CrowdStrike Falcon CrowdStrike Subreddit

Using the Falcon Container service collection

Uber class support Service class support Documentation Version Page Updated

Table of Contents

Operation IDDescription
GetCombinedImages
PEP 8get_combined_images
Gets the registry credentials.
GetCredentials
PEP 8get_credentials
Gets the registry credentials.
GetImageAssessmentReport
PEP 8get_assessment
Retrieve an assessment report for an image by specifying repository and tag.
DeleteImageDetails
PEP 8delete_image_details
Delete image details from the CrowdStrike registry.
ImageMatchesPolicy
PEP 8image_matches_policy
Check if an image matches a policy by specifying repository and tag.
ReadImageVulnerabilities
PEP 8read_image_vulnerabilities
Retrieve an assessment report for an image by specifying repository and tag.
ReadRegistryEntities
PEP 8read_registry_entities
Retrieve registry entities associated with the client ID.
ReadRegistryEntitiesByUUID
PEP 8read_registry_entities_by_uuid
Retrieve registry entities associated with a specific UUID.
DeleteRegistryEntities
PEP 8delete_registry_entities
Delete registry entities by UUID.
CreateRegistryEntities
PEP 8create_registry_entities
Create registry entities using the provided detail.
UpdateRegistryEntities
PEP 8update_registry_entities
Update the registry entity, as identified by the entity UUID, using the provided details.

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

GetCombinedImages

Get image assessment results by providing an FQL filter and paging details.

PEP8 method name

get_combined_images

Endpoint

MethodRoute
GET/container-security/combined/image-assessment/images/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
offset
Service Class Support

Uber Class Support
queryintegerThe offset to start retrieving records from
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
limit
Service Class Support

Uber Class Support
queryintegerThe maximum records to return. [1-200]
sort
Service Class Support

Uber Class Support
querystringThe property to sort by (e.g. status.desc or hostname.asc)
filter
Service Class Support

Uber Class Support
querystringFilter images using a query in Falcon Query Language (FQL).

Supported filters:
  • container_running_status
  • cve_id
  • first_seen
  • image_digest
  • image_id
  • registry
  • repository
  • tag
  • vulnerability_severity

Usage

Service class example (PEP8 syntax)
from falconpy import Hosts

# Do not hardcode API credentials!
falcon = Hosts(client_id=CLIENT_ID,
               client_secret=CLIENT_SECRET
               )

response = falcon.get_combined_images(offset=integer,
                                      limit=integer,
                                      sort="string",
                                      filter="string"
                                      )

print(response)
Service class example (Operation ID syntax)
from falconpy import Hosts

# Do not hardcode API credentials!
falcon = Hosts(client_id=CLIENT_ID,
               client_secret=CLIENT_SECRET
               )

response = falcon.GetCombinedImages(offset=integer,
                                    limit=integer,
                                    sort="string",
                                    filter="string"
                                    )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetCombinedImages",
                          offset=integer,
                          limit=integer,
                          sort="string",
                          filter="string"
                          )

print(response)

GetCredentials

Gets the registry credentials

PEP8 method name

get_credentials

Endpoint

MethodRoute
GET/container-security/entities/image-registry-credentials/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

No keywords or arguments accepted.

Usage

Service class example (PEP8 syntax)
from falconpy import FalconContainer

# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.get_credentials()
print(response)

Service class example (Operation ID syntax)
from falconpy import FalconContainer

# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.GetCredentials()
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetCredentials")
print(response)

Back to Table of Contents

GetImageAssessmentReport

Retrieve an assessment report for an image by specifying image ID and digest or repository and tag.

PEP8 method name

get_assessment

Endpoint

MethodRoute
GET/reports

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
image_id
Service Class Support

Uber Class Support
querystringImage ID of the image assessed. Must be provided in conjuction with digest.
digest
Service Class Support

Uber Class Support
querystringHash digest of the image assessed. Must be provided in conjuction with image_id.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
repository
Service Class Support

Uber Class Support
querystringRepository where the image resides. Must be provided in conjuction with tag.
tag
Service Class Support

Uber Class Support
querystringTag used for the image assessed. Must be provided in conjuction with repository.

If both sets of parameters are provided within the same request, image_id and digest take precedence.

Usage

Service class example (PEP8 syntax)
from falconpy import FalconContainer

# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.get_assessment(repository="string", tag="string")
print(response)

Service class example (Operation ID syntax)
from falconpy import FalconContainer

# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.GetImageAssessmentReport(repository="string", tag="string")
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetImageAssessmentReport", repository="string", tag="string")
print(response)

Back to Table of Contents

DeleteImageDetails

Delete image details from the CrowdStrike registry.

PEP8 method name

delete_image_details

Endpoint

MethodRoute
DELETE/images/{}

Required Scope

falcon-container-image:write

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
image_id
Service Class Support

Uber Class Support
pathstringID of the image to delete details for.

Usage

Service class example (PEP8 syntax)
from falconpy import FalconContainer

# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.delete_image_details(image_id="string")
print(response)

Service class example (Operation ID syntax)
from falconpy import FalconContainer

# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.DeleteImageDetails(image_id="string")
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("DeleteImageDetails", image_id="string")
print(response)

Back to Table of Contents

ImageMatchesPolicy

Check if an image matches a policy by specifying repository and tag.

PEP8 method name

image_matches_policy

Endpoint

MethodRoute
GET/policy-checks

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
repository
Service Class Support

Uber Class Support
querystringRepository where the image resides.
tag
Service Class Support

Uber Class Support
querystringTag used for the image assessed.

Usage

Service class example (PEP8 syntax)
from falconpy import FalconContainer

# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.image_matches_policy(repository="string", tag="string")
print(response)

Service class example (Operation ID syntax)
from falconpy import FalconContainer

# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.ImageMatchesPolicy(repository="string", tag="string")
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ImageMatchesPolicy", repository="string", tag="string")
print(response)

Back to Table of Contents

ReadImageVulnerabilities

Check if an image matches a policy by specifying repository and tag.

PEP8 method name

read_image_vulnerabilities

Endpoint

MethodRoute
POST/image-assessment/combined/vulnerability-lookups/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
applicationPackages
Service Class Support

Uber Class Support
bodylist of dictionariesList of application packages for the image.
body
Service Class Support

Uber Class Support
bodydictionaryFull body payload in JSON format, not required if using other keywords.
osversion
Service Class Support

Uber Class Support
bodystringOperating system version for the image to be read.
packages
Service Class Support

Uber Class Support
bodylist of dictionariesList of packages to review.

Usage

Service class example (PEP8 syntax)
from falconpy import FalconContainer

# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

app_packages = [
    {
      "libraries": [
        {
          "Hash": "string",
          "LayerHash": "string",
          "LayerIndex": integer,
          "License": "string",
          "Name": "string",
          "Path": "string",
          "Version": "string"
        }
      ],
      "type": "string"
    }
]

package_list = [
    {
        "LayerHash": "string",
        "LayerIndex": integer,
        "MajorVersion": "string",
        "PackageHash": "string",
        "PackageProvider": "string",
        "PackageSource": "string",
        "Product": "string",
        "SoftwareArchitecture": "string",
        "Status": "string",
        "Vendor": "string"
    }
]

response = falcon.read_image_vulnerabilities(osversion="string",
                                             packages=package_list,
                                             applicationPackages=app_packages
                                             )

print(response)
Service class example (Operation ID syntax)
from falconpy import FalconContainer

# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )
app_packages = [
    {
      "libraries": [
        {
          "Hash": "string",
          "LayerHash": "string",
          "LayerIndex": integer,
          "License": "string",
          "Name": "string",
          "Path": "string",
          "Version": "string"
        }
      ],
      "type": "string"
    }
]

package_list = [
    {
        "LayerHash": "string",
        "LayerIndex": integer,
        "MajorVersion": "string",
        "PackageHash": "string",
        "PackageProvider": "string",
        "PackageSource": "string",
        "Product": "string",
        "SoftwareArchitecture": "string",
        "Status": "string",
        "Vendor": "string"
    }
]

response = falcon.ReadImageVulnerabilities(osversion="string",
                                           packages=package_list,
                                           applicationPackages=app_packages
                                           )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "applicationPackages": [
        {
        "libraries": [
            {
            "Hash": "string",
            "LayerHash": "string",
            "LayerIndex": integer,
            "License": "string",
            "Name": "string",
            "Path": "string",
            "Version": "string"
            }
        ],
        "type": "string"
        }
    ]
    "osversion": "string",
    "packages": [
        {
            "LayerHash": "string",
            "LayerIndex": integer,
            "MajorVersion": "string",
            "PackageHash": "string",
            "PackageProvider": "string",
            "PackageSource": "string",
            "Product": "string",
            "SoftwareArchitecture": "string",
            "Status": "string",
            "Vendor": "string"
        }
    ]
}

response = falcon.command("ReadImageVulnerabilities", body=BODY)

print(response)

Back to Table of Contents

ReadRegistryEntities

Retrieve registry entities associated with the client ID.

PEP8 method name

read_registry_entities

Endpoint

MethodRoute
GET/container-security/queries/registries/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
limit
Service Class Support

Uber Class Support
queryintegerTotal number of records to return in the response.
offset
Service Class Support

Uber Class Support
queryintegerStarting position within the overall recordset to return results.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
sort
Service Class Support

Uber Class Support
querystringFQL formatted string to use to sort returned results.

Usage

Service class example (PEP8 syntax)
from falconpy import FalconContainer

# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.read_registry_entities(limit=integer, offset=integer, sort="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import FalconContainer

# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.ReadRegistryEntities(limit=integer, offset=integer, sort="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadRegistryEntities", limit=integer, offset=integer, sort="string")

print(response)

Back to Table of Contents

ReadRegistryEntitiesByUUID

Retrieve registry entities associated with a specific UUID.

PEP8 method name

read_registry_entities_by_uuid

Endpoint

MethodRoute
GET/container-security/entities/registries/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsRegistry entity UUIDs to retrieve.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FalconContainer

# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.read_registry_entities_by_uuid(ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import FalconContainer

# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.ReadRegistryEntitiesByUUID(ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("ReadRegistryEntitiesByUUID", ids=id_list)

print(response)

Back to Table of Contents

DeleteRegistryEntities

Delete registry entities by UUID.

PEP8 method name

delete_registry_entities

Endpoint

MethodRoute
DELETE/container-security/entities/registries/v1

Required Scope

falcon-container-image:write

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsRegistry entity UUIDs to delete.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FalconContainer

# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.delete_registry_entities(ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import FalconContainer

# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.DeleteRegistryEntities(ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("DeleteRegistryEntities", ids=id_list)

print(response)

Back to Table of Contents

CreateRegistryEntities

Create registry entities using the provided detail.

PEP8 method name

create_registry_entities

Endpoint

MethodRoute
POST/container-security/entities/registries/v1

Required Scope

falcon-container-image:write

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
aws_iam_role
Service Class Support

Uber Class Support
body (credential)stringContainer registry username (AWS ECR).
aws_external_id
Service Class Support

Uber Class Support
body (credential)stringContainer registry password (AWS ECR).
body
Service Class Support

Uber Class Support
bodydictionaryFull body payload in JSON format, not required if using other keywords.
compartment_ids
Service Class Support

Uber Class Support
body (credential)list of stringsCompartment IDs (OCR (Oracle)).
credential_type
Service Class Support

Uber Class Support
body (credential)stringCredential type (GitHub, GitLab).
domain_url
Service Class Support

Uber Class Support
body (credential)stringDomain URL (GitHub, GitLab).
password
Service Class Support

Uber Class Support
body (credential)stringContainer registry password.
project_id
Service Class Support

Uber Class Support
body (credential)stringCloud Project ID (GAR, GCR (Google)).
scope_name
Service Class Support

Uber Class Support
body (credential)stringScope name (GAR, GCR (Google), OCR (Oracle)).
service_account_json
Service Class Support

Uber Class Support
body (credential)dictionaryGAR / GCR credential dictionary.

Keys:
  • client_email
  • client_id
  • private_key
  • private_key_id
  • project_id
  • type
type
Service Class Support

Uber Class Support
bodystringThe type of registry you want to connect (such as Amazon ECR).

Available values:
  • acr
  • artifactory
  • docker
  • dockerhub
  • ecr
  • gar
  • gcr
  • github
  • gitlab
  • harbor
  • icr
  • nexus
  • openshift
  • oracle
  • quay.io
This argument is required and must be provided as a keyword or as part of the body payload.

Review the Required Credential Values table for more detail regarding specific registry requirements.
url
Service Class Support

Uber Class Support
bodystringThe URL used to log in to the registry. Note: If your registry URL contains an alias, provide just the base URL as the value.

Example: https://docker.io/

This argument is required and must be provided as a keyword or as part of the body payload.
url_uniqueness_key
Service Class Support

Uber Class Support
bodystringThe registry URL alias.

Example: https://docker.io/

Available with
  • Docker Hub
  • Google Artifact Registry
  • Google Container Registry
  • IBM Cloud
  • Oracle
user_defined_alias
Service Class Support

Uber Class Support
bodystringA user-friendly name for the registry. This appears as the Registry name on the Registry connections page in the Falcon console.
username
Service Class Support

Uber Class Support
body (credential)stringContainer registry username.
Required Credential Values by Registry
RegistryTypeRequired credential values
Amazon Elastic Container Registryecr
  • aws_iam_role
  • aws_external_id
Docker Hubdockerhub
  • password (access token)
  • username
Docker Registry v2docker
  • password (API Key)
  • username (account ID)
GitHubgithub
  • credential_type
  • domain_url
  • password (personal access token)
  • username
Note: Only classic tokens are supported
GitLab Cloudgitlab
  • credential_type
  • domain_url
  • password (personal access token)
  • username
GitLab On-premgitlab
  • credential_type (set to PAT)
  • domain_url
  • password (personal access token)
  • username
Google Artifact Registrygar
  • project_id
  • scope_name
  • service_account_json
Google Container Registrygcr
  • project_id
  • service_account_json
IBM Cloudicr
  • password
  • username
JFrog Artifactoryartifactory
  • password (API Key)
  • username (account ID)
Microsoft Azure Container Registryacr
  • password (API Key)
  • username (account ID)
Oracle Container Registryoracle
  • compartment_ids
  • password
  • scope_name
  • username (tenancy email)
Red Hat OpenShiftopenshift
  • password (API Key)
  • username (account ID)
Sonatype Nexusnexus
  • password (API Key)
  • username (account ID)
Quay.io (Red Hat)quay.io
  • password (API Key)
  • username (account ID)
VMWare Harborharbor
  • password
  • username

Usage

Service class example (PEP8 syntax)
from falconpy import FalconContainer

# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

svc_acct = {
    "type": "string",
    "private_key_id": "string",
    "private_key": "string",
    "client_email": "string",
    "client_id": "string",
    "project_id": "string"
}

compartments = [
    "string",
    "string"
]

# Review the Required Credential Values table for more
# detail regarding which keywords to use for your registry.
response = falcon.create_registry_entities(aws_iam_role="string",
                                           aws_external_id="string",
                                           compartment_ids=compartments,
                                           credential_type="string",
                                           domain_url="string",
                                           password="string",
                                           project_id="string",
                                           scope_name="string",
                                           service_account_json=svc_acct,
                                           type="string",
                                           url="string",
                                           url_uniqueness_key="string",
                                           user_defined_alias="string",
                                           username="string"
                                           )

print(response)
Service class example (Operation ID syntax)
from falconpy import FalconContainer

# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

svc_acct = {
    "type": "string",
    "private_key_id": "string",
    "private_key": "string",
    "client_email": "string",
    "client_id": "string",
    "project_id": "string"
}

compartments = [
    "string",
    "string"
]

# Review the Required Credential Values table for more
# detail regarding which keywords to use for your registry.
response = falcon.CreateRegistryEntities(aws_iam_role="string",
                                         aws_external_id="string",
                                         compartment_ids=compartments,
                                         credential_type="string",
                                         domain_url="string",
                                         password="string",
                                         project_id="string",
                                         scope_name="string",
                                         service_account_json=svc_acct,
                                         type="string",
                                         url="string",
                                         url_uniqueness_key="string",
                                         user_defined_alias="string",
                                         username="string"
                                         )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

svc_acct = {
    "type": "string",
    "private_key_id": "string",
    "private_key": "string",
    "client_email": "string",
    "client_id": "string",
    "project_id": "string"
}

compartments = [
    "string",
    "string"
]

# Review the Required Credential Values table for more
# detail regarding which keys to use for your registry.
body_payload = {
    "type": "string",
    "url": "string",
    "url_uniqueness_key": "string",
    "user_defined_alias": "string",
    "credential": {
        "aws_iam_role": "string",
        "aws_external_id": "string",
        "compartment_ids": compartments,
        "credential_type": "string",
        "domain_url": "string",
        "password": "string",
        "project_id": "string",
        "scope_name": "string",
        "service_account_json": svc_acct,
        "username": "string"
    }
}

response = falcon.command("CreateRegistryEntities", body=body_payload)

print(response)

Back to Table of Contents

UpdateRegistryEntities

Update the registry entity, as identified by the entity UUID, using the provided details.

PEP8 method name

update_registry_entities

Endpoint

MethodRoute
POST/container-security/entities/registries/v1

Required Scope

falcon-container-image:write

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
aws_iam_role
Service Class Support

Uber Class Support
body (credential)stringContainer registry username (AWS ECR).
aws_external_id
Service Class Support

Uber Class Support
body (credential)stringContainer registry password (AWS ECR).
body
Service Class Support

Uber Class Support
bodydictionaryFull body payload in JSON format, not required if using other keywords.
compartment_ids
Service Class Support

Uber Class Support
body (credential)list of stringsCompartment IDs (OCR (Oracle)).
credential_type
Service Class Support

Uber Class Support
body (credential)stringCredential type (GitHub, GitLab).
domain_url
Service Class Support

Uber Class Support
body (credential)stringDomain URL (GitHub, GitLab).
id
Service Class Support

Uber Class Support
bodystringContainer registry record UUID.
password
Service Class Support

Uber Class Support
body (credential)stringContainer registry password.
project_id
Service Class Support

Uber Class Support
body (credential)stringCloud Project ID (GAR, GCR (Google)).
scope_name
Service Class Support

Uber Class Support
body (credential)stringScope name (GAR, GCR (Google), OCR (Oracle)).
service_account_json
Service Class Support

Uber Class Support
body (credential)dictionaryGAR / GCR credential dictionary.

Keys:
  • client_email
  • client_id
  • private_key
  • private_key_id
  • project_id
  • type
state
Service Class Support

Uber Class Support
bodystringContainer registry state.
  • pause
  • resume
type
Service Class Support

Uber Class Support
bodystringThe type of registry you want to connect (such as Amazon ECR).

Available values:
  • acr
  • artifactory
  • docker
  • dockerhub
  • ecr
  • gar
  • gcr
  • github
  • gitlab
  • harbor
  • icr
  • nexus
  • openshift
  • oracle
  • quay.io
This argument is required and must be provided as a keyword or as part of the body payload.

Review the Required Credential Values table for more detail regarding specific registry requirements.
url
Service Class Support

Uber Class Support
bodystringThe URL used to log in to the registry. Note: If your registry URL contains an alias, provide just the base URL as the value.

Example: https://docker.io/

This argument is required and must be provided as a keyword or as part of the body payload.
url_uniqueness_key
Service Class Support

Uber Class Support
bodystringThe registry URL alias.

Example: https://docker.io/

Available with
  • Docker Hub
  • Google Artifact Registry
  • Google Container Registry
  • IBM Cloud
  • Oracle
user_defined_alias
Service Class Support

Uber Class Support
bodystringA user-friendly name for the registry. This appears as the Registry name on the Registry connections page in the Falcon console.
username
Service Class Support

Uber Class Support
body (credential)stringContainer registry username.
Required Credential Values by Registry
RegistryTypeRequired credential values
Amazon Elastic Container Registryecr
  • aws_iam_role
  • aws_external_id
Docker Hubdockerhub
  • password (access token)
  • username
Docker Registry v2docker
  • password (API Key)
  • username (account ID)
GitHubgithub
  • credential_type
  • domain_url
  • password (personal access token)
  • username
Note: Only classic tokens are supported
GitLab Cloudgitlab
  • credential_type
  • domain_url
  • password (personal access token)
  • username
GitLab On-premgitlab
  • credential_type (set to PAT)
  • domain_url
  • password (personal access token)
  • username
Google Artifact Registrygar
  • project_id
  • scope_name
  • service_account_json
Google Container Registrygcr
  • project_id
  • service_account_json
IBM Cloudicr
  • password
  • username
JFrog Artifactoryartifactory
  • password (API Key)
  • username (account ID)
Microsoft Azure Container Registryacr
  • password (API Key)
  • username (account ID)
Oracle Container Registryoracle
  • compartment_ids
  • password
  • scope_name
  • username (tenancy email)
Red Hat OpenShiftopenshift
  • password (API Key)
  • username (account ID)
Sonatype Nexusnexus
  • password (API Key)
  • username (account ID)
Quay.io (Red Hat)quay.io
  • password (API Key)
  • username (account ID)
VMWare Harborharbor
  • password
  • username

Usage

Service class example (PEP8 syntax)
from falconpy import FalconContainer

# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

svc_acct = {
    "type": "string",
    "private_key_id": "string",
    "private_key": "string",
    "client_email": "string",
    "client_id": "string",
    "project_id": "string"
}

compartments = [
    "string",
    "string"
]

# Review the Required Credential Values table for more
# detail regarding which keywords to use for your registry.
response = falcon.update_registry_entities(aws_iam_role="string",
                                           aws_external_id="string",
                                           compartment_ids=compartments,
                                           credential_type="string",
                                           domain_url="string",
                                           id="string",
                                           password="string",
                                           project_id="string",
                                           scope_name="string",
                                           service_account_json=svc_acct,
                                           state="string",
                                           type="string",
                                           url="string",
                                           url_uniqueness_key="string",
                                           user_defined_alias="string",
                                           username="string"
                                           )

print(response)
Service class example (Operation ID syntax)
from falconpy import FalconContainer

# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

svc_acct = {
    "type": "string",
    "private_key_id": "string",
    "private_key": "string",
    "client_email": "string",
    "client_id": "string",
    "project_id": "string"
}

compartments = [
    "string",
    "string"
]

# Review the Required Credential Values table for more
# detail regarding which keywords to use for your registry.
response = falcon.UpdateRegistryEntities(aws_iam_role="string",
                                         aws_external_id="string",
                                         compartment_ids=compartments,
                                         credential_type="string",
                                         domain_url="string",
                                         id="string",
                                         password="string",
                                         project_id="string",
                                         scope_name="string",
                                         service_account_json=svc_acct,
                                         state="string",
                                         type="string",
                                         url="string",
                                         url_uniqueness_key="string",
                                         user_defined_alias="string",
                                         username="string"
                                         )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

svc_acct = {
    "type": "string",
    "private_key_id": "string",
    "private_key": "string",
    "client_email": "string",
    "client_id": "string",
    "project_id": "string"
}

compartments = [
    "string",
    "string"
]

# Review the Required Credential Values table for more
# detail regarding which keys to use for your registry.
body_payload = {
    "id": "string",
    "state": "string",
    "type": "string",
    "url": "string",
    "url_uniqueness_key": "string",
    "user_defined_alias": "string",
    "credential": {
        "aws_iam_role": "string",
        "aws_external_id": "string",
        "compartment_ids": compartments,
        "credential_type": "string",
        "domain_url": "string",
        "password": "string",
        "project_id": "string",
        "scope_name": "string",
        "service_account_json": svc_acct,
        "username": "string"
    }
}

response = falcon.command("UpdateRegistryEntities", body=body_payload)

print(response)

Back to Table of Contents