Vulnerability Advisor API

The Vulnerability Advisor API commands can be used to manage security reports.

Both Cluster administrator and Administrator can access all Vulnerability Advisor APIs for all resources.

You can also access the swagger API docs for the Vulnerability Advisor components from your IBM Cloud Private management console https://<Cluster Master Host>:<Cluster Master API Port>/va/ui/api-docs/index.html. The <Cluster Master Host> and <Cluster Master API Port> parameters are defined in Master endpoints.

To access these APIs from the command line, you must add an authorization header to your request. See Preparing to run component or management API commands.

For example,


curl -k -s -XGET -H  "Authorization: Bearer $ID_TOKEN" https://<Cluster Master Host>:<Cluster Master API Port>/va/api

The $ID_TOKEN parameter is the variable that stores the identity token for your cluster, and <Cluster Master Host> and <Cluster Master API Port> are defined in Master endpoints.

Vulnerability Advisor API data

API version
3.2.0
API URI components
Scheme
HTTPS
Host name
<Cluster Master Host>
Port number
<Cluster Master API Port>
Base path
/va/api/v1
Command output format
application/json

Get namespaces

The sample curl command resembles the following command:

curl -k -s -XGET -H "Authorization: Bearer $ID_TOKEN" 'https://<Cluster Master Host>:<Cluster Master API Port>/va/api/get-namespaces?access_group=kube-system&max=3' | jq .

The response resembles the following command:

{
  "result": [
    {
      "namespace": "kube-system/va-annotator-74c4c9bb96-8pbg9/va-annotator/e84dbbbca7af7c6ca3555620ca4ffc80d23c668221321098968cc759741ebaea",
      "source_type": "container",
      "timestamp": "2018-04-27T10:59:59+0000"
    },
    {
      "namespace": "kube-system/filebeat-ds-amd64-9s4zv/POD/6bcc7bb988f449586eaa5c45289e1f1f67af2b2ad68f4c2bc60e1944aca93e47",
      "source_type": "container",
      "timestamp": "2018-04-27T06:53:09+0000"
   }
}

Get a snapshot of the timestamps

The sample curl command resembles the following command:

curl -k -s -XGET -H "Authorization: Bearer $ID_TOKEN" 'https://<Cluster Master Host>:<Cluster Master API Port>/va/api/get-snapshot-timestamps?access_group=kube-system&namespace=kube-system/elasticsearch-client-6c9fc8b5b6-dvztg/POD/d228119a35ab6ff158b3903cf24b3c014ad3809748485b1c6008d00baf1d6487' | jq ..

The response resembles the following content:

{
  "result": [
    "2018-04-27T06:52:23+0000",
    "2018-04-26T06:52:32+0000",
    "2018-04-25T06:54:12+0000",
    "2018-04-24T06:53:22+0000",
  ],
  "request_id": "66c4e381-0cc9-4f63-8ca5-aac81400ac8d"
}

Get report

The sample curl command resembles the following command:

curl -k -s -XGET -H "Authorization: Bearer $ID_TOKEN" 'https://<Cluster Master Host>:<Cluster Master API Port>/va/api/get-report?access_group=kube-system&namespace=kube-system/elasticsearch-client-6c9fc8b5b6-dvztg/POD/d228119a35ab6ff158b3903cf24b3c014ad3809748485b1c6008d00baf1d6487&timestamp=2018-04-10T06%3A53%3A27%2B0000&report_type=compliance' | jq .

The response resembles the following code:

{
  "result": {
    "compliance": {
      "statusCode": 200,
      "body": {
        "total": 27,
        "compliant": 23,
        "non_compliant": 4,
        "custom": 0,
        "crawled_time": "2018-04-10T06:53:27+0000",
        "details": [
          {
            "compliance_id": "Linux.1-1-a",
            "compliant": "false",
            "compliance_check_time": "2018-04-10T06:53:30.639238Z",
            "reason": "File /etc/passwd not found",
            "description": "Each UID must be used only once.",
            "rule_type": "default"
          },
          {
          .............

Get verdict

The sample curl command resembles the following code:

curl -k -s -XGET -H "Authorization: Bearer $ID_TOKEN" 'https://<Cluster Master Host>:<Cluster Master API Port>/va/api/get-verdict?access_group=kube-system&namespace=kube-system%2Fk8s-proxy-10.91.0.130%2Fproxy%2Fa7a93bba0f57de8055b3b5c880c340501a5d2158fa36326fbc76392e243b55f4&policy_name=package_vulnerability_found&source_type=container' | jq .

The response resembles the following code:

{
  "result":
  {
    "status": "violation",
    "detail":
    {
      .....
    }
  },
  "request_id": "30252cbf-5519-4bd3-837e-d0549795eef3"
}

Get features

The sample curl command resembles the following code:

curl -k -s -XGET -H "Authorization: Bearer $ID_TOKEN" 'https://<Cluster Master Host>:<Cluster Master API Port>/va/api/get-features?access_group=kube-system&namespace=kube-system%2Fk8s-proxy-10.91.0.130%2Fproxy%2Fa7a93bba0f57de8055b3b5c880c340501a5d2158fa36326fbc76392e243b55f4&source_type=container&timestamp=2018-11-11T03%3A56%3A26%2B0000&data_type=config' | jq .

The response resembles the following code:

{
    "result":
    {
        "total": 9,
        "count": 9,
        "crawled_time": "2018-11-11T03:56:26+0000",
        "values": [
        {
            "key": "/etc/hostname",
            "value":
            {
                "name": "hostname",
                "content": "ra3icp2\n",
                "path": "/etc/hostname"
            }
        },
        ....
        }]
    },
    "request_id": "889032f0-65aa-462f-b174-2d82f7a6bbf9"
}