- Documentation
- Red Hat Advanced Cluster Security for Kubernetes
- API reference
- Version v2
- VulnerabilityExceptionService
- CancelVulnerabilityException history bug_report picture_as_pdf
- About
- Release notes
- RHACS Cloud Service
- Service description
- Overview of responsibilities for RHACS Cloud Service
- RHACS Cloud Service architecture
- Getting started with RHACS Cloud Service
- Default resource requirements for RHACS Cloud Service
- Recommended resource requirements for RHACS Cloud Service
- Setting up RHACS Cloud Service with Red Hat OpenShift secured clusters
- Creating a RHACS Cloud Service instance on Red Hat Cloud
- Creating a project on your Red Hat OpenShift secured cluster
- Generating an init bundle for secured clusters
- Applying an init bundle for secured clusters
- Installing the RHACS Operator for RHACS Cloud Service
- Installing secured cluster services from RHACS Cloud Service
- Configuring the proxy for secured cluster services in RHACS Cloud Service
- Verifying installation of secured clusters
- Setting up RHACS Cloud Service with Kubernetes secured clusters
- Creating a RHACS Cloud Service instance for Kubernetes clusters
- Generating an init bundle for Kubernetes secured clusters
- Applying an init bundle for Kubernetes secured clusters
- Installing secured cluster services from RHACS Cloud Service on Kubernetes clusters
- Verifying installation of secured clusters
- Upgrading RHACS Cloud Service
- Architecture
- Installing
- High-level RHACS installation overview
- Default resource requirements for RHACS
- Recommended resource requirements for RHACS
- Installing RHACS on Red Hat OpenShift
- Installing Central services for RHACS on Red Hat OpenShift
- Configuring Central configuration options for RHACS using the Operator
- Generating and applying an init bundle for RHACS on Red Hat OpenShift
- Installing Secured Cluster services for RHACS on Red Hat OpenShift
- Configuring Secured Cluster services options for RHACS using the Operator
- Verifying installation of RHACS on Red Hat OpenShift
- Installing RHACS on other platforms
- Uninstalling Red Hat Advanced Cluster Security for Kubernetes
- Configuring
- Adding custom certificates
- Adding trusted certificate authorities
- Reissuing internal certificates
- Adding security notices
- Enabling offline mode
- Enabling alert data retention
- Exposing the RHACS portal over HTTP
- Configuring automatic upgrades for secured clusters
- Configuring automatic removal of nonactive clusters
- Configuring a proxy for external network access
- Generating a diagnostic bundle
- Configuring endpoints
- Monitoring
- Enabling audit logging
- Configuring API tokens
- Using declarative configuration
- Inviting users to your RHACS instance
- Managing preview features
- Operating
- Viewing the dashboard
- Using Compliance Operator with RHACS
- Managing compliance
- Evaluating security risks
- Using admission controller enforcement
- Managing security policies
- Managing network policies
- Build-time network policy tools
- Visualizing external entities
- Auditing listening endpoints
- Reviewing cluster configuration
- Examining images for vulnerabilities
- Verifying image signatures
- Managing vulnerabilities
- Responding to violations
- Using deployment collections
- Searching and filtering
- Managing user access
- Using the system health dashboard
- Using the administration events page
- Integrating
- Integrating with image registries
- Integrating with CI systems
- Integrating with PagerDuty
- Integrating with Slack
- Integrating by using generic webhooks
- Integrating with QRadar
- Integrating with ServiceNow
- Integrating with Sumo Logic
- Integrating with Google Cloud Storage
- Integrating by using the syslog protocol
- Integrating with Amazon S3
- Integrating with S3 API compatible services
- Integrating with Google Cloud Security Command Center
- Integrating with Splunk
- Integrating with image vulnerability scanners
- Integrating with Jira
- Integrating with email
- Integrating with cloud management platforms
- Integrating using short-lived tokens
- Integrating with Microsoft Sentinel notifier
- Backup and restore
- Upgrading
- roxctl CLI
- Troubleshooting Collector
- Troubleshooting Central
- Telemetry
- Support
- API reference
- Version v1
- AdministrationEventService
- AdministrationUsageService
- AlertService
- APITokenService
- AuthProviderService
- AuthService
- CentralHealthService
- CloudSourcesService
- ClusterCVEService
- ClusterInitService
- ClustersService
- CollectionService
- ComplianceManagementService
- ComplianceService
- ConfigService
- CredentialExpiryService
- DBService
- DebugService
- DeclarativeConfigHealthService
- DelegatedRegistryConfigService
- DeploymentService
- DetectionService
- DiscoveredClustersService
- ExternalBackupService
- FeatureFlagService
- GroupService
- GRPCPreferencesService
- ImageCVEService
- ImageIntegrationService
- ImageService
- IntegrationHealthService
- ListeningEndpointsService
- MetadataService
- MitreAttackService
- NamespaceService
- NetworkBaselineService
- NetworkGraphService
- NetworkPolicyService
- GetAllowedPeersFromCurrentPolicyForDeployment
- ApplyNetworkPolicy
- ApplyNetworkPolicyYamlForDeployment
- GetDiffFlowsBetweenPolicyAndBaselineForDeployment
- GetNetworkGraph
- GetBaselineGeneratedNetworkPolicyForDeployment
- GenerateNetworkPolicies
- GetNetworkPolicies
- GetNetworkGraphEpoch
- GetNetworkPolicy
- SendNetworkPolicyYAML
- SimulateNetworkGraph
- GetDiffFlowsFromUndoModificationForDeployment
- GetUndoModification
- GetUndoModificationForDeployment
- NodeCVEService
- NodeService
- NotifierService
- PingService
- PodService
- PolicyCategoryService
- PolicyService
- ProbeUploadService
- ProcessBaselineService
- ProcessService
- RbacService
- ReportConfigurationService
- ReportService
- RoleService
- ComputeEffectiveAccessScope
- GetMyPermissions
- ListPermissionSets
- DeletePermissionSet
- GetPermissionSet
- PutPermissionSet
- PostPermissionSet
- GetResources
- GetRoles
- DeleteRole
- GetRole
- CreateRole
- UpdateRole
- GetNamespacesForClusterAndPermissions
- GetClustersForPermissions
- ListSimpleAccessScopes
- DeleteSimpleAccessScope
- GetSimpleAccessScope
- PutSimpleAccessScope
- PostSimpleAccessScope
- SearchService
- SecretService
- SensorUpgradeService
- ServiceAccountService
- ServiceIdentityService
- SignatureIntegrationService
- SummaryService
- TelemetryService
- UserService
- VulnerabilityRequestService
- VulnMgmtService
- Version v2
- ComplianceIntegrationService
- ComplianceProfileService
- ComplianceResultsService
- ComplianceResultsStatsService
- ComplianceRuleService
- ComplianceScanConfigurationService
- ListComplianceScanConfigClusterProfiles
- ListComplianceScanConfigurations
- DeleteComplianceScanConfiguration
- GetComplianceScanConfiguration
- UpdateComplianceScanConfiguration
- GetReportHistory
- GetMyReportHistory
- RunComplianceScanConfiguration
- CreateComplianceScanConfiguration
- ListComplianceScanConfigProfiles
- DeleteReport
- RunReport
- ReportService
- VulnerabilityExceptionService
- Version v1
CancelVulnerabilityException
POST /v2/vulnerability-exceptions/{id}/cancel
CancelVulnerabilityException cancels a vulnerability exception. Once cancelled, an approved exception is no longer enforced. Cancelled exceptions are garbage collected as per the retention configuration .expiredVulnReqRetentionDurationDays (GET /v1/config/).
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
A successful response. |
|
0 |
An unexpected error response. |
Common object reference
RpcStatus
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
code |
Integer |
int32 |
|||
message |
String |
||||
details |
List of ProtobufAny |
ScopeImage
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
registry |
String |
||||
remote |
String |
||||
tag |
String |
V2CancelVulnerabilityExceptionResponse
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
exception |
V2Comment
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
id |
String |
||||
message |
String |
||||
user |
|||||
createdAt |
Date |
date-time |
V2DeferralUpdate
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
cves |
List of |
Use this field to update the CVEs of a deferral exception. |
|||
expiry |
V2ExceptionExpiry
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
expiryType |
TIME, ALL_CVE_FIXABLE, ANY_CVE_FIXABLE, |
||||
expiresOn |
Date |
Indicates the timestamp when the exception expires. This field is REQUIRED only if the expiry type is set to TIME. |
date-time |
V2ExceptionStatus
Indicates the status of a request.
-
PENDING: Default request state. It indicates that the request has not been fulfilled and that an action (approve/deny) is required.
-
APPROVED: Indicates that the request has been approved by the approver.
-
DENIED: Indicates that the request has been denied by the approver.
-
APPROVED_PENDING_UPDATE: Indicates that the original request was approved, but an update is still pending an approval or denial.
| Enum Values |
|---|
PENDING |
APPROVED |
DENIED |
APPROVED_PENDING_UPDATE |
V2FalsePositiveUpdate
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
cves |
List of |
Use this field to update the CVEs of a false-positive exception. |
V2VulnerabilityException
Next available tag: 16 VulnerabilityException represents a vulnerability exception such as deferral and false-positive.
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
id |
String |
||||
name |
String |
Auto-generated display name of the exception. |
|||
targetState |
OBSERVED, DEFERRED, FALSE_POSITIVE, |
||||
status |
PENDING, APPROVED, DENIED, APPROVED_PENDING_UPDATE, |
||||
expired |
Boolean |
If set to |
|||
requester |
|||||
approvers |
List of V2SlimUser |
||||
createdAt |
Date |
date-time |
|||
lastUpdated |
Date |
date-time |
|||
comments |
List of V2Comment |
||||
scope |
|||||
deferralRequest |
|||||
falsePositiveRequest |
Object |
||||
cves |
List of |
Indicates the CVEs to which the exception applies. |
|||
deferralUpdate |
|||||
falsePositiveUpdate |
V2VulnerabilityState
VulnerabilityState are the possible applicable to CVE. By default all vulnerabilities are in observed state.
-
OBSERVED: This is the default state and indicates that the CVE is not excluded from policy evaluation and risk evaluation.
-
DEFERRED: Indicates that the vulnerability is deferred. A deferred CVE is excluded from policy evaluation and risk evaluation.
-
FALSE_POSITIVE: Indicates that the vulnerability is a false-positive. A false-positive CVE is excluded from policy evaluation and risk evaluation.
| Enum Values |
|---|
OBSERVED |
DEFERRED |
FALSE_POSITIVE |