swagger: "2.0" info: description: "This is the Anchore Engine API. Provides the primary external API for users of the service." version: "0.1.17" title: "Anchore Engine API Server" contact: email: "nurmi@anchore.com" license: name: "Apache 2.0" url: "http://www.apache.org/licenses/LICENSE-2.0.html" #externalDocs: # description: "Anchore Engine" # url: "http://github.com/anchore/anchore-engine" tags: - name: Subscriptions description: Subscription Management - name: Policies description: Policy Management - name: Images description: Image Management - name: Image Content description: View Image Content - name: Vulnerabilities description: Vulnerability checks and reports - name: Policy Evaluation description: Evaluate images against policies - name: Registries description: Registry Management - name: Repository Credentials description: Repository Credential Management - name: System description: System Management - name: Services description: Service Management - name: Summaries description: Resource Summaries - name: Events description: View and delete events - name: Queries description: Resource Queries - name: User Management description: Manage Accounts, Users, and Credentials - name: Identity description: Get and operate on the authenticated user's identity - name: Archives description: Data Archiving Management basePath: "/" schemes: - "http" - "https" consumes: - application/json produces: - application/json parameters: AsAccountParameter: name: x-anchore-account in: header required: false type: string description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) paths: /: get: x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.system operationId: ping x-anchore-authz-action: None description: Simple status check responses: 200: description: Version check response, returns the api version prefix (e.g. 'v1') schema: type: string /health: get: x-swagger-router-controller: anchore_engine.apis.common operationId: health_check x-anchore-authz-action: None description: Health check, returns 200 and no body if service is running responses: 200: description: Empty body on success /version: get: x-swagger-router-controller: anchore_engine.apis.common operationId: version_check x-anchore-authz-action: None description: Returns the version object for the service, including db schema version info responses: 200: description: Version object describing version state schema: $ref: "#/definitions/ServiceVersion" /policies: get: tags: - Policies x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.policies x-anchore-authz-action: listPolicies operationId: list_policies summary: List policies description: List all saved policy bundles parameters: - name: detail in: query type: boolean required: false description: Include policy bundle detail in the form of the full bundle content for each entry - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Policy listing schema: $ref: "#/definitions/PolicyBundleList" post: tags: - Policies x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.policies operationId: add_policy x-anchore-authz-action: createPolicy summary: Add a new policy description: Adds a new policy bundle to the system parameters: - name: bundle in: body required: true schema: $ref: "#/definitions/PolicyBundle" - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Saved bundle schema: $ref: "#/definitions/PolicyBundleRecord" 500: description: Internal Error schema: $ref: "#/definitions/ApiErrorResponse" /policies/{policyId}: get: tags: - Policies x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.policies operationId: get_policy x-anchore-authz-action: getPolicy description: Get the policy bundle content summary: Get specific policy parameters: - name: policyId in: path type: string required: True - name: detail in: query type: boolean required: false description: Include policy bundle detail in the form of the full bundle content for each entry - $ref: "#/parameters/AsAccountParameter" responses: 200: description: A list with a single fetched policy bundle record schema: $ref: "#/definitions/PolicyBundleList" 500: description: Internal Error schema: $ref: "#/definitions/ApiErrorResponse" put: tags: - Policies x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.policies operationId: update_policy x-anchore-authz-action: updatePolicy description: Update/replace and existing policy summary: Update policy parameters: - name: bundle in: body required: true schema: $ref: "#/definitions/PolicyBundleRecord" - name: policyId in: path type: string required: True - name: active in: query type: boolean required: false description: Mark policy as active - $ref: "#/parameters/AsAccountParameter" responses: 200: description: A list with a single updated policy bundle record schema: $ref: "#/definitions/PolicyBundleList" 500: description: Internal Error schema: $ref: "#/definitions/ApiErrorResponse" delete: tags: - Policies x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.policies operationId: delete_policy x-anchore-authz-action: deletePolicy description: Delete the specified policy summary: Delete policy parameters: - name: policyId in: path required: true type: string - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Delete success 404: description: Policy not found to delete schema: $ref: "#/definitions/ApiErrorResponse" 500: description: Internal Error schema: $ref: "#/definitions/ApiErrorResponse" /subscriptions: get: tags: - Subscriptions x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.subscriptions operationId: list_subscriptions x-anchore-authz-action: listSubscriptions summary: List all subscriptions parameters: - name: 'subscription_key' in: query type: string description: "filter only subscriptions matching key" required: false - name: 'subscription_type' in: query type: string description: "filter only subscriptions matching type" required: false - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Subscription listing schema: $ref: "#/definitions/SubscriptionList" 500: description: Internal Error schema: $ref: "#/definitions/ApiErrorResponse" post: tags: - Subscriptions x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.subscriptions operationId: add_subscription x-anchore-authz-action: createSubscription summary: Add a subscription of a specific type description: Create a new subscription to watch a tag and get notifications of changes parameters: - name: subscription in: body required: true schema: $ref: "#/definitions/SubscriptionRequest" - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Subscription add success schema: $ref: "#/definitions/SubscriptionList" /subscriptions/{subscriptionId}: get: tags: - Subscriptions x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.subscriptions operationId: get_subscription x-anchore-authz-action: getSubscription summary: Get a specific subscription set parameters: - name: subscriptionId in: path required: true type: string - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Filtered subscription list by type schema: $ref: "#/definitions/SubscriptionList" 500: description: Internal Error schema: $ref: "#/definitions/ApiErrorResponse" put: tags: - Subscriptions x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.subscriptions operationId: update_subscription x-anchore-authz-action: updateSubscription summary: Update an existing and specific subscription parameters: - name: subscriptionId in: path required: true type: string - name: subscription in: body required: true schema: $ref: "#/definitions/SubscriptionUpdate" - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Subscription add success schema: $ref: "#/definitions/SubscriptionList" delete: tags: - Subscriptions x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.subscriptions operationId: delete_subscription x-anchore-authz-action: deleteSubscription summary: Delete subscriptions of a specific type parameters: - name: subscriptionId in: path required: true type: string - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Delete success 500: description: Internal Error schema: $ref: "#/definitions/ApiErrorResponse" /summaries/imagetags: get: tags: - Summaries x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.images operationId: list_imagetags x-anchore-authz-action: listImages summary: List all visible image digests and tags description: List all image tags visible to the user parameters: - name: 'image_status' in: query type: array items: type: string enum: - all - active - deleting collectionFormat: csv required: false default: - active description: "Filter images in one or more states such as active, deleting. Defaults to active images only if unspecified" - $ref: "#/parameters/AsAccountParameter" responses: 200: description: "successful operation" schema: $ref: "#/definitions/AnchoreImageTagSummaryList" 500: description: Internal Error schema: $ref: "#/definitions/ApiErrorResponse" /images: post: tags: - Images x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.images operationId: add_image x-anchore-authz-action: createImage summary: Submit a new image for analysis by the engine description: Creates a new analysis task that is executed asynchronously parameters: - name: force in: query type: boolean required: false description: Override any existing entry in the system - name: autosubscribe in: query type: boolean required: false description: Instruct engine to automatically begin watching the added tag for updates from registry - name: image required: true in: body schema: $ref: "#/definitions/ImageAnalysisRequest" - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Successfully added image to analysis queue schema: $ref: "#/definitions/AnchoreImageList" 500: description: Internal Error schema: $ref: "#/definitions/ApiErrorResponse" get: tags: - Images x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.images operationId: list_images x-anchore-authz-action: listImages summary: List all visible images description: List all images visible to the user parameters: - name: history in: query type: boolean required: false description: Include image history in the response - name: fulltag in: query required: false type: string description: "Full docker-pull string to filter results by (e.g. docker.io/library/nginx:latest, or myhost.com:5000/testimages:v1.1.1)" - name: image_status in: query required: false type: string description: Filter by image_status value on the record. Default if omitted is 'active'. enum: - all - active - deleting default: active - name: analysis_status in: query required: false type: string description: Filter by analysis_status value on the record. enum: - not_analyzed - analyzed - analyzing - analysis_failed - $ref: "#/parameters/AsAccountParameter" responses: 200: description: "successful operation" schema: $ref: "#/definitions/AnchoreImageList" 500: description: Internal Error schema: $ref: "#/definitions/ApiErrorResponse" delete: tags: - Images x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.images operationId: delete_images_async x-anchore-authz-action: deleteImage summary: Bulk mark images for deletion description: Delete analysis for image digests in the list asynchronously parameters: - name: imageDigests in: query required: true x-nullable: false type: array items: type: string collectionFormat: csv - name: force in: query required: false type: boolean - $ref: "#/parameters/AsAccountParameter" responses: 200: description: "successful operation" schema: $ref: "#/definitions/DeleteImageResponseList" 500: description: Internal Error schema: $ref: "#/definitions/ApiErrorResponse" /import/images: post: tags: - Import x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.images operationId: import_image_archive x-anchore-authz-action: importImage summary: Import an anchore image tar.gz archive file. This is a deprecated API replaced by the "/imports/images" route consumes: - multipart/form-data parameters: - in: formData name: archive_file type: file description: anchore image tar archive. required: true responses: 200: description: Successfully imported image to the engine schema: $ref: "#/definitions/AnchoreImageList" 500: description: Internal Error schema: $ref: "#/definitions/ApiErrorResponse" /images/{imageDigest}: get: tags: - Images x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.images operationId: get_image x-anchore-authz-action: getImage summary: Get image metadata parameters: - name: imageDigest in: path type: string required: true - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Image lookup success schema: $ref: "#/definitions/AnchoreImageList" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" delete: tags: - Images x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.images operationId: delete_image x-anchore-authz-action: deleteImage summary: Delete an image analysis parameters: - name: imageDigest in: path type: string required: true - name: force in: query required: false type: boolean - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Image deletion success schema: $ref: "#/definitions/DeleteImageResponse" /images/by_id/{imageId}: get: tags: - Images x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.images operationId: get_image_by_imageId x-anchore-authz-action: getImage summary: Lookup image by docker imageId parameters: - name: imageId in: path type: string required: true - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Image lookup success schema: $ref: "#/definitions/AnchoreImageList" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" delete: tags: - Images x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.images operationId: delete_image_by_imageId x-anchore-authz-action: deleteImage summary: Delete image by docker imageId parameters: - name: imageId in: path type: string required: true - name: force in: query required: false type: boolean - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Image deletion success schema: $ref: "#/definitions/DeleteImageResponse" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" /images/{imageDigest}/check: get: tags: - Images x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.images operationId: get_image_policy_check x-anchore-authz-action: getImageEvaluation description: Get the policy evaluation for the given image summary: Check policy evaluation status for image parameters: - name: imageDigest in: path type: string required: true - name: policyId in: query required: false type: string - name: tag in: query required: true type: string - name: detail in: query required: false type: boolean - name: history in: query required: false type: boolean - name: interactive in: query required: false type: boolean - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Policy evaluation success schema: $ref: "#/definitions/PolicyEvaluationList" 500: description: Internal Error schema: $ref: "#/definitions/ApiErrorResponse" /images/by_id/{imageId}/check: get: tags: - Images x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.images operationId: get_image_policy_check_by_imageId x-anchore-authz-action: getImageEvaluation description: Get the policy evaluation for the given image summary: Check policy evaluation status for image parameters: - name: imageId in: path type: string required: true - name: policyId in: query required: false type: string - name: tag in: query required: true type: string - name: detail in: query required: false type: boolean - name: history in: query required: false type: boolean - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Policy evaluation success schema: $ref: "#/definitions/PolicyEvaluationList" 500: description: Internal Error schema: $ref: "#/definitions/ApiErrorResponse" /images/{imageDigest}/vuln: get: tags: - Images x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.images operationId: get_image_vulnerability_types x-anchore-authz-action: getImage summary: Get vulnerability types parameters: - name: imageDigest in: path type: string required: true - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Vulnerability listing for the image schema: type: array items: type: string enum: - all - os - non-os 500: description: Internal Error schema: $ref: "#/definitions/ApiErrorResponse" /images/{imageDigest}/vuln/{vtype}: get: tags: - Images x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.images operationId: get_image_vulnerabilities_by_type x-anchore-authz-action: getImage summary: Get vulnerabilities by type parameters: - name: imageDigest in: path type: string required: true - name: vtype in: path type: string required: true - name: force_refresh in: query type: boolean required: false - name: vendor_only in: query type: boolean required: false - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Vulnerability listing for the image schema: $ref: "#/definitions/VulnerabilityResponse" 500: description: Internal Error schema: $ref: "#/definitions/ApiErrorResponse" /images/by_id/{imageId}/vuln: get: tags: - Images x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.images operationId: get_image_vulnerability_types_by_imageId x-anchore-authz-action: getImage summary: Get vulnerability types parameters: - name: imageId in: path type: string required: true - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Vulnerability listing for the image schema: type: array items: type: string enum: - all - os - non-os 500: description: Internal Error schema: $ref: "#/definitions/ApiErrorResponse" /images/by_id/{imageId}/vuln/{vtype}: get: tags: - Images x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.images operationId: get_image_vulnerabilities_by_type_imageId x-anchore-authz-action: getImage summary: Get vulnerabilities by type parameters: - name: imageId in: path type: string required: true - name: vtype in: path type: string required: true - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Vulnerability listing for the image schema: $ref: "#/definitions/VulnerabilityResponse" 500: description: Internal Error schema: $ref: "#/definitions/ApiErrorResponse" /images/{imageDigest}/content: get: tags: - Images x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.images operationId: list_image_content x-anchore-authz-action: getImage summary: List image content types parameters: - name: imageDigest in: path type: string required: true - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Content listing for the image schema: type: array items: type: string 500: description: Internal Error schema: $ref: "#/definitions/ApiErrorResponse" /images/by_id/{imageId}/content: get: tags: - Images x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.images operationId: list_image_content_by_imageid x-anchore-authz-action: getImage summary: List image content types parameters: - name: imageId in: path type: string required: true - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Content of specified type from the image schema: type: array items: type: string 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" /images/{imageDigest}/content/{ctype}: get: tags: - Images x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.images operationId: get_image_content_by_type x-anchore-authz-action: getImage summary: Get the content of an image by type parameters: - name: imageDigest in: path type: string required: true - name: ctype in: path type: string required: true - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Content of specified type from the image schema: $ref: "#/definitions/ContentPackageResponse" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" /images/{imageDigest}/content/files: get: tags: - Images x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.images operationId: get_image_content_by_type_files x-anchore-authz-action: getImage summary: Get the content of an image by type files parameters: - name: imageDigest in: path type: string required: true - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Content of specified type from the image schema: $ref: "#/definitions/ContentFilesResponse" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" /images/{imageDigest}/content/java: get: tags: - Images x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.images operationId: get_image_content_by_type_javapackage x-anchore-authz-action: getImage summary: Get the content of an image by type java parameters: - name: imageDigest in: path type: string required: true - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Content of specified type from the image schema: $ref: "#/definitions/ContentJAVAPackageResponse" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" /images/{imageDigest}/content/malware: get: tags: - Images x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.images operationId: get_image_content_by_type_malware x-anchore-authz-action: getImage summary: Get the content of an image by type malware parameters: - name: imageDigest in: path type: string required: true - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Content of specified type from the image schema: $ref: "#/definitions/ContentMalwareResponse" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" /images/by_id/{imageId}/content/{ctype}: get: tags: - Images x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.images operationId: get_image_content_by_type_imageId x-anchore-authz-action: getImage summary: Get the content of an image by type parameters: - name: imageId in: path type: string required: true - name: ctype in: path type: string required: true - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Content of specified type from the image schema: $ref: "#/definitions/ContentPackageResponse" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" /images/by_id/{imageId}/content/files: get: tags: - Images x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.images operationId: get_image_content_by_type_imageId_files x-anchore-authz-action: getImage summary: Get the content of an image by type files parameters: - name: imageId in: path type: string required: true - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Content of specified type from the image schema: $ref: "#/definitions/ContentFilesResponse" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" /images/by_id/{imageId}/content/java: get: tags: - Images x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.images operationId: get_image_content_by_type_imageId_javapackage x-anchore-authz-action: getImage summary: Get the content of an image by type java parameters: - name: imageId in: path type: string required: true - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Content of specified type from the image schema: $ref: "#/definitions/ContentJAVAPackageResponse" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" /images/{imageDigest}/artifacts/retrieved_files: get: x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.images operationId: list_retrieved_files x-anchore-authz-action: getImage summary: Return a list of analyzer artifacts of the specified type produces: - application/json parameters: - name: imageDigest in: path type: string required: true responses: 200: description: "List of file metadata objects" schema: $ref: "#/definitions/RetrievedFileList" 404: description: "Image not found in this service" /images/{imageDigest}/artifacts/file_content_search: get: x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.images operationId: list_file_content_search_results x-anchore-authz-action: getImage summary: Return a list of analyzer artifacts of the specified type produces: - application/json parameters: - name: imageDigest in: path type: string required: true responses: 200: description: "List of file metadata objects" schema: $ref: "#/definitions/FileContentSearchList" 404: description: "Image not found in this service" /images/{imageDigest}/artifacts/secret_search: get: x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.images operationId: list_secret_search_results x-anchore-authz-action: getImage summary: Return a list of analyzer artifacts of the specified type produces: - application/json parameters: - name: imageDigest in: path type: string required: true responses: 200: description: "List of file metadata objects" schema: $ref: "#/definitions/SecretSearchList" 404: description: "Image not found in this service" /images/{imageDigest}/metadata: get: tags: - Images x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.images operationId: list_image_metadata x-anchore-authz-action: getImage summary: List image metadata types parameters: - name: imageDigest in: path type: string required: true - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Metadata listing for the image schema: type: array items: type: string 500: description: Internal Error schema: $ref: "#/definitions/ApiErrorResponse" /images/{imageDigest}/metadata/{mtype}: get: tags: - Images x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.images operationId: get_image_metadata_by_type x-anchore-authz-action: getImage summary: Get the metadata of an image by type parameters: - name: imageDigest in: path type: string required: true - name: mtype in: path type: string required: true - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Metadata of specified type from the image schema: $ref: "#/definitions/MetadataResponse" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" /repositories: post: tags: - Repository Credentials summary: "Add repository to watch" description: "" operationId: add_repository x-anchore-authz-action: createRepository parameters: - name: 'repository' in: query type: string description: "full repository to add e.g. docker.io/library/alpine" required: true - name: 'autosubscribe' in: query type: boolean description: "flag to enable/disable auto tag_update activation when new images from a repo are added" required: false - name: 'lookuptag' in: query type: string description: "use specified existing tag to perform repo scan (default is 'latest')" required: false - name: 'dryrun' in: query type: boolean description: "flag to return tags in the repository without actually watching the repository, default is false" required: false - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Repository and discovered tags added schema: $ref: "#/definitions/SubscriptionList" x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.images /registries: get: tags: - Registries x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.registries operationId: list_registries x-anchore-authz-action: listRegistries summary: List configured registries description: List all configured registries the system can/will watch parameters: - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Registry listing schema: $ref: "#/definitions/RegistryConfigurationList" post: tags: - Registries x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.registries operationId: create_registry x-anchore-authz-action: createRegistry summary: Add a new registry description: Adds a new registry to the system parameters: - name: 'validate' in: query type: boolean description: "flag to determine whether or not to validate registry/credential at registry add time" required: false - name: registrydata in: body required: true schema: $ref: "#/definitions/RegistryConfigurationRequest" - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Saved registry configuration schema: $ref: "#/definitions/RegistryConfigurationList" 500: description: Internal Error schema: $ref: "#/definitions/ApiErrorResponse" /registries/{registry}: get: tags: - Registries x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.registries operationId: get_registry x-anchore-authz-action: getRegistry summary: Get a specific registry configuration description: Get information on a specific registry parameters: - name: registry in: path required: true type: string format: path - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Registry configuration schema: $ref: "#/definitions/RegistryConfigurationList" put: tags: - Registries x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.registries operationId: update_registry x-anchore-authz-action: updateRegistry summary: Update/replace a registry configuration description: Replaces an existing registry record with the given record parameters: - name: registry in: path required: true type: string format: path - name: 'validate' in: query type: boolean description: "flag to determine whether or not to validate registry/credential at registry update time" required: false - name: registrydata in: body required: true schema: $ref: "#/definitions/RegistryConfigurationRequest" - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Updated registry configuration schema: $ref: "#/definitions/RegistryConfigurationList" 500: description: Internal Error schema: $ref: "#/definitions/ApiErrorResponse" delete: tags: - Registries x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.registries operationId: delete_registry x-anchore-authz-action: deleteRegistry summary: Delete a registry configuration description: Delete a registry configuration record from the system. Does not remove any images. parameters: - name: registry in: path required: true type: string format: path - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Delete success 500: description: Internal Error schema: $ref: "#/definitions/ApiErrorResponse" /status: get: tags: - System x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.system operationId: get_status x-anchore-authz-action: None summary: Service status description: Get the API service status responses: 200: description: Status listing schema: $ref: "#/definitions/StatusResponse" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" /system: get: tags: - System x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.system operationId: get_service_detail x-anchore-authz-action: None summary: System status description: Get the system status including queue lengths responses: 200: description: Status listing schema: $ref: "#/definitions/SystemStatusResponse" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" /system/feeds: get: tags: - System summary: "list feeds operations and information" description: "Return a list of feed and their groups along with update and record count information. This data reflects the state of the policy engine, not the upstream feed service itself." operationId: "get_system_feeds" x-anchore-authz-action: listFeeds responses: 200: description: "success" schema: type: array items: $ref: "#/definitions/FeedMetadata" 500: description: Internal Error schema: $ref: "#/definitions/ApiErrorResponse" x-swagger-router-controller: "anchore_engine.services.apiext.api.controllers.system" post: tags: - System summary: "trigger feeds operations" description: "Execute a synchronous feed sync operation. The response will block until complete, then return the result summary." operationId: "post_system_feeds" x-anchore-authz-action: updateFeeds parameters: - name: 'flush' in: query type: boolean description: "instruct system to flush existing data feeds records from anchore-engine" required: false - name: 'sync' in: query type: boolean description: "instruct system to re-sync data feeds" required: false responses: 200: description: "Feeds operation success" schema: $ref: "#/definitions/FeedSyncResults" 500: description: Internal Error schema: $ref: "#/definitions/ApiErrorResponse" x-swagger-router-controller: "anchore_engine.services.apiext.api.controllers.system" /system/feeds/{feed}: put: tags: - System x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.system operationId: toggle_feed_enabled x-anchore-authz-action: updateFeeds description: "Disable the feed so that it does not sync on subsequent sync operations" consumes: - "application/json" produces: - "application/json" parameters: - name: feed in: path required: true type: string - name: enabled type: boolean required: true in: query responses: 200: description: "FeedInfo" schema: $ref: "#/definitions/FeedMetadata" 500: description: "Internal server error processing the request. Retry expected" 400: description: "Bad request, fix and resend" delete: tags: - System x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.system operationId: delete_feed x-anchore-authz-action: updateFeeds description: "Delete the groups and data for the feed and disable the feed itself" consumes: - "application/json" produces: - "application/json" parameters: - name: feed in: path required: true type: string responses: 200: description: "Successfully deleted" 500: description: "Internal server error processing the request. Retry expected" 404: description: "Not found" /system/feeds/{feed}/{group}: put: tags: - System x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.system x-anchore-authz-action: updateFeeds operationId: toggle_group_enabled description: "Disable a specific group within a feed to not sync" consumes: - "application/json" produces: - "application/json" parameters: - name: feed in: path required: true type: string - name: group in: path type: string required: true - name: enabled type: boolean required: true in: query responses: 200: description: "FeedInfo listing" schema: type: array items: $ref: "#/definitions/FeedMetadata" 500: description: "Internal server error processing the request. Retry expected" 400: description: "Bad request, fix and resend" delete: tags: - System x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.system operationId: delete_feed_group x-anchore-authz-action: updateFeeds description: "Delete the group data and disable the group itself" consumes: - "application/json" produces: - "application/json" parameters: - name: feed in: path required: true type: string - name: group in: path type: string required: true responses: 200: description: "Successfully deleted" 500: description: "Internal server error processing the request. Retry expected" 404: description: "Not found" /system/services: get: tags: - System x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.system operationId: list_services x-anchore-authz-action: listServices summary: List system services responses: 200: description: Service listing schema: $ref: "#/definitions/ServiceList" 500: description: Internal Error schema: $ref: "#/definitions/ApiErrorResponse" /system/services/{servicename}: get: tags: - System x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.system operationId: get_services_by_name x-anchore-authz-action: getService summary: Get a service configuration and state parameters: - name: servicename in: path type: string required: true responses: 200: description: Service Info schema: $ref: "#/definitions/ServiceList" 500: description: Internal Error schema: $ref: "#/definitions/ApiErrorResponse" /system/services/{servicename}/{hostid}: get: tags: - System x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.system operationId: get_services_by_name_and_host x-anchore-authz-action: getService summary: Get service config for a specific host parameters: - name: servicename in: path type: string required: true - name: hostid in: path type: string required: true responses: 200: description: Listing of registered services schema: $ref: "#/definitions/ServiceList" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" delete: tags: - System x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.system operationId: delete_service x-anchore-authz-action: deleteService summary: Delete the service config parameters: - name: servicename in: path type: string required: true - name: hostid in: path type: string required: true responses: 200: description: Delete success 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" /system/policy_spec: get: summary: Describe the policy language spec implemented by this service. description: Get the policy language spec for this service operationId: describe_policy x-anchore-authz-action: None tags: - System responses: 200: description: Policy Language Description schema: type: array description: List of Gate specifications items: $ref: "#/definitions/GateSpec" x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.system /system/error_codes: get: summary: Describe anchore engine error codes. description: Describe anchore engine error codes. operationId: describe_error_codes x-anchore-authz-action: None tags: - System responses: 200: description: Error Codes Description schema: type: array description: List of Error Code Descriptions items: $ref: "#/definitions/AnchoreErrorCode" x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.system /event_types: get: tags: - Events x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.events operationId: list_event_types x-anchore-authz-action: listEvents summary: List Event Types description: Returns list of event types in the category hierarchy responses: 200: description: List of event types schema: $ref: "#/definitions/EventTypesList" /events: get: tags: - Events x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.events operationId: list_events x-anchore-authz-action: listEvents summary: List Events description: Returns a paginated list of events in the descending order of their occurrence. Optional query parameters may be used for filtering results parameters: - name: source_servicename in: query type: string description: Filter events by the originating service required: false - name: source_hostid in: query type: string description: Filter events by the originating host ID required: false - name: event_type in: query type: string description: Filter events by a prefix match on the event type (e.g. "user.image.") required: false pattern: '^[a-z0-9-_.*]+$' - name: resource_type in: query type: string description: Filter events by the type of resource - tag, imageDigest, repository etc required: false - name: resource_id in: query type: string description: Filter events by the id of the resource required: false - name: level in: query type: string description: Filter events by the level - INFO or ERROR required: false - name: since in: query type: string description: Return events that occurred after the timestamp required: false - name: before in: query type: string description: Return events that occurred before the timestamp required: false - name: page in: query type: integer description: Pagination controls - return the nth page of results. Defaults to first page if left empty required: false default: 1 - name: limit in: query type: integer description: Number of events in the result set. Defaults to 100 if left empty required: false default: 100 - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Paginated list of event records and the next token schema: $ref: "#/definitions/EventsList" delete: tags: - Events x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.events operationId: delete_events x-anchore-authz-action: deleteEvents summary: Delete Events description: Delete all or a subset of events filtered using the optional query parameters parameters: - name: before in: query type: string description: Delete events that occurred before the timestamp required: false - name: since in: query type: string description: Delete events that occurred after the timestamp required: false - name: level in: query type: string description: Delete events that match the level - INFO or ERROR required: false - $ref: "#/parameters/AsAccountParameter" responses: 200: description: List of deleted event IDs schema: type: array items: type: string 500: description: Internal Error schema: $ref: "#/definitions/ApiErrorResponse" /events/{eventId}: get: tags: - Events x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.events operationId: get_event x-anchore-authz-action: getEvent summary: Get Event description: Lookup an event by its event ID parameters: - name: eventId in: path type: string description: "Event ID of the event for lookup" required: true - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Single event record schema: $ref: "#/definitions/EventResponse" delete: tags: - Events x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.events operationId: delete_event x-anchore-authz-action: getEvent summary: Delete Event description: Delete an event by its event ID parameters: - name: eventId in: path type: string description: "Event ID of the event to be deleted" required: true - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Delete success /query/images/by_vulnerability: get: tags: - Query x-swagger-router-controller: "anchore_engine.services.apiext.api.controllers.query" operationId: query_images_by_vulnerability x-anchore-authz-action: listImages summary: List images vulnerable to the specific vulnerability ID. description: Returns a listing of images and their respective packages vulnerable to the given vulnerability ID parameters: - name: vulnerability_id in: query required: true type: string description: The ID of the vulnerability to search for within all images stored in anchore-engine (e.g. CVE-1999-0001) - name: namespace in: query description: Filter results to images within the given vulnerability namespace (e.g. debian:8, ubuntu:14.04) required: false type: string - name: affected_package in: query description: Filter results to images with vulnable packages with the given package name (e.g. libssl) required: false type: string - name: severity in: query description: Filter results to vulnerable package/vulnerability with the given severity required: false type: string enum: - Unknown - Negligible - Low - Medium - High - Critical - name: vendor_only in: query type: boolean description: Filter results to include only vulnerabilities that are not marked as invalid by upstream OS vendor data required: false default: true - name: page in: query description: The page of results to fetch. Pages start at 1 required: false type: integer - name: limit in: query type: integer description: Limit the number of records for the requested page. If omitted or set to 0, return all results in a single page required: false - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Image lookup success schema: $ref: '#/definitions/PaginatedVulnerableImageList' 400: description: Invalid filter parameters schema: $ref: '#/definitions/ApiErrorResponse' /query/images/by_package: get: tags: - Query x-swagger-router-controller: "anchore_engine.services.apiext.api.controllers.query" operationId: query_images_by_package x-anchore-authz-action: listImages summary: List of images containing given package description: Filterable query interface to search for images containing specified package parameters: - name: name in: query description: Name of package to search for (e.g. sed) required: true type: string - name: package_type in: query description: Type of package to filter on (e.g. dpkg) required: false type: string - name: version in: query description: Version of named package to filter on (e.g. 4.4-1) required: false type: string - name: page in: query description: The page of results to fetch. Pages start at 1 required: false type: string - name: limit in: query type: integer description: Limit the number of records for the requested page. If omitted or set to 0, return all results in a single page required: false - $ref: "#/parameters/AsAccountParameter" responses: 200: description: Image listing schema: $ref: '#/definitions/PaginatedImageList' 400: description: Bad filter parameters schema: $ref: '#/definitions/ApiErrorResponse' /query/vulnerabilities: get: tags: - Query x-swagger-router-controller: "anchore_engine.services.apiext.api.controllers.query" operationId: query_vulnerabilities x-anchore-authz-action: None summary: Listing information about given vulnerability description: List (w/filters) vulnerability records known by the system, with affected packages information if present parameters: - name: id in: query required: true type: array items: type: string description: The ID of the vulnerability (e.g. CVE-1999-0001) - name: affected_package in: query description: Filter results by specified package name (e.g. sed) required: false type: string - name: affected_package_version in: query description: Filter results by specified package version (e.g. 4.4-1) required: false type: string - name: page in: query type: string description: The page of results to fetch. Pages start at 1 required: false default: "1" - name: limit in: query type: integer description: Limit the number of records for the requested page. If omitted or set to 0, return all results in a single page required: false - name: namespace in: query type: array items: type: string description: Namespace(s) to filter vulnerability records by required: false responses: 200: description: Vulnerability listing paginated schema: $ref: '#/definitions/PaginatedVulnerabilityList' 400: description: Invalid filter parameters schema: $ref: '#/definitions/ApiErrorResponse' /accounts: get: tags: - User Management x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.accounts operationId: list_accounts x-anchore-authz-action: listAccounts summary: List user summaries. Only available to the system admin user. parameters: - name: state in: query type: string enum: - enabled - disabled - deleting required: false description: Filter accounts by state responses: 200: description: Accound summary listing schema: $ref: "#/definitions/AccountList" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" post: tags: - User Management x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.accounts operationId: create_account x-anchore-authz-action: createAccount summary: Create a new user. Only avaialble to admin user. parameters: - name: account in: body required: true schema: $ref: "#/definitions/AccountCreationRequest" responses: 200: description: Account Record schema: $ref: "#/definitions/Account" 409: description: Conflicting user information. User already exists. schema: $ref: "#/definitions/ApiErrorResponse" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" /accounts/{accountname}: get: tags: - User Management x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.accounts operationId: get_account x-anchore-authz-action: getAccount summary: Get info about an user. Only available to admin user. Uses the main user Id, not a username. parameters: - name: accountname in: path required: true type: string responses: 200: description: Get user information schema: $ref: "#/definitions/Account" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" delete: tags: - User Management x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.accounts operationId: delete_account x-anchore-authz-action: deleteAccount summary: Delete the specified account, only allowed if the account is in the disabled state. All users will be deleted along with the account and all resources will be garbage collected parameters: - name: accountname in: path required: true type: string responses: 204: description: Successful deletion 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" /accounts/{accountname}/state: put: tags: - User Management x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.accounts operationId: update_account_state x-anchore-authz-action: updateAccount summary: Update the state of an account to either enabled or disabled. For deletion use the DELETE route parameters: - name: accountname in: path required: true type: string - name: desired_state in: body required: true schema: $ref: "#/definitions/AccountStatus" responses: 200: description: Updated state of the account schema: $ref: "#/definitions/AccountStatus" 400: description: State requested is invalid based on current state of the account schema: $ref: "#/definitions/ApiErrorResponse" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" /accounts/{accountname}/users: get: tags: - User Management x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.accounts operationId: list_users x-anchore-authz-action: listUsers summary: List accounts for the user parameters: - name: accountname in: path type: string required: true responses: 200: description: User listing schema: type: array description: List of user credential records items: $ref: "#/definitions/User" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" post: tags: - User Management x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.accounts operationId: create_user x-anchore-authz-action: createUser summary: Create a new user parameters: - name: accountname in: path type: string required: true - name: user in: body required: true schema: $ref: "#/definitions/UserCreationRequest" responses: 200: description: Credential summary schema: $ref: "#/definitions/User" /accounts/{accountname}/users/{username}: delete: tags: - User Management x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.accounts operationId: delete_user x-anchore-authz-action: deleteUser summary: Delete a specific user credential by username of the credential. Cannot be the credential used to authenticate the request. parameters: - name: accountname type: string in: path required: true - name: username type: string in: path required: true responses: 204: description: Deleted credential 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" get: tags: - User Management x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.accounts operationId: get_account_user x-anchore-authz-action: getUser summary: Get a specific user in the specified account parameters: - name: accountname type: string in: path required: true - name: username type: string in: path required: true responses: 200: description: User record schema: $ref: "#/definitions/User" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" /accounts/{accountname}/users/{username}/credentials: get: tags: - User Management summary: Get current credential summary parameters: - name: accountname in: path type: string required: true - name: username in: path type: string required: true responses: 200: description: User credential listing schema: $ref: "#/definitions/CredentialList" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" operationId: list_user_credentials x-anchore-authz-action: getUser x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.accounts post: tags: - User Management operationId: create_user_credential x-anchore-authz-action: updateUser x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.accounts summary: add/replace credential parameters: - name: accountname in: path type: string required: true - name: username in: path type: string required: true - name: credential in: body required: true schema: $ref: "#/definitions/AccessCredential" responses: 200: description: Add a credential, overwritting if already exists schema: $ref: "#/definitions/User" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" delete: tags: - User Management summary: Delete a credential by type operationId: delete_user_credential x-anchore-authz-action: updateUser x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.accounts parameters: - name: accountname in: path type: string required: true - name: username in: path type: string required: true - name: credential_type type: string in: query required: true enum: - password responses: 204: description: Successful deletion 400: description: Conflict, cannot delete the credential used to authenticate this request 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" # Context-bound requests available for normal accounts (the /accounts routes are only for system admin) /account: get: tags: - Identity x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.accounts operationId: get_users_account x-anchore-authz-action: getAccount summary: List the account for the authenticated user responses: 200: description: User details for caller's user schema: $ref: "#/definitions/Account" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" /user: get: tags: - Identity x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.user operationId: get_user x-anchore-authz-action: None summary: List authenticated user info responses: 200: description: User details for caller's user schema: $ref: "#/definitions/User" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" /user/credentials: get: tags: - Identity summary: Get current credential summary operationId: get_credentials x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.user x-anchore-authz-action: None responses: 200: description: User credential listing schema: $ref: "#/definitions/CredentialList" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" post: tags: - Identity summary: add/replace credential operationId: add_credential x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.user x-anchore-authz-action: None parameters: - name: credential in: body required: true schema: $ref: "#/definitions/AccessCredential" responses: 200: description: Add a credential, overwritting if already exists schema: $ref: "#/definitions/User" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" # Data archives /archives: get: tags: - Archives operationId: list_archives x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.archive x-anchore-authz-action: listArchives responses: 200: description: Archive summary listing schema: $ref: "#/definitions/ArchiveSummary" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" /archives/rules: get: tags: - Archives operationId: list_analysis_archive_rules x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.archive x-anchore-authz-action: listArchiveTransitionRules parameters: - name: system_global in: query required: false type: boolean description: If true include system global rules (owned by admin) even for non-admin users. Defaults to true if not set. Can be set to false to exclude globals responses: 200: description: Archive transition rules schema: $ref: "#/definitions/AnalysisArchiveRules" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" post: tags: - Archives operationId: create_analysis_archive_rule x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.archive x-anchore-authz-action: createArchiveTransitionRule parameters: - name: rule in: body schema: $ref: "#/definitions/AnalysisArchiveTransitionRule" required: True responses: 200: description: Archive transition rule schema: $ref: "#/definitions/AnalysisArchiveTransitionRule" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" /archives/rules/{ruleId}: get: tags: - Archives operationId: get_analysis_archive_rule x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.archive x-anchore-authz-action: getArchiveTransitionRule parameters: - name: ruleId type: string required: true in: path responses: 200: description: Archive transition rule schema: $ref: "#/definitions/AnalysisArchiveTransitionRule" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" delete: tags: - Archives operationId: delete_analysis_archive_rule x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.archive x-anchore-authz-action: deleteArchiveTransitionRule parameters: - name: ruleId type: string required: true in: path responses: 200: description: Archive transition rule schema: $ref: "#/definitions/AnalysisArchiveTransitionRule" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" # /archives/rules/{ruleId}/history: # get: # tags: # - Archives # operationId: get_analysis_archive_rule_history # x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.archive # x-anchore-authz-action: getArchiveTransitionRuleHistory # parameters: # - name: ruleId # type: string # required: true # in: path # responses: # 200: # description: Archive transition rule history of actions # schema: # $ref: "#/definitions/AnalysisArchiveTransitionHistory" # 500: # description: Internal error # schema: # $ref: "#/definitions/ApiErrorResponse" /archives/images: get: tags: - Archives operationId: list_analysis_archive x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.archive x-anchore-authz-action: listArchivedImageAnalysis responses: 200: description: Image analysis archive listing for the requesting account (not the whole system) schema: $ref: "#/definitions/ArchivedAnalyses" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" post: tags: - Archives operationId: archive_image_analysis x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.archive x-anchore-authz-action: createArchivedImageAnalysis parameters: - name: imageReferences in: body required: true schema: $ref: "#/definitions/ImageAnalysisReferences" responses: 200: description: Archive statuses schema: $ref: "#/definitions/AddAnalysisArchiveResult" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" /archives/images/{imageDigest}: get: tags: - Archives description: Returns the archive metadata record identifying the image and tags for the analysis in the archive. operationId: get_archived_analysis x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.archive x-anchore-authz-action: getArchivedImageAnalysis parameters: - name: imageDigest in: path required: true type: string description: The image digest to identify the image analysis responses: 200: description: Archived Image schema: $ref: "#/definitions/ArchivedAnalysis" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" delete: tags: - Archives description: Performs a synchronous archive deletion operationId: delete_archived_analysis x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.archive x-anchore-authz-action: deleteArchivedImageAnalysis parameters: - name: imageDigest in: path required: true type: string - name: force in: query required: false type: boolean responses: 200: description: ArchivdImageAnalysis record but with status 'deleted' schema: $ref: "#/definitions/ArchivedAnalysis" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" /oauth/token: post: x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.oauth operationId: get_oauth_token x-anchore-authz-action: None description: Request a jwt token for subsequent operations, this request is authenticated with normal HTTP auth consumes: - application/x-www-form-urlencoded parameters: - name: grant_type in: formData description: 'OAuth Grant type for token' type: string default: password - name: username in: formData type: string description: 'User to assign OAuth token to' - name: password in: formData type: string description: 'Password for corresponding user' - name: client_id in: formData description: 'The type of client used for the OAuth token' type: string default: anonymous responses: 200: description: Resulting JWT token schema: $ref: "#/definitions/TokenResponse" 500: description: Internal error schema: $ref: "#/definitions/ApiErrorResponse" /system/webhooks/{webhook_type}/test: post: summary: Adds the capabilities to test a webhook delivery for the given notification type description: Loads the Webhook configuration for webhook_type, and sends the notification out as a test operationId: test_webhook x-anchore-authz-action: None tags: - System parameters: - name: webhook_type in: path required: true type: string description: The Webhook Type that we should test - name: notification_type in: query required: false description: What kind of Notification to send default: tag_update type: string enum: - tag_update - analysis_update - vuln_update - policy_eval responses: 200: description: The Webhook was sent successfully. Schemas may be found under Models (PolicyEvalNotification, TagUpdateNotification, VulnUpdateNotification, AnalysisUpdateNotification) 400: description: The Webhook failed to send due to misconfiguration schema: $ref: "#/definitions/ApiErrorResponse" 500: description: The Webhook failed to send due to an Internal Error schema: $ref: "#/definitions/ApiErrorResponse" x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.system /imports/images: post: tags: - Imports x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.image_imports operationId: create_operation x-anchore-authz-action: importImage summary: "Begin the import of an image analyzed by Syft into the system" produces: - "application/json" responses: 200: description: "success" schema: $ref: "#/definitions/ImageImportOperation" 500: description: "Internal Error" get: tags: - Imports x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.image_imports operationId: list_operations x-anchore-authz-action: importImage summary: "Lists in-progress imports" produces: - "application/json" responses: 200: description: "success" schema: $ref: "#/definitions/ImageImports" 500: description: "Internal Error" /imports/images/{operation_id}: get: tags: - Imports x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.image_imports operationId: get_operation x-anchore-authz-action: importImage summary: "Get detail on a single import" produces: - "application/json" parameters: - name: operation_id in: path type: string required: true responses: 200: description: "success" schema: $ref: "#/definitions/ImageImportOperation" 500: description: "Internal Error" delete: tags: - Imports x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.image_imports operationId: invalidate_operation x-anchore-authz-action: importImage summary: "Invalidate operation ID so it can be garbage collected" produces: - "application/json" parameters: - name: operation_id in: path type: string required: true responses: 200: description: "success" schema: $ref: "#/definitions/ImageImportOperation" 500: description: "Internal Error" /imports/images/{operation_id}/packages: get: tags: - Imports x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.image_imports operationId: list_import_packages x-anchore-authz-action: importImage summary: "List uploaded package manifests" produces: - "application/json" parameters: - name: operation_id in: path type: string required: true responses: 200: description: "success" schema: $ref: "#/definitions/ImportContentDigestList" 500: description: "Internal Error" post: tags: - Imports x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.image_imports operationId: import_image_packages x-anchore-authz-action: importImage summary: "Begin the import of an image analyzed by Syft into the system" produces: - "application/json" consumes: - "application/json" parameters: - name: operation_id in: path type: string required: true - name: sbom in: body required: true schema: $ref: "#/definitions/ImagePackageManifest" responses: 200: description: "success" schema: $ref: "#/definitions/ImageImportContentResponse" 500: description: "Internal Error" /imports/images/{operation_id}/dockerfile: get: tags: - Imports x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.image_imports operationId: list_import_dockerfiles x-anchore-authz-action: importImage summary: "List uploaded dockerfiles" produces: - "application/json" parameters: - name: operation_id in: path type: string required: true responses: 200: description: "success" schema: $ref: "#/definitions/ImportContentDigestList" 500: description: "Internal Error" post: tags: - Imports x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.image_imports operationId: import_image_dockerfile x-anchore-authz-action: importImage summary: "Begin the import of an image analyzed by Syft into the system" produces: - "application/json" consumes: - "text/plain; utf-8" parameters: - name: operation_id in: path type: string required: true - in: body name: contents required: true schema: type: string responses: 200: description: "success" schema: $ref: "#/definitions/ImageImportContentResponse" 500: description: "Internal Error" /imports/images/{operation_id}/manifest: get: tags: - Imports x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.image_imports operationId: list_import_image_manifests x-anchore-authz-action: importImage summary: "List uploaded image manifests" produces: - "application/json" parameters: - name: operation_id in: path type: string required: true responses: 200: description: "success" schema: $ref: "#/definitions/ImportContentDigestList" 500: description: "Internal Error" post: tags: - Imports x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.image_imports operationId: import_image_manifest x-anchore-authz-action: importImage summary: "Import a docker or OCI distribution manifest to associate with the image" produces: - "application/json" consumes: - "application/vnd.oci.image.manifest.v1+json" - "application/vnd.docker.distribution.manifest.v2+json" - "application/vnd.docker.distribution.manifest.v1+json" # Older Docker spec - "application/vnd.docker.distribution.manifest.v1+prettyjws" # Signed version parameters: - name: operation_id in: path type: string required: true - in: body name: contents required: true schema: type: object responses: 200: description: "success" schema: $ref: "#/definitions/ImageImportContentResponse" 500: description: "Internal Error" /imports/images/{operation_id}/parent_manifest: get: tags: - Imports x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.image_imports operationId: list_import_parent_manifests x-anchore-authz-action: importImage summary: "List uploaded parent manifests (manifest lists for a tag)" produces: - "application/json" parameters: - name: operation_id in: path type: string required: true responses: 200: description: "success" schema: $ref: "#/definitions/ImportContentDigestList" 500: description: "Internal Error" post: tags: - Imports x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.image_imports operationId: import_image_parent_manifest x-anchore-authz-action: importImage summary: "Import a docker or OCI distribution manifest list to associate with the image" produces: - "application/json" consumes: - "application/vnd.docker.distribution.manifest.list.v2+json" - "application/vnd.oci.image.index.v1+json" parameters: - name: operation_id in: path type: string required: true - in: body name: contents required: true schema: type: object responses: 200: description: "success" schema: $ref: "#/definitions/ImageImportContentResponse" 500: description: "Internal Error" /imports/images/{operation_id}/image_config: get: tags: - Imports x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.image_imports operationId: list_import_image_configs x-anchore-authz-action: importImage summary: "List uploaded image configs" produces: - "application/json" parameters: - name: operation_id in: path type: string required: true responses: 200: description: "success" schema: $ref: "#/definitions/ImportContentDigestList" 500: description: "Internal Error" post: tags: - Imports x-swagger-router-controller: anchore_engine.services.apiext.api.controllers.image_imports operationId: import_image_config x-anchore-authz-action: importImage summary: "Import a docker or OCI image config to associate with the image" produces: - "application/json" parameters: - name: operation_id in: path type: string required: true - in: body name: contents required: true schema: type: object responses: 200: description: "success" schema: $ref: "#/definitions/ImageImportContentResponse" 500: description: "Internal Error" definitions: PaginationProperties: type: object properties: page: type: string description: The page number returned (should match the requested page query string param) next_page: type: string description: True if additional pages exist (page + 1) or False if this is the last page returned_count: type: integer description: The number of items sent in this response description: Properties for common pagination handling to be included in any wrapping object that needs pagination elements PackageReference: type: object properties: name: type: string description: Package name version: type: string description: A version for the package. If null, then references all versions x-nullable: true type: type: string description: Package type (e.g. package, rpm, deb, apk, jar, npm, gem, ...) description: A record of a software item which is vulnerable or carries a fix for a vulnerability VulnerablePackageReference: type: object properties: name: type: string description: Package name version: type: string description: A version for the package. If null, then references all versions x-nullable: true type: type: string description: Package type (e.g. package, rpm, deb, apk, jar, npm, gem, ...) severity: type: string description: Severity of vulnerability affecting package namespace: type: string description: Vulnerability namespace of affected package description: A record of a software item which is vulnerable or carries a fix for a vulnerability StandaloneVulnerability: type: object properties: id: type: string description: Vulnerability identifier. May be CVE-X, RHSA-X, etc. Not necessarily unique across namespaces namespace: type: string description: The namespace for the vulnerability record to avoid conflicts for the same id in different distros or sources (e.g. deb vs ubuntu for same CVE) affected_packages: type: array description: The array of packages (typically packages) that are vulnerable-to or provide fixes-for this vulnerability items: $ref: '#/definitions/PackageReference' severity: type: string description: Severity label specific to the namepsace enum: - Unknown - Negligible - Low - Medium - High - Critical link: type: string description: URL for the upstream CVE record in the reporting source (e.g. ubuntu security tracker) nvd_data: $ref: "#/definitions/NvdDataList" vendor_data: $ref: "#/definitions/VendorDataList" description: type: string description: Description of the vulnerability if available references: type: array description: List of references including items: $ref: "#/definitions/VulnerabilityReference" description: A single vulnerability record in a single namespace, the unique key is the combination of the id and namespace VulnerabilityReference: description: An external link/reference type: object properties: source: type: string description: The reference source tags: type: array items: type: string url: type: string description: The reference url ImageReference: type: object properties: digest: type: string description: The image digest id: type: string description: The image id if available analyzed_at: type: string description: Timestamp, in rfc3339 format, indicating when the image state became 'analyzed' in Anchore Engine. tag_history: type: array items: $ref: '#/definitions/TagEntry' description: A summary of an image identity, including digest, id (if available), and any tags known to have ever been mapped to the digest TagEntry: type: object properties: pullstring: type: string description: The pullable string for the tag. E.g. "docker.io/library/node:latest" registry: type: string description: The registry hostname:port section of the pull string repository: type: string description: The repository section of the pull string tag: type: string description: The tag-only section of the pull string detected_at: type: string format: date-time description: The timestamp at which the Anchore Engine detected this tag was mapped to the image digest. Does not necessarily indicate when the tag was actually pushed to the registry. description: A docker-pullable tag value as well as deconstructed components VulnerableImage: type: object properties: image: $ref: '#/definitions/ImageReference' affected_packages: type: array items: $ref: '#/definitions/VulnerablePackageReference' description: A record of an image vulnerable to some known vulnerability. Includes vulnerable package information ImageWithPackages: type: object properties: image: $ref: '#/definitions/ImageReference' packages: type: array items: $ref: '#/definitions/PackageReference' description: An image record that contains packages PaginatedVulnerableImageList: allOf: - $ref: '#/definitions/PaginationProperties' - type: object properties: images: type: array items: $ref: '#/definitions/VulnerableImage' description: Pagination wrapped list of images with vulnerabilties that match some filter PaginatedVulnerabilityList: allOf: - $ref: '#/definitions/PaginationProperties' - type: object properties: vulnerabilities: type: array description: The listing of matching vulnerabilities for the query subject to pagination items: $ref: '#/definitions/StandaloneVulnerability' description: A paginated listing of vulnerability records sorted by ID in descending order PaginatedImageList: allOf: - $ref: '#/definitions/PaginationProperties' - type: object properties: images: type: array items: $ref: '#/definitions/ImageWithPackages' description: Pagination wrapped list of images that match some filter ImageAnalysisRequest: type: object description: A request to add an image to be watched and analyzed by the engine. Optionally include the dockerfile content. Either source, digest or tag must be present. properties: dockerfile: type: string description: Base64 encoded content of the dockerfile for the image, if available. Deprecated in favor of the 'source' field. pattern: "^[a-zA-Z0-9+/=]+$" digest: type: string description: "A digest string for an image, maybe a pull string or just a digest. e.g. nginx@sha256:123 or sha256:abc123. If a pull string, it must have same regisry/repo as the tag field. Deprecated in favor of the 'source' field" tag: type: string description: "Full pullable tag reference for image. e.g. docker.io/nginx:latest. Deprecated in favor of the 'source' field" created_at: type: string format: "date-time" description: "Optional override of the image creation time, only honored when both tag and digest are also supplied e.g. 2018-10-17T18:14:00Z. Deprecated in favor of the 'source' field" image_type: type: string description: Optional. The type of image this is adding, defaults to "docker". This can be ommitted until multiple image types are supported. annotations: type: object description: Annotations to be associated with the added image in key/value form source: $ref: "#/definitions/ImageSource" ImageSource: type: object description: A set of analysis source types. Only one may be set in any given request. properties: tag: $ref: "#/definitions/RegistryTagSource" digest: $ref: "#/definitions/RegistryDigestSource" archive: $ref: "#/definitions/AnalysisArchiveSource" import: $ref: "#/definitions/ImageImportManifest" RegistryTagSource: x-nullable: True type: object description: An image reference using a tag in a registry, this is the most common source type. required: - pullstring properties: pullstring: type: string description: A docker pull string (e.g. docker.io/nginx:latest, or docker.io/nginx@sha256:abd) to retrieve the image dockerfile: type: string description: Base64 encoded content of the dockerfile used to build the image, if available. pattern: "^[a-zA-Z0-9+/=]+$" RegistryDigestSource: x-nullable: True type: object description: An image reference using a digest in a registry, includes some extra tag and timestamp info in addition to the pull string to allow proper tag history reconstruction. required: - pullstring - tag properties: pullstring: type: string description: A digest-based pullstring (e.g. docker.io/nginx@sha256:123abc) tag: type: string description: A valid docker tag reference (e.g. docker.io/nginx:latest) that will be associated with the image but not used to pull the image. creation_timestamp_override: type: string format: date-time description: Optional override of the image creation time to support proper tag history construction in cases of out-of-order analysis compared to registry history for the tag dockerfile: type: string description: Base64 encoded content of the dockerfile used to build the image, if available. pattern: "^[a-zA-Z0-9+/=]+$" AnalysisArchiveSource: x-nullable: True type: object description: An image reference in the analysis archive for the purposes of loading analysis from the archive into th working set required: - digest properties: digest: type: string description: The image digest identify the analysis. Archived analyses are based on digest, tag records are restored as analysis is restored. pattern: "^sha256:[a-fA-F0-9]{64}$" LocalAnalysisSource: type: object properties: digest: type: string PolicyBundle: description: A bundle containing a set of policies, whitelists, and rules for mapping them to specific images type: object required: - id - version - policies - mappings properties: id: type: string description: Id of the bundle name: type: string description: Human readable name for the bundle comment: type: string description: Description of the bundle, human readable version: type: string description: Version id for this bundle format whitelists: description: Whitelists which define which policy matches to disregard explicitly in the final policy decision type: array items: $ref: "#/definitions/Whitelist" policies: description: Policies which define the go/stop/warn status of an image using rule matches on image properties type: "array" items: $ref: "#/definitions/Policy" mappings: description: Mapping rules for defining which policy and whitelist(s) to apply to an image based on a match of the image tag or id. Evaluated in order. type: "array" items: $ref: "#/definitions/MappingRule" whitelisted_images: description: List of mapping rules that define which images should always be passed (unless also on the blacklist), regardless of policy result. type: array items: $ref: "#/definitions/ImageSelectionRule" blacklisted_images: description: List of mapping rules that define which images should always result in a STOP/FAIL policy result regardless of policy content or presence in whitelisted_images type: array items: $ref: "#/definitions/ImageSelectionRule" WhitelistItem: type: object description: Identifies a specific gate and trigger match from a policy against an image and indicates it should be ignored in final policy decisions required: - gate - trigger_id properties: id: type: string gate: type: string trigger_id: type: string expires_on: type: string format: "date-time" pattern: ^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d+)?(?:\:\d+)?[A-Z]?$ PolicyRule: type: object description: A rule that defines and decision value if the match is found true for a given image. required: - gate - trigger - action properties: id: type: string gate: type: string trigger: type: string action: enum: - GO - STOP - WARN params: type: array items: type: object required: - name - value properties: name: type: string value: type: string Whitelist: type: object description: A collection of whitelist items to match a policy evaluation against. required: - id - version properties: id: type: string name: type: string version: type: string comment: type: string items: type: array items: $ref: "#/definitions/WhitelistItem" ImageRef: type: object description: A reference to an image required: - type - value properties: type: enum: - tag - digest - id value: type: string DeleteImageResponse: type: object description: Image deletion response containing status and details required: - digest - status properties: digest: type: string status: type: string description: Current status of the image deletion enum: - not_found - deleting - delete_failed detail: type: string DeleteImageResponseList: type: array description: A list of delete image responses items: $ref: "#/definitions/DeleteImageResponse" Policy: type: object required: - id - version properties: id: type: string name: type: string comment: type: string version: type: string rules: type: array items: $ref: "#/definitions/PolicyRule" ImageSelectionRule: type: object required: - "name" - "registry" - "repository" - "image" properties: id: type: string name: type: string registry: type: string repository: type: string image: $ref: "#/definitions/ImageRef" MappingRule: type: object required: - name - registry - repository - image properties: id: type: string name: type: string whitelist_ids: type: array items: type: string policy_id: type: string description: Optional single policy to evalute, if set will override any value in policy_ids, for backwards compatibility. Generally, policy_ids should be used even with a array of length 1. policy_ids: type: array description: List of policyIds to evaluate in order, to completion items: type: string description: PolicyId to evaluate registry: type: string repository: type: string image: $ref: "#/definitions/ImageRef" PolicyBundleRecord: description: A policy bundle plus some metadata type: object properties: created_at: type: string format: "date-time" last_updated: type: string format: "date-time" policyId: type: string description: The bundle's identifier active: type: boolean description: True if the bundle is currently defined to be used automatically userId: type: string description: UserId of the user that owns the bundle policy_source: type: string description: Source location of where the policy bundle originated policybundle: $ref: "#/definitions/PolicyBundle" PolicyBundleList: type: array description: List of PolicyBundleRecord objects items: $ref: "#/definitions/PolicyBundleRecord" ImageContent: type: object description: A metadata content record for a specific image, containing different content type entries ImageDetail: type: object description: A metadata detail record for a specific image. Multiple detail records may map a single catalog image. properties: created_at: type: string format: date-time last_updated: type: string format: date-time fulltag: description: "Full docker-pullable tag string referencing the image" type: string fulldigest: description: "Full docker-pullable digest string including the registry url and repository necessary get the image" type: string userId: type: string imageId: type: string registry: type: string repo: type: string dockerfile: type: string x-nullable: True imageDigest: type: string description: The parent Anchore Image record to which this detail maps AnchoreImageTagSummaryList: description: a list of AnchoreImageTagSummary objects type: array items: $ref: "#/definitions/AnchoreImageTagSummary" AnchoreImageTagSummary: description: A unique image in the engine. type: object properties: imageDigest: type: string parentDigest: type: string imageId: type: string analysis_status: type: string fulltag: type: string created_at: type: integer analyzed_at: type: integer tag_detected_at: type: integer image_status: type: string AnchoreImage: description: A unique image in the engine. May have multiple tags or references. Unique to an image content across registries or repositories. type: object properties: image_content: $ref: "#/definitions/ImageContent" image_detail: type: array description: Details specific to an image reference and type such as tag and image source items: $ref: "#/definitions/ImageDetail" last_updated: type: string format: date-time created_at: type: string format: date-time imageDigest: type: string userId: type: string annotations: type: object image_status: type: string description: State of the image enum: - active - inactive - disabled analysis_status: type: string description: A state value for the current status of the analysis progress of the image enum: - not_analyzed - analyzing - analyzed - analysis_failed AnchoreImageList: description: A list of Anchore Images type: array items: $ref: "#/definitions/AnchoreImage" SystemStatusResponse: type: object description: System status response properties: service_states: $ref: "#/definitions/ServiceList" StatusResponse: type: object description: System status response properties: available: type: boolean busy: type: boolean up: type: boolean message: type: string version: type: string db_version: type: string detail: type: object ImageAnalysisReport: description: "Analysis report json to be imported" type: object ApiErrorResponse: description: "Generic HTTP API error response" type: object properties: code: type: integer format: int32 error_type: type: "string" message: type: "string" detail: type: object description: Details structure for additional information about the error if available. Content and structure will be error specific. Service: description: "A service status record" type: object properties: hostid: type: string description: The unique id of the host on which the service is executing servicename: type: string description: Registered service name base_url: type: string description: The url to reach the service, including port as needed status_message: type: string description: A state indicating the condition of the service. Normal operation is 'registered' service_detail: $ref: "#/definitions/StatusResponse" status: type: boolean version: type: string description: The version of the service as reported by the service implementation on registration ServiceList: description: A list of service objects type: array items: $ref: "#/definitions/Service" ContentResponse: type: object description: "Generic wrapper for content listings from images" properties: imageDigest: type: string content_type: type: string content: type: array items: type: object ContentFilesResponse: type: object description: "File content listings from images" properties: imageDigest: type: string content_type: type: string content: type: array items: type: object properties: filename: type: string gid: type: integer linkdest: type: string x-nullable: True mode: type: string sha256: type: string x-nullable: True size: type: integer type: type: string uid: type: integer ContentPackageResponse: type: object description: "Package content listings from images" properties: imageDigest: type: string content_type: type: string content: type: array items: type: object properties: package: type: string version: type: string size: type: string type: type: string origin: type: string license: type: string description: Deprecated in favor of the 'licenses' field" licenses: type: array items: type: string location: type: string ContentMalwareResponse: type: object description: Malware listing response properties: imageDigest: type: string content_type: type: string content: description: List of malware scan results, one per scanner configured to run type: array items: $ref: '#/definitions/MalwareScan' MalwareScan: description: A single scan from a scanner type: object properties: enabled: type: boolean description: Indicates if the scanner is enabled scanner: type: string description: The name of the scanner that produced the finding metadata: type: object description: Open schema for scanner-specific metadata related to the scan result findings: type: array items: type: object properties: path: type: string description: A path for a file in the image's rootfs signature: type: string description: The malware signature found at the path ContentJAVAPackageResponse: type: object description: "Java package content listings from images" properties: imageDigest: type: string content_type: type: string content: type: array items: type: object properties: package: type: string implementation-version: type: string specification-version: type: string maven-version: type: string location: type: string type: type: string origin: type: string MetadataResponse: type: object description: "Generic wrapper for metadata listings from images" properties: imageDigest: type: string metadata_type: type: string metadata: {} PolicyEvaluation: description: Evaluation response object type: object PolicyEvaluationList: description: Evaluation response object type: array items: $ref: "#/definitions/PolicyEvaluation" SubscriptionUpdate: description: A modification to a subscription entry to change its status or value type: object properties: subscription_value: type: string x-nullable: True description: The new subscription value, e.g. the new tag to be subscribed to active: type: boolean description: Toggle the subscription processing on or off SubscriptionRequest: description: A subscription entry to add to the system type: object properties: subscription_key: type: string subscription_value: type: string x-nullable: True subscription_type: type: string Subscription: description: Subscription entry type: object properties: subscription_key: type: string description: The key value that the subscription references. E.g. a tag value or a repo name. subscription_type: type: string description: The type of the subscription subscription_value: type: string x-nullable: True description: The value of the subscription target userId: type: string description: The userId of the subscribed user active: type: boolean description: Is the subscription currently active subscription_id: type: string description: the unique id for this subscription record SubscriptionList: description: List of subscriptions type: array items: $ref: "#/definitions/Subscription" RepositoryTagList: description: List of discovered tags in a repository type: array items: type: string RegistryConfigurationList: description: List of registry configurations type: array items: $ref: "#/definitions/RegistryConfiguration" RegistryConfigurationRequest: description: A registry record describing the endpoint and credentials for a registry type: object properties: registry_user: type: string description: Username portion of credential to use for this registry registry_pass: type: string description: Password portion of credential to use for this registry registry_type: type: string description: Type of registry registry: type: string description: hostname:port string for accessing the registry, as would be used in a docker pull operation. May include some or all of a repository and wildcards (e.g. docker.io/library/* or gcr.io/myproject/myrepository) registry_name: type: string description: human readable name associated with registry record registry_verify: type: boolean description: Use TLS/SSL verification for the registry URL RegistryConfiguration: description: A registry entry describing the endpoint and credentials for a registry to pull images from type: object properties: created_at: type: string format: "date-time" last_upated: type: string format: "date-time" registry_user: type: string description: Username portion of credential to use for this registry registry_type: type: string description: Type of registry userId: type: string description: Engine user that owns this registry entry registry: type: string description: hostname:port string for accessing the registry, as would be used in a docker pull operation registry_name: type: string description: human readable name associated with registry record registry_verify: type: boolean description: Use TLS/SSL verification for the registry URL Vulnerability: type: object properties: vuln: type: string description: The vulnerability identifier, such as CVE-2017-100, or RHSA-2017123 fix: type: string description: The package containing a fix, if available severity: type: string description: The severity of the vulnerability package: type: string description: The package name and version that are vulnerable in the image url: type: string description: The url for more information about the vulnerability feed: type: string description: The name of the feed where vulnerability match was made feed_group: type: string description: The name of the feed group where vulnerability match was made package_name: type: string description: The name of the vulnerable package artifact package_version: type: string description: The version of the vulnerable package artifact package_type: type: string description: The type of vulnerable package package_cpe: type: string description: The CPE string (if applicable) describing the package to vulnerability match package_path: type: string description: The location (if applicable) of the vulnerable package in the container filesystem nvd_data: $ref: "#/definitions/NvdDataList" vendor_data: $ref: "#/definitions/VendorDataList" NvdDataList: type: array description: List of Nvd Data objects items: $ref: "#/definitions/NvdDataObject" NvdDataObject: type: object properties: id: type: string description: NVD Vulnerability ID cvss_v2: $ref: "#/definitions/CVSSV2Scores" cvss_v3: $ref: "#/definitions/CVSSV3Scores" VendorDataList: type: array description: List of Vendor Data objects items: $ref: "#/definitions/VendorDataObject" VendorDataObject: type: object properties: id: type: string description: Vendor Vulnerability ID cvss_v2: $ref: "#/definitions/CVSSV2Scores" cvss_v3: $ref: "#/definitions/CVSSV3Scores" CVSSV2Scores: type: object properties: base_score: type: number x-nullable: True exploitability_score: type: number x-nullable: True impact_score: type: number x-nullable: True CVSSV3Scores: type: object properties: base_score: type: number x-nullable: True exploitability_score: type: number x-nullable: True impact_score: type: number x-nullable: True VulnerabilityList: type: array description: List of Vulnerability objects items: $ref: "#/definitions/Vulnerability" VulnerabilityResponse: description: envelope containing list of vulnerabilities type: object properties: imageDigest: type: string vulnerability_type: type: string vulnerabilities: $ref: "#/definitions/VulnerabilityList" ImageFilter: type: object description: Filter for an image list by id, tag, or digest, but not both properties: tag: type: string digest: type: string AnchoreErrorCode: type: object description: A description of an anchore error code (name, description) properties: name: type: string description: Error code name description: type: string description: Description of the error code GateSpec: type: object description: A description of the set of gates available in this engine and the triggers and parameters supported properties: name: type: string description: Gate name, as it would appear in a policy document description: type: string description: Description of the gate state: type: string description: State of the gate and transitively all triggers it contains if not 'active' enum: - active - deprecated - eol superceded_by: type: string x-nullable: True description: The name of another trigger that supercedes this on functionally if this is deprecated triggers: type: array description: List of the triggers that can fire for this Gate items: $ref: "#/definitions/TriggerSpec" TriggerSpec: type: object description: Definition of a trigger and its parameters properties: name: type: string description: Name of the trigger as it would appear in a policy document description: type: string description: Trigger description for what it tests and when it will fire during evaluation state: type: string description: State of the trigger enum: - active - deprecated - eol superceded_by: type: string x-nullable: True description: The name of another trigger that supercedes this on functionally if this is deprecated parameters: type: array description: The list of parameters that are valid for this trigger items: $ref: "#/definitions/TriggerParamSpec" TriggerParamSpec: type: object properties: name: type: string description: Parameter name as it appears in policy document description: type: string example: type: string x-nullable: True description: An example value for the parameter (encoded as a string if the parameter is an object or list type) state: type: string description: State of the trigger parameter enum: - active - deprecated - eol superceded_by: type: string x-nullable: True description: The name of another trigger that supercedes this on functionally if this is deprecated required: description: Is this a required parameter or optional type: boolean validator: type: object description: If present, a definition for validation of input. Typically a jsonschema object that can be used to validate an input against. FeedMetadata: type: object description: Metadata on a single feed based on what the engine finds from querying the endpoints properties: name: type: string description: name of the feed created_at: type: string format: date-time description: Date the metadata record was created in engine (first seen on source) updated_at: type: string format: date-time description: Date the metadata was last updated groups: type: array items: $ref: "#/definitions/FeedGroupMetadata" last_full_sync: type: string format: date-time FeedGroupMetadata: type: object properties: name: type: string created_at: type: string format: date-time last_sync: type: string format: date-time record_count: type: integer EventResponse: type: object description: A record of occurance of an asynchronous event triggered either by system or by user activity properties: generated_uuid: type: string created_at: type: string format: date-time event: type: object properties: source: type: object properties: servicename: type: string hostid: type: string base_url: type: string request_id: type: string resource: type: object properties: user_id: type: string id: type: string type: type: string type: type: string category: type: string level: type: string message: type: string details: type: object timestamp: type: string format: date-time EventsList: type: object description: Response envelope for paginated listing of events properties: results: description: List of events type: array items: $ref: "#/definitions/EventResponse" next_page: description: Boolean flag, True indicates there are more events and False otherwise type: boolean item_count: description: Number of events in this page type: integer page: description: Page number of this result set type: integer AccountCreationRequest: type: object description: An account to create/add to the system. If already exists will return 400. required: - name properties: name: type: string description: The account name to use. This will identify the account and must be globally unique in the system. pattern: ^[a-zA-Z0-9][a-zA-Z0-9@.!#$+-=^_`~;]{1,126}[a-zA-Z0-9]$ email: type: string description: An optional email to associate with the account for contact purposes pattern: "[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?" Account: type: object description: Account information required: - name properties: name: type: string description: The account identifier, not updatable after creation type: type: string description: The user type (admin vs user). If not specified in a POST request, 'user' is default enum: - user - admin - service state: type: string enum: - enabled - disabled - deleting description: State of the account. Disabled accounts prevent member users from logging in, deleting accounts are disabled and pending deletion and will be removed once all owned resources are garbage collected by the system email: type: string description: Optional email address associated with the account created_at: type: string format: date-time description: The timestamp when the account was created last_updated: type: string format: date-time description: The timestamp of the last update to the account metadata itself (not users or creds) AccountStatus: type: object description: A summary of account status properties: state: type: string enum: - enabled - disabled description: The status of the account User: type: object description: A username for authenticating with one or more types of credentials. User type defines the expected credentials allowed for the user. Native users have passwords, External users have no credential internally. Internal users are service/system users for inter-service communication. required: - username properties: username: description: The username to authenticate with type: string type: description: The user's type type: string enum: - native - internal - external source: description: If the user is external, this is the source that the user was initialized from. All other user types have this set to null type: string created_at: description: The timestampt the user record was created type: string format: date-time last_updated: description: The timestamp of the last update to this record type: string format: date-time UserCreationRequest: type: object description: A payload for creating a new user, includes the username and password in a single request required: - username - password properties: username: description: The username to create type: string pattern: ^[a-zA-Z0-9][a-zA-Z0-9@.!#$+-=^_`~;]{1,126}[a-zA-Z0-9]$ password: description: The initial password for the user, must be at least 6 characters, up to 128 type: string pattern: '.{6,128}$' AccessCredential: type: object description: A login credential mapped to a user identity. For password credentials, the username to present for Basic auth is the user's username from the user record required: - type - value properties: type: description: The type of credential type: string enum: - password value: description: The credential value (e.g. the password) type: string created_at: type: string description: The timestamp of creation of the credential AccountList: type: array items: $ref: "#/definitions/Account" UserList: type: array items: $ref: "#/definitions/User" CredentialList: type: array items: $ref: "#/definitions/AccessCredential" ServiceVersion: type: object description: Version information for a service properties: service: type: object properties: version: type: string description: Semantic Version string of the service implementation api: type: object description: Api Version string properties: version: type: string description: Semantic version of the api db: type: object properties: schema_version: type: string description: Semantic version of the db schema ArchiveSummary: type: object description: A summarization of the available archives, a place to for long-term storage of audit, analysis, or other data to remove it from the system's working set but keep it available. properties: images: $ref: "#/definitions/AnalysisArchiveSummary" rules: $ref: "#/definitions/AnalysisArchiveRulesSummary" AnalysisArchiveSummary: type: object description: A summarization of the analysis archive, including size, counts, etc. This archive stores image analysis only, never the actual image content or layers. properties: total_image_count: type: integer description: The number of unique images (digests) in the archive total_tag_count: type: integer description: The number of tag records (registry/repo:tag pull strings) in the archive. This may include repeated tags but will always have a unique tag->digest mapping per record. total_data_bytes: type: integer description: The total sum of all the bytes stored to the backing storage. Accounts for anchore-applied compression, but not compression by the underlying storage system. last_updated: type: string description: The timestamp of the most recent archived image format: date-time AnalysisArchiveRulesSummary: type: object description: Summary of the transition rule set properties: count: type: integer description: The number of rules for this account last_updated: type: string description: The newest last_updated timestamp from the set of rules format: date-time ImageAnalysisReferences: type: array description: List of image digests to archive items: type: string description: Image digest AddAnalysisArchiveResult: type: array description: List of analysis archive add results items: $ref: "#/definitions/AnalysisArchiveAddResult" AnalysisArchiveAddResult: type: object description: The result of adding a single digest to the archive properties: digest: type: string description: The image digest requested to be added status: type: string description: The status of the archive add operation. Typically either 'archived' or 'error' enum: - archived - archiving - error detail: type: string description: Details on the status, e.g. the error message ArchivedAnalyses: type: array description: List of archived analyses items: $ref: "#/definitions/ArchivedAnalysis" ArchivedAnalysis: type: object properties: imageDigest: type: string description: The image digest (digest of the manifest describing the image, per docker spec) parentDigest: type: string description: The digest of a parent manifest (for manifest-list images) annotations: type: object description: User provided annotations as key-value pairs status: description: The archival status type: string enum: - archiving - archived - deleting - deleted image_detail: description: List of tags associated with the image digest type: array items: $ref: "#/definitions/TagEntry" created_at: type: string format: date-time last_updated: type: string format: date-time analyzed_at: type: string format: date-time archive_size_bytes: type: integer description: The size, in bytes, of the analysis archive file AnalysisArchiveRules: type: array description: Rule set for automatic archiving of system objects and flushing of archived objects (permament delete). items: $ref: "#/definitions/AnalysisArchiveTransitionRule" AnalysisArchiveTransitionRule: type: object description: A rule for auto-archiving image analysis by time and/or tag-history required: - transition properties: selector: $ref: "#/definitions/ImageSelector" tag_versions_newer: type: integer description: Number of images mapped to the tag that are newer analysis_age_days: type: integer description: Matches if the analysis is strictly older than this number of days transition: type: string description: The type of transition to make. If "archive", then archive an image from the working set and remove it from the working set. If "delete", then match against archived images and delete from the archive if match. enum: - archive - delete system_global: type: boolean description: True if the rule applies to all accounts in the system. This is only available to admin users to update/modify, but all users with permission to list rules can see them created_at: type: string format: date-time last_updated: type: string format: date-time exclude: $ref: "#/definitions/AnalysisArchiveTransitionRuleExclude" max_images_per_account: type: integer description: This is the maximum number of image analyses an account can have. Can only be set on system_global rules AnalysisArchiveTransitionRuleExclude: type: object description: Which Images to exclude from auto-archiving logic properties: selector: $ref: "#/definitions/ImageSelector" expiration_days: type: integer description: How long the image selected will be excluded from the archive transition default: -1 AnalysisArchiveTransitionHistory: type: object description: A rule for auto-archiving image analysis by time and/or tag-history properties: transition_task_id: type: string description: The task that created & updated this entry rule_id: type: string imageDigest: type: string transition: type: string enum: - archive - delete created_at: type: string format: date-time last_updated: type: string format: date-time ImageSelector: description: A set of selection criteria to match an image by a tagged pullstring based on its components, with regex support in each field type: object properties: registry: type: string description: The registry section of a pull string. e.g. with "docker.io/anchore/anchore-engine:latest", this is "docker.io" repository: type: string description: The repository section of a pull string. e.g. with "docker.io/anchore/anchore-engine:latest", this is "anchore/anchore-engine" tag: type: string description: The tag-only section of a pull string. e.g. with "docker.io/anchore/anchore-engine:latest", this is "latest" FeedSyncResults: description: An array of feed sync summaries representing the result of an explicit feed sync operation type: array items: $ref: "#/definitions/FeedSyncResult" FeedSyncResult: description: The result of a sync of a single feed type: object properties: feed: type: string description: The name of the feed synced status: type: string description: The result of the sync operations, either co enum: - success - failure total_time_seconds: type: number description: The duratin, in seconds, of the sync of the feed, the sum of all the group syncs groups: type: array description: Array of group sync results items: $ref: "#/definitions/GroupSyncResult" GroupSyncResult: type: object properties: group: type: string description: The name of the group status: type: string enum: - success - failure updated_image_count: type: integer description: The number of images updated by the this group sync, across all accounts. This is typically only non-zero for vulnerability feeds which update images' vulnerability results during the sync. updated_record_count: type: integer description: The number of feed data records synced down as either updates or new records total_time_seconds: type: number description: The duration of the group sync in seconds TokenResponse: type: object required: - token properties: token: type: string description: The token content RetrievedFile: type: object description: The retrieved file entry including content (b64 encoded) properties: path: type: string b64_content: type: string RetrievedFileList: type: array description: Simple array of RetrievedFileMetadata objects items: $ref: "#/definitions/RetrievedFile" SecretSearchResult: type: object description: The retrieved file entry including content (b64 encoded) properties: path: type: string matches: type: array items: $ref: "#/definitions/RegexContentMatch" SecretSearchList: type: array description: Simple array of RetrievedFileMetadata objects items: $ref: "#/definitions/SecretSearchResult" FileContentSearchResult: type: object description: The retrieved file entry including content (b64 encoded) properties: path: type: string matches: type: array items: $ref: "#/definitions/RegexContentMatch" FileContentSearchList: type: array description: Simple array of RetrievedFileMetadata objects items: $ref: "#/definitions/FileContentSearchResult" RegexContentMatch: type: object description: Match of a named regex on a file properties: name: type: string description: The name associated with the regular expression regex: type: string description: The regular expression used for the match lines: type: array description: A list of line numbers in the file that matched the regex items: type: integer EventTypesList: type: array description: Array of EventCategory objects items: $ref: "#/definitions/EventCategory" EventCategory: type: object description: A collection of event subcategories properties: category: type: string description: type: string subcategories: type: array items: $ref: "#/definitions/EventSubcategory" EventSubcategory: type: object description: A collection of events related to each other properties: name: type: string description: type: string events: type: array items: $ref: "#/definitions/EventDescription" EventDescription: type: object description: A description of an event type properties: name: type: string description: The event type. The last component of the fully-qualified event_type (category.subcategory.event) type: type: string description: The fully qualified event type as would be seen in the event payload message: type: string description: The message associated with the event type resource_type: type: string description: The type of resource this event is generated from NotificationBase: type: object description: base object for Notifications (every notification has this basic structure) properties: queueId: type: string userId: type: string dataId: type: string created_at: type: integer last_updated: type: integer record_state_key: type: string default: "active" record_state_val: type: string x-nullable: true tries: type: integer max_tries: type: integer PolicyEvalNotification: allOf: - $ref: "#/definitions/NotificationBase" - type: object description: The Notification Object definition for Policy Eval Notifications properties: data: $ref: "#/definitions/PolicyEvalNotificationData" TagUpdateNotification: allOf: - $ref: "#/definitions/NotificationBase" - type: object description: The Notification Object definition for Tag Update Notifications properties: data: $ref: "#/definitions/TagUpdateNotificationData" VulnUpdateNotification: allOf: - $ref: "#/definitions/NotificationBase" - type: object description: The Notification Object definition for Tag Update Notifications properties: data: $ref: "#/definitions/VulnUpdateNotificationData" AnalysisUpdateNotification: allOf: - $ref: "#/definitions/NotificationBase" - type: object description: The Notification Object definition for Tag Update Notifications properties: data: $ref: "#/definitions/AnalysisUpdateNotificationData" BaseNotificationData: type: object description: Every notification has a payload, which follows this basic structure properties: notification_user: type: string notification_user_email: type: string notification_type: type: string PolicyEvalNotificationData: allOf: - $ref: "#/definitions/BaseNotificationData" - type: object properties: notification_payload: $ref: "#/definitions/PolicyEvalNotificationPayload" TagUpdateNotificationData: allOf: - $ref: "#/definitions/BaseNotificationData" - type: object properties: notification_payload: $ref: "#/definitions/TagUpdateNotificationPayload" VulnUpdateNotificationData: allOf: - $ref: "#/definitions/BaseNotificationData" - type: object properties: notification_payload: $ref: "#/definitions/VulnUpdateNotificationPayload" AnalysisUpdateNotificationData: allOf: - $ref: "#/definitions/BaseNotificationData" - type: object properties: notification_payload: $ref: "#/definitions/AnalysisUpdateNotificationPayload" GenericNotificationPayload: type: object description: Parent class for Notification Payloads properties: userId: type: string subscription_key: type: string subscription_type: type: string notificationId: type: string PolicyEvalNotificationPayload: allOf: - $ref: "#/definitions/GenericNotificationPayload" - type: object properties: curr_eval: type: object description: The Current Policy Evaluation result last_eval: type: object description: The Previous Policy Evaluation result annotations: type: object description: List of Corresponding Image Annotations x-nullable: true TagUpdateNotificationPayload: allOf: - $ref: "#/definitions/GenericNotificationPayload" - type: object properties: curr_eval: type: array items: {} description: A list containing the current image digest last_eval: type: array items: {} description: A list containing the previous image digests annotations: type: object description: List of Corresponding Image Annotations x-nullable: true VulnUpdateNotificationPayload: allOf: - $ref: "#/definitions/GenericNotificationPayload" - type: object properties: diff_vulnerability_result: $ref: "#/definitions/VulnDiffResult" imageDigest: type: string annotations: type: object description: List of Corresponding Image Annotations x-nullable: true AnalysisUpdateNotificationPayload: allOf: - $ref: "#/definitions/GenericNotificationPayload" - type: object properties: curr_eval: $ref: "#/definitions/AnalysisUpdateEval" last_eval: $ref: "#/definitions/AnalysisUpdateEval" annotations: type: object description: List of Corresponding Image Annotations x-nullable: true VulnDiffResult: type: object description: The results of the comparing two vulnerability records during an update properties: added: type: array items: {} updated: type: array items: {} removed: type: array items: {} AnalysisUpdateEval: type: object description: Evaluation Results for an entity (current or last) properties: analysis_status: type: string annotations: type: object image_digest: type: string ImageImportOperation: type: object description: An import record, creating a unique identifier for referencing the operation as well as its state properties: uuid: type: string status: type: string enum: - pending - queued - processing - complete - failed - expired expires_at: type: string format: date-time created_at: type: string format: date-time ImageImportContentResponse: type: object properties: digest: type: string created_at: type: string format: date-time ImageContentDeleteResponse: type: object ImageImportManifest: x-nullable: True type: object properties: contents: $ref: "#/definitions/ImportContentDigests" tags: type: array items: type: string description: Full docker reference tags example: "docker.io/library/nginx:latest" digest: type: string parent_digest: type: string description: The digest of the images's manifest-list parent if it was accessed from a multi-arch tag where the tag pointed to a manifest-list. This allows preservation of that relationship in the data local_image_id: type: string description: An "imageId" as used by Docker if available operation_uuid: type: string ImportContentDigests: type: object required: - packages - manifest - image_config description: Digest of content to use in the final import properties: packages: type: string description: Digest to use for the packages content image_config: type: string description: Digest for reference content for image config manifest: type: string description: Digest to reference content for the image manifest parent_manifest: type: string description: Digest for reference content for parent manifest dockerfile: type: string description: Digest for reference content for dockerfile Annotations: type: object description: Simple key/value pairs where the value may be optional ImageImports: type: array items: $ref: "#/definitions/ImageImportOperation" ImportContentDigestList: type: array items: type: string description: String digest of an uploaded content ImagePackageManifest: required: - artifacts - source - distro properties: artifacts: items: "$ref": "#/definitions/ImportPackage" type: array source: "$ref": "#/definitions/ImportSource" distro: "$ref": "#/definitions/ImportDistribution" descriptor: "$ref": "#/definitions/ImportDescriptor" schema: "$ref": "#/definitions/ImportSchema" artifactRelationships: items: "$ref": "#/definitions/ImportPackageRelationship" type: array additionalProperties: true type: object ImportDescriptor: required: - name - version properties: name: type: string version: type: string additionalProperties: true type: object ImportDistribution: required: - name - version - idLike properties: name: type: string version: type: string idLike: type: string additionalProperties: true type: object ImportPackageLocation: required: - path properties: path: type: string layerID: type: string additionalProperties: true type: object ImportPackage: required: - name - version - type - locations - licenses - language - cpes - metadataType properties: id: type: string name: type: string version: type: string type: type: string foundBy: type: string locations: items: "$schema": http://json-schema.org/draft-04/schema# "$ref": "#/definitions/ImportPackageLocation" type: array licenses: items: type: string type: array language: type: string cpes: items: type: string type: array purl: type: string metadataType: type: string metadata: type: object additionalProperties: true type: object ImportSchema: required: - version - url properties: version: type: string url: type: string additionalProperties: true type: object ImportSource: required: - type - target properties: type: type: string target: additionalProperties: true additionalProperties: true type: object ImportPackageRelationship: required: - parent - child - type properties: parent: type: string child: type: string type: type: string metadata: additionalProperties: true type: object additionalProperties: true type: object