swagger: '2.0' info: description: This is the Anchore API. Provides the external API for users of Anchore Enterprise. version: 2.0.0 title: Anchore Enterprise API contact: email: dev@anchore.com tags: - name: Subscriptions description: Subscription Management - name: Policies description: Policy Management - name: Images description: Image Management - name: Vulnerabilities description: Vulnerability checks and reports - name: Policy Evaluation description: Evaluate images against policies - name: Registries description: Registry Management - name: System description: System Management - name: Summaries description: Resource Summaries - name: Events description: View and delete events - name: User Management description: Manage Accounts, Users, and Credentials - name: Identity description: Get and operate on the authenticated user's identity - name: Archives description: Data Archiving Management - name: Alerts description: Account-level alerting - name: Applications description: Applications - name: Corrections description: CPE corrections - name: Inventories description: Runtime cluster inventory - name: Actions description: Action remediation plans - name: Imports description: Import SBOMs - name: Sources description: Source management - name: Relationships description: Relationship definitions between artifacts - name: Reports description: Reports and metrics interface - name: Notifications description: Notification Endpoint Management - name: RBAC description: RBAC Management basePath: / schemes: - http - https consumes: - application/json produces: - application/json parameters: AsAccountParameter: name: x-anchore-account in: header required: false type: string description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) paths: /: get: tags: - System x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.system operationId: ping x-anchore-authz-action: None description: Simple status check responses: 200: description: Version check response, returns the api version prefix (e.g. 'v2') schema: type: string /account: get: tags: - Identity x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.accounts operationId: get_users_account x-anchore-authz-action: getAccount summary: List the account for the authenticated user responses: 200: description: User details for caller's user schema: $ref: '#/definitions/Account' 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' /accounts: get: tags: - User Management x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.accounts operationId: list_accounts x-anchore-authz-action: listAccounts summary: List account summaries. Only available to the system admin user. parameters: - name: state in: query type: string enum: - enabled - disabled - deleting required: false description: Filter accounts by state responses: 200: description: Account summary listing schema: $ref: '#/definitions/AccountList' 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' post: tags: - User Management x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.accounts operationId: create_account x-anchore-authz-action: createAccount summary: Create a new account. Only available to admin user. parameters: - name: account in: body required: true schema: $ref: '#/definitions/AccountCreationRequest' responses: 200: description: Account Record schema: $ref: '#/definitions/Account' 409: description: Conflicting user information. User already exists. schema: $ref: '#/definitions/ApiErrorResponse' 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' /accounts/{account_name}: get: tags: - User Management x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.accounts operationId: get_account x-anchore-authz-action: getAccount summary: Get account info about this specific account. parameters: - name: account_name in: path format: path required: true type: string responses: 200: description: Get user information schema: $ref: '#/definitions/Account' 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' put: tags: - User Management x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.accounts operationId: update_account x-anchore-authz-action: updateAccount summary: Update the info for this specific account. parameters: - name: account_name in: path format: path required: true type: string - name: info in: body required: true schema: $ref: '#/definitions/AccountInfo' - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Returns the account information schema: $ref: '#/definitions/Account' 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' delete: tags: - User Management x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.accounts operationId: delete_account x-anchore-authz-action: deleteAccount summary: Delete the specified account, only allowed if the account is in the disabled state. All users will be deleted along with the account and all resources will be garbage collected parameters: - name: account_name in: path format: path required: true type: string responses: 204: description: Successful deletion 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' /accounts/{account_name}/state: put: tags: - User Management x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.accounts operationId: update_account_state x-anchore-authz-action: updateAccount summary: Update the state of an account to either enabled or disabled. For deletion use the DELETE route parameters: - name: account_name in: path format: path required: true type: string - name: desired_state in: body required: true schema: $ref: '#/definitions/AccountStatus' responses: 200: description: Updated state of the account schema: $ref: '#/definitions/AccountStatus' 400: description: State requested is invalid based on current state of the account schema: $ref: '#/definitions/ApiErrorResponse' 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' /accounts/{account_name}/users: get: tags: - User Management x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.accounts operationId: list_users x-anchore-authz-action: listUsers summary: List of users found in this account. parameters: - name: account_name in: path format: path type: string required: true responses: 200: description: User listing schema: type: array description: List of user credential records items: $ref: '#/definitions/User' 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' post: tags: - User Management x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.accounts operationId: create_user x-anchore-authz-action: createUser summary: Create a new user within the specified account. parameters: - name: account_name in: path format: path type: string required: true - name: user in: body required: true schema: $ref: '#/definitions/UserCreationRequest' responses: 200: description: Credential summary schema: $ref: '#/definitions/User' /accounts/{account_name}/users/{username}: delete: tags: - User Management x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.accounts operationId: delete_user x-anchore-authz-action: deleteUser summary: Delete a specific user credential by username of the credential. Cannot be the credential used to authenticate the request. parameters: - name: account_name type: string in: path format: path required: true - name: username type: string in: path format: path required: true responses: 204: description: Deleted credential 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' get: tags: - User Management x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.accounts operationId: get_account_user x-anchore-authz-action: getUser summary: Get a specific user in the specified account parameters: - name: account_name type: string in: path format: path required: true - name: username type: string in: path format: path required: true responses: 200: description: User record schema: $ref: '#/definitions/User' 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' /accounts/{account_name}/users/{username}/credentials: get: tags: - User Management summary: Get current credential summary parameters: - name: account_name in: path format: path type: string required: true - name: username in: path format: path type: string required: true responses: 200: description: User credential listing schema: $ref: '#/definitions/CredentialList' 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' operationId: list_user_credentials x-anchore-authz-action: getUser x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.accounts post: tags: - User Management operationId: create_user_credential x-anchore-authz-action: updateUser x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.accounts summary: add/replace credential parameters: - name: account_name in: path format: path type: string required: true - name: username in: path format: path type: string required: true - name: credential in: body required: true schema: $ref: '#/definitions/AccessCredential' responses: 200: description: Add a credential, overwriting if already exists schema: $ref: '#/definitions/AccessCredential' 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' delete: tags: - User Management summary: Delete a credential by type operationId: delete_user_credential x-anchore-authz-action: updateUser x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.accounts parameters: - name: account_name in: path format: path type: string required: true - name: username in: path format: path type: string required: true - name: credential_type type: string in: query required: true enum: - password responses: 204: description: Successful deletion 400: description: Conflict, cannot delete the credential used to authenticate this request 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' /actions: get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.actions operationId: get_action_plans x-anchore-authz-action: getActions summary: Gets a list of submitted action (remediation) plans description: Retrieves a list of action plans that have been completed produces: - application/json parameters: - name: image_tag in: query type: string - name: image_digest in: query type: string - name: created_after in: query type: string format: date-time description: RFC 3339 formatted UTC timestamp to filter out action plans that were only created after this date - $ref: '#/parameters/AsAccountParameter' responses: 200: description: success schema: $ref: '#/definitions/ActionPlans' 500: description: Internal Error tags: - Actions post: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.actions operationId: add_action_plan x-anchore-authz-action: addAction summary: Submits an Action Plan description: Submits an Action Plan and saves upon completion produces: - application/json parameters: - name: action_plan in: body required: true schema: $ref: '#/definitions/ActionPlan' responses: 200: description: success schema: $ref: '#/definitions/ActionPlan' 500: description: Internal Error tags: - Actions /alerts/compliance-violations: get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.alerts operationId: get_compliance_violation_alerts x-anchore-authz-action: listAlerts summary: List all compliance violation alerts scoped to the account description: Returns a paginated list of compliance violation alerts in chronological order from the most to least recently generated alerts. Return alerts in the open state by default. Use query parameters for filtering produces: - application/json parameters: - name: page in: query required: false type: integer default: 1 minimum: 1 - name: limit in: query required: false type: integer default: 100 minimum: 1 maximum: 100 - name: state in: query required: false type: string default: open enum: - all - open - closed description: Filter for alerts by current state, defaults to open alerts unless specified - name: created_after in: query required: false type: string format: date-time description: Filter for alerts generated after the timestamp - name: created_before in: query required: false type: string format: date-time description: Filter for alerts generated before the timestamp - name: resource_image_digest in: query required: false type: string description: Filter for alerts associated with image digest - name: resource_image_tag in: query required: false type: string description: Filter for alerts generated for the tag - name: resource_registry in: query required: false type: string description: Filter for alerts associated with registry - name: resource_repository in: query required: false type: string description: Filter for alerts associated with repository - $ref: '#/parameters/AsAccountParameter' responses: 200: description: List of compliance violation alerts schema: $ref: '#/definitions/ComplianceViolationAlertList' tags: - Alerts /alerts/compliance-violations/{uuid}: get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.alerts operationId: get_compliance_violation_alert x-anchore-authz-action: getAlert summary: Get compliance violation alert by id description: Returns a single compliance violation alert object produces: - application/json parameters: - name: uuid in: path format: path type: string required: true description: Identifier for the alert - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Compliance violation alert schema: $ref: '#/definitions/ComplianceViolationAlert' tags: - Alerts patch: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.alerts operationId: update_compliance_violation_alert_state_v2 x-anchore-authz-action: updateAlert summary: Open or close a compliance violation alert description: Idempotent op for changing the alert state to open or closed produces: - application/json parameters: - name: uuid in: path format: path type: string required: true description: Identifier for the alert - name: body in: body required: true schema: $ref: '#/definitions/ComplianceViolationAlertState' - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Alert state updated successfully schema: $ref: '#/definitions/ComplianceViolationAlert' tags: - Alerts /alerts/summaries: get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.alerts operationId: get_alert_summaries x-anchore-authz-action: listAlerts summary: List all alert summaries scoped to the account description: Returns a paginated list of alert summaries in chronological order from the most to least recently generated alerts. Return alerts in the open state by default. Use query parameters for filtering produces: - application/json parameters: - name: page in: query required: false type: integer default: 1 minimum: 1 - name: limit in: query required: false type: integer default: 100 minimum: 1 maximum: 100 - name: type in: query required: false type: string enum: - all - compliance_violation default: all description: Filter for alerts based on the type such as compliance violation - name: state in: query required: false type: string default: open enum: - all - open - closed description: Filter for alerts by current state, defaults to open alerts unless specified - name: created_after in: query required: false type: string format: date-time description: Filter for alerts generated after the timestamp - name: created_before in: query required: false type: string format: date-time description: Filter for alerts generated before the timestamp - name: resource_label in: query required: false type: array items: type: string pattern: ^\S+=\S+$ collectionFormat: multi uniqueItems: true description: Filter for alerts associated with a resource where the label in key=value format such as tag=docker.io/library/alpine:latest or repository=library/alpine - $ref: '#/parameters/AsAccountParameter' responses: 200: description: List of alert summaries schema: $ref: '#/definitions/AlertSummaryList' tags: - Alerts /applications: post: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.applications operationId: add_application x-anchore-authz-action: createApplication summary: Create an application description: Create an application produces: - application/json parameters: - name: application in: body required: true schema: $ref: '#/definitions/Application' - $ref: '#/parameters/AsAccountParameter' responses: 200: description: success schema: $ref: '#/definitions/Application' 409: description: Application with name already exists 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' tags: - Applications get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.applications operationId: get_applications x-anchore-authz-action: getApplication description: List all applications summary: List all applications produces: - application/json parameters: - name: include_versions in: query required: false type: boolean default: false - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Applications retrieved successfully schema: $ref: '#/definitions/ApplicationList' 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' tags: - Applications /applications/{application_id}: get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.applications operationId: get_application x-anchore-authz-action: getApplication summary: Get an application by application_id description: Get an application by application_id produces: - application/json parameters: - name: application_id in: path format: path type: string required: true - name: include_versions in: query required: false type: boolean default: false - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Successfully retrieved application schema: $ref: '#/definitions/Application' 404: description: Application not found 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' tags: - Applications put: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.applications operationId: update_application x-anchore-authz-action: updateApplication summary: Update application details description: Updates application details for given application_id produces: - application/json parameters: - name: application_id in: path format: path type: string required: true - name: application in: body required: true schema: $ref: '#/definitions/Application' - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Application updated successfully schema: $ref: '#/definitions/Application' 404: description: Application not found 409: description: Application with name already exists 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' tags: - Applications delete: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.applications operationId: delete_application x-anchore-authz-action: deleteApplication summary: Delete an application by application_id description: Delete an application by application_id produces: - application/json parameters: - name: application_id in: path format: path type: string required: true - $ref: '#/parameters/AsAccountParameter' responses: 204: description: Application deleted successfully tags: - Applications /applications/{application_id}/versions: post: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.applications operationId: add_application_version x-anchore-authz-action: createApplication summary: Create an application version description: Create an application version produces: - application/json parameters: - name: application_id in: path format: path type: string required: true - name: application_version in: body required: true schema: $ref: '#/definitions/ApplicationVersion' - $ref: '#/parameters/AsAccountParameter' responses: 200: description: success schema: $ref: '#/definitions/ApplicationVersion' 404: description: Application not found 409: description: Application version with version_name already exists on the specified application 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' tags: - Applications get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.applications operationId: get_application_versions x-anchore-authz-action: getApplication summary: List all application verions description: List all application verions produces: - application/json parameters: - name: application_id in: path format: path type: string required: true - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Successfully retrieved application versions schema: $ref: '#/definitions/ApplicationVersionList' 404: description: Application not found 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' tags: - Applications /applications/{application_id}/versions/{application_version_id}: put: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.applications operationId: update_application_version x-anchore-authz-action: updateApplication summary: Update application version details description: Updates application version details for given application_id and application_version_id produces: - application/json parameters: - name: application_id in: path format: path type: string required: true - name: application_version_id in: path format: path type: string required: true - name: application_version in: body required: true schema: $ref: '#/definitions/ApplicationVersion' - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Application updated successfully schema: $ref: '#/definitions/ApplicationVersion' 404: description: Application version not found 409: description: Application version with version_name already exists on the specified application 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' tags: - Applications get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.applications operationId: get_application_version x-anchore-authz-action: getApplication summary: Get an application version description: Get an application version by application_id and application_version_id produces: - application/json parameters: - name: application_id in: path format: path type: string required: true - name: application_version_id in: path format: path type: string required: true - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Successfully retrieved application version schema: $ref: '#/definitions/ApplicationVersion' 404: description: Application version not found 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' tags: - Applications delete: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.applications operationId: delete_application_version x-anchore-authz-action: deleteApplication summary: Delete an application version by application_id and application_version_id description: Delete an application version by application_id and application_version_id produces: - application/json parameters: - name: application_id in: path format: path type: string required: true - name: application_version_id in: path format: path type: string required: true - $ref: '#/parameters/AsAccountParameter' responses: 204: description: Application version deleted successfully 404: description: Application version not found tags: - Applications /applications/{application_id}/versions/{application_version_id}/artifacts: post: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.applications operationId: add_artifact_to_application_version x-anchore-authz-action: updateApplication summary: Add an artifact to an application version description: Add artifact to given application_id and application_version_id produces: - application/json parameters: - name: application_id in: path format: path type: string required: true - name: application_version_id in: path format: path type: string required: true - name: artifact_request in: body required: true schema: $ref: '#/definitions/ArtifactAssociationRequest' - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Artifact successfully added to application version schema: $ref: '#/definitions/ArtifactAssociationResponse' 404: description: Application version not found 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' tags: - Applications get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.applications operationId: list_artifacts x-anchore-authz-action: getApplication summary: List artifacts present on a given application version description: List artifacts present on a given application version produces: - application/json parameters: - name: application_id in: path format: path type: string required: true - name: application_version_id in: path format: path type: string required: true - name: artifact_types in: query type: array required: false items: type: string enum: - source - image - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Successfully retrieved artifacts schema: $ref: '#/definitions/ArtifactListResponse' 404: description: Application version not found 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' tags: - Applications /applications/{application_id}/versions/{application_version_id}/artifacts/{association_id}: delete: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.applications operationId: remove_artifact_from_application_version x-anchore-authz-action: deleteApplication summary: Delete an artifact from specified application version description: Delete an artifact from specified application version produces: - application/json parameters: - name: application_id in: path format: path type: string required: true - name: application_version_id in: path format: path type: string required: true - name: association_id in: path format: path type: string required: true - $ref: '#/parameters/AsAccountParameter' responses: 204: description: Artifact successfully removed from application version 500: description: Internal Error tags: - Applications /applications/{application_id}/versions/{application_version_id}/sboms/native-json: get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.applications operationId: get_application_version_sbom x-anchore-authz-action: getApplication summary: Get the combined sbom for the given application version, optionally filtered by artifact type description: Get the combined sbom for the given application version, optionally filtered by artifact type produces: - application/json parameters: - name: application_id in: path format: path type: string required: true - name: application_version_id in: path format: path type: string required: true - name: artifact_types in: query type: array required: false items: type: string enum: - source - image - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Successfully retrieved combined sbom schema: $ref: '#/definitions/ApplicationVersionSbom' 404: description: Application version not found 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' tags: - Applications /applications/{application_id}/versions/{application_version_id}/vulnerabilities: get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.applications operationId: get_application_version_vulnerabilities x-anchore-authz-action: getApplication summary: Get the vulnerabilities for a given application version description: Get the vulnerabilities for a given application version produces: - application/json parameters: - name: application_id in: path format: path type: string required: true - name: application_version_id in: path format: path type: string required: true - name: will_not_fix in: query type: boolean required: false description: If true, include vulnerabilities that the vendor of an image distribution either disagrees with or does not intend to prioritize for remediation - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Successfully retrieved vulnerability data schema: $ref: '#/definitions/ApplicationVersionVulnerabilityReport' 404: description: Application version not found 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' tags: - Applications /archives: get: tags: - Archives operationId: list_archives x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.archive x-anchore-authz-action: listArchives responses: 200: description: Archive summary listing schema: $ref: '#/definitions/ArchiveSummary' 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' /archives/images: get: tags: - Archives operationId: list_analysis_archive x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.archive x-anchore-authz-action: listArchivedImageAnalysis responses: 200: description: Image analysis archive listing for the requesting account (not the whole system) schema: $ref: '#/definitions/ArchivedAnalyses' 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' post: tags: - Archives operationId: archive_image_analysis x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.archive x-anchore-authz-action: createArchivedImageAnalysis parameters: - name: image_references in: body required: true schema: $ref: '#/definitions/ImageAnalysisReferences' responses: 200: description: Archive statuses schema: $ref: '#/definitions/AddAnalysisArchiveResult' 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' /archives/images/{image_digest}: get: tags: - Archives description: Returns the archive metadata record identifying the image and tags for the analysis in the archive. operationId: get_archived_analysis x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.archive x-anchore-authz-action: getArchivedImageAnalysis parameters: - name: image_digest in: path format: path required: true type: string description: The image digest to identify the image analysis pattern: ^sha256:[a-fA-F0-9]{64}$ responses: 200: description: Archived Image schema: $ref: '#/definitions/ArchivedAnalysis' 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' delete: tags: - Archives description: Performs a synchronous archive deletion operationId: delete_archived_analysis x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.archive x-anchore-authz-action: deleteArchivedImageAnalysis parameters: - name: image_digest in: path format: path required: true type: string pattern: ^sha256:[a-fA-F0-9]{64}$ - name: force in: query required: false type: boolean responses: 200: description: Archived Image Analysis was successfully deleted 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' /archives/rules: get: tags: - Archives operationId: list_analysis_archive_rules x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.archive x-anchore-authz-action: listArchiveTransitionRules parameters: - name: system_global in: query required: false type: boolean description: If true include system global rules (owned by admin) even for non-admin users. Defaults to true if not set. Can be set to false to exclude globals responses: 200: description: Archive transition rules schema: $ref: '#/definitions/AnalysisArchiveRules' 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' post: tags: - Archives operationId: create_analysis_archive_rule x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.archive x-anchore-authz-action: createArchiveTransitionRule parameters: - name: rule in: body schema: $ref: '#/definitions/AnalysisArchiveTransitionRule' required: true responses: 200: description: Archive transition rule schema: $ref: '#/definitions/AnalysisArchiveTransitionRule' 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' /archives/rules/{rule_id}: get: tags: - Archives operationId: get_analysis_archive_rule x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.archive x-anchore-authz-action: getArchiveTransitionRule parameters: - name: rule_id type: string required: true in: path format: path responses: 200: description: Archive transition rule schema: $ref: '#/definitions/AnalysisArchiveTransitionRule' 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' delete: tags: - Archives operationId: delete_analysis_archive_rule x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.archive x-anchore-authz-action: deleteArchiveTransitionRule parameters: - name: rule_id type: string required: true in: path format: path responses: 200: description: Analysis archive rule successfully deleted 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' /artifact-relationships: get: x-anchore-authz-action: listArtifactRelationships tags: - Relationships description: List the relationships between software supply chain artifacts (images, source revisions, etc) operationId: list_artifact_relationships parameters: - name: artifact_type in: query type: string description: Filter for artifact type as either source or target - name: artifact_id in: query type: string description: Filter for artifact id as either source or target produces: - application/json responses: 200: description: success schema: $ref: '#/definitions/ArtifactRelationships' x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.relationships post: x-anchore-authz-action: createArtifactRelationship tags: - Relationships description: Add a new relationship for this image to another artifact (source or image) operationId: add_artifact_relationship parameters: - name: relationship in: body schema: $ref: '#/definitions/ArtifactRelationship' required: true produces: - application/json responses: 200: description: success schema: type: object x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.relationships delete: x-anchore-authz-action: deleteArtifactRelationships tags: - Relationships description: Delete one or more relationships operationId: delete_artifact_relationships parameters: - name: relationship_ids description: List of relationship Ids to delete in: query required: true type: array items: type: string collectionFormat: csv produces: - application/json responses: 200: description: success schema: type: object x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.relationships /artifact-relationships/{relationship_id}: get: x-anchore-authz-action: getArtifactRelationship tags: - Relationships description: Get the relationship between software supply chain artifacts (images, source revisions, etc) operationId: get_artifact_relationship parameters: - name: relationship_id in: path required: true type: string description: Id of record to retrieve produces: - application/json responses: 200: description: success schema: $ref: '#/definitions/ArtifactRelationship' x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.relationships /artifact-relationships/{relationship_id}/diffs/sbom: get: x-anchore-authz-action: getArtifactRelationshipDiff tags: - Relationships description: Return the context-aware diff of the sboms for the relationship operationId: get_relationship_sbom_diff x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.relationships parameters: - name: relationship_id type: string in: path required: true produces: - application/json responses: 200: description: SBoM Diff for the related artifacts schema: $ref: '#/definitions/RelationshipSbomDiff' /corrections: get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.corrections operationId: get_corrections x-anchore-authz-action: getCorrection summary: Retrieve a list of corrections description: Returns a list of corrections produces: - application/json parameters: - name: correction_type in: query type: string enum: - package - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Corrections retrieved successfully schema: $ref: '#/definitions/CorrectionList' tags: - Corrections post: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.corrections operationId: add_correction x-anchore-authz-action: addCorrection summary: Create a correction record description: Add a correction record that will be used to fix false positive matches produces: - application/json parameters: - name: correction in: body required: true schema: $ref: '#/definitions/Correction' - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Corrections retrieved successfully schema: $ref: '#/definitions/Correction' tags: - Corrections /corrections/{uuid}: get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.corrections operationId: get_correction_by_uuid x-anchore-authz-action: getCorrection summary: Retrieve a correction by UUID description: Returns a single correction, looked up via it's uuid produces: - application/json parameters: - name: uuid in: path format: path type: string required: true - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Correction retrieved successfully schema: $ref: '#/definitions/Correction' tags: - Corrections put: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.corrections operationId: update_correction_by_uuid x-anchore-authz-action: updateCorrection summary: Update a correction by UUID description: Updates a single correction, looked up via it's uuid produces: - application/json parameters: - name: uuid in: path format: path type: string required: true - name: correction in: body required: true schema: $ref: '#/definitions/Correction' - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Correction updated successfully schema: $ref: '#/definitions/Correction' tags: - Corrections delete: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.corrections operationId: delete_correction_by_uuid x-anchore-authz-action: deleteCorrection summary: Delete a correction by UUID description: Delete a single correction, looked up via it's uuid produces: - application/json parameters: - name: uuid in: path format: path type: string required: true - $ref: '#/parameters/AsAccountParameter' responses: 204: description: Correction deleted successfully tags: - Corrections /ecs-containers: get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.runtime_inventory operationId: get_ecs_containers x-anchore-authz-action: getECSContainers summary: Return a list of ECS containers that have been inventoried for this account description: Return a list of ECS containers that have been inventoried for this account produces: - application/json parameters: - name: page in: query required: true type: integer minimum: 1 - name: page_size in: query required: false type: integer default: 1000 minimum: 1 responses: 200: description: success schema: $ref: '#/definitions/ECSContainers' 500: description: Internal Error tags: - Inventories /ecs-inventory: post: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.runtime_inventory operationId: post_ecs_inventory x-anchore-authz-action: postEcsInventory summary: Add container metadata from Amazon ECS description: Add container metadata from Amazon ECS produces: - application/json parameters: - name: inventory in: body required: true schema: $ref: '#/definitions/ECSInventory' responses: 204: description: success 500: description: Internal Error tags: - Inventories /ecs-services: get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.runtime_inventory operationId: get_ecs_services x-anchore-authz-action: getECSServices summary: Return a list of ECS services that have been inventoried for this account description: Return a list of ECS services that have been inventoried for this account produces: - application/json parameters: - name: page in: query required: true type: integer minimum: 1 - name: page_size in: query required: false type: integer default: 1000 minimum: 1 responses: 200: description: success schema: $ref: '#/definitions/ECSServices' 500: description: Internal Error tags: - Inventories /ecs-tasks: get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.runtime_inventory operationId: get_ecs_tasks x-anchore-authz-action: getECSTasks summary: Return a list of ECS tasks that have been inventoried for this account description: Return a list of ECS tasks that have been inventoried for this account produces: - application/json parameters: - name: page in: query required: true type: integer minimum: 1 - name: page_size in: query required: false type: integer default: 1000 minimum: 1 responses: 200: description: success schema: $ref: '#/definitions/ECSTasks' 500: description: Internal Error tags: - Inventories /event-types: get: tags: - Events x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.events operationId: list_event_types x-anchore-authz-action: listEvents summary: List Event Types description: Returns list of event types in the category hierarchy responses: 200: description: List of event types schema: $ref: '#/definitions/EventTypesList' /events: get: tags: - Events x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.events operationId: list_events x-anchore-authz-action: listEvents summary: List Events description: Returns a paginated list of events in the descending order of their occurrence. Optional query parameters may be used for filtering results parameters: - name: source_service_name in: query type: string description: Filter events by the originating service required: false - name: source_host_id in: query type: string description: Filter events by the originating host ID required: false - name: event_type in: query type: string description: Filter events by a prefix match on the event type (e.g. "user.image.") required: false pattern: ^[a-z0-9-_.*]+$ - name: resource_type in: query type: string description: Filter events by the type of resource - tag, image_digest, repository etc required: false - name: resource_id in: query type: string description: Filter events by the id of the resource required: false - name: level in: query type: string description: Filter events by the level - INFO or ERROR required: false - name: since in: query type: string description: Return events that occurred after the timestamp required: false - name: before in: query type: string description: Return events that occurred before the timestamp required: false - name: page in: query type: integer description: Pagination controls - return the nth page of results. Defaults to first page if left empty required: false default: 1 - name: limit in: query type: integer description: Number of events in the result set. Defaults to 100 if left empty required: false default: 100 - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Paginated list of event records and the next token schema: $ref: '#/definitions/EventsList' delete: tags: - Events x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.events operationId: delete_events x-anchore-authz-action: deleteEvents summary: Delete Events description: Delete all or a subset of events filtered using the optional query parameters parameters: - name: before in: query type: string description: Delete events that occurred before the timestamp required: false - name: since in: query type: string description: Delete events that occurred after the timestamp required: false - name: level in: query type: string description: Delete events that match the level - INFO or ERROR required: false - $ref: '#/parameters/AsAccountParameter' responses: 200: description: List of deleted event IDs schema: type: array items: type: string 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' /events/{event_id}: get: tags: - Events x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.events operationId: get_event x-anchore-authz-action: getEvent summary: Get Event description: Lookup an event by its event ID parameters: - name: event_id in: path format: path type: string description: Event ID of the event for lookup required: true - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Single event record schema: $ref: '#/definitions/EventResponse' delete: tags: - Events x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.events operationId: delete_event x-anchore-authz-action: getEvent summary: Delete Event description: Delete an event by its event ID parameters: - name: event_id in: path format: path type: string description: Event ID of the event to be deleted required: true - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Delete success /health: get: tags: - System x-swagger-router-controller: anchore_enterprise.common.common operationId: health_check x-anchore-authz-action: None description: Health check, returns 200 and no body if service is running responses: 200: description: Empty body on success /images: post: tags: - Images x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.images operationId: add_image x-anchore-authz-action: createImage summary: Submit a new image for analysis by the engine description: Creates a new analysis task that is executed asynchronously parameters: - name: force in: query type: boolean required: false description: Override any existing entry in the system - name: auto_subscribe in: query type: boolean required: false description: Indicates if tag will be subscribed for registry updates monitoring - name: image required: true in: body schema: $ref: '#/definitions/ImageAnalysisRequest' - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Successfully added image to analysis queue schema: $ref: '#/definitions/AnchoreImage' 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' get: tags: - Images x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.images operationId: list_images x-anchore-authz-action: listImages summary: List all visible images description: List all images visible to the user parameters: - name: image_id in: query type: string required: false description: Filter results matching image ID - name: history in: query type: boolean required: false description: Include image history in the response - name: full_tag in: query required: false type: string description: Full docker-pull string to filter results by (e.g. docker.io/library/nginx:latest, or myhost.com:5000/testimages:v1.1.1) - name: image_status in: query required: false type: string description: Filter by image_status value on the record. Default if omitted is 'active'. enum: - all - active - deleting default: active - name: analysis_status in: query required: false type: string description: Filter by analysis_status value on the record. enum: - not_analyzed - analyzed - analyzing - analysis_failed - $ref: '#/parameters/AsAccountParameter' responses: 200: description: successful operation schema: $ref: '#/definitions/AnchoreImageList' 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' delete: tags: - Images x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.images operationId: delete_images_async x-anchore-authz-action: deleteImage summary: Bulk mark images for deletion description: Delete analysis for image digests in the list asynchronously parameters: - name: image_digests in: query required: true x-nullable: false type: array items: type: string collectionFormat: csv - name: force in: query required: false type: boolean - $ref: '#/parameters/AsAccountParameter' responses: 200: description: successful operation schema: $ref: '#/definitions/DeleteImageResponseList' 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' /images/{image_digest}: get: tags: - Images x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.images operationId: get_image x-anchore-authz-action: getImage summary: Get image metadata parameters: - name: image_digest in: path format: path type: string required: true pattern: ^sha256:[a-fA-F0-9]{64}$ - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Image lookup success schema: $ref: '#/definitions/AnchoreImage' 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' delete: tags: - Images x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.images operationId: delete_image x-anchore-authz-action: deleteImage summary: Delete an image analysis parameters: - name: image_digest in: path format: path type: string required: true pattern: ^sha256:[a-fA-F0-9]{64}$ - name: force in: query required: false type: boolean - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Image deletion success schema: $ref: '#/definitions/DeleteImageResponse' /images/{image_digest}/ancestors: get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.images operationId: get_image_ancestors x-anchore-authz-action: getImage summary: Return the list of ancestor images for the given image description: Returns list of ancestor images, which are the images that form the base layers of the image produces: - application/json parameters: - name: image_digest in: path format: path type: string required: true pattern: ^sha256:[a-fA-F0-9]{64}$ - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Ancestor list schema: $ref: '#/definitions/ImageAncestry' 404: description: Image not found 500: description: Internal Error tags: - Images /images/{image_digest}/artifacts/file-content-search: get: tags: - Images x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.images operationId: list_file_content_search_results x-anchore-authz-action: getImage summary: Return a list of analyzer artifacts of the specified type produces: - application/json parameters: - name: image_digest in: path format: path type: string required: true pattern: ^sha256:[a-fA-F0-9]{64}$ responses: 200: description: List of file metadata objects schema: $ref: '#/definitions/FileContentSearchList' 404: description: Image not found in this service /images/{image_digest}/artifacts/retrieved-files: get: tags: - Images x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.images operationId: list_retrieved_files x-anchore-authz-action: getImage summary: Return a list of analyzer artifacts of the specified type produces: - application/json parameters: - name: image_digest in: path format: path type: string required: true pattern: ^sha256:[a-fA-F0-9]{64}$ responses: 200: description: List of file metadata objects schema: $ref: '#/definitions/RetrievedFileList' 404: description: Image not found in this service /images/{image_digest}/artifacts/secret-search: get: tags: - Images x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.images operationId: list_secret_search_results x-anchore-authz-action: getImage summary: Return a list of analyzer artifacts of the specified type produces: - application/json parameters: - name: image_digest in: path format: path type: string required: true pattern: ^sha256:[a-fA-F0-9]{64}$ responses: 200: description: List of file metadata objects schema: $ref: '#/definitions/SecretSearchList' 404: description: Image not found in this service /images/{image_digest}/check: get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.images operationId: get_image_policy_check_by_digest_v2 x-anchore-authz-action: getImageEvaluation description: Get the policy evaluation for the given image summary: Check policy evaluation status for image parameters: - name: image_digest in: path format: path type: string required: true pattern: ^sha256:[a-fA-F0-9]{64}$ - name: policy_id in: query type: string required: false - name: tag in: query type: string required: true - name: detail in: query type: boolean required: false default: true - name: history in: query type: boolean required: false default: false - name: interactive in: query type: boolean required: false default: false - name: base_digest in: query type: string required: false description: Digest of a base image. If specified the evaluation will indicate results inherited from the base image - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Policy evaluation success schema: $ref: '#/definitions/PolicyEvaluation' 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' tags: - Images - Policy Evaluation /images/{image_digest}/content: get: tags: - Images x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.images operationId: list_image_content x-anchore-authz-action: getImage summary: List image content types parameters: - name: image_digest in: path format: path type: string required: true pattern: ^sha256:[a-fA-F0-9]{64}$ - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Content listing for the image schema: type: array items: type: string 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' /images/{image_digest}/content/files: get: tags: - Images x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.images operationId: get_image_content_by_type_files x-anchore-authz-action: getImage summary: Get the content of an image by type files parameters: - name: image_digest in: path format: path type: string required: true pattern: ^sha256:[a-fA-F0-9]{64}$ - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Content of specified type from the image schema: $ref: '#/definitions/ContentFilesResponse' 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' /images/{image_digest}/content/java: get: tags: - Images x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.images operationId: get_image_content_by_type_javapackage x-anchore-authz-action: getImage summary: Get the content of an image by type java parameters: - name: image_digest in: path format: path type: string required: true pattern: ^sha256:[a-fA-F0-9]{64}$ - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Content of specified type from the image schema: $ref: '#/definitions/ContentJAVAPackageResponse' 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' /images/{image_digest}/content/malware: get: tags: - Images x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.images operationId: get_image_content_by_type_malware x-anchore-authz-action: getImage summary: Get the content of an image by type malware parameters: - name: image_digest in: path format: path type: string required: true pattern: ^sha256:[a-fA-F0-9]{64}$ - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Content of specified type from the image schema: $ref: '#/definitions/ContentMalwareResponse' 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' /images/{image_digest}/content/{content_type}: get: tags: - Images x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.images operationId: get_image_content_by_type x-anchore-authz-action: getImage summary: Get the content of an image by type parameters: - name: image_digest in: path format: path type: string required: true pattern: ^sha256:[a-fA-F0-9]{64}$ - name: content_type in: path format: path type: string required: true - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Content of specified type from the image schema: $ref: '#/definitions/ContentPackageResponse' 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' /images/{image_digest}/metadata: get: tags: - Images x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.images operationId: list_image_metadata x-anchore-authz-action: getImage summary: List image metadata types parameters: - name: image_digest in: path format: path type: string required: true pattern: ^sha256:[a-fA-F0-9]{64}$ - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Metadata listing for the image schema: type: array items: type: string 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' /images/{image_digest}/metadata/{metadata_type}: get: tags: - Images x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.images operationId: get_image_metadata_by_type x-anchore-authz-action: getImage summary: Get the metadata of an image by type parameters: - name: image_digest in: path format: path type: string required: true pattern: ^sha256:[a-fA-F0-9]{64}$ - name: metadata_type in: path format: path type: string required: true - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Metadata of specified type from the image schema: $ref: '#/definitions/MetadataResponse' 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' /images/{image_digest}/sboms/cyclonedx-json: get: tags: - Images x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.images operationId: get_image_sbom_cyclonedx_json x-anchore-authz-action: getImage summary: Get image sbom in the CycloneDX format parameters: - name: image_digest in: path format: path type: string required: true pattern: ^sha256:[a-fA-F0-9]{64}$ - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Image lookup success schema: type: string 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' /images/{image_digest}/sboms/native-json: get: tags: - Images x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.images operationId: get_image_sbom_native_json x-anchore-authz-action: getImage summary: Get image sbom in the native Anchore format parameters: - name: image_digest in: path format: path type: string required: true pattern: ^sha256:[a-fA-F0-9]{64}$ - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Image lookup success schema: type: string 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' /images/{image_digest}/sboms/spdx-json: get: tags: - Images x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.images operationId: get_image_sbom_spdx_json x-anchore-authz-action: getImage summary: Get image sbom in the SPDX format parameters: - name: image_digest in: path format: path type: string required: true pattern: ^sha256:[a-fA-F0-9]{64}$ - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Image lookup success schema: type: string 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' /images/{image_digest}/vuln: get: tags: - Images x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.images operationId: get_image_vulnerability_types x-anchore-authz-action: getImage summary: Get vulnerability types parameters: - name: image_digest in: path format: path type: string required: true pattern: ^sha256:[a-fA-F0-9]{64}$ - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Vulnerability listing for the image schema: type: array items: type: string enum: - all - os - non-os 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' /images/{image_digest}/vuln/{vuln_type}: get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.images operationId: get_image_vulnerabilities_by_digest x-anchore-authz-action: getImage summary: Get vulnerabilities by type parameters: - name: image_digest in: path format: path type: string required: true pattern: ^sha256:[a-fA-F0-9]{64}$ - name: vuln_type in: path type: string enum: - os - non-os - all required: true - name: force_refresh in: query type: boolean required: false default: false - name: vendor_only in: query type: boolean required: false description: Filter results to include only vulnerabilities that are not marked as invalid by upstream OS vendor data. When set to true, it will filter out all vulnerabilities where `will_not_fix` is False. If false all vulnerabilities are returned regardless of `will_not_fix` default: true - name: base_digest in: query type: string required: false description: Digest of a base image. If specified the vulnerabilities will indicate inheritance from the base image - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Vulnerability listing for the image schema: $ref: '#/definitions/ImagePackageVulnerabilityResponse' 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' tags: - Images /imports/images: post: tags: - Imports x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.image_imports operationId: create_operation x-anchore-authz-action: importImage summary: Begin the import of an image SBOM into the system produces: - application/json responses: 200: description: success schema: $ref: '#/definitions/ImageImportOperation' 500: description: Internal Error get: tags: - Imports x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.image_imports operationId: list_operations x-anchore-authz-action: importImage summary: Lists in-progress imports produces: - application/json responses: 200: description: success schema: $ref: '#/definitions/ImageImports' 500: description: Internal Error /imports/images/{operation_id}: get: tags: - Imports x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.image_imports operationId: get_operation x-anchore-authz-action: importImage summary: Get detail on a single import produces: - application/json parameters: - name: operation_id in: path format: path type: string required: true responses: 200: description: success schema: $ref: '#/definitions/ImageImportOperation' 500: description: Internal Error delete: tags: - Imports x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.image_imports operationId: invalidate_operation x-anchore-authz-action: importImage summary: Invalidate operation ID so it can be garbage collected produces: - application/json parameters: - name: operation_id in: path format: path type: string required: true responses: 200: description: success schema: $ref: '#/definitions/ImageImportOperation' 500: description: Internal Error /imports/images/{operation_id}/content-searches: get: tags: - Imports x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.image_imports operationId: list_import_content_searches x-anchore-authz-action: importImage summary: List uploaded content search results produces: - application/json parameters: - name: operation_id in: path format: path type: string required: true responses: 200: description: success schema: $ref: '#/definitions/ImportContentDigestList' 500: description: Internal Error post: tags: - Imports x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.image_imports operationId: import_content_searches x-anchore-authz-action: importImage summary: Import a content search analysis catalog produces: - application/json parameters: - name: operation_id in: path format: path type: string required: true - name: contents in: body required: true schema: $ref: '#/definitions/ImageImportContentSearchList' responses: 200: description: success schema: $ref: '#/definitions/ImageImportContentResponse' 500: description: Internal Error /imports/images/{operation_id}/dockerfile: get: tags: - Imports x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.image_imports operationId: list_import_dockerfiles x-anchore-authz-action: importImage summary: List uploaded dockerfiles produces: - application/json parameters: - name: operation_id in: path format: path type: string required: true responses: 200: description: success schema: $ref: '#/definitions/ImportContentDigestList' 500: description: Internal Error post: tags: - Imports x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.image_imports operationId: import_image_dockerfile x-anchore-authz-action: importImage summary: Begin the import of an image analyzed by Syft into the system produces: - application/json consumes: - text/plain; utf-8 parameters: - name: operation_id in: path format: path type: string required: true - in: body name: contents required: true schema: type: string responses: 200: description: success schema: $ref: '#/definitions/ImageImportContentResponse' 500: description: Internal Error /imports/images/{operation_id}/file-contents: get: tags: - Imports x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.image_imports operationId: list_import_file_contents x-anchore-authz-action: importImage summary: List uploaded file contents produces: - application/json parameters: - name: operation_id in: path format: path type: string required: true responses: 200: description: success schema: $ref: '#/definitions/ImportContentDigestList' 500: description: Internal Error post: tags: - Imports x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.image_imports operationId: import_file_contents x-anchore-authz-action: importImage summary: Import a file contents analysis catalog produces: - application/json parameters: - name: operation_id in: path format: path type: string required: true - name: contents in: body required: true schema: $ref: '#/definitions/ImageImportFileContentList' responses: 200: description: success schema: $ref: '#/definitions/ImageImportContentResponse' 500: description: Internal Error /imports/images/{operation_id}/image-config: get: tags: - Imports x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.image_imports operationId: list_import_image_configs x-anchore-authz-action: importImage summary: List uploaded image configs produces: - application/json parameters: - name: operation_id in: path format: path type: string required: true responses: 200: description: success schema: $ref: '#/definitions/ImportContentDigestList' 500: description: Internal Error post: tags: - Imports x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.image_imports operationId: import_image_config x-anchore-authz-action: importImage summary: Import a docker or OCI image config to associate with the image produces: - application/json parameters: - name: operation_id in: path format: path type: string required: true - in: body name: contents required: true schema: type: object responses: 200: description: success schema: $ref: '#/definitions/ImageImportContentResponse' 500: description: Internal Error /imports/images/{operation_id}/manifest: get: tags: - Imports x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.image_imports operationId: list_import_image_manifests x-anchore-authz-action: importImage summary: List uploaded image manifests produces: - application/json parameters: - name: operation_id in: path format: path type: string required: true responses: 200: description: success schema: $ref: '#/definitions/ImportContentDigestList' 500: description: Internal Error post: tags: - Imports x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.image_imports operationId: import_image_manifest x-anchore-authz-action: importImage summary: Import a docker or OCI distribution manifest to associate with the image produces: - application/json consumes: - application/vnd.oci.image.manifest.v1+json - application/vnd.docker.distribution.manifest.v2+json - application/vnd.docker.distribution.manifest.v1+json - application/vnd.docker.distribution.manifest.v1+prettyjws parameters: - name: operation_id in: path format: path type: string required: true - in: body name: contents required: true schema: type: object responses: 200: description: success schema: $ref: '#/definitions/ImageImportContentResponse' 500: description: Internal Error /imports/images/{operation_id}/packages: get: tags: - Imports x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.image_imports operationId: list_import_packages x-anchore-authz-action: importImage summary: List uploaded package manifests produces: - application/json parameters: - name: operation_id in: path format: path type: string required: true responses: 200: description: success schema: $ref: '#/definitions/ImportContentDigestList' 500: description: Internal Error post: tags: - Imports x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.image_imports operationId: import_image_packages x-anchore-authz-action: importImage summary: Begin the import of an image analyzed by Syft into the system produces: - application/json consumes: - application/json parameters: - name: operation_id in: path format: path type: string required: true - name: sbom in: body required: true schema: $ref: '#/definitions/ImagePackageManifest' responses: 200: description: success schema: $ref: '#/definitions/ImageImportContentResponse' 500: description: Internal Error /imports/images/{operation_id}/parent-manifest: get: tags: - Imports x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.image_imports operationId: list_import_parent_manifests x-anchore-authz-action: importImage summary: List uploaded parent manifests (manifest lists for a tag) produces: - application/json parameters: - name: operation_id in: path format: path type: string required: true responses: 200: description: success schema: $ref: '#/definitions/ImportContentDigestList' 500: description: Internal Error post: tags: - Imports x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.image_imports operationId: import_image_parent_manifest x-anchore-authz-action: importImage summary: Import a docker or OCI distribution manifest list to associate with the image produces: - application/json consumes: - application/vnd.docker.distribution.manifest.list.v2+json - application/vnd.oci.image.index.v1+json parameters: - name: operation_id in: path format: path type: string required: true - in: body name: contents required: true schema: type: object responses: 200: description: success schema: $ref: '#/definitions/ImageImportContentResponse' 500: description: Internal Error /imports/images/{operation_id}/secret-searches: get: tags: - Imports x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.image_imports operationId: list_import_secret_searches x-anchore-authz-action: importImage summary: List uploaded secret search results produces: - application/json parameters: - name: operation_id in: path format: path type: string required: true responses: 200: description: success schema: $ref: '#/definitions/ImportContentDigestList' 500: description: Internal Error post: tags: - Imports x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.image_imports operationId: import_secret_searches x-anchore-authz-action: importImage summary: Import a secret search analysis catalog produces: - application/json parameters: - name: operation_id in: path format: path type: string required: true - name: contents in: body required: true schema: $ref: '#/definitions/ImageImportContentSearchList' responses: 200: description: success schema: $ref: '#/definitions/ImageImportContentResponse' 500: description: Internal Error /imports/sources: post: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.source_imports operationId: create_operation x-anchore-authz-action: importSource summary: Begin the import of a source code repository analyzed by Syft into the system produces: - application/json responses: 200: description: success schema: $ref: '#/definitions/SourceImportOperation' 500: description: Internal Error tags: - Imports get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.source_imports operationId: list_operations x-anchore-authz-action: importSource summary: Lists in-progress imports produces: - application/json responses: 200: description: success schema: $ref: '#/definitions/SourceImportList' 500: description: Internal Error tags: - Imports /imports/sources/{operation_id}: get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.source_imports operationId: get_operation x-anchore-authz-action: importSource summary: Get detail on a single import produces: - application/json parameters: - name: operation_id in: path format: path type: string required: true responses: 200: description: success schema: $ref: '#/definitions/SourceImportOperation' 500: description: Internal Error tags: - Imports delete: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.source_imports operationId: invalidate_operation x-anchore-authz-action: importSource summary: Invalidate operation ID so it can be garbage collected produces: - application/json parameters: - name: operation_id in: path format: path type: string required: true responses: 200: description: success schema: $ref: '#/definitions/SourceImportOperation' 500: description: Internal Error tags: - Imports /imports/sources/{operation_id}/finalize: post: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.source_imports operationId: finalize_operation x-anchore-authz-action: importSource summary: Add source records to catalog db produces: - application/json consumes: - application/json parameters: - name: operation_id in: path format: path type: string required: true - name: metadata in: body required: true schema: $ref: '#/definitions/SourceImportMetadata' responses: 200: description: success schema: $ref: '#/definitions/SourceManifest' 500: description: Internal Error tags: - Imports /imports/sources/{operation_id}/sbom: get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.source_imports operationId: get_import_sources_sbom x-anchore-authz-action: importSource summary: list the packages of an imported source code repository produces: - application/json parameters: - name: operation_id in: path format: path type: string required: true responses: 200: description: success schema: $ref: '#/definitions/SourceImportContentResponse' 500: description: Internal Error tags: - Imports post: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.source_imports operationId: upload_import_sources_sbom x-anchore-authz-action: importSource summary: Begin the import of a source code repository analyzed by Syft into the system produces: - application/json consumes: - application/json parameters: - name: operation_id in: path format: path type: string required: true - name: sbom in: body required: true schema: $ref: '#/definitions/NativeSBOM' responses: 200: description: success schema: $ref: '#/definitions/SourceImportContentResponse' 500: description: Internal Error tags: - Imports /inventories: get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.runtime_inventory operationId: get_image_inventory x-anchore-authz-action: listRuntimeInventories summary: Return a list of the images in inventories for this account description: Returns a list of the images that are in use produces: - application/json parameters: - name: inventory_type in: query type: string enum: - ecs - kubernetes - name: image_digest in: query type: string - name: context in: query type: string - $ref: '#/parameters/AsAccountParameter' responses: 200: description: success schema: $ref: '#/definitions/InventoryItems' 500: description: Internal Error tags: - Inventories delete: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.runtime_inventory operationId: delete_inventory x-anchore-authz-action: deleteInventory summary: Delete runtime inventory by type and context description: Delete runtime inventory by type and context produces: - application/json parameters: - name: inventory_type in: query type: string enum: - ecs - kubernetes required: true - name: context in: query type: string required: true - name: image_digest in: query type: string - $ref: '#/parameters/AsAccountParameter' responses: 204: description: Successfully deleted runtime inventory 404: description: Inventory not found 500: description: Internal Error tags: - Inventories /kubernetes-containers: get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.runtime_inventory operationId: get_kubernetes_containers x-anchore-authz-action: getKubernetesContainers summary: Return a list of Kubernetes containers that have been inventoried for this account description: Return a list of Kubernetes containers that have been inventoried for this account produces: - application/json parameters: - name: page in: query required: true type: integer minimum: 1 - name: page_size in: query required: false type: integer default: 1000 minimum: 1 responses: 200: description: success schema: $ref: '#/definitions/KubernetesContainers' 500: description: Internal Error tags: - Inventories /kubernetes-inventory: post: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.runtime_inventory operationId: post_kubernetes_inventory x-anchore-authz-action: postKubernetesInventory summary: Add container metadata from a Kubernetes deployment description: Add container metadata from a Kubernetes deployment produces: - application/json parameters: - name: inventory in: body required: true schema: $ref: '#/definitions/KubernetesInventory' responses: 204: description: success 500: description: Internal Error tags: - Inventories /kubernetes-namespaces: get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.runtime_inventory operationId: get_kubernetes_namespaces x-anchore-authz-action: getKubernetesNamespaces summary: Return a list of Kubernetes namespaces that have been inventoried for this account description: Return a list of Kubernetes namespaces that have been inventoried for this account produces: - application/json parameters: - name: page in: query required: true type: integer minimum: 1 - name: page_size in: query required: false type: integer default: 1000 minimum: 1 responses: 200: description: success schema: $ref: '#/definitions/KubernetesNamespaces' 500: description: Internal Error tags: - Inventories delete: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.runtime_inventory operationId: delete_kubernetes_namespaces x-anchore-authz-action: deleteKubernetesNamespaces summary: Delete Kubernetes namespaces for a given criteria description: Delete Kubernetes namespaces for a given criteria produces: - application/json parameters: - name: cluster_name in: query type: string responses: 204: description: success 500: description: Internal Error tags: - Inventories /kubernetes-namespaces/{namespace_id}: get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.runtime_inventory operationId: get_kubernetes_namespace x-anchore-authz-action: getKubernetesNamespaces summary: Return a Kubernetes namespace that has been inventoried for this account description: Return Kubernetes namespace that has been inventoried for this account produces: - application/json parameters: - name: namespace_id in: path format: path type: string required: true responses: 200: description: success schema: $ref: '#/definitions/KubernetesNamespace' 500: description: Internal Error tags: - Inventories /kubernetes-nodes: get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.runtime_inventory operationId: get_kubernetes_nodes x-anchore-authz-action: getKubernetesNodes summary: Return a list of Kubernetes nodes that have been inventoried for this account description: Return a list of Kubernetes nodes that have been inventoried for this account produces: - application/json parameters: - name: page in: query required: true type: integer minimum: 1 - name: page_size in: query required: false type: integer default: 1000 minimum: 1 responses: 200: description: success schema: $ref: '#/definitions/KubernetesNodes' 500: description: Internal Error tags: - Inventories /kubernetes-nodes/{node_id}: get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.runtime_inventory operationId: get_kubernetes_node x-anchore-authz-action: getKubernetesNodes summary: Return a Kubernetes node that has been inventoried for this account description: Return Kubernetes node that has been inventoried for this account produces: - application/json parameters: - name: node_id in: path format: path type: string required: true responses: 200: description: success schema: $ref: '#/definitions/KubernetesNode' 500: description: Internal Error tags: - Inventories /kubernetes-pods: get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.runtime_inventory operationId: get_kubernetes_pods x-anchore-authz-action: getKubernetesPods summary: Return a list of Kubernetes pods that have been inventoried for this account description: Return a list of Kubernetes pods that have been inventoried for this account produces: - application/json parameters: - name: page in: query required: true type: integer minimum: 1 - name: page_size in: query required: false type: integer default: 1000 minimum: 1 responses: 200: description: success schema: $ref: '#/definitions/KubernetesPods' 500: description: Internal Error tags: - Inventories /kubernetes-pods/{pod_id}: get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.runtime_inventory operationId: get_kubernetes_pod x-anchore-authz-action: getKubernetesPods summary: Return a Kubernetes pod that has been inventoried for this account description: Return a Kubernetes pod that has been inventoried for this account produces: - application/json parameters: - name: pod_id in: path format: path type: string required: true responses: 200: description: success schema: $ref: '#/definitions/KubernetesPod' 500: description: Internal Error tags: - Inventories /notifications/endpoints: get: tags: - Notifications description: List the system installed notification endpoints x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.endpoints operationId: list_endpoints x-anchore-authz-action: listNotificationEndpoints responses: 200: description: Listing of endpoint status objects schema: $ref: '#/definitions/NotificationEndpointList' /notifications/endpoints/github/configurations: get: tags: - Notifications description: List GitHub endpoint configurations x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.github operationId: list_github_configurations x-anchore-authz-action: listNotificationEndpointConfigurations responses: 200: description: List of GitHub endpoint configuration objects schema: $ref: '#/definitions/NotificationGitHubEndpointConfigurationList' post: tags: - Notifications description: Create a new GitHub endpoint configuration x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.github operationId: add_github_configuration x-anchore-authz-action: createNotificationEndpointConfiguration parameters: - name: configuration in: body required: true schema: $ref: '#/definitions/NotificationGitHubEndpointConfiguration' required: - username - access_token - owner - repository responses: 200: description: Newly created GitHub endpoint configuration object schema: $ref: '#/definitions/NotificationGitHubEndpointConfiguration' /notifications/endpoints/github/configurations/{configuration_uuid}/selectors/{selector_uuid}: get: tags: - Notifications description: Get a selector mapped to a GitHub endpoint configuration x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.github operationId: get_github_selector x-anchore-authz-action: getNotificationEndpointConfiguration parameters: - name: configuration_uuid type: string in: path format: path required: true - name: selector_uuid type: string in: path format: path required: true responses: 200: description: Selector object schema: $ref: '#/definitions/NotificationSelector' put: tags: - Notifications x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.github operationId: update_github_selector x-anchore-authz-action: updateNotificationEndpointConfiguration description: Update a selector mapped to a GitHub endpoint configuration parameters: - name: configuration_uuid type: string in: path format: path required: true - name: selector_uuid type: string in: path format: path required: true - name: selector schema: $ref: '#/definitions/NotificationSelector' in: body required: true responses: 200: description: Updated selector object schema: $ref: '#/definitions/NotificationSelector' delete: tags: - Notifications description: Delete a selector mapped to a GitHub endpoint configuration x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.github operationId: delete_github_selector x-anchore-authz-action: deleteNotificationEndpointConfiguration parameters: - name: configuration_uuid type: string in: path format: path required: true - name: selector_uuid type: string in: path format: path required: true responses: 200: description: Successful delete /notifications/endpoints/github/configurations/{uuid}: get: tags: - Notifications description: Get a GitHub endpoint configuration by it's UUID x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.github operationId: get_github_configuration x-anchore-authz-action: getNotificationEndpointConfiguration parameters: - name: uuid type: string in: path format: path required: true responses: 200: description: GitHub endpoint configuration object schema: $ref: '#/definitions/NotificationGitHubEndpointConfiguration' put: tags: - Notifications description: Update a GitHub endpoint configuration by it's UUID x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.github operationId: update_github_configuration x-anchore-authz-action: updateNotificationEndpointConfiguration parameters: - name: uuid type: string in: path format: path required: true - name: configuration in: body required: true schema: $ref: '#/definitions/NotificationGitHubEndpointConfiguration' required: - username - owner - repository responses: 200: description: Updated GitHub endpoint configuration object schema: $ref: '#/definitions/NotificationGitHubEndpointConfiguration' delete: tags: - Notifications description: Delete a GitHub endpoint configuration by it's UUID x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.github operationId: delete_github_configuration x-anchore-authz-action: deleteNotificationEndpointConfiguration parameters: - name: uuid type: string in: path format: path required: true responses: 200: description: Successful delete /notifications/endpoints/github/configurations/{uuid}/selectors: get: tags: - Notifications x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.github operationId: list_github_selectors x-anchore-authz-action: listNotificationEndpointConfigurations description: List selectors mapping events for delivery to a GitHub endpoint configuration parameters: - name: uuid type: string in: path format: path required: true responses: 200: description: List of selectors schema: $ref: '#/definitions/NotificationSelectorList' post: tags: - Notifications x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.github operationId: add_github_selector x-anchore-authz-action: createNotificationEndpointConfiguration description: Add selector for mapping events for delivery to a GitHub endpoint configuration parameters: - name: uuid type: string in: path format: path required: true - name: selector schema: $ref: '#/definitions/NotificationSelector' in: body required: true responses: 200: description: Newly created selector object schema: $ref: '#/definitions/NotificationSelector' /notifications/endpoints/github/configurations/{uuid}/status: get: tags: - Notifications x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.github operationId: get_github_configuration_status x-anchore-authz-action: getNotificationEndpointConfiguration description: Get operational status for a GitHub endpoint configuration parameters: - name: uuid type: string in: path format: path required: true responses: 200: description: Status object schema: $ref: '#/definitions/NotificationOperationalStatus' /notifications/endpoints/github/configurations/{uuid}/test: get: tags: - Notifications description: Test stored GitHub endpoint configuration x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.github operationId: test_stored_github_configuration x-anchore-authz-action: createNotificationEndpointConfiguration parameters: - name: uuid type: string in: path format: path required: true responses: 200: description: Test result schema: $ref: '#/definitions/NotificationGitHubTestResult' /notifications/endpoints/github/test: post: tags: - Notifications description: Test GitHub endpoint configuration x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.github operationId: test_github_configuration x-anchore-authz-action: createNotificationEndpointConfiguration parameters: - name: configuration in: body required: true schema: $ref: '#/definitions/NotificationGitHubEndpointConfiguration' responses: 200: description: Test result schema: $ref: '#/definitions/NotificationGitHubTestResult' /notifications/endpoints/jira/configurations: get: tags: - Notifications description: List Jira endpoint configurations x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.jira operationId: list_jira_configurations x-anchore-authz-action: listNotificationEndpointConfigurations responses: 200: description: List of Jira endpoint configuration objects schema: $ref: '#/definitions/NotificationJiraEndpointConfigurationList' post: tags: - Notifications description: Create a new Jira endpoint configuration x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.jira operationId: add_jira_configuration x-anchore-authz-action: createNotificationEndpointConfiguration parameters: - name: configuration in: body required: true schema: $ref: '#/definitions/NotificationJiraEndpointConfiguration' required: - url - username - password - project_key - issue_type responses: 200: description: Newly created Jira endpoint configuration object schema: $ref: '#/definitions/NotificationJiraEndpointConfiguration' /notifications/endpoints/jira/configurations/{configuration_uuid}/selectors/{selector_uuid}: get: tags: - Notifications description: Get a selector mapped to a Jira endpoint configuration x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.jira operationId: get_jira_selector x-anchore-authz-action: getNotificationEndpointConfiguration parameters: - name: configuration_uuid type: string in: path format: path required: true - name: selector_uuid type: string in: path format: path required: true responses: 200: description: Selector object schema: $ref: '#/definitions/NotificationSelector' put: tags: - Notifications x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.jira operationId: update_jira_selector x-anchore-authz-action: updateNotificationEndpointConfiguration description: Update a selector mapped to a Jira endpoint configuration parameters: - name: configuration_uuid type: string in: path format: path required: true - name: selector_uuid type: string in: path format: path required: true - name: selector schema: $ref: '#/definitions/NotificationSelector' in: body required: true responses: 200: description: Updated selector object schema: $ref: '#/definitions/NotificationSelector' delete: tags: - Notifications description: Delete a selector mapped to a Jira endpoint configuration x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.jira operationId: delete_jira_selector x-anchore-authz-action: deleteNotificationEndpointConfiguration parameters: - name: configuration_uuid type: string in: path format: path required: true - name: selector_uuid type: string in: path format: path required: true responses: 200: description: Successful delete /notifications/endpoints/jira/configurations/{uuid}: get: tags: - Notifications description: Get a Jira endpoint configuration by it's UUID x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.jira operationId: get_jira_configuration x-anchore-authz-action: getNotificationEndpointConfiguration parameters: - name: uuid type: string in: path format: path required: true responses: 200: description: Jira endpoint configuration object schema: $ref: '#/definitions/NotificationJiraEndpointConfiguration' put: tags: - Notifications description: Update a Jira endpoint configuration by it's UUID x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.jira operationId: update_jira_configuration x-anchore-authz-action: updateNotificationEndpointConfiguration parameters: - name: uuid type: string in: path format: path required: true - name: configuration in: body required: true schema: $ref: '#/definitions/NotificationJiraEndpointConfiguration' required: - url - username - project_key - issue_type responses: 200: description: Updated Jira endpoint configuration object schema: $ref: '#/definitions/NotificationJiraEndpointConfiguration' delete: tags: - Notifications description: Delete a Jira endpoint configuration by it's UUID x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.jira operationId: delete_jira_configuration x-anchore-authz-action: deleteNotificationEndpointConfiguration parameters: - name: uuid type: string in: path format: path required: true responses: 200: description: Successful delete /notifications/endpoints/jira/configurations/{uuid}/selectors: get: tags: - Notifications x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.jira operationId: list_jira_selectors x-anchore-authz-action: listNotificationEndpointConfigurations description: List selectors mapping events for delivery to a Jira endpoint configuration parameters: - name: uuid type: string in: path format: path required: true responses: 200: description: List of selectors schema: $ref: '#/definitions/NotificationSelectorList' post: tags: - Notifications x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.jira operationId: add_jira_selector x-anchore-authz-action: createNotificationEndpointConfiguration description: Add selector for mapping events for delivery to a Jira endpoint configuration parameters: - name: uuid type: string in: path format: path required: true - name: selector schema: $ref: '#/definitions/NotificationSelector' in: body required: true responses: 200: description: Newly created selector object schema: $ref: '#/definitions/NotificationSelector' /notifications/endpoints/jira/configurations/{uuid}/status: get: tags: - Notifications x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.jira operationId: get_jira_configuration_status x-anchore-authz-action: getNotificationEndpointConfiguration description: Get operational status for a Jira endpoint configuration parameters: - name: uuid type: string in: path format: path required: true responses: 200: description: Status object schema: $ref: '#/definitions/NotificationOperationalStatus' /notifications/endpoints/jira/configurations/{uuid}/test: get: tags: - Notifications description: Test stored Jira endpoint configuration x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.jira operationId: test_stored_jira_configuration x-anchore-authz-action: createNotificationEndpointConfiguration parameters: - name: uuid type: string in: path format: path required: true responses: 200: description: Test result schema: $ref: '#/definitions/NotificationJiraTestResult' /notifications/endpoints/jira/test: post: tags: - Notifications description: Test Jira endpoint configuration x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.jira operationId: test_jira_configuration x-anchore-authz-action: createNotificationEndpointConfiguration parameters: - name: configuration in: body required: true schema: $ref: '#/definitions/NotificationJiraEndpointConfiguration' responses: 200: description: Test result schema: $ref: '#/definitions/NotificationJiraTestResult' /notifications/endpoints/slack/configurations: get: tags: - Notifications description: List Slack endpoint configurations x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.slack operationId: list_slack_configurations x-anchore-authz-action: listNotificationEndpointConfigurations responses: 200: description: List of Slack endpoint configuration objects schema: $ref: '#/definitions/NotificationSlackEndpointConfigurationList' post: tags: - Notifications description: Create a new Slack endpoint configuration x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.slack operationId: add_slack_configuration x-anchore-authz-action: createNotificationEndpointConfiguration parameters: - name: configuration in: body required: true schema: $ref: '#/definitions/NotificationSlackEndpointConfiguration' responses: 200: description: Newly created Slack endpoint configuration object schema: $ref: '#/definitions/NotificationSlackEndpointConfiguration' /notifications/endpoints/slack/configurations/{configuration_uuid}/selectors/{selector_uuid}: get: tags: - Notifications description: Get a selector mapped to a Slack endpoint configuration x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.slack operationId: get_slack_selector x-anchore-authz-action: getNotificationEndpointConfiguration parameters: - name: configuration_uuid type: string in: path format: path required: true - name: selector_uuid type: string in: path format: path required: true responses: 200: description: Selector object schema: $ref: '#/definitions/NotificationSelector' put: tags: - Notifications x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.slack operationId: update_slack_selector x-anchore-authz-action: updateNotificationEndpointConfiguration description: Update a selector mapped to a Slack endpoint configuration parameters: - name: configuration_uuid type: string in: path format: path required: true - name: selector_uuid type: string in: path format: path required: true - name: selector schema: $ref: '#/definitions/NotificationSelector' in: body required: true responses: 200: description: Updated selector object schema: $ref: '#/definitions/NotificationSelector' delete: tags: - Notifications description: Delete a selector mapped to a Slack endpoint configuration x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.slack operationId: delete_slack_selector x-anchore-authz-action: deleteNotificationEndpointConfiguration parameters: - name: configuration_uuid type: string in: path format: path required: true - name: selector_uuid type: string in: path format: path required: true responses: 200: description: Successful delete /notifications/endpoints/slack/configurations/{uuid}: get: tags: - Notifications description: Get a Slack endpoint configuration by it's UUID x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.slack operationId: get_slack_configuration x-anchore-authz-action: getNotificationEndpointConfiguration parameters: - name: uuid type: string in: path format: path required: true responses: 200: description: Slack endpoint configuration object schema: $ref: '#/definitions/NotificationSlackEndpointConfiguration' put: tags: - Notifications description: Update a Slack endpoint configuration by it's UUID x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.slack operationId: update_slack_configuration x-anchore-authz-action: updateNotificationEndpointConfiguration parameters: - name: uuid type: string in: path format: path required: true - name: configuration in: body required: true schema: $ref: '#/definitions/NotificationSlackEndpointConfiguration' responses: 200: description: Updated Slack endpoint configuration object schema: $ref: '#/definitions/NotificationSlackEndpointConfiguration' delete: tags: - Notifications description: Delete a Slack endpoint configuration by it's UUID x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.slack operationId: delete_slack_configuration x-anchore-authz-action: deleteNotificationEndpointConfiguration parameters: - name: uuid type: string in: path format: path required: true responses: 200: description: Successful delete /notifications/endpoints/slack/configurations/{uuid}/selectors: get: tags: - Notifications x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.slack operationId: list_slack_selectors x-anchore-authz-action: listNotificationEndpointConfigurations description: List selectors mapping events for delivery to a Slack endpoint configuration parameters: - name: uuid type: string in: path format: path required: true responses: 200: description: List of selectors schema: $ref: '#/definitions/NotificationSelectorList' post: tags: - Notifications x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.slack operationId: add_slack_selector x-anchore-authz-action: createNotificationEndpointConfiguration description: Add selector for mapping events for delivery to a Slack endpoint configuration parameters: - name: uuid type: string in: path format: path required: true - name: selector schema: $ref: '#/definitions/NotificationSelector' in: body required: true responses: 200: description: Newly created selector object schema: $ref: '#/definitions/NotificationSelector' /notifications/endpoints/slack/configurations/{uuid}/status: get: tags: - Notifications x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.slack operationId: get_slack_configuration_status x-anchore-authz-action: getNotificationEndpointConfiguration description: Get operational status for a Slack endpoint configuration parameters: - name: uuid type: string in: path format: path required: true responses: 200: description: Status object schema: $ref: '#/definitions/NotificationOperationalStatus' /notifications/endpoints/slack/configurations/{uuid}/test: get: tags: - Notifications description: Test stored Slack endpoint configuration x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.slack operationId: test_stored_slack_configuration x-anchore-authz-action: createNotificationEndpointConfiguration parameters: - name: uuid type: string in: path format: path required: true responses: 200: description: Test result schema: $ref: '#/definitions/NotificationSlackTestResult' /notifications/endpoints/slack/test: post: tags: - Notifications description: Test Slack endpoint configuration x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.slack operationId: test_slack_configuration x-anchore-authz-action: createNotificationEndpointConfiguration parameters: - name: configuration in: body required: true schema: $ref: '#/definitions/NotificationSlackEndpointConfiguration' responses: 200: description: Test result schema: $ref: '#/definitions/NotificationSlackTestResult' /notifications/endpoints/smtp/configurations: get: tags: - Notifications description: List SMTP endpoint configurations x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.smtp operationId: list_smtp_configurations x-anchore-authz-action: listNotificationEndpointConfigurations responses: 200: description: List of SMTP endpoint configuration objects schema: $ref: '#/definitions/NotificationSMTPEndpointConfigurationList' post: tags: - Notifications description: Create a new SMTP endpoint configuration x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.smtp operationId: add_smtp_configuration x-anchore-authz-action: createNotificationEndpointConfiguration parameters: - name: configuration in: body required: true schema: $ref: '#/definitions/NotificationSMTPEndpointConfiguration' responses: 200: description: Newly created SMTP endpoint configuration object schema: $ref: '#/definitions/NotificationSMTPEndpointConfiguration' /notifications/endpoints/smtp/configurations/{configuration_uuid}/selectors/{selector_uuid}: get: tags: - Notifications description: Get a selector mapped to a SMTP endpoint configuration x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.smtp operationId: get_smtp_selector x-anchore-authz-action: getNotificationEndpointConfiguration parameters: - name: configuration_uuid type: string in: path format: path required: true - name: selector_uuid type: string in: path format: path required: true responses: 200: description: Selector object schema: $ref: '#/definitions/NotificationSelector' put: tags: - Notifications x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.smtp operationId: update_smtp_selector x-anchore-authz-action: updateNotificationEndpointConfiguration description: Update a selector mapped to a SMTP endpoint configuration parameters: - name: configuration_uuid type: string in: path format: path required: true - name: selector_uuid type: string in: path format: path required: true - name: selector schema: $ref: '#/definitions/NotificationSelector' in: body required: true responses: 200: description: Updated selector object schema: $ref: '#/definitions/NotificationSelector' delete: tags: - Notifications description: Delete a selector mapped to a SMTP endpoint configuration x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.smtp operationId: delete_smtp_selector x-anchore-authz-action: deleteNotificationEndpointConfiguration parameters: - name: configuration_uuid type: string in: path format: path required: true - name: selector_uuid type: string in: path format: path required: true responses: 200: description: Successful delete /notifications/endpoints/smtp/configurations/{uuid}: get: tags: - Notifications description: Get a SMTP endpoint configuration by it's UUID x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.smtp operationId: get_smtp_configuration x-anchore-authz-action: getNotificationEndpointConfiguration parameters: - name: uuid type: string in: path format: path required: true responses: 200: description: SMTP endpoint configuration object schema: $ref: '#/definitions/NotificationSMTPEndpointConfiguration' put: tags: - Notifications description: Update a SMTP endpoint configuration by it's UUID x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.smtp operationId: update_smtp_configuration x-anchore-authz-action: updateNotificationEndpointConfiguration parameters: - name: uuid type: string in: path format: path required: true - name: configuration in: body required: true schema: $ref: '#/definitions/NotificationSMTPEndpointConfiguration' responses: 200: description: Updated SMTP endpoint configuration object schema: $ref: '#/definitions/NotificationSMTPEndpointConfiguration' delete: tags: - Notifications description: Delete a SMTP endpoint configuration by it's UUID x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.smtp operationId: delete_smtp_configuration x-anchore-authz-action: deleteNotificationEndpointConfiguration parameters: - name: uuid type: string in: path format: path required: true responses: 200: description: Successful delete /notifications/endpoints/smtp/configurations/{uuid}/selectors: get: tags: - Notifications x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.smtp operationId: list_smtp_selectors x-anchore-authz-action: listNotificationEndpointConfigurations description: List selectors mapping events for delivery to a SMTP endpoint configuration parameters: - name: uuid type: string in: path format: path required: true responses: 200: description: List of selectors schema: $ref: '#/definitions/NotificationSelectorList' post: tags: - Notifications x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.smtp operationId: add_smtp_selector x-anchore-authz-action: createNotificationEndpointConfiguration description: Add selector for mapping events for delivery to a SMTP endpoint configuration parameters: - name: uuid type: string in: path format: path required: true - name: selector schema: $ref: '#/definitions/NotificationSelector' in: body required: true responses: 200: description: Newly created selector object schema: $ref: '#/definitions/NotificationSelector' /notifications/endpoints/smtp/configurations/{uuid}/status: get: tags: - Notifications x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.smtp operationId: get_smtp_configuration_status x-anchore-authz-action: getNotificationEndpointConfiguration description: Get operational status for a SMTP endpoint configuration parameters: - name: uuid type: string in: path format: path required: true responses: 200: description: Status object schema: $ref: '#/definitions/NotificationOperationalStatus' /notifications/endpoints/smtp/configurations/{uuid}/test: get: tags: - Notifications description: Test stored SMTP endpoint configuration x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.smtp operationId: test_stored_smtp_configuration x-anchore-authz-action: createNotificationEndpointConfiguration parameters: - name: uuid type: string in: path format: path required: true responses: 200: description: Test result schema: $ref: '#/definitions/NotificationSMTPTestResult' /notifications/endpoints/smtp/test: post: tags: - Notifications description: Test SMTP endpoint configuration x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.smtp operationId: test_smtp_configuration x-anchore-authz-action: createNotificationEndpointConfiguration parameters: - name: configuration in: body required: true schema: $ref: '#/definitions/NotificationSMTPEndpointConfiguration' responses: 200: description: Test result schema: $ref: '#/definitions/NotificationSMTPTestResult' /notifications/endpoints/teams/configurations: get: tags: - Notifications description: List Teams endpoint configurations x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.teams operationId: list_teams_configurations x-anchore-authz-action: listNotificationEndpointConfigurations responses: 200: description: List of Teams endpoint configuration objects schema: $ref: '#/definitions/NotificationTeamsEndpointConfigurationList' post: tags: - Notifications description: Create a new Teams endpoint configuration x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.teams operationId: add_teams_configuration x-anchore-authz-action: createNotificationEndpointConfiguration parameters: - name: configuration in: body required: true schema: $ref: '#/definitions/NotificationTeamsEndpointConfiguration' responses: 200: description: Newly created Teams endpoint configuration object schema: $ref: '#/definitions/NotificationTeamsEndpointConfiguration' /notifications/endpoints/teams/configurations/{configuration_uuid}/selectors/{selector_uuid}: get: tags: - Notifications description: Get a selector mapped to a Teams endpoint configuration x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.teams operationId: get_teams_selector x-anchore-authz-action: getNotificationEndpointConfiguration parameters: - name: configuration_uuid type: string in: path format: path required: true - name: selector_uuid type: string in: path format: path required: true responses: 200: description: Selector object schema: $ref: '#/definitions/NotificationSelector' put: tags: - Notifications x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.teams operationId: update_teams_selector x-anchore-authz-action: updateNotificationEndpointConfiguration description: Update a selector mapped to a Teams endpoint configuration parameters: - name: configuration_uuid type: string in: path format: path required: true - name: selector_uuid type: string in: path format: path required: true - name: selector schema: $ref: '#/definitions/NotificationSelector' in: body required: true responses: 200: description: Updated selector object schema: $ref: '#/definitions/NotificationSelector' delete: tags: - Notifications description: Delete a selector mapped to a Teams endpoint configuration x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.teams operationId: delete_teams_selector x-anchore-authz-action: deleteNotificationEndpointConfiguration parameters: - name: configuration_uuid type: string in: path format: path required: true - name: selector_uuid type: string in: path format: path required: true responses: 200: description: Successful delete /notifications/endpoints/teams/configurations/{uuid}: get: tags: - Notifications description: Get a Teams endpoint configuration by it's UUID x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.teams operationId: get_teams_configuration x-anchore-authz-action: getNotificationEndpointConfiguration parameters: - name: uuid type: string in: path format: path required: true responses: 200: description: Teams endpoint configuration object schema: $ref: '#/definitions/NotificationTeamsEndpointConfiguration' put: tags: - Notifications description: Update a Teams endpoint configuration by it's UUID x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.teams operationId: update_teams_configuration x-anchore-authz-action: updateNotificationEndpointConfiguration parameters: - name: uuid type: string in: path format: path required: true - name: configuration in: body required: true schema: $ref: '#/definitions/NotificationTeamsEndpointConfiguration' responses: 200: description: Updated Teams endpoint configuration object schema: $ref: '#/definitions/NotificationTeamsEndpointConfiguration' delete: tags: - Notifications description: Delete a Teams endpoint configuration by it's UUID x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.teams operationId: delete_teams_configuration x-anchore-authz-action: deleteNotificationEndpointConfiguration parameters: - name: uuid type: string in: path format: path required: true responses: 200: description: Successful delete /notifications/endpoints/teams/configurations/{uuid}/selectors: get: tags: - Notifications x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.teams operationId: list_teams_selectors x-anchore-authz-action: listNotificationEndpointConfigurations description: List selectors mapping events for delivery to a Teams endpoint configuration parameters: - name: uuid type: string in: path format: path required: true responses: 200: description: List of selectors schema: $ref: '#/definitions/NotificationSelectorList' post: tags: - Notifications x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.teams operationId: add_teams_selector x-anchore-authz-action: createNotificationEndpointConfiguration description: Add selector for mapping events for delivery to a Teams endpoint configuration parameters: - name: uuid type: string in: path format: path required: true - name: selector schema: $ref: '#/definitions/NotificationSelector' in: body required: true responses: 200: description: Newly created selector object schema: $ref: '#/definitions/NotificationSelector' /notifications/endpoints/teams/configurations/{uuid}/status: get: tags: - Notifications x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.teams operationId: get_teams_configuration_status x-anchore-authz-action: getNotificationEndpointConfiguration description: Get operational status for a Teams endpoint configuration parameters: - name: uuid type: string in: path format: path required: true responses: 200: description: Status object schema: $ref: '#/definitions/NotificationOperationalStatus' /notifications/endpoints/teams/configurations/{uuid}/test: get: tags: - Notifications description: Test stored Teams endpoint configuration x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.teams operationId: test_stored_teams_configuration x-anchore-authz-action: createNotificationEndpointConfiguration parameters: - name: uuid type: string in: path format: path required: true responses: 200: description: Test result schema: $ref: '#/definitions/NotificationTeamsTestResult' /notifications/endpoints/teams/test: post: tags: - Notifications description: Test Teams endpoint configuration x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.teams operationId: test_teams_configuration x-anchore-authz-action: createNotificationEndpointConfiguration parameters: - name: configuration in: body required: true schema: $ref: '#/definitions/NotificationTeamsEndpointConfiguration' responses: 200: description: Test result schema: $ref: '#/definitions/NotificationTeamsTestResult' /notifications/endpoints/webhook/configurations: get: tags: - Notifications description: List Webhook endpoint configurations x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.webhook operationId: list_webhook_configurations x-anchore-authz-action: listNotificationEndpointConfigurations responses: 200: description: List of Webhook endpoint configuration objects schema: $ref: '#/definitions/NotificationWebhookEndpointConfigurationList' post: tags: - Notifications description: Create a new Webhook endpoint configuration x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.webhook operationId: add_webhook_configuration x-anchore-authz-action: createNotificationEndpointConfiguration parameters: - name: configuration in: body required: true schema: $ref: '#/definitions/NotificationWebhookEndpointConfiguration' responses: 200: description: Newly created Webhook endpoint configuration object schema: $ref: '#/definitions/NotificationWebhookEndpointConfiguration' /notifications/endpoints/webhook/configurations/{configuration_uuid}/selectors/{selector_uuid}: get: tags: - Notifications description: Get a selector mapped to a Webhook endpoint configuration x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.webhook operationId: get_webhook_selector x-anchore-authz-action: getNotificationEndpointConfiguration parameters: - name: configuration_uuid type: string in: path format: path required: true - name: selector_uuid type: string in: path format: path required: true responses: 200: description: Selector object schema: $ref: '#/definitions/NotificationSelector' put: tags: - Notifications x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.webhook operationId: update_webhook_selector x-anchore-authz-action: updateNotificationEndpointConfiguration description: Update a selector mapped to a Webhook endpoint configuration parameters: - name: configuration_uuid type: string in: path format: path required: true - name: selector_uuid type: string in: path format: path required: true - name: selector schema: $ref: '#/definitions/NotificationSelector' in: body required: true responses: 200: description: Updated selector object schema: $ref: '#/definitions/NotificationSelector' delete: tags: - Notifications description: Delete a selector mapped to a Webhook endpoint configuration x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.webhook operationId: delete_webhook_selector x-anchore-authz-action: deleteNotificationEndpointConfiguration parameters: - name: configuration_uuid type: string in: path format: path required: true - name: selector_uuid type: string in: path format: path required: true responses: 200: description: Successful delete /notifications/endpoints/webhook/configurations/{uuid}: get: tags: - Notifications description: Get a Webhook endpoint configuration by it's UUID x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.webhook operationId: get_webhook_configuration x-anchore-authz-action: getNotificationEndpointConfiguration parameters: - name: uuid type: string in: path format: path required: true responses: 200: description: Webhook endpoint configuration object schema: $ref: '#/definitions/NotificationWebhookEndpointConfiguration' put: tags: - Notifications description: Update a Webhook endpoint configuration by it's UUID x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.webhook operationId: update_webhook_configuration x-anchore-authz-action: updateNotificationEndpointConfiguration parameters: - name: uuid type: string in: path format: path required: true - name: configuration in: body required: true schema: $ref: '#/definitions/NotificationWebhookEndpointConfiguration' responses: 200: description: Updated Webhook endpoint configuration object schema: $ref: '#/definitions/NotificationWebhookEndpointConfiguration' delete: tags: - Notifications description: Delete a Webhook endpoint configuration by it's UUID x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.webhook operationId: delete_webhook_configuration x-anchore-authz-action: deleteNotificationEndpointConfiguration parameters: - name: uuid type: string in: path format: path required: true responses: 200: description: Successful delete /notifications/endpoints/webhook/configurations/{uuid}/selectors: get: tags: - Notifications x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.webhook operationId: list_webhook_selectors x-anchore-authz-action: listNotificationEndpointConfigurations description: List selectors mapping events for delivery to a Webhook endpoint configuration parameters: - name: uuid type: string in: path format: path required: true responses: 200: description: List of selectors schema: $ref: '#/definitions/NotificationSelectorList' post: tags: - Notifications x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.webhook operationId: add_webhook_selector x-anchore-authz-action: createNotificationEndpointConfiguration description: Add selector for mapping events for delivery to a Webhook endpoint configuration parameters: - name: uuid type: string in: path format: path required: true - name: selector schema: $ref: '#/definitions/NotificationSelector' in: body required: true responses: 200: description: Newly created selector object schema: $ref: '#/definitions/NotificationSelector' /notifications/endpoints/webhook/configurations/{uuid}/status: get: tags: - Notifications x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.webhook operationId: get_webhook_configuration_status x-anchore-authz-action: getNotificationEndpointConfiguration description: Get operational status for a Webhook endpoint configuration parameters: - name: uuid type: string in: path format: path required: true responses: 200: description: Status object schema: $ref: '#/definitions/NotificationOperationalStatus' /notifications/endpoints/webhook/configurations/{uuid}/test: get: tags: - Notifications description: Test stored Webhook endpoint configuration x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.webhook operationId: test_stored_webhook_configuration x-anchore-authz-action: createNotificationEndpointConfiguration parameters: - name: uuid type: string in: path format: path required: true responses: 200: description: Test result schema: $ref: '#/definitions/NotificationWebhookTestResult' /notifications/endpoints/webhook/test: post: tags: - Notifications description: Test Webhook endpoint configuration x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.webhook operationId: test_webhook_configuration x-anchore-authz-action: createNotificationEndpointConfiguration parameters: - name: configuration in: body required: true schema: $ref: '#/definitions/NotificationWebhookEndpointConfiguration' responses: 200: description: Test result schema: $ref: '#/definitions/NotificationWebhookTestResult' /notifications/endpoints/{name}: put: tags: - Notifications description: Update enabled status of an endpoint x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.endpoints operationId: update_endpoint_status x-anchore-authz-action: updateNotificationEndpoint parameters: - name: name type: string in: path format: path required: true enum: - slack - jira - smtp - github - teams - webhook - name: status in: body required: true schema: $ref: '#/definitions/NotificationEndpointEnabledStatus' responses: 200: description: Updated status record for an endpoint schema: $ref: '#/definitions/NotificationEndpointEnabledStatus' /notifications/selectors: get: tags: - Notifications x-swagger-router-controller: anchore_enterprise.services.notifications.api.controllers.selectors operationId: list_selectors x-anchore-authz-action: listNotificationEndpointConfigurations description: List all selectors mapped to endpoint configurations for the account responses: 200: description: List of selectors schema: $ref: '#/definitions/NotificationSelectorList' /oauth/revoke: post: tags: - User Management x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.oauth operationId: revoke_oauth_token x-anchore-authz-action: None description: Revoke a refresh token previously requested from /oauth/token consumes: - application/x-www-form-urlencoded parameters: - name: token in: formData description: The token to be revoked type: string - name: token_type_hint in: formData description: A hint about the type of token to be revoked type: string enum: - refresh_token responses: 200: description: The token has been successfully revoked 401: description: Revocation of the provided token type is not supported 400: description: Error response schema: type: object properties: error: type: string description: ASCII error code from RFC6749 /oauth/token: post: tags: - User Management x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.oauth operationId: get_oauth_token x-anchore-authz-action: None description: Request a jwt token for subsequent operations, this request is authenticated with normal HTTP auth consumes: - application/x-www-form-urlencoded parameters: - name: grant_type in: formData description: OAuth Grant type for token type: string default: password - name: username in: formData type: string description: User to assign OAuth token to - name: password in: formData type: string description: Password for corresponding user - name: client_id in: formData description: The type of client used for the OAuth token type: string default: anonymous - name: refresh_token in: formData description: The refresh token from a previous password grant request, used to get a new access_token type: string responses: 200: description: Resulting JWT token schema: $ref: '#/definitions/TokenResponse' 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' /policies: get: tags: - Policies x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.policies x-anchore-authz-action: listPolicies operationId: list_policies summary: List policies description: List all saved policies parameters: - name: detail in: query type: boolean required: false description: Include policy detail in the form of the full policy content for each entry - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Policy listing schema: $ref: '#/definitions/PolicyList' post: tags: - Policies x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.policies operationId: add_policy x-anchore-authz-action: createPolicy summary: Add a new policy description: Adds a new policy to the system parameters: - name: policy in: body required: true schema: $ref: '#/definitions/Policy' - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Saved policy schema: $ref: '#/definitions/PolicyRecord' 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' /policies/{policy_id}: get: tags: - Policies x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.policies operationId: get_policy x-anchore-authz-action: getPolicy description: Get the policy content summary: Get specific policy parameters: - name: policy_id in: path format: path type: string required: true - name: detail in: query type: boolean required: false description: Include policy detail in the form of the full policy content for each entry - $ref: '#/parameters/AsAccountParameter' responses: 200: description: A single fetched policy record schema: $ref: '#/definitions/PolicyRecord' 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' put: tags: - Policies x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.policies operationId: update_policy x-anchore-authz-action: updatePolicy description: Update/replace and existing policy summary: Update policy parameters: - name: policy in: body required: true schema: $ref: '#/definitions/PolicyRecord' - name: policy_id in: path format: path type: string required: true - name: active in: query type: boolean required: false description: Mark policy as active - $ref: '#/parameters/AsAccountParameter' responses: 200: description: A single updated policy record schema: $ref: '#/definitions/PolicyRecord' 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' delete: tags: - Policies x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.policies operationId: delete_policy x-anchore-authz-action: deletePolicy description: Delete the specified policy summary: Delete policy parameters: - name: policy_id in: path format: path required: true type: string - $ref: '#/parameters/AsAccountParameter' responses: 204: description: Delete success 404: description: Policy not found to delete schema: $ref: '#/definitions/ApiErrorResponse' 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' /query/images/by-package: get: tags: - Query x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.query operationId: query_images_by_package x-anchore-authz-action: listImages summary: List of images containing given package description: Filterable query interface to search for images containing specified package parameters: - name: name in: query description: Name of package to search for (e.g. sed) required: true type: string - name: package_type in: query description: Type of package to filter on (e.g. dpkg) required: false type: string - name: version in: query description: Version of named package to filter on (e.g. 4.4-1) required: false type: string - name: page in: query description: The page of results to fetch. Pages start at 1 required: false type: string - name: limit in: query type: integer description: Limit the number of records for the requested page. If omitted or set to 0, return all results in a single page required: false - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Image listing schema: $ref: '#/definitions/PaginatedImageList' 400: description: Bad filter parameters schema: $ref: '#/definitions/ApiErrorResponse' /query/vulnerabilities: get: tags: - Query - Vulnerabilities x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.query operationId: query_vulnerabilities x-anchore-authz-action: None summary: Listing information about given vulnerability description: List (w/filters) vulnerability records known by the system, with affected packages information if present parameters: - name: id in: query required: true type: array items: type: string description: The ID of the vulnerability (e.g. CVE-1999-0001) - name: affected_package in: query description: Filter results by specified package name (e.g. sed) required: false type: string - name: affected_package_version in: query description: Filter results by specified package version (e.g. 4.4-1) required: false type: string - name: page in: query type: string description: The page of results to fetch. Pages start at 1 required: false default: '1' - name: limit in: query type: integer description: Limit the number of records for the requested page. If omitted or set to 0, return all results in a single page required: false - name: namespace in: query type: array items: type: string description: Namespace(s) to filter vulnerability records by required: false responses: 200: description: Vulnerability listing paginated schema: $ref: '#/definitions/PaginatedVulnerabilityList' 400: description: Invalid filter parameters schema: $ref: '#/definitions/ApiErrorResponse' /rbac-manager/my-roles: get: tags: - RBAC x-swagger-router-controller: anchore_enterprise.services.rbac_manager.api.controllers.roles x-anchore-authz-action: None operationId: my_roles summary: List the roles for which the authenticated user is a member responses: 200: description: Role summary listing schema: $ref: '#/definitions/RbacManagerUserRoleListing' 500: description: Internal error schema: $ref: '#/definitions/RbacManagerApiErrorResponse' /rbac-manager/roles: get: tags: - RBAC x-swagger-router-controller: anchore_enterprise.services.rbac_manager.api.controllers.roles x-anchore-authz-action: listRoles operationId: list_roles summary: List roles available in the system responses: 200: description: Role summary listing schema: $ref: '#/definitions/RbacManagerRoleSummaryList' 500: description: Internal error schema: $ref: '#/definitions/RbacManagerApiErrorResponse' /rbac-manager/roles/{role_name}: get: tags: - RBAC x-swagger-router-controller: anchore_enterprise.services.rbac_manager.api.controllers.roles operationId: get_role x-anchore-authz-action: getRole summary: Get detailed information about a specific role parameters: - name: role_name in: path format: path required: true type: string responses: 200: description: Role details schema: $ref: '#/definitions/RbacManagerRole' 500: description: Internal error schema: $ref: '#/definitions/RbacManagerApiErrorResponse' /rbac-manager/roles/{role_name}/members: get: tags: - RBAC x-swagger-router-controller: anchore_enterprise.services.rbac_manager.api.controllers.roles operationId: list_role_members x-anchore-authz-action: listRoleMembers summary: Returns a list of objects that have members in the role. The list is filtered by 'listRoleMembers' access for the 'account' element of each entry. parameters: - name: role_name in: path format: path required: true type: string - name: for_account in: query required: false type: string description: Optional filter parameter to limit the set fo returned items to only those with matching account. Will return Access Denied if caller does not have permission to listRoleMembers for that account. responses: 200: description: List of users assigned the role schema: $ref: '#/definitions/RbacManagerRoleMemberList' 500: description: Internal error schema: $ref: '#/definitions/RbacManagerApiErrorResponse' post: tags: - RBAC x-swagger-router-controller: anchore_enterprise.services.rbac_manager.api.controllers.roles operationId: add_role_user x-anchore-authz-action: createRoleMember summary: Add a user to the role parameters: - name: role_name in: path format: path type: string required: true - name: member in: body required: true schema: $ref: '#/definitions/RbacManagerRoleMember' responses: 200: description: Added user mapping schema: $ref: '#/definitions/RbacManagerRoleMember' 500: description: Internal error schema: $ref: '#/definitions/RbacManagerApiErrorResponse' delete: tags: - RBAC x-swagger-router-controller: anchore_enterprise.services.rbac_manager.api.controllers.roles operationId: delete_role_user x-anchore-authz-action: deleteRoleMember summary: Remove a user from the role parameters: - name: role_name in: path format: path type: string required: true - name: username in: query required: true type: string description: The username to remove the role for - name: for_account in: query required: true type: string description: The account that the user has the role to be removed responses: 204: description: Success 500: description: Internal error schema: $ref: '#/definitions/RbacManagerApiErrorResponse' /rbac-manager/saml/idps: get: tags: - RBAC x-swagger-router-controller: anchore_enterprise.services.rbac_manager.api.controllers.auth operationId: list_idps x-anchore-authz-action: None description: List the names of configured Identity Providers for this anchore installation responses: 200: description: List of idp names schema: type: array items: type: string description: Name of idp for login or config operations 500: description: Internal error schema: $ref: '#/definitions/RbacManagerApiErrorResponse' post: tags: - RBAC x-swagger-router-controller: anchore_enterprise.services.rbac_manager.api.controllers.auth operationId: add_idp x-anchore-authz-action: None description: Add a new Identity Provider to the system, with a specific name parameters: - name: configuration in: body required: true schema: $ref: '#/definitions/RbacManagerSamlConfiguration' responses: 200: description: Entry created schema: $ref: '#/definitions/RbacManagerSamlConfiguration' 409: description: Conflict, entry already exists schema: $ref: '#/definitions/RbacManagerApiErrorResponse' 500: description: Internal error schema: $ref: '#/definitions/RbacManagerApiErrorResponse' /rbac-manager/saml/idps/{name}: get: tags: - RBAC x-swagger-router-controller: anchore_enterprise.services.rbac_manager.api.controllers.auth operationId: get_idp x-anchore-authz-action: None description: Return the configuration for a named Identity Provider parameters: - name: name in: path format: path required: true type: string responses: 200: description: Successfully retrieved configuration schema: $ref: '#/definitions/RbacManagerSamlConfiguration' 404: description: Not found schema: $ref: '#/definitions/RbacManagerApiErrorResponse' 500: description: Internal error schema: $ref: '#/definitions/RbacManagerApiErrorResponse' put: tags: - RBAC x-swagger-router-controller: anchore_enterprise.services.rbac_manager.api.controllers.auth operationId: update_idp x-anchore-authz-action: None description: Update an existing Identity Provider configuration parameters: - name: name in: path format: path required: true type: string - name: configuration in: body required: true schema: $ref: '#/definitions/RbacManagerSamlConfiguration' responses: 200: description: Successfully updated configuration schema: $ref: '#/definitions/RbacManagerSamlConfiguration' 404: description: Not found schema: $ref: '#/definitions/RbacManagerApiErrorResponse' 400: description: Not found schema: $ref: '#/definitions/RbacManagerApiErrorResponse' 500: description: Internal error schema: $ref: '#/definitions/RbacManagerApiErrorResponse' delete: tags: - RBAC x-swagger-router-controller: anchore_enterprise.services.rbac_manager.api.controllers.auth operationId: delete_idp x-anchore-authz-action: None description: Delete an idp configuration. Users will not longer be able to login from this idp. In addition, any users that have been configured explicitly or JIT Provisioned on this IDP will be deleted. parameters: - name: name in: path format: path required: true type: string responses: 204: description: Successfully deleted 404: description: Not found 500: description: Internal error schema: $ref: '#/definitions/RbacManagerApiErrorResponse' /rbac-manager/saml/login/{idp_name}: get: tags: - RBAC x-swagger-router-controller: anchore_enterprise.services.rbac_manager.api.controllers.auth operationId: saml_login x-anchore-authz-action: None description: Initiate an SP-initiated login sequence for the Idp. The SP will respond with the SAML AuthN Request the client must send to the Idp URL consumes: - application/x-www-form-urlencoded parameters: - name: idp_name in: path format: path type: string required: true responses: 200: description: Resulting JWT token schema: $ref: '#/definitions/RbacManagerTokenResponse' 500: description: Internal error schema: $ref: '#/definitions/RbacManagerApiErrorResponse' /rbac-manager/saml/sso/{idp_name}: post: tags: - RBAC x-swagger-router-controller: anchore_enterprise.services.rbac_manager.api.controllers.auth operationId: saml_sso x-anchore-authz-action: None description: Perform a login using a SAML assertion, no HTTP auth is required as the SAML assertion is considered the authenticating token consumes: - application/x-www-form-urlencoded parameters: - name: idp_name in: path format: path required: true type: string responses: 200: description: Resulting JWT token schema: $ref: '#/definitions/RbacManagerTokenResponse' 500: description: Internal error schema: $ref: '#/definitions/RbacManagerApiErrorResponse' /rbac-manager/users/{username}/roles: get: tags: - RBAC x-swagger-router-controller: anchore_enterprise.services.rbac_manager.api.controllers.roles x-anchore-authz-action: None operationId: list_user_roles summary: List the roles for which the requested user is a member parameters: - name: username in: path format: path type: string required: true - name: for_account in: query type: string required: false - name: role in: query type: string required: false responses: 200: description: Role summary listing schema: $ref: '#/definitions/RbacManagerUserRoleMembership' 500: description: Internal error schema: $ref: '#/definitions/RbacManagerApiErrorResponse' /registries: get: tags: - Registries x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.registries operationId: list_registries x-anchore-authz-action: listRegistries summary: List configured registries description: List all configured registries the system can/will watch parameters: - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Registry listing schema: $ref: '#/definitions/RegistryConfigurationList' post: tags: - Registries x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.registries operationId: create_registry x-anchore-authz-action: createRegistry summary: Add a new registry description: Adds a new registry to the system parameters: - name: validate in: query type: boolean description: flag to determine whether or not to validate registry/credential at registry add time required: false - name: registry_data in: body required: true schema: $ref: '#/definitions/RegistryConfigurationRequest' - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Saved registry configuration schema: $ref: '#/definitions/RegistryConfigurationList' 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' /registries/{registry}: get: tags: - Registries x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.registries operationId: get_registry x-anchore-authz-action: getRegistry summary: Get a specific registry configuration description: Get information on a specific registry parameters: - name: registry in: path format: path required: true type: string - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Registry configuration schema: $ref: '#/definitions/RegistryConfigurationList' put: tags: - Registries x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.registries operationId: update_registry x-anchore-authz-action: updateRegistry summary: Update/replace a registry configuration description: Replaces an existing registry record with the given record parameters: - name: registry in: path format: path required: true type: string - name: validate in: query type: boolean description: flag to determine whether or not to validate registry/credential at registry update time required: false - name: registry_data in: body required: true schema: $ref: '#/definitions/RegistryConfigurationRequest' - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Updated registry configuration schema: $ref: '#/definitions/RegistryConfigurationList' 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' delete: tags: - Registries x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.registries operationId: delete_registry x-anchore-authz-action: deleteRegistry summary: Delete a registry configuration description: Delete a registry configuration record from the system. Does not remove any images. parameters: - name: registry in: path required: true type: string format: path - $ref: '#/parameters/AsAccountParameter' responses: 204: description: Delete success 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' /reporting/reports/global/scheduled-query-results/{result_uuid}: get: tags: - Reports x-swagger-router-controller: anchore_enterprise.services.reports.api.controllers.scheduled_queries operationId: get_global_query_result x-anchore-authz-action: listImages description: Get a single saved global query result parameters: - name: result_uuid in: path format: path required: true type: string pattern: '[0-9a-z-]+' - name: page in: query required: false type: integer description: Page number to fetch. If omitted, '1' is default. Page numbers start at 1 responses: 200: description: Saved Query result page 500: description: Internal Error /reporting/scheduled-query-results/{result_uuid}: get: tags: - Reports x-swagger-router-controller: anchore_enterprise.services.reports.api.controllers.scheduled_queries operationId: get_query_result x-anchore-authz-action: listImages description: Get a single saved query result parameters: - name: result_uuid in: path format: path required: true type: string pattern: '[0-9a-z-]+' - name: page in: query required: false type: integer description: Page number to fetch. If omitted, '1' is default. Page numbers start at 1 responses: 200: description: Saved Query result page 500: description: Internal Error /repositories: post: tags: - Subscriptions summary: Add repository to watch description: '' operationId: add_repository x-anchore-authz-action: createRepository parameters: - name: repository in: query type: string description: full repository to add e.g. docker.io/library/alpine required: true - name: auto_subscribe in: query type: boolean description: flag to enable/disable auto tag_update activation when new images from a repo are added required: false - name: dry_run in: query type: boolean description: flag to return tags in the repository without actually watching the repository, default is false required: false - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Repository and discovered tags added schema: $ref: '#/definitions/SubscriptionList' x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.images /sources: get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.sources operationId: list_sources x-anchore-authz-action: listSources summary: List the source repository analysis records produces: - application/json parameters: [] responses: 200: description: success schema: $ref: '#/definitions/SourcesList' 500: description: Internal Error tags: - Sources /sources/{source_id}: get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.sources operationId: get_source x-anchore-authz-action: getSource summary: Get a detailed source repository analysis metadata record produces: - application/json parameters: - name: source_id in: path format: path type: string required: true responses: 200: description: success schema: $ref: '#/definitions/SourceManifest' 500: description: Internal Error tags: - Sources delete: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.sources operationId: delete_source x-anchore-authz-action: getSource summary: Delete source record from DB description: '' parameters: - name: source_id in: path format: path type: string description: UUID of source to delete required: true - name: force in: query type: boolean description: force delete required: false produces: - application/json responses: 204: description: Delete success 500: description: Internal Error tags: - Sources /sources/{source_id}/check: get: x-anchore-authz-action: getSourceEvaluation x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.sources operationId: get_source_policy_check_v2 summary: Fetch or calculate policy evaluation for a source description: '' parameters: - name: source_id in: path format: path type: string description: UUID of source to get required: true - name: policy_id type: string in: query required: false produces: - application/json responses: 200: description: success schema: $ref: '#/definitions/SourcePolicyEvaluation' tags: - Sources - Policy Evaluation /sources/{source_id}/content: get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.sources operationId: get_source_content_types x-anchore-authz-action: getSource summary: Get a detailed source repository analysis metadata record produces: - application/json parameters: - name: source_id in: path format: path type: string required: true responses: 200: description: success schema: type: array description: Array of available types items: type: string 500: description: Internal Error tags: - Sources /sources/{source_id}/content/{content_type}: get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.sources operationId: get_source_content_by_type x-anchore-authz-action: getSource summary: Get the content of an analyzed source repository parameters: - name: source_id in: path format: path type: string required: true - name: content_type in: path format: path type: string required: true responses: 200: description: Content of specified type from the image schema: $ref: '#/definitions/SourceContentPackageResponse' 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' tags: - Sources /sources/{source_id}/sbom/cyclonedx-json: get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.sources operationId: get_source_sbom_cyclonedx_json x-anchore-authz-action: getSource summary: Return the source SBOM in the CycloneDX format parameters: - name: source_id in: path format: path type: string required: true responses: 200: description: success schema: type: string 500: description: Internal Error tags: - Sources /sources/{source_id}/sbom/native-json: get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.sources operationId: get_source_sbom_native_json x-anchore-authz-action: getSource summary: Return the source SBOM in the native Anchore format parameters: - name: source_id in: path format: path type: string required: true responses: 200: description: success schema: type: string 500: description: Internal Error tags: - Sources /sources/{source_id}/sbom/spdx-json: get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.sources operationId: get_source_sbom_spdx_json x-anchore-authz-action: getSource summary: Return the source SBOM in the SPDX format parameters: - name: source_id in: path format: path type: string required: true responses: 200: description: success schema: type: string 500: description: Internal Error tags: - Sources /sources/{source_id}/vuln: get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.sources operationId: get_source_vulnerability_types x-anchore-authz-action: getSource summary: Get the available vulnerability types for source produces: - application/json parameters: - name: source_id in: path format: path type: string required: true - $ref: '#/parameters/AsAccountParameter' responses: 200: description: List of vulnerability types for the source schema: type: array items: type: string enum: - all - os - non-os 500: description: Internal Error tags: - Sources /sources/{source_id}/vuln/{vuln_type}: get: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.sources operationId: get_source_vulnerabilities x-anchore-authz-action: getSource summary: Get vulnerabilities for the source by type produces: - application/json parameters: - name: source_id in: path format: path type: string required: true - name: vuln_type in: path type: string enum: - os - non-os - all required: true - name: force_refresh in: query type: boolean required: false - name: will_not_fix in: query type: boolean required: false description: Vulnerability data publishers explicitly won't fix some vulnerabilities. This is captured by will_not_fix attribute of each result. If the query parameter is set, results matching it's value will be filtered. Results are not filtered if the query parameter is unset - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Vulnerability listing for the source schema: $ref: '#/definitions/SourcePackageVulnerabilityResponse' 500: description: Internal Error tags: - Sources /status: get: tags: - System x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.system operationId: get_status x-anchore-authz-action: None summary: Service status description: Get the API service status responses: 200: description: Status listing schema: $ref: '#/definitions/StatusResponse' 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' /subscriptions: get: tags: - Subscriptions x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.subscriptions operationId: list_subscriptions x-anchore-authz-action: listSubscriptions summary: List all subscriptions parameters: - name: subscription_key in: query type: string description: filter only subscriptions matching key required: false - name: subscription_type in: query type: string description: filter only subscriptions matching type required: false - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Subscription listing schema: $ref: '#/definitions/SubscriptionList' 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' post: tags: - Subscriptions x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.subscriptions operationId: add_subscription x-anchore-authz-action: createSubscription summary: Add a subscription of a specific type description: Create a new subscription to watch a tag and get notifications of changes parameters: - name: subscription in: body required: true schema: $ref: '#/definitions/SubscriptionRequest' - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Subscription add success schema: $ref: '#/definitions/SubscriptionList' /subscriptions/{subscription_id}: get: tags: - Subscriptions x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.subscriptions operationId: get_subscription x-anchore-authz-action: getSubscription summary: Get a specific subscription set parameters: - name: subscription_id in: path format: path required: true type: string - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Filtered subscription list by type schema: $ref: '#/definitions/SubscriptionList' 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' put: tags: - Subscriptions x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.subscriptions operationId: update_subscription x-anchore-authz-action: updateSubscription summary: Update an existing and specific subscription parameters: - name: subscription_id in: path format: path required: true type: string - name: subscription in: body required: true schema: $ref: '#/definitions/SubscriptionUpdate' - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Subscription add success schema: $ref: '#/definitions/SubscriptionList' delete: tags: - Subscriptions x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.subscriptions operationId: delete_subscription x-anchore-authz-action: deleteSubscription summary: Delete subscriptions of a specific type parameters: - name: subscription_id in: path format: path required: true type: string - $ref: '#/parameters/AsAccountParameter' responses: 204: description: Delete success 404: description: Subscription Id was not found 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' /summaries/image-tags: get: tags: - Summaries x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.images operationId: list_imagetags x-anchore-authz-action: listImages summary: List all visible image digests and tags description: List all image tags visible to the user parameters: - name: image_status in: query type: array items: type: string enum: - all - active - deleting collectionFormat: csv required: false default: - active description: Filter images in one or more states such as active, deleting. Defaults to active images only if unspecified - $ref: '#/parameters/AsAccountParameter' responses: 200: description: successful operation schema: $ref: '#/definitions/AnchoreImageTagSummaryList' 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' /system: get: tags: - System x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.system operationId: get_service_detail x-anchore-authz-action: None summary: System status description: Get the system status including queue lengths responses: 200: description: Status listing schema: $ref: '#/definitions/SystemStatusResponse' 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' /system/error-codes: get: summary: Describe anchore engine error codes. description: Describe anchore engine error codes. operationId: describe_error_codes x-anchore-authz-action: None tags: - System responses: 200: description: Error Codes Description schema: type: array description: List of Error Code Descriptions items: $ref: '#/definitions/AnchoreErrorCode' x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.system /system/feeds: get: tags: - System summary: list feeds operations and information description: Return a list of feed and their groups along with update and record count information. This data reflects the state of the policy engine, not the upstream feed service itself. operationId: get_system_feeds x-anchore-authz-action: listFeeds responses: 200: description: success schema: type: array items: $ref: '#/definitions/FeedMetadata' 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.system post: tags: - System summary: trigger feeds operations description: Execute a synchronous update of the latest GrypeDB with the policy-engine. The response will block until complete, then return the result summary. operationId: post_system_feeds x-anchore-authz-action: updateFeeds responses: 200: description: Feeds operation success schema: $ref: '#/definitions/FeedSyncResults' 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.system /system/feeds/{feed}: put: tags: - System x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.system operationId: toggle_feed_enabled x-anchore-authz-action: updateFeeds description: Disable the feed so that it does not sync on subsequent sync operations consumes: - application/json produces: - application/json parameters: - name: feed in: path format: path required: true type: string enum: - packages - vulnerabilities - name: enabled type: boolean required: true in: query responses: 200: description: FeedInfo schema: $ref: '#/definitions/FeedMetadata' 500: description: Internal server error processing the request. Retry expected 400: description: Bad request, fix and resend delete: tags: - System x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.system operationId: delete_feed x-anchore-authz-action: updateFeeds description: Delete the groups and data for the feed and disable the feed itself consumes: - application/json produces: - application/json parameters: - name: feed in: path format: path required: true type: string responses: 200: description: Successfully deleted 500: description: Internal server error processing the request. Retry expected 404: description: Not found /system/policy-spec: get: summary: Describe the policy language spec implemented by this service. description: Get the policy language spec for this service operationId: describe_policy x-anchore-authz-action: None tags: - System responses: 200: description: Policy Language Description schema: $ref: '#/definitions/GateSpecList' x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.system /system/services: get: tags: - System x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.system operationId: list_services x-anchore-authz-action: listServices summary: List system services responses: 200: description: Service listing schema: $ref: '#/definitions/ServiceList' 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' /system/services/{service_name}: get: tags: - System x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.system operationId: get_services_by_name x-anchore-authz-action: getService summary: Get a service configuration and state parameters: - name: service_name in: path format: path type: string required: true responses: 200: description: Service Info schema: $ref: '#/definitions/ServiceList' 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' /system/services/{service_name}/{host_id}: get: tags: - System x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.system operationId: get_services_by_name_and_host x-anchore-authz-action: getService summary: Get service config for a specific host parameters: - name: service_name in: path format: path type: string required: true - name: host_id in: path format: path type: string required: true responses: 200: description: Listing of registered services schema: $ref: '#/definitions/ServiceList' 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' delete: tags: - System x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.system operationId: delete_service x-anchore-authz-action: deleteService summary: Delete the service config parameters: - name: service_name in: path format: path type: string required: true - name: host_id in: path format: path type: string required: true responses: 200: description: Delete success 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' /system/webhooks/{webhook_type}/test: post: summary: Adds the capabilities to test a webhook delivery for the given notification type description: Loads the Webhook configuration for webhook_type, and sends the notification out as a test operationId: test_webhook x-anchore-authz-action: None tags: - System parameters: - name: webhook_type in: path format: path required: true type: string description: The Webhook Type that we should test - name: notification_type in: query required: false description: What kind of Notification to send default: tag_update type: string enum: - tag_update - analysis_update - vuln_update - policy_eval responses: 200: description: The Webhook was sent successfully. Schemas may be found under Models (PolicyEvalNotification, TagUpdateNotification, VulnUpdateNotification, AnalysisUpdateNotification) 400: description: The Webhook failed to send due to misconfiguration schema: $ref: '#/definitions/ApiErrorResponse' 500: description: The Webhook failed to send due to an Internal Error schema: $ref: '#/definitions/ApiErrorResponse' x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.system /user: get: tags: - Identity x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.user operationId: get_user x-anchore-authz-action: None summary: List authenticated user info responses: 200: description: User details for caller's user schema: $ref: '#/definitions/User' 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' /user/credentials: get: tags: - Identity summary: Get current credential summary operationId: get_credentials x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.user x-anchore-authz-action: None responses: 200: description: User credential listing schema: $ref: '#/definitions/CredentialList' 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' post: tags: - Identity summary: add/replace credential operationId: add_credential x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.user x-anchore-authz-action: None parameters: - name: credential in: body required: true schema: $ref: '#/definitions/AccessCredential' responses: 200: description: Add a credential, over-writing if already exists schema: $ref: '#/definitions/User' 500: description: Internal error schema: $ref: '#/definitions/ApiErrorResponse' /version: get: tags: - System x-swagger-router-controller: anchore_enterprise.common.common operationId: version_check x-anchore-authz-action: None description: Returns the version object for the service, including db schema version info responses: 200: description: Version object describing version state schema: $ref: '#/definitions/ServiceVersion' /vulnerability-scan: post: x-swagger-router-controller: anchore_enterprise.services.api.api.controllers.stateless operationId: vulnerability_scan_sbom x-anchore-authz-action: getImage summary: Return a vulnerability scan for the uploaded SBOM without storing the SBOM and without any side-effects in the system. description: Use this operation for checking sboms for vulnerabilities in cases where the sbom does not need to be stored for later re-scans or added to the managed set of SBOMs in Anchore. If you need to upload and save an SBOM use the "/import/*" API set instead. parameters: - name: sbom in: body required: true schema: type: object - $ref: '#/parameters/AsAccountParameter' responses: 200: description: Vulnerability listing for the sbom schema: $ref: '#/definitions/SBOMVulnerabilitiesResponse' 500: description: Internal Error schema: $ref: '#/definitions/ApiErrorResponse' tags: - Stateless definitions: AccessCredential: type: object description: A login credential mapped to a user identity. For password credentials, the username to present for Basic auth is the user's username from the user record required: - type - value properties: type: description: The type of credential type: string enum: - password value: description: The credential value (e.g. the password) type: string created_at: type: string description: The timestamp of creation of the credential Account: type: object description: Account information required: - name properties: name: type: string description: The account identifier, not updatable after creation type: type: string description: The user type (admin vs user). If not specified in a POST request, 'user' is default enum: - user - admin - service state: type: string enum: - enabled - disabled - deleting description: State of the account. Disabled accounts prevent member users from logging in, deleting accounts are disabled and pending deletion and will be removed once all owned resources are garbage collected by the system email: type: string description: Optional email address associated with the account created_at: type: string format: date-time description: The timestamp when the account was created last_updated: type: string format: date-time description: The timestamp of the last update to the account metadata itself (not users or creds) AccountCreationRequest: type: object description: An account to create/add to the system. If already exists will return 400. required: - name properties: name: type: string description: The account name to use. This will identify the account and must be globally unique in the system. pattern: ^[a-zA-Z0-9][ a-zA-Z0-9@.!#$+-=^_`~;]{1,126}[a-zA-Z0-9_]$ email: type: string description: An optional email to associate with the account for contact purposes pattern: '[a-z0-9!#$%&''*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&''*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?' AccountInfo: type: object description: Account Information. properties: email: type: string description: An optional email to associate with the account for contact purposes pattern: '[a-z0-9!#$%&''*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&''*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?' AccountList: type: array items: $ref: '#/definitions/Account' AccountStatus: type: object description: A summary of account status properties: state: type: string enum: - enabled - disabled description: The status of the account ActionPlan: type: object description: describes a remediation action plan object properties: type: type: string image_tag: type: string image_digest: type: string policy_id: type: string resolutions: type: array items: $ref: '#/definitions/ActionPlanResolution' endpoint: type: string configuration_id: type: string subject: type: string message: type: string uuid: type: string created_at: type: string format: date-time last_updated: type: string format: date-time ActionPlanResolution: type: object description: defines the trigger IDs and content of a resolution for an action plan properties: trigger_ids: type: array items: type: string content: type: string ActionPlans: type: array description: List of Action Plans items: $ref: '#/definitions/ActionPlan' AddAnalysisArchiveResult: type: array description: List of analysis archive add results items: $ref: '#/definitions/AnalysisArchiveAddResult' AlertSummary: description: A summary of the stateful indicator of a specific event in the system type: object properties: uuid: type: string description: Identifier for the alert example: 56c2463b-49e5-49d7-b9a4-0c5c78faec6e type: type: string description: Type of the alert enum: - compliance_violation example: compliance_violation state: type: string description: Current state of the alert enum: - open - closed example: open resource_labels: type: array items: $ref: '#/definitions/ResourceLabel' closed_by: type: string description: Account that closed the alert example: system closed_reason: type: string description: Reason for closing the alert example: closed by action plan id created_at: type: string description: RFC 3339 formatted UTC timestamp when the alert was generated format: date-time example: 2020-10-20 01:20:11.378022+00:00 last_updated: type: string description: RFC 3339 formatted UTC timestamp when the alert was last modified format: date-time example: 2020-10-20 01:20:11.378022+00:00 AlertSummaryList: type: array description: Array of alert summaries items: $ref: '#/definitions/AlertSummary' Allowlist: type: object description: A collection of allowlist items to match a policy evaluation against. required: - id - name - version - items additionalProperties: false properties: id: type: string name: type: string version: type: string description: type: string description: Description of the Allowlist, human readable items: type: array items: $ref: '#/definitions/AllowlistItem' AllowlistItem: type: object description: Identifies a specific gate and trigger match from a policy against an image and indicates it should be ignored in final policy decisions required: - id - gate - trigger_id additionalProperties: false properties: id: type: string gate: type: string trigger_id: type: string expires_on: x-nullable: true type: string format: date-time pattern: ^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d+)?(?:\:\d+)?[A-Z]?$ description: type: string description: Description of the Allowlist item, human readable AnalysisArchiveAddResult: type: object description: The result of adding a single digest to the archive properties: digest: type: string description: The image digest requested to be added status: type: string description: The status of the archive add operation. Typically either 'archived' or 'error' enum: - archived - archiving - error detail: type: string description: Details on the status, e.g. the error message AnalysisArchiveRules: type: array description: Rule set for automatic archiving of system objects and flushing of archived objects (permanent delete). items: $ref: '#/definitions/AnalysisArchiveTransitionRule' AnalysisArchiveRulesSummary: type: object description: Summary of the transition rule set properties: count: type: integer description: The number of rules for this account last_updated: type: string description: The newest last_updated timestamp from the set of rules format: date-time AnalysisArchiveSource: x-nullable: true type: object description: An image reference in the analysis archive for the purposes of loading analysis from the archive into th working set required: - digest properties: digest: type: string description: The image digest identify the analysis. Archived analyses are based on digest, tag records are restored as analysis is restored. pattern: ^sha256:[a-fA-F0-9]{64}$ AnalysisArchiveSummary: type: object description: A summarization of the analysis archive, including size, counts, etc. This archive stores image analysis only, never the actual image content or layers. properties: total_image_count: type: integer description: The number of unique images (digests) in the archive total_tag_count: type: integer description: The number of tag records (registry/repo:tag pull strings) in the archive. This may include repeated tags but will always have a unique tag->digest mapping per record. total_data_bytes: type: integer description: The total sum of all the bytes stored to the backing storage. Accounts for anchore-applied compression, but not compression by the underlying storage system. last_updated: type: string description: The timestamp of the most recent archived image format: date-time AnalysisArchiveTransitionRule: type: object description: A rule for auto-archiving image analysis by time and/or tag-history required: - transition properties: selector: $ref: '#/definitions/ImageSelector' rule_id: type: string description: Unique identifier for archive rule tag_versions_newer: type: integer description: Number of images mapped to the tag that are newer analysis_age_days: type: integer description: Matches if the analysis is strictly older than this number of days transition: type: string description: The type of transition to make. If "archive", then archive an image from the working set and remove it from the working set. If "delete", then match against archived images and delete from the archive if match. enum: - archive - delete system_global: type: boolean description: True if the rule applies to all accounts in the system. This is only available to admin users to update/modify, but all users with permission to list rules can see them created_at: type: string format: date-time last_updated: type: string format: date-time exclude: $ref: '#/definitions/AnalysisArchiveTransitionRuleExclude' max_images_per_account: type: integer description: This is the maximum number of image analyses an account can have. Can only be set on system_global rules AnalysisArchiveTransitionRuleExclude: type: object description: Which Images to exclude from auto-archiving logic properties: selector: $ref: '#/definitions/ImageSelector' expiration_days: type: integer description: How long the image selected will be excluded from the archive transition default: -1 last_seen_in_days: type: integer description: Exclude image from archive if last seen in inventory within defined number of days default: -1 AnalysisStatusDetail: type: object description: The detail of an analysis status change recording which service initiated the state change, when, and which transition required: - from_status - to_status - timestamp - source properties: from_status: type: string to_status: type: string timestamp: type: string format: datetime source: $ref: '#/definitions/ServiceReference' AnalysisUpdateEval: type: object description: Evaluation Results for an entity (current or last) properties: analysis_status: type: string annotations: type: object image_digest: type: string AnalysisUpdateNotification: allOf: - $ref: '#/definitions/NotificationBase' - type: object description: The Notification Object definition for Analysis Update Notifications properties: data: $ref: '#/definitions/AnalysisUpdateNotificationData' AnalysisUpdateNotificationData: allOf: - $ref: '#/definitions/BaseNotificationData' - type: object properties: notification_payload: $ref: '#/definitions/AnalysisUpdateNotificationPayload' AnalysisUpdateNotificationPayload: allOf: - $ref: '#/definitions/GenericNotificationPayload' - type: object properties: curr_eval: $ref: '#/definitions/AnalysisUpdateEval' last_eval: $ref: '#/definitions/AnalysisUpdateEval' annotations: type: object description: List of Corresponding Image Annotations x-nullable: true AnchoreErrorCode: type: object description: A description of an anchore error code (name, description) properties: name: type: string description: Error code name description: type: string description: Description of the error code AnchoreImage: description: A unique image in the engine. May have multiple tags or references. Unique to an image content across registries or repositories. type: object properties: image_content: $ref: '#/definitions/ImageContent' image_detail: type: array description: Details specific to an image reference and type such as tag and image source items: $ref: '#/definitions/ImageDetail' last_updated: type: string format: date-time created_at: type: string format: date-time image_digest: type: string parent_digest: type: string account_name: type: string annotations: type: object image_status: type: string description: State of the image enum: - active - inactive - disabled analysis_status: type: string description: A state value for the current status of the analysis progress of the image enum: - not_analyzed - analyzing - analyzed - analysis_failed record_version: type: string description: The version of the record, used for internal schema updates and data migrations. analysis_status_detail: type: array x-nullable: true items: $ref: '#/definitions/AnalysisStatusDetail' AnchoreImageList: description: A list of Anchore Images type: object properties: items: type: array items: $ref: '#/definitions/AnchoreImage' AnchoreImageTagSummary: description: A unique image in the engine. type: object properties: image_digest: type: string parent_digest: type: string image_id: type: string analysis_status: type: string full_tag: type: string created_at: type: integer analyzed_at: type: integer tag_detected_at: type: integer image_status: type: string AnchoreImageTagSummaryList: description: a list of AnchoreImageTagSummary objects type: object properties: items: type: array items: $ref: '#/definitions/AnchoreImageTagSummary' AnyValue: {} ApiErrorResponse: description: Generic HTTP API error response type: object properties: code: type: integer format: int32 error_type: type: string message: type: string detail: type: object description: Details structure for additional information about the error if available. Content and structure will be error specific. Application: description: A representation of an SLDC application type: object properties: application_id: type: string description: The id of the application name: type: string description: The name of the application. This is a unique field per account description: type: string description: The description of the application application_versions: description: List of versions associated with application $ref: '#/definitions/ApplicationVersionList' created_at: type: string description: RFC 3339 formatted UTC timestamp when the application was created format: date-time example: 2020-10-20 01:20:11.378022+00:00 last_updated: type: string description: RFC 3339 formatted UTC timestamp when the application was last updated format: date-time example: 2020-10-20 01:20:11.378022+00:00 ApplicationList: type: array description: List of applications items: $ref: '#/definitions/Application' ApplicationVersion: description: A representation of an SLDC application type: object required: - version_name properties: application_version_id: type: string description: The id of the application version application_id: type: string description: The id of the application version_name: type: string description: The name of the application version. The name must be unique per application created_at: type: string description: RFC 3339 formatted UTC timestamp when the application was created format: date-time example: 2020-10-20 01:20:11.378022+00:00 last_updated: type: string description: RFC 3339 formatted UTC timestamp when the application was last updated format: date-time example: 2020-10-20 01:20:11.378022+00:00 ApplicationVersionList: type: array description: List of application versions items: $ref: '#/definitions/ApplicationVersion' ApplicationVersionSbom: description: A combined sbom for the artifacts associated with an application version type: object properties: application: $ref: '#/definitions/Application' application_version: $ref: '#/definitions/ApplicationVersion' created_at: type: string description: RFC 3339 formatted UTC timestamp when the application version sbom was created format: date-time example: 2020-10-20 01:20:11.378022+00:00 source_sboms: type: array items: type: object image_sboms: type: array items: type: object ApplicationVersionVulnerabilityReport: description: A combined vulnerability report for all artifacts associated with an application version type: object properties: application: type: object properties: id: type: string name: type: string version_name: type: string version_id: type: string artifacts: type: object properties: sources: type: array items: $ref: '#/definitions/VersionVulnerabilityReportSource' images: type: array items: $ref: '#/definitions/VersionVulnerabilityReportImage' vulnerabilities: description: Collection of vulnerabilities and affected packages on a given application version type: array items: $ref: '#/definitions/VersionVulnerability' ArchiveSummary: type: object description: A summarization of the available archives, a place to for long-term storage of audit, analysis, or other data to remove it from the system's working set but keep it available. properties: images: $ref: '#/definitions/AnalysisArchiveSummary' rules: $ref: '#/definitions/AnalysisArchiveRulesSummary' ArchiveTagEntry: type: object properties: pull_string: type: string description: The pullable string for the tag. E.g. "docker.io/library/node:latest" registry: type: string description: The registry hostname:port section of the pull string repository: type: string description: The repository section of the pull string tag: type: string description: The tag-only section of the pull string detected_at: type: string format: date-time description: The timestamp at which the Anchore Engine detected this tag was mapped to the image digest. Does not necessarily indicate when the tag was actually pushed to the registry. created_at: type: string format: date-time description: The timestamp at which Anchore Engine archived this image digest. last_updated: type: string format: date-time description: The timestamp that the last change was made to this record. description: A docker-pullable tag value as well as deconstructed components ArchivedAnalyses: type: array description: List of archived analyses items: $ref: '#/definitions/ArchivedAnalysis' ArchivedAnalysis: type: object properties: image_digest: type: string description: The image digest (digest of the manifest describing the image, per docker spec) parent_digest: type: string description: The digest of a parent manifest (for manifest-list images) annotations: type: object description: User provided annotations as key-value pairs status: description: The archival status type: string enum: - archiving - archived - deleting - deleted image_detail: description: List of tags associated with the image digest type: array items: $ref: '#/definitions/ArchiveTagEntry' created_at: type: string format: date-time last_updated: type: string format: date-time analyzed_at: type: string format: date-time archive_size_bytes: type: integer description: The size, in bytes, of the analysis archive file ArtifactAssociationMetadata: description: Metadata for an artifact association to an application version type: object properties: association_id: type: string description: The id of the association between the application version and the artifact created_at: type: string description: RFC 3339 formatted UTC timestamp when the artifact was associated with the application version format: date-time example: 2020-10-20 01:20:11.378022+00:00 last_updated: type: string description: RFC 3339 formatted UTC timestamp when the artifact association was last updated format: date-time example: 2020-10-20 01:20:11.378022+00:00 ArtifactAssociationRequest: description: Request body for an artifact to associate with an application version type: object required: - artifact_type - artifact_keys properties: artifact_type: type: string description: The type of the artifact enum: - image - source artifact_keys: type: object description: A json with key-pair values to query on ArtifactAssociationResponse: description: Response body for an artifact to associate with an application version. Only one artifact type (matching the value of the type field) will be populated. type: object properties: source: $ref: '#/definitions/Source' image: $ref: '#/definitions/ImageArtifact' artifact_association_metadata: $ref: '#/definitions/ArtifactAssociationMetadata' ArtifactListResponse: description: The response provided when querying for the artifacts on an application version type: object properties: associated_source_artifacts: type: array items: $ref: '#/definitions/AssociatedSourceArtifact' associated_image_artifacts: type: array items: $ref: '#/definitions/AssociatedImageArtifact' ArtifactReference: type: object properties: artifact_id: type: string artifact_type: $ref: '#/definitions/ArtifactType' ArtifactRelationship: type: object description: 'A relationship of a specific type between two SDLC artifacts (e.g. container image and source revision). This is and edge in a directed graph where edges are directional from the "source" to the "target". For example, an edge of type "contains" means the source artifact contains the content of the target artifact. ' properties: created_at: type: string format: date-time source: $ref: '#/definitions/ArtifactReference' target: $ref: '#/definitions/ArtifactReference' relationship_type: $ref: '#/definitions/RelationshipType' comment: type: string user_metadata: type: object description: User-provided metadata about the relationship ArtifactRelationships: type: array description: List of artifact relationships items: $ref: '#/definitions/ArtifactRelationship' ArtifactType: type: string enum: - source - image AssociatedImageArtifact: description: Model for an associated image artifact. Composites the artifact with the association metadata type: object properties: artifact_association_metadata: $ref: '#/definitions/ArtifactAssociationMetadata' image: $ref: '#/definitions/ImageArtifact' AssociatedSourceArtifact: description: Model for an associated source artifact. Composite of the source artifact and its asssociation metadata type: object properties: artifact_association_metadata: $ref: '#/definitions/ArtifactAssociationMetadata' source: $ref: '#/definitions/Source' BaseNotificationData: type: object description: Every notification has a payload, which follows this basic structure properties: notification_user: type: string notification_user_email: type: string notification_type: type: string CVSSV2Scores: type: object properties: base_score: type: number x-nullable: true exploitability_score: type: number x-nullable: true impact_score: type: number x-nullable: true CVSSV3Scores: type: object properties: base_score: type: number x-nullable: true exploitability_score: type: number x-nullable: true impact_score: type: number x-nullable: true ComplianceResource: description: A resource that ties compliance related artifacts - image digest, tag and policy type: object properties: image_digest: type: string policy_id: type: string image_tag: type: string registry: type: string repository: type: string evaluation_id: type: string evaluated_at: type: string format: date-time ComplianceViolationAlert: description: Alert raised by the system on a compliance check failure type: object properties: uuid: type: string description: Identifier for the alert example: 56c2463b-49e5-49d7-b9a4-0c5c78faec6e type: type: string description: Type of alert generated enum: - compliance_violation example: compliance_violation state: type: string description: Current state of the alert enum: - open - closed example: open resource: $ref: '#/definitions/ComplianceResource' closed_by: type: string description: Account that closed the alert example: system closed_reason: type: string description: Reason for closing the alert example: closed by action plan id created_at: type: string description: RFC 3339 formatted UTC timestamp when the alert was generated format: date-time example: 2020-10-20 01:20:11.378022+00:00 last_updated: type: string description: RFC 3339 formatted UTC timestamp when the alert was last modified format: date-time example: 2020-10-20 01:20:11.378022+00:00 compliance_status_reason: type: string description: Reason for compliance check status. Compliance check could fail due to policy evaluation or denylisting or errors evaluating compliance example: policy_evaluation violations_count: type: integer description: Number of STOP action results in the compliance check report ComplianceViolationAlertList: type: array description: Array of compliance violation alerts items: $ref: '#/definitions/ComplianceViolationAlert' ComplianceViolationAlertState: type: object description: State change for an existing ComplianceViolationAlert required: - state properties: state: type: string description: The new state of the compliance violation alert enum: - open - closed ContentFilesResponse: type: object description: File content listings from images properties: image_digest: type: string content_type: type: string content: type: array items: type: object properties: filename: type: string gid: type: integer linkdest: type: string x-nullable: true mode: type: string sha256: type: string x-nullable: true size: type: integer type: type: string uid: type: integer ContentJAVAPackageResponse: type: object description: Java package content listings from images properties: image_digest: type: string content_type: type: string content: type: array items: type: object properties: package: type: string implementation-version: type: string specification-version: type: string maven-version: type: string location: type: string type: type: string origin: type: string cpes: type: array items: type: string description: A list of Common Platform Enumerations that may uniquely identify the package purl: type: string ContentMalwareResponse: type: object description: Malware listing response properties: image_digest: type: string content_type: type: string content: description: List of malware scan results, one per scanner configured to run type: array items: $ref: '#/definitions/MalwareScan' ContentPackageResponse: type: object description: Package content listings from images properties: image_digest: type: string content_type: type: string content: type: array items: type: object properties: package: type: string version: type: string size: type: string type: type: string origin: type: string licenses: type: array items: type: string location: type: string cpes: type: array items: type: string description: A list of Common Platform Enumerations that may uniquely identify the package metadata_type: description: The type of the metadata entry type: string metadata: description: Package type specific metadata type: object purl: type: string Correction: type: object description: Defines a correction object for false positive management required: - type - match - replace properties: uuid: type: string description: Identifier for the correction example: 56c2463b-49e5-49d7-b9a4-0c5c78faec6e type: type: string description: Type of correction enum: - package description: type: string match: $ref: '#/definitions/CorrectionMatch' replace: type: array items: $ref: '#/definitions/CorrectionFieldMatch' created_at: type: string description: RFC 3339 formatted UTC timestamp when the correction was generated format: date-time example: 2020-10-20 01:20:11.378022+00:00 last_updated: type: string description: RFC 3339 formatted UTC timestamp when the correction was last modified format: date-time example: 2020-10-20 01:20:11.378022+00:00 CorrectionFieldMatch: type: object description: Defines a particular field name and value to match for a Correction required: - field_name - field_value properties: field_name: type: string description: The package field name to match example: name field_value: type: string description: The package field value for the corresponding field_name above to match. If field_name corresponds to a list value, this will search the list CorrectionList: type: array description: Array of Corrections items: $ref: '#/definitions/Correction' CorrectionMatch: type: object description: Defines how a particular correction can match depending on type required: - type properties: type: type: string description: type of match [supports os, npm, gem, python, java, go] example: npm field_matches: type: array description: list of field matches that are required in order for this correction to match items: $ref: '#/definitions/CorrectionFieldMatch' CredentialList: type: array items: $ref: '#/definitions/AccessCredential' CustomJsonPatch: type: object description: Anchore-specific adaptation of RFC6902 to be describeable in swagger/open-api 2.0. Each item is given an ID and the ids are ordered in the array. properties: operations: $ref: '#/definitions/JsonPatchOperationList' add: $ref: '#/definitions/JsonPatchAddList' remove: $ref: '#/definitions/JsonPatchRemoveList' replace: $ref: '#/definitions/JsonPatchReplaceList' move: $ref: '#/definitions/JsonPatchMoveList' copy: $ref: '#/definitions/JsonPatchCopyList' test: $ref: '#/definitions/JsonPatchTestList' DeleteImageResponse: type: object description: Image deletion response containing status and details required: - image_digest - status properties: image_digest: type: string status: type: string description: Current status of the image deletion enum: - not_found - deleting - delete_failed detail: type: string DeleteImageResponseList: type: array description: A list of delete image responses items: $ref: '#/definitions/DeleteImageResponse' ECSContainers: type: object description: Containers defined in ECS properties: containers: type: array items: type: object required: - arn - task_arn - account_name - context - image_tag - image_digest properties: arn: type: string task_arn: type: string account_name: type: string context: type: string image_tag: type: string image_digest: type: string ECSInventory: type: object required: - cluster_arn - timestamp properties: cluster_arn: type: string timestamp: type: string format: date-time tasks: type: array x-nullable: true items: type: object required: - arn properties: arn: type: string service_arn: type: string task_definition_arn: type: string tags: type: object additionalProperties: type: string containers: type: array items: type: object required: - arn - image_tag properties: arn: type: string task_arn: type: string image_tag: type: string image_digest: type: string services: type: array x-nullable: true items: required: - arn properties: arn: type: string tags: type: object additionalProperties: type: string ECSServices: type: object description: Services defined in ECS properties: services: type: array items: type: object required: - arn - cluster_arn - tags - account_name properties: arn: type: string cluster_arn: type: string tags: type: object additionalProperties: type: string account_name: type: string ECSTasks: type: object description: Tasks defined in ECS properties: tasks: type: array items: type: object required: - arn - cluster_arn - service_arn - task_definition_arn - tags - account_name properties: arn: type: string cluster_arn: type: string service_arn: type: string task_definition_arn: type: string tags: type: object additionalProperties: type: string account_name: type: string EventCategory: type: object description: A collection of event subcategories properties: category: type: string description: type: string subcategories: type: array items: $ref: '#/definitions/EventSubcategory' EventDescription: type: object description: A description of an event type properties: name: type: string description: The event type. The last component of the fully-qualified event_type (category.subcategory.event) type: type: string description: The fully qualified event type as would be seen in the event payload message: type: string description: The message associated with the event type resource_type: type: string description: The type of resource this event is generated from EventResponse: type: object description: A record of occurrence of an asynchronous event triggered either by system or by user activity properties: event_id: type: string created_at: type: string format: date-time event: type: object properties: source: type: object properties: service_name: type: string host_id: type: string base_url: type: string request_id: type: string resource: type: object properties: account_name: type: string id: type: string type: type: string type: type: string category: type: string level: type: string message: type: string details: type: object timestamp: type: string format: date-time example: event_id: b4cf3559e6f64077a7e335225f0945fb event: source: service_name: catalog host_id: anchore-quickstart base_url: http://catalog:8228 resource: id: http://policy-engine:8228 type: service account_name: admin type: system.service.state_transition.orphaned level: error message: Service orphaned details: {} EventSubcategory: type: object description: A collection of events related to each other properties: name: type: string description: type: string events: type: array items: $ref: '#/definitions/EventDescription' EventTypesList: type: array description: Array of EventCategory objects items: $ref: '#/definitions/EventCategory' EventsList: type: object description: Response envelope for paginated listing of events properties: results: description: List of events type: array items: $ref: '#/definitions/EventResponse' next_page: description: Boolean flag, True indicates there are more events and False otherwise type: boolean item_count: description: Number of events in this page type: integer page: description: Page number of this result set type: integer FeedGroupMetadata: type: object properties: name: type: string created_at: type: string format: date-time last_sync: type: string format: date-time record_count: type: integer enabled: type: boolean description: If group is enabled FeedMetadata: type: object description: Metadata on a single feed based on what the engine finds from querying the endpoints properties: name: type: string description: name of the feed created_at: type: string format: date-time description: Date the metadata record was created in engine (first seen on source) updated_at: type: string format: date-time description: Date the metadata was last updated groups: type: array items: $ref: '#/definitions/FeedGroupMetadata' last_full_sync: type: string format: date-time enabled: type: boolean description: If feed is enabled FeedSyncResult: description: The result of a sync of a single feed type: object properties: feed: type: string description: The name of the feed synced status: type: string description: The result of the sync operations, either co enum: - success - failure total_time_seconds: type: number description: The duration, in seconds, of the sync of the feed, the sum of all the group syncs groups: type: array description: Array of group sync results items: $ref: '#/definitions/GroupSyncResult' FeedSyncResults: description: An array of feed sync summaries representing the result of an explicit feed sync operation type: array items: $ref: '#/definitions/FeedSyncResult' FileContentSearchList: type: array description: Simple array of RetrievedFileMetadata objects items: $ref: '#/definitions/FileContentSearchResult' FileContentSearchResult: type: object description: The retrieved file entry including content (b64 encoded) properties: path: type: string matches: type: array items: $ref: '#/definitions/RegexContentMatch' GateSpec: type: object description: A description of the set of gates available in this engine and the triggers and parameters supported properties: name: type: string description: Gate name, as it would appear in a policy document description: type: string description: Description of the gate supported_artifact_type: type: string enum: - image - source state: type: string description: State of the gate and transitively all triggers it contains if not 'active' enum: - active - deprecated - eol superseded_by: type: string x-nullable: true description: The name of another trigger that supersedes this on functionally if this is deprecated triggers: type: array description: List of the triggers that can fire for this Gate items: $ref: '#/definitions/TriggerSpec' GateSpecList: type: array items: $ref: '#/definitions/GateSpec' GenericNotificationPayload: type: object description: Parent class for Notification Payloads properties: account_name: type: string subscription_key: type: string subscription_type: type: string notification_id: type: string GroupSyncResult: type: object properties: group: type: string description: The name of the group status: type: string enum: - success - failure updated_image_count: type: integer description: The number of images updated by the this group sync, across all accounts. This is typically only non-zero for vulnerability feeds which update images' vulnerability results during the sync. updated_record_count: type: integer description: The number of feed data records synced down as either updates or new records total_time_seconds: type: number description: The duration of the group sync in seconds ImageAnalysisReferences: type: array description: List of image digests to archive items: type: string description: Image digest ImageAnalysisRequest: type: object description: A request to add an image to be watched and analyzed by the engine. properties: image_type: type: string description: Optional. The type of image this is adding, defaults to "docker". annotations: type: object description: Annotations to be associated with the added image in key/value form source: $ref: '#/definitions/ImageSource' ImageAncestor: type: object description: An summary of an image and it's layers. properties: image_digest: type: string description: The digest of the image example: sha256:55cffbd26dbe2e79252dd3283b1adef4459441e7b4fc2fe5ccd2bd5b52670474 tags: type: array items: type: string description: Full tag reference that is known at any time previously for the digest. example: docker.io/library/node:latest layers: type: array description: The full set of layers for this image items: type: string description: The layer ID example: sha256:03810167880e863d81dc60fc7771c975b93dfdf982d5677fb2c23d11b02c644b ImageAncestry: type: array description: Array of ancestor objects. Sorted by the length of the layers array in each entry, effectively returning them in increasing order of number of common layers. items: $ref: '#/definitions/ImageAncestor' ImageArtifact: description: Model for an image artifact type: object properties: account_name: type: string description: The account name image_digest: type: string description: The digest of the image distro: type: string description: The distro of the image distro_version: type: string description: The distro version of the image analysis_status: type: string description: the analysis status of image image_status: type: string description: The status of the image analyzed_at: type: string description: RFC 3339 formatted UTC timestamp when the image was analyzed format: date-time example: 2020-10-20 01:20:11.378022+00:00 created_at: type: string description: RFC 3339 formatted UTC timestamp when the image was created format: date-time example: 2020-10-20 01:20:11.378022+00:00 last_updated: type: string description: RFC 3339 formatted UTC timestamp when the image was last updated format: date-time example: 2020-10-20 01:20:11.378022+00:00 ImageContent: type: object description: A metadata content record for a specific image, containing different content type entries ImageDetail: type: object description: A metadata detail record for a specific image. Multiple detail records may map a single catalog image. properties: created_at: type: string format: date-time last_updated: type: string format: date-time full_tag: description: Full docker-pullable tag string referencing the image type: string full_digest: description: Full docker-pullable digest string including the registry url and repository necessary get the image type: string account_name: type: string image_id: type: string registry: type: string repo: type: string dockerfile: type: string x-nullable: true image_digest: type: string description: The parent Anchore Image record to which this detail maps ImageImportContentResponse: type: object properties: digest: type: string created_at: type: string format: date-time ImageImportContentSearch: required: - location - content_searches properties: location: $ref: '#/definitions/ImportPackageLocation' content_searches: items: $ref: '#/definitions/ImportContentSearchElement' type: array ImageImportContentSearchList: type: array description: Array of ImageImportContentSearch objects items: $ref: '#/definitions/ImageImportContentSearch' ImageImportFileContent: required: - location - contents properties: location: $ref: '#/definitions/ImportPackageLocation' contents: type: string ImageImportFileContentList: type: array description: Array of ImageImportFileContent objects items: $ref: '#/definitions/ImageImportFileContent' ImageImportFileCoordinate: type: object properties: path: type: string description: The path on the filesystem of the file within the given layer layerID: type: string description: The image layer in which the file was found ImageImportManifest: x-nullable: true type: object required: - tags - contents - digest - operation_uuid properties: contents: $ref: '#/definitions/ImportContentDigests' tags: type: array items: type: string description: Full docker reference tags example: docker.io/library/nginx:latest digest: type: string parent_digest: type: string description: The digest of the image's manifest-list parent if it was accessed from a multi-arch tag where the tag pointed to a manifest-list. This allows preservation of that relationship in the data local_image_id: type: string description: An "image_id" as used by Docker if available operation_uuid: type: string ImageImportOperation: type: object description: An import record, creating a unique identifier for referencing the operation as well as its state properties: uuid: type: string status: type: string enum: - pending - queued - processing - complete - failed - expired expires_at: type: string format: date-time created_at: type: string format: date-time ImageImports: type: array items: $ref: '#/definitions/ImageImportOperation' ImagePackageManifest: required: - artifacts - source - distro properties: artifacts: items: $ref: '#/definitions/ImportPackage' type: array source: $ref: '#/definitions/ImportSource' distro: $ref: '#/definitions/ImportDistribution' descriptor: $ref: '#/definitions/ImportDescriptor' schema: $ref: '#/definitions/ImportSchema' artifactRelationships: items: $ref: '#/definitions/ImportPackageRelationship' type: array files: items: $ref: '#/definitions/ImportFile' type: array additionalProperties: true type: object ImagePackageVulnerability: allOf: - $ref: '#/definitions/PackageVulnerability' - type: object properties: inherited_from_base: type: boolean description: True if the vulnerable artifact is found in the base image. False otherwise ImagePackageVulnerabilityResponse: description: envelope containing list of vulnerabilities type: object properties: image_digest: type: string base_digest: type: string vulnerability_type: type: string vulnerabilities: type: array description: List of Vulnerability objects items: $ref: '#/definitions/ImagePackageVulnerability' ImageRef: type: object description: A reference to an image required: - type - value additionalProperties: false properties: type: enum: - tag - digest - id value: type: string ImageReference: type: object properties: image_digest: type: string description: The image digest image_id: type: string description: The image id if available analyzed_at: type: string description: Timestamp, in rfc3339 format, indicating when the image state became 'analyzed' in Anchore Engine. tag_history: type: array items: $ref: '#/definitions/TagEntry' description: A summary of an image identity, including digest, id (if available), and any tags known to have ever been mapped to the digest ImageSelectionRule: type: object required: - id - name - registry - repository - image additionalProperties: false properties: id: type: string name: type: string registry: type: string repository: type: string image: $ref: '#/definitions/ImageRef' description: type: string description: Description of the Allowlist or Denylist image match, human readable ImageSelector: description: A set of selection criteria to match an image by a tagged pull string based on its components, with regex support in each field type: object properties: registry: type: string description: The registry section of a pull string. e.g. with "docker.io/anchore/anchore-engine:latest", this is "docker.io" repository: type: string description: The repository section of a pull string. e.g. with "docker.io/anchore/anchore-engine:latest", this is "anchore/anchore-engine" tag: type: string description: The tag-only section of a pull string. e.g. with "docker.io/anchore/anchore-engine:latest", this is "latest" ImageSource: type: object description: A set of analysis source types. Only one may be set in any given request. properties: tag: $ref: '#/definitions/RegistryTagSource' digest: $ref: '#/definitions/RegistryDigestSource' archive: $ref: '#/definitions/AnalysisArchiveSource' import: $ref: '#/definitions/ImageImportManifest' ImageWithPackages: type: object properties: image: $ref: '#/definitions/ImageReference' packages: type: array items: $ref: '#/definitions/PackageReference' description: An image record that contains packages ImportContentDigestList: type: array items: type: string description: String digest of an uploaded content ImportContentDigests: type: object required: - packages - manifest - image_config description: Digest of content to use in the final import properties: packages: type: string description: Digest to use for the packages content image_config: type: string description: Digest for reference content for image config manifest: type: string description: Digest to reference content for the image manifest parent_manifest: type: string description: Digest for reference content for parent manifest dockerfile: type: string description: Digest for reference content for dockerfile secret_searches: type: string description: Digest for reference content for secret search results content_searches: type: string description: Digest for reference content for content search results file_contents: type: string description: Digest for reference content for file retrieve content ImportContentSearchElement: required: - classification - line_number - line_offset - seek_position - length properties: classification: type: string line_number: type: integer line_offset: type: integer seek_position: type: integer length: type: integer ImportDescriptor: required: - name - version properties: name: type: string version: type: string additionalProperties: true type: object ImportDistribution: properties: name: type: string x-nullable: true id: type: string x-nullable: true version: type: string x-nullable: true versionID: type: string x-nullable: true idLike: {} additionalProperties: true type: object ImportFile: required: - id - location properties: id: type: string description: Unique identifier within the sbom for the file for other elements in the sbom to reference location: $ref: '#/definitions/ImageImportFileCoordinate' metadata: type: object description: File metadata such as mode, size, etc. This is populated by anchorectl analysis but is not available in older syft-generated SBOMs digests: type: array items: $ref: '#/definitions/ImportFileDigest' additionalProperties: true type: object ImportFileDigest: required: - algorithm - value properties: algorithm: type: string value: type: string type: object ImportPackage: required: - name - version - type - locations - licenses - language - cpes properties: id: type: string name: type: string version: type: string type: type: string foundBy: type: string locations: items: $ref: '#/definitions/ImportPackageLocation' type: array licenses: items: {} type: array language: type: string cpes: items: type: string type: array purl: type: string metadataType: type: string x-nullable: true metadata: type: object x-nullable: true additionalProperties: true type: object ImportPackageLocation: required: - path properties: path: type: string layerID: type: string additionalProperties: true type: object ImportPackageRelationship: required: - parent - child - type properties: parent: type: string child: type: string type: type: string metadata: additionalProperties: true type: object additionalProperties: true type: object ImportSchema: required: - version - url properties: version: type: string url: type: string additionalProperties: true type: object ImportSource: required: - type - target properties: type: type: string target: additionalProperties: true additionalProperties: true type: object InventoryItem: type: object description: Inventory result for a specific Namespace properties: inventory_type: type: string context: type: string image_tag: type: string image_digest: type: string created_at: type: string format: date-time last_updated: type: string format: date-time last_seen: type: string format: date-time InventoryItems: type: object description: Inventory report for Images in Use properties: items: type: array items: $ref: '#/definitions/InventoryItem' JsonPatchAdd: type: object description: The 'add' operation per RFC6902 required: - op - path - value properties: id: type: string description: Operation ID, referenced for ordering in the op: type: string enum: - add path: $ref: '#/definitions/JsonPointer' value: description: A valid json value, can be any valid json type JsonPatchAddList: type: array items: $ref: '#/definitions/JsonPatchAdd' JsonPatchCopy: type: object description: The 'copy' operation per RFC6902 required: - op - path - from properties: id: type: string description: Operation ID, referenced for ordering in the op: type: string enum: - copy path: $ref: '#/definitions/JsonPointer' from: $ref: '#/definitions/JsonPointer' JsonPatchCopyList: type: array items: $ref: '#/definitions/JsonPatchCopy' JsonPatchMove: type: object description: The 'move' operation per RFC6902 required: - op - path - from properties: id: type: string description: Operation ID, referenced for ordering in the op: type: string enum: - move path: $ref: '#/definitions/JsonPointer' from: $ref: '#/definitions/JsonPointer' JsonPatchMoveList: type: array items: $ref: '#/definitions/JsonPatchMove' JsonPatchOperationList: type: array description: Ordered list of the operations in the type-specific lists. This imparts the total ordering of patches to apply such that they can be moved into a single array. This is a workaround for 'oneOf' support in OpenAPI 2.0 items: type: string description: Operation ID, must be found in the add, remove, replace, move, copy, or test list JsonPatchRemove: type: object description: The 'remove' operation per RFC6902 required: - op - path properties: id: type: string description: Operation ID, referenced for ordering in the op: type: string enum: - remove path: $ref: '#/definitions/JsonPointer' JsonPatchRemoveList: type: array items: $ref: '#/definitions/JsonPatchRemove' JsonPatchReplace: type: object description: The 'replace' operation per RFC6902 required: - op - path - value properties: id: type: string description: Operation ID, referenced for ordering in the op: type: string enum: - replace path: $ref: '#/definitions/JsonPointer' value: description: A valid json value, can be any valid json type JsonPatchReplaceList: type: array items: $ref: '#/definitions/JsonPatchReplace' JsonPatchTest: type: object description: The 'test' operation per RFC6902 required: - op - path - value properties: id: type: string description: Operation ID, referenced for ordering in the op: type: string enum: - test path: $ref: '#/definitions/JsonPointer' value: description: Expected value for test JsonPatchTestList: type: array items: $ref: '#/definitions/JsonPatchTest' JsonPointer: type: string description: A JSONPointer per RFC6901 pattern: ^(/[^/~]*(~[01][^/~]*)*)*$ KubernetesContainers: type: object description: Containers defined in Kubernetes properties: containers: type: array items: type: object required: - id - pod_id - account_name - context - image_tag - image_digest - name properties: id: type: string name: type: string pod_id: type: string account_name: type: string context: type: string image_tag: type: string image_digest: type: string KubernetesInventory: type: object required: - cluster_name - timestamp properties: cluster_name: type: string timestamp: type: string format: date-time namespaces: type: array items: type: object required: - uid - name properties: uid: $ref: '#/definitions/UUID' name: type: string labels: type: object additionalProperties: type: string annotations: type: object additionalProperties: type: string nodes: type: array items: type: object required: - uid - name properties: uid: $ref: '#/definitions/UUID' name: type: string labels: type: object additionalProperties: type: string annotations: type: object additionalProperties: type: string kernel_version: type: string kubernetes_version: type: string arch: type: string container_runtime_version: type: string kube_proxy_version: type: string kubelet_version: type: string operating_system: type: string pods: type: array items: type: object required: - uid - name - namespace_uid properties: uid: type: string name: type: string namespace_uid: $ref: '#/definitions/UUID' node_uid: $ref: '#/definitions/UUID' labels: type: object additionalProperties: type: string annotations: type: object additionalProperties: type: string containers: type: array items: type: object required: - id - name - image_tag - pod_uid properties: id: type: string name: type: string image_tag: type: string pattern: ^(?!\s*$).+ image_digest: type: string pod_uid: $ref: '#/definitions/UUID' KubernetesNamespace: type: object required: - uid - name - labels - annotations properties: uid: type: string name: type: string labels: type: object additionalProperties: type: string annotations: type: object additionalProperties: type: string last_seen: type: string KubernetesNamespaces: type: object description: Namespaces defined in Kubernetes properties: namespaces: type: array items: $ref: '#/definitions/KubernetesNamespace' KubernetesNode: type: object required: - uid - name - labels - annotations properties: uid: type: string name: type: string labels: type: object additionalProperties: type: string annotations: type: object additionalProperties: type: string last_seen: type: string KubernetesNodes: type: object description: Nodes defined in Kubernetes properties: namespaces: type: array items: $ref: '#/definitions/KubernetesNode' KubernetesPod: type: object required: - id - name - account_name - labels - annotations properties: id: type: string name: type: string account_name: type: string labels: type: object additionalProperties: type: string annotations: type: object additionalProperties: type: string node_id: type: string namespace_id: type: string last_seen: type: string KubernetesPods: type: object description: Pods defined in Kubernetes properties: namespaces: type: array items: $ref: '#/definitions/KubernetesPod' LocalAnalysisSource: type: object properties: digest: type: string MalwareScan: description: A single scan from a scanner type: object properties: enabled: type: boolean description: Indicates if the scanner is enabled scanner: type: string description: The name of the scanner that produced the finding metadata: type: object description: Open schema for scanner-specific metadata related to the scan result findings: type: array items: type: object properties: path: type: string description: A path for a file in the image's rootfs signature: type: string description: The malware signature found at the path MappingRule: type: object required: - id - name - allowlist_ids - rule_set_ids - registry - repository - image additionalProperties: false properties: id: type: string name: type: string allowlist_ids: type: array items: type: string rule_set_ids: type: array description: List of rule_set_ids to evaluate in order, to completion items: type: string description: rule_set_id to evaluate registry: type: string repository: type: string image: $ref: '#/definitions/ImageRef' description: type: string description: Description of the image to policy mapping rule, human readable MetadataResponse: type: object description: Generic wrapper for metadata listings from images properties: image_digest: type: string metadata_type: type: string metadata: {} ModifiedPackage: type: object description: A combined modification record showing the source and target packages and the json patch to apply to the relationship-target object to result in the relationship-source package. Source and target are the packages from the respective sides of the relationship. properties: source: $ref: '#/definitions/Package' target: $ref: '#/definitions/Package' patch: $ref: '#/definitions/CustomJsonPatch' NativeSBOM: required: - artifacts - source - distro properties: artifacts: items: $ref: '#/definitions/NativeSBOMPackage' type: array source: $ref: '#/definitions/NativeSBOMSource' distro: $ref: '#/definitions/NativeSBOMDistribution' descriptor: $ref: '#/definitions/NativeSBOMDescriptor' schema: $ref: '#/definitions/NativeSBOMSchema' artifactRelationships: items: $ref: '#/definitions/NativeSBOMPackageRelationship' type: array additionalProperties: true type: object NativeSBOMDescriptor: required: - name - version properties: name: type: string version: type: string additionalProperties: true type: object NativeSBOMDistribution: properties: name: type: string x-nullable: true id: type: string x-nullable: true version: type: string x-nullable: true versionID: type: string x-nullable: true idLike: {} additionalProperties: true type: object NativeSBOMPackage: required: - name - version - type - locations - licenses - language - cpes properties: id: type: string name: type: string version: type: string type: type: string foundBy: type: string locations: items: $ref: '#/definitions/NativeSBOMPackageLocation' type: array licenses: items: {} type: array language: type: string cpes: items: type: string type: array purl: type: string metadataType: type: string x-nullable: true metadata: type: object x-nullable: true additionalProperties: true type: object NativeSBOMPackageLocation: required: - path properties: path: type: string layerID: type: string additionalProperties: true type: object NativeSBOMPackageRelationship: required: - parent - child - type properties: parent: type: string child: type: string type: type: string metadata: additionalProperties: true type: object additionalProperties: true type: object NativeSBOMSchema: required: - version - url properties: version: type: string url: type: string additionalProperties: true type: object NativeSBOMSource: required: - type - target properties: type: type: string target: additionalProperties: true additionalProperties: true type: object NotificationActionPlanNotificationPayload: allOf: - $ref: '#/definitions/NotificationSynchronousNotificationPayload' - type: object description: defines an action plan payload that can be sent synchronously properties: uuid: type: string image_tag: type: string image_digest: type: string bundle_id: type: string subject: type: string message: type: string NotificationApiErrorResponse: description: Generic HTTP API error response type: object properties: code: type: integer format: int32 error_type: type: string message: type: string detail: type: object description: Details structure for additional information about the error if available. Content and structure will be error specific. NotificationBase: type: object description: base object for Notifications (every notification has this basic structure) properties: queue_id: type: string account_name: type: string data_id: type: string created_at: type: integer last_updated: type: integer record_state_key: type: string default: active record_state_val: type: string x-nullable: true tries: type: integer max_tries: type: integer NotificationEndpoint: type: object properties: name: type: string description: the name of the endpoint enabled: type: boolean description: Is the endpoint enabled for use in the system. Affects all usage, including system-level if set to false. last_updated: type: string format: date-time description: The timestamp of the last change to the status NotificationEndpointConfiguration: description: Base schema that endpoint configurations extend type: object properties: uuid: type: string description: The instance identifier for the configuration description: type: string description: User friendly name or description for the configuration verify_tls: type: boolean description: Verify the cert if using tls for connecting externally. Defaults to true if not specified created_at: type: string format: date-time description: Timestamp for last modification to the record last_updated: type: string format: date-time description: Timestamp for last modification to the record NotificationEndpointEnabledStatus: type: object properties: enabled: type: boolean description: Is the endpoint enabled for use in the system. Affects all usage, including system-level if set to false. last_updated: type: string format: date-time description: The timestamp of the last change to the status NotificationEndpointList: type: array items: $ref: '#/definitions/NotificationEndpoint' NotificationEventSelector: type: object description: A selector of event properties required: - level - resource_type - type properties: level: type: string description: The level of the event to filter. '*' matches events of all levels. 'info' and 'error' match related events respectively enum: - '*' - info - error resource_type: type: string description: The type of resource to filter. '*' matches all resource types. Some examples of resource type are 'image_digest' or 'service' type: type: string description: 'The type of event to filter, using wildcards against type field of the event. Event types have a structured format ... Thus, ''*'' matches all types of events. ''system.*'' matches all system events, ''user.*'' matches events that are relevant to individual consumption, and omitting an asterisk will do an exact match. See the GET /event_types route definition in the engine''s external API for the list of event types. ' pattern: ^[a-z0-9-_.*]+$ NotificationGitHubEndpointConfiguration: description: Configuration for GitHub endpoint allOf: - $ref: '#/definitions/NotificationEndpointConfiguration' - type: object properties: url: type: string description: Github API endpoint, defaults to https://api.github.com if not specified pattern: https?://.* username: description: GitHub username for creating issues type: string access_token: description: Personal access token for the GitHub account type: string owner: description: Owner of the repository to create issues against type: string repository: description: Name of the repository to create issues against type: string milestone: description: Number of the milestone to associate with the issue type: integer labels: description: List of labels to associate with the issue type: array items: type: string assignees: description: List of user logins to assign to the issue. type: array items: type: string NotificationGitHubEndpointConfigurationList: description: List of GitHub endpoint configurations type: array items: $ref: '#/definitions/NotificationGitHubEndpointConfiguration' NotificationGitHubTestResult: type: object properties: status: type: string response: type: string NotificationJiraEndpointConfiguration: description: Configuration for jira endpoint allOf: - $ref: '#/definitions/NotificationEndpointConfiguration' properties: url: type: string description: Jira endpoint URL including host and port, should begin with 'http://' or 'https://' pattern: https?://.* username: description: Jira username for creating issues type: string password: description: Jira password for creating issues type: string project_key: description: Key of the Jira project for creating issues type: string issue_type: description: Type associated with the issue type: string priority: description: Priority assigned to the issue type: string assignee: description: Jira user to associate with the issue type: string labels: description: List of labels to associate with the issue type: array items: type: string NotificationJiraEndpointConfigurationList: description: List of jira endpoint configurations type: array items: $ref: '#/definitions/NotificationJiraEndpointConfiguration' NotificationJiraTestResult: type: object properties: status: type: string response: type: string NotificationOperationalStatus: description: Operational status for a specific notification endpoint configuration type: object properties: status: type: string enum: - unknown - healthy - unhealthy NotificationSMTPEndpointConfiguration: description: Configuration for email via smtp endpoint allOf: - $ref: '#/definitions/NotificationEndpointConfiguration' - type: object required: - host - port - from - to properties: host: type: string port: type: integer username: type: string password: type: string use_tls: type: boolean description: Encrypt the SMTP connection with TLS. Defaults to true from: type: string description: The from address to use for emails send by this configuration to: type: string description: The address to which the emails are sent NotificationSMTPEndpointConfigurationList: description: List of email via smtp endpoint configurations type: array items: $ref: '#/definitions/NotificationSMTPEndpointConfiguration' NotificationSMTPTestResult: type: object properties: status: type: string response: type: string NotificationSelector: type: object description: A selector for notifications that determines which notifications are passed to a specific endpoint configuration required: - scope - event properties: uuid: type: string configuration_uuid: description: UUID of the endpoint configuration bound to this selector type: string scope: type: string description: The scope to filter events. 'global' scope encompasses all the events in the system, only the admin account can request this selector scope. 'account' covers events scoped to a specific account. enum: - global - account event: $ref: '#/definitions/NotificationEventSelector' NotificationSelectorList: type: array items: $ref: '#/definitions/NotificationSelector' NotificationServiceVersion: type: object description: Version information for a service properties: service: type: object properties: version: type: string description: Semantic Version string of the service implementation api: type: object description: Api Version string properties: version: type: string description: Semantic version of the api db: type: object properties: schema_version: type: string description: Semantic version of the db schema engine: type: object properties: version: type: string description: Version of the installed engine library db: type: string description: Version of the installed engine db schema NotificationSlackEndpointConfiguration: description: Configuration for slack endpoint allOf: - $ref: '#/definitions/NotificationEndpointConfiguration' - type: object required: - url properties: url: type: string description: url to POST to, including any query parameters, should begin with 'http://' or 'https://' pattern: https?://.* NotificationSlackEndpointConfigurationList: description: List of slack endpoint configurations type: array items: $ref: '#/definitions/NotificationSlackEndpointConfiguration' NotificationSlackTestResult: type: object properties: status: type: string response: type: string NotificationStatusResponse: type: object description: System status response properties: busy: type: boolean up: type: boolean message: type: string NotificationSynchronousNotificationPayload: type: object description: defines a notification payload that can be sent synchronously properties: type: type: string NotificationTeamsEndpointConfiguration: description: Configuration for MS Teams endpoint allOf: - $ref: '#/definitions/NotificationEndpointConfiguration' - type: object required: - url properties: url: type: string description: url to POST to, including any query parameters, should begin with 'http://' or 'https://' pattern: https?://.* NotificationTeamsEndpointConfigurationList: description: List of MS Teams endpoint configurations type: array items: $ref: '#/definitions/NotificationTeamsEndpointConfiguration' NotificationTeamsTestResult: type: object properties: status: type: string response: type: string NotificationWebhookEndpointConfiguration: description: Configuration for Webhook endpoint allOf: - $ref: '#/definitions/NotificationEndpointConfiguration' - type: object required: - url properties: url: type: string description: url to POST to, including any query parameters, should begin with 'http://' or 'https://' pattern: https?://.* username: type: string password: type: string verify_ssl: type: boolean description: Verify SSL certificates for HTTPS requests, disabled by default NotificationWebhookEndpointConfigurationList: description: List of Webhook endpoint configurations type: array items: $ref: '#/definitions/NotificationWebhookEndpointConfiguration' NotificationWebhookTestResult: type: object properties: status: type: string response: type: string NvdDataList: type: array description: List of Nvd Data objects items: $ref: '#/definitions/NvdDataObject' NvdDataObject: type: object properties: id: type: string description: NVD Vulnerability ID cvss_v2: $ref: '#/definitions/CVSSV2Scores' cvss_v3: $ref: '#/definitions/CVSSV3Scores' Package: type: object description: A normalized and simplified package that can represent any package type properties: name: type: string version: type: string release: type: string sourcepkg: type: string location: type: string origin: type: string size: type: integer licenses: type: array items: type: string metadata_type: description: The type of the metadata entry type: string metadata: description: Package type specific metadata type: object specification_version: type: string description: Spec version for java packages implementation_version: type: string description: Implementation version for java packages maven_version: type: string description: Maven version for java packages cpes: type: array description: List of CPE strings for this package items: type: string purl: type: string PackageReference: type: object properties: name: type: string description: Package name version: type: string description: A version for the package. If null, then references all versions x-nullable: true type: type: string description: Package type (e.g. package, rpm, deb, apk, jar, npm, gem, ...) will_not_fix: type: boolean description: Whether a vendor will or will not fix a vulnerability description: A record of a software item which is vulnerable or carries a fix for a vulnerability PackageVulnerability: type: object properties: vuln: type: string description: The vulnerability identifier, such as CVE-2017-100, or RHSA-2017123 fix: type: string description: The package containing a fix, if available severity: type: string description: The severity of the vulnerability package: type: string description: The package name and version that are vulnerable in the image url: type: string description: The url for more information about the vulnerability feed: type: string description: The name of the feed where vulnerability match was made feed_group: type: string description: The name of the feed group where vulnerability match was made package_name: type: string description: The name of the vulnerable package artifact package_version: type: string description: The version of the vulnerable package artifact package_type: type: string description: The type of vulnerable package package_cpe: type: string description: The CPE string (if applicable) describing the package to vulnerability match package_path: type: string description: The location (if applicable) of the vulnerable package in the container filesystem will_not_fix: type: boolean description: Whether a vendor will fix or not fix the vulnerability nvd_data: $ref: '#/definitions/NvdDataList' vendor_data: $ref: '#/definitions/VendorDataList' detected_at: type: string format: date-time description: When the vulnerability was detected PaginatedImageList: allOf: - $ref: '#/definitions/PaginationProperties' - type: object properties: images: type: array items: $ref: '#/definitions/ImageWithPackages' description: Pagination wrapped list of images that match some filter PaginatedVulnerabilityList: allOf: - $ref: '#/definitions/PaginationProperties' - type: object properties: vulnerabilities: type: array description: The listing of matching vulnerabilities for the query subject to pagination items: $ref: '#/definitions/StandaloneVulnerability' description: A paginated listing of vulnerability records sorted by ID in descending order PaginationProperties: type: object properties: page: type: string description: The page number returned (should match the requested page query string param) next_page: type: string description: True if additional pages exist (page + 1) or False if this is the last page returned_count: type: integer description: The number of items sent in this response description: Properties for common pagination handling to be included in any wrapping object that needs pagination elements Policy: description: A policy containing a rule-set, allowlists, and rules for mapping them to specific images type: object required: - id - name - version - rule_sets - mappings additionalProperties: false properties: id: type: string description: Id of the policy name: type: string description: Human readable name for the policy description: type: string description: Description of the policy, human readable version: type: string description: Version id for this policy format allowlists: description: Allowlists which define which policy matches to disregard explicitly in the final policy decision type: array items: $ref: '#/definitions/Allowlist' rule_sets: description: Collections of policy rules which define the go/stop/warn status of an image using rule matches on image properties type: array items: $ref: '#/definitions/RuleSet' source_mappings: description: Mapping rules for defining which policy and allowlist(s) to apply to a source based on a match of the host and repo name. Evaluated in order. type: array items: $ref: '#/definitions/SourceMappingRule' mappings: description: Mapping rules for defining which policy and allowlist(s) to apply to an image based on a match of the image tag or id. Evaluated in order. type: array items: $ref: '#/definitions/MappingRule' allowlisted_images: description: List of mapping rules that define which images should always be passed (unless also on the denylist), regardless of policy result. type: array items: $ref: '#/definitions/ImageSelectionRule' denylisted_images: description: List of mapping rules that define which images should always result in a STOP/FAIL policy result regardless of policy content or presence in allowlisted_images type: array items: $ref: '#/definitions/ImageSelectionRule' last_updated: type: number description: The time at which the policy was last updated, informational only PolicyEvalNotification: allOf: - $ref: '#/definitions/NotificationBase' - type: object description: The Notification Object definition for Policy Eval Notifications properties: data: $ref: '#/definitions/PolicyEvalNotificationData' PolicyEvalNotificationData: allOf: - $ref: '#/definitions/BaseNotificationData' - type: object properties: notification_payload: $ref: '#/definitions/PolicyEvalNotificationPayload' PolicyEvalNotificationPayload: allOf: - $ref: '#/definitions/GenericNotificationPayload' - type: object properties: curr_eval: type: object description: The Current Policy Evaluation result last_eval: type: object description: The Previous Policy Evaluation result annotations: type: object description: List of Corresponding Image Annotations x-nullable: true PolicyEvaluation: description: Evaluation response object type: object properties: policy_id: type: string description: The ID of the policy used to evaluate the image image_digest: type: string description: Image digest of the image being evaluated evaluated_tag: type: string description: Image tag used to evaluate policy for the given image evaluations: type: array description: List of policy evaluations. Always has at least one result, may contain multiple when the evaluation history is requested. items: type: object required: - evaluation_time - evaluation_problems - status - final_action - final_action_reason - image_allowlisted - image_denylisted - image_mapped_to_rule - number_of_findings properties: details: x-nullable: true type: object description: Contains additional details about the policy evaluation required: - policy - findings properties: policy: description: The policy used to evaluate the image $ref: '#/definitions/Policy' findings: type: array description: The detailed policy findings items: $ref: '#/definitions/PolicyEvaluationFinding' remediations: x-nullable: true type: array description: List of remediations for the findings items: $ref: '#/definitions/PolicyEvaluationRemediation' comparison_image_digest: x-nullable: true type: string description: Image digest of the base image used during policy evaluation evaluation_time: type: string format: date-time description: The date and time this policy evaluation was performed at evaluation_problems: type: array description: list of error objects indicating errors encountered during evaluation execution items: $ref: '#/definitions/PolicyEvaluationProblem' status: type: string description: The overall status of the policy evaluation enum: - fail - pass final_action: type: string description: The overall outcome of the evaluation. enum: - stop - go - warn final_action_reason: type: string description: The reason for the final result enum: - policy_evaluation - allowlisted - denylisted image_allowlisted: description: Whether the evaluated image matched an allowlist rule type: boolean matched_allowlisted_images_rule: x-nullable: true description: The allowlist rule that the image being evaluated matched against. $ref: '#/definitions/ImageSelectionRule' image_denylisted: description: Whether the evaluated image matched a denylist rule type: boolean matched_denylisted_images_rule: x-nullable: true description: The denylist rule that the image being evaluated matched against. $ref: '#/definitions/ImageSelectionRule' image_mapped_to_rule: description: Whether the evaluated image matched a policy rule type: boolean matched_mapping_rule: x-nullable: true description: The policy mapping rule that the image being evaluated matched against. $ref: '#/definitions/MappingRule' number_of_findings: type: integer description: Number of policy findings in the response PolicyEvaluationFinding: type: object required: - trigger_id - gate - trigger - message - action - policy_id - recommendation - rule_id - allowlisted properties: trigger_id: type: string description: ID of this policy trigger finding (can be used to allowlist this finding) gate: type: string description: Name of the gate that generated this finding trigger: type: string description: Name of the trigger that generated this finding message: type: string description: Description of the finding action: type: string description: The action associated with this finding enum: - go - stop - warn policy_id: type: string description: ID of the policy that this gate and trigger are a part of recommendation: type: string description: User provided details for resolving this finding rule_id: type: string description: ID of the policy rule that that generated this finding allowlisted: type: boolean description: Indicates if this finding was allowlisted or not allowlist_match: x-nullable: true type: object description: Details about (possible) allowlist match $ref: '#/definitions/PolicyEvaluationFindingAllowlistMatch' inherited_from_base: x-nullable: true type: boolean description: Indicates if this finding was found in the base image PolicyEvaluationFindingAllowlistMatch: type: object description: Details about (possible) allowlist match properties: id: type: string description: ID of the allowlist that matched this finding name: type: string description: Name of the allowlist that matched this finding matched_rule_id: type: string description: ID of the rule within the allowlist that matched this finding PolicyEvaluationProblem: type: object description: Details for an error or warning indicating a problem during policy evaluation required: - severity - problem_type - details properties: severity: type: string description: Severity of the policy evaluation problem. Problems with a severity of "error" prevent the policy from being evaluated, while severity "warn" indicates the policy was evaluated but the result may require additional attention. enum: - error - warn problem_type: type: string description: the type of problem encountered, such as a misconfiguration or unavailable data details: type: string description: Details about the problem itself and how to fix it PolicyEvaluationRemediation: type: object required: - suggestions - trigger_ids properties: suggestions: type: array description: Anchore generated options for resolving a finding items: type: object required: - message - preferred properties: message: type: string description: The suggestion for resolving a finding preferred: type: boolean description: Indicates whether this suggestion is recommended trigger_ids: type: array description: List of trigger IDs that these remediation suggestions apply to items: type: string PolicyList: type: array description: List of PolicyRecord objects items: $ref: '#/definitions/PolicyRecord' PolicyRecord: description: A policy plus some metadata type: object required: - policy_id - active - account_name - policy_source - name properties: created_at: type: string format: date-time last_updated: type: string format: date-time policy_id: type: string description: The policy's identifier active: type: boolean description: True if the policy is currently defined to be used automatically account_name: type: string description: UserId of the user that owns the policy policy_source: type: string description: Source location of where the policy originated policy: x-nullable: true $ref: '#/definitions/Policy' policy_meta: x-nullable: true type: object name: type: string description: Name of the policy description: type: string description: Description of the policy, human readable PolicyRule: type: object description: A rule that defines and decision value if the match is found true for a given image. required: - id - gate - trigger - action additionalProperties: false properties: id: type: string gate: type: string trigger: type: string action: enum: - GO - STOP - WARN description: type: string description: Description of the policy rule, human readable params: type: array items: type: object required: - name - value additionalProperties: false properties: name: type: string value: type: string recommendation: type: string RbacManagerAccountRole: type: object description: An account identifier and roles a user has within that account properties: for_account: type: string description: The account scope that applies to the set of roles roles: $ref: '#/definitions/RbacManagerRole' RbacManagerApiErrorResponse: description: Generic HTTP API error response type: object properties: code: type: integer format: int32 error_type: type: string message: type: string detail: type: object description: Details structure for additional information about the error if available. Content and structure will be error specific. RbacManagerPermission: type: object description: A grant of specific action against a specific scope and target properties: action: type: string description: The allowed action. e.g. getImage target: type: string description: The target to which the action may be applied. Either a '*' for all or a specific target id RbacManagerPermissionList: type: array items: $ref: '#/definitions/RbacManagerPermission' RbacManagerRole: type: object description: Role definition required: - name properties: name: type: string description: The name of the role description: type: string description: A role description for humans permissions: $ref: '#/definitions/RbacManagerPermissionList' immutable: type: boolean description: Are the permissions of this role modifiable by users (including admin users) created_at: type: string format: date-time description: The timestamp when the role was created last_updated: type: string format: date-time description: The timestamp of the last update to the role metadata itself RbacManagerRoleMember: type: object description: A mapping between a username and a role with an account context required: - username - for_account properties: username: type: string for_account: type: string created_at: type: string format: date-time RbacManagerRoleMemberList: type: array description: List of members of the role, may be filtered by the calling user's access level (e.g. will not display members for which the caller doesn't have listRoleMembers account access) items: $ref: '#/definitions/RbacManagerRoleMember' RbacManagerRoleMembership: type: object description: Membership for a role in an account properties: role: type: string description: The name of the role the user has permissions for for_account: type: array items: type: string description: The accounts for which the user has the role permission created_at: type: string format: date-time RbacManagerRoleSummary: type: object properties: name: type: string description: type: string created_at: type: string format: date-time RbacManagerRoleSummaryList: type: array items: $ref: '#/definitions/RbacManagerRoleSummary' RbacManagerSamlConfiguration: type: object description: A named configuration for interaction with an Identity Provider that supports SAML 2.0 required: - name - sp_entity_id - acs_url - enabled properties: name: type: string description: The name to use for referencing this IDP configuration. This will configured as part of the url string the Idp must have the client POST the saml assertion to. pattern: ^[a-zA-Z0-9_-]+$ enabled: type: boolean description: If this IDP configuration should be enabled for user logins sp_entity_id: type: string description: The entity ID for this SP. Can be the same for all IDP configurations in this installation or unique to each. This is typically a URL, but you can use any value as long as you also configure the IDP to expect this value. acs_url: type: string description: The URL the IDP can use to access the Assertion Consumer Service to provide the token for sso. This is the way to reach the rbac manager services /service/sso/auth/{IDP_name} route externally acs_https_port: type: integer description: The port number to use for https if not 443. If omitted or -1, 443 is assumed and used as a default idp_metadata_url: type: string description: The url where the SP (anchore) can retrieve the metadata about the Identity Provider. Only one of this or metadata_xml should be set. This is typically provided by the IDP. idp_metadata_xml: type: string description: The direct metadata xml payload, if a url is not available. Only one of this or metadata_url should be set. idp_username_attribute: type: string description: The SAML attribute to use from the response assertions to determine the anchore username. If unset, the subject is used. idp_account_attribute: type: string description: The SAML attribute to use from the response assertions to determine the anchore account to use. If unset, the default is used. idp_role_attribute: type: string description: The SAML attribute to use from the response assertions to determine the anchore role(s) to assign a new user in the specified account. If unset, the default is used. default_account: type: string description: The anchore account to assign all users to from this IDP if no account attribute is mapped or present. default_role: type: string description: The default role to apply to new users from this IDP if no attribute is mapped or found in the SAML assertions. require_signed_assertions: type: boolean description: Require assertions in to be signed from the IDP default: true require_signed_response: type: boolean description: Require the authn response to be signed by the IDP default: true created_at: type: string format: date-time last_updated: type: string format: date-time require_existing_users: type: boolean description: Indicates if Anchore will require an authenticating SSO user to already exist. This field is ignored on POST/PUT Operations. default: false RbacManagerServiceVersion: type: object description: Version information for a service properties: service: type: object properties: version: type: string description: Semantic Version string of the service implementation api: type: object description: Api Version string properties: version: type: string description: Semantic version of the api db: type: object properties: schema_version: type: string description: Semantic version of the db schema engine: type: object properties: version: type: string description: Version of the installed engine library db: type: string description: Version of the installed engine db schema RbacManagerStatusResponse: type: object description: System status response properties: busy: type: boolean up: type: boolean message: type: string RbacManagerTokenResponse: type: object description: An auth token for use in future requests as an Authorization header value of type 'bearer' required: - token properties: token: type: string description: The token content RbacManagerUserRoleListing: type: array description: List of role mappings for a user items: $ref: '#/definitions/RbacManagerAccountRole' RbacManagerUserRoleMembership: type: array description: List of role mappings for a user items: $ref: '#/definitions/RbacManagerRoleMembership' RegexContentMatch: type: object description: Match of a named regex on a file properties: name: type: string description: The name associated with the regular expression regex: type: string description: The regular expression used for the match lines: type: array description: A list of line numbers in the file that matched the regex items: type: integer RegistryConfiguration: description: A registry entry describing the endpoint and credentials for a registry to pull images from type: object properties: created_at: type: string format: date-time last_updated: type: string format: date-time registry_user: type: string description: Username portion of credential to use for this registry registry_type: type: string description: Type of registry account_name: type: string description: Anchore account that owns this registry entry registry: type: string description: hostname:port string for accessing the registry, as would be used in a docker pull operation registry_name: type: string description: human readable name associated with registry record registry_verify: type: boolean description: Use TLS/SSL verification for the registry URL RegistryConfigurationList: description: List of registry configurations type: array items: $ref: '#/definitions/RegistryConfiguration' RegistryConfigurationRequest: description: A registry record describing the endpoint and credentials for a registry type: object properties: registry_user: type: string description: Username portion of credential to use for this registry registry_pass: type: string description: Password portion of credential to use for this registry registry_type: type: string description: Type of registry registry: type: string description: hostname:port string for accessing the registry, as would be used in a docker pull operation. May include some or all of a repository and wildcards (e.g. docker.io/library/* or gcr.io/myproject/myrepository) registry_name: type: string description: human readable name associated with registry record registry_verify: type: boolean description: Use TLS/SSL verification for the registry URL RegistryDigestSource: x-nullable: true type: object description: An image reference using a digest in a registry, includes some extra tag and timestamp info in addition to the pull string to allow proper tag history reconstruction. required: - pull_string - tag properties: pull_string: type: string description: A digest-based pull string (e.g. docker.io/nginx@sha256:123abc) tag: type: string description: A valid docker tag reference (e.g. docker.io/nginx:latest) that will be associated with the image but not used to pull the image. creation_timestamp_override: type: string format: date-time description: Optional override of the image creation time to support proper tag history construction in cases of out-of-order analysis compared to registry history for the tag dockerfile: type: string description: Base64 encoded content of the dockerfile used to build the image, if available. pattern: ^[a-zA-Z0-9+/=]+$ RegistryTagSource: x-nullable: true type: object description: An image reference using a tag in a registry, this is the most common source type. required: - pull_string properties: pull_string: type: string description: A docker pull string (e.g. docker.io/nginx:latest, or docker.io/nginx@sha256:abd) to retrieve the image dockerfile: type: string description: Base64 encoded content of the dockerfile used to build the image, if available. pattern: ^[a-zA-Z0-9+/=]+$ RelationshipSbomDiff: type: object description: 'The diff of two sboms with context applied in each difference. The "added" and "removed" directions depend on the relationship to which this diff applies. A relationship defines a source, a target, and a type. For example, a relationship of type "contains" with a source of an image and a target of a source revision will indicate that the diff is between the source repo sbom and the image sbom. Added packages are present in the image but not in the source, removed are present in the source revision but not in the image, etc. ' properties: source_only: type: array description: Packages added based on the type of relationship. A "contains" relationship means packages present in the source artifact (image) not present in the target (source repo) of the relationship. items: $ref: '#/definitions/Package' target_only: type: array description: Packages removed based on the type of relationship. A "contains" relationship means packages not present in the source artifact (image) present in the target (source repo) of the relationship. items: $ref: '#/definitions/Package' source_modified: type: array items: $ref: '#/definitions/ModifiedPackage' both_unmodified: type: array items: $ref: '#/definitions/Package' RelationshipType: type: string description: The type of relationship between to artifacts enum: - contains - contained_by ReportingApiErrorResponse: description: Generic HTTP API error response type: object properties: code: type: integer format: int32 error_type: type: string message: type: string detail: type: object description: Details structure for additional information about the error if available. Content and structure will be error specific. ReportingServiceVersion: type: object description: Version information for a service properties: service: type: object properties: version: type: string description: Semantic Version string of the service implementation api: type: object description: Api Version string properties: version: type: string description: Semantic version of the api db: type: object properties: schema_version: type: string description: Semantic version of the db schema engine: type: object properties: version: type: string description: Version of the installed engine library db: type: string description: Version of the installed engine db schema ReportingStatusResponse: type: object description: System status response properties: busy: type: boolean up: type: boolean message: type: string ResourceLabel: description: Label on the resource in the key value format type: object properties: key: type: string example: tag value: type: string example: docker.io/library/alpine:latest RetrievedFile: type: object description: The retrieved file entry including content (b64 encoded) properties: path: type: string b64_content: type: string RetrievedFileList: type: array description: Simple array of RetrievedFileMetadata objects items: $ref: '#/definitions/RetrievedFile' RuleSet: type: object required: - id - name - version - rules additionalProperties: false properties: id: type: string name: type: string description: type: string description: Description of the Policy, human readable version: type: string artifact_type: type: string enum: - image - source rules: type: array items: $ref: '#/definitions/PolicyRule' SBOMVulnerabilitiesResponse: description: Envelope containing list of vulnerabilities for a source repo type: object properties: sbom_id: type: string vulnerabilities: type: array items: $ref: '#/definitions/PackageVulnerability' SecretSearchList: type: array description: Simple array of RetrievedFileMetadata objects items: $ref: '#/definitions/SecretSearchResult' SecretSearchResult: type: object description: The retrieved file entry including content (b64 encoded) properties: path: type: string matches: type: array items: $ref: '#/definitions/RegexContentMatch' Service: description: A service status record type: object properties: host_id: type: string description: The unique id of the host on which the service is executing service_name: type: string description: Registered service name base_url: type: string description: The url to reach the service, including port as needed status_message: type: string description: A state indicating the condition of the service. Normal operation is 'registered' service_detail: $ref: '#/definitions/StatusResponse' status: type: boolean version: type: string description: The version of the service as reported by the service implementation on registration ServiceList: description: A list of service objects type: array items: $ref: '#/definitions/Service' ServiceReference: type: object description: A reference to a service in the system properties: host_id: type: string description: The unique id of the host on which the service is executing service_name: type: string description: Registered service name ServiceVersion: type: object description: Version information for a service properties: service: type: object properties: version: type: string description: Semantic Version string of the service implementation api: type: object description: Api Version string properties: version: type: string description: Semantic version of the api db: type: object properties: schema_version: type: string description: Semantic version of the db schema Source: type: object properties: uuid: type: string description: A system-assigned identifier unique for each source analysis account_name: type: string description: The anchore account name that owns this resource host: type: string description: Host name for the repository location (e.g. github.com) repository_name: type: string description: The name of the repository on the host (e.g. 'anchore/anchore-engine') revision: type: string description: The commit ID for a git repository analysis_status: type: string description: The analysis state of the source enum: - not_analyzed - analyzed - analyzing - analysis_failed source_status: type: string description: The state of the source enum: - active - inactive - deleting created_at: type: string format: date-time last_updated: type: string format: date-time SourceContentPackageResponse: type: object description: Package content listings from analysis sbom properties: source_id: type: string content_type: type: string content: type: array items: $ref: '#/definitions/SourceContentPackageResponseContent' SourceContentPackageResponseContent: type: object description: Package content listings from a source properties: package: type: string version: type: string size: type: string type: type: string origin: type: string licenses: type: array items: type: string location: type: string cpes: type: array items: type: string description: A list of Common Platform Enumerations that may uniquely identify the package metadata_type: description: The type of the metadata entry type: string metadata: description: Package type specific metadata type: object purl: type: string SourceImportContentResponse: type: object properties: digest: type: string created_at: type: string format: date-time SourceImportList: type: array items: $ref: '#/definitions/SourceImportOperation' SourceImportMetadata: type: object required: - host - repository_name - revision - contents properties: ci_workflow_name: x-nullable: true type: string ci_workflow_execution_time: x-nullable: true type: string format: date-time host: type: string repository_name: type: string branch_name: x-nullable: true type: string revision: type: string change_author: x-nullable: true type: string contents: type: object required: - sbom description: Digest of content to use in the final import properties: sbom: type: string description: Digest to use for the sbom SourceImportOperation: type: object description: An import record, creating a unique identifier for referencing the operation as well as its state properties: uuid: type: string status: type: string enum: - pending - queued - processing - complete - failed - expired expires_at: type: string format: date-time created_at: type: string format: date-time last_updated: type: string format: date-time SourceManifest: type: object properties: uuid: type: string account_name: type: string vcs_type: type: string host: type: string repository_name: type: string revision: type: string created_at: type: string format: date-time last_updated: type: string format: date-time analysis_status: type: string enum: - not_analyzed - analyzed - analyzing - analysis_failed source_status: type: string enum: - active - inactive - deleting metadata_records: type: array description: Array of metadata available items: type: object description: Metadata associated with a source upload properties: uuid: type: string ci_workflow_name: type: string x-nullable: true ci_workflow_execution_time: type: string format: date-time x-nullable: true branch_name: type: string x-nullable: true change_author: type: string x-nullable: true SourceMappingRule: type: object required: - id - name - allowlist_ids - rule_set_ids - host - repository additionalProperties: false properties: id: type: string name: type: string allowlist_ids: type: array items: type: string rule_set_ids: type: array description: List of rule_set_ids to evaluate in order, to completion items: type: string description: rule_set_id to evaluate host: type: string repository: type: string description: type: string description: Description of the source to policy rule, human readable SourcePackageVulnerabilityResponse: description: Envelope containing list of vulnerabilities for a source repo type: object properties: source_id: type: string vulnerability_type: type: string vulnerabilities: type: array items: $ref: '#/definitions/PackageVulnerability' SourcePolicyEvaluation: type: object description: A policy bundle evaluation result for a specific image, tag, policy tuple required: - account_name - evaluation_id - source_id - host - repository_name - revision - policy - source_mapped_to_rule - findings - number_of_findings - evaluation_time - final_action - final_action_reason - evaluation_problems - status properties: account_name: type: string description: The name of the account containing the source to evaluate evaluation_id: type: string description: The ID of this policy evaluation source_id: type: string description: The ID of the source repository that was evaluated host: type: string description: Host name for the repository location (e.g. github.com) repository_name: type: string description: The name of the repository on the host (e.g. 'anchore/anchore-engine') revision: type: string description: The commit ID for a git repository policy: type: object description: The policy used for evaluation $ref: '#/definitions/Policy' source_mapped_to_rule: description: Whether the evaluated source repository matched a policy rule type: boolean matched_mapping_rule: type: object description: The policy mapping rule that the source repository being evaluated matched against. findings: type: array description: The detailed policy findings items: $ref: '#/definitions/SourcePolicyEvaluationFinding' number_of_findings: type: integer description: Number of policy findings in the response evaluation_time: type: string format: date-time description: The date and time this policy evaluation was performed at final_action: type: string description: The overall outcome of the evaluation. enum: - stop - go - warn final_action_reason: type: string description: The reason for the final result enum: - allowlisted - denylisted - policy_evaluation evaluation_problems: type: array description: list of error objects indicating errors encountered during evaluation execution items: $ref: '#/definitions/PolicyEvaluationProblem' status: type: string description: The overall status of the policy evaluation enum: - pass - fail SourcePolicyEvaluationFinding: type: object properties: trigger_id: type: string description: ID of this policy trigger finding (can be used to allowlist this finding) gate: type: string description: Name of the gate that generated this finding trigger: type: string description: Name of the trigger that generated this finding message: type: string description: Description of the finding action: type: string description: The action associated with this finding enum: - go - stop - warn policy_id: type: string description: ID of the policy that this gate and trigger are a part of recommendation: type: string description: User provided details for resolving this finding rule_id: type: string description: ID of the policy rule that that generated this finding allowlisted: type: boolean description: Indicates if this finding was allowlisted or not allowlist_match: x-nullable: true type: object description: Details about (possible) allowlist match $ref: '#/definitions/PolicyEvaluationFindingAllowlistMatch' SourcesList: type: object properties: items: type: array items: $ref: '#/definitions/Source' StandaloneVulnerability: type: object properties: id: type: string description: Vulnerability identifier. May be CVE-X, RHSA-X, etc. Not necessarily unique across namespaces namespace: type: string description: The namespace for the vulnerability record to avoid conflicts for the same id in different distros or sources (e.g. deb vs ubuntu for same CVE) affected_packages: type: array description: The array of packages (typically packages) that are vulnerable-to or provide fixes-for this vulnerability items: $ref: '#/definitions/PackageReference' severity: type: string description: Severity label specific to the namespace enum: - Unknown - Negligible - Low - Medium - High - Critical link: type: string description: URL for the upstream CVE record in the reporting source (e.g. ubuntu security tracker) nvd_data: $ref: '#/definitions/NvdDataList' vendor_data: $ref: '#/definitions/VendorDataList' description: type: string description: Description of the vulnerability if available references: type: array description: List of references including items: $ref: '#/definitions/VulnerabilityReference' description: A single vulnerability record in a single namespace, the unique key is the combination of the id and namespace StatusResponse: type: object description: System status response properties: available: type: boolean busy: type: boolean up: type: boolean message: type: string version: type: string db_version: type: string detail: type: object Subscription: description: Subscription entry type: object properties: subscription_key: type: string description: The key value that the subscription references. E.g. a tag value or a repo name. subscription_type: type: string description: The type of the subscription subscription_value: type: string x-nullable: true description: The value of the subscription target account_name: type: string description: The account_name of the subscribed user active: type: boolean description: Is the subscription currently active subscription_id: type: string description: the unique id for this subscription record SubscriptionList: description: List of subscriptions type: array items: $ref: '#/definitions/Subscription' SubscriptionRequest: description: A subscription entry to add to the system type: object properties: subscription_key: type: string subscription_value: type: string x-nullable: true subscription_type: type: string SubscriptionUpdate: description: A modification to a subscription entry to change its status or value type: object properties: subscription_value: type: string x-nullable: true description: The new subscription value, e.g. the new tag to be subscribed to active: type: boolean description: Toggle the subscription processing on or off SystemStatusResponse: type: object description: System status response properties: service_states: $ref: '#/definitions/ServiceList' TagEntry: type: object properties: full_tag: type: string description: The pullable string for the tag. E.g. "docker.io/library/node:latest" registry: type: string description: The registry hostname:port section of the pull string repo: type: string description: The repository section of the pull string tag: type: string description: The tag-only section of the pull string tag_detected_at: type: string format: date-time description: The timestamp at which the Anchore Engine detected this tag was mapped to the image digest. Does not necessarily indicate when the tag was actually pushed to the registry. description: A docker-pullable tag value as well as deconstructed components TagUpdateNotification: allOf: - $ref: '#/definitions/NotificationBase' - type: object description: The Notification Object definition for Tag Update Notifications properties: data: $ref: '#/definitions/TagUpdateNotificationData' TagUpdateNotificationData: allOf: - $ref: '#/definitions/BaseNotificationData' - type: object properties: notification_payload: $ref: '#/definitions/TagUpdateNotificationPayload' TagUpdateNotificationPayload: allOf: - $ref: '#/definitions/GenericNotificationPayload' - type: object properties: curr_eval: type: array items: {} description: A list containing the current image digest last_eval: type: array items: {} description: A list containing the previous image digests annotations: type: object description: List of Corresponding Image Annotations x-nullable: true TokenResponse: type: object required: - access_token properties: access_token: type: string description: The token content expires_in: type: number description: The lifetime of the token in seconds token_type: type: string description: The type of the token returned refresh_token: type: string description: The refresh token content TriggerParamSpec: type: object properties: name: type: string description: Parameter name as it appears in policy document description: type: string example: type: string x-nullable: true description: An example value for the parameter (encoded as a string if the parameter is an object or list type) state: type: string description: State of the trigger parameter enum: - active - deprecated - eol superseded_by: type: string x-nullable: true description: The name of another trigger that supersedes this on functionally if this is deprecated required: description: Is this a required parameter or optional type: boolean validator: type: object description: If present, a definition for validation of input. Typically a jsonschema object that can be used to validate an input against. TriggerSpec: type: object description: Definition of a trigger and its parameters properties: name: type: string description: Name of the trigger as it would appear in a policy document description: type: string description: Trigger description for what it tests and when it will fire during evaluation state: type: string description: State of the trigger enum: - active - deprecated - eol superseded_by: type: string x-nullable: true description: The name of another trigger that supersedes this on functionally if this is deprecated parameters: type: array description: The list of parameters that are valid for this trigger items: $ref: '#/definitions/TriggerParamSpec' UUID: type: string pattern: ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$ minLength: 36 maxLength: 36 User: type: object description: A username for authenticating with one or more types of credentials. User type defines the expected credentials allowed for the user. Native users have passwords, other users have no credential internally. Internal users are service/system users for inter-service communication. required: - username properties: username: description: The username to authenticate with type: string type: description: The user's type type: string enum: - native - saml source: description: When the user 'type' is 'saml', this will be the EntityId of the IDP that they are authenticating from. Otherwise, this will be set to null. type: string created_at: description: The timestamp of when the user record was created type: string format: date-time last_updated: description: The timestamp of the last update to this record type: string format: date-time idp_name: description: When the user 'type' is 'saml', this will be the configured name of the IDP that they are authenticating from. Otherwise, this will be set to null. type: string UserCreationRequest: type: object description: A payload for creating a new user, includes the username and password in a single request required: - username properties: username: description: The username to create type: string pattern: ^[a-zA-Z0-9][ a-zA-Z0-9@.!#$+-=^_`~;]{1,126}[a-zA-Z0-9_]$ password: description: The initial password for the user, must be at least 6 characters, up to 128. This must be null when the user_type is not 'native'. type: string pattern: .{6,128}$ user_type: description: The user's type. A Native user authenticates using user/password log on. All other users will authenticate with an IDP. type: string enum: - native - saml idp_name: description: If the user is authenticating via an IDP, this is the name of the IDP. A 'native' user should have this set to null. type: string VendorDataList: type: array description: List of Vendor Data objects items: $ref: '#/definitions/VendorDataObject' VendorDataObject: type: object properties: id: type: string description: Vendor Vulnerability ID cvss_v2: $ref: '#/definitions/CVSSV2Scores' cvss_v3: $ref: '#/definitions/CVSSV3Scores' VersionVulnerability: description: A vulnerability in an application version vulnerability report with vulenrability data, affected artifacts, and packages type: object properties: id: type: string description: The vulnerability id for the match nvd: type: array items: $ref: '#/definitions/VersionVulnerabilityNVD' vendor_data: $ref: '#/definitions/VersionVulnerabilityVendor' matches: type: array items: $ref: '#/definitions/VersionVulnerabilityMatch' VersionVulnerabilityMatch: description: The details of a match for a single matche for a vulnerability in an application version vulnerability report type: object properties: fix: type: string location: description: The location of the match, which includes both the package and the artifact it belongs to type: object properties: artifact: type: object properties: id: type: string type: type: string package: type: object properties: name: type: string type: type: string version: type: string location: type: string VersionVulnerabilityNVD: description: NVD entry for application version vulnerability allOf: - $ref: '#/definitions/VersionVulnerabilityVendorNVDCommon' - type: object properties: id: type: string VersionVulnerabilityReportImage: description: The definition of the image artifacts in the application version vulnerability report type: object properties: image_digest: type: string VersionVulnerabilityReportSource: description: The definition of the source artifacts in the application version vulnerability report type: object properties: uuid: type: string host: type: string repository_name: type: string revision: type: string VersionVulnerabilityVendor: description: The vendor information of the vulnerability type: object allOf: - $ref: '#/definitions/VersionVulnerabilityVendorNVDCommon' - type: object properties: feed: type: string group: type: string will_not_fix: type: boolean VersionVulnerabilityVendorNVDCommon: description: Values common to vendor and nvd entries in application version vulnerability report properties: cvss: type: object properties: cvss_v2: $ref: '#/definitions/CVSSV2Scores' cvss_v3: $ref: '#/definitions/CVSSV3Scores' description: type: string severity: type: string url: type: string VulnDiffResult: type: object description: The results of the comparing two vulnerability records during an update properties: added: type: array items: {} updated: type: array items: {} removed: type: array items: {} VulnUpdateNotification: allOf: - $ref: '#/definitions/NotificationBase' - type: object description: The Notification Object definition for Vuln Update Notifications properties: data: $ref: '#/definitions/VulnUpdateNotificationData' VulnUpdateNotificationData: allOf: - $ref: '#/definitions/BaseNotificationData' - type: object properties: notification_payload: $ref: '#/definitions/VulnUpdateNotificationPayload' VulnUpdateNotificationPayload: allOf: - $ref: '#/definitions/GenericNotificationPayload' - type: object properties: diff_vulnerability_result: $ref: '#/definitions/VulnDiffResult' image_digest: type: string annotations: type: object description: List of Corresponding Image Annotations x-nullable: true VulnerabilityReference: description: An external link/reference type: object properties: source: type: string description: The reference source tags: type: array items: type: string url: type: string description: The reference url