NONE, IMPACT_LOW, IMPACT_HIGH,

integrity

  

StorageCVSSV3Impact

 

IMPACT_NONE, IMPACT_LOW, IMPACT_HIGH,

availability

  

StorageCVSSV3Impact

 

IMPACT_NONE, IMPACT_LOW, IMPACT_HIGH,

score

  

Float

 

float

severity

  

StorageCVSSV3Severity

 

UNKNOWN, NONE, LOW, MEDIUM, HIGH, CRITICAL,

63.1.7.22. StorageCVSSV3AttackVector
Copy link

Expand
Enum Values

ATTACK_LOCAL

ATTACK_ADJACENT

ATTACK_NETWORK

ATTACK_PHYSICAL

63.1.7.23. StorageCVSSV3Impact
Copy link

Expand
Enum Values

IMPACT_NONE

IMPACT_LOW

IMPACT_HIGH

63.1.7.24. StorageCVSSV3Scope
Copy link

Expand
Enum Values

UNCHANGED

CHANGED

63.1.7.25. StorageCVSSV3Severity
Copy link

Expand
Enum Values

UNKNOWN

NONE

LOW

MEDIUM

HIGH

CRITICAL

63.1.7.26. StorageContainer
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

config

  

StorageContainerConfig

  

image

  

StorageContainerImage

  

securityContext

  

StorageSecurityContext

  

volumes

  

List of StorageVolume

  

ports

  

List of StoragePortConfig

  

secrets

  

List of StorageEmbeddedSecret

  

resources

  

StorageResources

  

name

  

String

  

livenessProbe

  

StorageLivenessProbe

  

readinessProbe

  

StorageReadinessProbe

  

63.1.7.27. StorageContainerConfig
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

env

  

List of ContainerConfigEnvironmentConfig

  

command

  

List of string

  

args

  

List of string

  

directory

  

String

  

user

  

String

  

uid

  

String

 

int64

appArmorProfile

  

String

  

63.1.7.28. StorageContainerImage
Copy link

Next tag: 12
Expand
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

StorageImageName

  

notPullable

  

Boolean

  

isClusterLocal

  

Boolean

  

63.1.7.29. StorageCosignSignature
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

rawSignature

  

byte[]

 

byte

signaturePayload

  

byte[]

 

byte

certPem

  

byte[]

 

byte

certChainPem

  

byte[]

 

byte

63.1.7.30. StorageDataSource
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

mirror

  

String

  

63.1.7.31. StorageDeployment
Copy link

Next available tag: 35
Expand
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

hash

  

String

 

uint64

type

  

String

  

namespace

  

String

  

namespaceId

  

String

  

orchestratorComponent

  

Boolean

  

replicas

  

String

 

int64

labels

  

Map of string

  

podLabels

  

Map of string

  

labelSelector

  

StorageLabelSelector

  

created

  

Date

 

date-time

clusterId

  

String

  

clusterName

  

String

  

containers

  

List of StorageContainer

  

annotations

  

Map of string

  

priority

  

String

 

int64

inactive

  

Boolean

  

imagePullSecrets

  

List of string

  

serviceAccount

  

String

  

serviceAccountPermissionLevel

  

StoragePermissionLevel

 

UNSET, NONE, DEFAULT, ELEVATED_IN_NAMESPACE, ELEVATED_CLUSTER_WIDE, CLUSTER_ADMIN,

automountServiceAccountToken

  

Boolean

  

hostNetwork

  

Boolean

  

hostPid

  

Boolean

  

hostIpc

  

Boolean

  

runtimeClass

  

String

  

tolerations

  

List of StorageToleration

  

ports

  

List of StoragePortConfig

  

stateTimestamp

  

String

 

int64

riskScore

  

Float

 

float

63.1.7.32. StorageEmbeddedImageScanComponent
Copy link

Next Tag: 13
Expand
Field NameRequiredNullableTypeDescriptionFormat

name

  

String

  

version

  

String

  

license

  

StorageLicense

  

vulns

  

List of StorageEmbeddedVulnerability

  

layerIndex

  

Integer

 

int32

priority

  

String

 

int64

source

  

StorageSourceType

 

OS, PYTHON, JAVA, RUBY, NODEJS, GO, DOTNETCORERUNTIME, INFRASTRUCTURE,

location

  

String

  

topCvss

  

Float

 

float

riskScore

  

Float

 

float

fixedBy

  

String

Component version that fixes all the fixable vulnerabilities in this component.

 

executables

  

List of StorageEmbeddedImageScanComponentExecutable

  
Expand
Field NameRequiredNullableTypeDescriptionFormat

path

  

String

  

dependencies

  

List of string

  

63.1.7.34. StorageEmbeddedSecret
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

name

  

String

  

path

  

String

  

63.1.7.35. StorageEmbeddedVulnerability
Copy link

Next Tag: 21
Expand
Field NameRequiredNullableTypeDescriptionFormat

cve

  

String

  

cvss

  

Float

 

float

summary

  

String

  

link

  

String

  

fixedBy

  

String

  

scoreVersion

  

StorageEmbeddedVulnerabilityScoreVersion

 

V2, V3,

cvssV2

  

StorageCVSSV2

  

cvssV3

  

StorageCVSSV3

  

publishedOn

  

Date

 

date-time

lastModified

  

Date

 

date-time

vulnerabilityType

  

EmbeddedVulnerabilityVulnerabilityType

 

UNKNOWN_VULNERABILITY, IMAGE_VULNERABILITY, K8S_VULNERABILITY, ISTIO_VULNERABILITY, NODE_VULNERABILITY, OPENSHIFT_VULNERABILITY,

vulnerabilityTypes

  

List of EmbeddedVulnerabilityVulnerabilityType

  

suppressed

  

Boolean

  

suppressActivation

  

Date

 

date-time

suppressExpiry

  

Date

 

date-time

firstSystemOccurrence

  

Date

Time when the CVE was first seen, for this specific distro, in the system.

date-time

firstImageOccurrence

  

Date

Time when the CVE was first seen in this image.

date-time

severity

  

StorageVulnerabilitySeverity

 

UNKNOWN_VULNERABILITY_SEVERITY, LOW_VULNERABILITY_SEVERITY, MODERATE_VULNERABILITY_SEVERITY, IMPORTANT_VULNERABILITY_SEVERITY, CRITICAL_VULNERABILITY_SEVERITY,

state

  

StorageVulnerabilityState

 

OBSERVED, DEFERRED, FALSE_POSITIVE,

Expand
Enum Values

V2

V3

63.1.7.37. StorageImage
Copy link

Next Tag: 19
Expand
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

StorageImageName

  

names

  

List of StorageImageName

This should deprecate the ImageName field long-term, allowing images with the same digest to be associated with different locations. TODO(dhaus): For now, this message will be without search tags due to duplicated search tags otherwise.

 

metadata

  

StorageImageMetadata

  

scan

  

StorageImageScan

  

signatureVerificationData

  

StorageImageSignatureVerificationData

  

signature

  

StorageImageSignature

  

components

  

Integer

 

int32

cves

  

Integer

 

int32

fixableCves

  

Integer

 

int32

lastUpdated

  

Date

 

date-time

notPullable

  

Boolean

  

isClusterLocal

  

Boolean

  

priority

  

String

 

int64

riskScore

  

Float

 

float

topCvss

  

Float

 

float

notes

  

List of StorageImageNote

  

63.1.7.38. StorageImageLayer
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

instruction

  

String

  

value

  

String

  

created

  

Date

 

date-time

author

  

String

  

empty

  

Boolean

  

63.1.7.39. StorageImageMetadata
Copy link

If any fields of ImageMetadata are modified including subfields, please check pkg/images/enricher/metadata.go to ensure that those changes will be automatically picked up Next Tag: 6
Expand
Field NameRequiredNullableTypeDescriptionFormat

v1

  

StorageV1Metadata

  

v2

  

StorageV2Metadata

  

layerShas

  

List of string

  

dataSource

  

StorageDataSource

  

version

  

String

 

uint64

63.1.7.40. StorageImageName
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

registry

  

String

  

remote

  

String

  

tag

  

String

  

fullName

  

String

  

63.1.7.41. StorageImageNote
Copy link

Expand
Enum Values

MISSING_METADATA

MISSING_SCAN_DATA

MISSING_SIGNATURE

MISSING_SIGNATURE_VERIFICATION_DATA

63.1.7.42. StorageImageScan
Copy link

Next tag: 8
Expand
Field NameRequiredNullableTypeDescriptionFormat

scannerVersion

  

String

  

scanTime

  

Date

 

date-time

components

  

List of StorageEmbeddedImageScanComponent

  

operatingSystem

  

String

  

dataSource

  

StorageDataSource

  

notes

  

List of StorageImageScanNote

  

hash

  

String

 

uint64

63.1.7.43. StorageImageScanNote
Copy link

Expand
Enum Values

UNSET

OS_UNAVAILABLE

PARTIAL_SCAN_DATA

OS_CVES_UNAVAILABLE

OS_CVES_STALE

LANGUAGE_CVES_UNAVAILABLE

CERTIFIED_RHEL_SCAN_UNAVAILABLE

63.1.7.44. StorageImageSignature
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

signatures

  

List of StorageSignature

  

fetched

  

Date

 

date-time

63.1.7.45. StorageImageSignatureVerificationData
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

results

  

List of StorageImageSignatureVerificationResult

  

63.1.7.46. StorageImageSignatureVerificationResult
Copy link

Next Tag: 6
Expand
Field NameRequiredNullableTypeDescriptionFormat

verificationTime

  

Date

 

date-time

verifierId

  

String

verifier_id correlates to the ID of the signature integration used to verify the signature.

 

status

  

StorageImageSignatureVerificationResultStatus

 

UNSET, VERIFIED, FAILED_VERIFICATION, INVALID_SIGNATURE_ALGO, CORRUPTED_SIGNATURE, GENERIC_ERROR,

description

  

String

description is set in the case of an error with the specific error’s message. Otherwise, this will not be set.

 

verifiedImageReferences

  

List of string

The full image names that are verified by this specific signature integration ID.

 

Status represents the status of the result.

  • VERIFIED: VERIFIED is set when the signature’s verification was successful.
  • FAILED_VERIFICATION: FAILED_VERIFICATION is set when the signature’s verification failed.
  • INVALID_SIGNATURE_ALGO: INVALID_SIGNATURE_ALGO is set when the signature’s algorithm is invalid and unsupported.
  • CORRUPTED_SIGNATURE: CORRUPTED_SIGNATURE is set when the raw signature is corrupted, i.e. wrong base64 encoding.
  • GENERIC_ERROR: GENERIC_ERROR is set when an error occurred during verification that cannot be associated with a specific status.
Expand
Enum Values

UNSET

VERIFIED

FAILED_VERIFICATION

INVALID_SIGNATURE_ALGO

CORRUPTED_SIGNATURE

GENERIC_ERROR

63.1.7.48. StorageLabelSelector
Copy link

Label selector components are joined with logical AND, see     https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

Next available tag: 3

Expand
Field NameRequiredNullableTypeDescriptionFormat

matchLabels

  

Map of string

This is actually a oneof, but we can’t make it one due to backwards compatibility constraints.

 

requirements

  

List of StorageLabelSelectorRequirement

  

63.1.7.49. StorageLabelSelectorOperator
Copy link

Expand
Enum Values

UNKNOWN

IN

NOT_IN

EXISTS

NOT_EXISTS

63.1.7.50. StorageLabelSelectorRequirement
Copy link

Next available tag: 4
Expand
Field NameRequiredNullableTypeDescriptionFormat

key

  

String

  

op

  

StorageLabelSelectorOperator

 

UNKNOWN, IN, NOT_IN, EXISTS, NOT_EXISTS,

values

  

List of string

  

63.1.7.51. StorageLicense
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

name

  

String

  

type

  

String

  

url

  

String

  

63.1.7.52. StorageLivenessProbe
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

defined

  

Boolean

  

63.1.7.53. StoragePermissionLevel
Copy link

For any update to PermissionLevel, also update: - pkg/searchbasedpolicies/builders/k8s_rbac.go - ui/src/messages/common.js
Expand
Enum Values

UNSET

NONE

DEFAULT

ELEVATED_IN_NAMESPACE

ELEVATED_CLUSTER_WIDE

CLUSTER_ADMIN

63.1.7.54. StoragePortConfig
Copy link

Next Available Tag: 6
Expand
Field NameRequiredNullableTypeDescriptionFormat

name

  

String

  

containerPort

  

Integer

 

int32

protocol

  

String

  

exposure

  

PortConfigExposureLevel

 

UNSET, EXTERNAL, NODE, INTERNAL, HOST, ROUTE,

exposedPort

  

Integer

 

int32

exposureInfos

  

List of PortConfigExposureInfo

  

63.1.7.55. StorageReadinessProbe
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

defined

  

Boolean

  

63.1.7.56. StorageResources
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

cpuCoresRequest

  

Float

 

float

cpuCoresLimit

  

Float

 

float

memoryMbRequest

  

Float

 

float

memoryMbLimit

  

Float

 

float

63.1.7.57. StorageSecurityContext
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

privileged

  

Boolean

  

selinux

  

SecurityContextSELinux

  

dropCapabilities

  

List of string

  

addCapabilities

  

List of string

  

readOnlyRootFilesystem

  

Boolean

  

seccompProfile

  

SecurityContextSeccompProfile

  

allowPrivilegeEscalation

  

Boolean

  

63.1.7.58. StorageSignature
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

cosign

  

StorageCosignSignature

  

63.1.7.59. StorageSourceType
Copy link

Expand
Enum Values

OS

PYTHON

JAVA

RUBY

NODEJS

GO

DOTNETCORERUNTIME

INFRASTRUCTURE

63.1.7.60. StorageTaintEffect
Copy link

Expand
Enum Values

UNKNOWN_TAINT_EFFECT

NO_SCHEDULE_TAINT_EFFECT

PREFER_NO_SCHEDULE_TAINT_EFFECT

NO_EXECUTE_TAINT_EFFECT

63.1.7.61. StorageToleration
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

key

  

String

  

operator

  

StorageTolerationOperator

 

TOLERATION_OPERATION_UNKNOWN, TOLERATION_OPERATOR_EXISTS, TOLERATION_OPERATOR_EQUAL,

value

  

String

  

taintEffect

  

StorageTaintEffect

 

UNKNOWN_TAINT_EFFECT, NO_SCHEDULE_TAINT_EFFECT, PREFER_NO_SCHEDULE_TAINT_EFFECT, NO_EXECUTE_TAINT_EFFECT,

63.1.7.62. StorageTolerationOperator
Copy link

Expand
Enum Values

TOLERATION_OPERATION_UNKNOWN

TOLERATION_OPERATOR_EXISTS

TOLERATION_OPERATOR_EQUAL

63.1.7.63. StorageV1Metadata
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

digest

  

String

  

created

  

Date

 

date-time

author

  

String

  

layers

  

List of StorageImageLayer

  

user

  

String

  

command

  

List of string

  

entrypoint

  

List of string

  

volumes

  

List of string

  

labels

  

Map of string

  

63.1.7.64. StorageV2Metadata
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

digest

  

String

  

63.1.7.65. StorageVolume
Copy link

Expand
Field NameRequiredNullableTypeDescriptionFormat

name

  

String

  

source

  

String

  

destination

  

String

  

readOnly

  

Boolean

  

type

  

String

  

mountPropagation

  

VolumeMountPropagation

 

NONE, HOST_TO_CONTAINER, BIDIRECTIONAL,

63.1.7.66. StorageVulnerabilitySeverity
Copy link

Expand
Enum Values

UNKNOWN_VULNERABILITY_SEVERITY

LOW_VULNERABILITY_SEVERITY

MODERATE_VULNERABILITY_SEVERITY

IMPORTANT_VULNERABILITY_SEVERITY

CRITICAL_VULNERABILITY_SEVERITY

63.1.7.67. StorageVulnerabilityState
Copy link

VulnerabilityState indicates if vulnerability is being observed or deferred(/suppressed). By default, it vulnerabilities are observed.

Expand
Enum Values

OBSERVED

DEFERRED

FALSE_POSITIVE 

Stream result of v1VulnMgmtExportWorkloadsResponse
Expand
Field NameRequiredNullableTypeDescriptionFormat

result

  

V1VulnMgmtExportWorkloadsResponse

  

error

  

RuntimeStreamError

  

63.1.7.69. V1VulnMgmtExportWorkloadsResponse
Copy link

The workloads response contains the full image details including the vulnerability data.

Expand
Field NameRequiredNullableTypeDescriptionFormat

deployment

  

StorageDeployment

  

images

  

List of StorageImage

  

63.1.7.70. VolumeMountPropagation
Copy link

Expand
Enum Values

NONE

HOST_TO_CONTAINER

BIDIRECTIONAL

Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Legal Notice

Theme

© 2026 Red HatBack to top