Skip to main content

Lacework API v1 Deprecation - Container Data Mapping

This topic describes the data field mapping between the container vulnerability endpoints in Lacework API v1 and 2.0. Specifically, it maps the response fields returned by Lacework API 2.0 search container vulnerabilities endpoint and the following Lacework API v1 endpoint:

/api/v1/external/vulnerabilities/container/imageId/{image_id}

The following table shows the mapping between the API versions. In the first column are the fields from the v1 API image_layers object. In the second column are the corresponding response field of the container vulnerabilities endpoint in Lacework API 2.0.

API v1.0 fieldAPI v2.0 field
hashfeatureProps.layer
created_byfeatureProps.introduced_in
packages.namefeatureKey.name
packages.namespacefeatureKey.namespace
packages.fix_availablefixInfo.fix_available
packages.versionfeatureKey.version
packages.typefeatureProps.version_format

Note: If the featureProps.version_format is apk, rpm, or dpkg, the packages.type is OS; otherwise, packages.type is Library.)
packages.vulnerabilities.namevulnId
packages.vulnerabilities.descriptionSee note below.
packages.vulnerabilities.linkSee note below.
packages.vulnerabilities.severityseverity
packages.vulnerabilities.statusstatus
packages.vulnerabilities.metadataSee note below.
packages.vulnerabilities.fix_versionfixInfo.fix_version

Note that data for the following fields are not present in the Lacework API 2.0 response:

  • packages.vulnerabilities.description
  • packages.vulnerabilities.link
  • packages.vulnerabilities.metadata

However, the information is readily available from the CVE website. For instance, if the vulnId is CVE-2022-21449, you can get the link and description from https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21449.