Help Center/ Host Security Service/ API Reference/ API Description/ Container Images/ Querying the List of Image Security Configuration Detection Results
Updated on 2026-04-03 GMT+08:00
View PDF
Share

Querying the List of Image Security Configuration Detection Results

Function

Query the image security configuration check result list. Supported check items include the system configuration items and SSH application configuration items of CentOS 7, Debian 10, EulerOS, and Ubuntu 16 images.

Authorization Information

Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.

  • If you are using role/policy-based authorization, see Permissions Policies and Supported Actions for details on the required permissions.
  • If you are using identity policy-based authorization, no identity policy-based permission required for calling this API.

URI

GET /v5/{project_id}/image/baseline/risk-configs

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Definition

Project ID, which is used to specify the project that an asset belongs to. After the project ID is configured, you can query assets in the project using the project ID. For details about how to obtain it, see Obtaining a Project ID.

Constraints

N/A

Range

The value can contain 1 to 256 characters.

Default Value

N/A
Table 2 Query Parameters

Parameter

Mandatory

Type

Description

enterprise_project_id

No

String

Definition

Enterprise project ID, which is used to filter assets in different enterprise projects. For details, see Obtaining an Enterprise Project ID.

To query assets in all enterprise projects, set this parameter to all_granted_eps.

Constraints

You need to set this parameter only after the enterprise project function is enabled.

Range

The value can contain 1 to 256 characters.

Default Value

0: default enterprise project.

image_type

Yes

String

Definition

Used to filter the security configuration check results of a specified type of images. Different types of images correspond to different storage locations.

Constraints

The value must be within the specified range. Otherwise, an empty result will be returned.

Range

  • private_image: private image repository

  • shared_image: shared image repository

    • local_image: local image

  • instance_image: enterprise image

  • registry: repository image

  • local: local image. It is used to query global data.

Default Value

None

offset

No

Integer

Definition

Offset, which specifies the start position of the record to be returned.

Constraints

N/A

Range

The value range is 0 to 2,000,000.

Default Value

The default value is 0.

limit

No

Integer

Definition

Number of records displayed on each page.

Constraints

N/A

Range

Value range: 10-200

Default Value

10

namespace

No

String

Definition

Organization (namespace) name of the image repository, which is used to filter image detection results of a specified organization. This parameter is valid only for private and shared image repositories.

Constraints

This parameter is valid only when image_type is set to private_image or shared_image.

Range

A string that complies with the naming rules of the image repository organization.

Default Value

None

image_name

No

String

Definition

Image name, which is used to accurately filter the security configuration check results of a specified image.

Constraints

Fuzzy match is supported. For example, if euler is entered, all images whose names contain 'euler' can be matched.

Range

A string that complies with the naming rules of the image name.

Default Value

None

image_version

No

String

Definition

Image version, which is used to filter the security configuration check results of the specified image version. This parameter is used together with image_name.

Constraints

This parameter is valid only when image_name is specified. Otherwise, the filter criteria do not take effect.

Range

A string that complies with the naming rules of the image version.

Default Value

None

image_id

No

String

Definition

Unique ID of an image, which is used to accurately filter the security configuration check results of a specified image. Its priority is higher than that of image_name+image_version.

Constraints

If this parameter is specified, the image_name and image_version parameters will be ignored and images will be filtered by ID.

Range

Image ID. The value contains 0 to 128 characters.

Default Value

None

check_name

No

String

Definition

Name of the baseline used in a security configuration check, which is used to filter the detection results of a specified baseline (for example, CentOS 7 or EulerOS).

Constraints

Only the system baselines listed in the function description (CentOS 7, Debian 10, EulerOS, or Ubuntu16) are supported.

Range

For details about the supported baseline names, see the function description.

Default Value

None

severity

No

String

Definition

Risk level of the image security configuration check result, which is used to filter the check records of a specified risk level.

Constraints

The value must be within the specified range. Otherwise, an empty result will be returned.

Range

  • Security

  • Low

  • Medium

  • High

Default Value

None

standard

No

String

Definition

Standard that security configuration check complies with, which is used to filter check results of a specified standard.

Constraints

The value must be within the specified range. Otherwise, an empty result will be returned.

Range

  • cn_standard: DJCP MLPS compliance standard

  • hw_standard: Cloud security practice standard

Default Value

None

instance_id

No

String

Definition

Unique ID of the Huawei Cloud software repository (SWR) enterprise edition instance. It is used to filter the image detection results of a specified enterprise repository instance.

Constraints

This parameter is valid only when image_type is set to private_image and the SWR enterprise edition is used. The parameter is invalid for the SWR shared edition and local images.

Range

ID of the SWR enterprise edition instance.

Default Value

None

Request Parameters

Table 3 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

Definition

User token, which contains user identity and permissions. The token can be used for identity authentication when an API is called. For details about how to obtain the token, see Obtaining a User Token.

Constraints

N/A

Range

The value can contain 1 to 32,768 characters.

Default Value

N/A

Response Parameters

Status code: 200

Table 4 Response body parameters

Parameter

Type

Description

total_num

Integer

Definition

Total number of image security configuration check results that meet the filter criteria.

Range

The value range is 0 to 2,147,483,647.

data_list

Array of ImageRiskConfigsInfoResponseInfo objects

Definition

It contains details about the queried image security configuration check results. Each element corresponds to the baseline check summary of an image.

Range

Array length: 0 to the number of records displayed on each page
Table 5 ImageRiskConfigsInfoResponseInfo

Parameter

Type

Description

severity

String

Definition

Risk level of the image security configuration check result, which is used to filter the check records of a specified risk level.

Range

  • Security

  • Low

  • Medium

  • High

check_name

String

Definition

Name of the baseline used in a security configuration check, which is used to filter the detection results of a specified baseline (for example, CentOS 7 or EulerOS).

Range

For details about the supported baseline names, see the function description.

check_type

String

Definition

Used to distinguish the baseline type.

Range

The value can contain 0 to 256 characters.

standard

String

Definition

Standard that security configuration check complies with, which is used to filter check results of a specified standard.

Constraints

The value must be within the specified range. Otherwise, an empty result will be returned.

Range

  • cn_standard: DJCP MLPS compliance standard

  • hw_standard: Cloud security practice standard

check_rule_num

Integer

Definition

Total number of check items in the security configuration check corresponding to the baseline.

Range

Value range: 0 to 2,097,152

failed_rule_num

Integer

Definition

Number of check items that failed the baseline check (that is, insecure items).

Range

Value range: 0 to 2,097,152

check_type_desc

String

Definition

Detailed description of a baseline, including the baseline detection purpose and application scenarios.

Range

The value can contain 0 to 65,534 characters, including Chinese characters, letters, numbers, common punctuations, and spaces.

Example Requests

  • Query the security configuration result list of the private image whose namespace is scc_hss_container, image name is euleros, and image version is 2.2.

    GET https://{endpoint}/v5/{project_id}/image/baseline/risk-configs?offset=0&limit=200&image_type=private_image&namespace=scc_hss_container&image_name=euleros/test&image_version=2.2.6&enterprise_project_id=all_granted_eps

  • Query the security configuration check result list of the cicd image whose ID is 111.

    GET https://{endpoint}/v5/{project_id}/image/baseline/risk-configs?offset=0&limit=200&image_type=cicd&image_id=111&enterprise_project_id=all_granted_eps

Example Responses

Status code: 200

Request succeeded.

{
  "total_num" : 1,
  "data_list" : [ {
    "check_name" : "CentOS 7",
    "check_rule_num" : 3,
    "check_type" : 3,
    "check_type_desc" : "This document focuses on XXX.",
    "failed_rule_num" : 0,
    "severity" : "Low",
    "standard" : "cn_standard"
  } ]
}

Status Codes

Status Code

Description

200

Request succeeded.

Error Codes

See Error Codes.

Parent Topic: Container Images