All Products
Search
Document Center

Security Center:DescribeCanFixVulList

Last Updated:Nov 25, 2024

Queries the list of fixable vulnerabilities.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
yundun-sas:DescribeCanFixVulListget
*All Resources
*
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
TypestringYes

The type of the vulnerability. Valid values:

  • cve: system vulnerability
  • sca: application vulnerability
cve
UuidsstringNo

The UUID of the image. Separate multiple UUIDs with commas (,).

d15df12472809c1c3b158606c0f1****
NamestringNo

The name of the vulnerability.

scan:AVD-2022-953356
AliasNamestringNo

The alias of the vulnerability that is specified in Common Vulnerabilities and Exposures (CVE).

RHSA-2017:0184-Important: mysql security update
StatusListstringNo

The status of the vulnerability. Valid values:

  • 1: The vulnerability is unfixed.
  • 4: The vulnerability is being fixed.
  • 7:The vulnerability is fixed.
1
NecessitystringNo

The priority to fix the vulnerability. Separate multiple priorities with commas (,). Valid values:

  • asap: high
  • later: medium
  • nntf: low
asap,later,nntf
DealedstringNo

Specifies whether the vulnerability is handled. Valid values:

y: The vulnerability is handled. n: The vulnerability is not handled.

n
CurrentPageintegerNo

The page number. Pages start from page 1. Default value: 1.

1
PageSizeintegerNo

The number of entries per page. Default value: 20.

20
RepoRegionIdstringNo

The region ID of the image repository. Valid values:

  • cn-beijing: China (Beijing)
  • cn-zhangjiakou: China (Zhangjiakou)
  • cn-hangzhou: China (Hangzhou)
  • cn-shanghai: China (Shanghai)
  • cn-shenzhen: China (Shenzhen)
  • cn-hongkong: China (Hong Kong)
  • ap-southeast-1: Singapore
  • ap-southeast-5: Indonesia (Jakarta)
  • us-east-1: US (Virginia)
  • us-west-1: US (Silicon Valley)
  • eu-central-1: Germany (Frankfurt)
  • eu-west-1: UK (London)
cn-hangzhou
RepoInstanceIdstringNo

The ID of the container image.

Note You can call the ListRepository operation of Container Registry and obtain the ID of the container image from InstanceId in the response.
cri-rv4nvbv8iju4****
RepoIdstringNo

The ID of the image repository.

Note You can call the ListRepository operation of Container Registry and obtain the ID of the image repository from RepoId in the response.
crr-avo7qp02simz2njo
RepoNamestringNo

The name of the image repository.

Note Fuzzy match is supported.
digital-account
RepoNamespacestringNo

The namespace to which the image repository belongs.

Note Fuzzy match is supported.
ns-digital-dev
RegionIdstringNo

The region ID of the image repository. Valid values:

  • cn-beijing: China (Beijing)
  • cn-zhangjiakou: China (Zhangjiakou)
  • cn-hangzhou: China (Hangzhou)
  • cn-shanghai: China (Shanghai)
  • cn-shenzhen: China (Shenzhen)
  • cn-hongkong: China (Hong Kong)
  • ap-southeast-1: Singapore
  • ap-southeast-5: Indonesia (Jakarta)
  • us-east-1: US (Virginia)
  • us-west-1: US (Silicon Valley)
  • eu-central-1: Germany (Frankfurt)
  • eu-west-1: UK (London)
cn-hangzhou
InstanceIdstringNo

The ID of the container image.

Note You can call the ListRepository operation of Container Registry and obtain the ID of the container image from InstanceId in the response.
cri-rv4nvbv8iju4****
TagstringNo

The tag to add to the image.

0.1.0
DigeststringNo

The unique identifier of the image.

8f0fbdb41d3d1ade4ffdf21558443f4c03342010563bb8c43ccc09594d50****
ClusterIdstringNo

The cluster ID.

Note You can call the DescribeGroupedContainerInstances operation to query the IDs of clusters.
c80f79959fd724a888e1187779b13****
ScanRangearrayNo

The type of the asset that you want to scan. Valid values:

  • image
  • container
stringNo

The type of the asset that is scanned. Valid values:

  • image
  • container
image,container
ClusterNamestringNo

The name of the cluster.

sas-test-cnnf
ContainerIdstringNo

The container ID.

48a6d9a92435a13ad573372c3f3c63b7e04d106458141df9f92155709d5a****
PodstringNo

The name of the container group.

22222-7xsqq
NamespacestringNo

The namespace of the cluster.

Note You can call the GetOpaClusterNamespaceList operation to query the namespaces of clusters.
default
ImagestringNo

The name of the image.

registry.cn-wulanchabu.aliyuncs.com/sas_test/huxin-test-001:nuxeo6-****

Response parameters

ParameterTypeDescriptionExample
object

PlainResult<List>

VulRecordsarray<object>

The information about the vulnerability.

VulRecordobject
CanUpdateboolean

Indicates whether the packages of the software that has the vulnerability can be upgraded by using Security Center. Valid values:

  • true
  • false
true
Typestring

The type of the vulnerability. Valid values:

  • cve: system vulnerability
  • sca: application vulnerability
cve
Statusinteger

The status of the vulnerability. Valid values:

  • 1: The vulnerability is unfixed.
  • 4: The vulnerability is being fixed.
  • 7: The vulnerability is fixed.
1
ModifyTslong

The timestamp generated when the vulnerability status was modified. Unit: milliseconds.

1620404763000
ImageDigeststring

The unique identifier of the image.

8f0fbdb41d3d1ade4ffdf21558443f4c03342010563bb8c43ccc09594d50****
PrimaryIdlong

The vulnerability ID.

782661
Tagstring

The tag that is added to the image.

latest
RepoNamespacestring

The namespace to which the image repository belongs.

3rdparty
RepoNamestring

The name of the image repository.

varnish
Relatedstring

The CVE IDs related to the vulnerability. Multiple CVE IDs are separated by commas (,).

CVE-2017-7518,CVE-2017-12188
FirstTslong

The timestamp generated when the vulnerability was first detected. Unit: milliseconds.

1620752053000
LastTslong

The timestamp generated when the vulnerability was last detected. Unit: milliseconds.

1620404763000
Necessitystring

The priority to fix the vulnerability. Valid values:

  • asap: high
  • later: medium
  • nntf: low
Note We recommend that you fix high-level vulnerabilities as soon as possible.
asap,later,nntf
Uuidstring

The UUID of the container image.

0004a32a0305a7f6ab5ff9600d47****
AliasNamestring

The alias of the vulnerability.

CVE-2018-25010:libwebp up to 1.0.0 ApplyFilter out-of-bounds read
Namestring

The name of the vulnerability.

debian:10:CVE-2019-9893
Layersarray

The image layers.

namestring

The image layer.

["8f0fbdb41d3d1ade4ffdf21558443f4c03342010563bb8c43ccc09594d50****"]
ExtendContentJsonobject

The extended information about the vulnerability.

OsReleasestring

The version of the operating system in the image.

10.9
Osstring

The name of the operating system.

debian
RpmEntityListarray<object>

The RPM packages.

RpmEntityobject
MatchListarray

The rule that is used to detect the vulnerability.

Matchstring

The rule that is used to detect the vulnerability.

["libstdc++ version less than 8.5.0-4.el8_5"]
Layerstring

The SHA-256 value of the digest of the image layer.

b1f5b9420803ad0657cf21566e3e20acc08581e7f22991249ef3aa80b8b1****
FullVersionstring

The complete version number of the software package.

3.10.0-693.2.2.el7
Versionstring

The version number of the software package.

3.10.0
MatchDetailstring

The information about the detected vulnerability.

python-perf version less than 0:3.10.0-693.21.1.el7
Pathstring

The path of the software that has the vulnerability.

/usr/lib64/python2.7/site-packages
Namestring

The name of the software package.

python-perf
UpdateCmdstring

The command that is used to fix the vulnerability.

apt-get update && apt-get install libseccomp2 --only-upgrade
CanFixstring

Indicates whether the vulnerability can be fixed in the Security Center console. Valid values:

  • yes
  • no
yes
ClusterIdstring

The cluster ID.

c08d5fc1a329a4b88950a253d082f1****
ClusterNamestring

The name of the cluster.

docker-law
Podstring

The name of the container group.

22222-7xsqq
Namespacestring

The namespace.

test-002
Imagestring

The name of the image.

registry.cn-wulanchabu.aliyuncs.com/sas_test/huxin-test-001:nuxeo6-conta****
ContainerIdstring

The container ID.

04d20e98c8e2c93b7b864372084320a15a58c8671e53c972ce3a71d9c163****
InternetIpstring

The public IP address of the asset.

1.2.XX.XX
IntranetIpstring

The private IP address of the asset.

172.19.XX.XX
InstanceNamestring

The name of the instance.

The name must be 3 to 64 characters in length and can contain letters, digits, hyphens (-), and underscores (_).

testInstance
TargetIdstring

The ID of the asset that is scanned.

300269
TargetNamestring

The name of the asset that is scanned.

source-test-obj-XM0Ma
MaliciousSourcestring

The source of the malicious file. Valid values:

  • agentless
  • image
  • container
agentless
TargetTypestring

The type of the asset that is scanned. Valid values:

  • IMAGE
  • ECS_IMAGE
  • ECS_SNAPSHOT
ECS_IMAGE
ScanTimelong

The timestamp generated when the scan task was performed. Unit: milliseconds.

1649814050000
RequestIdstring

The request ID.

1408FDB3-46F4-513C-9918-FE7D356DF048

Examples

Sample success responses

JSONformat

{
  "VulRecords": [
    {
      "CanUpdate": true,
      "Type": "cve",
      "Status": 1,
      "ModifyTs": 1620404763000,
      "ImageDigest": "8f0fbdb41d3d1ade4ffdf21558443f4c03342010563bb8c43ccc09594d50****",
      "PrimaryId": 782661,
      "Tag": "latest",
      "RepoNamespace": "3rdparty",
      "RepoName": "varnish",
      "Related": "CVE-2017-7518,CVE-2017-12188",
      "FirstTs": 1620752053000,
      "LastTs": 1620404763000,
      "Necessity": "asap,later,nntf",
      "Uuid": "0004a32a0305a7f6ab5ff9600d47****",
      "AliasName": "CVE-2018-25010:libwebp up to 1.0.0 ApplyFilter out-of-bounds read",
      "Name": "debian:10:CVE-2019-9893",
      "Layers": [
        "[\"8f0fbdb41d3d1ade4ffdf21558443f4c03342010563bb8c43ccc09594d50****\"]"
      ],
      "ExtendContentJson": {
        "OsRelease": "10.9",
        "Os": "debian",
        "RpmEntityList": [
          {
            "MatchList": [
              "[\"libstdc++ version less than 8.5.0-4.el8_5\"]"
            ],
            "Layer": "b1f5b9420803ad0657cf21566e3e20acc08581e7f22991249ef3aa80b8b1****",
            "FullVersion": "3.10.0-693.2.2.el7",
            "Version": "3.10.0",
            "MatchDetail": "python-perf version less than 0:3.10.0-693.21.1.el7",
            "Path": "/usr/lib64/python2.7/site-packages",
            "Name": "python-perf",
            "UpdateCmd": "apt-get update && apt-get install libseccomp2  --only-upgrade"
          }
        ]
      },
      "CanFix": "yes",
      "ClusterId": "c08d5fc1a329a4b88950a253d082f1****\n",
      "ClusterName": "docker-law\n",
      "Pod": "22222-7xsqq\n",
      "Namespace": "test-002\n",
      "Image": "registry.cn-wulanchabu.aliyuncs.com/sas_test/huxin-test-001:nuxeo6-conta****\n",
      "ContainerId": "04d20e98c8e2c93b7b864372084320a15a58c8671e53c972ce3a71d9c163****\n",
      "InternetIp": "1.2.XX.XX",
      "IntranetIp": "172.19.XX.XX",
      "InstanceName": "testInstance",
      "TargetId": "300269",
      "TargetName": "source-test-obj-XM0Ma",
      "MaliciousSource": "agentless",
      "TargetType": "ECS_IMAGE",
      "ScanTime": 1649814050000
    }
  ],
  "RequestId": "1408FDB3-46F4-513C-9918-FE7D356DF048"
}

Error codes

HTTP status codeError codeError messageDescription
403NoPermissioncaller has no permissionYou are not authorized to do this operation.
500ServerErrorServerError-

For a list of error codes, visit the Service error codes.