ListVulnerabilities

Retrieves the list of vulnerabilities found in particular scan.

TypeScript
Python

import { cloudApi, serviceClients, Session } from "@yandex-cloud/nodejs-sdk";

const ListVulnerabilitiesRequest =
  cloudApi.containerregistry.scanner_service.ListVulnerabilitiesRequest;

(async () => {
  const authToken = process.env["YC_OAUTH_TOKEN"];
  const session = new Session({ oauthToken: authToken });
  const client = session.client(serviceClients.ScannerServiceClient);

  const result = await client.listVulnerabilities(
    ListVulnerabilitiesRequest.fromPartial({
      scanResultId: "scanResultId",
      // pageSize: 0,
      // pageToken: "pageToken",
      // filter: "filter",
      // orderBy: "orderBy"
    })
  );
  console.log(result);
})();

import os
import grpc
import yandexcloud

from yandex.cloud.containerregistry.v1.scanner_service_pb2 import ListVulnerabilitiesRequest
from yandex.cloud.containerregistry.v1.scanner_service_pb2_grpc import ScannerServiceStub

token = os.getenv("YC_OAUTH_TOKEN")

sdk = yandexcloud.SDK(token=token)

service = sdk.client(ScannerServiceStub)
response = service.ListVulnerabilities(
    ListVulnerabilitiesRequest(
        scan_result_id="scanResultId",
        # page_size = 0,
        # page_token = "pageToken",
        # filter = "filter",
        # order_by = "orderBy"
    )
)
print(response)

ListVulnerabilitiesRequest

`scanResultId` : string

ID of the ScanResult to get list of vulnerabilities for.

`pageSize` : int64

The maximum number of results per page to return. If the number of available results is larger than page_size, the service returns a ListRegistriesResponse.next_page_token that can be used to get the next page of results in subsequent list requests. Default value: 100.

`pageToken` : string

Page token. To get the next page of results, set page_token to the ListRegistriesResponse.next_page_token returned by a previous list request.

`filter` : string

A filter expression that filters resources listed in the response. The expression must specify:

The field name. Currently you can use filtering only on Vulnerability.severity and PackageVulnerability.name fields.
An = operator.
The value in double quotes (").

`orderBy` : string

An order expression that orders resources listed in the response. The expression must specify:

The field name. Currently you can use filtering only on Vulnerability.severity and PackageVulnerability.name fields.
Order selector. Currently you can use ordering only on Vulnerability.severity field (recent first).

ListVulnerabilitiesResponse

`vulnerabilities` : Vulnerability

List of Vulnerability resources.

`nextPageToken` : string

This token allows you to get the next page of results for list requests. If the number of results is larger than ListImagesRequest.page_size, use the next_page_token as the value for the ListImagesRequest.page_token query parameter in the next list request. Each subsequent list request will have its own next_page_token to continue paging through the results.

Vulnerability

A Vulnerability resource.

Severity

SEVERITY_UNSPECIFIED
CRITICAL
Critical severity is a world-burning problem, exploitable for nearly all users. Includes remote root privilege escalations, or massive data loss.
HIGH
High severity is a real problem, exploitable for many users in a default installation. Includes serious remote denial of services, local root privilege escalations, or data loss.
MEDIUM
Medium severity is a real security problem, and is exploitable for many users. Includes network daemon denial of service attacks, cross-site scripting, and gaining user privileges. Updates should be made soon for this priority of issue.
LOW
Low severity is a security problem, but is hard to exploit due to environment, requires a user-assisted attack, a small install base, or does very little damage. These tend to be included in security updates only when higher priority issues require an update, or if many low priority issues have built up.
NEGLIGIBLE
Negligible severity is technically a security problem, but is only theoretical in nature, requires a very special situation, has almost no install base, or does no real damage. These tend not to get backport from upstream, and will likely not be included in security updates unless there is an easy fix and some other issue causes an update.
UNDEFINED
Unknown severity is either a security problem that has not been assigned to a priority yet or a priority that our system did not recognize.

`severity` : Severity

Output only. Severity of the Vulnerability.

One of vulnerability

Details of vulnerability depending on type. Only package vulnerability is supported at the moment.

package : PackageVulnerability

PackageVulnerability

A PackageVulnerability resource.

`name` : string

Name of vulnerability in CVE database.

`link` : string

URL to the page with description of vulnerability.

`package` : string

The package name where vulnerability has been found.

`source` : string

The package manager name. Ex.: yum, rpm, dpkg.

`version` : string

The version of the package where vulnerability has been found.

`fixedBy` : string

The version of the package where vulnerability has been fixed.

`origin` : string

The place where vulnerability is originated (OS, lang package, etc.)

`type` : string

The type of vulnerability origin - name of OS if origin="os" or package type (jar, gobinary, etc.) if origin="lang"

ListVulnerabilities

ListVulnerabilitiesRequest​

scanResultId : string​

pageSize : int64​

pageToken : string​

filter : string​

orderBy : string​

ListVulnerabilitiesResponse​

vulnerabilities : Vulnerability​

nextPageToken : string​

Vulnerability​

Severity​

severity : Severity​

One of vulnerability​

package : PackageVulnerability​

PackageVulnerability​

name : string​

link : string​

package : string​

source : string​

version : string​

fixedBy : string​

origin : string​

type : string​