Share via

Image repository security scanner, get attribute "Scan report time" via sdk / REST

Michael Schnider 5 Reputation points
2023-02-06T14:07:53.99+00:00

Hi,

I would like to get the attribute "Scan report time" via the java SDK, or if this is not possible, via the rest API from the container registry image vulnerability findings. I couldn't find a way to get this attribute. Am I correct in this assumption? I only find the cve published date and the date when the AzureSubAssessment is created. User's image

Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Givary-MSFT 35,621 Reputation points Microsoft Employee Moderator
    2023-02-28T03:45:17.9933333+00:00

    @Michael Schnider Thank you for reaching out to us, reviewed your query and researched on it, yes you are right we dont have an API to get Scan report time for container registry image vulnerability findings, could be because we don't have an API for Container VA at all

    Reference: https://learn.microsoft.com/en-us/rest/api/defenderforcloud/sub-assessments/list?tabs=HTTP#securitysubassessment it can provide list of CVEs as mentioned in this article.

    But as per my findings, sending an API request and query ARG: https://learn.microsoft.com/en-us/rest/api/azure-resourcegraph/ might help, but it needs to be tested though if it can provide scan report time information.

    Let me if you have any further questions, feel free to post back.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.