Help Center/ Host Security Service/ API Reference/ API Description/ Security Operations/ Querying the Security Check Report Information of a Cluster
Updated on 2025-09-08 GMT+08:00

Querying the Security Check Report Information of a Cluster

Function

This API is used to query the security check report information of a cluster.

Calling Method

For details, see Calling APIs.

URI

GET /v5/{project_id}/security-check/containers/cluster-reports/{report_id}

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Definition

Project ID, which is used to specify the project that an asset belongs to. After the project ID is configured, you can query assets in the project using the project ID. For details about how to obtain it, see Obtaining a Project ID.

Constraints

N/A

Range

The value can contain 1 to 256 characters.

Default Value

N/A

report_id

Yes

String

Definition

ID of the cluster security check report.

Constraints

N/A

Range

Length: 1 to 64 characters

Default Value

N/A

Table 2 Query Parameters

Parameter

Mandatory

Type

Description

enterprise_project_id

No

String

Definition

Enterprise project ID, which is used to filter assets in different enterprise projects. For details, see Obtaining an Enterprise Project ID.

To query assets in all enterprise projects, set this parameter to all_granted_eps.

Constraints

You need to set this parameter only after the enterprise project function is enabled.

Range

The value can contain 1 to 256 characters.

Default Value

0: default enterprise project.

Request Parameters

Table 3 Request header parameters

Parameter

Mandatory

Type

Description

x-language

No

String

language

Response Parameters

Status code: 200

Table 4 Response body parameters

Parameter

Type

Description

scan_time

Long

Definition

Evaluated on

Range

N/A

cluster_id

String

Definition

Cluster ID.

Range

N/A

cluster_name

String

Definition

Cluster Name

Range

N/A

cluster_category

String

Definition

Cluster type.

Range

  • CCE: CCE standard cluster

  • Turbo: CCE Turbo cluster

local_image_vul_num

Integer

Definition

Number of local image vulnerabilities

Range

N/A

risk_config_num

Integer

Definition

Number of baseline risks

Range

N/A

privileged_container_num

Integer

Definition

Number of privileged containers

Range

N/A

pod_num

Integer

Definition

Number of pods

Range

N/A

host_num

Integer

Definition

Number of nodes.

Range

N/A

container_num

Integer

Definition

Containers

Range

N/A

port_num

Integer

Definition

Port Quantity

Range

N/A

process_num

Integer

Definition

Number of processes.

Range

N/A

app_num

Integer

Definition

Pieces of software.

Range

N/A

local_image_vul_list

Array of ClusterSecurityCheckLocalImageVulInfo objects

Definition

Local image vulnerabilities

Range

N/A

baseline_detection_list

Array of ClusterSecurityCheckBaseLineDetectionInfo objects

Definition

Baseline check item list.

Range

N/A

privileged_container_list

Array of ClusterSecurityCheckPrivilegedContainerInfo objects

Definition

Privileged container list.

Range

N/A

port_list

Array of ClusterSecurityCheckPortInfo objects

Definition

Port list.

Range

N/A

app_list

Array of ClusterSecurityCheckAppInfo objects

Definition

Software list.

Range

N/A

process_list

Array of ClusterSecurityCheckProcessInfo objects

Definition

Processes

Range

N/A

Table 5 ClusterSecurityCheckLocalImageVulInfo

Parameter

Type

Description

local_image_name

String

Definition

Local image name

Range

N/A

local_image_version

String

Definition

Local image version

Range

N/A

local_image_size

Long

Definition

Local image size

Range

N/A

vul_name

String

Definition

Vulnerability name.

Range

N/A

app_name

String

Definition

Software name

Range

N/A

app_version

String

Definition

Software version

Range

N/A

severity_level

String

Definition

Vulnerability risk level

Range

  • High: high-risk vulnerability

  • Medium: medium-risk vulnerability

  • Low: low-risk vulnerability

solution

String

Definition

Solution to fix the vulnerability.

Range

N/A

vul_description

String

Definition

Vulnerability description.

Range

N/A

Table 6 ClusterSecurityCheckBaseLineDetectionInfo

Parameter

Type

Description

severity

String

Definition

Baseline risk level.

Range

  • High: high-risk baseline

  • Medium: medium-risk baseline

  • Low: low-risk baseline

check_name

String

Definition

Baseline Name

Range

N/A

check_type

String

Definition

Baseline Type

Range

N/A

standard

String

Definition

Standard type.

Range

  • hw_standard: cloud security practice

  • cn_standard: DJCP MLPS compliance

  • cis_standard: general security standard

check_rule_num

Integer

Definition

Check Items

Range

N/A

failed_rule_num

Integer

Definition

Number of risk items.

Range

N/A

check_type_desc

String

Definition

Baseline description

Range

N/A

baseline_item_list

Array of ClusterSecurityCheckBaselineItemInfo objects

Definition

Baseline check item list.

Range

N/A

Table 7 ClusterSecurityCheckBaselineItemInfo

Parameter

Type

Description

severity

String

Definition

Specifies the risk level of a check item.

Range

  • High: high-risk

  • Medium: medium-risk

  • Low: low-risk

check_item

String

Definition

Check Item

Range

N/A

check_description

String

Definition

Check Item Description

Range

N/A

check_remediation

String

Definition

Suggestion

Range

N/A

Table 8 ClusterSecurityCheckPrivilegedContainerInfo

Parameter

Type

Description

container_name

String

Definition

Container name

Range

N/A

container_id

String

Definition

Container ID

Range

N/A

container_status

String

Definition

Container status.

Range

  • running: running

  • terminated: stopped

pod_name

String

Definition

Pod name.

Range

N/A

host_name

String

Definition

Node name.

Range

N/A

private_ip

String

Definition

Private IP address.

Range

N/A

public_ip

String

Definition

EIP.

Range

N/A

event_abstract

String

Definition

Event summary

Range

N/A

Table 9 ClusterSecurityCheckPortInfo

Parameter

Type

Description

port

Integer

Definition

Port number.

Range

N/A

container_id

String

Definition

Container ID

Range

N/A

container_name

String

Definition

Container name

Range

N/A

pod_name

String

Definition

Pod name

Range

N/A

host_name

String

Definition

Node name.

Range

N/A

private_ip

String

Definition

Private IP address.

Range

N/A

public_ip

String

Definition

EIP.

Range

N/A

path

String

Definition

Program file

Range

N/A

pid

Integer

Definition

Process ID

Range

N/A

laddr

String

Definition

Listening IP address.

Range

N/A

Table 10 ClusterSecurityCheckAppInfo

Parameter

Type

Description

app_name

String

Definition

Software name

Range

N/A

app_version

String

Definition

Software version

Range

N/A

container_id

String

Definition

Container ID

Range

N/A

container_name

String

Definition

Container name.

Range

N/A

host_name

String

Definition

Node name.

Range

N/A

private_ip

String

Definition

Private IP address.

Range

N/A

public_ip

String

Definition

EIP.

Range

N/A

update_time

Long

Definition

Update time.

Range

N/A

recent_scan_time

Long

Definition

Last scan time.

Range

N/A

Table 11 ClusterSecurityCheckProcessInfo

Parameter

Type

Description

container_id

String

Definition

Container ID

Range

N/A

container_name

String

Definition

Container name

Range

N/A

host_name

String

Definition

Node name.

Range

N/A

private_ip

String

Definition

Private IP address.

Range

N/A

public_ip

String

Definition

EIP.

Range

N/A

start_time

Long

Definition

Start time.

Range

N/A

pid

Integer

Definition

Process ID

Range

N/A

permission

String

Definition

File permissions

Range

N/A

user_name

String

Definition

User who starts the execution.

Range

N/A

launch_params

String

Definition

Startup parameter.

Range

N/A

hash

String

Definition

File hashes.

Range

N/A

Example Requests

None

Example Responses

Status code: 200

Request succeeded.

{
  "scan_time" : 1745051197000,
  "cluster_id" : "27716-6331ef-02c62-11958-f55d39",
  "cluster_name" : "test-cluster",
  "cluster_category" : "CCE",
  "local_image_vul_num" : 1,
  "risk_config_num" : 1,
  "privileged_container_num" : 1,
  "pod_num" : 1,
  "host_num" : 1,
  "container_num" : 1,
  "port_num" : 1,
  "process_num" : 1,
  "app_num" : 1,
  "local_image_vul_list" : {
    "local_image_name" : "test-image",
    "local_image_version" : "1.0.0",
    "local_image_size" : 10,
    "vul_name" : "test-vul",
    "app_name" : "test-app",
    "app_version" : "1.0.0",
    "severity_level" : "Low",
    "solution" : "solution",
    "vul_description" : "description"
  },
  "baseline_detection_list" : [ ],
  "privileged_container_list" : [ ],
  "port_list" : [ ],
  "app_list" : [ ],
  "process_list" : [ ]
}

SDK Sample Code

The SDK sample code is as follows.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.hss.v5.region.HssRegion;
import com.huaweicloud.sdk.hss.v5.*;
import com.huaweicloud.sdk.hss.v5.model.*;


public class ShowSecurityCheckClusterReportSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        HssClient client = HssClient.newBuilder()
                .withCredential(auth)
                .withRegion(HssRegion.valueOf("<YOUR REGION>"))
                .build();
        ShowSecurityCheckClusterReportRequest request = new ShowSecurityCheckClusterReportRequest();
        request.withReportId("{report_id}");
        try {
            ShowSecurityCheckClusterReportResponse response = client.showSecurityCheckClusterReport(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkhss.v5.region.hss_region import HssRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkhss.v5 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = HssClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(HssRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = ShowSecurityCheckClusterReportRequest()
        request.report_id = "{report_id}"
        response = client.show_security_check_cluster_report(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    hss "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := hss.NewHssClient(
        hss.HssClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.ShowSecurityCheckClusterReportRequest{}
	request.ReportId = "{report_id}"
	response, err := client.ShowSecurityCheckClusterReport(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.

Status Codes

Status Code

Description

200

Request succeeded.

Error Codes

See Error Codes.