Home

Searching for Images

Use the search tokens below to search for images. Looking for help with writing your query? click here

architecture

Use a text value ##### to find images based on the docker image architecture, for example amd64 or arm64. Tip: Use the hostArchitecture token to find images based on the host architecture.

Example

Show findings with amd64 docker image architecture

architecture: amd64

controls.controlId

Use a text value ##### to find controls by control ID.

Example

Show images with this control ID

controls.controlId: 10826

controls.criticality

Use a text value ##### to find controls by criticality level (MINIMAL, MEDIUM, SERIOUS, CRITICAL, URGENT).

Example

Show images with URGENT controls

controls.criticality: "URGENT"

controls.posture

Use a text value ##### to find controls by compliance posture (PASS, FAIL).

Example

Show images with failed controls

controls.posture: "FAIL"

created

Use a date range or specific date to define when images were created.

Examples

Find images created within certain dates

created: [2017-06-15 ... 2017-06-30]

Find images created on specific date

created:'2017-08-15'

hostArchitecture

Use a text value ##### to find images based on the host architecture (amd64, arm64, x86_64).

Example

Show findings with arm64 host architecture

hostArchitecture: arm64

host.hostname

Use a text value ##### to define the hostname you're looking for.

Example

Show findings with this hostname

host.hostname: dockerhost07.mydomain.com

host.ipAddress

Use a text value ##### to define a host IP address you're interested in.

Example

Show findings with this IP address

host.ipAddress: 10.44.92.127

imageId

Use a text value ##### to define an image ID of interest.

Example

Show findings with this image ID

imageId: c2d1b73a90ec

isDockerHubOfficial

Use the values true | false to find Docker Hub official images.

Example

Show Docker Hub official images

isDockerHubOfficial: true

isInstrumented

Use the values true | false to find instrumented images.

Example

Show instrumented images

isInstrumented: true

instrumentationState

Use a text value ##### to show images with certain instrumentation state (QUEUED, COMPLETED, FAILED).

Example

Show images for which instrumentation is queued

instrumentationState: "QUEUED"

label.key

Use a text value ##### to define images with a certain label name.

Example

Show findings with label name "vendor"

label.key: vendor

label.value

Use a text value ##### to define images with a certain label value.

Example

Show findings with this label value

label.value: CentOS

lastComplianceScanDate

Use a date range or specific date to define when images were last scanned for compliance.

Examples

Show images with last compliance scan within certain dates

lastComplianceScanDate: [2021-01-01 ... 2021-01-30]

Show images with last compliance scan starting 2020-10-15, ending 1 month ago

lastComplianceScanDate: [2020-10-15 ... now-1M]

Show images with last compliance scan starting 2 weeks ago, ending 1 second ago

lastComplianceScanDate: [now-2w ... now-1s]

Show images with last compliance scan on specific date

lastComplianceScanDate:'2021-01-18'

lastVmScanDate

Use a date range or specific date to define when images were last scanned for vulnerabilities.

Examples

Show images last scanned within certain dates

lastVmScanDate: [2021-01-01 ... 2021-01-30]

Show images last scanned starting 2020-10-15, ending 1 month ago

lastVmScanDate: [2020-10-15 ... now-1M]

Show images last scanned starting 2 weeks ago, ending 1 second ago

lastVmScanDate: [now-2w ... now-1s]

Show images last scanned on specific date

lastVmScanDate:'2021-01-18'

layers.comment

Use a text value ##### to define images with layer comment you're interested in.

Example

Show findings with this layer comment

layers.comment: "my comment"

layers.createdBy

Use a text value ##### to find images having layers created by a certain user.

Example

Show findings created by jsmith

layers.createdBy: jsmith

layers.created

Use a date range or specific date to find when layers were created.

Examples

Show findings with layers created within certain dates

layers.created: [2017-10-01 ... 2017-10-12]

Show findings with layers created starting 2017-10-01, ending 1 month ago

layers.created: [2017-10-01 ... now-1M]

Show findings with layers created starting 2 weeks ago, ending 1 second ago

layers.created: [now-2w ... now-1s]

Show findings with layers created on certain date

layers.created:'2017-09-22'

layers.id

Use a text value ##### to define images having a certain layer ID.

Example

Show findings with this layer ID

layers.id: 12345

layers.sha

Use a text value ##### to define SHA 256 hash of image layer.

Example

Show image layer with this SHA value

layers.sha: 163dc7f6b91a30bdaa867c28e7edc341e72da63b0f9056be497bd59a83bce695

layers.size

Use a text value ##### to define images having layers with a certain size.

Example

Show findings with this layer size

layers.size: 10

layers.tags

Use a text value ##### to define images having layers with a certain tag.

Example

Show findings with this layer tag

layers.tags: "layer-tag8"

layersCount

Use a text value ##### to find images having a certain number of layers.

Example

Show findings with 12 layers

layersCount: 12

operatingSystem

Use values within quotes or backticks to help you find images with an operating system you're interested in.

Examples

Show any images with this OS name

operatingSystem: Windows 2012

Show any images that contain components of OS name

operatingSystem: "Windows 2012"

Show images that match exact value "Windows 2012"

operatingSystem: `Windows 2012`

registryUuid

Use a text value ##### to find images having a certain registry UUID.

Example

Show images with this registry UUID

registryUuid: ed46df944e1c

repoDigests.digest

Use a text value ##### to find images having a certain repoDigest digest value.

Example

Show findings with this digest value

repoDigests.digest: 2c8d61c46f484d881db43b34d13ca47a269336e576c81cf007ca740fa9ec0800

repoDigests.registry

Use a text value ##### to find images having a certain repoDigest registry name.

Example

Show findings with this repoDigest registry

repoDigests.registry: "my-registry-name"

repoDigests.repository

Use a text value ##### to find images having a certain repoDigest repository name.

Example

Show findings with this repoDigest repository

repoDigests.repository: "repository-name"

repo.registry

Use a text value ##### to find images having a certain repository registry name.

Example

Show findings with this registry

repo.registry: "my-registry-name"

repo.repository

Use a text value ##### to find images from a certain image repository.

Example

Show findings from this image repository

repo.repository: "repository-name"

repo.tag

Use a text value ##### to find images having a certain repository tag name.

Example

Show findings with this tag

repo.tag: "my-tag"

scanErrorCode

Use a text value ##### to find images that returned a certain error code (e.g. CMS-1301, CMS-1311, CMS-1317, etc) during the scan. See Scan Error Codes in the online help for codes.

Example

Show images that reported scan error code CMS-1301

scanErrorCode: CMS-1301

scanStatus

Use a text value ##### to find images based on scan status (SUCCESS, FAILED).

Example

Show images with failed scan status

scanStatus: FAILED

scanType

Use a text value ##### to find images based on the type of scan (STATIC, DYNAMIC, SCA) used to scan the image.

Example

Show images scanned with static scanning

scanType: STATIC

sha

Use a text value ##### to define an image by its SHA 256 hash.

Example

Show findings with this SHA value

sha: 163dc7f6b91a30bdaa867c28e7edc341e72da63b0f9056be497bd59a83bce695

software.name

Use a text value ##### to define images running a software application name you're interested in.

Example

Show findings with this software name

software.name: "MyApp"

software.version

Use a text value ##### to define images running a software application version of interest.

Example

Show findings with this software version

software.version: "2.0.3"

software.fixVersion

Use a text value ##### to find software with specific fix version.

Example

Show images with this software version

software.fixVersion: 2.0.3

software.vulnerabilities.authType

Use a text value ##### to find software vulnerabilities with an authentication type (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc). See Authentication Types in online help for more options.

Example

Show findings with Windows auth type

software.vulnerabilities.authType: "WINDOWS_AUTH"

software.vulnerabilities.category

Use a text value ##### to find software vulnerabilities with a vulnerability category (CGI, Database, DNS, BIND, etc). See Vulnerability Categories in online help for category names.

Example

Show findings with category CGI

software.vulnerabilities.category: "CGI"

software.vulnerabilities.customerSeverity

Use an integer value ##### to find software vulnerabilities with this customer defined severity (1-5).

Examples

Show findings with customer-defined severity 4

software.vulnerabilities.customerSeverity: "4"

Show findings with customer-defined severity 5 and category DNS

software.vulnerabilities: (customerSeverity: "5" AND category: "DNS")

software.vulnerabilities.cveids

Use a text value ##### to find software vulnerabilities with CVE Ids.

Example

Show findings with CVE Ids

software.vulnerabilities.cveids: "CVE-2014-9999"

software.vulnerabilities.cvssInfo.accessVector

Use a text value ##### to find images having software vulnerabilities with specific CVSS access vector.

Example

Show findings with CVSS access vector

software.vulnerabilities.cvssInfo.accessVector: "Local"

software.vulnerabilities.cvssInfo.baseScore

Use a integer value ##### to find images having software vulnerabilities with specific CVSS base score.

Example

Show findings with CVSS base score

software.vulnerabilities.cvssInfo.baseScore: "7.2"

software.vulnerabilities.cvssInfo.temporalScore

Use a integer value ##### to find images having software vulnerabilities with specific CVSS temporal score.

Example

Show findings with CVSS temporal score

software.vulnerabilities.cvssInfo.temporalScore: "6.2"

software.vulnerabilities.cvss3Info.baseScore

Use a integer value ##### to find images having software vulnerabilities with specific CVSS3 base score.

Example

Show findings with CVSS3 base score

software.vulnerabilities.cvss3Info.baseScore: "4.3"

software.vulnerabilities.cvss3Info.temporalScore

Use a integer value ##### to find images having software vulnerabilities with specific CVSS3 temporal score.

Example

Show findings with CVSS3 temporal score

software.vulnerabilities.cvss3Info.temporalScore: "3.8"

software.vulnerabilities.discoveryType

Use a text value ##### to find software vulnerabilities with a discovery type (REMOTE or AUTHENTICATED).

Example

Show findings with Remote discovery type

software.vulnerabilities.discoveryType: "REMOTE"

software.vulnerabilities.firstFound

Use a date range or specific date to find when software vulnerabilities were first found.

Examples

Show findings first found within certain dates

software.vulnerabilities.firstFound: [2017-10-01 ... 2017-10-12]

Show findings first found starting 2017-10-01, ending 1 month ago

software.vulnerabilities.firstFound: [2017-10-01 ... now-1M]

Show findings first found starting 2 weeks ago, ending 1 second ago

software.vulnerabilities.firstFound: [now-2w ... now-1s]

Show findings first found on certain date

software.vulnerabilities.firstFound:'2017-09-22'

Show findings first found in the past 10 days with severity 5

software.vulnerabilities: (firstFound > now-10d AND severity: "5")

software.vulnerabilities.fixed

Use a date range or specific date to find software with vulnerabilities that are fixed.

Examples

Show findings first found within certain dates

software.vulnerabilities.fixed: [2017-10-01 ... 2017-10-12]

Show findings first found starting 2017-10-01, ending 1 month ago

software.vulnerabilities.fixed: [2017-10-01 ... now-1M]

Show findings first found starting 2 weeks ago, ending 1 second ago

software.vulnerabilities.fixed: [now-2w ... now-1s]

Show findings first found on certain date

software.vulnerabilities.fixed:'2017-09-22'

Show findings first found in the past 10 days with severity 5

software.vulnerabilities: (fixed > now-10d AND severity: "5")

software.vulnerabilities.lastFound

Use a date range or specific date to find when software vulnerabilities were last found.

Examples

Show findings last found within certain dates

software.vulnerabilities.lastFound: [2017-10-02 ... 2017-10-15]

Show findings last found starting 2017-10-01, ending 1 month ago

software.vulnerabilities.lastFound: [2017-10-01 ... now-1M]

Show findings last found starting 2 weeks ago, ending 1 second ago

software.vulnerabilities.lastFound: [now-2w ... now-1s]

Show findings last found on certain date

software.vulnerabilities.lastFound:'2017-10-11'

Show findings last found on 2017-10-12 and category CGI

software.vulnerabilities: (lastFound: '2017-10-12' AND category: "CGI")

software.vulnerabilities.result

Use a text value ##### to find software packages that have vulnerabilities. This is scan (QID) test result generated by signature.

Example

Show findings with libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4

software.vulnerabilities.result: "libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4"

software.vulnerabilities.risk

Use an integer value ##### to find software vulnerabilities having a certain risk rating. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.

Example

Show findings with risk 50

software.vulnerabilities.risk: 50

software.vulnerabilities.severity

Use an integer value ##### to find software vulnerabilities with this Qualys defined severity (1-5).

Examples

Show findings with severity 4

software.vulnerabilities.severity: "4"

Show findings with severity 5 and category DNS

software.vulnerabilities: (severity: "5" AND category: "DNS")

software.vulnerabilities.supportedBy

Use a text value ##### to find software vulnerabilities that are supported by a Qualys product (VM, WAS, MD, WAF, CA-Windows Agent, CA-Linux Agent, CA-Mac Agent).

Example

Show findings supported by VM

software.vulnerabilities.supportedBy: "VM"

software.vulnerabilities.threatIntel

Use a text value ##### to find software vulnerabilities that are exposed to real-time threats.

Examples

Show findings exposed to public exploit threats

software.vulnerabilities.threatIntel: "publicExploit": true

Show findings exposed to multiple threats

software.vulnerabilities.threatIntel: {"publicExploit" : true, "publicExploitNames" : ["Sambar Server 4.3/4.4 Beta 3 - Search CGI - The Exploit-DB Ref : 20223" ]}

software.vulnerabilities.typeDetected

Use a text value ##### to find software vulnerabilities with a detection type (CONFIRMED or POTENTIAL).

Example

Show findings with this detection type

software.vulnerabilities.typeDetected: "CONFIRMED"

software.vulnerabilities.qid

Use an integer value ##### to provide a QID to find images with software having certain vulnerability.

Example

Show findings with QID 90405

software.vulnerabilities.qid: 90405

software.vulnerabilities.title

Use an text value ##### to provide a title to find images with software having certain vulnerability.

Example

Show findings with title

software.vulnerabilities.title: title text

software.vulnerabilities.software.name

Use a text value ##### to find vulnerability present in certain software.

Example

Show findings with software name

software.vulnerabilities.software.name: my-app

software.vulnerabilities.software.version

Use a text value ##### to find vulnerability present in certain software version.

Example

Show findings with software version

software.vulnerabilities.software.version: 8.0

software.vulnerabilities.software.fixVersion

Use a text value ##### to find vulnerability present in certain software fix version.

Example

Show findings with certain fix version

software.vulnerabilities.software.fixVersion: 8.0

software.vulnerabilities.source

Use a text value ##### to find software vulnerability from specific source (CONTAINER, IMAGE, BOTH).

Example

Show software software from images

software.vulnerabilities.source: IMAGE

software.vulnerabilities.reason

Use a text value ##### to find software vulnerability with specific state (Fixed, New, Removed, Varied)

Example

Show software software that is new

software.vulnerabilities.reason: NEW

software.vulnerabilities.threatIntel.activeAttacks

Use the values true | false to find images with software vulnerabilities leading to real-time threats due to active attacks.

Example

Show images exposed to threats due to active attacks

software.vulnerabilities.threatIntel.activeAttacks: true

software.vulnerabilities.threatIntel.denialOfService

Use the values true | false to find images with software vulnerabilities leading to real-time threats due to denial of service.

Example

Show images having threats due to denial of service

software.vulnerabilities.threatIntel.denialOfService: true

software.vulnerabilities.threatIntel.easyExploit

Use the values true | false to find images with software vulnerabilities leading to real-time threats due to easy exploit.

Example

Show images exposed to threats due to easy exploit

software.vulnerabilities.threatIntel.easyExploit: true

software.vulnerabilities.threatIntel.highDataLoss

Use the values true | false to find images with software vulnerabilities leading to real-time threats due to high data loss.

Example

Show images exposed to threats due to high data loss

software.vulnerabilities.threatIntel.highDataLoss: true

software.vulnerabilities.threatIntel.highLateralMovement

Use the values true | false to find images with software vulnerabilities leading to real-time threats due to high lateral movement.

Example

Show images exposed to threats due to high lateral movement

software.vulnerabilities.threatIntel.highLateralMovement: true

software.vulnerabilities.threatIntel.malware

Use the values true | false to find images with software vulnerabilities leading to real-time threats due to malware.

Example

Show images exposed to threats due to malware

software.vulnerabilities.threatIntel.malware: true

software.vulnerabilities.threatIntel.noPatch

Use the values true | false to find images with software vulnerabilities leading to real-time threats due to no patch available.

Example

Show images exposed to threats due to no patch available

software.vulnerabilities.threatIntel.noPatch: true

software.vulnerabilities.threatIntel.publicExploit

Use the values true | false to find images with software vulnerabilities leading to real-time threats due to public exploit.

Example

Show images exposed to threats due to public exploit

software.vulnerabilities.threatIntel.publicExploit: true

source

Use a text value ##### to find images from specific source (CICD, GENERAL, HOST, INSTRUMENTATION, REGISTRY, SERVERLESS_FARGATE).

Example

Show images from registry

source: REGISTRY

updated

Use a date range or specific date to define when images were updated. The updated date is modified with each event on the image, and with vulnerability report processing for the image.

Examples

Find images updated within certain dates

updated: [2019-06-15 ... 2019-06-30]

Find images updated on specific date

updated:'2019-08-15'

users

Use a text value ##### to define images having a user name you're looking for.

Example

Show findings with this user name

users: "asmith"

vulnerabilities.authType

Use a text value ##### to find images having vulnerabilities with an authentication type (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc). See Authentication Types in online help for more options.

Example

Show findings with Windows auth type

vulnerabilities.authType: "WINDOWS_AUTH"

vulnerabilities.category

Use a text value ##### to find images with vulnerabilities having a vulnerability category (CGI, Database, DNS, BIND, etc). See Vulnerability Categories in online help for category names.

Example

Show findings with category CGI

vulnerabilities.category: "CGI"

vulnerabilities.customerSeverity

Use an integer value ##### to find images having vulnerabilities with this customer defined severity (1-5).

Examples

Show findings with customer-defined severity 4

vulnerabilities.customerSeverity: "4"

Show findings with customer-defined severity 5 and category DNS

vulnerabilities: (customerSeverity: "5" AND category: "DNS")

vulnerabilities.cveids

Use a text value ##### to find images having vulnerabilities with the CVE name you're interested in.

Example

Show findings with CVE name CVE-2015-0313

vulnerabilities.cveids: CVE-2015-0313

vulnerabilities.cvssInfo.accessVector

Use a text value ##### to find images having vulnerabilities with specific CVSS access vector.

Example

Show findings with CVSS access vector

vulnerabilities.cvssInfo.accessVector: "Local"

vulnerabilities.cvssInfo.baseScore

Use a integer value ##### to find images having vulnerabilities with specific CVSS base score.

Example

Show findings with CVSS base score

vulnerabilities.cvssInfo.baseScore: "7.2"

vulnerabilities.cvssInfo.temporalScore

Use a integer value ##### to find images having vulnerabilities with specific CVSS temporal score.

Example

Show findings with CVSS temporal score

vulnerabilities.cvssInfo.temporalScore: "6.2"

vulnerabilities.cvss3Info.baseScore

Use a integer value ##### to find images having vulnerabilities with specific CVSS3 base score.

Example

Show findings with CVSS3 base score

vulnerabilities.cvss3Info.baseScore: "4.3"

vulnerabilities.cvss3Info.temporalScore

Use a integer value ##### to find images having vulnerabilities with specific CVSS3 temporal score.

Example

Show findings with CVSS3 temporal score

vulnerabilities.cvss3Info.temporalScore: "3.8"

vulnerabilities.discoveryType

Use a text value ##### to find images having vulnerabilities with a discovery type (REMOTE or AUTHENTICATED).

Example

Show findings with Remote discovery type

vulnerabilities.discoveryType: "REMOTE"

vulnerabilities.firstFound

Use a date range or specific date to define when vulnerabilities on image were first found.

Examples

Show findings first found within certain dates

vulnerabilities.firstFound: [2017-10-01 ... 2017-10-12]

Show findings first found starting 2017-10-01, ending 1 month ago

vulnerabilities.firstFound: [2017-10-01 ... now-1M]

Show findings first found starting 2 weeks ago, ending 1 second ago

vulnerabilities.firstFound: [now-2w ... now-1s]

Show findings first found on certain date

vulnerabilities.firstFound:'2017-09-22'

Show findings first found in the past 10 days with severity 5

vulnerabilities: (firstFound > now-10d AND severity: "5")

vulnerabilities.fixed

Use a date range or specific date to define when vulnerabilities on image were fixed.

Examples

Show findings fixed within certain dates

vulnerabilities.fixed: [2017-10-01 ... 2017-10-12]

Show findings fixed starting 2017-10-01, ending 1 month ago

vulnerabilities.fixed: [2017-10-01 ... now-1M]

Show findings fixed starting 2 weeks ago, ending 1 second ago

vulnerabilities.fixed: [now-2w ... now-1s]

Show findings fixed on certain date

vulnerabilities.fixed:'2017-09-22'

Show findings fixed in the past 10 days with severity 5

vulnerabilities: (fixed > now-10d AND severity: "5")

vulnerabilities.lastFound

Use a date range or specific date to define when vulnerabilities on image were last found.

Examples

Show findings last found within certain dates

vulnerabilities.lastFound: [2017-10-02 ... 2017-10-15]

Show findings last found starting 2017-10-01, ending 1 month ago

vulnerabilities.lastFound: [2017-10-01 ... now-1M]

Show findings last found starting 2 weeks ago, ending 1 second ago

vulnerabilities.lastFound: [now-2w ... now-1s]

Show findings last found on certain date

vulnerabilities.lastFound:'2017-10-11'

Show findings last found on 2017-10-12 and category CGI

vulnerabilities: (lastFound: '2017-10-12' AND category: "CGI")

vulnerabilities.product

Use a text value ##### to find images having vulnerabilities on a certain vendor product (moodle, gnome, code-crafters, etc). See Product References in online help for vendor names.

Example

Show findings for this product

vulnerabilities.product: "moodle"

vulnerabilities.result

Use values within quotes or backticks to help you find images having a detection result you're interested in.

Examples

Show any images that contain components of detection results

vulnerabilities.result: "Windows 2012"

Show images that match exact value "Windows 2012"

vulnerabilities.result: `Windows 2012`

vulnerabilities.risk

Use an integer value ##### to find images with vulnerabilities having a certain risk rating. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.

Example

Show findings with risk 50

vulnerabilities.risk: 50

vulnerabilities.severity

Use an integer value ##### to find images having vulnerabilities with this Qualys defined severity (1-5).

Examples

Show findings with severity 4

vulnerabilities.severity: "4"

Show findings with severity 5 and category DNS

vulnerabilities: (severity: "5" AND category: "DNS")

vulnerabilities.status

Use a text value ##### to find images having vulnerabilities with a vulnerability status (OPEN, FIXED or REOPENED).

Example

Show findings with this status

vulnerabilities.status: "OPEN"

vulnerabilities.supportedBy

Use a text value ##### to find images having vulnerabilities that are supported by a Qualys product (VM, WAS, MD, WAF, CA-Windows Agent, CA-Linux Agent, CA-Mac Agent).

Example

Show findings supported by VM

vulnerabilities.supportedBy: "VM"

vulnerabilities.threatIntel.activeAttacks

Use the values true | false to find images exposed to real-time threats due to active attacks.

Example

Show images exposed to active attacks

vulnerabilities.threatIntel.activeAttacks: true

vulnerabilities.threatIntel.denialOfService

Use the values true | false to find images exposed to real-time threats due to denial of service.

Example

Show images exposed to denial of service

vulnerabilities.threatIntel.denialOfService: true

vulnerabilities.threatIntel.easyExploit

Use the values true | false to find images exposed to real-time threats due to easy exploit.

Example

Show images exposed to easy exploit

vulnerabilities.threatIntel.easyExploit: true

vulnerabilities.threatIntel.highDataLoss

Use the values true | false to find images exposed to real-time threats due to high data loss.

Example

Show images exposed to high data loss

vulnerabilities.threatIntel.highDataLoss: true

vulnerabilities.threatIntel.highLateralMovement

Use the values true | false to find images exposed to real-time threats due to high lateral movement.

Example

Show images exposed to high lateral movement

vulnerabilities.threatIntel.highLateralMovement: true

vulnerabilities.threatIntel.malware

Use the values true | false to find images exposed to real-time threats due to malware.

Example

Show images exposed to malware threats

vulnerabilities.threatIntel.malware: true

vulnerabilities.threatIntel.noPatch

Use the values true | false to find images exposed to real-time threats due to no patch available.

Example

Show images exposed to threats due to no patch available

vulnerabilities.threatIntel.noPatch: true

vulnerabilities.threatIntel.publicExploit

Use the values true | false to find images exposed to real-time threats due to public exploit.

Example

Show images exposed to public exploit threats

vulnerabilities.threatIntel.publicExploit: true

vulnerabilities.typeDetected

Use a text value ##### to find images having vulnerabilities with a detection type (CONFIRMED or POTENTIAL).

Example

Show findings with this detection type

vulnerabilities.typeDetected: "CONFIRMED"

vulnerabilities.vendor

Use a text value ##### to find images having vulnerabilities on product from a certain vendor. See Vendor References in online help for vendor names.

Example

Show findings for this vendor

vulnerabilities.vendor: "vendor-name"

vulnerabilities.qid

Use an integer value ##### to provide a QID to find images with certain vulnerability.

Example

Show findings with QID 90405

vulnerabilities.qid: 90405

vulnerabilities.title

Use an text value ##### to provide a title to find images with certain vulnerability.

Example

Show findings with title

vulnerabilities.title: title text

vulnerabilities.software.name

Use a text value ##### to find vulnerability present in certain software.

Example

Show findings with software name

vulnerabilities.software.name: my-app

vulnerabilities.software.version

Use a text value ##### to find vulnerability present in certain software version.

Example

Show findings with software version

vulnerabilities.software.version: 8.0

vulnerabilities.software.fixVersion

Use a text value ##### to find vulnerability present in certain software fix version.

Example

Show findings with certain fix version

vulnerabilities.software.fixVersion: 8.0

author

Use a text value ##### to find images that have an author you're looking for.

Example

Show findings having this author name

author: "jkim"

dockerVersion

Use a text value ##### to define a Docker version you're looking for.

Example

Show findings with this Docker version

dockerVersion: 17.3

size

Use a text value ##### to find a Docker image of a certain size.

Example

Show findings of this size

size: 300555112

services.name

Use a text value ##### to find images with specific services running on them.

Example

Show findings with service name

services.name: sshd

services.description

Use a text value ##### to find images with the description of specific services running on them.

Example

Show findings with service description

services.description: Secure Socket Shell

services.status

Use a text value ##### to find images with the status of specific services running on them. Status could be RUNNING, STOPPED, etc.

Example

Show findings with service status

services.status: RUNNING

and

Use a boolean query to express your query using AND logic.

Example

Show images with static scanning and with Failed scan status

scanType: STATIC and scanStatus: FAILED

not

Use a boolean query to express your query using NOT logic.

Example

Show images that don't have Failed scan status

not scanStatus: FAILED

or

Use a boolean query to express your query using OR logic.

Example

Show images with one of these repository tag names

repo.tag: "tag123" or repo.tag: "tagABC"