Using the Falcon Container service collection
Table of Contents
| Operation ID | Description | ||||
|---|---|---|---|---|---|
| Gets the registry credentials. | ||||
| Retrieve an assessment report for an image by specifying repository and tag. | ||||
| Delete image details from the CrowdStrike registry. | ||||
| Check if an image matches a policy by specifying repository and tag. | ||||
| Retrieve an assessment report for an image by specifying repository and tag. | ||||
| Retrieve registry entities associated with the client ID. | ||||
| Retrieve registry entities associated with a specific UUID. | ||||
| Delete registry entities by UUID. | ||||
| Create registry entities using the provided detail. | ||||
| Update the registry entity, as identified by the entity UUID, using the provided details. | ||||
Passing credentials
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
GetCredentials
Gets the registry credentials
PEP8 method name
get_credentials
Endpoint
| Method | Route |
|---|---|
 | /container-security/entities/image-registry-credentials/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
No keywords or arguments accepted.
Usage
Service class example (PEP8 syntax)
from falconpy import FalconContainer
# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_credentials()
print(response)
Service class example (Operation ID syntax)
from falconpy import FalconContainer
# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetCredentials()
print(response)
Uber class example
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetCredentials")
print(response)
Back to Table of Contents
GetImageAssessmentReport
Retrieve an assessment report for an image by specifying image ID and digest or repository and tag.
PEP8 method name
get_assessment
Endpoint
| Method | Route |
|---|---|
| /reports |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| image_id |  | | query | string | Image ID of the image assessed. Must be provided in conjuction with digest. |
| digest | | | query | string | Hash digest of the image assessed. Must be provided in conjuction with image_id. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
| repository | | | query | string | Repository where the image resides. Must be provided in conjuction with tag. |
| tag | | | query | string | Tag used for the image assessed. Must be provided in conjuction with repository. |
If both sets of parameters are provided within the same request,
image_idanddigesttake precedence.
Usage
Service class example (PEP8 syntax)
from falconpy import FalconContainer
# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_assessment(repository="string", tag="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import FalconContainer
# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetImageAssessmentReport(repository="string", tag="string")
print(response)
Uber class example
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetImageAssessmentReport", repository="string", tag="string")
print(response)
Back to Table of Contents
DeleteImageDetails
Delete image details from the CrowdStrike registry.
PEP8 method name
delete_image_details
Endpoint
| Method | Route |
|---|---|
 | /images/{} |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| image_id | | | path | string | ID of the image to delete details for. |
Usage
Service class example (PEP8 syntax)
from falconpy import FalconContainer
# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.delete_image_details(image_id="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import FalconContainer
# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.DeleteImageDetails(image_id="string")
print(response)
Uber class example
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("DeleteImageDetails", image_id="string")
print(response)
Back to Table of Contents
ImageMatchesPolicy
Check if an image matches a policy by specifying repository and tag.
PEP8 method name
image_matches_policy
Endpoint
| Method | Route |
|---|---|
| /policy-checks |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
| repository | | | query | string | Repository where the image resides. |
| tag | | | query | string | Tag used for the image assessed. |
Usage
Service class example (PEP8 syntax)
from falconpy import FalconContainer
# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.image_matches_policy(repository="string", tag="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import FalconContainer
# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ImageMatchesPolicy(repository="string", tag="string")
print(response)
Uber class example
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ImageMatchesPolicy", repository="string", tag="string")
print(response)
Back to Table of Contents
ReadImageVulnerabilities
Check if an image matches a policy by specifying repository and tag.
PEP8 method name
read_image_vulnerabilities
Endpoint
| Method | Route |
|---|---|
 | /image-assessment/combined/vulnerability-lookups/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format, not required if using other keywords. |
| osversion | |  | body | string | Operating system version for the image to be read. |
| packages | | | body | list of dictionaries | List of packages to review. |
Usage
Service class example (PEP8 syntax)
from falconpy import FalconContainer
# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
package_list = [
{
"LayerHash": "string",
"LayerIndex": integer,
"MajorVersion": "string",
"PackageHash": "string",
"PackageProvider": "string",
"PackageSource": "string",
"Product": "string",
"SoftwareArchitecture": "string",
"Status": "string",
"Vendor": "string"
}
]
response = falcon.read_image_vulnerabilities(osversion="string", packages=package_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import FalconContainer
# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
package_list = [
{
"LayerHash": "string",
"LayerIndex": integer,
"MajorVersion": "string",
"PackageHash": "string",
"PackageProvider": "string",
"PackageSource": "string",
"Product": "string",
"SoftwareArchitecture": "string",
"Status": "string",
"Vendor": "string"
}
]
response = falcon.ReadImageVulnerabilities(osversion="string", packages=package_list)
print(response)
Uber class example
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"osversion": "string",
"packages": [
{
"LayerHash": "string",
"LayerIndex": integer,
"MajorVersion": "string",
"PackageHash": "string",
"PackageProvider": "string",
"PackageSource": "string",
"Product": "string",
"SoftwareArchitecture": "string",
"Status": "string",
"Vendor": "string"
}
]
}
response = falcon.command("ReadImageVulnerabilities", body=BODY)
print(response)
Back to Table of Contents
ReadRegistryEntities
Retrieve registry entities associated with the client ID.
PEP8 method name
read_registry_entities
Endpoint
| Method | Route |
|---|---|
| /container-security/queries/registries/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| limit | | | query | integer | Total number of records to return in the response. |
| offset | | | query | integer | Starting position within the overall recordset to return results. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
| sort | | | query | string | FQL formatted string to use to sort returned results. |
Usage
Service class example (PEP8 syntax)
from falconpy import FalconContainer
# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_registry_entities(limit=integer, offset=integer, sort="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import FalconContainer
# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadRegistryEntities(limit=integer, offset=integer, sort="string")
print(response)
Uber class example
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadRegistryEntities", limit=integer, offset=integer, sort="string")
print(response)
Back to Table of Contents
ReadRegistryEntitiesByUUID
Retrieve registry entities associated with a specific UUID.
PEP8 method name
read_registry_entities_by_uuid
Endpoint
| Method | Route |
|---|---|
| /container-security/entities/registries/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | Registry entity UUIDs to retrieve. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import FalconContainer
# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.read_registry_entities_by_uuid(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import FalconContainer
# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ReadRegistryEntitiesByUUID(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ReadRegistryEntitiesByUUID", ids=id_list)
print(response)
Back to Table of Contents
DeleteRegistryEntities
Delete registry entities by UUID.
PEP8 method name
delete_registry_entities
Endpoint
| Method | Route |
|---|---|
| /container-security/entities/registries/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | Registry entity UUIDs to delete. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import FalconContainer
# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_registry_entities(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import FalconContainer
# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteRegistryEntities(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteRegistryEntities", ids=id_list)
print(response)
Back to Table of Contents
CreateRegistryEntities
Create registry entities using the provided detail.
PEP8 method name
create_registry_entities
Endpoint
| Method | Route |
|---|---|
| /container-security/entities/registries/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| aws_iam_role | | | body (credential) | string | Container registry username (AWS ECR). |
| aws_external_id | | | body (credential) | string | Container registry password (AWS ECR). |
| body | | | body | dictionary | Full body payload in JSON format, not required if using other keywords. |
| compartment_ids | | | body (credential) | list of strings | Compartment IDs (OCR (Oracle)). |
| credential_type | | | body (credential) | string | Credential type (GitHub, GitLab). |
| domain_url | | | body (credential) | string | Domain URL (GitHub, GitLab). |
| password | | | body (credential) | string | Container registry password. |
| project_id | | | body (credential) | string | Cloud Project ID (GAR, GCR (Google)). |
| scope_name | | | body (credential) | string | Scope name (GAR, GCR (Google), OCR (Oracle)). |
| service_account_json | | | body (credential) | dictionary | GAR / GCR credential dictionary. Keys:
|
| type | | | body | string | The type of registry you want to connect (such as Amazon ECR). Available values:
body payload.Review the Required Credential Values table for more detail regarding specific registry requirements. |
| url | | | body | string | The URL used to log in to the registry. Note: If your registry URL contains an alias, provide just the base URL as the value. Example: https://docker.io/ This argument is required and must be provided as a keyword or as part of the body payload. |
| url_uniqueness_key | | | body | string | The registry URL alias. Example: https://docker.io/ Available with
|
| user_defined_alias | | | body | string | A user-friendly name for the registry. This appears as the Registry name on the Registry connections page in the Falcon console. |
| username | | | body (credential) | string | Container registry username. |
Required Credential Values by Registry
| Registry | Type | Required credential values |
|---|---|---|
| Amazon Elastic Container Registry | ecr |
|
| Docker Hub | dockerhub |
|
| Docker Registry v2 | docker |
|
| GitHub | github |
|
| GitLab Cloud | gitlab |
|
| GitLab On-prem | gitlab |
|
| Google Artifact Registry | gar |
|
| Google Container Registry | gcr |
|
| IBM Cloud | icr |
|
| JFrog Artifactory | artifactory |
|
| Microsoft Azure Container Registry | acr |
|
| Oracle Container Registry | oracle |
|
| Red Hat OpenShift | openshift |
|
| Sonatype Nexus | nexus |
|
| Quay.io (Red Hat) | quay.io |
|
| VMWare Harbor | harbor |
|
Usage
Service class example (PEP8 syntax)
from falconpy import FalconContainer
# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
svc_acct = {
"type": "string",
"private_key_id": "string",
"private_key": "string",
"client_email": "string",
"client_id": "string",
"project_id": "string"
}
compartments = [
"string",
"string"
]
# Review the Required Credential Values table for more
# detail regarding which keywords to use for your registry.
response = falcon.create_registry_entities(aws_iam_role="string",
aws_external_id="string",
compartment_ids=compartments,
credential_type="string",
domain_url="string",
password="string",
project_id="string",
scope_name="string",
service_account_json=svc_acct,
type="string",
url="string",
url_uniqueness_key="string",
user_defined_alias="string",
username="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import FalconContainer
# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
svc_acct = {
"type": "string",
"private_key_id": "string",
"private_key": "string",
"client_email": "string",
"client_id": "string",
"project_id": "string"
}
compartments = [
"string",
"string"
]
# Review the Required Credential Values table for more
# detail regarding which keywords to use for your registry.
response = falcon.CreateRegistryEntities(aws_iam_role="string",
aws_external_id="string",
compartment_ids=compartments,
credential_type="string",
domain_url="string",
password="string",
project_id="string",
scope_name="string",
service_account_json=svc_acct,
type="string",
url="string",
url_uniqueness_key="string",
user_defined_alias="string",
username="string"
)
print(response)
Uber class example
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
svc_acct = {
"type": "string",
"private_key_id": "string",
"private_key": "string",
"client_email": "string",
"client_id": "string",
"project_id": "string"
}
compartments = [
"string",
"string"
]
# Review the Required Credential Values table for more
# detail regarding which keys to use for your registry.
body_payload = {
"type": "string",
"url": "string",
"url_uniqueness_key": "string",
"user_defined_alias": "string",
"credential": {
"aws_iam_role": "string",
"aws_external_id": "string",
"compartment_ids": compartments,
"credential_type": "string",
"domain_url": "string",
"password": "string",
"project_id": "string",
"scope_name": "string",
"service_account_json": svc_acct,
"username": "string"
}
}
response = falcon.command("CreateRegistryEntities", body=body_payload)
print(response)
Back to Table of Contents
UpdateRegistryEntities
Update the registry entity, as identified by the entity UUID, using the provided details.
PEP8 method name
update_registry_entities
Endpoint
| Method | Route |
|---|---|
| /container-security/entities/registries/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| aws_iam_role | | | body (credential) | string | Container registry username (AWS ECR). |
| aws_external_id | | | body (credential) | string | Container registry password (AWS ECR). |
| body | | | body | dictionary | Full body payload in JSON format, not required if using other keywords. |
| compartment_ids | | | body (credential) | list of strings | Compartment IDs (OCR (Oracle)). |
| credential_type | | | body (credential) | string | Credential type (GitHub, GitLab). |
| domain_url | | | body (credential) | string | Domain URL (GitHub, GitLab). |
| id | | | body | string | Container registry record UUID. |
| password | | | body (credential) | string | Container registry password. |
| project_id | | | body (credential) | string | Cloud Project ID (GAR, GCR (Google)). |
| scope_name | | | body (credential) | string | Scope name (GAR, GCR (Google), OCR (Oracle)). |
| service_account_json | | | body (credential) | dictionary | GAR / GCR credential dictionary. Keys:
|
| state | | | body | string | Container registry state.
|
| type | | | body | string | The type of registry you want to connect (such as Amazon ECR). Available values:
body payload.Review the Required Credential Values table for more detail regarding specific registry requirements. |
| url | | | body | string | The URL used to log in to the registry. Note: If your registry URL contains an alias, provide just the base URL as the value. Example: https://docker.io/ This argument is required and must be provided as a keyword or as part of the body payload. |
| url_uniqueness_key | | | body | string | The registry URL alias. Example: https://docker.io/ Available with
|
| user_defined_alias | | | body | string | A user-friendly name for the registry. This appears as the Registry name on the Registry connections page in the Falcon console. |
| username | | | body (credential) | string | Container registry username. |
Required Credential Values by Registry
| Registry | Type | Required credential values |
|---|---|---|
| Amazon Elastic Container Registry | ecr |
|
| Docker Hub | dockerhub |
|
| Docker Registry v2 | docker |
|
| GitHub | github |
|
| GitLab Cloud | gitlab |
|
| GitLab On-prem | gitlab |
|
| Google Artifact Registry | gar |
|
| Google Container Registry | gcr |
|
| IBM Cloud | icr |
|
| JFrog Artifactory | artifactory |
|
| Microsoft Azure Container Registry | acr |
|
| Oracle Container Registry | oracle |
|
| Red Hat OpenShift | openshift |
|
| Sonatype Nexus | nexus |
|
| Quay.io (Red Hat) | quay.io |
|
| VMWare Harbor | harbor |
|
Usage
Service class example (PEP8 syntax)
from falconpy import FalconContainer
# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
svc_acct = {
"type": "string",
"private_key_id": "string",
"private_key": "string",
"client_email": "string",
"client_id": "string",
"project_id": "string"
}
compartments = [
"string",
"string"
]
# Review the Required Credential Values table for more
# detail regarding which keywords to use for your registry.
response = falcon.update_registry_entities(aws_iam_role="string",
aws_external_id="string",
compartment_ids=compartments,
credential_type="string",
domain_url="string",
id="string",
password="string",
project_id="string",
scope_name="string",
service_account_json=svc_acct,
state="string",
type="string",
url="string",
url_uniqueness_key="string",
user_defined_alias="string",
username="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import FalconContainer
# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
svc_acct = {
"type": "string",
"private_key_id": "string",
"private_key": "string",
"client_email": "string",
"client_id": "string",
"project_id": "string"
}
compartments = [
"string",
"string"
]
# Review the Required Credential Values table for more
# detail regarding which keywords to use for your registry.
response = falcon.UpdateRegistryEntities(aws_iam_role="string",
aws_external_id="string",
compartment_ids=compartments,
credential_type="string",
domain_url="string",
id="string",
password="string",
project_id="string",
scope_name="string",
service_account_json=svc_acct,
state="string",
type="string",
url="string",
url_uniqueness_key="string",
user_defined_alias="string",
username="string"
)
print(response)
Uber class example
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
svc_acct = {
"type": "string",
"private_key_id": "string",
"private_key": "string",
"client_email": "string",
"client_id": "string",
"project_id": "string"
}
compartments = [
"string",
"string"
]
# Review the Required Credential Values table for more
# detail regarding which keys to use for your registry.
body_payload = {
"id": "string",
"state": "string",
"type": "string",
"url": "string",
"url_uniqueness_key": "string",
"user_defined_alias": "string",
"credential": {
"aws_iam_role": "string",
"aws_external_id": "string",
"compartment_ids": compartments,
"credential_type": "string",
"domain_url": "string",
"password": "string",
"project_id": "string",
"scope_name": "string",
"service_account_json": svc_acct,
"username": "string"
}
}
response = falcon.command("UpdateRegistryEntities", body=body_payload)
print(response)
Back to Table of Contents