swagger: "2.0" info: description: "This is the Anchore Enterprise API. It provides additional external API routes and functionality for enterprise users." version: "0.1.0" title: "Anchore Enterprise API Server" contact: email: "dev@anchore.com" basePath: "/enterprise" schemes: - "http" - "https" consumes: - application/json produces: - application/json parameters: AsAccountParameter: name: x-anchore-account in: header required: false type: string description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) paths: /images/{imageDigest}/check: get: x-swagger-router-controller: anchore_enterprise.services.api.controllers.images operationId: get_image_policy_check_by_digest x-anchore-authz-action: getImageEvaluation description: Get the policy evaluation for the given image summary: Check policy evaluation status for image parameters: - name: imageDigest in: path type: string required: true - name: policyId in: query type: string required: false - name: tag in: query type: string required: true - name: detail in: query type: boolean required: false default: true - name: history in: query type: boolean required: false default: false - name: interactive in: query type: boolean required: false default: false - name: base_digest in: query type: string required: false description: Digest of a base image. If specified the evaluation will indicate results inherited from the base image - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Policy evaluation success schema: $ref: "#/definitions/EnterprisePolicyEvaluationList" 500: description: Internal Error schema: $ref: "#/definitions/ApiErrorResponse" /images/{imageDigest}/vuln/{vtype}: get: x-swagger-router-controller: anchore_enterprise.services.api.controllers.images operationId: get_image_vulnerabilities_by_digest x-anchore-authz-action: getImage summary: Get vulnerabilities by type parameters: - name: imageDigest in: path type: string required: true - name: vtype in: path type: string required: true - name: force_refresh in: query type: boolean required: false default: false - name: vendor_only in: query type: boolean required: false default: true - name: base_digest in: query type: string required: false description: Digest of a base image. If specified the vulnerabilities will indicate inheritance from the base image - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Vulnerability listing for the image schema: $ref: "#/definitions/EnterpriseVulnerabilityResponse" 500: description: Internal Error schema: $ref: "#/definitions/ApiErrorResponse" /images/{image_digest}/ancestors: get: x-swagger-router-controller: anchore_enterprise.services.api.controllers.images operationId: get_image_ancestors x-anchore-authz-action: getImage summary: "Return the list of ancestor images for the given image" description: "Returns list of ancestor images, which are the images that form the base layers of the image" produces: - "application/json" parameters: - name: image_digest in: path type: string required: true - $ref: "#/parameters/AsAccountParameter" responses: 200: description: "Ancestor list" schema: $ref: "#/definitions/ImageAncestry" 404: description: "Image not found" 500: description: "Internal Error" definitions: ApiErrorResponse: description: "Generic HTTP API error response" type: object properties: code: type: integer format: int32 error_type: type: "string" message: type: "string" detail: type: object description: Details structure for additional information about the error if available. Content and structure will be error specific. EnterprisePolicyEvaluation: description: Evaluation response object type: object EnterprisePolicyEvaluationList: description: Evaluation response object type: array items: $ref: "#/definitions/EnterprisePolicyEvaluation" EnterpriseVulnerability: type: object properties: vuln: type: string description: The vulnerability identifier, such as CVE-2017-100, or RHSA-2017123 fix: type: string description: The package containing a fix, if available severity: type: string description: The severity of the vulnerability package: type: string description: The package name and version that are vulnerable in the image url: type: string description: The url for more information about the vulnerability feed: type: string description: The name of the feed where vulnerability match was made feed_group: type: string description: The name of the feed group where vulnerability match was made package_name: type: string description: The name of the vulnerable package artifact package_version: type: string description: The version of the vulnerable package artifact package_type: type: string description: The type of vulnerable package package_cpe: type: string description: The CPE string (if applicable) describing the package to vulnerability match package_path: type: string description: The location (if applicable) of the vulnerable package in the container filesystem nvd_data: $ref: "#/definitions/NvdDataList" vendor_data: $ref: "#/definitions/VendorDataList" inherited_from_base: type: boolean description: True if the vulnerable artifact is found in the base image. False otherwise NvdDataList: type: array description: List of Nvd Data objects items: $ref: "#/definitions/NvdDataObject" NvdDataObject: type: object properties: id: type: string description: NVD Vulnerability ID cvss_v2: $ref: "#/definitions/CVSSV2Scores" cvss_v3: $ref: "#/definitions/CVSSV3Scores" VendorDataList: type: array description: List of Vendor Data objects items: $ref: "#/definitions/VendorDataObject" VendorDataObject: type: object properties: id: type: string description: Vendor Vulnerability ID cvss_v2: $ref: "#/definitions/CVSSV2Scores" cvss_v3: $ref: "#/definitions/CVSSV3Scores" CVSSV2Scores: type: object properties: base_score: type: number x-nullable: True exploitability_score: type: number x-nullable: True impact_score: type: number x-nullable: True CVSSV3Scores: type: object properties: base_score: type: number x-nullable: True exploitability_score: type: number x-nullable: True impact_score: type: number x-nullable: True EnterpriseVulnerabilityList: type: array description: List of Vulnerability objects items: $ref: "#/definitions/EnterpriseVulnerability" EnterpriseVulnerabilityResponse: description: envelope containing list of vulnerabilities type: object properties: image_digest: type: string base_digest: type: string vulnerability_type: type: string vulnerabilities: $ref: "#/definitions/EnterpriseVulnerabilityList" ImageAncestry: type: array description: Array of ancestor objects. Sorted by the length of the layers array in each entry, effectively returning them in increasing order of number of common layers. items: $ref: "#/definitions/ImageAncestor" ImageAncestor: type: object description: An summary of an image and it's layers. properties: imageDigest: type: string description: The digest of the image example: "sha256:55cffbd26dbe2e79252dd3283b1adef4459441e7b4fc2fe5ccd2bd5b52670474" tags: type: array items: type: string description: Full tag reference that is known at any time previoiusly for the digest. example: "docker.io/library/node:latest" layers: type: array description: The full set of layers for this image items: type: string description: The layer ID example: "sha256:03810167880e863d81dc60fc7771c975b93dfdf982d5677fb2c23d11b02c644b"