TOC & Recently Viewed

Recently Viewed Topics

Tenable.io Container Security API

Last Updated: June 08, 2017

Tenable.io Container Security includes a number of APIs for interacting with the platform:

Caution: To utilize the Tenable.io Container Security API, requests require authentication using Access and Secret keys sent with their headers.

 

Reports API

The Reports API is used to obtain Container Security reports in either JSON or Nessus V2 file format.

 

JSON Report by Container ID

API endpoint: /api/v1/reports/show

This call returns a report in JSON format for a container that you specify by ID.

$ curl -H "X-ApiKeys: accessKey={accessKey}; secretKey={secretKey}" https://cloud.tenable.com/container-security/api/v1/reports/show?container_id={container_id}

Query Parameters

Parameter Description
accessKey Your Tenable.io API Access key
secretKey Your Tenable.io API Secret key
container_id the ID of the container image

Note: If you do not have the container_id, you can call the List Stored Container Images endpoint.

 

JSON Report by Docker Image ID

API endpoint: /api/v1/reports/by_image

This call returns a report in JSON format for an image that you specify by Docker ID:

$ curl -H "X-ApiKeys: accessKey={accessKey}; secretKey={secretKey}" https://cloud.tenable.com/container-security/api/v1/reports/by_image?image_id={image_id}

Query Parameters

Parameter Description
accessKey Your Tenable.io API Access key
secretKey Your Tenable.io API Secret key
image_id the ID of the image as returned by docker

 

JSON Report by Image Digest

API endpoint: /api/v1/reports/by_image_digest

This call returns a report in JSON format for an image that you specify using the SHA256 hash of the image.:

$ curl -H "X-ApiKeys: accessKey={accessKey}; secretKey={secretKey}" https://cloud.tenable.com/container-security/api/v1/reports/by_image_digest?image_digest={sha256}

Query Parameters

Parameter Description
accessKey Your Tenable.io API Access key
secretKey Your Tenable.io API Secret key
sha256 SHA256 checksum of the container image

Note: This is helpful in cases where you have previously submitted the container image to Tenable.io Container Security and are seeking to pull the same (or a newer copy) of the test result again.

 

Nessus Report by Container Image ID

API endpoint: /api/v1/reports/nessus/show

This call returns a Tenable.io Container Security report prepared in Nessus V2 file format. You can then import the report into Nessus Professional (versions 4.0 and higher):

$ curl -H "X-ApiKeys: accessKey={accessKey}; secretKey={secretKey}" https://cloud.tenable.com/container-security/api/v1/reports/nessus/show?id={id}

Query Parameters

Parameter Description
accessKey Your Tenable.io API Access key
secretKey Your Tenable.io API Secret key
id the ID of the container image

Note: If you do not have the container_id, you may call the List Stored Container Images endpoint.

 

Test Jobs API

The Test Jobs API is used to query the status of container tests. You can get a list of all current and recent tests, or request the status of tests for specific images.

 

Get Job Status

API endpoint: /api/v1/jobs/status

Request the status of a test to determine if a test is stilled queued, in progress, or has completed:

$ curl -H "X-ApiKeys: accessKey={accessKey}; secretKey={secretKey}" https://cloud.tenable.com/container-security/api/v1/jobs/status?job_id={job_id}

Query Parameters

Parameter Description
accessKey Your Tenable.io API Access key
secretKey Your Tenable.io API Secret key
job_id the job ID of the queued job

Note: If you do not have the job_id, you may call the List All Test Jobs endpoint.

 

Get Job Status by Docker Image ID

API endpoint: /api/v1/jobs/image_status

Request the status of a test by the Docker Image ID to determine if a test is stilled queued, in progress, or has completed:

$ curl -H "X-ApiKeys: accessKey={accessKey}; secretKey={secretKey}" https://cloud.tenable.com/container-security/api/v1/jobs/image_status?image_id={image_id}

Query Parameters

Parameter Description
accessKey Your Tenable.io API Access key
secretKey Your Tenable.io API Secret key
image_id the ID of the image as returned by docker

 

Get Job Status by Docker Image Digest

API endpoint: /api/v1/jobs/image_status_digest

Request the status of a job by the Docker Image ID to determine if a test is stilled queued, in progress, or has completed:

$ curl -H "X-ApiKeys: accessKey={accessKey}; secretKey={secretKey}" https://cloud.tenable.com/container-security/api/v1/jobs/image_status_digest?image_digest={sha256}

Query Parameters

Parameter Description
accessKey Your Tenable.io API Access key
secretKey Your Tenable.io API Secret key
sha256 SHA256 checksum of the container image

 

List All Test Jobs

API endpoint: /api/v1/jobs/list

Requests a list of active and recent jobs:

$ curl -H "X-ApiKeys: accessKey={accessKey}; secretKey={secretKey}" https://cloud.tenable.com/container-security/api/v1/jobs/list

Query Parameters

Parameter Description
accessKey Your Tenable.io API Access key
secretKey Your Tenable.io API Secret key

 

Policy API

Query for the compliance status of images.

 

Policy Compliance Status by Docker Image ID

API endpoint: /api/v1/policycompliance

To query for the policy compliance status of an image, query by the Docker Image ID and authenticate using Access and Secret keys:

$ curl -H "X-ApiKeys: accessKey={accessKey}; secretKey={secretKey}" https://cloud.tenable.com/container-security/api/v1/policycompliance?image_id={image_id}

Query Parameters

Parameter Description
accessKey Your Tenable.io API Access key
secretKey Your Tenable.io API Secret key
image_id the ID of the image as returned by docker

 

Container Images API

Manage container images that have been pushed to Tenable.io Container Security.

 

List Stored Container Images

API endpoint: /api/v1/container/list

Tenable.io Container Security provides an API endpoint for enumerating container images stored by a given user, by Access and Secret keys:

$ curl -H "X-ApiKeys: accessKey={accessKey}; secretKey={secretKey}" https://cloud.tenable.com/container-security/api/v1/container/list

Query Parameters

Parameter Description
accessKey Your Tenable.io API Access key
secretKey Your Tenable.io API Secret key

Note: The list stored container images call returns container_image_id's owned by the user matching the provided Access and Secret keys.

 

Delete a Container Image from the Repository

API endpoint: /api/v1/container/{repositoryName}/manifests/{sha256}

Delete a container image by providing the registry and path for the repository, as well as the SHA256 hash of the image:

$ curl -H "X-ApiKeys: accessKey={accessKey}; secretKey={secretKey}" -X DELETE https://cloud.tenable.com/container-security/api/v1/container/{repositoryName}/manifests/{sha256}

Query Parameters

Parameter Description
accessKey Your Tenable.io API Access key
secretKey Your Tenable.io API Secret key
repositoryName The registry/path of the image. For example, if you have a repository named unix and an image named alpine, you would type unix/alpine.
sha256 SHA256 checksum of the container image

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.