DescribeCanFixVulList - Security Center - Alibaba Cloud Documentation Center

Queries the list of fixable vulnerabilities.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Debug

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Associated operation
yundun-sas:DescribeCanFixVulList	get	All Resources *	none	none

Request parameters

Parameter	Type	Required	Description	Example
Type	string	Yes	The type of the vulnerability. Valid values: cve: system vulnerability sca: application vulnerability	cve
Uuids	string	No	The UUID of the image. Separate multiple UUIDs with commas (,).	d15df12472809c1c3b158606c0f1****
Name	string	No	The name of the vulnerability.	scan:AVD-2022-953356
AliasName	string	No	The alias of the vulnerability that is specified in Common Vulnerabilities and Exposures (CVE).	RHSA-2017:0184-Important: mysql security update
StatusList	string	No	The status of the vulnerability. Valid values: 1: The vulnerability is unfixed. 4: The vulnerability is being fixed. 7:The vulnerability is fixed.	1
Necessity	string	No	The priority to fix the vulnerability. Separate multiple priorities with commas (,). Valid values: asap: high later: medium nntf: low	asap,later,nntf
Dealed	string	No	Specifies whether the vulnerability is handled. Valid values: y: The vulnerability is handled. n: The vulnerability is not handled.	n
CurrentPage	integer	No	The page number. Pages start from page 1. Default value: 1.	1
PageSize	integer	No	The number of entries per page. Default value: 20.	20
RepoRegionId	string	No	The region ID of the image repository. Valid values: cn-beijing: China (Beijing) cn-zhangjiakou: China (Zhangjiakou) cn-hangzhou: China (Hangzhou) cn-shanghai: China (Shanghai) cn-shenzhen: China (Shenzhen) cn-hongkong: China (Hong Kong) ap-southeast-1: Singapore ap-southeast-5: Indonesia (Jakarta) us-east-1: US (Virginia) us-west-1: US (Silicon Valley) eu-central-1: Germany (Frankfurt) eu-west-1: UK (London)	cn-hangzhou
RepoInstanceId	string	No	The ID of the container image. Note You can call the ListRepository operation of Container Registry and obtain the ID of the container image from InstanceId in the response.	cri-rv4nvbv8iju4****
RepoId	string	No	The ID of the image repository. Note You can call the ListRepository operation of Container Registry and obtain the ID of the image repository from RepoId in the response.	crr-avo7qp02simz2njo
RepoName	string	No	The name of the image repository. Note Fuzzy match is supported.	digital-account
RepoNamespace	string	No	The namespace to which the image repository belongs. Note Fuzzy match is supported.	ns-digital-dev
RegionId	string	No	The region ID of the image repository. Valid values: cn-beijing: China (Beijing) cn-zhangjiakou: China (Zhangjiakou) cn-hangzhou: China (Hangzhou) cn-shanghai: China (Shanghai) cn-shenzhen: China (Shenzhen) cn-hongkong: China (Hong Kong) ap-southeast-1: Singapore ap-southeast-5: Indonesia (Jakarta) us-east-1: US (Virginia) us-west-1: US (Silicon Valley) eu-central-1: Germany (Frankfurt) eu-west-1: UK (London)	cn-hangzhou
InstanceId	string	No	The ID of the container image. Note You can call the ListRepository operation of Container Registry and obtain the ID of the container image from InstanceId in the response.	cri-rv4nvbv8iju4****
Tag	string	No	The tag to add to the image.	0.1.0
Digest	string	No	The unique identifier of the image.	8f0fbdb41d3d1ade4ffdf21558443f4c03342010563bb8c43ccc09594d50****
ClusterId	string	No	The cluster ID. Note You can call the DescribeGroupedContainerInstances operation to query the IDs of clusters.	c80f79959fd724a888e1187779b13****
ScanRange	array	No	The type of the asset that you want to scan. Valid values: image container
	string	No	The type of the asset that is scanned. Valid values: image container	image,container
ClusterName	string	No	The name of the cluster.	sas-test-cnnf
ContainerId	string	No	The container ID.	48a6d9a92435a13ad573372c3f3c63b7e04d106458141df9f92155709d5a****
Pod	string	No	The name of the container group.	22222-7xsqq
Namespace	string	No	The namespace of the cluster. Note You can call the GetOpaClusterNamespaceList operation to query the namespaces of clusters.	default
Image	string	No	The name of the image.	registry.cn-wulanchabu.aliyuncs.com/sas_test/huxin-test-001:nuxeo6-****

Response parameters

Parameter	Type	Description	Example
	object	PlainResult<List>
VulRecords	array<object>	The information about the vulnerability.
VulRecord	object
CanUpdate	boolean	Indicates whether the packages of the software that has the vulnerability can be upgraded by using Security Center. Valid values: true false	true
Type	string	The type of the vulnerability. Valid values: cve: system vulnerability sca: application vulnerability	cve
Status	integer	The status of the vulnerability. Valid values: 1: The vulnerability is unfixed. 4: The vulnerability is being fixed. 7: The vulnerability is fixed.	1
ModifyTs	long	The timestamp generated when the vulnerability status was modified. Unit: milliseconds.	1620404763000
ImageDigest	string	The unique identifier of the image.	8f0fbdb41d3d1ade4ffdf21558443f4c03342010563bb8c43ccc09594d50****
PrimaryId	long	The vulnerability ID.	782661
Tag	string	The tag that is added to the image.	latest
RepoNamespace	string	The namespace to which the image repository belongs.	3rdparty
RepoName	string	The name of the image repository.	varnish
Related	string	The CVE IDs related to the vulnerability. Multiple CVE IDs are separated by commas (,).	CVE-2017-7518,CVE-2017-12188
FirstTs	long	The timestamp generated when the vulnerability was first detected. Unit: milliseconds.	1620752053000
LastTs	long	The timestamp generated when the vulnerability was last detected. Unit: milliseconds.	1620404763000
Necessity	string	The priority to fix the vulnerability. Valid values: asap: high later: medium nntf: low Note We recommend that you fix high-level vulnerabilities as soon as possible.	asap,later,nntf
Uuid	string	The UUID of the container image.	0004a32a0305a7f6ab5ff9600d47****
AliasName	string	The alias of the vulnerability.	CVE-2018-25010:libwebp up to 1.0.0 ApplyFilter out-of-bounds read
Name	string	The name of the vulnerability.	debian:10:CVE-2019-9893
Layers	array	The image layers.
name	string	The image layer.	["8f0fbdb41d3d1ade4ffdf21558443f4c03342010563bb8c43ccc09594d50****"]
ExtendContentJson	object	The extended information about the vulnerability.
OsRelease	string	The version of the operating system in the image.	10.9
Os	string	The name of the operating system.	debian
RpmEntityList	array<object>	The RPM packages.
RpmEntity	object
MatchList	array	The rule that is used to detect the vulnerability.
Match	string	The rule that is used to detect the vulnerability.	["libstdc++ version less than 8.5.0-4.el8_5"]
Layer	string	The SHA-256 value of the digest of the image layer.	b1f5b9420803ad0657cf21566e3e20acc08581e7f22991249ef3aa80b8b1****
FullVersion	string	The complete version number of the software package.	3.10.0-693.2.2.el7
Version	string	The version number of the software package.	3.10.0
MatchDetail	string	The information about the detected vulnerability.	python-perf version less than 0:3.10.0-693.21.1.el7
Path	string	The path of the software that has the vulnerability.	/usr/lib64/python2.7/site-packages
Name	string	The name of the software package.	python-perf
UpdateCmd	string	The command that is used to fix the vulnerability.	apt-get update && apt-get install libseccomp2 --only-upgrade
CanFix	string	Indicates whether the vulnerability can be fixed in the Security Center console. Valid values: yes no	yes
ClusterId	string	The cluster ID.	c08d5fc1a329a4b88950a253d082f1****
ClusterName	string	The name of the cluster.	docker-law
Pod	string	The name of the container group.	22222-7xsqq
Namespace	string	The namespace.	test-002
Image	string	The name of the image.	registry.cn-wulanchabu.aliyuncs.com/sas_test/huxin-test-001:nuxeo6-conta****
ContainerId	string	The container ID.	04d20e98c8e2c93b7b864372084320a15a58c8671e53c972ce3a71d9c163****
InternetIp	string	The public IP address of the asset.	1.2.XX.XX
IntranetIp	string	The private IP address of the asset.	172.19.XX.XX
InstanceName	string	The name of the instance. The name must be 3 to 64 characters in length and can contain letters, digits, hyphens (-), and underscores (_).	testInstance
TargetId	string	The ID of the asset that is scanned.	300269
TargetName	string	The name of the asset that is scanned.	source-test-obj-XM0Ma
MaliciousSource	string	The source of the malicious file. Valid values: agentless image container	agentless
TargetType	string	The type of the asset that is scanned. Valid values: IMAGE ECS_IMAGE ECS_SNAPSHOT	ECS_IMAGE
ScanTime	long	The timestamp generated when the scan task was performed. Unit: milliseconds.	1649814050000
RequestId	string	The request ID.	1408FDB3-46F4-513C-9918-FE7D356DF048

Examples

Sample success responses

JSONformat

{
  "VulRecords": [
    {
      "CanUpdate": true,
      "Type": "cve",
      "Status": 1,
      "ModifyTs": 1620404763000,
      "ImageDigest": "8f0fbdb41d3d1ade4ffdf21558443f4c03342010563bb8c43ccc09594d50****",
      "PrimaryId": 782661,
      "Tag": "latest",
      "RepoNamespace": "3rdparty",
      "RepoName": "varnish",
      "Related": "CVE-2017-7518,CVE-2017-12188",
      "FirstTs": 1620752053000,
      "LastTs": 1620404763000,
      "Necessity": "asap,later,nntf",
      "Uuid": "0004a32a0305a7f6ab5ff9600d47****",
      "AliasName": "CVE-2018-25010:libwebp up to 1.0.0 ApplyFilter out-of-bounds read",
      "Name": "debian:10:CVE-2019-9893",
      "Layers": [
        "[\"8f0fbdb41d3d1ade4ffdf21558443f4c03342010563bb8c43ccc09594d50****\"]"
      ],
      "ExtendContentJson": {
        "OsRelease": "10.9",
        "Os": "debian",
        "RpmEntityList": [
          {
            "MatchList": [
              "[\"libstdc++ version less than 8.5.0-4.el8_5\"]"
            ],
            "Layer": "b1f5b9420803ad0657cf21566e3e20acc08581e7f22991249ef3aa80b8b1****",
            "FullVersion": "3.10.0-693.2.2.el7",
            "Version": "3.10.0",
            "MatchDetail": "python-perf version less than 0:3.10.0-693.21.1.el7",
            "Path": "/usr/lib64/python2.7/site-packages",
            "Name": "python-perf",
            "UpdateCmd": "apt-get update && apt-get install libseccomp2  --only-upgrade"
          }
        ]
      },
      "CanFix": "yes",
      "ClusterId": "c08d5fc1a329a4b88950a253d082f1****\n",
      "ClusterName": "docker-law\n",
      "Pod": "22222-7xsqq\n",
      "Namespace": "test-002\n",
      "Image": "registry.cn-wulanchabu.aliyuncs.com/sas_test/huxin-test-001:nuxeo6-conta****\n",
      "ContainerId": "04d20e98c8e2c93b7b864372084320a15a58c8671e53c972ce3a71d9c163****\n",
      "InternetIp": "1.2.XX.XX",
      "IntranetIp": "172.19.XX.XX",
      "InstanceName": "testInstance",
      "TargetId": "300269",
      "TargetName": "source-test-obj-XM0Ma",
      "MaliciousSource": "agentless",
      "TargetType": "ECS_IMAGE",
      "ScanTime": 1649814050000
    }
  ],
  "RequestId": "1408FDB3-46F4-513C-9918-FE7D356DF048"
}

Error codes

HTTP status code	Error code	Error message	Description
403	NoPermission	caller has no permission	You are not authorized to do this operation.
500	ServerError	ServerError	-

For a list of error codes, visit the Service error codes.