openapi: 3.0.1 info: title: Anchore API description: This is the Anchore API. Provides the external API for users of Anchore Enterprise. contact: email: dev@anchore.com license: name: Apache 2.0 url: http://www.apache.org/licenses/LICENSE-2.0.html version: 2.6.2 servers: - url: /v2 tags: - name: Subscriptions description: Subscription Management - name: Policies description: Policy Management - name: Images description: Image Management - name: Vulnerabilities description: Vulnerability checks and reports - name: Policy Evaluation description: Evaluate images against policies - name: Registries description: Registry Management - name: Repository description: Repository Management - name: System description: System Management - name: Events description: View and delete events - name: User Management description: Manage Accounts, Users, and Credentials - name: Identity description: Get and operate on the authenticated user's identity - name: Archives description: Data Archiving Management - name: Alerts description: Account-level alerting - name: Applications description: Applications - name: Corrections description: CPE corrections - name: Inventories description: Runtime cluster inventory - name: Actions description: Action remediation plans - name: Imports description: Import SBOMs - name: Sources description: Source management - name: Relationships description: Relationship definitions between artifacts - name: Reports description: Reports and metrics interface - name: Notifications description: Notification Endpoint Management - name: RBAC description: RBAC Management - name: Artifact Lifecycle description: Artifact Lifecycle Policies and Management paths: /: get: tags: - System description: Simple status check operationId: ping responses: 200: description: Version check response, returns the api version prefix (e.g. 'v2') content: application/json: schema: type: string x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.system x-anchore-authz-action: None /account: get: tags: - Identity summary: List the account for the authenticated user operationId: get_users_account responses: 200: description: User details for caller's user content: application/json: schema: $ref: '#/components/schemas/Account' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.accounts x-anchore-authz-action: getAccount /accounts: get: tags: - User Management summary: List account summaries. Only available to the system admin user. operationId: list_accounts parameters: - name: state in: query description: Filter accounts by state schema: type: string enum: - enabled - disabled - deleting responses: 200: description: Account summary listing content: application/json: schema: $ref: '#/components/schemas/AccountList' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.accounts x-anchore-authz-action: listAccounts post: tags: - User Management summary: Create a new account. Only available to admin user. operationId: create_account requestBody: content: application/json: schema: $ref: '#/components/schemas/AccountCreationRequest' required: true responses: 200: description: Account Record content: application/json: schema: $ref: '#/components/schemas/Account' 409: description: Conflicting user information. User already exists. content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.accounts x-anchore-authz-action: createAccount x-codegen-request-body-name: account /accounts/{account_name}/state: put: tags: - User Management summary: Update the state of an account to either enabled or disabled. For deletion use the DELETE route operationId: update_account_state parameters: - name: account_name in: path required: true schema: type: string format: path requestBody: content: application/json: schema: $ref: '#/components/schemas/AccountStatus' required: true responses: 200: description: Updated state of the account content: application/json: schema: $ref: '#/components/schemas/AccountStatus' 400: description: State requested is invalid based on current state of the account content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.accounts x-anchore-authz-action: updateAccount x-codegen-request-body-name: desired_state /accounts/{account_name}/users: get: tags: - User Management summary: List of users found in this account. operationId: list_users parameters: - name: account_name in: path required: true schema: type: string format: path responses: 200: description: User listing content: application/json: schema: type: array description: List of user credential records items: $ref: '#/components/schemas/User' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.accounts x-anchore-authz-action: listUsers post: tags: - User Management summary: Create a new user within the specified account. operationId: create_user parameters: - name: account_name in: path required: true schema: type: string format: path requestBody: content: application/json: schema: $ref: '#/components/schemas/UserCreationRequest' required: true responses: 200: description: Credential summary content: application/json: schema: $ref: '#/components/schemas/User' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.accounts x-anchore-authz-action: createUser x-codegen-request-body-name: user /accounts/{account_name}/users/{username}/api-keys: get: tags: - User Management summary: Get a list of API keys operationId: list_user_api_keys parameters: - name: account_name in: path required: true schema: type: string format: path - name: username in: path required: true schema: type: string format: path responses: 200: description: User API key listing content: application/json: schema: $ref: '#/components/schemas/ApiKeyList' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-anchore-authz-action: listApiKeys x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.accounts post: tags: - User Management summary: Add a new API key operationId: create_user_api_key parameters: - name: account_name in: path required: true schema: type: string format: path - name: username in: path required: true schema: type: string format: path requestBody: content: application/json: schema: $ref: '#/components/schemas/UserApiKey' required: true responses: 201: description: Add a new API key content: application/json: schema: $ref: '#/components/schemas/UserApiKey' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.accounts x-anchore-authz-action: createApiKey x-codegen-request-body-name: apikey /accounts/{account_name}/users/{username}/api-keys/{key_name}: get: tags: - User Management summary: Get a user API key operationId: get_user_api_key parameters: - name: account_name in: path required: true schema: type: string format: path - name: username in: path required: true schema: type: string format: path - name: key_name in: path required: true schema: type: string format: path responses: 200: description: User API key listing content: application/json: schema: $ref: '#/components/schemas/UserApiKey' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.accounts x-anchore-authz-action: getApiKey patch: tags: - User Management summary: Patch a user API key operationId: patch_user_api_key parameters: - name: account_name in: path required: true schema: type: string format: path - name: username in: path required: true schema: type: string format: path - name: key_name in: path required: true schema: type: string format: path requestBody: content: application/json: schema: type: object properties: description: type: string name: type: string status: type: string enum: - revoked anyOf: - required: - name - required: - description - required: - status additionalProperties: false responses: 200: description: Patched information in a user API key content: application/json: schema: $ref: '#/components/schemas/UserApiKey' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.accounts x-anchore-authz-action: updateApiKey delete: tags: - User Management summary: Delete a user API key operationId: delete_user_api_key parameters: - name: account_name in: path required: true schema: type: string format: path - name: username in: path required: true schema: type: string format: path - name: key_name in: path required: true schema: type: string format: path responses: 204: description: Successful deletion of a user API key content: {} 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.accounts x-anchore-authz-action: deleteApiKey /accounts/{account_name}/users/{username}/credentials: get: tags: - User Management summary: Get current credential summary operationId: list_user_credentials parameters: - name: account_name in: path required: true schema: type: string format: path - name: username in: path required: true schema: type: string format: path responses: 200: description: User credential listing content: application/json: schema: $ref: '#/components/schemas/CredentialList' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-anchore-authz-action: getUser x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.accounts post: tags: - User Management summary: add/replace credential operationId: create_user_credential parameters: - name: account_name in: path required: true schema: type: string format: path - name: username in: path required: true schema: type: string format: path requestBody: content: application/json: schema: $ref: '#/components/schemas/AccessCredential' required: true responses: 200: description: Add a credential, overwriting if already exists content: application/json: schema: $ref: '#/components/schemas/AccessCredential' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-anchore-authz-action: updateUser x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.accounts x-codegen-request-body-name: credential delete: tags: - User Management summary: Delete a credential by type operationId: delete_user_credential parameters: - name: account_name in: path required: true schema: type: string format: path - name: username in: path required: true schema: type: string format: path - name: credential_type in: query required: true schema: type: string enum: - password responses: 204: description: Successful deletion content: {} 400: description: Conflict, cannot delete the credential used to authenticate this request content: {} 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-anchore-authz-action: updateUser x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.accounts /accounts/{account_name}/users/{username}: get: tags: - User Management summary: Get a specific user in the specified account operationId: get_account_user parameters: - name: account_name in: path required: true schema: type: string format: path - name: username in: path required: true schema: type: string format: path responses: 200: description: User record content: application/json: schema: $ref: '#/components/schemas/User' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.accounts x-anchore-authz-action: getUser delete: tags: - User Management summary: Delete a specific user credential by username of the credential. Cannot be the credential used to authenticate the request. operationId: delete_user parameters: - name: account_name in: path required: true schema: type: string format: path - name: username in: path required: true schema: type: string format: path responses: 204: description: Deleted credential content: {} 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.accounts x-anchore-authz-action: deleteUser /accounts/{account_name}: get: tags: - User Management summary: Get account info about this specific account. operationId: get_account parameters: - name: account_name in: path required: true schema: type: string format: path responses: 200: description: Get user information content: application/json: schema: $ref: '#/components/schemas/Account' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.accounts x-anchore-authz-action: getAccount put: tags: - User Management summary: Update the info for this specific account. operationId: update_account parameters: - name: account_name in: path required: true schema: type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/AccountInfo' required: true responses: 200: description: Returns the account information content: application/json: schema: $ref: '#/components/schemas/Account' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.accounts x-anchore-authz-action: updateAccount x-codegen-request-body-name: info delete: tags: - User Management summary: Delete the specified account, only allowed if the account is in the disabled state. All users will be deleted along with the account and all resources will be garbage collected. The deleted account name will not be available for reuse immediately until all resources are garbage collected async. operationId: delete_account parameters: - name: account_name in: path required: true schema: type: string format: path responses: 204: description: Successful deletion content: {} 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.accounts x-anchore-authz-action: deleteAccount /actions: get: tags: - Actions summary: Gets a list of submitted action (remediation) plans description: Retrieves a list of action plans that have been completed operationId: get_action_plans parameters: - name: image_tag in: query schema: type: string - name: image_digest in: query schema: type: string - name: created_after in: query description: RFC 3339 formatted UTC timestamp to filter out action plans that were only created after this date schema: type: string format: date-time - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/ActionPlans' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.actions x-anchore-authz-action: getActions post: tags: - Actions summary: Submits an Action Plan description: Submits an Action Plan and saves upon completion operationId: add_action_plan requestBody: content: application/json: schema: $ref: '#/components/schemas/ActionPlan' required: true responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/ActionPlan' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.actions x-anchore-authz-action: addAction x-codegen-request-body-name: action_plan /alerts/compliance-violations: get: tags: - Alerts summary: List all compliance violation alerts scoped to the account description: Returns a paginated list of compliance violation alerts in chronological order from the most to least recently generated alerts. Return alerts in the open state by default. Use query parameters for filtering operationId: get_compliance_violation_alerts parameters: - name: page in: query schema: minimum: 1 type: integer default: 1 - name: limit in: query schema: maximum: 100 minimum: 1 type: integer default: 100 - name: state in: query description: Filter for alerts by current state, defaults to open alerts unless specified schema: type: string default: open enum: - all - open - closed - name: created_after in: query description: Filter for alerts generated after the timestamp schema: type: string format: date-time - name: created_before in: query description: Filter for alerts generated before the timestamp schema: type: string format: date-time - name: resource_image_digest in: query description: Filter for alerts associated with image digest schema: type: string - name: resource_image_tag in: query description: Filter for alerts generated for the tag schema: type: string - name: resource_registry in: query description: Filter for alerts associated with registry schema: type: string - name: resource_repository in: query description: Filter for alerts associated with repository schema: type: string - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: List of compliance violation alerts content: application/json: schema: $ref: '#/components/schemas/ComplianceViolationAlertList' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.alerts x-anchore-authz-action: listAlerts /alerts/compliance-violations/{uuid}: get: tags: - Alerts summary: Get compliance violation alert by id description: Returns a single compliance violation alert object operationId: get_compliance_violation_alert parameters: - name: uuid in: path description: Identifier for the alert required: true schema: type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Compliance violation alert content: application/json: schema: $ref: '#/components/schemas/ComplianceViolationAlert' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.alerts x-anchore-authz-action: getAlert patch: tags: - Alerts summary: Open or close a compliance violation alert description: Idempotent op for changing the alert state to open or closed operationId: update_compliance_violation_alert_state parameters: - name: uuid in: path description: Identifier for the alert required: true schema: type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/ComplianceViolationAlertState' required: true responses: 200: description: Alert state updated successfully content: application/json: schema: $ref: '#/components/schemas/ComplianceViolationAlert' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.alerts x-anchore-authz-action: updateAlert x-codegen-request-body-name: body /alerts/summaries: get: tags: - Alerts summary: List all alert summaries scoped to the account description: Returns a paginated list of alert summaries in chronological order from the most to least recently generated alerts. Return alerts in the open state by default. Use query parameters for filtering operationId: get_alert_summaries parameters: - name: page in: query schema: minimum: 1 type: integer default: 1 - name: limit in: query schema: maximum: 100 minimum: 1 type: integer default: 100 - name: type in: query description: Filter for alerts based on the type such as compliance violation schema: type: string default: all enum: - all - compliance_violation - name: state in: query description: Filter for alerts by current state, defaults to open alerts unless specified schema: type: string default: open enum: - all - open - closed - name: created_after in: query description: Filter for alerts generated after the timestamp schema: type: string format: date-time - name: created_before in: query description: Filter for alerts generated before the timestamp schema: type: string format: date-time - name: resource_label in: query description: Filter for alerts associated with a resource where the label in key=value format such as tag=docker.io/library/alpine:latest or repository=library/alpine style: form explode: true schema: uniqueItems: true type: array items: pattern: ^\S+=\S+$ type: string - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: List of alert summaries content: application/json: schema: $ref: '#/components/schemas/AlertSummaryList' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.alerts x-anchore-authz-action: listAlerts /applications: get: tags: - Applications summary: List all applications description: List all applications operationId: get_applications parameters: - name: include_versions in: query schema: type: boolean default: false - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Applications retrieved successfully content: application/json: schema: $ref: '#/components/schemas/ApplicationList' 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.applications x-anchore-authz-action: getApplication post: tags: - Applications summary: Create an application description: Create an application operationId: add_application parameters: - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/Application' required: true responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/Application' 409: description: Application with name already exists content: {} 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.applications x-anchore-authz-action: createApplication x-codegen-request-body-name: application /applications/{application_id}/versions: get: tags: - Applications summary: List all application verions description: List all application verions operationId: get_application_versions parameters: - name: application_id in: path required: true schema: type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Successfully retrieved application versions content: application/json: schema: $ref: '#/components/schemas/ApplicationVersionList' 404: description: Application not found content: {} 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.applications x-anchore-authz-action: getApplication post: tags: - Applications summary: Create an application version description: Create an application version operationId: add_application_version parameters: - name: application_id in: path required: true schema: type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/ApplicationVersion' required: true responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/ApplicationVersion' 404: description: Application not found content: {} 409: description: Application version with version_name already exists on the specified application content: {} 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.applications x-anchore-authz-action: createApplication x-codegen-request-body-name: application_version /applications/{application_id}/versions/{application_version_id}/artifacts: get: tags: - Applications summary: List artifacts present on a given application version description: List artifacts present on a given application version operationId: list_artifacts parameters: - name: application_id in: path required: true schema: type: string format: path - name: application_version_id in: path required: true schema: type: string format: path - name: artifact_types in: query style: form explode: false schema: type: array items: type: string enum: - source - image - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Successfully retrieved artifacts content: application/json: schema: $ref: '#/components/schemas/ArtifactListResponse' 404: description: Application version not found content: {} 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.applications x-anchore-authz-action: getApplication post: tags: - Applications summary: Add an artifact to an application version description: Add artifact to given application_id and application_version_id operationId: add_artifact_to_application_version parameters: - name: application_id in: path required: true schema: type: string format: path - name: application_version_id in: path required: true schema: type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/ArtifactAssociationRequest' required: true responses: 200: description: Artifact successfully added to application version content: application/json: schema: $ref: '#/components/schemas/ArtifactAssociationResponse' 404: description: Application version not found content: {} 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.applications x-anchore-authz-action: updateApplication x-codegen-request-body-name: artifact_request /applications/{application_id}/versions/{application_version_id}/artifacts/{association_id}: delete: tags: - Applications summary: Delete an artifact from specified application version description: Delete an artifact from specified application version operationId: remove_artifact_from_application_version parameters: - name: application_id in: path required: true schema: type: string format: path - name: application_version_id in: path required: true schema: type: string format: path - name: association_id in: path required: true schema: type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 204: description: Artifact successfully removed from application version content: {} 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.applications x-anchore-authz-action: deleteApplication /applications/{application_id}/versions/{application_version_id}/sboms/native-json: get: tags: - Applications summary: Get the combined sbom for the given application version, optionally filtered by artifact type description: Get the combined sbom for the given application version, optionally filtered by artifact type operationId: get_application_version_sbom parameters: - name: application_id in: path required: true schema: type: string format: path - name: application_version_id in: path required: true schema: type: string format: path - name: artifact_types in: query style: form explode: false schema: type: array items: type: string enum: - source - image - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Successfully retrieved combined sbom content: application/json: schema: $ref: '#/components/schemas/ApplicationVersionSbom' 404: description: Application version not found content: {} 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.applications x-anchore-authz-action: getApplication /applications/{application_id}/versions/{application_version_id}/vulnerabilities: get: tags: - Applications summary: Get the vulnerabilities for a given application version description: Get the vulnerabilities for a given application version operationId: get_application_version_vulnerabilities parameters: - name: application_id in: path required: true schema: type: string format: path - name: application_version_id in: path required: true schema: type: string format: path - name: will_not_fix in: query description: If true, include vulnerabilities that the vendor of an image distribution either disagrees with or does not intend to prioritize for remediation schema: type: boolean - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Successfully retrieved vulnerability data content: application/json: schema: $ref: '#/components/schemas/ApplicationVersionVulnerabilityReport' 404: description: Application version not found content: {} 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.applications x-anchore-authz-action: getApplication /applications/{application_id}/versions/{application_version_id}: get: tags: - Applications summary: Get an application version description: Get an application version by application_id and application_version_id operationId: get_application_version parameters: - name: application_id in: path required: true schema: type: string format: path - name: application_version_id in: path required: true schema: type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Successfully retrieved application version content: application/json: schema: $ref: '#/components/schemas/ApplicationVersion' 404: description: Application version not found content: {} 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.applications x-anchore-authz-action: getApplication put: tags: - Applications summary: Update application version details description: Updates application version details for given application_id and application_version_id operationId: update_application_version parameters: - name: application_id in: path required: true schema: type: string format: path - name: application_version_id in: path required: true schema: type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/ApplicationVersion' required: true responses: 200: description: Application updated successfully content: application/json: schema: $ref: '#/components/schemas/ApplicationVersion' 404: description: Application version not found content: {} 409: description: Application version with version_name already exists on the specified application content: {} 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.applications x-anchore-authz-action: updateApplication x-codegen-request-body-name: application_version delete: tags: - Applications summary: Delete an application version by application_id and application_version_id description: Delete an application version by application_id and application_version_id operationId: delete_application_version parameters: - name: application_id in: path required: true schema: type: string format: path - name: application_version_id in: path required: true schema: type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 204: description: Application version deleted successfully content: {} 404: description: Application version not found content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.applications x-anchore-authz-action: deleteApplication /applications/{application_id}: get: tags: - Applications summary: Get an application by application_id description: Get an application by application_id operationId: get_application parameters: - name: application_id in: path required: true schema: type: string format: path - name: include_versions in: query schema: type: boolean default: false - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Successfully retrieved application content: application/json: schema: $ref: '#/components/schemas/Application' 404: description: Application not found content: {} 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.applications x-anchore-authz-action: getApplication put: tags: - Applications summary: Update application details description: Updates application details for given application_id operationId: update_application parameters: - name: application_id in: path required: true schema: type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/Application' required: true responses: 200: description: Application updated successfully content: application/json: schema: $ref: '#/components/schemas/Application' 404: description: Application not found content: {} 409: description: Application with name already exists content: {} 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.applications x-anchore-authz-action: updateApplication x-codegen-request-body-name: application delete: tags: - Applications summary: Delete an application by application_id description: Delete an application by application_id operationId: delete_application parameters: - name: application_id in: path required: true schema: type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 204: description: Application deleted successfully content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.applications x-anchore-authz-action: deleteApplication /archives: get: tags: - Archives operationId: list_archives responses: 200: description: Archive summary listing content: application/json: schema: $ref: '#/components/schemas/ArchiveSummary' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.archive x-anchore-authz-action: listArchives /archives/images: get: tags: - Archives operationId: list_analysis_archive responses: 200: description: Image analysis archive listing for the requesting account (not the whole system) content: application/json: schema: $ref: '#/components/schemas/ArchivedAnalyses' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.archive x-anchore-authz-action: listArchivedImageAnalysis post: tags: - Archives operationId: archive_image_analysis requestBody: content: application/json: schema: $ref: '#/components/schemas/ImageAnalysisReferences' required: true responses: 200: description: Archive statuses content: application/json: schema: $ref: '#/components/schemas/AddAnalysisArchiveResult' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.archive x-anchore-authz-action: createArchivedImageAnalysis x-codegen-request-body-name: image_references /archives/images/{image_digest}: get: tags: - Archives description: Returns the archive metadata record identifying the image and tags for the analysis in the archive. operationId: get_archived_analysis parameters: - name: image_digest in: path description: The image digest to identify the image analysis required: true schema: pattern: ^sha256:[a-fA-F0-9]{64}$ type: string format: path responses: 200: description: Archived Image content: application/json: schema: $ref: '#/components/schemas/ArchivedAnalysis' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.archive x-anchore-authz-action: getArchivedImageAnalysis delete: tags: - Archives description: Performs a synchronous archive deletion operationId: delete_archived_analysis parameters: - name: image_digest in: path required: true schema: pattern: ^sha256:[a-fA-F0-9]{64}$ type: string format: path - name: force in: query schema: type: boolean responses: 200: description: Archived Image Analysis was successfully deleted content: {} 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.archive x-anchore-authz-action: deleteArchivedImageAnalysis /archives/rules: get: tags: - Archives operationId: list_analysis_archive_rules parameters: - name: system_global in: query description: If true include system global rules (owned by admin) even for non-admin users. Defaults to true if not set. Can be set to false to exclude globals schema: type: boolean responses: 200: description: Archive transition rules content: application/json: schema: $ref: '#/components/schemas/AnalysisArchiveRules' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.archive x-anchore-authz-action: listArchiveTransitionRules post: tags: - Archives operationId: create_analysis_archive_rule requestBody: content: application/json: schema: $ref: '#/components/schemas/AnalysisArchiveTransitionRule' required: true responses: 200: description: Archive transition rule content: application/json: schema: $ref: '#/components/schemas/AnalysisArchiveTransitionRule' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.archive x-anchore-authz-action: createArchiveTransitionRule x-codegen-request-body-name: rule /archives/rules/{rule_id}: get: tags: - Archives operationId: get_analysis_archive_rule parameters: - name: rule_id in: path required: true schema: type: string format: path responses: 200: description: Archive transition rule content: application/json: schema: $ref: '#/components/schemas/AnalysisArchiveTransitionRule' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.archive x-anchore-authz-action: getArchiveTransitionRule delete: tags: - Archives operationId: delete_analysis_archive_rule parameters: - name: rule_id in: path required: true schema: type: string format: path responses: 200: description: Analysis archive rule successfully deleted content: {} 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.archive x-anchore-authz-action: deleteArchiveTransitionRule /artifact-relationships: get: tags: - Relationships description: List the relationships between software supply chain artifacts (images, source revisions, etc) operationId: list_artifact_relationships parameters: - name: artifact_type in: query description: Filter for artifact type as either source or target schema: type: string - name: artifact_id in: query description: Filter for artifact id as either source or target schema: type: string responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/ArtifactRelationships' x-anchore-authz-action: listArtifactRelationships x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.relationships post: tags: - Relationships description: Add a new relationship for this image to another artifact (source or image) operationId: add_artifact_relationship requestBody: content: application/json: schema: $ref: '#/components/schemas/ArtifactRelationship' required: true responses: 200: description: success content: application/json: schema: type: object x-anchore-authz-action: createArtifactRelationship x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.relationships x-codegen-request-body-name: relationship delete: tags: - Relationships description: Delete one or more relationships operationId: delete_artifact_relationships parameters: - name: relationship_ids in: query description: List of relationship Ids to delete required: true style: form explode: false schema: type: array items: type: string responses: 200: description: success content: application/json: schema: type: object x-anchore-authz-action: deleteArtifactRelationships x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.relationships /artifact-relationships/{relationship_id}/diffs/sbom: get: tags: - Relationships description: Return the context-aware diff of the sboms for the relationship operationId: get_relationship_sbom_diff parameters: - name: relationship_id in: path required: true schema: type: string responses: 200: description: SBoM Diff for the related artifacts content: application/json: schema: $ref: '#/components/schemas/RelationshipSbomDiff' x-anchore-authz-action: getArtifactRelationshipDiff x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.relationships /corrections: get: tags: - Corrections summary: Retrieve a list of corrections description: Returns a list of corrections operationId: get_corrections parameters: - name: correction_type in: query schema: type: string enum: - package - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Corrections retrieved successfully content: application/json: schema: $ref: '#/components/schemas/CorrectionList' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.corrections x-anchore-authz-action: getCorrection post: tags: - Corrections summary: Create a correction record description: Add a correction record that will be used to fix false positive matches operationId: add_correction parameters: - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/Correction' required: true responses: 200: description: Corrections retrieved successfully content: application/json: schema: $ref: '#/components/schemas/Correction' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.corrections x-anchore-authz-action: addCorrection x-codegen-request-body-name: correction /artifact-relationships/{relationship_id}: get: tags: - Relationships description: Get the relationship between software supply chain artifacts (images, source revisions, etc) operationId: get_artifact_relationship parameters: - name: relationship_id in: path description: Id of record to retrieve required: true schema: type: string responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/ArtifactRelationship' x-anchore-authz-action: getArtifactRelationship x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.relationships /corrections/{uuid}: get: tags: - Corrections summary: Retrieve a correction by UUID description: Returns a single correction, looked up via it's uuid operationId: get_correction_by_uuid parameters: - name: uuid in: path required: true schema: type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Correction retrieved successfully content: application/json: schema: $ref: '#/components/schemas/Correction' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.corrections x-anchore-authz-action: getCorrection put: tags: - Corrections summary: Update a correction by UUID description: Updates a single correction, looked up via it's uuid operationId: update_correction_by_uuid parameters: - name: uuid in: path required: true schema: type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/Correction' required: true responses: 200: description: Correction updated successfully content: application/json: schema: $ref: '#/components/schemas/Correction' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.corrections x-anchore-authz-action: updateCorrection x-codegen-request-body-name: correction delete: tags: - Corrections summary: Delete a correction by UUID description: Delete a single correction, looked up via it's uuid operationId: delete_correction_by_uuid parameters: - name: uuid in: path required: true schema: type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 204: description: Correction deleted successfully content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.corrections x-anchore-authz-action: deleteCorrection /ecs-containers: get: tags: - Inventories summary: Return a list of ECS containers that have been inventoried for this account description: Return a list of ECS containers that have been inventoried for this account operationId: get_ecs_containers parameters: - name: page in: query required: true schema: minimum: 1 type: integer - name: page_size in: query schema: minimum: 1 type: integer default: 1000 responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/ECSContainers' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.runtime_inventory x-anchore-authz-action: getECSContainers /ecs-inventory: post: tags: - Inventories summary: Add container metadata from Amazon ECS description: Add container metadata from Amazon ECS operationId: post_ecs_inventory requestBody: content: application/json: schema: $ref: '#/components/schemas/ECSInventory' required: true responses: 204: description: success content: {} 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.runtime_inventory x-anchore-authz-action: syncInventory x-codegen-request-body-name: inventory /ecs-services: get: tags: - Inventories summary: Return a list of ECS services that have been inventoried for this account description: Return a list of ECS services that have been inventoried for this account operationId: get_ecs_services parameters: - name: page in: query required: true schema: minimum: 1 type: integer - name: page_size in: query schema: minimum: 1 type: integer default: 1000 responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/ECSServices' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.runtime_inventory x-anchore-authz-action: getECSServices /ecs-tasks: get: tags: - Inventories summary: Return a list of ECS tasks that have been inventoried for this account description: Return a list of ECS tasks that have been inventoried for this account operationId: get_ecs_tasks parameters: - name: page in: query required: true schema: minimum: 1 type: integer - name: page_size in: query schema: minimum: 1 type: integer default: 1000 responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/ECSTasks' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.runtime_inventory x-anchore-authz-action: getECSTasks /event-types: get: tags: - Events summary: List Event Types description: Returns list of event types in the category hierarchy operationId: list_event_types responses: 200: description: List of event types content: application/json: schema: $ref: '#/components/schemas/EventTypesList' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.events x-anchore-authz-action: listEvents /events: get: tags: - Events summary: List Events description: Returns a paginated list of events in the descending order of their occurrence. Optional query parameters may be used for filtering results operationId: list_events parameters: - name: source_service_name in: query description: Filter events by the originating service schema: type: string - name: source_host_id in: query description: Filter events by the originating host ID schema: type: string - name: event_type in: query description: Filter events by a prefix match on the event type (e.g. "user.image.") schema: pattern: ^[a-z0-9-_.*]+$ type: string - name: resource_type in: query description: Filter events by the type of resource - tag, image_digest, repository etc schema: type: string - name: resource_id in: query description: Filter events by the id of the resource schema: type: string - name: level in: query description: Filter events by the level - INFO or ERROR schema: type: string - name: since in: query description: Return events that occurred after the timestamp schema: type: string - name: before in: query description: Return events that occurred before the timestamp schema: type: string - name: page in: query description: Pagination controls - return the nth page of results. Defaults to first page if left empty schema: type: integer default: 1 - name: limit in: query description: Number of events in the result set. Defaults to 100 if left empty schema: type: integer default: 100 - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Paginated list of event records and the next token content: application/json: schema: $ref: '#/components/schemas/EventsList' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.events x-anchore-authz-action: listEvents delete: tags: - Events summary: Delete Events description: Delete all or a subset of events filtered using the optional query parameters operationId: delete_events parameters: - name: before in: query description: Delete events that occurred before the timestamp schema: type: string - name: since in: query description: Delete events that occurred after the timestamp schema: type: string - name: level in: query description: Delete events that match the level - INFO or ERROR schema: type: string - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: List of deleted event IDs content: application/json: schema: type: array items: type: string 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.events x-anchore-authz-action: deleteEvents /events/{event_id}: get: tags: - Events summary: Get Event description: Lookup an event by its event ID operationId: get_event parameters: - name: event_id in: path description: Event ID of the event for lookup required: true schema: type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Single event record content: application/json: schema: $ref: '#/components/schemas/EventResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.events x-anchore-authz-action: getEvent delete: tags: - Events summary: Delete Event description: Delete an event by its event ID operationId: delete_event parameters: - name: event_id in: path description: Event ID of the event to be deleted required: true schema: type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Delete success content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.events x-anchore-authz-action: getEvent /health: get: tags: - System description: Health check, returns 200 and no body if service is running operationId: health_check responses: 200: description: Empty body on success content: {} x-openapi-router-controller: anchore_enterprise.common.common x-anchore-authz-action: None /images: get: tags: - Images summary: List all visible images description: List all images visible to the user operationId: list_images parameters: - name: image_id in: query description: Filter results matching image ID schema: type: string - name: history in: query description: Include image history in the response schema: type: boolean - name: full_tag in: query description: Full docker-pull string to filter results by (e.g. docker.io/library/nginx:latest, or myhost.com:5000/testimages:v1.1.1) schema: type: string - name: image_status in: query description: Filter by image_status value on the record. Default if omitted is 'active'. schema: type: string default: active enum: - all - active - deleting - name: analysis_status in: query description: Filter by analysis_status value on the record. schema: type: string enum: - not_analyzed - analyzed - analyzing - analysis_failed - name: analyzed_since in: query description: Filter by images analyzed on or after the specified datetime schema: type: string format: datetime - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: successful operation content: application/json: schema: $ref: '#/components/schemas/AnchoreImageList' 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.images x-anchore-authz-action: listImages post: tags: - Images summary: Submit a new image for analysis by the engine description: Creates a new analysis task that is executed asynchronously operationId: add_image parameters: - name: force in: query description: Override any existing entry in the system schema: type: boolean - name: auto_subscribe in: query description: Indicates if tag will be subscribed for registry updates monitoring schema: type: boolean - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/ImageAnalysisRequest' required: true responses: 200: description: Successfully added image to analysis queue content: application/json: schema: $ref: '#/components/schemas/AnchoreImage' 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.images x-anchore-authz-action: createImage x-codegen-request-body-name: image delete: tags: - Images summary: Bulk mark images for deletion description: Delete analysis for image digests in the list asynchronously operationId: delete_images_async parameters: - name: image_digests in: query required: true style: form explode: false schema: type: array nullable: false items: type: string - name: force in: query schema: type: boolean - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: successful operation content: application/json: schema: $ref: '#/components/schemas/DeleteImageResponseList' 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.images x-anchore-authz-action: deleteImage /images/{image_digest}/ancestors: get: tags: - Images summary: Return the list of ancestor images for the given image description: Returns list of ancestor images, which are the images that form the base layers of the image operationId: get_image_ancestors parameters: - name: image_digest in: path required: true schema: pattern: ^sha256:[a-fA-F0-9]{64}$ type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Ancestor list content: application/json: schema: $ref: '#/components/schemas/ImageAncestry' 404: description: Image not found content: {} 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.images x-anchore-authz-action: getImage /images/{image_digest}/artifacts/file-content-search: get: tags: - Images summary: Return a list of analyzer artifacts of the specified type operationId: list_file_content_search_results parameters: - name: image_digest in: path required: true schema: pattern: ^sha256:[a-fA-F0-9]{64}$ type: string format: path responses: 200: description: List of file metadata objects content: application/json: schema: $ref: '#/components/schemas/FileContentSearchList' 404: description: Image not found in this service content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.images x-anchore-authz-action: getImage /images/{image_digest}/artifacts/retrieved-files: get: tags: - Images summary: Return a list of analyzer artifacts of the specified type operationId: list_retrieved_files parameters: - name: image_digest in: path required: true schema: pattern: ^sha256:[a-fA-F0-9]{64}$ type: string format: path responses: 200: description: List of file metadata objects content: application/json: schema: $ref: '#/components/schemas/RetrievedFileList' 404: description: Image not found in this service content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.images x-anchore-authz-action: getImage /images/{image_digest}/artifacts/secret-search: get: tags: - Images summary: Return a list of analyzer artifacts of the specified type operationId: list_secret_search_results parameters: - name: image_digest in: path required: true schema: pattern: ^sha256:[a-fA-F0-9]{64}$ type: string format: path responses: 200: description: List of file metadata objects content: application/json: schema: $ref: '#/components/schemas/SecretSearchList' 404: description: Image not found in this service content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.images x-anchore-authz-action: getImage /images/{image_digest}/check: get: tags: - Images summary: Check policy evaluation status for image description: Get the policy evaluation for the given image operationId: get_image_policy_check_by_digest parameters: - name: image_digest in: path required: true schema: pattern: ^sha256:[a-fA-F0-9]{64}$ type: string format: path - name: policy_id in: query schema: type: string - name: tag in: query required: true schema: type: string - name: detail in: query schema: type: boolean default: true - name: history in: query schema: type: boolean default: false - name: interactive in: query schema: type: boolean default: false - name: base_digest in: query description: Digest of a base image. If specified the evaluation will indicate results inherited from the base image. Can specify "auto" to have the base image automatically calculated. schema: type: string - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Policy evaluation success content: application/json: schema: $ref: '#/components/schemas/PolicyEvaluation' 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.images x-anchore-authz-action: getImageEvaluation /images/{image_digest}/content: get: tags: - Images summary: List image content types operationId: list_image_content parameters: - name: image_digest in: path required: true schema: pattern: ^sha256:[a-fA-F0-9]{64}$ type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Content listing for the image content: application/json: schema: type: array items: type: string 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.images x-anchore-authz-action: getImage /images/{image_digest}/content/files: get: tags: - Images summary: Get the content of an image by type files operationId: get_image_content_by_type_files parameters: - name: image_digest in: path required: true schema: pattern: ^sha256:[a-fA-F0-9]{64}$ type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Content of specified type from the image content: application/json: schema: $ref: '#/components/schemas/ContentFilesResponse' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.images x-anchore-authz-action: getImage /images/{image_digest}/content/java: get: tags: - Images summary: Get the content of an image by type java operationId: get_image_content_by_type_java_package parameters: - name: image_digest in: path required: true schema: pattern: ^sha256:[a-fA-F0-9]{64}$ type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Content of specified type from the image content: application/json: schema: $ref: '#/components/schemas/ContentJavaPackageResponse' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.images x-anchore-authz-action: getImage /images/{image_digest}/content/malware: get: tags: - Images summary: Get the content of an image by type malware operationId: get_image_content_by_type_malware parameters: - name: image_digest in: path required: true schema: pattern: ^sha256:[a-fA-F0-9]{64}$ type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Content of specified type from the image content: application/json: schema: $ref: '#/components/schemas/ContentMalwareResponse' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.images x-anchore-authz-action: getImage /images/{image_digest}/content/{content_type}: get: tags: - Images summary: Get the content of an image by type operationId: get_image_content_by_type parameters: - name: image_digest in: path required: true schema: pattern: ^sha256:[a-fA-F0-9]{64}$ type: string format: path - name: content_type in: path required: true schema: type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Content of specified type from the image content: application/json: schema: $ref: '#/components/schemas/ContentPackageResponse' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.images x-anchore-authz-action: getImage /images/{image_digest}/metadata: get: tags: - Images summary: List image metadata types operationId: list_image_metadata parameters: - name: image_digest in: path required: true schema: pattern: ^sha256:[a-fA-F0-9]{64}$ type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Metadata listing for the image content: application/json: schema: type: array items: type: string 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.images x-anchore-authz-action: getImage /images/{image_digest}/metadata/{metadata_type}: get: tags: - Images summary: Get the metadata of an image by type operationId: get_image_metadata_by_type parameters: - name: image_digest in: path required: true schema: pattern: ^sha256:[a-fA-F0-9]{64}$ type: string format: path - name: metadata_type in: path required: true schema: type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Metadata of specified type from the image content: application/json: schema: $ref: '#/components/schemas/MetadataResponse' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.images x-anchore-authz-action: getImage /images/{image_digest}/sboms/cyclonedx-json: get: tags: - Images summary: Get image sbom in the CycloneDX format operationId: get_image_sbom_cyclonedx_json parameters: - name: image_digest in: path required: true schema: pattern: ^sha256:[a-fA-F0-9]{64}$ type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Image lookup success content: application/json: schema: type: string 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.images x-anchore-authz-action: getImage /images/{image_digest}/sboms/native-json: get: tags: - Images summary: Get image sbom in the native Anchore format operationId: get_image_sbom_native_json parameters: - name: image_digest in: path required: true schema: pattern: ^sha256:[a-fA-F0-9]{64}$ type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Image lookup success content: application/json: schema: type: string 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.images x-anchore-authz-action: getImage /images/{image_digest}/sboms/spdx-json: get: tags: - Images summary: Get image sbom in the SPDX format operationId: get_image_sbom_spdx_json parameters: - name: image_digest in: path required: true schema: pattern: ^sha256:[a-fA-F0-9]{64}$ type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Image lookup success content: application/json: schema: type: string 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.images x-anchore-authz-action: getImage /images/{image_digest}/vuln: get: tags: - Images summary: Get vulnerability types operationId: get_image_vulnerability_types parameters: - name: image_digest in: path required: true schema: pattern: ^sha256:[a-fA-F0-9]{64}$ type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Vulnerability listing for the image content: application/json: schema: type: array items: type: string enum: - all - os - non-os 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.images x-anchore-authz-action: getImage /images/{image_digest}/vuln/{vuln_type}: get: tags: - Images summary: Get vulnerabilities by type operationId: get_image_vulnerabilities_by_digest parameters: - name: image_digest in: path required: true schema: pattern: ^sha256:[a-fA-F0-9]{64}$ type: string format: path - name: vuln_type in: path required: true schema: type: string enum: - os - non-os - all - name: force_refresh in: query schema: type: boolean default: false - name: include_vuln_description in: query schema: type: boolean default: false - name: vendor_only in: query description: Filter results to include only vulnerabilities that are not marked as invalid by upstream OS vendor data. When set to true, it will filter out all vulnerabilities where `will_not_fix` is False. If false all vulnerabilities are returned regardless of `will_not_fix` schema: type: boolean default: true - name: base_digest in: query description: Digest of a base image. If specified the vulnerabilities will indicate inheritance from the base image. Can specify "auto" to have the base image automatically calculated. schema: type: string - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Vulnerability listing for the image content: application/json: schema: $ref: '#/components/schemas/ImagePackageVulnerabilityResponse' 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.images x-anchore-authz-action: getImage /images/{image_digest}: get: tags: - Images summary: Get image metadata operationId: get_image parameters: - name: image_digest in: path required: true schema: pattern: ^sha256:[a-fA-F0-9]{64}$ type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Image lookup success content: application/json: schema: $ref: '#/components/schemas/AnchoreImage' 404: description: Image not found content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.images x-anchore-authz-action: getImage delete: tags: - Images summary: Delete an image analysis operationId: delete_image parameters: - name: image_digest in: path required: true schema: pattern: ^sha256:[a-fA-F0-9]{64}$ type: string format: path - name: force in: query schema: type: boolean - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Image deletion success content: application/json: schema: $ref: '#/components/schemas/DeleteImageResponse' 400: description: Bad Delete request given image's current state content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' 404: description: Image not found content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.images x-anchore-authz-action: deleteImage /imports/images: get: tags: - Imports summary: Lists in-progress imports operationId: list_operations responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/ImageImports' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.image_imports x-anchore-authz-action: importImage post: tags: - Imports summary: Begin the import of an image SBOM into the system operationId: create_operation responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/ImageImportOperation' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.image_imports x-anchore-authz-action: importImage /imports/images/{operation_id}/content-searches: get: tags: - Imports summary: List uploaded content search results operationId: list_import_content_searches parameters: - name: operation_id in: path required: true schema: type: string format: path responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/ImportContentDigestList' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.image_imports x-anchore-authz-action: importImage post: tags: - Imports summary: Import a content search analysis catalog operationId: import_content_searches parameters: - name: operation_id in: path required: true schema: type: string format: path requestBody: content: application/json: schema: $ref: '#/components/schemas/ImageImportContentSearchList' required: true responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/ImageImportContentResponse' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.image_imports x-anchore-authz-action: importImage x-codegen-request-body-name: contents /imports/images/{operation_id}/dockerfile: get: tags: - Imports summary: List uploaded dockerfiles operationId: list_import_dockerfiles parameters: - name: operation_id in: path required: true schema: type: string format: path responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/ImportContentDigestList' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.image_imports x-anchore-authz-action: importImage post: tags: - Imports summary: Begin the import of an image analyzed by Syft into the system operationId: import_image_dockerfile parameters: - name: operation_id in: path required: true schema: type: string format: path requestBody: content: text/plain: schema: type: string required: true responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/ImageImportContentResponse' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.image_imports x-anchore-authz-action: importImage x-codegen-request-body-name: contents /imports/images/{operation_id}/file-contents: get: tags: - Imports summary: List uploaded file contents operationId: list_import_file_contents parameters: - name: operation_id in: path required: true schema: type: string format: path responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/ImportContentDigestList' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.image_imports x-anchore-authz-action: importImage post: tags: - Imports summary: Import a file contents analysis catalog operationId: import_file_contents parameters: - name: operation_id in: path required: true schema: type: string format: path requestBody: content: application/json: schema: $ref: '#/components/schemas/ImageImportFileContentList' required: true responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/ImageImportContentResponse' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.image_imports x-anchore-authz-action: importImage x-codegen-request-body-name: contents /imports/images/{operation_id}/image-config: get: tags: - Imports summary: List uploaded image configs operationId: list_import_image_configs parameters: - name: operation_id in: path required: true schema: type: string format: path responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/ImportContentDigestList' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.image_imports x-anchore-authz-action: importImage post: tags: - Imports summary: Import a docker or OCI image config to associate with the image operationId: import_image_config parameters: - name: operation_id in: path required: true schema: type: string format: path requestBody: content: application/json: schema: type: object required: true responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/ImageImportContentResponse' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.image_imports x-anchore-authz-action: importImage x-codegen-request-body-name: contents /imports/images/{operation_id}/manifest: get: tags: - Imports summary: List uploaded image manifests operationId: list_import_image_manifests parameters: - name: operation_id in: path required: true schema: type: string format: path responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/ImportContentDigestList' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.image_imports x-anchore-authz-action: importImage post: tags: - Imports summary: Import a docker or OCI distribution manifest to associate with the image operationId: import_image_manifest parameters: - name: operation_id in: path required: true schema: type: string format: path requestBody: content: application/vnd.oci.image.manifest.v1+json: schema: type: object application/vnd.docker.distribution.manifest.v2+json: schema: type: object application/vnd.docker.distribution.manifest.v1+json: schema: type: object application/vnd.docker.distribution.manifest.v1+prettyjws: schema: type: object required: true responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/ImageImportContentResponse' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.image_imports x-anchore-authz-action: importImage x-codegen-request-body-name: contents /imports/images/{operation_id}/packages: get: tags: - Imports summary: List uploaded package manifests operationId: list_import_packages parameters: - name: operation_id in: path required: true schema: type: string format: path responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/ImportContentDigestList' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.image_imports x-anchore-authz-action: importImage post: tags: - Imports summary: Begin the import of an image analyzed by Syft into the system operationId: import_image_packages parameters: - name: operation_id in: path required: true schema: type: string format: path requestBody: content: application/json: schema: $ref: '#/components/schemas/ImagePackageManifest' required: true responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/ImageImportContentResponse' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.image_imports x-anchore-authz-action: importImage x-codegen-request-body-name: sbom /imports/images/{operation_id}/parent-manifest: get: tags: - Imports summary: List uploaded parent manifests (manifest lists for a tag) operationId: list_import_parent_manifests parameters: - name: operation_id in: path required: true schema: type: string format: path responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/ImportContentDigestList' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.image_imports x-anchore-authz-action: importImage post: tags: - Imports summary: Import a docker or OCI distribution manifest list to associate with the image operationId: import_image_parent_manifest parameters: - name: operation_id in: path required: true schema: type: string format: path requestBody: content: application/vnd.docker.distribution.manifest.list.v2+json: schema: type: object application/vnd.oci.image.index.v1+json: schema: type: object required: true responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/ImageImportContentResponse' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.image_imports x-anchore-authz-action: importImage x-codegen-request-body-name: contents /imports/images/{operation_id}/secret-searches: get: tags: - Imports summary: List uploaded secret search results operationId: list_import_secret_searches parameters: - name: operation_id in: path required: true schema: type: string format: path responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/ImportContentDigestList' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.image_imports x-anchore-authz-action: importImage post: tags: - Imports summary: Import a secret search analysis catalog operationId: import_secret_searches parameters: - name: operation_id in: path required: true schema: type: string format: path requestBody: content: application/json: schema: $ref: '#/components/schemas/ImageImportContentSearchList' required: true responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/ImageImportContentResponse' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.image_imports x-anchore-authz-action: importImage x-codegen-request-body-name: contents /imports/images/{operation_id}: get: tags: - Imports summary: Get detail on a single import operationId: get_operation parameters: - name: operation_id in: path required: true schema: type: string format: path responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/ImageImportOperation' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.image_imports x-anchore-authz-action: importImage delete: tags: - Imports summary: Invalidate operation ID so it can be garbage collected operationId: invalidate_operation parameters: - name: operation_id in: path required: true schema: type: string format: path responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/ImageImportOperation' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.image_imports x-anchore-authz-action: importImage /imports/sources: get: tags: - Imports summary: Lists in-progress imports operationId: list_sources_operations responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/SourceImportList' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.source_imports x-anchore-authz-action: importSource post: tags: - Imports summary: Begin the import of a source code repository analyzed by Syft into the system operationId: create_sources_operation responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/SourceImportOperation' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.source_imports x-anchore-authz-action: importSource /imports/sources/{operation_id}/finalize: post: tags: - Imports summary: Add source records to catalog db operationId: finalize_operation parameters: - name: operation_id in: path required: true schema: type: string format: path requestBody: content: application/json: schema: $ref: '#/components/schemas/SourceImportMetadata' required: true responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/SourceManifest' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.source_imports x-anchore-authz-action: importSource x-codegen-request-body-name: metadata /imports/sources/{operation_id}/sbom: get: tags: - Imports summary: list the packages of an imported source code repository operationId: get_import_sources_sbom parameters: - name: operation_id in: path required: true schema: type: string format: path responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/SourceImportContentResponse' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.source_imports x-anchore-authz-action: importSource post: tags: - Imports summary: Begin the import of a source code repository analyzed by Syft into the system operationId: upload_import_sources_sbom parameters: - name: operation_id in: path required: true schema: type: string format: path requestBody: content: application/json: schema: $ref: '#/components/schemas/NativeSBOM' required: true responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/SourceImportContentResponse' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.source_imports x-anchore-authz-action: importSource x-codegen-request-body-name: sbom /imports/sources/{operation_id}: get: tags: - Imports summary: Get detail on a single import operationId: get_sources_operation parameters: - name: operation_id in: path required: true schema: type: string format: path responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/SourceImportOperation' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.source_imports x-anchore-authz-action: importSource delete: tags: - Imports summary: Invalidate operation ID so it can be garbage collected operationId: invalidate_sources_operation parameters: - name: operation_id in: path required: true schema: type: string format: path responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/SourceImportOperation' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.source_imports x-anchore-authz-action: importSource /inventories: get: tags: - Inventories summary: Return a list of the images in inventories for this account description: Returns a list of the images that are in use operationId: get_image_inventory parameters: - name: inventory_type in: query schema: type: string enum: - ecs - kubernetes - name: image_digest in: query schema: type: string - name: context in: query schema: type: string - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/InventoryItems' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.runtime_inventory x-anchore-authz-action: listRuntimeInventories delete: tags: - Inventories summary: Delete runtime inventory by type and context description: Delete runtime inventory by type and context operationId: delete_inventory parameters: - name: inventory_type in: query required: true schema: type: string enum: - ecs - kubernetes - name: context in: query required: true schema: type: string - name: image_digest in: query schema: type: string - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 204: description: Successfully deleted runtime inventory content: {} 404: description: Inventory not found content: {} 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.runtime_inventory x-anchore-authz-action: deleteInventory /kubernetes-containers: get: tags: - Inventories summary: Return a list of Kubernetes containers that have been inventoried for this account description: Return a list of Kubernetes containers that have been inventoried for this account operationId: get_kubernetes_containers parameters: - name: page in: query required: true schema: minimum: 1 type: integer - name: page_size in: query schema: minimum: 1 type: integer default: 1000 responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/KubernetesContainers' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.runtime_inventory x-anchore-authz-action: getKubernetesContainers /kubernetes-inventory: post: tags: - Inventories summary: Add container metadata from a Kubernetes deployment description: Add container metadata from a Kubernetes deployment operationId: post_kubernetes_inventory requestBody: content: application/json: schema: $ref: '#/components/schemas/KubernetesInventory' required: true responses: 204: description: success 500: description: Internal Error x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.runtime_inventory x-anchore-authz-action: syncInventory x-codegen-request-body-name: inventory /kubernetes-namespaces: get: tags: - Inventories summary: Return a list of Kubernetes namespaces that have been inventoried for this account description: Return a list of Kubernetes namespaces that have been inventoried for this account operationId: get_kubernetes_namespaces parameters: - name: page in: query required: true schema: minimum: 1 type: integer - name: page_size in: query schema: minimum: 1 type: integer default: 1000 responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/KubernetesNamespaces' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.runtime_inventory x-anchore-authz-action: getKubernetesNamespaces delete: tags: - Inventories summary: Delete Kubernetes namespaces for a given criteria description: Delete Kubernetes namespaces for a given criteria operationId: delete_kubernetes_namespaces parameters: - name: cluster_name in: query schema: type: string responses: 204: description: success content: {} 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.runtime_inventory x-anchore-authz-action: deleteKubernetesNamespaces /kubernetes-namespaces/{namespace_id}: get: tags: - Inventories summary: Return a Kubernetes namespace that has been inventoried for this account description: Return Kubernetes namespace that has been inventoried for this account operationId: get_kubernetes_namespace parameters: - name: namespace_id in: path required: true schema: type: string format: path responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/KubernetesNamespace' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.runtime_inventory x-anchore-authz-action: getKubernetesNamespaces /kubernetes-nodes: get: tags: - Inventories summary: Return a list of Kubernetes nodes that have been inventoried for this account description: Return a list of Kubernetes nodes that have been inventoried for this account operationId: get_kubernetes_nodes parameters: - name: page in: query required: true schema: minimum: 1 type: integer - name: page_size in: query schema: minimum: 1 type: integer default: 1000 responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/KubernetesNodes' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.runtime_inventory x-anchore-authz-action: getKubernetesNodes /kubernetes-nodes/{node_id}: get: tags: - Inventories summary: Return a Kubernetes node that has been inventoried for this account description: Return Kubernetes node that has been inventoried for this account operationId: get_kubernetes_node parameters: - name: node_id in: path required: true schema: type: string format: path responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/KubernetesNode' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.runtime_inventory x-anchore-authz-action: getKubernetesNodes /kubernetes-pods: get: tags: - Inventories summary: Return a list of Kubernetes pods that have been inventoried for this account description: Return a list of Kubernetes pods that have been inventoried for this account operationId: get_kubernetes_pods parameters: - name: page in: query required: true schema: minimum: 1 type: integer - name: page_size in: query schema: minimum: 1 type: integer default: 1000 responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/KubernetesPods' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.runtime_inventory x-anchore-authz-action: getKubernetesPods /kubernetes-pods/{pod_id}: get: tags: - Inventories summary: Return a Kubernetes pod that has been inventoried for this account description: Return a Kubernetes pod that has been inventoried for this account operationId: get_kubernetes_pod parameters: - name: pod_id in: path required: true schema: type: string format: path responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/KubernetesPod' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.runtime_inventory x-anchore-authz-action: getKubernetesPods /my-user-groups: get: tags: - Identity summary: List user groups for the authenticated user operationId: list_my_user_groups responses: 200: description: User group list content: application/json: schema: $ref: '#/components/schemas/UserGroupList' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.user_groups x-anchore-authz-action: None /notifications/endpoints: get: tags: - Notifications description: List the system installed notification endpoints operationId: list_endpoints responses: 200: description: Listing of endpoint status objects content: application/json: schema: $ref: '#/components/schemas/NotificationEndpointList' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.endpoints x-anchore-authz-action: listNotificationEndpoints /notifications/endpoints/github/configurations: get: tags: - Notifications description: List GitHub endpoint configurations operationId: list_github_configurations responses: 200: description: List of GitHub endpoint configuration objects content: application/json: schema: $ref: '#/components/schemas/NotificationGitHubEndpointConfigurationList' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.github x-anchore-authz-action: listNotificationEndpointConfigurations post: tags: - Notifications description: Create a new GitHub endpoint configuration operationId: add_github_configuration requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationGitHubEndpointConfigurationPost' required: true responses: 200: description: Newly created GitHub endpoint configuration object content: application/json: schema: $ref: '#/components/schemas/NotificationGitHubEndpointConfigurationBase' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.github x-anchore-authz-action: createNotificationEndpointConfiguration x-codegen-request-body-name: configuration /notifications/endpoints/github/configurations/{configuration_uuid}/selectors/{selector_uuid}: get: tags: - Notifications description: Get a selector mapped to a GitHub endpoint configuration operationId: get_github_selector parameters: - name: configuration_uuid in: path required: true schema: type: string format: path - name: selector_uuid in: path required: true schema: type: string format: path responses: 200: description: Selector object content: application/json: schema: $ref: '#/components/schemas/NotificationSelector' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.github x-anchore-authz-action: getNotificationEndpointConfiguration put: tags: - Notifications description: Update a selector mapped to a GitHub endpoint configuration operationId: update_github_selector parameters: - name: configuration_uuid in: path required: true schema: type: string format: path - name: selector_uuid in: path required: true schema: type: string format: path requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationSelector' required: true responses: 200: description: Updated selector object content: application/json: schema: $ref: '#/components/schemas/NotificationSelector' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.github x-anchore-authz-action: updateNotificationEndpointConfiguration x-codegen-request-body-name: selector delete: tags: - Notifications description: Delete a selector mapped to a GitHub endpoint configuration operationId: delete_github_selector parameters: - name: configuration_uuid in: path required: true schema: type: string format: path - name: selector_uuid in: path required: true schema: type: string format: path responses: 200: description: Successful delete content: {} x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.github x-anchore-authz-action: deleteNotificationEndpointConfiguration /notifications/endpoints/github/configurations/{uuid}/selectors: get: tags: - Notifications description: List selectors mapping events for delivery to a GitHub endpoint configuration operationId: list_github_selectors parameters: - name: uuid in: path required: true schema: type: string format: path responses: 200: description: List of selectors content: application/json: schema: $ref: '#/components/schemas/NotificationSelectorList' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.github x-anchore-authz-action: listNotificationEndpointConfigurations post: tags: - Notifications description: Add selector for mapping events for delivery to a GitHub endpoint configuration operationId: add_github_selector parameters: - name: uuid in: path required: true schema: type: string format: path requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationSelector' required: true responses: 200: description: Newly created selector object content: application/json: schema: $ref: '#/components/schemas/NotificationSelector' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.github x-anchore-authz-action: createNotificationEndpointConfiguration x-codegen-request-body-name: selector /notifications/endpoints/github/configurations/{uuid}/status: get: tags: - Notifications description: Get operational status for a GitHub endpoint configuration operationId: get_github_configuration_status parameters: - name: uuid in: path required: true schema: type: string format: path responses: 200: description: Status object content: application/json: schema: $ref: '#/components/schemas/NotificationOperationalStatus' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.github x-anchore-authz-action: getNotificationEndpointConfiguration /notifications/endpoints/github/configurations/{uuid}/test: get: tags: - Notifications description: Test stored GitHub endpoint configuration operationId: test_stored_github_configuration parameters: - name: uuid in: path required: true schema: type: string format: path responses: 200: description: Test result content: application/json: schema: $ref: '#/components/schemas/NotificationGitHubTestResult' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.github x-anchore-authz-action: createNotificationEndpointConfiguration /notifications/endpoints/github/configurations/{uuid}: get: tags: - Notifications description: Get a GitHub endpoint configuration by it's UUID operationId: get_github_configuration parameters: - name: uuid in: path required: true schema: type: string format: path responses: 200: description: GitHub endpoint configuration object content: application/json: schema: $ref: '#/components/schemas/NotificationGitHubEndpointConfigurationBase' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.github x-anchore-authz-action: getNotificationEndpointConfiguration put: tags: - Notifications description: Update a GitHub endpoint configuration by it's UUID operationId: update_github_configuration parameters: - name: uuid in: path required: true schema: type: string format: path requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationGitHubEndpointConfigurationPut' required: true responses: 200: description: Updated GitHub endpoint configuration object content: application/json: schema: $ref: '#/components/schemas/NotificationGitHubEndpointConfigurationBase' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.github x-anchore-authz-action: updateNotificationEndpointConfiguration x-codegen-request-body-name: configuration delete: tags: - Notifications description: Delete a GitHub endpoint configuration by it's UUID operationId: delete_github_configuration parameters: - name: uuid in: path required: true schema: type: string format: path responses: 200: description: Successful delete content: {} 404: description: The provided notification configuration UUID was not found content: {} x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.github x-anchore-authz-action: deleteNotificationEndpointConfiguration /notifications/endpoints/github/test: post: tags: - Notifications description: Test GitHub endpoint configuration operationId: test_github_configuration requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationGitHubEndpointConfigurationPost' required: true responses: 200: description: Test result content: application/json: schema: $ref: '#/components/schemas/NotificationGitHubTestResult' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.github x-anchore-authz-action: createNotificationEndpointConfiguration x-codegen-request-body-name: configuration /notifications/endpoints/jira/configurations: get: tags: - Notifications description: List Jira endpoint configurations operationId: list_jira_configurations responses: 200: description: List of Jira endpoint configuration objects content: application/json: schema: $ref: '#/components/schemas/NotificationJiraEndpointConfigurationList' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.jira x-anchore-authz-action: listNotificationEndpointConfigurations post: tags: - Notifications description: Create a new Jira endpoint configuration operationId: add_jira_configuration requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationJiraEndpointConfigurationPost' required: true responses: 200: description: Newly created Jira endpoint configuration object content: application/json: schema: $ref: '#/components/schemas/NotificationJiraEndpointConfigurationBase' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.jira x-anchore-authz-action: createNotificationEndpointConfiguration x-codegen-request-body-name: configuration /notifications/endpoints/jira/configurations/{configuration_uuid}/selectors/{selector_uuid}: get: tags: - Notifications description: Get a selector mapped to a Jira endpoint configuration operationId: get_jira_selector parameters: - name: configuration_uuid in: path required: true schema: type: string format: path - name: selector_uuid in: path required: true schema: type: string format: path responses: 200: description: Selector object content: application/json: schema: $ref: '#/components/schemas/NotificationSelector' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.jira x-anchore-authz-action: getNotificationEndpointConfiguration put: tags: - Notifications description: Update a selector mapped to a Jira endpoint configuration operationId: update_jira_selector parameters: - name: configuration_uuid in: path required: true schema: type: string format: path - name: selector_uuid in: path required: true schema: type: string format: path requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationSelector' required: true responses: 200: description: Updated selector object content: application/json: schema: $ref: '#/components/schemas/NotificationSelector' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.jira x-anchore-authz-action: updateNotificationEndpointConfiguration x-codegen-request-body-name: selector delete: tags: - Notifications description: Delete a selector mapped to a Jira endpoint configuration operationId: delete_jira_selector parameters: - name: configuration_uuid in: path required: true schema: type: string format: path - name: selector_uuid in: path required: true schema: type: string format: path responses: 200: description: Successful delete content: {} x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.jira x-anchore-authz-action: deleteNotificationEndpointConfiguration /notifications/endpoints/jira/configurations/{uuid}/selectors: get: tags: - Notifications description: List selectors mapping events for delivery to a Jira endpoint configuration operationId: list_jira_selectors parameters: - name: uuid in: path required: true schema: type: string format: path responses: 200: description: List of selectors content: application/json: schema: $ref: '#/components/schemas/NotificationSelectorList' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.jira x-anchore-authz-action: listNotificationEndpointConfigurations post: tags: - Notifications description: Add selector for mapping events for delivery to a Jira endpoint configuration operationId: add_jira_selector parameters: - name: uuid in: path required: true schema: type: string format: path requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationSelector' required: true responses: 200: description: Newly created selector object content: application/json: schema: $ref: '#/components/schemas/NotificationSelector' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.jira x-anchore-authz-action: createNotificationEndpointConfiguration x-codegen-request-body-name: selector /notifications/endpoints/jira/configurations/{uuid}/status: get: tags: - Notifications description: Get operational status for a Jira endpoint configuration operationId: get_jira_configuration_status parameters: - name: uuid in: path required: true schema: type: string format: path responses: 200: description: Status object content: application/json: schema: $ref: '#/components/schemas/NotificationOperationalStatus' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.jira x-anchore-authz-action: getNotificationEndpointConfiguration /notifications/endpoints/jira/configurations/{uuid}/test: get: tags: - Notifications description: Test stored Jira endpoint configuration operationId: test_stored_jira_configuration parameters: - name: uuid in: path required: true schema: type: string format: path responses: 200: description: Test result content: application/json: schema: $ref: '#/components/schemas/NotificationJiraTestResult' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.jira x-anchore-authz-action: createNotificationEndpointConfiguration /notifications/endpoints/jira/configurations/{uuid}: get: tags: - Notifications description: Get a Jira endpoint configuration by it's UUID operationId: get_jira_configuration parameters: - name: uuid in: path required: true schema: type: string format: path responses: 200: description: Jira endpoint configuration object content: application/json: schema: $ref: '#/components/schemas/NotificationJiraEndpointConfigurationBase' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.jira x-anchore-authz-action: getNotificationEndpointConfiguration put: tags: - Notifications description: Update a Jira endpoint configuration by it's UUID operationId: update_jira_configuration parameters: - name: uuid in: path required: true schema: type: string format: path requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationJiraEndpointConfigurationPut' required: true responses: 200: description: Updated Jira endpoint configuration object content: application/json: schema: $ref: '#/components/schemas/NotificationJiraEndpointConfigurationBase' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.jira x-anchore-authz-action: updateNotificationEndpointConfiguration x-codegen-request-body-name: configuration delete: tags: - Notifications description: Delete a Jira endpoint configuration by it's UUID operationId: delete_jira_configuration parameters: - name: uuid in: path required: true schema: type: string format: path responses: 200: description: Successful delete content: {} 404: description: The provided notification configuration UUID was not found content: {} x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.jira x-anchore-authz-action: deleteNotificationEndpointConfiguration /notifications/endpoints/jira/test: post: tags: - Notifications description: Test Jira endpoint configuration operationId: test_jira_configuration requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationJiraEndpointConfigurationPost' required: true responses: 200: description: Test result content: application/json: schema: $ref: '#/components/schemas/NotificationJiraTestResult' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.jira x-anchore-authz-action: createNotificationEndpointConfiguration x-codegen-request-body-name: configuration /notifications/endpoints/slack/configurations: get: tags: - Notifications description: List Slack endpoint configurations operationId: list_slack_configurations responses: 200: description: List of Slack endpoint configuration objects content: application/json: schema: $ref: '#/components/schemas/NotificationSlackEndpointConfigurationList' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.slack x-anchore-authz-action: listNotificationEndpointConfigurations post: tags: - Notifications description: Create a new Slack endpoint configuration operationId: add_slack_configuration requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationSlackEndpointConfiguration' required: true responses: 200: description: Newly created Slack endpoint configuration object content: application/json: schema: $ref: '#/components/schemas/NotificationSlackEndpointConfiguration' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.slack x-anchore-authz-action: createNotificationEndpointConfiguration x-codegen-request-body-name: configuration /notifications/endpoints/slack/configurations/{configuration_uuid}/selectors/{selector_uuid}: get: tags: - Notifications description: Get a selector mapped to a Slack endpoint configuration operationId: get_slack_selector parameters: - name: configuration_uuid in: path required: true schema: type: string format: path - name: selector_uuid in: path required: true schema: type: string format: path responses: 200: description: Selector object content: application/json: schema: $ref: '#/components/schemas/NotificationSelector' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.slack x-anchore-authz-action: getNotificationEndpointConfiguration put: tags: - Notifications description: Update a selector mapped to a Slack endpoint configuration operationId: update_slack_selector parameters: - name: configuration_uuid in: path required: true schema: type: string format: path - name: selector_uuid in: path required: true schema: type: string format: path requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationSelector' required: true responses: 200: description: Updated selector object content: application/json: schema: $ref: '#/components/schemas/NotificationSelector' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.slack x-anchore-authz-action: updateNotificationEndpointConfiguration x-codegen-request-body-name: selector delete: tags: - Notifications description: Delete a selector mapped to a Slack endpoint configuration operationId: delete_slack_selector parameters: - name: configuration_uuid in: path required: true schema: type: string format: path - name: selector_uuid in: path required: true schema: type: string format: path responses: 200: description: Successful delete content: {} x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.slack x-anchore-authz-action: deleteNotificationEndpointConfiguration /notifications/endpoints/slack/configurations/{uuid}/selectors: get: tags: - Notifications description: List selectors mapping events for delivery to a Slack endpoint configuration operationId: list_slack_selectors parameters: - name: uuid in: path required: true schema: type: string format: path responses: 200: description: List of selectors content: application/json: schema: $ref: '#/components/schemas/NotificationSelectorList' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.slack x-anchore-authz-action: listNotificationEndpointConfigurations post: tags: - Notifications description: Add selector for mapping events for delivery to a Slack endpoint configuration operationId: add_slack_selector parameters: - name: uuid in: path required: true schema: type: string format: path requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationSelector' required: true responses: 200: description: Newly created selector object content: application/json: schema: $ref: '#/components/schemas/NotificationSelector' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.slack x-anchore-authz-action: createNotificationEndpointConfiguration x-codegen-request-body-name: selector /notifications/endpoints/slack/configurations/{uuid}/status: get: tags: - Notifications description: Get operational status for a Slack endpoint configuration operationId: get_slack_configuration_status parameters: - name: uuid in: path required: true schema: type: string format: path responses: 200: description: Status object content: application/json: schema: $ref: '#/components/schemas/NotificationOperationalStatus' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.slack x-anchore-authz-action: getNotificationEndpointConfiguration /notifications/endpoints/slack/configurations/{uuid}/test: get: tags: - Notifications description: Test stored Slack endpoint configuration operationId: test_stored_slack_configuration parameters: - name: uuid in: path required: true schema: type: string format: path responses: 200: description: Test result content: application/json: schema: $ref: '#/components/schemas/NotificationSlackTestResult' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.slack x-anchore-authz-action: createNotificationEndpointConfiguration /notifications/endpoints/slack/configurations/{uuid}: get: tags: - Notifications description: Get a Slack endpoint configuration by it's UUID operationId: get_slack_configuration parameters: - name: uuid in: path required: true schema: type: string format: path responses: 200: description: Slack endpoint configuration object content: application/json: schema: $ref: '#/components/schemas/NotificationSlackEndpointConfiguration' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.slack x-anchore-authz-action: getNotificationEndpointConfiguration put: tags: - Notifications description: Update a Slack endpoint configuration by it's UUID operationId: update_slack_configuration parameters: - name: uuid in: path required: true schema: type: string format: path requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationSlackEndpointConfiguration' required: true responses: 200: description: Updated Slack endpoint configuration object content: application/json: schema: $ref: '#/components/schemas/NotificationSlackEndpointConfiguration' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.slack x-anchore-authz-action: updateNotificationEndpointConfiguration x-codegen-request-body-name: configuration delete: tags: - Notifications description: Delete a Slack endpoint configuration by it's UUID operationId: delete_slack_configuration parameters: - name: uuid in: path required: true schema: type: string format: path responses: 200: description: Successful delete content: {} 404: description: The provided notification configuration UUID was not found content: {} x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.slack x-anchore-authz-action: deleteNotificationEndpointConfiguration /notifications/endpoints/slack/test: post: tags: - Notifications description: Test Slack endpoint configuration operationId: test_slack_configuration requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationSlackEndpointConfiguration' required: true responses: 200: description: Test result content: application/json: schema: $ref: '#/components/schemas/NotificationSlackTestResult' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.slack x-anchore-authz-action: createNotificationEndpointConfiguration x-codegen-request-body-name: configuration /notifications/endpoints/smtp/configurations: get: tags: - Notifications description: List SMTP endpoint configurations operationId: list_smtp_configurations responses: 200: description: List of SMTP endpoint configuration objects content: application/json: schema: $ref: '#/components/schemas/NotificationSMTPEndpointConfigurationList' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.smtp x-anchore-authz-action: listNotificationEndpointConfigurations post: tags: - Notifications description: Create a new SMTP endpoint configuration operationId: add_smtp_configuration requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationSMTPEndpointConfiguration' required: true responses: 200: description: Newly created SMTP endpoint configuration object content: application/json: schema: $ref: '#/components/schemas/NotificationSMTPEndpointConfiguration' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.smtp x-anchore-authz-action: createNotificationEndpointConfiguration x-codegen-request-body-name: configuration /notifications/endpoints/smtp/configurations/{configuration_uuid}/selectors/{selector_uuid}: get: tags: - Notifications description: Get a selector mapped to a SMTP endpoint configuration operationId: get_smtp_selector parameters: - name: configuration_uuid in: path required: true schema: type: string format: path - name: selector_uuid in: path required: true schema: type: string format: path responses: 200: description: Selector object content: application/json: schema: $ref: '#/components/schemas/NotificationSelector' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.smtp x-anchore-authz-action: getNotificationEndpointConfiguration put: tags: - Notifications description: Update a selector mapped to a SMTP endpoint configuration operationId: update_smtp_selector parameters: - name: configuration_uuid in: path required: true schema: type: string format: path - name: selector_uuid in: path required: true schema: type: string format: path requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationSelector' required: true responses: 200: description: Updated selector object content: application/json: schema: $ref: '#/components/schemas/NotificationSelector' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.smtp x-anchore-authz-action: updateNotificationEndpointConfiguration x-codegen-request-body-name: selector delete: tags: - Notifications description: Delete a selector mapped to a SMTP endpoint configuration operationId: delete_smtp_selector parameters: - name: configuration_uuid in: path required: true schema: type: string format: path - name: selector_uuid in: path required: true schema: type: string format: path responses: 200: description: Successful delete content: {} x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.smtp x-anchore-authz-action: deleteNotificationEndpointConfiguration /notifications/endpoints/smtp/configurations/{uuid}/selectors: get: tags: - Notifications description: List selectors mapping events for delivery to a SMTP endpoint configuration operationId: list_smtp_selectors parameters: - name: uuid in: path required: true schema: type: string format: path responses: 200: description: List of selectors content: application/json: schema: $ref: '#/components/schemas/NotificationSelectorList' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.smtp x-anchore-authz-action: listNotificationEndpointConfigurations post: tags: - Notifications description: Add selector for mapping events for delivery to a SMTP endpoint configuration operationId: add_smtp_selector parameters: - name: uuid in: path required: true schema: type: string format: path requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationSelector' required: true responses: 200: description: Newly created selector object content: application/json: schema: $ref: '#/components/schemas/NotificationSelector' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.smtp x-anchore-authz-action: createNotificationEndpointConfiguration x-codegen-request-body-name: selector /notifications/endpoints/smtp/configurations/{uuid}/status: get: tags: - Notifications description: Get operational status for a SMTP endpoint configuration operationId: get_smtp_configuration_status parameters: - name: uuid in: path required: true schema: type: string format: path responses: 200: description: Status object content: application/json: schema: $ref: '#/components/schemas/NotificationOperationalStatus' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.smtp x-anchore-authz-action: getNotificationEndpointConfiguration /notifications/endpoints/smtp/configurations/{uuid}/test: get: tags: - Notifications description: Test stored SMTP endpoint configuration operationId: test_stored_smtp_configuration parameters: - name: uuid in: path required: true schema: type: string format: path responses: 200: description: Test result content: application/json: schema: $ref: '#/components/schemas/NotificationSMTPTestResult' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.smtp x-anchore-authz-action: createNotificationEndpointConfiguration /notifications/endpoints/smtp/configurations/{uuid}: get: tags: - Notifications description: Get a SMTP endpoint configuration by it's UUID operationId: get_smtp_configuration parameters: - name: uuid in: path required: true schema: type: string format: path responses: 200: description: SMTP endpoint configuration object content: application/json: schema: $ref: '#/components/schemas/NotificationSMTPEndpointConfiguration' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.smtp x-anchore-authz-action: getNotificationEndpointConfiguration put: tags: - Notifications description: Update a SMTP endpoint configuration by it's UUID operationId: update_smtp_configuration parameters: - name: uuid in: path required: true schema: type: string format: path requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationSMTPEndpointConfiguration' required: true responses: 200: description: Updated SMTP endpoint configuration object content: application/json: schema: $ref: '#/components/schemas/NotificationSMTPEndpointConfiguration' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.smtp x-anchore-authz-action: updateNotificationEndpointConfiguration x-codegen-request-body-name: configuration delete: tags: - Notifications description: Delete a SMTP endpoint configuration by it's UUID operationId: delete_smtp_configuration parameters: - name: uuid in: path required: true schema: type: string format: path responses: 200: description: Successful delete content: {} 404: description: The provided notification configuration UUID was not found content: {} x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.smtp x-anchore-authz-action: deleteNotificationEndpointConfiguration /notifications/endpoints/smtp/test: post: tags: - Notifications description: Test SMTP endpoint configuration operationId: test_smtp_configuration requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationSMTPEndpointConfiguration' required: true responses: 200: description: Test result content: application/json: schema: $ref: '#/components/schemas/NotificationSMTPTestResult' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.smtp x-anchore-authz-action: createNotificationEndpointConfiguration x-codegen-request-body-name: configuration /notifications/endpoints/teams/configurations: get: tags: - Notifications description: List Teams endpoint configurations operationId: list_teams_configurations responses: 200: description: List of Teams endpoint configuration objects content: application/json: schema: $ref: '#/components/schemas/NotificationTeamsEndpointConfigurationList' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.teams x-anchore-authz-action: listNotificationEndpointConfigurations post: tags: - Notifications description: Create a new Teams endpoint configuration operationId: add_teams_configuration requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationTeamsEndpointConfiguration' required: true responses: 200: description: Newly created Teams endpoint configuration object content: application/json: schema: $ref: '#/components/schemas/NotificationTeamsEndpointConfiguration' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.teams x-anchore-authz-action: createNotificationEndpointConfiguration x-codegen-request-body-name: configuration /notifications/endpoints/teams/configurations/{configuration_uuid}/selectors/{selector_uuid}: get: tags: - Notifications description: Get a selector mapped to a Teams endpoint configuration operationId: get_teams_selector parameters: - name: configuration_uuid in: path required: true schema: type: string format: path - name: selector_uuid in: path required: true schema: type: string format: path responses: 200: description: Selector object content: application/json: schema: $ref: '#/components/schemas/NotificationSelector' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.teams x-anchore-authz-action: getNotificationEndpointConfiguration put: tags: - Notifications description: Update a selector mapped to a Teams endpoint configuration operationId: update_teams_selector parameters: - name: configuration_uuid in: path required: true schema: type: string format: path - name: selector_uuid in: path required: true schema: type: string format: path requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationSelector' required: true responses: 200: description: Updated selector object content: application/json: schema: $ref: '#/components/schemas/NotificationSelector' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.teams x-anchore-authz-action: updateNotificationEndpointConfiguration x-codegen-request-body-name: selector delete: tags: - Notifications description: Delete a selector mapped to a Teams endpoint configuration operationId: delete_teams_selector parameters: - name: configuration_uuid in: path required: true schema: type: string format: path - name: selector_uuid in: path required: true schema: type: string format: path responses: 200: description: Successful delete content: {} x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.teams x-anchore-authz-action: deleteNotificationEndpointConfiguration /notifications/endpoints/teams/configurations/{uuid}/selectors: get: tags: - Notifications description: List selectors mapping events for delivery to a Teams endpoint configuration operationId: list_teams_selectors parameters: - name: uuid in: path required: true schema: type: string format: path responses: 200: description: List of selectors content: application/json: schema: $ref: '#/components/schemas/NotificationSelectorList' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.teams x-anchore-authz-action: listNotificationEndpointConfigurations post: tags: - Notifications description: Add selector for mapping events for delivery to a Teams endpoint configuration operationId: add_teams_selector parameters: - name: uuid in: path required: true schema: type: string format: path requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationSelector' required: true responses: 200: description: Newly created selector object content: application/json: schema: $ref: '#/components/schemas/NotificationSelector' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.teams x-anchore-authz-action: createNotificationEndpointConfiguration x-codegen-request-body-name: selector /notifications/endpoints/teams/configurations/{uuid}/status: get: tags: - Notifications description: Get operational status for a Teams endpoint configuration operationId: get_teams_configuration_status parameters: - name: uuid in: path required: true schema: type: string format: path responses: 200: description: Status object content: application/json: schema: $ref: '#/components/schemas/NotificationOperationalStatus' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.teams x-anchore-authz-action: getNotificationEndpointConfiguration /notifications/endpoints/teams/configurations/{uuid}/test: get: tags: - Notifications description: Test stored Teams endpoint configuration operationId: test_stored_teams_configuration parameters: - name: uuid in: path required: true schema: type: string format: path responses: 200: description: Test result content: application/json: schema: $ref: '#/components/schemas/NotificationTeamsTestResult' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.teams x-anchore-authz-action: createNotificationEndpointConfiguration /notifications/endpoints/teams/test: post: tags: - Notifications description: Test Teams endpoint configuration operationId: test_teams_configuration requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationTeamsEndpointConfiguration' required: true responses: 200: description: Test result content: application/json: schema: $ref: '#/components/schemas/NotificationTeamsTestResult' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.teams x-anchore-authz-action: createNotificationEndpointConfiguration x-codegen-request-body-name: configuration /notifications/endpoints/teams/configurations/{uuid}: get: tags: - Notifications description: Get a Teams endpoint configuration by it's UUID operationId: get_teams_configuration parameters: - name: uuid in: path required: true schema: type: string format: path responses: 200: description: Teams endpoint configuration object content: application/json: schema: $ref: '#/components/schemas/NotificationTeamsEndpointConfiguration' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.teams x-anchore-authz-action: getNotificationEndpointConfiguration put: tags: - Notifications description: Update a Teams endpoint configuration by it's UUID operationId: update_teams_configuration parameters: - name: uuid in: path required: true schema: type: string format: path requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationTeamsEndpointConfiguration' required: true responses: 200: description: Updated Teams endpoint configuration object content: application/json: schema: $ref: '#/components/schemas/NotificationTeamsEndpointConfiguration' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.teams x-anchore-authz-action: updateNotificationEndpointConfiguration x-codegen-request-body-name: configuration delete: tags: - Notifications description: Delete a Teams endpoint configuration by it's UUID operationId: delete_teams_configuration parameters: - name: uuid in: path required: true schema: type: string format: path responses: 200: description: Successful delete content: {} 404: description: The provided notification configuration UUID was not found content: {} x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.teams x-anchore-authz-action: deleteNotificationEndpointConfiguration /notifications/endpoints/webhook/configurations: get: tags: - Notifications description: List Webhook endpoint configurations operationId: list_webhook_configurations responses: 200: description: List of Webhook endpoint configuration objects content: application/json: schema: $ref: '#/components/schemas/NotificationWebhookEndpointConfigurationList' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.webhook x-anchore-authz-action: listNotificationEndpointConfigurations post: tags: - Notifications description: Create a new Webhook endpoint configuration operationId: add_webhook_configuration requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationWebhookEndpointConfiguration' required: true responses: 200: description: Newly created Webhook endpoint configuration object content: application/json: schema: $ref: '#/components/schemas/NotificationWebhookEndpointConfiguration' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.webhook x-anchore-authz-action: createNotificationEndpointConfiguration x-codegen-request-body-name: configuration /notifications/endpoints/webhook/configurations/{configuration_uuid}/selectors/{selector_uuid}: get: tags: - Notifications description: Get a selector mapped to a Webhook endpoint configuration operationId: get_webhook_selector parameters: - name: configuration_uuid in: path required: true schema: type: string format: path - name: selector_uuid in: path required: true schema: type: string format: path responses: 200: description: Selector object content: application/json: schema: $ref: '#/components/schemas/NotificationSelector' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.webhook x-anchore-authz-action: getNotificationEndpointConfiguration put: tags: - Notifications description: Update a selector mapped to a Webhook endpoint configuration operationId: update_webhook_selector parameters: - name: configuration_uuid in: path required: true schema: type: string format: path - name: selector_uuid in: path required: true schema: type: string format: path requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationSelector' required: true responses: 200: description: Updated selector object content: application/json: schema: $ref: '#/components/schemas/NotificationSelector' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.webhook x-anchore-authz-action: updateNotificationEndpointConfiguration x-codegen-request-body-name: selector delete: tags: - Notifications description: Delete a selector mapped to a Webhook endpoint configuration operationId: delete_webhook_selector parameters: - name: configuration_uuid in: path required: true schema: type: string format: path - name: selector_uuid in: path required: true schema: type: string format: path responses: 200: description: Successful delete content: {} x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.webhook x-anchore-authz-action: deleteNotificationEndpointConfiguration /notifications/endpoints/webhook/configurations/{uuid}/selectors: get: tags: - Notifications description: List selectors mapping events for delivery to a Webhook endpoint configuration operationId: list_webhook_selectors parameters: - name: uuid in: path required: true schema: type: string format: path responses: 200: description: List of selectors content: application/json: schema: $ref: '#/components/schemas/NotificationSelectorList' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.webhook x-anchore-authz-action: listNotificationEndpointConfigurations post: tags: - Notifications description: Add selector for mapping events for delivery to a Webhook endpoint configuration operationId: add_webhook_selector parameters: - name: uuid in: path required: true schema: type: string format: path requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationSelector' required: true responses: 200: description: Newly created selector object content: application/json: schema: $ref: '#/components/schemas/NotificationSelector' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.webhook x-anchore-authz-action: createNotificationEndpointConfiguration x-codegen-request-body-name: selector /notifications/endpoints/webhook/configurations/{uuid}/status: get: tags: - Notifications description: Get operational status for a Webhook endpoint configuration operationId: get_webhook_configuration_status parameters: - name: uuid in: path required: true schema: type: string format: path responses: 200: description: Status object content: application/json: schema: $ref: '#/components/schemas/NotificationOperationalStatus' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.webhook x-anchore-authz-action: getNotificationEndpointConfiguration /notifications/endpoints/webhook/configurations/{uuid}/test: get: tags: - Notifications description: Test stored Webhook endpoint configuration operationId: test_stored_webhook_configuration parameters: - name: uuid in: path required: true schema: type: string format: path responses: 200: description: Test result content: application/json: schema: $ref: '#/components/schemas/NotificationWebhookTestResult' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.webhook x-anchore-authz-action: createNotificationEndpointConfiguration /notifications/endpoints/webhook/configurations/{uuid}: get: tags: - Notifications description: Get a Webhook endpoint configuration by it's UUID operationId: get_webhook_configuration parameters: - name: uuid in: path required: true schema: type: string format: path responses: 200: description: Webhook endpoint configuration object content: application/json: schema: $ref: '#/components/schemas/NotificationWebhookEndpointConfiguration' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.webhook x-anchore-authz-action: getNotificationEndpointConfiguration put: tags: - Notifications description: Update a Webhook endpoint configuration by it's UUID operationId: update_webhook_configuration parameters: - name: uuid in: path required: true schema: type: string format: path requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationWebhookEndpointConfiguration' required: true responses: 200: description: Updated Webhook endpoint configuration object content: application/json: schema: $ref: '#/components/schemas/NotificationWebhookEndpointConfiguration' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.webhook x-anchore-authz-action: updateNotificationEndpointConfiguration x-codegen-request-body-name: configuration delete: tags: - Notifications description: Delete a Webhook endpoint configuration by it's UUID operationId: delete_webhook_configuration parameters: - name: uuid in: path required: true schema: type: string format: path responses: 200: description: Successful delete content: {} 404: description: The provided notification configuration UUID was not found content: {} x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.webhook x-anchore-authz-action: deleteNotificationEndpointConfiguration /notifications/endpoints/webhook/test: post: tags: - Notifications description: Test Webhook endpoint configuration operationId: test_webhook_configuration requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationWebhookEndpointConfiguration' required: true responses: 200: description: Test result content: application/json: schema: $ref: '#/components/schemas/NotificationWebhookTestResult' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.webhook x-anchore-authz-action: createNotificationEndpointConfiguration x-codegen-request-body-name: configuration /notifications/endpoints/{name}: put: tags: - Notifications description: Update enabled status of an endpoint operationId: update_endpoint_status parameters: - name: name in: path required: true schema: type: string format: path enum: - slack - jira - smtp - github - teams - webhook requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationEndpointEnabledStatus' required: true responses: 200: description: Updated status record for an endpoint content: application/json: schema: $ref: '#/components/schemas/NotificationEndpointEnabledStatus' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.endpoints x-anchore-authz-action: updateNotificationEndpoint x-codegen-request-body-name: status /notifications/selectors: get: tags: - Notifications description: List all selectors mapped to endpoint configurations for the account operationId: list_selectors responses: 200: description: List of selectors content: application/json: schema: $ref: '#/components/schemas/NotificationSelectorList' x-openapi-router-controller: anchore_enterprise.services.notifications.api.controllers.selectors x-anchore-authz-action: listNotificationEndpointConfigurations /oauth/revoke: post: tags: - User Management description: Revoke a refresh token previously requested from /oauth/token operationId: revoke_oauth_token requestBody: content: application/x-www-form-urlencoded: schema: type: object properties: token: type: string description: The token to be revoked token_type_hint: type: string description: A hint about the type of token to be revoked enum: - refresh_token responses: 200: description: The token has been successfully revoked content: {} 400: description: Error response content: application/json: schema: type: object properties: error: type: string description: ASCII error code from RFC6749 401: description: Revocation of the provided token type is not supported content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.oauth x-anchore-authz-action: None /oauth/token: post: tags: - User Management description: Request a jwt token for subsequent operations, this request is authenticated with normal HTTP auth operationId: get_oauth_token requestBody: content: application/x-www-form-urlencoded: schema: type: object properties: grant_type: type: string description: OAuth Grant type for token default: password username: type: string description: User to assign OAuth token to password: type: string description: Password for corresponding user client_id: type: string description: The type of client used for the OAuth token default: anonymous refresh_token: type: string description: The refresh token from a previous password grant request, used to get a new access_token responses: 200: description: Resulting JWT token content: application/json: schema: $ref: '#/components/schemas/TokenResponse' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.oauth x-anchore-authz-action: None /policies: get: tags: - Policies summary: List policies description: List all saved policies operationId: list_policies parameters: - name: detail in: query description: Include policy detail in the form of the full policy content for each entry schema: type: boolean - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Policy listing content: application/json: schema: $ref: '#/components/schemas/PolicyList' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.policies x-anchore-authz-action: listPolicies post: tags: - Policies summary: Add a new policy description: Adds a new policy to the system operationId: add_policy parameters: - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/Policy' required: true responses: 200: description: Saved policy content: application/json: schema: $ref: '#/components/schemas/PolicyRecord' 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.policies x-anchore-authz-action: createPolicy x-codegen-request-body-name: policy /policies/{policy_id}: get: tags: - Policies summary: Get specific policy description: Get the policy content operationId: get_policy parameters: - name: policy_id in: path required: true schema: type: string format: path - name: detail in: query description: Include policy detail in the form of the full policy content for each entry schema: type: boolean - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: A single fetched policy record content: application/json: schema: $ref: '#/components/schemas/PolicyRecord' 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.policies x-anchore-authz-action: getPolicy put: tags: - Policies summary: Update policy description: Update/replace and existing policy operationId: update_policy parameters: - name: policy_id in: path required: true schema: type: string format: path - name: active in: query description: Mark policy as active schema: type: boolean - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/PolicyRecord' required: true responses: 200: description: A single updated policy record content: application/json: schema: $ref: '#/components/schemas/PolicyRecord' 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.policies x-anchore-authz-action: updatePolicy x-codegen-request-body-name: policy delete: tags: - Policies summary: Delete policy description: Delete the specified policy operationId: delete_policy parameters: - name: policy_id in: path required: true schema: type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 204: description: Delete success content: {} 404: description: Policy not found to delete content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.policies x-anchore-authz-action: deletePolicy /query/images/by-package: get: tags: - Query summary: List of images containing given package description: Filterable query interface to search for images containing specified package operationId: query_images_by_package parameters: - name: name in: query description: Name of package to search for (e.g. sed) required: true schema: type: string - name: package_type in: query description: Type of package to filter on (e.g. dpkg) schema: type: string - name: version in: query description: Version of named package to filter on (e.g. 4.4-1) schema: type: string - name: page in: query description: The page of results to fetch. Pages start at 1 schema: type: string - name: limit in: query description: Limit the number of records for the requested page. If omitted or set to 0, return all results in a single page schema: type: integer - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Image listing content: application/json: schema: $ref: '#/components/schemas/PaginatedImageList' 400: description: Bad filter parameters content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.query x-anchore-authz-action: listImages /query/vulnerabilities: get: tags: - Query summary: Listing information about given vulnerability description: List (w/filters) vulnerability records known by the system, with affected packages information if present operationId: query_vulnerabilities parameters: - name: id in: query description: The ID of the vulnerability (e.g. CVE-1999-0001) required: true style: form explode: false schema: type: array items: type: string - name: affected_package in: query description: Filter results by specified package name (e.g. sed) schema: type: string - name: affected_package_version in: query description: Filter results by specified package version (e.g. 4.4-1) schema: type: string - name: page in: query description: The page of results to fetch. Pages start at 1 schema: type: string default: '1' - name: limit in: query description: Limit the number of records for the requested page. If omitted or set to 0, return all results in a single page schema: type: integer - name: namespace in: query description: Namespace(s) to filter vulnerability records by style: form explode: false schema: type: array items: type: string responses: 200: description: Vulnerability listing paginated content: application/json: schema: $ref: '#/components/schemas/PaginatedVulnerabilityList' 400: description: Invalid filter parameters content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.query x-anchore-authz-action: None /rbac-manager/my-roles: get: tags: - RBAC summary: List the roles for which the authenticated user is a member operationId: my_roles responses: 200: description: Role summary listing content: application/json: schema: $ref: '#/components/schemas/RbacManagerUserRoleListing' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/RbacManagerApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.rbac_manager.api.controllers.roles x-anchore-authz-action: None /rbac-manager/roles: get: tags: - RBAC summary: List roles available in the system operationId: list_roles responses: 200: description: Role summary listing content: application/json: schema: $ref: '#/components/schemas/RbacManagerRoleSummaryList' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/RbacManagerApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.rbac_manager.api.controllers.roles x-anchore-authz-action: listRoles /rbac-manager/roles/{role_name}/members: get: tags: - RBAC summary: Returns a list of objects that have members in the role. The list is filtered by 'listRoleMembers' access for the 'account' element of each entry. operationId: list_role_members parameters: - name: role_name in: path required: true schema: type: string format: path - name: for_account in: query description: Optional filter parameter to limit the set fo returned items to only those with matching account. Will return Access Denied if caller does not have permission to listRoleMembers for that account. schema: type: string responses: 200: description: List of users assigned the role content: application/json: schema: $ref: '#/components/schemas/RbacManagerRoleMemberList' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/RbacManagerApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.rbac_manager.api.controllers.roles x-anchore-authz-action: listRoleMembers post: tags: - RBAC summary: Add a user to the role operationId: add_role_user parameters: - name: role_name in: path required: true schema: type: string format: path requestBody: content: application/json: schema: $ref: '#/components/schemas/RbacManagerRoleMember' required: true responses: 200: description: Added user mapping content: application/json: schema: $ref: '#/components/schemas/RbacManagerRoleMember' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/RbacManagerApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.rbac_manager.api.controllers.roles x-anchore-authz-action: createRoleMember x-codegen-request-body-name: member delete: tags: - RBAC summary: Remove a user from the role operationId: delete_role_user parameters: - name: role_name in: path required: true schema: type: string format: path - name: username in: query description: The username to remove the role for required: true schema: type: string - name: for_account in: query description: The account that the user has the role to be removed required: true schema: type: string responses: 204: description: Success content: {} 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/RbacManagerApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.rbac_manager.api.controllers.roles x-anchore-authz-action: deleteRoleMember /rbac-manager/roles/{role_name}: get: tags: - RBAC summary: Get detailed information about a specific role operationId: get_role parameters: - name: role_name in: path required: true schema: type: string format: path responses: 200: description: Role details content: application/json: schema: $ref: '#/components/schemas/RbacManagerRole' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/RbacManagerApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.rbac_manager.api.controllers.roles x-anchore-authz-action: getRole /rbac-manager/saml/idps: get: tags: - RBAC description: List the names of configured Identity Providers for this anchore installation operationId: list_idps responses: 200: description: List of idp names content: application/json: schema: type: array items: type: string description: Name of idp for login or config operations 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/RbacManagerApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.rbac_manager.api.controllers.auth x-anchore-authz-action: None post: tags: - RBAC description: Add a new Identity Provider to the system, with a specific name operationId: add_idp requestBody: content: application/json: schema: $ref: '#/components/schemas/RbacManagerSamlConfiguration' required: true responses: 200: description: Entry created content: application/json: schema: $ref: '#/components/schemas/RbacManagerSamlConfiguration' 409: description: Conflict, entry already exists content: application/json: schema: $ref: '#/components/schemas/RbacManagerApiErrorResponse' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/RbacManagerApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.rbac_manager.api.controllers.auth x-anchore-authz-action: None x-codegen-request-body-name: configuration /rbac-manager/saml/idps/{name}/user-group-mappings: get: tags: - RBAC description: Return the list of user groups associated with an IdP operationId: get_idp_user_groups parameters: - name: name in: path required: true schema: type: string format: path responses: 200: description: Successfully retrieved configuration content: application/json: schema: $ref: '#/components/schemas/RbacManagerIdpUserGroups' 404: description: Not found content: application/json: schema: $ref: '#/components/schemas/RbacManagerApiErrorResponse' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/RbacManagerApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.rbac_manager.api.controllers.user_groups x-anchore-authz-action: None post: tags: - RBAC description: Associate a user group with an IdP. operationId: add_idp_user_groups x-openapi-router-controller: anchore_enterprise.services.rbac_manager.api.controllers.user_groups x-anchore-authz-action: None parameters: - name: name in: path required: true schema: type: string format: path requestBody: content: application/json: schema: $ref: '#/components/schemas/RbacManagerIdpUserGroupPost' required: true responses: 200: description: Successfully associated user group with IdP content: application/json: schema: $ref: '#/components/schemas/RbacManagerIdpUserGroups' 400: description: Bad request content: application/json: schema: $ref: '#/components/schemas/RbacManagerApiErrorResponse' 404: description: Not found content: application/json: schema: $ref: '#/components/schemas/RbacManagerApiErrorResponse' 409: description: Conflict, entry already exists content: application/json: schema: $ref: '#/components/schemas/RbacManagerApiErrorResponse' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/RbacManagerApiErrorResponse' delete: tags: - RBAC description: Remove user group association(s) from an IdP operationId: delete_idp_user_group x-openapi-router-controller: anchore_enterprise.services.rbac_manager.api.controllers.user_groups x-anchore-authz-action: None parameters: - name: name description: The name of the IdP to remove the user group from in: path required: true schema: type: string format: path - name: user_group description: The user group uuid to remove from the IdP in the format user_group=uuid1&user_group=uuid2 in: query required: true schema: type: array items: type: string responses: 204: description: Successfully removed user group association from IdP content: {} 400: description: Bad request content: application/json: schema: $ref: '#/components/schemas/RbacManagerApiErrorResponse' 404: description: Not found content: application/json: schema: $ref: '#/components/schemas/RbacManagerApiErrorResponse' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/RbacManagerApiErrorResponse' /rbac-manager/saml/idps/{name}: get: tags: - RBAC description: Return the configuration for a named Identity Provider operationId: get_idp parameters: - name: name in: path required: true schema: type: string format: path responses: 200: description: Successfully retrieved configuration content: application/json: schema: $ref: '#/components/schemas/RbacManagerSamlConfigurationGet' 404: description: Not found content: application/json: schema: $ref: '#/components/schemas/RbacManagerApiErrorResponse' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/RbacManagerApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.rbac_manager.api.controllers.auth x-anchore-authz-action: None put: tags: - RBAC description: Update an existing Identity Provider configuration operationId: update_idp parameters: - name: name in: path required: true schema: type: string format: path requestBody: content: application/json: schema: $ref: '#/components/schemas/RbacManagerSamlConfiguration' required: true responses: 200: description: Successfully updated configuration content: application/json: schema: $ref: '#/components/schemas/RbacManagerSamlConfiguration' 400: description: Not found content: application/json: schema: $ref: '#/components/schemas/RbacManagerApiErrorResponse' 404: description: Not found content: application/json: schema: $ref: '#/components/schemas/RbacManagerApiErrorResponse' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/RbacManagerApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.rbac_manager.api.controllers.auth x-anchore-authz-action: None delete: tags: - RBAC description: Delete an idp configuration. Users will not longer be able to login from this idp. In addition, any users that have been configured explicitly or JIT Provisioned on this IDP will be deleted. operationId: delete_idp parameters: - name: name in: path required: true schema: type: string format: path responses: 204: description: Successfully deleted content: {} 404: description: Not found content: {} 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/RbacManagerApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.rbac_manager.api.controllers.auth x-anchore-authz-action: None /rbac-manager/saml/login/{idp_name}: get: tags: - RBAC description: Initiate an SP-initiated login sequence for the Idp. The SP will respond with the SAML AuthN Request the client must send to the Idp URL operationId: saml_login parameters: - name: idp_name in: path required: true schema: type: string format: path responses: 200: description: Resulting JWT token content: application/json: schema: $ref: '#/components/schemas/RbacManagerTokenResponse' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/RbacManagerApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.rbac_manager.api.controllers.auth x-anchore-authz-action: None /rbac-manager/saml/sso/{idp_name}: post: tags: - RBAC description: Perform a login using a SAML assertion, no HTTP auth is required as the SAML assertion is considered the authenticating token operationId: saml_sso parameters: - name: idp_name in: path required: true schema: type: string format: path responses: 200: description: Resulting JWT token content: application/json: schema: $ref: '#/components/schemas/RbacManagerTokenResponse' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/RbacManagerApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.rbac_manager.api.controllers.auth x-anchore-authz-action: None /rbac-manager/users/{username}/roles: get: tags: - RBAC summary: List the roles for which the requested user is a member operationId: list_user_roles parameters: - name: username in: path required: true schema: type: string format: path - name: for_account in: query schema: type: string - name: role in: query schema: type: string responses: 200: description: Role summary listing content: application/json: schema: $ref: '#/components/schemas/RbacManagerUserRoleMembership' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/RbacManagerApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.rbac_manager.api.controllers.roles x-anchore-authz-action: None /registries: get: tags: - Registries summary: List configured registries description: List all configured registries the system can/will watch operationId: list_registries parameters: - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Registry listing content: application/json: schema: $ref: '#/components/schemas/RegistryConfigurationList' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.registries x-anchore-authz-action: listRegistries post: tags: - Registries summary: Add a new registry description: Adds a new registry to the system operationId: create_registry parameters: - name: validate in: query description: flag to determine whether or not to validate registry/credential at registry add time schema: type: boolean - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/RegistryConfigurationRequest' required: true responses: 200: description: Saved registry configuration content: application/json: schema: $ref: '#/components/schemas/RegistryConfigurationList' 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.registries x-anchore-authz-action: createRegistry x-codegen-request-body-name: registry_data /registries/{registry}: get: tags: - Registries summary: Get a specific registry configuration description: Get information on a specific registry operationId: get_registry parameters: - name: registry in: path required: true schema: type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Registry configuration content: application/json: schema: $ref: '#/components/schemas/RegistryConfigurationList' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.registries x-anchore-authz-action: getRegistry put: tags: - Registries summary: Update/replace a registry configuration description: Replaces an existing registry record with the given record operationId: update_registry parameters: - name: registry in: path required: true schema: type: string format: path - name: validate in: query description: flag to determine whether or not to validate registry/credential at registry update time schema: type: boolean - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/RegistryConfigurationRequest' required: true responses: 200: description: Updated registry configuration content: application/json: schema: $ref: '#/components/schemas/RegistryConfigurationList' 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.registries x-anchore-authz-action: updateRegistry x-codegen-request-body-name: registry_data delete: tags: - Registries summary: Delete a registry configuration description: Delete a registry configuration record from the system. Does not remove any images. operationId: delete_registry parameters: - name: registry in: path required: true schema: type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 204: description: Delete success content: {} 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.registries x-anchore-authz-action: deleteRegistry /reporting/reports/global/scheduled-query-results/{result_uuid}: get: tags: - Reports description: Get a single saved global query result operationId: get_global_query_result parameters: - name: result_uuid in: path required: true schema: pattern: '[0-9a-z-]+' type: string format: path - name: page in: query description: Page number to fetch. If omitted, '1' is default. Page numbers start at 1 schema: type: integer responses: 200: description: Saved Query result page content: {} 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.reports.api.controllers.scheduled_queries x-anchore-authz-action: viewReports /reporting/scheduled-query-results/{result_uuid}: get: tags: - Reports description: Get a single saved query result operationId: get_query_result parameters: - name: result_uuid in: path required: true schema: pattern: '[0-9a-z-]+' type: string format: path - name: page in: query description: Page number to fetch. If omitted, '1' is default. Page numbers start at 1 schema: type: integer responses: 200: description: Saved Query result page content: {} 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.reports.api.controllers.scheduled_queries x-anchore-authz-action: viewReports /repositories: post: tags: - Repository summary: Add repository to watch operationId: add_repository parameters: - name: repository in: query description: full repository to add e.g. docker.io/library/alpine required: true schema: type: string - name: auto_subscribe in: query description: flag to enable/disable auto tag_update activation when new images from a repo are added schema: type: boolean - name: dry_run in: query description: flag to return tags in the repository without actually watching the repository, default is false schema: type: boolean - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Repository Subscription content: application/json: schema: $ref: '#/components/schemas/SubscriptionList' x-anchore-authz-action: createRepository x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.repositories /sources: get: tags: - Sources summary: List the source repository analysis records operationId: list_sources responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/SourcesList' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.sources x-anchore-authz-action: listSources /sources/{source_id}/check: get: tags: - Sources summary: Fetch or calculate policy evaluation for a source operationId: get_source_policy_check parameters: - name: source_id in: path description: UUID of source to get required: true schema: type: string format: path - name: policy_id in: query schema: type: string responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/SourcePolicyEvaluation' x-anchore-authz-action: getSourceEvaluation x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.sources /sources/{source_id}/content: get: tags: - Sources summary: Get a detailed source repository analysis metadata record operationId: get_source_content_types parameters: - name: source_id in: path required: true schema: type: string format: path responses: 200: description: success content: application/json: schema: type: array description: Array of available types items: type: string 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.sources x-anchore-authz-action: getSource /sources/{source_id}/content/{content_type}: get: tags: - Sources summary: Get the content of an analyzed source repository operationId: get_source_content_by_type parameters: - name: source_id in: path required: true schema: type: string format: path - name: content_type in: path required: true schema: type: string format: path responses: 200: description: Content of specified type from the image content: application/json: schema: $ref: '#/components/schemas/SourceContentPackageResponse' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.sources x-anchore-authz-action: getSource /sources/{source_id}/sbom/cyclonedx-json: get: tags: - Sources summary: Return the source SBOM in the CycloneDX format operationId: get_source_sbom_cyclonedx_json parameters: - name: source_id in: path required: true schema: type: string format: path responses: 200: description: success content: application/json: schema: type: string 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.sources x-anchore-authz-action: getSource /sources/{source_id}/sbom/native-json: get: tags: - Sources summary: Return the source SBOM in the native Anchore format operationId: get_source_sbom_native_json parameters: - name: source_id in: path required: true schema: type: string format: path responses: 200: description: success content: application/json: schema: type: string 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.sources x-anchore-authz-action: getSource /sources/{source_id}/sbom/spdx-json: get: tags: - Sources summary: Return the source SBOM in the SPDX format operationId: get_source_sbom_spdx_json parameters: - name: source_id in: path required: true schema: type: string format: path responses: 200: description: success content: application/json: schema: type: string 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.sources x-anchore-authz-action: getSource /sources/{source_id}/vuln: get: tags: - Sources summary: Get the available vulnerability types for source operationId: get_source_vulnerability_types parameters: - name: source_id in: path required: true schema: type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: List of vulnerability types for the source content: application/json: schema: type: array items: type: string enum: - all - os - non-os 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.sources x-anchore-authz-action: getSource /sources/{source_id}/vuln/{vuln_type}: get: tags: - Sources summary: Get vulnerabilities for the source by type operationId: get_source_vulnerabilities parameters: - name: source_id in: path required: true schema: type: string format: path - name: vuln_type in: path required: true schema: type: string enum: - os - non-os - all - name: force_refresh in: query schema: type: boolean - name: include_vuln_description in: query schema: type: boolean default: false - name: will_not_fix in: query description: Vulnerability data publishers explicitly won't fix some vulnerabilities. This is captured by will_not_fix attribute of each result. If the query parameter is set, results matching it's value will be filtered. Results are not filtered if the query parameter is unset schema: type: boolean - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Vulnerability listing for the source content: application/json: schema: $ref: '#/components/schemas/SourcePackageVulnerabilityResponse' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.sources x-anchore-authz-action: getSource /sources/{source_id}: get: tags: - Sources summary: Get a detailed source repository analysis metadata record operationId: get_source parameters: - name: source_id in: path required: true schema: type: string format: path responses: 200: description: success content: application/json: schema: $ref: '#/components/schemas/SourceManifest' 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.sources x-anchore-authz-action: getSource delete: tags: - Sources summary: Delete source record from DB operationId: delete_source parameters: - name: source_id in: path description: UUID of source to delete required: true schema: type: string format: path - name: force in: query description: force delete schema: type: boolean responses: 204: description: Delete success content: {} 500: description: Internal Error content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.sources x-anchore-authz-action: getSource /status: get: tags: - System summary: Service status description: Get the API service status operationId: get_status responses: 200: description: Status listing content: application/json: schema: $ref: '#/components/schemas/StatusResponse' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.system x-anchore-authz-action: None /subscriptions: get: tags: - Subscriptions summary: List all subscriptions operationId: list_subscriptions parameters: - name: subscription_key in: query description: filter only subscriptions matching key schema: type: string - name: subscription_type in: query description: filter only subscriptions matching type schema: type: string - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Subscription listing content: application/json: schema: $ref: '#/components/schemas/SubscriptionList' 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.subscriptions x-anchore-authz-action: listSubscriptions post: tags: - Subscriptions summary: Add a subscription of a specific type description: Create a new subscription operationId: add_subscription parameters: - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/SubscriptionRequest' required: true responses: 200: description: Subscription add success content: application/json: schema: $ref: '#/components/schemas/SubscriptionList' 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.subscriptions x-anchore-authz-action: createSubscription x-codegen-request-body-name: subscription /subscriptions/{subscription_id}: get: tags: - Subscriptions summary: Get a specific subscription set operationId: get_subscription parameters: - name: subscription_id in: path required: true schema: type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: Filtered subscription list by type content: application/json: schema: $ref: '#/components/schemas/SubscriptionList' 404: description: The Subscription was not found content: {} 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.subscriptions x-anchore-authz-action: getSubscription put: tags: - Subscriptions summary: Update an existing and specific subscription operationId: update_subscription parameters: - name: subscription_id in: path required: true schema: type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/SubscriptionUpdate' required: true responses: 200: description: Subscription update success content: application/json: schema: $ref: '#/components/schemas/SubscriptionList' 404: description: The Subscription was not found content: {} 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.subscriptions x-anchore-authz-action: updateSubscription x-codegen-request-body-name: subscription delete: tags: - Subscriptions summary: Delete specific subscription operationId: delete_subscription parameters: - name: subscription_id in: path required: true schema: type: string format: path - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 204: description: Delete success content: {} 404: description: Subscription Id was not found content: {} 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.subscriptions x-anchore-authz-action: deleteSubscription /summaries/image-tags: get: tags: - Images summary: Summarize image tags description: List all image tags visible to the user operationId: summary_image_tags parameters: - name: image_status in: query description: >- Filter images in one or more states such as active, deleting. Defaults to active images only if unspecified style: form explode: false schema: type: array items: type: string enum: - all - active - deleting default: - active - name: analysis_status in: query description: >- Filter images in one or more analysis_status such as analyzed, not_analyzed, analysis_failed. Defaults to unfiltered if unspecified style: form explode: false schema: type: array items: type: string enum: - all - analyzed - not_analyzed - analysis_failed - analyzing default: - all - name: analyzed_since in: query description: Filter images analyzed on or after the specified datetime schema: type: string format: datetime - name: registry in: query description: A registry name to filter result by (e.g. "docker.io") schema: type: string - name: repository in: query description: A repository name to filter results by (e.g. "jboss/keycloak") schema: type: string - name: tag in: query description: A tag value to filter results by (e.g. "latest", or "v1.2.0") schema: type: string - name: order_by in: query description: List of field name(s) to order by, ascending by default style: form explode: false schema: type: array items: type: string enum: - image_digest - parent_digest - analysis_status - created_at - image_id - analyzed_at - tag_detected_at - image_status - analysis_status - full_tag - name: order_by_descending in: query description: >- Configures the sort order of each specified order_by column to be descending (true) instead of ascending (false) style: form explode: false schema: type: array items: type: boolean - name: filter in: query description: Filter by 'image_digest' or 'full_tag' fields, using partial or full string match schema: type: string - name: limit in: query description: Maximum number of rows to return schema: type: integer - name: page in: query description: Page number to return, one's based schema: type: integer default: 1 - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: successful operation content: application/json: schema: $ref: '#/components/schemas/AnchoreImageTagSummaryList' 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.images x-anchore-authz-action: listImages /summaries/image-counts: get: tags: - Images summary: Image summary counts description: Count tags and images by analysis status operationId: summary_image_counts parameters: - name: image_status in: query description: >- Filter images in one or more states such as active, deleting. Defaults to active images only if unspecified style: form explode: false schema: type: array items: type: string enum: - all - active - deleting default: - active - name: registry in: query description: Filter by registry schema: type: string - name: repo in: query description: Filter by repo schema: type: string - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string responses: 200: description: successful operation content: application/json: schema: $ref: '#/components/schemas/AnchoreImageSummaryCounts' 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.images x-anchore-authz-action: listImages /system: get: tags: - System summary: System status description: Get the system status including queue lengths operationId: get_service_detail responses: 200: description: Status listing content: application/json: schema: $ref: '#/components/schemas/SystemStatusResponse' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.system x-anchore-authz-action: None /system/anchorectl: get: tags: - System summary: Get an anchorectl binary compatible with this version of Anchore Enterprise operationId: get_anchorectl x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.anchore_ctl x-anchore-authz-action: None parameters: - name: operating_system in: query required: true description: The operating system (platform) of the binary to retrieve schema: type: string enum: - linux - darwin - windows - name: architecture in: query required: true description: The architecture of the binary to retrieve schema: type: string enum: - amd64 - arm64 responses: 200: description: The binary requested 400: description: The request was malformed 404: description: The binary was not found /system/artifact-lifecycle-policies: get: tags: - Artifact Lifecycle summary: List all artifact lifecycle policies operationId: list_artifact_lifecycle_policies x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.artifact_lifecycle_policies x-anchore-authz-action: getArtifactLifecyclePolicy responses: 200: description: A list of artifact lifecycle policies in the system content: application/json: schema: $ref: '#/components/schemas/ArtifactLifecyclePolicyList' post: tags: - Artifact Lifecycle summary: Create new artifact lifecycle policy operationId: create_artifact_lifecycle_policy x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.artifact_lifecycle_policies x-anchore-authz-action: createArtifactLifecyclePolicy requestBody: content: application/json: schema: $ref: '#/components/schemas/ArtifactLifecyclePolicy' responses: 201: description: The newly created artifact lifecycle policy content: application/json: schema: $ref: '#/components/schemas/ArtifactLifecyclePolicyResponse' /system/artifact-lifecycle-policies/{policy_uuid}/versions: get: tags: - Artifact Lifecycle summary: Get single artifact lifecycle policy by its version operationId: get_artifact_lifecycle_policy_by_version x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.artifact_lifecycle_policies x-anchore-authz-action: getArtifactLifecyclePolicy parameters: - name: policy_uuid in: path schema: type: string format: path required: true - name: version in: query required: false description: Request a specific version number schema: type: integer - name: latest in: query required: false description: Request the latest version schema: type: boolean responses: 200: description: The requested version(s) of the artifact lifecycle policy content: application/json: schema: $ref: '#/components/schemas/ArtifactLifecyclePolicyResponse' /system/artifact-lifecycle-policies/{policy_uuid}: get: tags: - Artifact Lifecycle summary: Get single artifact lifecycle policy operationId: get_artifact_lifecycle_policy x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.artifact_lifecycle_policies x-anchore-authz-action: getArtifactLifecyclePolicy parameters: - name: policy_uuid in: path schema: type: string format: path required: true responses: 200: description: A single artifact lifecycle policy content: application/json: schema: $ref: '#/components/schemas/ArtifactLifecyclePolicyResponse' put: tags: - Artifact Lifecycle summary: Update a single artifact lifecycle policy operationId: update_artifact_lifecycle_policy x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.artifact_lifecycle_policies x-anchore-authz-action: updateArtifactLifecyclePolicy parameters: - name: policy_uuid in: path schema: type: string format: path required: true requestBody: content: application/json: schema: $ref: '#/components/schemas/ArtifactLifecyclePolicy' responses: 200: description: The updated artifact lifecycle policy content: application/json: schema: $ref: '#/components/schemas/ArtifactLifecyclePolicyResponse' delete: tags: - Artifact Lifecycle summary: Delete lifecycle policy operationId: delete_artifact_lifecycle_policy x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.artifact_lifecycle_policies x-anchore-authz-action: deleteArtifactLifecyclePolicy parameters: - name: policy_uuid in: path schema: type: string format: path required: true responses: 204: description: Returns an empty response /system/deployment-history: get: tags: - catalog summary: List Deployment History description: Returns list of deployment history entries operationId: get_deployment_history responses: "200": description: List of deployment history entries content: application/json: schema: $ref: '#/components/schemas/DeploymentHistoryList' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.system x-anchore-authz-action: None /system/error-codes: get: tags: - System summary: Describe anchore engine error codes. description: Describe anchore engine error codes. operationId: describe_error_codes responses: 200: description: Error Codes Description content: application/json: schema: type: array description: List of Error Code Descriptions items: $ref: '#/components/schemas/AnchoreErrorCode' x-anchore-authz-action: None x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.system /system/feeds: get: tags: - System summary: list feeds operations and information description: Return a list of feed and their groups along with update and record count information. This data reflects the state of the policy engine, not the upstream feed service itself. operationId: get_system_feeds responses: 200: description: success content: application/json: schema: type: array items: $ref: '#/components/schemas/FeedMetadata' 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-anchore-authz-action: listFeeds x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.system post: tags: - System summary: trigger feeds operations description: Execute a synchronous update of the latest GrypeDB with the policy-engine. The response will block until complete, then return the result summary. operationId: post_system_feeds responses: 200: description: Feeds operation success content: application/json: schema: $ref: '#/components/schemas/FeedSyncResults' 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-anchore-authz-action: updateFeeds x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.system /system/feeds/{feed}: put: tags: - System description: Disable the feed so that it does not sync on subsequent sync operations operationId: toggle_feed_enabled parameters: - name: feed in: path required: true schema: type: string format: path enum: - packages - vulnerabilities - name: enabled in: query required: true schema: type: boolean responses: 200: description: FeedInfo content: application/json: schema: $ref: '#/components/schemas/FeedMetadata' 400: description: Bad request, fix and resend content: {} 500: description: Internal server error processing the request. Retry expected content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.system x-anchore-authz-action: updateFeeds delete: tags: - System description: Delete the groups and data for the feed and disable the feed itself operationId: delete_feed parameters: - name: feed in: path required: true schema: type: string format: path responses: 200: description: Successfully deleted content: {} 404: description: Not found content: {} 500: description: Internal server error processing the request. Retry expected content: {} x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.system x-anchore-authz-action: updateFeeds /system/logging: post: tags: - System summary: Change logging level for a running service description: Enables override of localconfig logging level for one or all services until they are next rebooted. If multiple instances of a service exist this call may need to be repeated depending on the container orchestration system in use. This API is in preview and may change in the future. operationId: set_new_log_level requestBody: content: application/json: schema: $ref: '#/components/schemas/LoggingLevel' required: true responses: 200: description: Logging level successfully changed content: application/json: schema: $ref: '#/components/schemas/LoggingLevelResponse' 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-anchore-authz-action: updateLoggingLevel x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.system x-codegen-request-body-name: logging /system/policy-spec: get: tags: - System summary: Describe the policy language spec implemented by this service. description: Get the policy language spec for this service operationId: describe_policy responses: 200: description: Policy Language Description content: application/json: schema: $ref: '#/components/schemas/GateSpecList' x-anchore-authz-action: None x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.system /system/services: get: tags: - System summary: List system services operationId: list_services responses: 200: description: Service listing content: application/json: schema: $ref: '#/components/schemas/ServiceList' 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.system x-anchore-authz-action: listServices /system/services/{service_name}/{host_id}: get: tags: - System summary: Get service config for a specific host operationId: get_services_by_name_and_host parameters: - name: service_name in: path required: true schema: type: string format: path - name: host_id in: path required: true schema: type: string format: path responses: 200: description: Listing of registered services content: application/json: schema: $ref: '#/components/schemas/ServiceList' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.system x-anchore-authz-action: getService delete: tags: - System summary: Delete the service config operationId: delete_service parameters: - name: service_name in: path required: true schema: type: string format: path - name: host_id in: path required: true schema: type: string format: path responses: 200: description: Delete success content: {} 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.system x-anchore-authz-action: deleteService /system/services/{service_name}: get: tags: - System summary: Get a service configuration and state operationId: get_services_by_name parameters: - name: service_name in: path required: true schema: type: string format: path responses: 200: description: Service Info content: application/json: schema: $ref: '#/components/schemas/ServiceList' 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.system x-anchore-authz-action: getService /system/statistics: get: tags: - Statistics summary: List System Statistics description: Returns list of system statistics with total all-time counts. operationId: get_system_statistics responses: 200: description: List of system statistics content: application/json: schema: $ref: '#/components/schemas/SystemStatisticsList' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.system x-anchore-authz-action: None /system/user-groups: get: tags: - User Management summary: List user groups operationId: list_user_groups parameters: - in: query name: contains_user schema: type: string description: Filter the user groups to only those that contain the specified user - in: query name: user_group_name schema: type: string description: Filter results to match the specified user group name - in: query name: contains_account schema: type: string description: Filter the results to only those that have roles in the specified account responses: 200: description: User group list content: application/json: schema: $ref: '#/components/schemas/UserGroupList' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.user_groups x-anchore-authz-action: listUserGroups post: tags: - User Management summary: Create a new user group operationId: create_user_group requestBody: content: application/json: schema: $ref: '#/components/schemas/UserGroupPost' required: true responses: 201: description: User group record content: application/json: schema: $ref: '#/components/schemas/UserGroup' 404: description: Not found content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' 409: description: Conflict content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.user_groups x-anchore-authz-action: createUserGroup /system/user-groups/{group_uuid}/roles: get: tags: - User Management summary: Get a list of all user group roles operationId: list_user_group_roles parameters: - name: group_uuid in: path required: true schema: type: string format: path responses: 200: description: User group roles content: application/json: schema: $ref: '#/components/schemas/UserGroupRoles' 404: description: Not found content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.user_groups x-anchore-authz-action: getUserGroupRoles post: tags: - User Management summary: Add account role(s) to this user group operationId: add_user_group_roles parameters: - name: group_uuid in: path required: true schema: type: string format: path requestBody: content: application/json: schema: $ref: '#/components/schemas/UserGroupRolePost' required: true responses: 201: description: User group role content: application/json: schema: $ref: '#/components/schemas/UserGroupRoles' 404: description: Not found content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.user_groups x-anchore-authz-action: addUserGroupRole delete: tags: - User Management summary: Remove account role(s) from this user group operationId: delete_user_group_role parameters: - name: group_uuid in: path required: true schema: type: string format: path - name: membership_id in: query style: form description: A list of membership ids to remove from the user group in the format of membership_id=1&membership_id=2 schema: type: array items: type: string - name: all_roles_for_account in: query required: false style: form explode: false schema: type: array items: type: string description: A list of accounts to remove all roles from the user group in the format of all_roles_for_account=account1&all_roles_for_account=account2 responses: 204: description: Success content: { } 404: description: Not found content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.user_groups x-anchore-authz-action: deleteUserGroupRole /system/user-groups/{group_uuid}/users: get: tags: - User Management summary: Get a list of user group users operationId: list_user_group_users parameters: - name: group_uuid in: path required: true schema: type: string format: path responses: 200: description: User group users content: application/json: schema: $ref: '#/components/schemas/UserGroupUsers' 404: description: Not found content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.user_groups x-anchore-authz-action: getUserGroupUsers post: tags: - User Management summary: Add user(s) to a user group operationId: add_user_group_users parameters: - name: group_uuid in: path required: true schema: type: string format: path requestBody: content: application/json: schema: $ref: '#/components/schemas/UserGroupUsersPost' required: true responses: 201: description: User group user content: application/json: schema: $ref: '#/components/schemas/UserGroupUsers' 404: description: Not found content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.user_groups x-anchore-authz-action: addUserGroupUser delete: tags: - User Management summary: Remove a user from a user group operationId: delete_user_group_users parameters: - name: group_uuid in: path required: true schema: type: string format: path - name: username in: query required: true style: form description: A list of usernames to remove from the user group in the format of username=user1&username=user2 schema: type: array items: type: string responses: 204: description: Success content: { } 404: description: Not found content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.user_groups x-anchore-authz-action: deleteUserGroupUser /system/user-groups/{group_uuid}: get: tags: - User Management summary: Get a user group operationId: get_user_group parameters: - name: group_uuid in: path required: true schema: type: string format: path responses: 200: description: User group record content: application/json: schema: $ref: '#/components/schemas/UserGroup' 404: description: Not found content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.user_groups x-anchore-authz-action: getUserGroup patch: tags: - User Management summary: Update a user group operationId: update_user_group parameters: - name: group_uuid in: path required: true schema: type: string format: path requestBody: content: application/json: schema: $ref: '#/components/schemas/UserGroupPatch' required: true responses: 200: description: User group record content: application/json: schema: $ref: '#/components/schemas/UserGroup' 404: description: Not found content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.user_groups x-anchore-authz-action: updateUserGroup x-codegen-request-body-name: user_group_patch delete: tags: - User Management summary: Delete a user group operationId: delete_user_group parameters: - name: group_uuid in: path required: true schema: type: string format: path responses: 204: description: Success content: { } 404: description: Not found content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.user_groups x-anchore-authz-action: deleteUserGroup /system/webhooks/{webhook_type}/test: post: tags: - System summary: Adds the capabilities to test a webhook delivery for the given notification type description: Loads the Webhook configuration for webhook_type, and sends the notification out as a test operationId: test_webhook parameters: - name: webhook_type in: path description: The Webhook Type that we should test required: true schema: type: string format: path - name: notification_type in: query description: What kind of Notification to send schema: type: string default: tag_update enum: - tag_update - analysis_update - vuln_update - policy_eval responses: 200: description: The Webhook was sent successfully. Schemas may be found under Models (PolicyEvalNotification, TagUpdateNotification, VulnUpdateNotification, AnalysisUpdateNotification) content: {} 400: description: The Webhook failed to send due to misconfiguration content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' 500: description: The Webhook failed to send due to an Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-anchore-authz-action: None x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.system /user: get: tags: - Identity summary: List authenticated user info operationId: get_user responses: 200: description: User details for caller's user content: application/json: schema: $ref: '#/components/schemas/User' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.user x-anchore-authz-action: None /user/api-keys: get: tags: - Identity summary: Get a list of API keys operationId: list_api_keys responses: 200: description: User API key listing content: application/json: schema: $ref: '#/components/schemas/ApiKeyList' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.user x-anchore-authz-action: selfListApiKeys post: tags: - Identity summary: Add a new API key operationId: create_api_key requestBody: content: application/json: schema: $ref: '#/components/schemas/UserApiKey' required: true responses: 201: description: Add a new API key content: application/json: schema: $ref: '#/components/schemas/UserApiKey' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.user x-anchore-authz-action: selfCreateApiKey /user/api-keys/{key_name}: get: tags: - Identity summary: Get a user API key operationId: get_api_key parameters: - name: key_name in: path required: true schema: type: string format: path responses: 200: description: User API key listing content: application/json: schema: $ref: '#/components/schemas/UserApiKey' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.user x-anchore-authz-action: selfGetApiKey patch: tags: - Identity summary: Patch a user API key operationId: patch_api_key parameters: - name: key_name in: path required: true schema: type: string format: path requestBody: content: application/json: schema: type: object properties: description: type: string name: type: string status: type: string enum: - revoked anyOf: - required: - name - required: - description - required: - status additionalProperties: false responses: 200: description: Patches information in a user API key content: application/json: schema: $ref: '#/components/schemas/UserApiKey' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.user x-anchore-authz-action: selfUpdateApiKey delete: tags: - Identity summary: Delete a user API key operationId: delete_api_key parameters: - name: key_name in: path required: true schema: type: string format: path responses: 204: description: Successful deletion content: {} 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.user x-anchore-authz-action: selfDeleteApiKey /user/credentials: get: tags: - Identity summary: Get current credential summary operationId: get_credentials responses: 200: description: User credential listing content: application/json: schema: $ref: '#/components/schemas/CredentialList' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.user x-anchore-authz-action: None post: tags: - Identity summary: add/replace credential operationId: add_credential requestBody: content: application/json: schema: $ref: '#/components/schemas/AccessCredential' required: true responses: 200: description: Add a credential, over-writing if already exists content: application/json: schema: $ref: '#/components/schemas/AccessCredential' 500: description: Internal error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.user x-anchore-authz-action: None x-codegen-request-body-name: credential /version: get: tags: - System description: Returns the version object for the service, including db schema version info operationId: version_check responses: 200: description: Version object describing version state content: application/json: schema: $ref: '#/components/schemas/ServiceVersion' x-openapi-router-controller: anchore_enterprise.common.common x-anchore-authz-action: None /vulnerability-scan: post: tags: - Vulnerabilities summary: Return a vulnerability scan for the uploaded SBOM without storing the SBOM and without any side-effects in the system. description: Use this operation for checking sboms for vulnerabilities in cases where the sbom does not need to be stored for later re-scans or added to the managed set of SBOMs in Anchore. If you need to upload and save an SBOM use the "/import/*" API set instead. operationId: vulnerability_scan_sbom parameters: - name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string - name: include_vuln_description in: query schema: type: boolean default: false requestBody: content: application/json: schema: type: object required: true responses: 200: description: Vulnerability listing for the sbom content: application/json: schema: $ref: '#/components/schemas/SBOMVulnerabilitiesResponse' 500: description: Internal Error content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponse' x-openapi-router-controller: anchore_enterprise.services.api.api.controllers.stateless x-anchore-authz-action: getImage x-codegen-request-body-name: sbom components: schemas: AccessCredential: required: - type - value type: object properties: type: type: string description: The type of credential enum: - password value: type: string description: The credential value (e.g. the password) created_at: type: string description: The timestamp of creation of the credential description: A login credential mapped to a user identity. For password credentials, the username to present for Basic auth is the user's username from the user record Account: required: - name type: object properties: name: type: string description: The account identifier, not updatable after creation type: type: string description: The user type (admin vs user). If not specified in a POST request, 'user' is default enum: - user - admin - service state: type: string description: State of the account. Disabled accounts prevent member users from logging in, deleting accounts are disabled and pending deletion and will be removed once all owned resources are garbage collected by the system enum: - enabled - disabled - deleting email: type: string description: Optional email address associated with the account created_at: type: string description: The timestamp when the account was created format: date-time last_updated: type: string description: The timestamp of the last update to the account metadata itself (not users or creds) format: date-time description: Account information AccountCreationRequest: required: - name type: object properties: name: pattern: ^[a-zA-Z0-9][ a-zA-Z0-9@.!$+=^_`~;-]{1,126}[a-zA-Z0-9_]$ type: string description: The account name to use. This will identify the account and must be globally unique in the system. email: pattern: '[a-z0-9!#$%&''*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&''*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?' type: string description: An optional email to associate with the account for contact purposes description: An account to create/add to the system. If already exists will return 400. AccountInfo: type: object properties: email: pattern: '[a-z0-9!#$%&''*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&''*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?' type: string description: An optional email to associate with the account for contact purposes description: Account Information. AccountList: type: array items: $ref: '#/components/schemas/Account' AccountStatus: type: object properties: state: type: string description: The status of the account enum: - enabled - disabled description: A summary of account status ActionPlan: type: object properties: type: type: string image_tag: type: string image_digest: type: string policy_id: type: string resolutions: type: array items: $ref: '#/components/schemas/ActionPlanResolution' endpoint: type: string configuration_id: type: string subject: type: string message: type: string uuid: type: string created_at: type: string format: date-time last_updated: type: string format: date-time description: describes a remediation action plan object ActionPlanResolution: type: object properties: trigger_ids: type: array items: type: string content: type: string description: defines the trigger IDs and content of a resolution for an action plan ActionPlans: type: array description: List of Action Plans items: $ref: '#/components/schemas/ActionPlan' AddAnalysisArchiveResult: type: array description: List of analysis archive add results items: $ref: '#/components/schemas/AnalysisArchiveAddResult' AlertSummary: type: object properties: uuid: type: string description: Identifier for the alert example: 56c2463b-49e5-49d7-b9a4-0c5c78faec6e type: type: string description: Type of the alert example: compliance_violation enum: - compliance_violation state: type: string description: Current state of the alert example: open enum: - open - closed resource_labels: type: array items: $ref: '#/components/schemas/ResourceLabel' closed_by: type: string description: Account that closed the alert example: system closed_reason: type: string description: Reason for closing the alert example: closed by action plan id created_at: type: string description: RFC 3339 formatted UTC timestamp when the alert was generated format: date-time last_updated: type: string description: RFC 3339 formatted UTC timestamp when the alert was last modified format: date-time description: A summary of the stateful indicator of a specific event in the system AlertSummaryList: type: array description: Array of alert summaries items: $ref: '#/components/schemas/AlertSummary' Allowlist: required: - id - items - name - version additionalProperties: false type: object properties: id: type: string name: type: string version: type: string description: type: string description: Description of the Allowlist, human readable items: type: array items: $ref: '#/components/schemas/AllowlistItem' description: A collection of allowlist items to match a policy evaluation against. AllowlistItem: required: - gate - id - trigger_id type: object additionalProperties: false properties: id: type: string gate: type: string trigger_id: type: string expires_on: type: string format: date-time nullable: true description: type: string description: Description of the Allowlist item, human readable description: Identifies a specific gate and trigger match from a policy against an image and indicates it should be ignored in final policy decisions AnalysisArchiveAddResult: type: object properties: digest: type: string description: The image digest requested to be added status: type: string description: The status of the archive add operation. Typically either 'archived' or 'error' enum: - archived - archiving - error detail: type: string description: Details on the status, e.g. the error message description: The result of adding a single digest to the archive AnalysisArchiveRules: type: array description: Rule set for automatic archiving of system objects and flushing of archived objects (permanent delete). items: $ref: '#/components/schemas/AnalysisArchiveTransitionRule' AnalysisArchiveRulesSummary: type: object properties: count: type: integer description: The number of rules for this account last_updated: type: string description: The newest last_updated timestamp from the set of rules format: date-time description: Summary of the transition rule set AnalysisArchiveSource: required: - digest type: object properties: digest: pattern: ^sha256:[a-fA-F0-9]{64}$ type: string description: The image digest identify the analysis. Archived analyses are based on digest, tag records are restored as analysis is restored. description: An image reference in the analysis archive for the purposes of loading analysis from the archive into th working set nullable: true x-nullable: true AnalysisArchiveSummary: type: object properties: total_image_count: type: integer description: The number of unique images (digests) in the archive total_tag_count: type: integer description: The number of tag records (registry/repo:tag pull strings) in the archive. This may include repeated tags but will always have a unique tag->digest mapping per record. total_data_bytes: type: integer description: The total sum of all the bytes stored to the backing storage. Accounts for anchore-applied compression, but not compression by the underlying storage system. last_updated: type: string description: The timestamp of the most recent archived image format: date-time description: A summarization of the analysis archive, including size, counts, etc. This archive stores image analysis only, never the actual image content or layers. AnalysisArchiveTransitionRule: required: - transition type: object properties: selector: $ref: '#/components/schemas/ImageSelector' rule_id: type: string description: Unique identifier for archive rule tag_versions_newer: type: integer description: Number of images mapped to the tag that are newer analysis_age_days: type: integer description: Matches if the analysis is strictly older than this number of days transition: type: string description: The type of transition to make. If "archive", then archive an image from the working set and remove it from the working set. If "delete", then match against archived images and delete from the archive if match. enum: - archive - delete system_global: type: boolean description: True if the rule applies to all accounts in the system. This is only available to admin users to update/modify, but all users with permission to list rules can see them created_at: type: string format: date-time last_updated: type: string format: date-time exclude: $ref: '#/components/schemas/AnalysisArchiveTransitionRuleExclude' max_images_per_account: type: integer description: This is the maximum number of image analyses an account can have. Can only be set on system_global rules description: A rule for auto-archiving image analysis by time and/or tag-history AnalysisArchiveTransitionRuleExclude: type: object properties: selector: $ref: '#/components/schemas/ImageSelector' expiration_days: type: integer description: How long the image selected will be excluded from the archive transition last_seen_in_days: type: integer description: Exclude image from archive if last seen in inventory within defined number of days description: Which Images to exclude from auto-archiving logic AnalysisStatusDetail: required: - from_status - source - timestamp - to_status type: object properties: from_status: type: string to_status: type: string timestamp: type: string format: datetime source: $ref: '#/components/schemas/ServiceReference' description: The detail of an analysis status change recording which service initiated the state change, when, and which transition AnalysisUpdateEval: type: object properties: analysis_status: type: string annotations: type: object properties: {} image_digest: type: string description: Evaluation Results for an entity (current or last) AnalysisUpdateNotification: allOf: - $ref: '#/components/schemas/NotificationBase' - type: object properties: data: $ref: '#/components/schemas/AnalysisUpdateNotificationData' description: The Notification Object definition for Analysis Update Notifications AnalysisUpdateNotificationData: allOf: - $ref: '#/components/schemas/BaseNotificationData' - type: object properties: notification_payload: $ref: '#/components/schemas/AnalysisUpdateNotificationPayload' AnalysisUpdateNotificationPayload: allOf: - $ref: '#/components/schemas/GenericNotificationPayload' - type: object properties: curr_eval: $ref: '#/components/schemas/AnalysisUpdateEval' last_eval: $ref: '#/components/schemas/AnalysisUpdateEval' annotations: type: object properties: {} description: List of Corresponding Image Annotations nullable: true AnchoreErrorCode: type: object properties: name: type: string description: Error code name description: type: string description: Description of the error code description: A description of an anchore error code (name, description) AnchoreImage: type: object properties: image_content: $ref: '#/components/schemas/ImageContent' image_detail: type: array description: Details specific to an image reference and type such as tag and image source items: $ref: '#/components/schemas/ImageDetail' last_updated: type: string format: date-time created_at: type: string format: date-time image_digest: type: string parent_digest: type: string account_name: type: string annotations: type: object properties: {} image_status: type: string description: State of the image enum: - active - inactive - disabled analysis_status: type: string description: A state value for the current status of the analysis progress of the image enum: - not_analyzed - analyzing - analyzed - analysis_failed record_version: type: string description: The version of the record, used for internal schema updates and data migrations. analysis_status_detail: type: array nullable: true items: $ref: '#/components/schemas/AnalysisStatusDetail' description: A unique image in the engine. May have multiple tags or references. Unique to an image content across registries or repositories. AnchoreImageList: type: object properties: items: type: array items: $ref: '#/components/schemas/AnchoreImage' description: A list of Anchore Images AnchoreImageTagSummary: type: object properties: image_digest: type: string parent_digest: type: string image_id: type: string analysis_status: type: string full_tag: type: string created_at: type: integer analyzed_at: type: integer tag_detected_at: type: integer image_status: type: string description: A unique image in the engine. AnchoreImageTagSummaryList: type: object properties: items: type: array items: $ref: '#/components/schemas/AnchoreImageTagSummary' total_rows: type: integer description: a list of AnchoreImageTagSummary objects AnchoreImageSummaryCounts: type: object properties: tags: type: integer images: type: integer analyzed: type: integer analyzing: type: integer pending: type: integer failed: type: integer description: Analysis stats for a repo ApiErrorResponse: type: object properties: code: type: integer format: int32 error_type: type: string message: type: string detail: type: object properties: {} description: Details structure for additional information about the error if available. Content and structure will be error specific. description: Generic HTTP API error response ApiKeyList: type: object properties: items: type: array items: $ref: '#/components/schemas/UserApiKey' Application: type: object properties: application_id: type: string description: The id of the application name: type: string description: The name of the application. This is a unique field per account description: type: string description: The description of the application application_versions: $ref: '#/components/schemas/ApplicationVersionList' created_at: type: string description: RFC 3339 formatted UTC timestamp when the application was created format: date-time last_updated: type: string description: RFC 3339 formatted UTC timestamp when the application was last updated format: date-time description: A representation of an SLDC application ApplicationList: type: array description: List of applications items: $ref: '#/components/schemas/Application' ApplicationVersion: required: - version_name type: object properties: application_version_id: type: string description: The id of the application version application_id: type: string description: The id of the application version_name: type: string description: The name of the application version. The name must be unique per application created_at: type: string description: RFC 3339 formatted UTC timestamp when the application was created format: date-time last_updated: type: string description: RFC 3339 formatted UTC timestamp when the application was last updated format: date-time description: A representation of an SLDC application ApplicationVersionList: type: array description: List of application versions items: $ref: '#/components/schemas/ApplicationVersion' ApplicationVersionSbom: type: object properties: application: $ref: '#/components/schemas/Application' application_version: $ref: '#/components/schemas/ApplicationVersion' created_at: type: string description: RFC 3339 formatted UTC timestamp when the application version sbom was created format: date-time source_sboms: type: array items: $ref: '#/components/schemas/SourceSBOM' image_sboms: type: array items: $ref: '#/components/schemas/ImageSBOM' description: A combined sbom for the artifacts associated with an application version ApplicationVersionVulnerabilityReport: type: object properties: application: type: object properties: id: type: string name: type: string version_name: type: string version_id: type: string artifacts: type: object properties: sources: type: array items: $ref: '#/components/schemas/VersionVulnerabilityReportSource' images: type: array items: $ref: '#/components/schemas/VersionVulnerabilityReportImage' vulnerabilities: type: array description: Collection of vulnerabilities and affected packages on a given application version items: $ref: '#/components/schemas/VersionVulnerability' description: A combined vulnerability report for all artifacts associated with an application version ArchiveSummary: type: object properties: images: $ref: '#/components/schemas/AnalysisArchiveSummary' rules: $ref: '#/components/schemas/AnalysisArchiveRulesSummary' description: A summarization of the available archives, a place to for long-term storage of audit, analysis, or other data to remove it from the system's working set but keep it available. ArchiveTagEntry: type: object properties: pull_string: type: string description: The pullable string for the tag. E.g. "docker.io/library/node:latest" registry: type: string description: The registry hostname:port section of the pull string repository: type: string description: The repository section of the pull string tag: type: string description: The tag-only section of the pull string detected_at: type: string description: The timestamp at which the Anchore Engine detected this tag was mapped to the image digest. Does not necessarily indicate when the tag was actually pushed to the registry. format: date-time created_at: type: string description: The timestamp at which Anchore Engine archived this image digest. format: date-time last_updated: type: string description: The timestamp that the last change was made to this record. format: date-time description: A docker-pullable tag value as well as deconstructed components ArchivedAnalyses: type: array description: List of archived analyses items: $ref: '#/components/schemas/ArchivedAnalysis' ArchivedAnalysis: type: object properties: image_digest: type: string description: The image digest (digest of the manifest describing the image, per docker spec) parent_digest: type: string description: The digest of a parent manifest (for manifest-list images) annotations: type: object properties: {} description: User provided annotations as key-value pairs status: type: string description: The archival status enum: - archiving - archived - deleting - deleted image_detail: type: array description: List of tags associated with the image digest items: $ref: '#/components/schemas/ArchiveTagEntry' created_at: type: string format: date-time last_updated: type: string format: date-time analyzed_at: type: string format: date-time archive_size_bytes: type: integer description: The size, in bytes, of the analysis archive file ArtifactAssociationMetadata: type: object properties: association_id: type: string description: The id of the association between the application version and the artifact created_at: type: string description: RFC 3339 formatted UTC timestamp when the artifact was associated with the application version format: date-time last_updated: type: string description: RFC 3339 formatted UTC timestamp when the artifact association was last updated format: date-time description: Metadata for an artifact association to an application version ArtifactAssociationRequest: required: - artifact_keys - artifact_type type: object properties: artifact_type: type: string description: The type of the artifact enum: - image - source artifact_keys: type: object properties: {} description: A json with key-pair values to query on description: Request body for an artifact to associate with an application version ArtifactAssociationResponse: type: object properties: source: $ref: '#/components/schemas/Source' image: $ref: '#/components/schemas/ImageArtifact' artifact_association_metadata: $ref: '#/components/schemas/ArtifactAssociationMetadata' description: Response body for an artifact to associate with an application version. Only one artifact type (matching the value of the type field) will be populated. ArtifactLifecyclePolicy: type: object description: A policy which exists in the system to manage the lifecycle of artifacts required: - action - name - policy_conditions properties: uuid: description: A system defined unique identifier. type: string readOnly: true action: description: The action that should be taken when the rule parameters are met. type: string enum: - delete name: description: A user provided name for the policy. This name must be unique for an Artifact Lifecycle Policy. type: string description: description: A user provided description for the policy. type: string policy_conditions: $ref: '#/components/schemas/ArtifactLifecyclePolicyConditions' enabled: description: Indicates if the policy should be active or not. Defaulted to false. type: boolean updated_at: type: string format: date-time readOnly: true created_at: type: string format: date-time readOnly: true deleted_at: type: string format: date-time readOnly: true ArtifactLifecyclePolicyConditions: type: object required: - even_if_exists_in_runtime_inventory - days_since_analyzed - artifact_type properties: version: description: The version of these policy conditions. type: integer readOnly: true even_if_exists_in_runtime_inventory: description: Select an image even if it exists in the runtime inventory, otherwise if false do not action anything that exists in runtime inventory type: boolean days_since_analyzed: description: An image analysis must be this many days old before it will be considered for processing. An integer value less than or equal to zero will cause this field to be ignored. type: integer include_base_images: description: Include base images in the policy selection criteria. type: boolean artifact_type: description: The type of artifact that will be processed. type: string enum: - image ArtifactLifecyclePolicyList: type: object properties: items: type: array items: $ref: '#/components/schemas/ArtifactLifecyclePolicyResponse' ArtifactLifecyclePolicyResponse: allOf: - $ref: '#/components/schemas/ArtifactLifecyclePolicy' - type: object properties: policy_conditions: type: array items: $ref: '#/components/schemas/ArtifactLifecyclePolicyConditions' ArtifactListResponse: type: object properties: associated_source_artifacts: type: array items: $ref: '#/components/schemas/AssociatedSourceArtifact' associated_image_artifacts: type: array items: $ref: '#/components/schemas/AssociatedImageArtifact' description: The response provided when querying for the artifacts on an application version ArtifactReference: type: object properties: artifact_id: type: string artifact_type: $ref: '#/components/schemas/ArtifactType' ArtifactRelationship: type: object properties: created_at: type: string format: date-time source: $ref: '#/components/schemas/ArtifactReference' target: $ref: '#/components/schemas/ArtifactReference' relationship_type: $ref: '#/components/schemas/RelationshipType' comment: type: string user_metadata: type: object properties: {} description: User-provided metadata about the relationship description: 'A relationship of a specific type between two SDLC artifacts (e.g. container image and source revision). This is and edge in a directed graph where edges are directional from the "source" to the "target". For example, an edge of type "contains" means the source artifact contains the content of the target artifact. ' ArtifactRelationships: type: array description: List of artifact relationships items: $ref: '#/components/schemas/ArtifactRelationship' ArtifactType: type: string enum: - source - image AssociatedImageArtifact: type: object properties: artifact_association_metadata: $ref: '#/components/schemas/ArtifactAssociationMetadata' image: $ref: '#/components/schemas/ImageArtifact' description: Model for an associated image artifact. Composites the artifact with the association metadata AssociatedSourceArtifact: type: object properties: artifact_association_metadata: $ref: '#/components/schemas/ArtifactAssociationMetadata' source: $ref: '#/components/schemas/Source' description: Model for an associated source artifact. Composite of the source artifact and its asssociation metadata BaseNotificationData: type: object properties: notification_user: type: string notification_user_email: type: string notification_type: type: string description: Every notification has a payload, which follows this basic structure CVSSV2Scores: type: object properties: base_score: type: number nullable: true exploitability_score: type: number nullable: true impact_score: type: number nullable: true CVSSV3Scores: type: object properties: base_score: type: number nullable: true exploitability_score: type: number nullable: true impact_score: type: number nullable: true ComplianceResource: type: object properties: image_digest: type: string policy_id: type: string image_tag: type: string registry: type: string repository: type: string evaluation_id: type: string evaluated_at: type: string format: date-time description: A resource that ties compliance related artifacts - image digest, tag and policy ComplianceViolationAlert: type: object properties: uuid: type: string description: Identifier for the alert example: 56c2463b-49e5-49d7-b9a4-0c5c78faec6e type: type: string description: Type of alert generated example: compliance_violation enum: - compliance_violation state: type: string description: Current state of the alert example: open enum: - open - closed resource: $ref: '#/components/schemas/ComplianceResource' closed_by: type: string description: Account that closed the alert example: system closed_reason: type: string description: Reason for closing the alert example: closed by action plan id created_at: type: string description: RFC 3339 formatted UTC timestamp when the alert was generated format: date-time last_updated: type: string description: RFC 3339 formatted UTC timestamp when the alert was last modified format: date-time compliance_status_reason: type: string description: Reason for compliance check status. Compliance check could fail due to policy evaluation or denylisting or errors evaluating compliance example: policy_evaluation violations_count: type: integer description: Number of STOP action results in the compliance check report description: Alert raised by the system on a compliance check failure ComplianceViolationAlertList: type: array description: Array of compliance violation alerts items: $ref: '#/components/schemas/ComplianceViolationAlert' ComplianceViolationAlertState: required: - state type: object properties: state: type: string description: The new state of the compliance violation alert enum: - open - closed description: State change for an existing ComplianceViolationAlert ContentFilesResponse: type: object properties: image_digest: type: string content_type: type: string content: type: array items: $ref: '#/components/schemas/FilesContent' description: File content listings from images ContentJavaPackageResponse: type: object properties: image_digest: type: string content_type: type: string content: type: array items: $ref: '#/components/schemas/JavaPackageContent' description: Java package content listings from images ContentMalwareResponse: type: object properties: image_digest: type: string content_type: type: string content: type: array description: List of malware scan results, one per scanner configured to run items: $ref: '#/components/schemas/MalwareScan' description: Malware listing response ContentPackageResponse: type: object properties: image_digest: type: string content_type: type: string content: type: array items: $ref: '#/components/schemas/PackageContent' description: Package content listings from images Correction: required: - match - replace - type type: object properties: uuid: type: string description: Identifier for the correction example: 56c2463b-49e5-49d7-b9a4-0c5c78faec6e type: type: string description: Type of correction enum: - package description: type: string match: $ref: '#/components/schemas/CorrectionMatch' replace: type: array items: $ref: '#/components/schemas/CorrectionFieldMatch' created_at: type: string description: RFC 3339 formatted UTC timestamp when the correction was generated format: date-time last_updated: type: string description: RFC 3339 formatted UTC timestamp when the correction was last modified format: date-time description: Defines a correction object for false positive management CorrectionFieldMatch: required: - field_name - field_value type: object properties: field_name: type: string description: The package field name to match example: name field_value: type: string description: The package field value for the corresponding field_name above to match. If field_name corresponds to a list value, this will search the list description: Defines a particular field name and value to match for a Correction CorrectionList: type: array description: Array of Corrections items: $ref: '#/components/schemas/Correction' CorrectionMatch: required: - type type: object properties: type: type: string description: type of match [supports os, npm, gem, python, java, go] example: npm field_matches: type: array description: list of field matches that are required in order for this correction to match items: $ref: '#/components/schemas/CorrectionFieldMatch' description: Defines how a particular correction can match depending on type CredentialList: type: array items: $ref: '#/components/schemas/AccessCredential' CustomJsonPatch: type: object properties: operations: $ref: '#/components/schemas/JsonPatchOperationList' add: $ref: '#/components/schemas/JsonPatchAddList' remove: $ref: '#/components/schemas/JsonPatchRemoveList' replace: $ref: '#/components/schemas/JsonPatchReplaceList' move: $ref: '#/components/schemas/JsonPatchMoveList' copy: $ref: '#/components/schemas/JsonPatchCopyList' test: $ref: '#/components/schemas/JsonPatchTestList' description: Anchore-specific adaptation of RFC6902 to be describeable in swagger/open-api 2.0. Each item is given an ID and the ids are ordered in the array. DeleteImageResponse: required: - image_digest - status type: object properties: image_digest: type: string status: type: string description: Current status of the image deletion enum: - not_found - deleting - delete_failed detail: type: string description: Image deletion response containing status and details DeleteImageResponseList: type: array description: A list of delete image responses items: $ref: '#/components/schemas/DeleteImageResponse' DeploymentHistory: type: object properties: deployment_id: type: string upgrade_id: type: string to_system_version: type: string from_system_version: type: string to_database_version: type: string from_database_version: type: string outcome: type: string db_upgrade_duration: type: number format: float created_at: type: string format: date-time DeploymentHistoryList: type: object properties: items: type: array items: $ref: '#/components/schemas/DeploymentHistory' ECSContainer: required: - account_name - arn - context - image_digest - image_tag - task_arn type: object properties: arn: type: string task_arn: type: string account_name: type: string context: type: string image_tag: type: string image_digest: type: string ECSContainers: type: object properties: containers: type: array items: $ref: '#/components/schemas/ECSContainer' description: Containers defined in ECS ECSInventory: required: - cluster_arn - timestamp type: object properties: cluster_arn: type: string timestamp: type: string format: date-time tasks: type: array nullable: true items: $ref: '#/components/schemas/ECSInventoryTask' containers: type: array items: $ref: '#/components/schemas/ECSInventoryContainer' services: type: array nullable: true items: $ref: '#/components/schemas/ECSInventoryService' ECSInventoryContainer: required: - arn - image_tag type: object properties: arn: type: string task_arn: type: string image_tag: type: string image_digest: type: string ECSInventoryService: required: - arn type: object properties: arn: type: string tags: type: object additionalProperties: type: string ECSInventoryTask: required: - arn type: object properties: arn: type: string service_arn: type: string task_definition_arn: type: string tags: type: object additionalProperties: type: string ECSService: required: - account_name - arn - cluster_arn - tags type: object properties: arn: type: string cluster_arn: type: string tags: type: object additionalProperties: type: string account_name: type: string ECSServices: type: object properties: services: type: array items: $ref: '#/components/schemas/ECSService' description: Services defined in ECS ECSTask: required: - account_name - arn - cluster_arn - service_arn - tags - task_definition_arn type: object properties: arn: type: string cluster_arn: type: string service_arn: type: string task_definition_arn: type: string tags: type: object additionalProperties: type: string account_name: type: string ECSTasks: type: object properties: tasks: type: array items: $ref: '#/components/schemas/ECSTask' description: Tasks defined in ECS EventCategory: type: object properties: category: type: string description: type: string subcategories: type: array items: $ref: '#/components/schemas/EventSubcategory' description: A collection of event subcategories EventDescription: type: object properties: name: type: string description: The event type. The last component of the fully-qualified event_type (category.subcategory.event) type: type: string description: The fully qualified event type as would be seen in the event payload message: type: string description: The message associated with the event type resource_type: type: string description: The type of resource this event is generated from description: A description of an event type EventResponse: type: object properties: event_id: type: string created_at: type: string format: date-time event: type: object properties: source: type: object properties: service_name: type: string host_id: type: string base_url: type: string request_id: type: string resource: type: object properties: account_name: type: string id: type: string type: type: string type: type: string category: type: string level: type: string message: type: string details: type: object properties: {} timestamp: type: string format: date-time description: A record of occurrence of an asynchronous event triggered either by system or by user activity example: event_id: b4cf3559e6f64077a7e335225f0945fb event: source: service_name: catalog host_id: anchore-quickstart base_url: http://catalog:8228 resource: id: http://policy-engine:8228 type: service account_name: admin type: system.service.state_transition.orphaned level: error message: Service orphaned details: {} EventSubcategory: type: object properties: name: type: string description: type: string events: type: array items: $ref: '#/components/schemas/EventDescription' description: A collection of events related to each other EventTypesList: type: array description: Array of EventCategory objects items: $ref: '#/components/schemas/EventCategory' EventsList: type: object properties: results: type: array description: List of events items: $ref: '#/components/schemas/EventResponse' next_page: type: boolean description: Boolean flag, True indicates there are more events and False otherwise item_count: type: integer description: Number of events in this page page: type: integer description: Page number of this result set description: Response envelope for paginated listing of events FeedGroupMetadata: type: object properties: name: type: string description: The name of the feed group created_at: type: string format: date-time last_sync: description: The last successful update for this feed group. type: string format: date-time record_count: description: The number of records in the group type: integer enabled: type: boolean description: If group is enabled FeedMetadata: type: object properties: name: type: string description: name of the feed created_at: type: string format: date-time updated_at: type: string description: The last time the policy-engine service pinged the feed service to see if there was a new grypedb available. format: date-time groups: type: array items: $ref: '#/components/schemas/FeedGroupMetadata' last_full_sync: description: The last time that policy-engine service downloaded a new grypedb. type: string format: date-time enabled: type: boolean description: If feed is enabled description: Metadata on the feeds based on findings from querying the endpoints. FeedSyncResult: type: object properties: feed: type: string description: The name of the feed synced status: type: string description: The result of the sync operations, either co enum: - success - failure total_time_seconds: type: number description: The duration, in seconds, of the sync of the feed, the sum of all the group syncs groups: type: array description: Array of group sync results items: $ref: '#/components/schemas/GroupSyncResult' description: The result of a sync of a single feed FeedSyncResults: type: array description: An array of feed sync summaries representing the result of an explicit feed sync operation items: $ref: '#/components/schemas/FeedSyncResult' FileContentSearchList: type: array description: Simple array of RetrievedFileMetadata objects items: $ref: '#/components/schemas/FileContentSearchResult' FileContentSearchResult: type: object properties: path: type: string matches: type: array items: $ref: '#/components/schemas/RegexContentMatch' description: The retrieved file entry including content (b64 encoded) FilesContent: type: object properties: filename: type: string gid: type: integer linkdest: type: string nullable: true mode: type: string sha256: type: string nullable: true size: type: integer type: type: string uid: type: integer GateSpec: type: object properties: name: type: string description: Gate name, as it would appear in a policy document description: type: string description: Description of the gate supported_artifact_type: type: string enum: - image - source state: type: string description: State of the gate and transitively all triggers it contains if not 'active' enum: - active - deprecated - eol superseded_by: type: string description: The name of another trigger that supersedes this on functionally if this is deprecated nullable: true triggers: type: array description: List of the triggers that can fire for this Gate items: $ref: '#/components/schemas/TriggerSpec' description: A description of the set of gates available in this engine and the triggers and parameters supported GateSpecList: type: array items: $ref: '#/components/schemas/GateSpec' GenericNotificationPayload: type: object properties: account_name: type: string subscription_key: type: string subscription_type: type: string notification_id: type: string description: Parent class for Notification Payloads GroupSyncResult: type: object properties: group: type: string description: The name of the group status: type: string enum: - success - failure updated_image_count: type: integer description: The number of images updated by the this group sync, across all accounts. This is typically only non-zero for vulnerability feeds which update images' vulnerability results during the sync. updated_record_count: type: integer description: The number of feed data records synced down as either updates or new records total_time_seconds: type: number description: The duration of the group sync in seconds ImageAnalysisReferences: type: array description: List of image digests to archive items: type: string description: Image digest ImageAnalysisRequest: type: object properties: image_type: type: string description: Optional. The type of image this is adding, defaults to "docker". annotations: type: object properties: {} description: Annotations to be associated with the added image in key/value form source: $ref: '#/components/schemas/ImageSource' description: A request to add an image to be watched and analyzed by the engine. ImageAncestor: type: object properties: image_digest: type: string description: The digest of the image example: sha256:55cffbd26dbe2e79252dd3283b1adef4459441e7b4fc2fe5ccd2bd5b52670474 tags: type: array items: type: string description: Full tag reference that is known at any time previously for the digest. example: docker.io/library/node:latest layers: type: array description: The full set of layers for this image items: type: string description: The layer ID example: sha256:03810167880e863d81dc60fc7771c975b93dfdf982d5677fb2c23d11b02c644b user_marked_base: type: boolean description: True if a specific ancestor has been marked by the user as the chosen base image chosen_base_image: type: boolean description: True for the specific ancestor that has been identified as the base image by the system. This image will be used internally for comparisons. description: An summary of an image and it's layers. ImageAncestry: type: array description: Array of ancestor objects. Sorted by the length of the layers array in each entry, effectively returning them in increasing order of number of common layers. items: $ref: '#/components/schemas/ImageAncestor' ImageArtifact: type: object properties: account_name: type: string description: The account name image_digest: type: string description: The digest of the image distro: type: string description: The distro of the image distro_version: type: string description: The distro version of the image analysis_status: type: string description: the analysis status of image image_status: type: string description: The status of the image analyzed_at: type: string description: RFC 3339 formatted UTC timestamp when the image was analyzed format: date-time created_at: type: string description: RFC 3339 formatted UTC timestamp when the image was created format: date-time last_updated: type: string description: RFC 3339 formatted UTC timestamp when the image was last updated format: date-time description: Model for an image artifact ImageContent: type: object description: A metadata content record for a specific image, containing different content type entries ImageDetail: type: object properties: created_at: type: string format: date-time last_updated: type: string format: date-time full_tag: type: string description: Full docker-pullable tag string referencing the image full_digest: type: string description: Full docker-pullable digest string including the registry url and repository necessary get the image account_name: type: string image_id: type: string registry: type: string repo: type: string dockerfile: type: string nullable: true image_digest: type: string description: The parent Anchore Image record to which this detail maps tag: type: string tag_detected_at: type: string format: date-time description: A metadata detail record for a specific image. Multiple detail records may map a single catalog image. ImageImportContentResponse: type: object properties: digest: type: string created_at: type: string format: date-time ImageImportContentSearch: required: - content_searches - location type: object properties: location: $ref: '#/components/schemas/ImportPackageLocation' content_searches: type: array items: $ref: '#/components/schemas/ImportContentSearchElement' ImageImportContentSearchList: type: array description: Array of ImageImportContentSearch objects items: $ref: '#/components/schemas/ImageImportContentSearch' ImageImportFileContent: required: - contents - location type: object properties: location: $ref: '#/components/schemas/ImportPackageLocation' contents: type: string ImageImportFileContentList: type: array description: Array of ImageImportFileContent objects items: $ref: '#/components/schemas/ImageImportFileContent' ImageImportFileCoordinate: type: object properties: path: type: string description: The path on the filesystem of the file within the given layer layerID: type: string description: The image layer in which the file was found ImageImportManifest: required: - contents - digest - operation_uuid - tags type: object properties: contents: $ref: '#/components/schemas/ImportContentDigests' tags: type: array items: type: string description: Full docker reference tags example: docker.io/library/nginx:latest digest: type: string parent_digest: type: string description: The digest of the image's manifest-list parent if it was accessed from a multi-arch tag where the tag pointed to a manifest-list. This allows preservation of that relationship in the data local_image_id: type: string description: An "image_id" as used by Docker if available operation_uuid: type: string nullable: true x-nullable: true ImageImportOperation: type: object properties: uuid: type: string status: type: string enum: - pending - queued - processing - complete - failed - expired expires_at: type: string format: date-time created_at: type: string format: date-time description: An import record, creating a unique identifier for referencing the operation as well as its state ImageImports: type: array items: $ref: '#/components/schemas/ImageImportOperation' ImagePackageManifest: required: - artifacts - distro - source type: object additionalProperties: true properties: artifacts: type: array items: $ref: '#/components/schemas/ImportPackage' source: $ref: '#/components/schemas/ImportSource' distro: $ref: '#/components/schemas/ImportDistribution' descriptor: $ref: '#/components/schemas/ImportDescriptor' schema: $ref: '#/components/schemas/ImportSchema' artifactRelationships: type: array items: $ref: '#/components/schemas/ImportPackageRelationship' files: type: array items: $ref: '#/components/schemas/ImportFile' ImagePackageVulnerability: allOf: - $ref: '#/components/schemas/PackageVulnerability' - type: object properties: inherited_from_base: type: boolean description: True if the vulnerable artifact is found in the base image. False otherwise ImagePackageVulnerabilityResponse: type: object properties: image_digest: type: string base_digest: type: string vulnerability_type: type: string vulnerabilities: type: array description: List of Vulnerability objects items: $ref: '#/components/schemas/ImagePackageVulnerability' description: envelope containing list of vulnerabilities ImageRef: required: - type - value additionalProperties: false type: object properties: type: type: string enum: - tag - digest - id value: type: string description: A reference to an image ImageReference: type: object properties: image_digest: type: string description: The image digest image_id: type: string description: The image id if available analyzed_at: type: string description: Timestamp, in rfc3339 format, indicating when the image state became 'analyzed' in Anchore Engine. tag_history: type: array items: $ref: '#/components/schemas/TagEntry' description: A summary of an image identity, including digest, id (if available), and any tags known to have ever been mapped to the digest ImageSBOM: type: object description: An image SBOM Document ImageSelectionRule: required: - id - image - name - registry - repository type: object additionalProperties: false properties: id: type: string name: type: string registry: type: string repository: type: string image: $ref: '#/components/schemas/ImageRef' description: type: string description: Description of the Allowlist or Denylist image match, human readable ImageSelector: type: object properties: registry: type: string description: The registry section of a pull string. e.g. with "docker.io/anchore/anchore-engine:latest", this is "docker.io" repository: type: string description: The repository section of a pull string. e.g. with "docker.io/anchore/anchore-engine:latest", this is "anchore/anchore-engine" tag: type: string description: The tag-only section of a pull string. e.g. with "docker.io/anchore/anchore-engine:latest", this is "latest" description: A set of selection criteria to match an image by a tagged pull string based on its components, with regex support in each field ImageSource: type: object properties: tag: $ref: '#/components/schemas/RegistryTagSource' digest: $ref: '#/components/schemas/RegistryDigestSource' archive: $ref: '#/components/schemas/AnalysisArchiveSource' import: $ref: '#/components/schemas/ImageImportManifest' description: A set of analysis source types. Only one may be set in any given request. ImageWithPackages: type: object properties: image: $ref: '#/components/schemas/ImageReference' packages: type: array items: $ref: '#/components/schemas/PackageReference' description: An image record that contains packages ImportContentDigestList: type: array items: type: string description: String digest of an uploaded content ImportContentDigests: required: - image_config - manifest - packages type: object properties: packages: type: string description: Digest to use for the packages content image_config: type: string description: Digest for reference content for image config manifest: type: string description: Digest to reference content for the image manifest parent_manifest: type: string description: Digest for reference content for parent manifest dockerfile: type: string description: Digest for reference content for dockerfile secret_searches: type: string description: Digest for reference content for secret search results content_searches: type: string description: Digest for reference content for content search results file_contents: type: string description: Digest for reference content for file retrieve content description: Digest of content to use in the final import ImportContentSearchElement: required: - classification - length - line_number - line_offset - seek_position type: object properties: classification: type: string line_number: type: integer line_offset: type: integer seek_position: type: integer length: type: integer ImportDescriptor: required: - name - version type: object additionalProperties: true properties: name: type: string version: type: string ImportDistribution: type: object additionalProperties: true properties: name: type: string nullable: true id: type: string nullable: true version: type: string nullable: true versionID: type: string nullable: true idLike: {} ImportFile: required: - id - location properties: id: type: string description: Unique identifier within the sbom for the file for other elements in the sbom to reference location: $ref: '#/components/schemas/ImageImportFileCoordinate' metadata: type: object description: File metadata such as mode, size, etc. This is populated by anchorectl analysis but is not available in older syft-generated SBOMs digests: type: array items: $ref: '#/components/schemas/ImportFileDigest' additionalProperties: true type: object ImportFileDigest: required: - algorithm - value type: object properties: algorithm: type: string value: type: string ImportPackage: required: - cpes - language - licenses - locations - name - type - version type: object additionalProperties: true properties: id: type: string name: type: string version: type: string type: type: string foundBy: type: string locations: type: array items: $ref: '#/components/schemas/ImportPackageLocation' licenses: type: array items: {} language: type: string cpes: type: array items: anyOf: - type: string - $ref: '#/components/schemas/ImportPackageCPE' purl: type: string metadataType: type: string nullable: true metadata: type: object properties: {} nullable: true ImportPackageCPE: required: - cpe - source type: object properties: cpe: type: string source: type: string ImportPackageLocation: required: - path type: object additionalProperties: true properties: path: type: string layerID: type: string ImportPackageRelationship: required: - parent - child - type properties: parent: type: string child: type: string type: type: string metadata: additionalProperties: true type: object additionalProperties: true type: object ImportSchema: required: - version - url properties: version: type: string url: type: string additionalProperties: true type: object ImportSource: required: - type properties: type: type: string target: additionalProperties: true metadata: additionalProperties: true additionalProperties: true type: object InventoryItem: type: object properties: inventory_type: type: string context: type: string image_tag: type: string image_digest: type: string created_at: type: string format: date-time last_updated: type: string format: date-time last_seen: type: string format: date-time description: Inventory result for a specific Namespace InventoryItems: type: object properties: items: type: array items: $ref: '#/components/schemas/InventoryItem' description: Inventory report for Images in Use LoggingLevel: type: object required: - service_name - logging_level properties: service_name: type: string enum: - all - analyzer - api - catalog - notifications - reports - reports_worker - simplequeue - policy_engine logging_level: type: string enum: - default - trace - debug - info - warning - error - critical LoggingLevelResponse: type: array items: $ref: '#/components/schemas/LoggingLevel' JavaPackageContent: type: object properties: package: type: string implementation-version: type: string specification-version: type: string maven-version: type: string location: type: string type: type: string origin: type: string licenses: type: array items: type: string cpes: type: array description: A list of Common Platform Enumerations that may uniquely identify the package items: type: string purl: type: string version: type: string JsonPatchAdd: required: - op - path - value type: object properties: id: type: string description: Operation ID, referenced for ordering in the op: type: string enum: - add path: $ref: '#/components/schemas/JsonPointer' value: type: object description: A valid json value, can be any valid json type description: The 'add' operation per RFC6902 JsonPatchAddList: type: array items: $ref: '#/components/schemas/JsonPatchAdd' JsonPatchCopy: required: - from - op - path type: object properties: id: type: string description: Operation ID, referenced for ordering in the op: type: string enum: - copy path: $ref: '#/components/schemas/JsonPointer' from: $ref: '#/components/schemas/JsonPointer' description: The 'copy' operation per RFC6902 JsonPatchCopyList: type: array items: $ref: '#/components/schemas/JsonPatchCopy' JsonPatchMove: required: - from - op - path type: object properties: id: type: string description: Operation ID, referenced for ordering in the op: type: string enum: - move path: $ref: '#/components/schemas/JsonPointer' from: $ref: '#/components/schemas/JsonPointer' description: The 'move' operation per RFC6902 JsonPatchMoveList: type: array items: $ref: '#/components/schemas/JsonPatchMove' JsonPatchOperationList: type: array description: Ordered list of the operations in the type-specific lists. This imparts the total ordering of patches to apply such that they can be moved into a single array. This is a workaround for 'oneOf' support in OpenAPI 2.0 items: type: string description: Operation ID, must be found in the add, remove, replace, move, copy, or test list JsonPatchRemove: required: - op - path type: object properties: id: type: string description: Operation ID, referenced for ordering in the op: type: string enum: - remove path: $ref: '#/components/schemas/JsonPointer' description: The 'remove' operation per RFC6902 JsonPatchRemoveList: type: array items: $ref: '#/components/schemas/JsonPatchRemove' JsonPatchReplace: required: - op - path - value type: object properties: id: type: string description: Operation ID, referenced for ordering in the op: type: string enum: - replace path: $ref: '#/components/schemas/JsonPointer' value: type: object description: A valid json value, can be any valid json type description: The 'replace' operation per RFC6902 JsonPatchReplaceList: type: array items: $ref: '#/components/schemas/JsonPatchReplace' JsonPatchTest: required: - op - path - value type: object properties: id: type: string description: Operation ID, referenced for ordering in the op: type: string enum: - test path: $ref: '#/components/schemas/JsonPointer' value: type: object description: Expected value for test description: The 'test' operation per RFC6902 JsonPatchTestList: type: array items: $ref: '#/components/schemas/JsonPatchTest' JsonPointer: pattern: ^(/[^/~]*(~[01][^/~]*)*)*$ type: string description: A JSONPointer per RFC6901 KubernetesContainer: required: - account_name - context - id - image_digest - image_tag - name - pod_id type: object properties: id: type: string name: type: string pod_id: type: string account_name: type: string context: type: string image_tag: type: string image_digest: type: string KubernetesContainers: type: object properties: containers: type: array items: $ref: '#/components/schemas/KubernetesContainer' description: Containers defined in Kubernetes KubernetesInventory: required: - cluster_name - timestamp type: object properties: cluster_name: type: string timestamp: type: string format: date-time namespaces: type: array items: $ref: '#/components/schemas/KubernetesInventoryNamespace' nodes: type: array items: $ref: '#/components/schemas/KubernetesInventoryNode' pods: type: array items: $ref: '#/components/schemas/KubernetesInventoryPod' containers: type: array items: $ref: '#/components/schemas/KubernetesInventoryContainer' KubernetesInventoryContainer: required: - id - image_tag - name - pod_uid type: object properties: id: type: string description: Corresponds to ContainerStatus.containerID in the Kubernetes Spec name: type: string image_tag: pattern: ^(?!\s*$).+ type: string image_digest: type: string pod_uid: $ref: '#/components/schemas/UUID' KubernetesInventoryNamespace: required: - name - uid type: object properties: uid: $ref: '#/components/schemas/UUID' name: type: string labels: type: object additionalProperties: type: string annotations: type: object additionalProperties: type: string KubernetesInventoryNode: required: - name - uid type: object properties: uid: $ref: '#/components/schemas/UUID' name: type: string labels: type: object additionalProperties: type: string annotations: type: object additionalProperties: type: string kernel_version: type: string kubernetes_version: type: string arch: type: string container_runtime_version: type: string kube_proxy_version: type: string kubelet_version: type: string operating_system: type: string KubernetesInventoryPod: required: - name - namespace_uid - uid type: object properties: uid: $ref: '#/components/schemas/UUID' name: type: string namespace_uid: $ref: '#/components/schemas/UUID' node_uid: $ref: '#/components/schemas/UUID' labels: type: object additionalProperties: type: string annotations: type: object additionalProperties: type: string KubernetesNamespace: required: - annotations - labels - name - uid type: object properties: uid: type: string name: type: string labels: type: object additionalProperties: type: string annotations: type: object additionalProperties: type: string last_seen: type: string KubernetesNamespaces: type: object properties: namespaces: type: array items: $ref: '#/components/schemas/KubernetesNamespace' description: Namespaces defined in Kubernetes KubernetesNode: required: - annotations - labels - name - uid type: object properties: uid: type: string name: type: string labels: type: object additionalProperties: type: string annotations: type: object additionalProperties: type: string last_seen: type: string KubernetesNodes: type: object properties: namespaces: type: array items: $ref: '#/components/schemas/KubernetesNode' description: Nodes defined in Kubernetes KubernetesPod: required: - account_name - annotations - id - labels - name type: object properties: id: type: string name: type: string account_name: type: string labels: type: object additionalProperties: type: string annotations: type: object additionalProperties: type: string node_id: type: string namespace_id: type: string last_seen: type: string KubernetesPods: type: object properties: namespaces: type: array items: $ref: '#/components/schemas/KubernetesPod' description: Pods defined in Kubernetes LocalAnalysisSource: type: object properties: digest: type: string MalwareFinding: type: object properties: path: type: string description: A path for a file in the image's rootfs signature: type: string description: The malware signature found at the path MalwareScan: type: object properties: enabled: type: boolean description: Indicates if the scanner is enabled scanner: type: string description: The name of the scanner that produced the finding metadata: type: object properties: {} description: Open schema for scanner-specific metadata related to the scan result findings: type: array items: $ref: '#/components/schemas/MalwareFinding' description: A single scan from a scanner MappingRule: required: - allowlist_ids - id - image - name - registry - repository - rule_set_ids type: object additionalProperties: false properties: id: type: string name: type: string allowlist_ids: type: array items: type: string rule_set_ids: type: array description: List of rule_set_ids to evaluate in order, to completion items: type: string description: rule_set_id to evaluate registry: type: string repository: type: string image: $ref: '#/components/schemas/ImageRef' description: type: string description: Description of the image to policy mapping rule, human readable MetadataResponse: type: object properties: image_digest: type: string metadata_type: type: string metadata: {} description: Generic wrapper for metadata listings from images ModifiedPackage: type: object properties: source: $ref: '#/components/schemas/Package' target: $ref: '#/components/schemas/Package' patch: $ref: '#/components/schemas/CustomJsonPatch' description: A combined modification record showing the source and target packages and the json patch to apply to the relationship-target object to result in the relationship-source package. Source and target are the packages from the respective sides of the relationship. NativeSBOM: required: - artifacts - distro - source type: object additionalProperties: true properties: artifacts: type: array items: $ref: '#/components/schemas/NativeSBOMPackage' source: $ref: '#/components/schemas/NativeSBOMSource' distro: $ref: '#/components/schemas/NativeSBOMDistribution' descriptor: $ref: '#/components/schemas/NativeSBOMDescriptor' schema: $ref: '#/components/schemas/NativeSBOMSchema' artifactRelationships: type: array items: $ref: '#/components/schemas/NativeSBOMPackageRelationship' NativeSBOMDescriptor: required: - name - version type: object additionalProperties: true properties: name: type: string version: type: string NativeSBOMDistribution: type: object additionalProperties: true properties: name: type: string nullable: true id: type: string nullable: true version: type: string nullable: true versionID: type: string nullable: true idLike: {} NativeSBOMPackage: required: - cpes - language - licenses - locations - name - type - version type: object additionalProperties: true properties: id: type: string name: type: string version: type: string type: type: string foundBy: type: string locations: type: array items: $ref: '#/components/schemas/NativeSBOMPackageLocation' licenses: type: array items: {} language: type: string cpes: type: array items: anyOf: - type: string - $ref: '#/components/schemas/NativeSBOMPackageCPE' purl: type: string metadataType: type: string nullable: true metadata: type: object properties: {} nullable: true NativeSBOMPackageCPE: required: - cpe - source type: object properties: cpe: type: string source: type: string additionalProperties: true NativeSBOMPackageLocation: required: - path type: object additionalProperties: true properties: path: type: string layerID: type: string NativeSBOMPackageRelationship: required: - parent - child - type properties: parent: type: string child: type: string type: type: string metadata: additionalProperties: true type: object additionalProperties: true type: object NativeSBOMSchema: required: - url - version type: object additionalProperties: true properties: version: type: string url: type: string NativeSBOMSource: required: - type properties: type: type: string target: additionalProperties: true metadata: additionalProperties: true additionalProperties: true type: object NotificationActionPlanNotificationPayload: allOf: - $ref: '#/components/schemas/NotificationSynchronousNotificationPayload' - type: object description: defines an action plan payload that can be sent synchronously properties: uuid: type: string image_tag: type: string image_digest: type: string bundle_id: type: string subject: type: string message: type: string NotificationApiErrorResponse: type: object properties: code: type: integer format: int32 error_type: type: string message: type: string detail: type: object properties: {} description: Details structure for additional information about the error if available. Content and structure will be error specific. description: Generic HTTP API error response NotificationBase: type: object properties: queue_id: type: string account_name: type: string data_id: type: string created_at: type: integer last_updated: type: integer record_state_key: type: string default: active record_state_val: type: string nullable: true tries: type: integer max_tries: type: integer description: base object for Notifications (every notification has this basic structure) NotificationEndpoint: type: object properties: name: type: string description: the name of the endpoint enabled: type: boolean description: Is the endpoint enabled for use in the system. Affects all usage, including system-level if set to false. last_updated: type: string description: The timestamp of the last change to the status format: date-time NotificationEndpointConfiguration: type: object properties: uuid: type: string description: The instance identifier for the configuration description: type: string description: User friendly name or description for the configuration verify_tls: type: boolean description: Verify the cert if using tls for connecting externally. Defaults to true if not specified created_at: type: string description: Timestamp for last modification to the record format: date-time last_updated: type: string description: Timestamp for last modification to the record format: date-time description: Base schema that endpoint configurations extend NotificationEndpointEnabledStatus: type: object properties: enabled: type: boolean description: Is the endpoint enabled for use in the system. Affects all usage, including system-level if set to false. last_updated: type: string description: The timestamp of the last change to the status format: date-time NotificationEndpointList: type: array items: $ref: '#/components/schemas/NotificationEndpoint' NotificationEventSelector: required: - level - resource_type - type type: object properties: level: type: string description: The level of the event to filter. '*' matches events of all levels. 'info' and 'error' match related events respectively enum: - '*' - info - error resource_type: type: string description: The type of resource to filter. '*' matches all resource types. Some examples of resource type are 'image_digest' or 'service' type: pattern: ^[a-z0-9-_.*]+$ type: string description: 'The type of event to filter, using wildcards against type field of the event. Event types have a structured format ... Thus, ''*'' matches all types of events. ''system.*'' matches all system events, ''user.*'' matches events that are relevant to individual consumption, and omitting an asterisk will do an exact match. See the GET /event_types route definition in the engine''s external API for the list of event types. ' description: A selector of event properties NotificationGitHubEndpointConfigurationBase: description: Configuration for GitHub endpoint (Base model) allOf: - $ref: '#/components/schemas/NotificationEndpointConfiguration' - type: object properties: url: pattern: https?://.* type: string description: Github API endpoint, defaults to https://api.github.com if not specified username: type: string description: GitHub username for creating issues access_token: type: string description: Personal access token for the GitHub account owner: type: string description: Owner of the repository to create issues against repository: type: string description: Name of the repository to create issues against milestone: type: integer description: Number of the milestone to associate with the issue labels: type: array description: List of labels to associate with the issue items: type: string assignees: type: array description: List of user logins to assign to the issue. items: type: string NotificationGitHubEndpointConfigurationList: type: array description: List of GitHub endpoint configurations items: $ref: '#/components/schemas/NotificationGitHubEndpointConfigurationBase' NotificationGitHubEndpointConfigurationPost: description: Configuration for GitHub endpoint (Base model) allOf: - $ref: '#/components/schemas/NotificationGitHubEndpointConfigurationBase' - type: object required: - username - access_token - owner - repository NotificationGitHubEndpointConfigurationPut: description: Configuration for GitHub endpoint (Base model) allOf: - $ref: '#/components/schemas/NotificationGitHubEndpointConfigurationBase' - type: object required: - username - owner - repository NotificationGitHubTestResult: type: object properties: status: type: string response: type: string NotificationJiraEndpointConfigurationBase: description: Configuration for jira endpoint allOf: - $ref: '#/components/schemas/NotificationEndpointConfiguration' - type: object properties: url: pattern: https?://.* type: string description: Jira endpoint URL including host and port, should begin with 'http://' or 'https://' username: type: string description: Jira username for creating issues password: type: string description: Jira access token for creating issues project_key: type: string description: Key of the Jira project for creating issues issue_type: type: string description: Type associated with the issue priority: type: string description: Priority assigned to the issue assignee: type: string description: Jira user to associate with the issue labels: type: array description: List of labels to associate with the issue items: type: string NotificationJiraEndpointConfigurationList: type: array description: List of jira endpoint configurations items: $ref: '#/components/schemas/NotificationJiraEndpointConfigurationBase' NotificationJiraEndpointConfigurationPost: description: Configuration for jira endpoint allOf: - $ref: '#/components/schemas/NotificationJiraEndpointConfigurationBase' - type: object required: - url - username - password - project_key - issue_type NotificationJiraEndpointConfigurationPut: description: Configuration for jira endpoint allOf: - $ref: '#/components/schemas/NotificationJiraEndpointConfigurationBase' - type: object required: - url - username - project_key - issue_type NotificationJiraTestResult: type: object properties: status: type: string response: type: string NotificationOperationalStatus: type: object properties: status: type: string enum: - unknown - healthy - unhealthy description: Operational status for a specific notification endpoint configuration NotificationSMTPEndpointConfiguration: description: Configuration for email via smtp endpoint allOf: - $ref: '#/components/schemas/NotificationEndpointConfiguration' - required: - from - host - port - to type: object properties: host: type: string port: type: integer username: type: string password: type: string use_tls: type: boolean description: Encrypt the SMTP connection with TLS. Defaults to true from: type: string description: The from address to use for emails send by this configuration to: type: string description: The address to which the emails are sent NotificationSMTPEndpointConfigurationList: type: array description: List of email via smtp endpoint configurations items: $ref: '#/components/schemas/NotificationSMTPEndpointConfiguration' NotificationSMTPTestResult: type: object properties: status: type: string response: type: string NotificationSelector: required: - event - scope type: object properties: uuid: type: string configuration_uuid: type: string description: UUID of the endpoint configuration bound to this selector scope: type: string description: The scope to filter events. 'global' scope encompasses all the events in the system, only the admin account can request this selector scope. 'account' covers events scoped to a specific account. enum: - global - account event: $ref: '#/components/schemas/NotificationEventSelector' description: A selector for notifications that determines which notifications are passed to a specific endpoint configuration NotificationSelectorList: type: array items: $ref: '#/components/schemas/NotificationSelector' NotificationServiceVersion: type: object properties: service: type: object properties: version: type: string description: Semantic Version string of the service implementation api: type: object properties: version: type: string description: Semantic version of the api description: Api Version string db: type: object properties: schema_version: type: string description: Semantic version of the db schema engine: type: object properties: version: type: string description: Version of the installed engine library db: type: string description: Version of the installed engine db schema description: Version information for a service NotificationSlackEndpointConfiguration: description: Configuration for slack endpoint allOf: - $ref: '#/components/schemas/NotificationEndpointConfiguration' - required: - url type: object properties: url: pattern: https?://.* type: string description: url to POST to, including any query parameters, should begin with 'http://' or 'https://' NotificationSlackEndpointConfigurationList: type: array description: List of slack endpoint configurations items: $ref: '#/components/schemas/NotificationSlackEndpointConfiguration' NotificationSlackTestResult: type: object properties: status: type: string response: type: string NotificationStatusResponse: type: object properties: busy: type: boolean up: type: boolean message: type: string description: System status response NotificationSynchronousNotificationPayload: type: object description: defines a notification payload that can be sent synchronously properties: type: type: string NotificationTeamsEndpointConfiguration: description: Configuration for MS Teams endpoint allOf: - $ref: '#/components/schemas/NotificationEndpointConfiguration' - required: - url type: object properties: url: pattern: https?://.* type: string description: url to POST to, including any query parameters, should begin with 'http://' or 'https://' NotificationTeamsEndpointConfigurationList: type: array description: List of MS Teams endpoint configurations items: $ref: '#/components/schemas/NotificationTeamsEndpointConfiguration' NotificationTeamsTestResult: type: object properties: status: type: string response: type: string NotificationWebhookEndpointConfiguration: description: Configuration for Webhook endpoint allOf: - $ref: '#/components/schemas/NotificationEndpointConfiguration' - required: - url type: object properties: url: pattern: https?://.* type: string description: url to POST to, including any query parameters, should begin with 'http://' or 'https://' username: type: string password: type: string verify_ssl: type: boolean description: Verify SSL certificates for HTTPS requests, disabled by default NotificationWebhookEndpointConfigurationList: type: array description: List of Webhook endpoint configurations items: $ref: '#/components/schemas/NotificationWebhookEndpointConfiguration' NotificationWebhookTestResult: type: object properties: status: type: string response: type: string NullType: title: OpenAPI 3.0.` null-type ref description: for adding nullability to a ref enum: - null NvdDataList: type: array description: List of Nvd Data objects items: $ref: '#/components/schemas/NvdDataObject' NvdDataObject: type: object properties: id: type: string description: NVD Vulnerability ID description: description: The full NVD description text for the vulnerability type: string cvss_v2: $ref: '#/components/schemas/CVSSV2Scores' cvss_v3: $ref: '#/components/schemas/CVSSV3Scores' Package: type: object properties: name: type: string version: type: string release: type: string sourcepkg: type: string location: type: string origin: type: string size: type: integer licenses: type: array items: type: string metadata_type: type: string description: The type of the metadata entry metadata: type: object properties: {} description: Package type specific metadata specification_version: type: string description: Spec version for java packages implementation_version: type: string description: Implementation version for java packages maven_version: type: string description: Maven version for java packages cpes: type: array description: List of CPE strings for this package items: type: string purl: type: string description: A normalized and simplified package that can represent any package type PackageContent: type: object properties: package: type: string version: type: string size: type: string type: type: string origin: type: string licenses: type: array items: type: string location: type: string cpes: type: array description: A list of Common Platform Enumerations that may uniquely identify the package items: type: string metadata_type: type: string description: The type of the metadata entry metadata: type: object properties: {} description: Package type specific metadata purl: type: string PackageReference: type: object properties: name: type: string description: Package name version: type: string description: A version for the package. If null, then references all versions nullable: true type: type: string description: Package type (e.g. package, rpm, deb, apk, jar, npm, gem, ...) will_not_fix: type: boolean description: Whether a vendor will or will not fix a vulnerability description: A record of a software item which is vulnerable or carries a fix for a vulnerability PackageVulnerability: type: object properties: vuln: type: string description: The vulnerability identifier, such as CVE-2017-100, or RHSA-2017123 description: description: The full description text for the vulnerability type: string fix: type: string description: The package containing a fix, if available severity: type: string description: The severity of the vulnerability package: type: string description: The package name and version that are vulnerable in the image url: type: string description: The url for more information about the vulnerability feed: type: string description: The name of the feed where vulnerability match was made feed_group: type: string description: The name of the feed group where vulnerability match was made package_name: type: string description: The name of the vulnerable package artifact package_version: type: string description: The version of the vulnerable package artifact package_type: type: string description: The type of vulnerable package package_cpe: type: string description: The CPE string (if applicable) describing the package to vulnerability match package_path: type: string description: The location (if applicable) of the vulnerable package in the container filesystem will_not_fix: type: boolean description: Whether a vendor will fix or not fix the vulnerability nvd_data: $ref: '#/components/schemas/NvdDataList' vendor_data: $ref: '#/components/schemas/VendorDataList' detected_at: type: string description: When the vulnerability was detected format: date-time fix_observed_at: type: string description: When the fix was observed format: date-time PaginatedImageList: description: Pagination wrapped list of images that match some filter allOf: - $ref: '#/components/schemas/PaginationProperties' - type: object properties: images: type: array items: $ref: '#/components/schemas/ImageWithPackages' PaginatedVulnerabilityList: description: A paginated listing of vulnerability records sorted by ID in descending order allOf: - $ref: '#/components/schemas/PaginationProperties' - type: object properties: vulnerabilities: type: array description: The listing of matching vulnerabilities for the query subject to pagination items: $ref: '#/components/schemas/StandaloneVulnerability' PaginationProperties: type: object properties: page: type: string description: The page number returned (should match the requested page query string param) next_page: type: string description: True if additional pages exist (page + 1) or False if this is the last page returned_count: type: integer description: The number of items sent in this response description: Properties for common pagination handling to be included in any wrapping object that needs pagination elements Policy: description: A policy containing a rule-set, allowlists, and rules for mapping them to specific images type: object required: - id - name - version - rule_sets - mappings additionalProperties: false properties: id: type: string description: Id of the policy name: type: string description: Human readable name for the policy minLength: 1 description: type: string description: Description of the policy, human readable version: type: string description: Version id for this policy format allowlists: description: Allowlists which define which policy matches to disregard explicitly in the final policy decision type: array items: $ref: '#/components/schemas/Allowlist' rule_sets: description: Collections of policy rules which define the go/stop/warn status of an image using rule matches on image properties type: array items: $ref: '#/components/schemas/RuleSet' source_mappings: description: Mapping rules for defining which policy and allowlist(s) to apply to a source based on a match of the host and repo name. Evaluated in order. type: array items: $ref: '#/components/schemas/SourceMappingRule' mappings: description: Mapping rules for defining which policy and allowlist(s) to apply to an image based on a match of the image tag or id. Evaluated in order. type: array items: $ref: '#/components/schemas/MappingRule' allowlisted_images: description: List of mapping rules that define which images should always be passed (unless also on the denylist), regardless of policy result. type: array items: $ref: '#/components/schemas/ImageSelectionRule' denylisted_images: description: List of mapping rules that define which images should always result in a STOP/FAIL policy result regardless of policy content or presence in allowlisted_images type: array items: $ref: '#/components/schemas/ImageSelectionRule' last_updated: type: number description: The time at which the policy was last updated, informational only PolicyEvalNotification: allOf: - $ref: '#/components/schemas/NotificationBase' - type: object properties: data: $ref: '#/components/schemas/PolicyEvalNotificationData' description: The Notification Object definition for Policy Eval Notifications PolicyEvalNotificationData: allOf: - $ref: '#/components/schemas/BaseNotificationData' - type: object properties: notification_payload: $ref: '#/components/schemas/PolicyEvalNotificationPayload' PolicyEvalNotificationPayload: allOf: - $ref: '#/components/schemas/GenericNotificationPayload' - type: object properties: curr_eval: type: object properties: {} description: The Current Policy Evaluation result last_eval: type: object properties: {} description: The Previous Policy Evaluation result annotations: type: object properties: {} description: List of Corresponding Image Annotations nullable: true PolicyEvaluation: type: object properties: policy_id: type: string description: The ID of the policy used to evaluate the image image_digest: type: string description: Image digest of the image being evaluated evaluated_tag: type: string description: Image tag used to evaluate policy for the given image evaluations: type: array description: List of policy evaluations. Always has at least one result, may contain multiple when the evaluation history is requested. items: $ref: '#/components/schemas/PolicyEvaluationResult' description: Evaluation response object PolicyEvaluationFinding: required: - action - allowlisted - gate - message - policy_id - recommendation - rule_id - trigger - trigger_id type: object properties: trigger_id: type: string description: ID of this policy trigger finding (can be used to allowlist this finding) gate: type: string description: Name of the gate that generated this finding trigger: type: string description: Name of the trigger that generated this finding message: type: string description: Description of the finding action: type: string description: The action associated with this finding enum: - go - stop - warn policy_id: type: string description: ID of the policy that this gate and trigger are a part of recommendation: type: string description: User provided details for resolving this finding rule_id: type: string description: ID of the policy rule that that generated this finding allowlisted: type: boolean description: Indicates if this finding was allowlisted or not allowlist_match: anyOf: - $ref: '#/components/schemas/NullType' - $ref: '#/components/schemas/PolicyFindingAllowlistMatch' inherited_from_base: type: boolean description: Indicates if this finding was found in the base image nullable: true PolicyEvaluationProblem: required: - details - problem_type - severity type: object properties: severity: type: string description: Severity of the policy evaluation problem. Problems with a severity of "error" prevent the policy from being evaluated, while severity "warn" indicates the policy was evaluated but the result may require additional attention. enum: - error - warn problem_type: type: string description: the type of problem encountered, such as a misconfiguration or unavailable data details: type: string description: Details about the problem itself and how to fix it description: Details for an error or warning indicating a problem during policy evaluation PolicyEvaluationRemediation: required: - suggestions - trigger_ids type: object properties: suggestions: type: array description: Anchore generated options for resolving a finding items: $ref: '#/components/schemas/PolicyEvaluationRemediationSuggestion' trigger_ids: type: array description: List of trigger IDs that these remediation suggestions apply to items: type: string PolicyEvaluationRemediationSuggestion: required: - message - preferred type: object properties: message: type: string description: The suggestion for resolving a finding preferred: type: boolean description: Indicates whether this suggestion is recommended PolicyEvaluationResult: required: - evaluation_problems - evaluation_time - final_action - final_action_reason - image_allowlisted - image_denylisted - image_mapped_to_rule - number_of_findings - status type: object properties: details: required: - findings - policy_action - policy type: object properties: policy: $ref: '#/components/schemas/Policy' findings: type: array description: The detailed policy findings items: $ref: '#/components/schemas/PolicyEvaluationFinding' policy_action: type: string description: The outcome of the policy evaluation, before allowlist/denylist evaluation. enum: - stop - go - warn remediations: type: array description: List of remediations for the findings nullable: true items: $ref: '#/components/schemas/PolicyEvaluationRemediation' description: Contains additional details about the policy evaluation nullable: true comparison_image_digest: type: string description: Image digest of the base image used during policy evaluation nullable: true evaluation_time: type: string description: The date and time this policy evaluation was performed at format: date-time evaluation_problems: type: array description: list of error objects indicating errors encountered during evaluation execution items: $ref: '#/components/schemas/PolicyEvaluationProblem' status: type: string description: The overall status of the policy evaluation enum: - fail - pass final_action: type: string description: The overall outcome of the evaluation. enum: - stop - go - warn final_action_reason: type: string description: The reason for the final result enum: - policy_evaluation - allowlisted - denylisted image_allowlisted: type: boolean description: Whether the evaluated image matched an allowlist rule matched_allowlisted_images_rule: anyOf: - $ref: '#/components/schemas/NullType' - $ref: '#/components/schemas/ImageSelectionRule' image_denylisted: type: boolean description: Whether the evaluated image matched a denylist rule matched_denylisted_images_rule: anyOf: - $ref: '#/components/schemas/NullType' - $ref: '#/components/schemas/ImageSelectionRule' image_mapped_to_rule: type: boolean description: Whether the evaluated image matched a policy rule matched_mapping_rule: anyOf: - $ref: '#/components/schemas/NullType' - $ref: '#/components/schemas/MappingRule' number_of_findings: type: integer description: Number of policy findings in the response PolicyFindingAllowlistMatch: type: object properties: id: type: string description: ID of the allowlist that matched this finding name: type: string description: Name of the allowlist that matched this finding matched_rule_id: type: string description: ID of the rule within the allowlist that matched this finding description: Details about (possible) allowlist match PolicyList: type: array description: List of PolicyRecord objects items: $ref: '#/components/schemas/PolicyRecord' PolicyRecord: required: - account_name - active - name - policy_id - policy_source type: object properties: created_at: type: string format: date-time last_updated: type: string format: date-time policy_id: type: string description: The policy's identifier active: type: boolean description: True if the policy is currently defined to be used automatically account_name: type: string description: UserId of the user that owns the policy policy_source: type: string description: Source location of where the policy originated policy: anyOf: - $ref: '#/components/schemas/NullType' - $ref: '#/components/schemas/Policy' name: type: string description: Name of the policy description: type: string description: Description of the policy, human readable description: A policy plus some metadata PolicyRule: required: - action - gate - id - params - trigger additionalProperties: false type: object properties: id: type: string gate: type: string trigger: type: string action: type: string enum: - GO - STOP - WARN description: type: string description: Description of the policy rule, human readable params: type: array items: $ref: '#/components/schemas/PolicyRuleParam' recommendation: type: string description: A rule that defines and decision value if the match is found true for a given image. PolicyRuleParam: required: - name - value type: object additionalProperties: false properties: name: type: string value: type: string RbacManagerAccountRole: type: object properties: for_account: type: string description: The account scope that applies to the set of roles roles: $ref: '#/components/schemas/RbacManagerRole' account: $ref: '#/components/schemas/Account' description: An account identifier and roles a user has within that account RbacManagerApiErrorResponse: type: object properties: code: type: integer format: int32 error_type: type: string message: type: string detail: type: object properties: {} description: Details structure for additional information about the error if available. Content and structure will be error specific. description: Generic HTTP API error response RbacManagerIdpUserGroup: type: object required: - user_group_uuid properties: user_group_uuid: type: string description: The UUID of the user group user_group_name: type: string description: The name of the user group mapped_on: type: string description: The timestamp when the user group was mapped to the IdP format: date-time description: A user group associated with an IdP RbacManagerIdpUserGroupPost: type: object properties: user_group_uuids: type: array items: type: string description: List of user group uuids to be associated with the IdP RbacManagerIdpUserGroups: type: array items: $ref: '#/components/schemas/RbacManagerIdpUserGroup' RbacManagerPermission: type: object properties: action: type: string description: The allowed action. e.g. getImage target: type: string description: The target to which the action may be applied. Either a '*' for all or a specific target id description: A grant of specific action against a specific scope and target RbacManagerPermissionList: type: array items: $ref: '#/components/schemas/RbacManagerPermission' RbacManagerRole: required: - name type: object properties: name: type: string description: The name of the role description: type: string description: A role description for humans permissions: $ref: '#/components/schemas/RbacManagerPermissionList' immutable: type: boolean description: Are the permissions of this role modifiable by users (including admin users) created_at: type: string description: The timestamp when the role was created format: date-time last_updated: type: string description: The timestamp of the last update to the role metadata itself format: date-time description: Role definition RbacManagerRoleMember: required: - for_account - username type: object properties: username: type: string for_account: type: string created_at: type: string format: date-time description: A mapping between a username and a role with an account context RbacManagerRoleMemberList: type: array description: List of members of the role, may be filtered by the calling user's access level (e.g. will not display members for which the caller doesn't have listRoleMembers account access) items: $ref: '#/components/schemas/RbacManagerRoleMember' RbacManagerRoleMembership: type: object properties: role: type: string description: The name of the role the user has permissions for for_account: type: string description: The account for which the user has the role permission created_at: type: string format: date-time description: Membership for a role in an account RbacManagerRoleSummary: type: object properties: name: type: string description: type: string created_at: type: string format: date-time RbacManagerRoleSummaryList: type: array items: $ref: '#/components/schemas/RbacManagerRoleSummary' RbacManagerSamlConfiguration: required: - acs_url - enabled - name - sp_entity_id type: object properties: name: pattern: ^[a-zA-Z0-9_-]+$ type: string description: The name to use for referencing this IDP configuration. This will configured as part of the url string the Idp must have the client POST the saml assertion to. enabled: type: boolean description: If this IDP configuration should be enabled for user logins sp_entity_id: type: string description: The entity ID for this SP. Can be the same for all IDP configurations in this installation or unique to each. This is typically a URL, but you can use any value as long as you also configure the IDP to expect this value. acs_url: type: string description: The URL the IDP can use to access the Assertion Consumer Service to provide the token for sso. This is the way to reach the rbac manager services /service/sso/auth/{IDP_name} route externally acs_https_port: type: integer description: The port number to use for https if not 443. If omitted or -1, 443 is assumed and used as a default idp_metadata_url: type: string description: The url where the SP (anchore) can retrieve the metadata about the Identity Provider. Only one of this or metadata_xml should be set. This is typically provided by the IDP. idp_metadata_xml: type: string description: The direct metadata xml payload, if a url is not available. Only one of this or metadata_url should be set. idp_username_attribute: type: string description: The SAML attribute to use from the response assertions to determine the anchore username. If unset, the subject is used. idp_account_attribute: type: string description: The SAML attribute to use from the response assertions to determine the anchore account to use. If unset, the default is used. idp_role_attribute: type: string description: The SAML attribute to use from the response assertions to determine the anchore role(s) to assign a new user in the specified account. If unset, the default is used. idp_groups_attribute: type: string description: The default value is `memberOf`. This field is available to overwrite the SAML attribute if your IDP is using a different SSO group value during the response assertions. default_account: type: string description: The anchore account to assign all users to from this IDP if no account attribute is mapped or present. default_role: type: string description: The default role to apply to new users from this IDP if no attribute is mapped or found in the SAML assertions. require_signed_assertions: type: boolean description: Require assertions in to be signed from the IDP default: true require_signed_response: type: boolean description: Require the authn response to be signed by the IDP default: true created_at: type: string format: date-time last_updated: type: string format: date-time require_existing_users: type: boolean description: Indicates if Anchore will require an authenticating SSO user to already exist. This field is ignored on POST/PUT Operations. default: false description: A named configuration for interaction with an Identity Provider that supports SAML 2.0 RbacManagerSamlConfigurationGet: allOf: - $ref: '#/components/schemas/RbacManagerSamlConfiguration' - type: object properties: user_groups: type: array description: List of user groups associated with this IDP (Only for GET operations) items: type: object properties: user_group: type: string description: The name of the user group added_on: type: string format: date-time description: The date and time the user group was associated with the IDP RbacManagerServiceVersion: type: object properties: service: type: object properties: version: type: string description: Semantic Version string of the service implementation api: type: object properties: version: type: string description: Semantic version of the api description: Api Version string db: type: object properties: schema_version: type: string description: Semantic version of the db schema engine: type: object properties: version: type: string description: Version of the installed engine library db: type: string description: Version of the installed engine db schema description: Version information for a service RbacManagerStatusResponse: type: object properties: busy: type: boolean up: type: boolean message: type: string description: System status response RbacManagerTokenResponse: required: - token type: object properties: token: type: string description: The token content description: An auth token for use in future requests as an Authorization header value of type 'bearer' RbacManagerUserRoleListing: type: array description: List of role mappings for a user items: $ref: '#/components/schemas/RbacManagerAccountRole' RbacManagerUserRoleMembership: type: array description: List of role mappings for a user items: $ref: '#/components/schemas/RbacManagerRoleMembership' RegexContentMatch: type: object properties: name: type: string description: The name associated with the regular expression regex: type: string description: The regular expression used for the match lines: type: array description: A list of line numbers in the file that matched the regex items: type: integer description: Match of a named regex on a file RegistryConfiguration: type: object properties: created_at: type: string format: date-time last_updated: type: string format: date-time registry_user: type: string description: Username portion of credential to use for this registry registry_type: type: string description: Type of registry account_name: type: string description: Anchore account that owns this registry entry registry: type: string description: hostname:port string for accessing the registry, as would be used in a docker pull operation registry_name: type: string description: human readable name associated with registry record registry_verify: type: boolean description: Use TLS/SSL verification for the registry URL description: A registry entry describing the endpoint and credentials for a registry to pull images from RegistryConfigurationList: type: array description: List of registry configurations items: $ref: '#/components/schemas/RegistryConfiguration' RegistryConfigurationRequest: type: object properties: registry_user: type: string description: Username portion of credential to use for this registry registry_pass: type: string description: Password portion of credential to use for this registry registry_type: type: string description: Type of registry registry: type: string description: hostname:port string for accessing the registry, as would be used in a docker pull operation. May include some or all of a repository and wildcards (e.g. docker.io/library/* or gcr.io/myproject/myrepository) registry_name: type: string description: human readable name associated with registry record registry_verify: type: boolean description: Use TLS/SSL verification for the registry URL description: A registry record describing the endpoint and credentials for a registry RegistryDigestSource: required: - pull_string - tag type: object properties: pull_string: type: string description: A digest-based pull string (e.g. docker.io/nginx@sha256:123abc) tag: type: string description: A valid docker tag reference (e.g. docker.io/nginx:latest) that will be associated with the image but not used to pull the image. creation_timestamp_override: type: string description: Optional override of the image creation time to support proper tag history construction in cases of out-of-order analysis compared to registry history for the tag format: date-time dockerfile: pattern: ^[a-zA-Z0-9+/=]+$ type: string description: Base64 encoded content of the dockerfile used to build the image, if available. description: An image reference using a digest in a registry, includes some extra tag and timestamp info in addition to the pull string to allow proper tag history reconstruction. nullable: true x-nullable: true RegistryTagSource: required: - pull_string type: object properties: pull_string: type: string description: A docker pull string (e.g. docker.io/nginx:latest, or docker.io/nginx@sha256:abd) to retrieve the image dockerfile: pattern: ^[a-zA-Z0-9+/=]+$ type: string description: Base64 encoded content of the dockerfile used to build the image, if available. description: An image reference using a tag in a registry, this is the most common source type. nullable: true x-nullable: true RelationshipSbomDiff: type: object properties: source_only: type: array description: Packages added based on the type of relationship. A "contains" relationship means packages present in the source artifact (image) not present in the target (source repo) of the relationship. items: $ref: '#/components/schemas/Package' target_only: type: array description: Packages removed based on the type of relationship. A "contains" relationship means packages not present in the source artifact (image) present in the target (source repo) of the relationship. items: $ref: '#/components/schemas/Package' source_modified: type: array items: $ref: '#/components/schemas/ModifiedPackage' both_unmodified: type: array items: $ref: '#/components/schemas/Package' description: 'The diff of two sboms with context applied in each difference. The "added" and "removed" directions depend on the relationship to which this diff applies. A relationship defines a source, a target, and a type. For example, a relationship of type "contains" with a source of an image and a target of a source revision will indicate that the diff is between the source repo sbom and the image sbom. Added packages are present in the image but not in the source, removed are present in the source revision but not in the image, etc. ' RelationshipType: type: string description: The type of relationship between to artifacts enum: - contains - contained_by ReportingApiErrorResponse: type: object properties: code: type: integer format: int32 error_type: type: string message: type: string detail: type: object properties: {} description: Details structure for additional information about the error if available. Content and structure will be error specific. description: Generic HTTP API error response ReportingServiceVersion: type: object properties: service: type: object properties: version: type: string description: Semantic Version string of the service implementation api: type: object properties: version: type: string description: Semantic version of the api description: Api Version string db: type: object properties: schema_version: type: string description: Semantic version of the db schema engine: type: object properties: version: type: string description: Version of the installed engine library db: type: string description: Version of the installed engine db schema description: Version information for a service ReportingStatusResponse: type: object properties: busy: type: boolean up: type: boolean message: type: string description: System status response ResourceLabel: type: object properties: key: type: string example: tag value: type: string example: docker.io/library/alpine:latest description: Label on the resource in the key value format RetrievedFile: type: object properties: path: type: string b64_content: type: string description: The retrieved file entry including content (b64 encoded) RetrievedFileList: type: array description: Simple array of RetrievedFileMetadata objects items: $ref: '#/components/schemas/RetrievedFile' RuleSet: required: - id - name - rules - version type: object additionalProperties: false properties: id: type: string name: type: string description: type: string description: Description of the Policy, human readable version: type: string artifact_type: type: string enum: - image - source rules: type: array items: $ref: '#/components/schemas/PolicyRule' SBOMVulnerabilitiesResponse: type: object properties: sbom_id: type: string vulnerabilities: type: array items: $ref: '#/components/schemas/PackageVulnerability' description: Envelope containing list of vulnerabilities for a source repo SecretSearchList: type: array description: Simple array of RetrievedFileMetadata objects items: $ref: '#/components/schemas/SecretSearchResult' SecretSearchResult: type: object properties: path: type: string matches: type: array items: $ref: '#/components/schemas/RegexContentMatch' description: The retrieved file entry including content (b64 encoded) Service: type: object properties: host_id: type: string description: The unique id of the host on which the service is executing service_name: type: string description: Registered service name base_url: type: string description: The url to reach the service, including port as needed status_message: type: string description: A state indicating the condition of the service. Normal operation is 'registered' service_detail: $ref: '#/components/schemas/StatusResponse' status: type: boolean version: type: string description: The version of the service as reported by the service implementation on registration description: A service status record ServiceList: type: array description: A list of service objects items: $ref: '#/components/schemas/Service' ServiceReference: type: object properties: host_id: type: string description: The unique id of the host on which the service is executing service_name: type: string description: Registered service name description: A reference to a service in the system ServiceVersion: type: object properties: service: type: object properties: version: type: string description: Semantic Version string of the service implementation api: type: object properties: version: type: string description: Semantic version of the api description: Api Version string db: type: object properties: schema_version: type: string description: Semantic version of the db schema description: Version information for a service Source: type: object properties: uuid: type: string description: A system-assigned identifier unique for each source analysis account_name: type: string description: The anchore account name that owns this resource host: type: string description: Host name for the repository location (e.g. github.com) repository_name: type: string description: The name of the repository on the host (e.g. 'anchore/anchore-engine') revision: type: string description: The commit ID for a git repository analysis_status: type: string description: The analysis state of the source enum: - not_analyzed - analyzed - analyzing - analysis_failed source_status: type: string description: The state of the source enum: - active - inactive - deleting created_at: type: string format: date-time last_updated: type: string format: date-time SourceContentPackageResponse: type: object properties: source_id: type: string content_type: type: string content: type: array items: $ref: '#/components/schemas/SourceContentPackageResponseContent' description: Package content listings from analysis sbom SourceContentPackageResponseContent: type: object properties: package: type: string version: type: string size: type: string type: type: string origin: type: string licenses: type: array items: type: string location: type: string cpes: type: array description: A list of Common Platform Enumerations that may uniquely identify the package items: type: string metadata_type: type: string description: The type of the metadata entry metadata: type: object properties: {} description: Package type specific metadata purl: type: string description: Package content listings from a source SourceImportContentResponse: type: object properties: digest: type: string created_at: type: string format: date-time SourceImportList: type: array items: $ref: '#/components/schemas/SourceImportOperation' SourceImportMetadata: required: - contents - host - repository_name - revision type: object properties: ci_workflow_name: type: string nullable: true ci_workflow_execution_time: type: string format: date-time nullable: true host: type: string repository_name: type: string branch_name: type: string nullable: true revision: type: string change_author: type: string nullable: true contents: required: - sbom type: object properties: sbom: type: string description: Digest to use for the sbom description: Digest of content to use in the final import SourceImportOperation: type: object properties: uuid: type: string status: type: string enum: - pending - queued - processing - complete - failed - expired expires_at: type: string format: date-time created_at: type: string format: date-time last_updated: type: string format: date-time description: An import record, creating a unique identifier for referencing the operation as well as its state SourceManifest: type: object properties: uuid: type: string account_name: type: string vcs_type: type: string host: type: string repository_name: type: string revision: type: string created_at: type: string format: date-time last_updated: type: string format: date-time analysis_status: type: string enum: - not_analyzed - analyzed - analyzing - analysis_failed source_status: type: string enum: - active - inactive - deleting metadata_records: type: array description: Array of metadata available items: $ref: '#/components/schemas/SourceManifestMetadataRecord' SourceManifestMetadataRecord: type: object properties: uuid: type: string ci_workflow_name: type: string nullable: true ci_workflow_execution_time: type: string format: date-time nullable: true branch_name: type: string nullable: true change_author: type: string nullable: true description: Metadata associated with a source upload SourceMappingRule: required: - allowlist_ids - host - id - name - repository - rule_set_ids type: object additionalProperties: false properties: id: type: string name: type: string allowlist_ids: type: array items: type: string rule_set_ids: type: array description: List of rule_set_ids to evaluate in order, to completion items: type: string description: rule_set_id to evaluate host: type: string repository: type: string description: type: string description: Description of the source to policy rule, human readable SourcePackageVulnerabilityResponse: type: object properties: source_id: type: string vulnerability_type: type: string vulnerabilities: type: array items: $ref: '#/components/schemas/PackageVulnerability' description: Envelope containing list of vulnerabilities for a source repo SourcePolicyEvaluation: required: - account_name - evaluation_id - evaluation_problems - evaluation_time - final_action - final_action_reason - findings - host - number_of_findings - policy - repository_name - revision - source_id - source_mapped_to_rule - status type: object properties: account_name: type: string description: The name of the account containing the source to evaluate evaluation_id: type: string description: The ID of this policy evaluation source_id: type: string description: The ID of the source repository that was evaluated host: type: string description: Host name for the repository location (e.g. github.com) repository_name: type: string description: The name of the repository on the host (e.g. 'anchore/anchore-engine') revision: type: string description: The commit ID for a git repository policy: $ref: '#/components/schemas/Policy' source_mapped_to_rule: type: boolean description: Whether the evaluated source repository matched a policy rule matched_mapping_rule: type: object properties: {} description: The policy mapping rule that the source repository being evaluated matched against. findings: type: array description: The detailed policy findings items: $ref: '#/components/schemas/SourcePolicyEvaluationFinding' number_of_findings: type: integer description: Number of policy findings in the response evaluation_time: type: string description: The date and time this policy evaluation was performed at format: date-time final_action: type: string description: The overall outcome of the evaluation. enum: - stop - go - warn final_action_reason: type: string description: The reason for the final result enum: - allowlisted - denylisted - policy_evaluation evaluation_problems: type: array description: list of error objects indicating errors encountered during evaluation execution items: $ref: '#/components/schemas/PolicyEvaluationProblem' status: type: string description: The overall status of the policy evaluation enum: - pass - fail description: A policy bundle evaluation result for a specific image, tag, policy tuple SourcePolicyEvaluationFinding: type: object properties: trigger_id: type: string description: ID of this policy trigger finding (can be used to allowlist this finding) gate: type: string description: Name of the gate that generated this finding trigger: type: string description: Name of the trigger that generated this finding message: type: string description: Description of the finding action: type: string description: The action associated with this finding enum: - go - stop - warn policy_id: type: string description: ID of the policy that this gate and trigger are a part of recommendation: type: string description: User provided details for resolving this finding rule_id: type: string description: ID of the policy rule that that generated this finding allowlisted: type: boolean description: Indicates if this finding was allowlisted or not allowlist_match: anyOf: - $ref: '#/components/schemas/NullType' - $ref: '#/components/schemas/PolicyFindingAllowlistMatch' SourceSBOM: type: object description: A Source SBOM Document SourcesList: type: object properties: items: type: array items: $ref: '#/components/schemas/Source' StandaloneVulnerability: type: object properties: id: type: string description: Vulnerability identifier. May be CVE-X, RHSA-X, etc. Not necessarily unique across namespaces namespace: type: string description: The namespace for the vulnerability record to avoid conflicts for the same id in different distros or sources (e.g. deb vs ubuntu for same CVE) affected_packages: type: array description: The array of packages (typically packages) that are vulnerable-to or provide fixes-for this vulnerability items: $ref: '#/components/schemas/PackageReference' severity: type: string description: Severity label specific to the namespace enum: - Unknown - Negligible - Low - Medium - High - Critical link: type: string description: URL for the upstream CVE record in the reporting source (e.g. ubuntu security tracker) nvd_data: $ref: '#/components/schemas/NvdDataList' vendor_data: $ref: '#/components/schemas/VendorDataList' description: type: string description: Description of the vulnerability if available references: type: array description: List of references including items: $ref: '#/components/schemas/VulnerabilityReference' description: A single vulnerability record in a single namespace, the unique key is the combination of the id and namespace StatusResponse: type: object properties: available: type: boolean busy: type: boolean up: type: boolean message: type: string version: type: string db_version: type: string detail: type: object properties: {} description: System status response Subscription: type: object properties: subscription_key: type: string description: The key value that the subscription references. E.g. a tag value or a repo name. subscription_type: type: string description: The type of the subscription subscription_value: type: string description: The value of the subscription target nullable: true account_name: type: string description: The account_name of the subscribed user active: type: boolean description: Is the subscription currently active subscription_id: type: string description: the unique id for this subscription record description: Subscription entry SubscriptionList: type: array description: List of subscriptions items: $ref: '#/components/schemas/Subscription' SubscriptionRequest: type: object properties: subscription_key: type: string subscription_value: type: string nullable: true subscription_type: type: string description: A subscription entry to add to the system SubscriptionUpdate: type: object properties: subscription_value: type: string description: The new subscription value, e.g. the new tag to be subscribed to nullable: true active: type: boolean description: Toggle the subscription processing on or off description: A modification to a subscription entry to change its status or value SystemStatistics: type: object properties: name: type: string description: type: string value_type: type: string value: type: integer SystemStatisticsList: type: object properties: items: type: array items: $ref: '#/components/schemas/SystemStatistics' SystemStatusResponse: type: object properties: service_states: $ref: '#/components/schemas/ServiceList' description: System status response TagEntry: type: object properties: full_tag: type: string description: The pullable string for the tag. E.g. "docker.io/library/node:latest" registry: type: string description: The registry hostname:port section of the pull string repo: type: string description: The repository section of the pull string tag: type: string description: The tag-only section of the pull string tag_detected_at: type: string description: The timestamp at which the Anchore Engine detected this tag was mapped to the image digest. Does not necessarily indicate when the tag was actually pushed to the registry. format: date-time description: A docker-pullable tag value as well as deconstructed components TagUpdateNotification: allOf: - $ref: '#/components/schemas/NotificationBase' - type: object properties: data: $ref: '#/components/schemas/TagUpdateNotificationData' description: The Notification Object definition for Tag Update Notifications TagUpdateNotificationData: allOf: - $ref: '#/components/schemas/BaseNotificationData' - type: object properties: notification_payload: $ref: '#/components/schemas/TagUpdateNotificationPayload' TagUpdateNotificationPayload: allOf: - $ref: '#/components/schemas/GenericNotificationPayload' - type: object properties: curr_eval: type: array description: A list containing the current image digest items: {} last_eval: type: array description: A list containing the previous image digests items: {} annotations: type: object properties: {} description: List of Corresponding Image Annotations nullable: true TokenResponse: required: - access_token type: object properties: access_token: type: string description: The token content expires_in: type: number description: The lifetime of the access token in seconds token_type: type: string description: The type of the token returned refresh_token: type: string description: The refresh token content TriggerParamSpec: type: object properties: name: type: string description: Parameter name as it appears in policy document description: type: string example: type: string description: An example value for the parameter (encoded as a string if the parameter is an object or list type) nullable: true state: type: string description: State of the trigger parameter enum: - active - deprecated - eol superseded_by: type: string description: The name of another trigger that supersedes this on functionally if this is deprecated nullable: true required: type: boolean description: Is this a required parameter or optional validator: type: object properties: {} description: If present, a definition for validation of input. Typically a jsonschema object that can be used to validate an input against. TriggerSpec: type: object properties: name: type: string description: Name of the trigger as it would appear in a policy document description: type: string description: Trigger description for what it tests and when it will fire during evaluation state: type: string description: State of the trigger enum: - active - deprecated - eol superseded_by: type: string description: The name of another trigger that supersedes this on functionally if this is deprecated nullable: true parameters: type: array description: The list of parameters that are valid for this trigger items: $ref: '#/components/schemas/TriggerParamSpec' description: Definition of a trigger and its parameters UUID: maxLength: 36 minLength: 36 pattern: ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$ type: string UnifiedRoles: type: object properties: role_name: type: string description: The name of the RBAC Role domain_name: type: string description: The domain (or account) name that provides the scope of the role User: required: - username type: object properties: username: type: string description: The username to authenticate with type: type: string description: The user's type enum: - native - saml source: type: string description: When the user 'type' is 'saml', this will be the EntityId of the IDP that they are authenticating from. Otherwise, this will be set to null. nullable: true created_at: type: string description: The timestamp of when the user record was created format: date-time last_updated: type: string description: The timestamp of the last update to this record format: date-time idp_name: type: string description: When the user 'type' is 'saml', this will be the configured name of the IDP that they are authenticating from. Otherwise, this will be set to null. nullable: true password_last_updated: type: string description: When the user 'type' is 'native', this will be the timestamp of the last time this user's credentials were updated. format: date-time nullable: true unified_roles: type: array description: The unified list of RBAC roles this user currently has in this account. items: $ref: '#/components/schemas/UnifiedRoles' description: A username for authenticating with one or more types of credentials. User type defines the expected credentials allowed for the user. Native users have passwords, other users have no credential internally. Internal users are service/system users for inter-service communication. UserApiKey: type: object required: - name - expires_at properties: name: type: string description: API key name description: type: string description: API key description expires_at: type: string format: date-time pattern: ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}Z$ description: API key expiration date in the RFC3339 format created_at: type: string format: date-time updated_at: type: string format: date-time version: type: string description: API key format version value: type: string description: API key value status: type: string enum: - active - expired - revoked UserCreationRequest: required: - username type: object properties: username: pattern: ^[a-zA-Z0-9][ a-zA-Z0-9@.!#$+=^_`~;:-]{1,126}[a-zA-Z0-9_]$ type: string description: The username for authentication. If the user_type is 'native', this name must not contain a colon character as per RFC 2617 (HTTP Basic and Digest Authentication). If the user_type is 'saml', then colons are allowed in the name since HTTP Basic auth is not used for that user type. password: pattern: .{6,128}$ type: string description: The initial password for the user, must be at least 6 characters, up to 128. This must be null when the user_type is not 'native'. user_type: type: string description: The user's type. A Native user authenticates using user/password log on. All other users will authenticate with an IDP. enum: - native - saml idp_name: type: string description: If the user is authenticating via an IDP, this is the name of the IDP. A 'native' user should have this set to null. description: A payload for creating a new user, includes the username and password in a single request UserGroup: required: - name - group_uuid type: object properties: name: pattern: ^[a-zA-Z0-9][ a-zA-Z0-9@.!#$+=^_`~;-]{1,126}[a-zA-Z0-9_]$ type: string description: The name of the user group description: type: string description: The description of the user group group_uuid: type: string description: The unique identifier for the user group created_at: type: string format: date-time description: The timestamp of when the user group was created last_updated: type: string description: The timestamp of the last update to this user group format: date-time account_roles: $ref: '#/components/schemas/UserGroupRoles' UserGroupPost: required: - name type: object properties: name: pattern: ^[a-zA-Z0-9][ a-zA-Z0-9@.!#$+=^_`~;-]{1,126}[a-zA-Z0-9_]$ type: string description: The name of the user group description: type: string description: The description of the user group UserGroupPatch: required: - description type: object properties: description: type: string description: The description of the user group UserGroupList: type: array items: $ref: '#/components/schemas/UserGroup' UserGroupRolePost: required: - for_account - roles type: object properties: for_account: type: string description: The account roles: type: array items: properties: role: type: string description: The name of the rbac role UserGroupRole: required: - for_account - roles type: object properties: for_account: type: string description: The account for this role roles: type: array items: type: object properties: role: type: string description: The role name created_at: type: string format: date-time description: The timestamp of when the role membership was created membership_id: type: string description: The unique identifier for the role membership UserGroupRoles: properties: items: type: array description: The list of accounts and all its roles which are configured in the user group items: $ref: '#/components/schemas/UserGroupRole' UserGroupUsersPost: required: - usernames properties: usernames: type: array description: The list of usernames to add to the user group items: properties: username: type: string description: A username UserGroupUser: required: - username type: object properties: username: type: string description: The username of the user added_on: type: string format: date-time description: The timestamp of when the user was added to the group UserGroupUsers: properties: items: type: array items: $ref: '#/components/schemas/UserGroupUser' VendorDataList: type: array description: List of Vendor Data objects items: $ref: '#/components/schemas/VendorDataObject' VendorDataObject: type: object properties: id: type: string description: Vendor Vulnerability ID cvss_v2: $ref: '#/components/schemas/CVSSV2Scores' cvss_v3: $ref: '#/components/schemas/CVSSV3Scores' VersionVulnerability: type: object properties: id: type: string description: The vulnerability id for the match nvd: type: array items: $ref: '#/components/schemas/VersionVulnerabilityNVD' vendor_data: $ref: '#/components/schemas/VersionVulnerabilityVendor' matches: type: array items: $ref: '#/components/schemas/VersionVulnerabilityMatch' description: A vulnerability in an application version vulnerability report with vulnerability data, affected artifacts, and packages VersionVulnerabilityMatch: type: object properties: fix: type: string location: type: object properties: artifact: type: object properties: id: type: string type: type: string package: type: object properties: name: type: string type: type: string version: type: string location: type: string description: The location of the match, which includes both the package and the artifact it belongs to description: The details of a match for a single matche for a vulnerability in an application version vulnerability report VersionVulnerabilityNVD: description: NVD entry for application version vulnerability allOf: - $ref: '#/components/schemas/VersionVulnerabilityVendorNVDCommon' - type: object properties: id: type: string VersionVulnerabilityReportImage: type: object properties: image_digest: type: string description: The definition of the image artifacts in the application version vulnerability report VersionVulnerabilityReportSource: type: object properties: uuid: type: string host: type: string repository_name: type: string revision: type: string description: The definition of the source artifacts in the application version vulnerability report VersionVulnerabilityVendor: description: The vendor information of the vulnerability allOf: - $ref: '#/components/schemas/VersionVulnerabilityVendorNVDCommon' - type: object properties: feed: type: string group: type: string will_not_fix: type: boolean VersionVulnerabilityVendorNVDCommon: type: object properties: cvss: type: object properties: cvss_v2: $ref: '#/components/schemas/CVSSV2Scores' cvss_v3: $ref: '#/components/schemas/CVSSV3Scores' description: type: string severity: type: string url: type: string description: Values common to vendor and nvd entries in application version vulnerability report VulnDiffResult: type: object properties: added: type: array items: {} updated: type: array items: {} removed: type: array items: {} description: The results of the comparing two vulnerability records during an update VulnUpdateNotification: allOf: - $ref: '#/components/schemas/NotificationBase' - type: object properties: data: $ref: '#/components/schemas/VulnUpdateNotificationData' description: The Notification Object definition for Vuln Update Notifications VulnUpdateNotificationData: allOf: - $ref: '#/components/schemas/BaseNotificationData' - type: object properties: notification_payload: $ref: '#/components/schemas/VulnUpdateNotificationPayload' VulnUpdateNotificationPayload: allOf: - $ref: '#/components/schemas/GenericNotificationPayload' - type: object properties: diff_vulnerability_result: $ref: '#/components/schemas/VulnDiffResult' image_digest: type: string annotations: type: object properties: {} description: List of Corresponding Image Annotations nullable: true VulnerabilityReference: type: object properties: source: type: string description: The reference source tags: type: array items: type: string url: type: string description: The reference url description: An external link/reference parameters: AsAccountParameter: name: x-anchore-account in: header description: An account name to change the resource scope of the request to that account, if permissions allow (admin only) schema: type: string AnchoreRequestIdParameter: name: Anchore-Request-Id in: header description: A request ID which will appear in all logs related to the request. It will appear on all logs in the call chain. This is auto generated if not provided. Limited to lowercase alphanumeric and hyphens with a max length of 64. schema: type: string pattern: ^[a-z0-9-]{1,64}$