Prisma Cloud Compute

This section describes how to configure a tag for vulnerability management. A vulnerability can be found in a source or a binary package.

/api/vVERSION/tags/{id}/vuln

Sets a tag to a vulnerability based on Common Vulnerability and Exposures (CVE) ID, package, and resource.

POST https://<Prisma_Cloud_Compute_URL>/api/vVERSION/tags/{id}/vuln

Path Parameters

Name	Type	Description
id*	String	Specifies the ID of the tag.

Headers

Name	Type	Description
Content-Type	String	Specifies the header type. application/json

Request Body

Name	Type	Description
id*	String	Specifies a Common Vulnerability and Exposures (CVE) ID.
packageName*	String	Specifies a source or binary package name. Use a wildcard * to apply the tag to all the packages. Tip: Specify the source package name for tagging when a vulnerability is in the source package.
checkBaseLayer	Boolean	(Applicable only when the resource type is image.) Specifies to apply the tag for images that has one of the resources in a base layer. Available values: true: Applies the tag. false: Doesn't apply the tag.
resourceType	String	Specifies a resource type such as image, host, function, or codeRepo for tagging. Use a wildcard * to apply the tag to all the resource types.
resources	Array (String)	(Applicable only when you define a resource type.) Specifies a resource for tagging a vulnerability. Either specify the resource names separated by a comma or use a wildcard * to apply the tag to all the resources.
comment	String	Describes the usability of a tag.

200: OK Specifies the operation is successful.

{
    // Response
}

Example and Scenarios

Use this section to understand various applicable scenarios to use the endpoint.

Consider the following cURL requests and scenarios:

A CVE CVE-2020-16156 is found in packages such as perl, perl-open, perl-macros, and perl-libs.

Refer to the following example cURL request to apply a tag Critical to all packages and resources:

$ curl -k \
  -u <USER> \
  -H 'Content-Type: application/json' \
  -X POST \
  -d \
'{
  "id": "CVE-2020-16156",
  "packageName": "*"
}' \
  "https://<CONSOLE>/api/v<VERSION>/tags/Critical/vuln"

Refer to the following example cURL request to apply a tag Critical to a resource type image and to all packages and resources:

$ curl -k \
  -u <USER> \
  -H 'Content-Type: application/json' \
  -X POST \
  -d \
'{
  "id": "CVE-2020-16156",
  "packageName": "*",
  "resourceType": "image",
  "resources": ["*"]
}' \
  "https://<CONSOLE>/api/v<VERSION>/tags/Critical/vuln"

Refer to the following example cURL request to apply a tag Critical to a resource type host and a resource servo and also to all packages:

$ curl -k \
  -u <USER> \
  -H 'Content-Type: application/json' \
  -X POST \
  -d \
'{
  "id": "CVE-2020-16156",
  "packageName": "*",
  "resourceType": "host",
  "resources": ["servo"]
}' \
  "https://<CONSOLE>/api/v<VERSION>/tags/Critical/vuln"

Error Codes

Refer to the following error codes that you may encounter while using the cURL request:

400

Bad request: Invalid syntax. Modify your syntax and try again.

401

Unauthorised access: Invalid authorisation credentials. Verify the username and password.