Lacework API v1 Deprecation - Container Data Mapping
This topic describes the data field mapping between the container vulnerability endpoints in Lacework API v1 and 2.0. Specifically, it maps the response fields returned by Lacework API 2.0 search container vulnerabilities endpoint and the following Lacework API v1 endpoint:
/api/v1/external/vulnerabilities/container/imageId/{image_id}
The following table shows the mapping between the API versions. In the first column are the fields from the v1 API image_layers
object. In the second column are the corresponding response field of the container vulnerabilities endpoint in Lacework API 2.0.
API v1.0 field | API v2.0 field |
---|---|
hash | featureProps.layer |
created_by | featureProps.introduced_in |
packages.name | featureKey.name |
packages.namespace | featureKey.namespace |
packages.fix_available | fixInfo.fix_available |
packages.version | featureKey.version |
packages.type | featureProps.version_format Note: If the featureProps.version_format is apk , rpm , or dpkg , the packages.type is OS ; otherwise, packages.type is Library .) |
packages.vulnerabilities.name | vulnId |
packages.vulnerabilities.description | See note below. |
packages.vulnerabilities.link | See note below. |
packages.vulnerabilities.severity | severity |
packages.vulnerabilities.status | status |
packages.vulnerabilities.metadata | See note below. |
packages.vulnerabilities.fix_version | fixInfo.fix_version |
Note that data for the following fields are not present in the Lacework API 2.0 response:
packages.vulnerabilities.description
packages.vulnerabilities.link
packages.vulnerabilities.metadata
However, the information is readily available from the CVE website. For instance, if the vulnId
is CVE-2022-21449
, you can get the link and description from https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21449.