You are here: REST API

TOC & Recently Viewed

Recently Viewed Topics

Tenable.io Container Security REST API

Tenable.io Container Security includes a number of APIs for interacting with the platform:

 

Reports API

Start downloading scan results in JSON format for uploaded Docker container images

 

JSON Report by Container Image ID

API endpoint: /api/v1/reports/show

To query for the Tenable.io Container Security report in JSON format, simply query by the container_image_id:

$ curl 'https://cloud.flawcheck.com/api/v1/reports/show?api_key=<api_key>&container_id=<container_image_id>'

Query Parameters

Parameter Description
api_key your API key
container_id the ID of the container image

Note: If you do not have the container_image_id, you may call the List Stored Container Images endpoint.

 

JSON Report by SHA256

API endpoint: /api/v1/reports/show

Alternatively, you may also query for the latest Tenable.io Container Security report on a container image, using the SHA256 hash of the container image.:

$ curl 'https://cloud.flawcheck.com/api/v1/reports/show?api_key=<api_key>&sha256=<sha256_hash>'

Query Parameters

Parameter Description
api_key your API key
sha256 SHA256 checksum of the container image

Note: This is helpful in cases where you have previously submitted the container image to Tenable.io Container Security and are seeking to pull the same (or a newer copy) of the scan result again.

 

Nessus Report by Container Image ID

API endpoint: /api/v1/reports/show

Download a Tenable.io Container Security report prepared in Nessus V2 file format, for using in importing a Tenable.io Container Security report into Nessus Professional (versions 4.0 and higher):

$ curl 'https://cloud.flawcheck.com/api/v1/reports/show?api_key=<api_key>&container_id=<container_image_id>'

Query Parameters

Parameter Description
api_key your API key
container_id the ID of the container image

Note: If you do not have the container_id, you may call the List Stored Container Images endpoint.

 

Scan Jobs API

Start downloading scan results in JSON format for uploaded Docker container images

 

Immediately Queue Scan Job

API endpoint: /api/v1/reports/show

Request a specific container image to be immediately rescanned:

$ curl 'https://cloud.flawcheck.com/api/v1/container/rescan?api_key=<api_key>&id=<container_image_id>'

Query Parameters

Parameter Description
api_key your API key
id the ID of the container image

Note: If you do not have the id, you may call the List Stored Container Images endpoint.

 

Get Status of Scan Job

API endpoint: /api/v1/jobs/status

Request the status of a rescan request job to determine if a rescan is stilled queued, in progress, or has completed:

$ curl 'https://cloud.flawcheck.com/api/v1/jobs/status?api_key=<api_key>&job_id=<job_id>'

Query Parameters

Parameter Description
api_key your API key
job_id the job ID of the queued job

Note: If you do not have the job_id, you may call the List All Scan Jobs endpoint.

 

List All Scan Jobs

API endpoint: /api/v1/jobs/list

Request a specific container image to be immediately rescanned:

$ curl 'https://cloud.flawcheck.com/api/v1/jobs/list?api_key=<api_key>'

Query Parameters

Parameter Description
api_key your API key

Note: A list of active and recent jobs are returned.

 

Upload API

Start uploading Docker container images for scanning

 

Upload Container Image

API endpoint: /api/v1/container/upload

To upload a container image to be scanned by Tenable.io Container Security:

$ curl -XPOST -F "container=@/Users/ab/containers/etcd-v2.0.11-linux-amd64.aci" https://cloud.flawcheck.com/api/v1/container/upload?api_key=<api_key>

Query Parameters

Parameter Description
api_key your API key
id the ID of the container image

Note: Scanning typically takes a seconds, but you will likely want to use the Scan Jobs API to confirm the scanning has completed.

 

List Stored Container Images

API endpoint: /api/v1/container/list

Tenable.io Container Security provides an API endpoint for enumerating container images stored by a given user, by API key:

$ curl 'https://cloud.flawcheck.com/api/v1/container/list?api_key=<api_key>'

Query Parameters

Parameter Description
api_key your API key
job_id the job ID of the queued job

Note: The list stored container images call returns container_image_id's owned by the user matching the provided api_key.

 

User Management API

Get started with adding, removing, activating, and deactivating users

 

Activate User

API endpoint: /api/v1/users/activate

To activate a new account or a disabled account, Tenable.io Container Security provides an activate API, which activates the user account and sends a notification to the user:

$ curl 'https://cloud.flawcheck.com/api/v1/users/activate?api_key=<api_key>&id=<user_id>'

Query Parameters

Parameter Description
api_key your API key
id the ID of the container image

Note: By default, when new users are created, the user accounts are not activated.

 

Deactivate User

API endpoint: /api/v1/users/deactivate

For users that are currently active, for whom you would like to disable, Tenable.io Container Security provides a deactive API (which does not notify the user):

$ curl 'https://cloud.flawcheck.com/api/v1/users/deactivate?api_key=<api_key>&id=<user_id>'

Query Parameters

Parameter Description
api_key your API key
job_id the job ID of the queued job

Note: New users are, by default, deactivated (not yet made active).

 

List All Users

API endpoint: /api/v1/users/list

If the user's user_id has been misplaced or is otherwise unavailable, the Super Admin has the authorization to list all users of the system, which includes the user_id of each user (required to disabling a user):

$ curl 'https://cloud.flawcheck.com/api/v1/users/list?api_key=<api_key>'

Query Parameters

Parameter Description
api_key your API key

Note: The account creation process provides a notification to the Super Admin, with the pending account's user_id.

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.