Home
Searching for Images
Use the search tokens below to search for images.
Looking for help with writing your query? click
here
architecture
Use a text value ##### to find images based on
the docker image architecture, for example amd64 or arm64. Tip: Use
the hostArchitecture token to find images based on the host architecture.
Example
Show findings with amd64 docker image architecture
architecture: amd64
controls.controlId
Use a text value ##### to find controls by control
ID.
Example
Show images with this control ID
controls.controlId: 10826
controls.criticality
Use a text value ##### to find controls by criticality
level (MINIMAL, MEDIUM, SERIOUS, CRITICAL, URGENT).
Example
Show images with URGENT controls
controls.criticality: "URGENT"
controls.posture
Use a text value ##### to find controls by compliance
posture (PASS, FAIL).
Example
Show images with failed controls
controls.posture: "FAIL"
created
Use a date range or specific date to define when
images were created.
Examples
Find images created within certain dates
created: [2017-06-15 ... 2017-06-30]
Find images created on specific date
created:'2017-08-15'
hostArchitecture
Use a text value ##### to find images based on
the host architecture (amd64, arm64, x86_64).
Example
Show findings with arm64 host architecture
hostArchitecture: arm64
host.hostname
Use a text value ##### to define the hostname
you're looking for.
Example
Show findings with this hostname
host.hostname: dockerhost07.mydomain.com
host.ipAddress
Use a text value ##### to define a host IP address
you're interested in.
Example
Show findings with this IP address
host.ipAddress: 10.44.92.127
imageId
Use a text value ##### to define an image ID of
interest.
Example
Show findings with this image ID
imageId: c2d1b73a90ec
isDockerHubOfficial
Use the values true | false to
find Docker Hub official images.
Example
Show Docker Hub official images
isDockerHubOfficial: true
isInstrumented
Use the values true | false to
find instrumented images.
Example
Show instrumented images
isInstrumented: true
instrumentationState
Use a text value ##### to show images with certain
instrumentation state (QUEUED, COMPLETED, FAILED).
Example
Show images for which instrumentation is queued
instrumentationState: "QUEUED"
label.key
Use a text value ##### to define images with a
certain label name.
Example
Show findings with label name "vendor"
label.key: vendor
label.value
Use a text value ##### to define images with a
certain label value.
Example
Show findings with this label value
label.value: CentOS
lastComplianceScanDate
Use a date range or specific date to define when
images were last scanned for compliance.
Examples
Show images with last compliance scan within certain dates
lastComplianceScanDate: [2021-01-01 ... 2021-01-30]
Show images with last compliance scan starting 2020-10-15, ending
1 month ago
lastComplianceScanDate: [2020-10-15 ... now-1M]
Show images with last compliance scan starting 2 weeks ago, ending
1 second ago
lastComplianceScanDate: [now-2w ... now-1s]
Show images with last compliance scan on specific date
lastComplianceScanDate:'2021-01-18'
lastVmScanDate
Use a date range or specific date to define when
images were last scanned for vulnerabilities.
Examples
Show images last scanned within certain dates
lastVmScanDate: [2021-01-01 ... 2021-01-30]
Show images last scanned starting 2020-10-15, ending 1 month ago
lastVmScanDate: [2020-10-15 ... now-1M]
Show images last scanned starting 2 weeks ago, ending 1 second ago
lastVmScanDate: [now-2w ... now-1s]
Show images last scanned on specific date
lastVmScanDate:'2021-01-18'
layers.createdBy
Use a text value ##### to find images having layers
created by a certain user.
Example
Show findings created by jsmith
layers.createdBy: jsmith
layers.created
Use a date range or specific date to find when
layers were created.
Examples
Show findings with layers created within certain dates
layers.created: [2017-10-01 ... 2017-10-12]
Show findings with layers created starting 2017-10-01, ending 1
month ago
layers.created: [2017-10-01 ... now-1M]
Show findings with layers created starting 2 weeks ago, ending 1
second ago
layers.created: [now-2w ... now-1s]
Show findings with layers created on certain date
layers.created:'2017-09-22'
layers.id
Use a text value ##### to define images having
a certain layer ID.
Example
Show findings with this layer ID
layers.id: 12345
layers.sha
Use a text value ##### to define SHA 256 hash
of image layer.
Example
Show image layer with this SHA value
layers.sha: 163dc7f6b91a30bdaa867c28e7edc341e72da63b0f9056be497bd59a83bce695
layers.size
Use a text value ##### to define images having
layers with a certain size.
Example
Show findings with this layer size
layers.size: 10
layersCount
Use a text value ##### to find images having a
certain number of layers.
Example
Show findings with 12 layers
layersCount: 12
operatingSystem
Use values within quotes or backticks to help
you find images with an operating system you're interested in.
Examples
Show any images with this OS name
operatingSystem: Windows 2012
Show any images that contain components of OS name
operatingSystem: "Windows 2012"
Show images that match exact value "Windows 2012"
operatingSystem: `Windows 2012`
registryUuid
Use a text value ##### to find images having a
certain registry UUID.
Example
Show images with this registry UUID
registryUuid: ed46df944e1c
repoDigests.digest
Use a text value ##### to find images having a
certain repoDigest digest value.
Example
Show findings with this digest value
repoDigests.digest: 2c8d61c46f484d881db43b34d13ca47a269336e576c81cf007ca740fa9ec0800
repoDigests.registry
Use a text value ##### to find images having a
certain repoDigest registry name.
Example
Show findings with this repoDigest registry
repoDigests.registry: "my-registry-name"
repoDigests.repository
Use a text value ##### to find images having a
certain repoDigest repository name.
Example
Show findings with this repoDigest repository
repoDigests.repository: "repository-name"
repo.registry
Use a text value ##### to find images having a
certain repository registry name.
Example
Show findings with this registry
repo.registry: "my-registry-name"
repo.repository
Use a text value ##### to find images from a certain
image repository.
Example
Show findings from this image repository
repo.repository: "repository-name"
repo.tag
Use a text value ##### to find images having a
certain repository tag name.
Example
Show findings with this tag
repo.tag: "my-tag"
scanErrorCode
Use a text value ##### to find images that returned
a certain error code (e.g. CMS-1301, CMS-1311, CMS-1317, etc) during
the scan. See Scan Error Codes in the online help for codes.
Example
Show images that reported scan error code CMS-1301
scanErrorCode: CMS-1301
scanStatus
Use a text value ##### to find images based on
scan status (SUCCESS, FAILED).
Example
Show images with failed scan status
scanStatus: FAILED
scanType
Use a text value ##### to find images based on
the type of scan (STATIC, DYNAMIC, SCA) used to scan the image.
Example
Show images scanned with static scanning
scanType: STATIC
sha
Use a text value ##### to define an image by its
SHA 256 hash.
Example
Show findings with this SHA value
sha: 163dc7f6b91a30bdaa867c28e7edc341e72da63b0f9056be497bd59a83bce695
software.name
Use a text value ##### to define images running
a software application name you're interested in.
Example
Show findings with this software name
software.name: "MyApp"
software.version
Use a text value ##### to define images running
a software application version of interest.
Example
Show findings with this software version
software.version: "2.0.3"
software.fixVersion
Use a text value ##### to find software with specific
fix version.
Example
Show images with this software version
software.fixVersion: 2.0.3
software.vulnerabilities.authType
Use a text value ##### to find software vulnerabilities
with an authentication type (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH,
etc). See Authentication Types in online help for more options.
Example
Show findings with Windows auth type
software.vulnerabilities.authType: "WINDOWS_AUTH"
software.vulnerabilities.category
Use a text value ##### to find software vulnerabilities
with a vulnerability category (CGI, Database, DNS, BIND, etc). See
Vulnerability Categories in online help for category names.
Example
Show findings with category CGI
software.vulnerabilities.category: "CGI"
software.vulnerabilities.customerSeverity
Use an integer value ##### to find software vulnerabilities
with this customer defined severity (1-5).
Examples
Show findings with customer-defined severity 4
software.vulnerabilities.customerSeverity: "4"
Show findings with customer-defined severity 5 and category DNS
software.vulnerabilities: (customerSeverity: "5"
AND category: "DNS")
software.vulnerabilities.cveids
Use a text value ##### to find software vulnerabilities
with CVE Ids.
Example
Show findings with CVE Ids
software.vulnerabilities.cveids: "CVE-2014-9999"
software.vulnerabilities.cvssInfo.accessVector
Use a text value ##### to find images having software
vulnerabilities with specific CVSS access vector.
Example
Show findings with CVSS access vector
software.vulnerabilities.cvssInfo.accessVector: "Local"
software.vulnerabilities.cvssInfo.baseScore
Use a integer value ##### to find images having
software vulnerabilities with specific CVSS base score.
Example
Show findings with CVSS base score
software.vulnerabilities.cvssInfo.baseScore: "7.2"
software.vulnerabilities.cvssInfo.temporalScore
Use a integer value ##### to find images having
software vulnerabilities with specific CVSS temporal score.
Example
Show findings with CVSS temporal score
software.vulnerabilities.cvssInfo.temporalScore: "6.2"
software.vulnerabilities.cvss3Info.baseScore
Use a integer value ##### to find images having
software vulnerabilities with specific CVSS3 base score.
Example
Show findings with CVSS3 base score
software.vulnerabilities.cvss3Info.baseScore: "4.3"
software.vulnerabilities.cvss3Info.temporalScore
Use a integer value ##### to find images having
software vulnerabilities with specific CVSS3 temporal score.
Example
Show findings with CVSS3 temporal score
software.vulnerabilities.cvss3Info.temporalScore: "3.8"
software.vulnerabilities.discoveryType
Use a text value ##### to find software vulnerabilities
with a discovery type (REMOTE or AUTHENTICATED).
Example
Show findings with Remote discovery type
software.vulnerabilities.discoveryType: "REMOTE"
software.vulnerabilities.firstFound
Use a date range or specific date to find when
software vulnerabilities were first found.
Examples
Show findings first found within certain dates
software.vulnerabilities.firstFound: [2017-10-01 ...
2017-10-12]
Show findings first found starting 2017-10-01, ending 1 month ago
software.vulnerabilities.firstFound: [2017-10-01 ...
now-1M]
Show findings first found starting 2 weeks ago, ending 1 second
ago
software.vulnerabilities.firstFound: [now-2w ... now-1s]
Show findings first found on certain date
software.vulnerabilities.firstFound:'2017-09-22'
Show findings first found in the past 10 days with severity 5
software.vulnerabilities: (firstFound > now-10d
AND severity: "5")
software.vulnerabilities.fixed
Use a date range or specific date to find software
with vulnerabilities that are fixed.
Examples
Show findings first found within certain dates
software.vulnerabilities.fixed: [2017-10-01 ... 2017-10-12]
Show findings first found starting 2017-10-01, ending 1 month ago
software.vulnerabilities.fixed: [2017-10-01 ... now-1M]
Show findings first found starting 2 weeks ago, ending 1 second
ago
software.vulnerabilities.fixed: [now-2w ... now-1s]
Show findings first found on certain date
software.vulnerabilities.fixed:'2017-09-22'
Show findings first found in the past 10 days with severity 5
software.vulnerabilities: (fixed > now-10d
AND severity: "5")
software.vulnerabilities.lastFound
Use a date range or specific date to find when
software vulnerabilities were last found.
Examples
Show findings last found within certain dates
software.vulnerabilities.lastFound: [2017-10-02 ...
2017-10-15]
Show findings last found starting 2017-10-01, ending 1 month ago
software.vulnerabilities.lastFound: [2017-10-01 ...
now-1M]
Show findings last found starting 2 weeks ago, ending 1 second ago
software.vulnerabilities.lastFound: [now-2w ... now-1s]
Show findings last found on certain date
software.vulnerabilities.lastFound:'2017-10-11'
Show findings last found on 2017-10-12 and category CGI
software.vulnerabilities: (lastFound: '2017-10-12'
AND category: "CGI")
software.vulnerabilities.result
Use a text value ##### to find software packages
that have vulnerabilities. This is scan (QID) test result generated
by signature.
Example
Show findings with libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4
software.vulnerabilities.result: "libexpat1 2.1.0-6+deb8u3
2.1.0-6+deb8u4"
software.vulnerabilities.risk
Use an integer value ##### to find software vulnerabilities
having a certain risk rating. For confirmed and potential issues risk
is 10 times severity, for information gathered it is severity.
Example
Show findings with risk 50
software.vulnerabilities.risk: 50
software.vulnerabilities.severity
Use an integer value ##### to find software vulnerabilities
with this Qualys defined severity (1-5).
Examples
Show findings with severity 4
software.vulnerabilities.severity: "4"
Show findings with severity 5 and category DNS
software.vulnerabilities: (severity: "5"
AND category: "DNS")
software.vulnerabilities.supportedBy
Use a text value ##### to find software vulnerabilities
that are supported by a Qualys product (VM, WAS, MD, WAF, CA-Windows
Agent, CA-Linux Agent, CA-Mac Agent).
Example
Show findings supported by VM
software.vulnerabilities.supportedBy: "VM"
software.vulnerabilities.threatIntel
Use a text value ##### to find software vulnerabilities
that are exposed to real-time threats.
Examples
Show findings exposed to public exploit threats
software.vulnerabilities.threatIntel: "publicExploit":
true
Show findings exposed to multiple threats
software.vulnerabilities.threatIntel: {"publicExploit"
: true, "publicExploitNames" : ["Sambar Server 4.3/4.4
Beta 3 - Search CGI - The Exploit-DB Ref : 20223" ]}
software.vulnerabilities.typeDetected
Use a text value ##### to find software vulnerabilities
with a detection type (CONFIRMED or POTENTIAL).
Example
Show findings with this detection type
software.vulnerabilities.typeDetected: "CONFIRMED"
software.vulnerabilities.qid
Use an integer value ##### to provide a QID to
find images with software having certain vulnerability.
Example
Show findings with QID 90405
software.vulnerabilities.qid: 90405
software.vulnerabilities.title
Use an text value ##### to provide a title to
find images with software having certain vulnerability.
Example
Show findings with title
software.vulnerabilities.title: title text
software.vulnerabilities.software.name
Use a text value ##### to find vulnerability present
in certain software.
Example
Show findings with software name
software.vulnerabilities.software.name: my-app
software.vulnerabilities.software.version
Use a text value ##### to find vulnerability present
in certain software version.
Example
Show findings with software version
software.vulnerabilities.software.version: 8.0
software.vulnerabilities.software.fixVersion
Use a text value ##### to find vulnerability present
in certain software fix version.
Example
Show findings with certain fix version
software.vulnerabilities.software.fixVersion: 8.0
software.vulnerabilities.source
Use a text value ##### to find software vulnerability
from specific source (CONTAINER, IMAGE, BOTH).
Example
Show software software from images
software.vulnerabilities.source: IMAGE
software.vulnerabilities.reason
Use a text value ##### to find software vulnerability
with specific state (Fixed, New, Removed, Varied)
Example
Show software software that is new
software.vulnerabilities.reason: NEW
software.vulnerabilities.threatIntel.activeAttacks
Use the values true | false to
find images with software vulnerabilities leading to real-time threats
due to active attacks.
Example
Show images exposed to threats due to active attacks
software.vulnerabilities.threatIntel.activeAttacks: true
software.vulnerabilities.threatIntel.denialOfService
Use the values true | false to
find images with software vulnerabilities leading to real-time threats
due to denial of service.
Example
Show images having threats due to denial of service
software.vulnerabilities.threatIntel.denialOfService: true
software.vulnerabilities.threatIntel.easyExploit
Use the values true | false to
find images with software vulnerabilities leading to real-time threats
due to easy exploit.
Example
Show images exposed to threats due to easy exploit
software.vulnerabilities.threatIntel.easyExploit: true
software.vulnerabilities.threatIntel.highDataLoss
Use the values true | false to
find images with software vulnerabilities leading to real-time threats
due to high data loss.
Example
Show images exposed to threats due to high data loss
software.vulnerabilities.threatIntel.highDataLoss: true
software.vulnerabilities.threatIntel.highLateralMovement
Use the values true | false to
find images with software vulnerabilities leading to real-time threats
due to high lateral movement.
Example
Show images exposed to threats due to high lateral movement
software.vulnerabilities.threatIntel.highLateralMovement:
true
software.vulnerabilities.threatIntel.malware
Use the values true | false to
find images with software vulnerabilities leading to real-time threats
due to malware.
Example
Show images exposed to threats due to malware
software.vulnerabilities.threatIntel.malware: true
software.vulnerabilities.threatIntel.noPatch
Use the values true | false to
find images with software vulnerabilities leading to real-time threats
due to no patch available.
Example
Show images exposed to threats due to no patch available
software.vulnerabilities.threatIntel.noPatch: true
software.vulnerabilities.threatIntel.publicExploit
Use the values true | false to
find images with software vulnerabilities leading to real-time threats
due to public exploit.
Example
Show images exposed to threats due to public exploit
software.vulnerabilities.threatIntel.publicExploit: true
source
Use a text value ##### to find images from specific
source (CICD, GENERAL, HOST, INSTRUMENTATION, REGISTRY, SERVERLESS_FARGATE).
Example
Show images from registry
source: REGISTRY
updated
Use a date range or specific date to define when
images were updated. The updated date is modified with each event
on the image, and with vulnerability report processing for the image.
Examples
Find images updated within certain dates
updated: [2019-06-15 ... 2019-06-30]
Find images updated on specific date
updated:'2019-08-15'
users
Use a text value ##### to define images having
a user name you're looking for.
Example
Show findings with this user name
users: "asmith"
vulnerabilities.authType
Use a text value ##### to find images having vulnerabilities
with an authentication type (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH,
etc). See Authentication Types in online help for more options.
Example
Show findings with Windows auth type
vulnerabilities.authType: "WINDOWS_AUTH"
vulnerabilities.category
Use a text value ##### to find images with vulnerabilities
having a vulnerability category (CGI, Database, DNS, BIND, etc). See
Vulnerability Categories in online help for category names.
Example
Show findings with category CGI
vulnerabilities.category: "CGI"
vulnerabilities.customerSeverity
Use an integer value ##### to find images having
vulnerabilities with this customer defined severity (1-5).
Examples
Show findings with customer-defined severity 4
vulnerabilities.customerSeverity: "4"
Show findings with customer-defined severity 5 and category DNS
vulnerabilities: (customerSeverity: "5"
AND category: "DNS")
vulnerabilities.cveids
Use a text value ##### to find images having vulnerabilities
with the CVE name you're interested in.
Example
Show findings with CVE name CVE-2015-0313
vulnerabilities.cveids: CVE-2015-0313
vulnerabilities.cvssInfo.accessVector
Use a text value ##### to find images having vulnerabilities
with specific CVSS access vector.
Example
Show findings with CVSS access vector
vulnerabilities.cvssInfo.accessVector: "Local"
vulnerabilities.cvssInfo.baseScore
Use a integer value ##### to find images having
vulnerabilities with specific CVSS base score.
Example
Show findings with CVSS base score
vulnerabilities.cvssInfo.baseScore: "7.2"
vulnerabilities.cvssInfo.temporalScore
Use a integer value ##### to find images having
vulnerabilities with specific CVSS temporal score.
Example
Show findings with CVSS temporal score
vulnerabilities.cvssInfo.temporalScore: "6.2"
vulnerabilities.cvss3Info.baseScore
Use a integer value ##### to find images having
vulnerabilities with specific CVSS3 base score.
Example
Show findings with CVSS3 base score
vulnerabilities.cvss3Info.baseScore: "4.3"
vulnerabilities.cvss3Info.temporalScore
Use a integer value ##### to find images having
vulnerabilities with specific CVSS3 temporal score.
Example
Show findings with CVSS3 temporal score
vulnerabilities.cvss3Info.temporalScore: "3.8"
vulnerabilities.discoveryType
Use a text value ##### to find images having vulnerabilities
with a discovery type (REMOTE or AUTHENTICATED).
Example
Show findings with Remote discovery type
vulnerabilities.discoveryType: "REMOTE"
vulnerabilities.firstFound
Use a date range or specific date to define when
vulnerabilities on image were first found.
Examples
Show findings first found within certain dates
vulnerabilities.firstFound: [2017-10-01 ... 2017-10-12]
Show findings first found starting 2017-10-01, ending 1 month ago
vulnerabilities.firstFound: [2017-10-01 ... now-1M]
Show findings first found starting 2 weeks ago, ending 1 second
ago
vulnerabilities.firstFound: [now-2w ... now-1s]
Show findings first found on certain date
vulnerabilities.firstFound:'2017-09-22'
Show findings first found in the past 10 days with severity 5
vulnerabilities: (firstFound > now-10d
AND severity: "5")
vulnerabilities.fixed
Use a date range or specific date to define when
vulnerabilities on image were fixed.
Examples
Show findings fixed within certain dates
vulnerabilities.fixed: [2017-10-01 ... 2017-10-12]
Show findings fixed starting 2017-10-01, ending 1 month ago
vulnerabilities.fixed: [2017-10-01 ... now-1M]
Show findings fixed starting 2 weeks ago, ending 1 second ago
vulnerabilities.fixed: [now-2w ... now-1s]
Show findings fixed on certain date
vulnerabilities.fixed:'2017-09-22'
Show findings fixed in the past 10 days with severity 5
vulnerabilities: (fixed > now-10d AND
severity: "5")
vulnerabilities.lastFound
Use a date range or specific date to define when
vulnerabilities on image were last found.
Examples
Show findings last found within certain dates
vulnerabilities.lastFound: [2017-10-02 ... 2017-10-15]
Show findings last found starting 2017-10-01, ending 1 month ago
vulnerabilities.lastFound: [2017-10-01 ... now-1M]
Show findings last found starting 2 weeks ago, ending 1 second ago
vulnerabilities.lastFound: [now-2w ... now-1s]
Show findings last found on certain date
vulnerabilities.lastFound:'2017-10-11'
Show findings last found on 2017-10-12 and category CGI
vulnerabilities: (lastFound: '2017-10-12'
AND category: "CGI")
vulnerabilities.product
Use a text value ##### to find images having vulnerabilities
on a certain vendor product (moodle, gnome, code-crafters, etc). See
Product References in online help for vendor names.
Example
Show findings for this product
vulnerabilities.product: "moodle"
vulnerabilities.result
Use values within quotes or backticks to help
you find images having a detection result you're interested in.
Examples
Show any images that contain components of detection results
vulnerabilities.result: "Windows 2012"
Show images that match exact value "Windows 2012"
vulnerabilities.result: `Windows 2012`
vulnerabilities.risk
Use an integer value ##### to find images with
vulnerabilities having a certain risk rating. For confirmed and potential
issues risk is 10 times severity, for information gathered it is severity.
Example
Show findings with risk 50
vulnerabilities.risk: 50
vulnerabilities.severity
Use an integer value ##### to find images having
vulnerabilities with this Qualys defined severity (1-5).
Examples
Show findings with severity 4
vulnerabilities.severity: "4"
Show findings with severity 5 and category DNS
vulnerabilities: (severity: "5"
AND category: "DNS")
vulnerabilities.status
Use a text value ##### to find images having vulnerabilities
with a vulnerability status (OPEN, FIXED or REOPENED).
Example
Show findings with this status
vulnerabilities.status: "OPEN"
vulnerabilities.supportedBy
Use a text value ##### to find images having vulnerabilities
that are supported by a Qualys product (VM, WAS, MD, WAF, CA-Windows
Agent, CA-Linux Agent, CA-Mac Agent).
Example
Show findings supported by VM
vulnerabilities.supportedBy: "VM"
vulnerabilities.threatIntel.activeAttacks
Use the values true | false to
find images exposed to real-time threats due to active attacks.
Example
Show images exposed to active attacks
vulnerabilities.threatIntel.activeAttacks: true
vulnerabilities.threatIntel.denialOfService
Use the values true | false to
find images exposed to real-time threats due to denial of service.
Example
Show images exposed to denial of service
vulnerabilities.threatIntel.denialOfService: true
vulnerabilities.threatIntel.easyExploit
Use the values true | false to
find images exposed to real-time threats due to easy exploit.
Example
Show images exposed to easy exploit
vulnerabilities.threatIntel.easyExploit: true
vulnerabilities.threatIntel.highDataLoss
Use the values true | false to
find images exposed to real-time threats due to high data loss.
Example
Show images exposed to high data loss
vulnerabilities.threatIntel.highDataLoss: true
vulnerabilities.threatIntel.highLateralMovement
Use the values true | false to
find images exposed to real-time threats due to high lateral movement.
Example
Show images exposed to high lateral movement
vulnerabilities.threatIntel.highLateralMovement: true
vulnerabilities.threatIntel.malware
Use the values true | false to
find images exposed to real-time threats due to malware.
Example
Show images exposed to malware threats
vulnerabilities.threatIntel.malware: true
vulnerabilities.threatIntel.noPatch
Use the values true | false to
find images exposed to real-time threats due to no patch available.
Example
Show images exposed to threats due to no patch available
vulnerabilities.threatIntel.noPatch: true
vulnerabilities.threatIntel.publicExploit
Use the values true | false to
find images exposed to real-time threats due to public exploit.
Example
Show images exposed to public exploit threats
vulnerabilities.threatIntel.publicExploit: true
vulnerabilities.typeDetected
Use a text value ##### to find images having vulnerabilities
with a detection type (CONFIRMED or POTENTIAL).
Example
Show findings with this detection type
vulnerabilities.typeDetected: "CONFIRMED"
vulnerabilities.vendor
Use a text value ##### to find images having vulnerabilities
on product from a certain vendor. See Vendor References in online
help for vendor names.
Example
Show findings for this vendor
vulnerabilities.vendor: "vendor-name"
vulnerabilities.qid
Use an integer value ##### to provide a QID to
find images with certain vulnerability.
Example
Show findings with QID 90405
vulnerabilities.qid: 90405
vulnerabilities.title
Use an text value ##### to provide a title to
find images with certain vulnerability.
Example
Show findings with title
vulnerabilities.title: title text
vulnerabilities.software.name
Use a text value ##### to find vulnerability present
in certain software.
Example
Show findings with software name
vulnerabilities.software.name: my-app
vulnerabilities.software.version
Use a text value ##### to find vulnerability present
in certain software version.
Example
Show findings with software version
vulnerabilities.software.version: 8.0
vulnerabilities.software.fixVersion
Use a text value ##### to find vulnerability present
in certain software fix version.
Example
Show findings with certain fix version
vulnerabilities.software.fixVersion: 8.0
author
Use a text value ##### to find images that have
an author you're looking for.
Example
Show findings having this author name
author: "jkim"
dockerVersion
Use a text value ##### to define a Docker version
you're looking for.
Example
Show findings with this Docker version
dockerVersion: 17.3
size
Use a text value ##### to find a Docker image
of a certain size.
Example
Show findings of this size
size: 300555112
services.name
Use a text value ##### to find images with specific
services running on them.
Example
Show findings with service name
services.name: sshd
services.description
Use a text value ##### to find images with the
description of specific services running on them.
Example
Show findings with service description
services.description: Secure Socket Shell
services.status
Use a text value ##### to find images with the
status of specific services running on them. Status could be RUNNING,
STOPPED, etc.
Example
Show findings with service status
services.status: RUNNING
and
Use a boolean query to express your query using
AND logic.
Example
Show images with static scanning and with Failed scan status
scanType: STATIC and scanStatus: FAILED
not
Use a boolean query to express your query using
NOT logic.
Example
Show images that don't have Failed scan status
not scanStatus: FAILED
or
Use a boolean query to express your query using
OR logic.
Example
Show images with one of these repository tag names
repo.tag: "tag123" or repo.tag:
"tagABC"
layers.comment
Use a text value ##### to define images with layer comment you're interested in.
Example
Show findings with this layer comment
layers.comment: "my comment"