feat(VULN-1588): Update CLI vuln container list-assessments and list-registries to use new ImageSummary API (#1754)

* feat: First steps at using new api for container vuln assessments

* feat: vulnerability observation api file

* feat: use new vuln observations image summary api

* style: fix linting

* style: fix linting

* test: update vuln container list assessments unit tests

* feat: return registries alphabetically

* feat: remove duplicate assessments

* fix: remove tag from list-assessments

* style: fix import order

* test: update integration tests

* test: fix container vuln integration tests

* feat: switch to RFC3339 timestamp

Author: kendall-choy-lw

api/api.go

@@ -116,6 +116,8 @@ const (
 	apiV2VulnerabilitiesHostsSearch          = "v2/Vulnerabilities/Hosts/search"
 	apiV2VulnerabilitiesSoftwarePackagesScan = "v2/Vulnerabilities/SoftwarePackages/scan"
 
+	apiV2VulnerabilityObservationsImageSummarySearch = "v2/VulnerabilityObservations/ImageSummary/search"
+
 	apiV2VulnerabilityExceptions        = "v2/VulnerabilityExceptions"
 	apiV2VulnerabilityExceptionFromGUID = "v2/VulnerabilityExceptions/%s"
 

api/v2.go

@@ -32,39 +32,40 @@ type V2Endpoints struct {
 	client *Client
 
 	// Every schema must have its own service
-	UserProfile             *UserProfileService
-	AlertChannels           *AlertChannelsService
-	Alert                   *v2alertProfilesService
-	AlertRules              *AlertRulesService
-	ReportRules             *ReportRulesService
-	CloudAccounts           *CloudAccountsService
-	Components              *ComponentsService
-	ComponentData           *ComponentDataService
-	ContainerRegistries     *ContainerRegistriesService
-	Configs                 *v2ConfigService
-	FeatureFlags            *FeatureFlagsService
-	ResourceGroups          *ResourceGroupsService
-	AgentAccessTokens       *AgentAccessTokensService
-	AgentInfo               *AgentInfoService
-	Inventory               *InventoryService
-	ComplianceEvaluations   *ComplianceEvaluationService
-	Query                   *QueryService
-	OrganizationInfo        *OrganizationInfoService
-	Policy                  *PolicyService
-	Reports                 *ReportsService
-	ReportDefinitions       *ReportDefinitionsService
-	Metrics                 *MetricsService
-	ReportDistributions     *ReportDistributionsService
-	Entities                *EntitiesService
-	Schemas                 *SchemasService
-	Datasources             *DatasourcesService
-	DataExportRules         *DataExportRulesService
-	TeamMembers             *TeamMembersService
-	VulnerabilityExceptions *VulnerabilityExceptionsService
-	Vulnerabilities         *v2VulnerabilitiesService
-	Alerts                  *AlertsService
-	Suppressions            *SuppressionsServiceV2
-	Recommendations         *RecommendationsServiceV2
+	UserProfile               *UserProfileService
+	AlertChannels             *AlertChannelsService
+	Alert                     *v2alertProfilesService
+	AlertRules                *AlertRulesService
+	ReportRules               *ReportRulesService
+	CloudAccounts             *CloudAccountsService
+	Components                *ComponentsService
+	ComponentData             *ComponentDataService
+	ContainerRegistries       *ContainerRegistriesService
+	Configs                   *v2ConfigService
+	FeatureFlags              *FeatureFlagsService
+	ResourceGroups            *ResourceGroupsService
+	AgentAccessTokens         *AgentAccessTokensService
+	AgentInfo                 *AgentInfoService
+	Inventory                 *InventoryService
+	ComplianceEvaluations     *ComplianceEvaluationService
+	Query                     *QueryService
+	OrganizationInfo          *OrganizationInfoService
+	Policy                    *PolicyService
+	Reports                   *ReportsService
+	ReportDefinitions         *ReportDefinitionsService
+	Metrics                   *MetricsService
+	ReportDistributions       *ReportDistributionsService
+	Entities                  *EntitiesService
+	Schemas                   *SchemasService
+	Datasources               *DatasourcesService
+	DataExportRules           *DataExportRulesService
+	TeamMembers               *TeamMembersService
+	VulnerabilityExceptions   *VulnerabilityExceptionsService
+	Vulnerabilities           *v2VulnerabilitiesService
+	VulnerabilityObservations *v2VulnerabilityObservationsService
+	Alerts                    *AlertsService
+	Suppressions              *SuppressionsServiceV2
+	Recommendations           *RecommendationsServiceV2
 }
 
 func NewV2Endpoints(c *Client) *V2Endpoints {
@@ -99,6 +100,7 @@ func NewV2Endpoints(c *Client) *V2Endpoints {
 		&TeamMembersService{c},
 		&VulnerabilityExceptionsService{c},
 		NewV2VulnerabilitiesService(c),
+		NewV2VulnerabilityObservationsService(c),
 		&AlertsService{c},
 		&SuppressionsServiceV2{c,
 			&AwsSuppressionsV2{c},

api/v2_vulnerability_observations.go

@@ -0,0 +1,91 @@
+package api
+
+const TimestampLayout = "2006-01-02 15:04:05.000 Z"
+
+type v2VulnerabilityObservationsService struct {
+	client       *Client
+	ImageSummary *v2VulnerabilityObservationImageSummaryService
+}
+
+func NewV2VulnerabilityObservationsService(c *Client) *v2VulnerabilityObservationsService {
+	return &v2VulnerabilityObservationsService{c,
+		&v2VulnerabilityObservationImageSummaryService{c},
+	}
+}
+
+type v2VulnerabilityObservationImageSummaryService struct {
+	client *Client
+}
+
+func (svc *v2VulnerabilityObservationImageSummaryService) Search(filters SearchFilter) (
+	response VulnerabilityObservationsImageSummaryResponse, err error,
+) {
+	err = svc.client.RequestEncoderDecoder(
+		"POST", apiV2VulnerabilityObservationsImageSummarySearch,
+		filters, &response,
+	)
+	return
+}
+
+func (svc *v2VulnerabilityObservationImageSummaryService) SearchAllPages(filters SearchFilter) (
+	response VulnerabilityObservationsImageSummaryResponse, err error,
+) {
+	response, err = svc.Search(filters)
+	if err != nil {
+		return
+	}
+
+	var (
+		all    []VulnerabilityObservationsImageSummary
+		pageOk bool
+	)
+	for {
+		all = append(all, response.Data...)
+
+		pageOk, err = svc.client.NextPage(&response)
+		if err == nil && pageOk {
+			continue
+		}
+		break
+	}
+
+	response.ResetPaging()
+	response.Data = all
+	return
+}
+
+type VulnerabilityObservationsImageSummaryResponse struct {
+	Data   []VulnerabilityObservationsImageSummary `json:"data"`
+	Paging V2Pagination                            `json:"paging"`
+
+	v2PageMetadata `json:"-"`
+}
+
+type VulnerabilityObservationsImageSummary struct {
+	ContainerCount           int    `json:"containerCount"`
+	Digest                   string `json:"digest"`
+	ImageId                  string `json:"imageId"`
+	LastScanTime             string `json:"lastScanTime"`
+	Registry                 string `json:"registry"`
+	Repository               string `json:"repository"`
+	Tag                      string `json:"tag"`
+	ScanStatus               string `json:"scanStatus"`
+	VulnCountCritical        int    `json:"vulnCountCritical"`
+	VulnCountCriticalFixable int    `json:"vulnCountCriticalFixable"`
+	VulnCountHigh            int    `json:"vulnCountHigh"`
+	VulnCountHighFixable     int    `json:"vulnCountHighFixable"`
+	VulnCountMedium          int    `json:"vulnCountMedium"`
+	VulnCountMediumFixable   int    `json:"vulnCountMediumFixable"`
+	VulnCountLow             int    `json:"vulnCountLow"`
+	VulnCountLowFixable      int    `json:"vulnCountLowFixable"`
+	VulnCountInfo            int    `json:"vulnCountInfo"`
+	VulnCountInfoFixable     int    `json:"vulnCountInfoFixable"`
+}
+
+func (r VulnerabilityObservationsImageSummaryResponse) PageInfo() *V2Pagination {
+	return &r.Paging
+}
+func (r *VulnerabilityObservationsImageSummaryResponse) ResetPaging() {
+	r.Paging = V2Pagination{}
+	r.Data = nil
+}

api/v2_vulnerability_observations_test.go

@@ -0,0 +1,170 @@
+package api_test
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/lacework/go-sdk/v2/api"
+	"github.com/lacework/go-sdk/v2/internal/lacework"
+)
+
+func TestV2VulnerabilityObservations_ImageSummary_SearchAllPages_EmptyData(t *testing.T) {
+	fakeServer := lacework.MockServer()
+	fakeServer.MockToken("TOKEN")
+	fakeServer.MockAPI("VulnerabilityObservations/ImageSummary/search",
+		func(w http.ResponseWriter, r *http.Request) {
+			assert.Equal(t, "POST", r.Method, "Search() should be a POST method")
+			fmt.Fprintf(w, mockPaginationEmptyResponse())
+		},
+	)
+	defer fakeServer.Close()
+
+	c, err := api.NewClient("test",
+		api.WithToken("TOKEN"),
+		api.WithURL(fakeServer.URL()),
+	)
+	assert.NoError(t, err)
+
+	response, err := c.V2.VulnerabilityObservations.ImageSummary.SearchAllPages(api.SearchFilter{})
+	assert.NoError(t, err)
+	assert.NotNil(t, response)
+	assert.Equal(t, 0, len(response.Data))
+}
+
+func TestV2VulnerabilityObservations_ImageSummary_SearchAllPages(t *testing.T) {
+	fakeServer := lacework.MockServer()
+	fakeServer.MockToken("TOKEN")
+	fakeServer.MockAPI("VulnerabilityObservations/ImageSummary/search",
+		func(w http.ResponseWriter, r *http.Request) {
+			assert.Equal(t, "POST", r.Method, "Search() should be a POST method")
+			fmt.Fprintf(w, mockVulnerabilityObservationsImageSummaryResponse())
+		},
+	)
+	defer fakeServer.Close()
+
+	c, err := api.NewClient("test",
+		api.WithToken("TOKEN"),
+		api.WithURL(fakeServer.URL()),
+	)
+	assert.NoError(t, err)
+
+	response, err := c.V2.VulnerabilityObservations.ImageSummary.SearchAllPages(api.SearchFilter{})
+	assert.NoError(t, err)
+	assert.NotNil(t, response)
+	assert.Equal(t, 3, len(response.Data))
+}
+
+func TestV2VulnerabilityObservations_ImageSummary_UnmarshalResponse(t *testing.T) {
+	var mockResponse api.VulnerabilityObservationsImageSummaryResponse
+	err := json.Unmarshal([]byte(mockVulnerabilityObservationsImageSummaryResponse()), &mockResponse)
+	assert.NoError(t, err)
+
+	paging := mockResponse.Paging
+	assert.Equal(t, 3, paging.Rows)
+	assert.Equal(t, 3, paging.TotalRows)
+	assert.Empty(t, paging.Urls.NextPage)
+
+	data := mockResponse.Data
+	assert.Equal(t, 3, len(data))
+
+	summary := data[0]
+	assert.Equal(t, 0, summary.ContainerCount)
+	assert.Equal(t, 0, summary.ContainerCount)
+	assert.Equal(t, "sha256:8182c226d7d5bc4ce596f31017e62442fd6fdf4796595073d5342094f1b778df", summary.Digest)
+	assert.Equal(t, "sha256:3fe1c77b23ca802abf84be74215344a2401457e9112d5f560ea50097679155e9", summary.ImageId)
+	assert.Equal(t, "2025-08-06T13:05:05Z", summary.LastScanTime)
+	assert.Equal(t, "docker.io", summary.Registry)
+	assert.Equal(t, "lacework/jre", summary.Repository)
+	assert.Equal(t, "Success", summary.ScanStatus)
+	assert.Equal(t, "amazoncorretto8-alpine3.15-stable", summary.Tag)
+	assert.Equal(t, 0, summary.VulnCountCritical)
+	assert.Equal(t, 0, summary.VulnCountCriticalFixable)
+	assert.Equal(t, 1, summary.VulnCountHigh)
+	assert.Equal(t, 1, summary.VulnCountHighFixable)
+	assert.Equal(t, 0, summary.VulnCountInfo)
+	assert.Equal(t, 0, summary.VulnCountInfoFixable)
+	assert.Equal(t, 0, summary.VulnCountLow)
+	assert.Equal(t, 0, summary.VulnCountLowFixable)
+	assert.Equal(t, 0, summary.VulnCountMedium)
+	assert.Equal(t, 0, summary.VulnCountMediumFixable)
+}
+
+func mockVulnerabilityObservationsImageSummaryResponse() string {
+	return `
+{
+    "paging": {
+        "rows": 3,
+        "totalRows": 3,
+        "urls": {
+            "nextPage": null
+        }
+    },
+    "data": [
+        {
+            "containerCount": 0,
+            "digest": "sha256:8182c226d7d5bc4ce596f31017e62442fd6fdf4796595073d5342094f1b778df",
+            "imageId": "sha256:3fe1c77b23ca802abf84be74215344a2401457e9112d5f560ea50097679155e9",
+            "lastScanTime": "2025-08-06T13:05:05Z",
+            "registry": "docker.io",
+            "repository": "lacework/jre",
+            "scanStatus": "Success",
+            "tag": "amazoncorretto8-alpine3.15-stable",
+            "vulnCountCritical": 0,
+            "vulnCountCriticalFixable": 0,
+            "vulnCountHigh": 1,
+            "vulnCountHighFixable": 1,
+            "vulnCountInfo": 0,
+            "vulnCountInfoFixable": 0,
+            "vulnCountLow": 0,
+            "vulnCountLowFixable": 0,
+            "vulnCountMedium": 0,
+            "vulnCountMediumFixable": 0
+        },
+        {
+            "containerCount": 0,
+            "digest": "sha256:8e6596ca0b60dc3464e286097b33f39012760cca51ba6976c7e8f2ff7a9bce82",
+            "imageId": "sha256:819963f636cf5c396c5d7254e00678563e9197b7f16fdf69e7b4858e8a1fdf52",
+            "lastScanTime": "2025-08-06T13:05:15Z",
+            "registry": "docker.io",
+            "repository": "lacework/jre",
+            "scanStatus": "Success",
+            "tag": "8-alpine3.15-test",
+            "vulnCountCritical": 0,
+            "vulnCountCriticalFixable": 0,
+            "vulnCountHigh": 8,
+            "vulnCountHighFixable": 8,
+            "vulnCountInfo": 0,
+            "vulnCountInfoFixable": 0,
+            "vulnCountLow": 1,
+            "vulnCountLowFixable": 1,
+            "vulnCountMedium": 0,
+            "vulnCountMediumFixable": 0
+        },
+        {
+            "containerCount": 0,
+            "digest": "sha256:a41ec54e6450ccc66d9f2ff975a0004d889349f3e8f5b086ebe8704e7ae962ac",
+            "imageId": "sha256:b167326fa5f713a3cf7d742852967303b1b9301a147f84a0132ae58c47086fb4",
+            "lastScanTime": "2025-08-06T13:05:11Z",
+            "registry": "docker.io",
+            "repository": "lacework/jre",
+            "scanStatus": "Success",
+            "tag": "alpine-test",
+            "vulnCountCritical": 0,
+            "vulnCountCriticalFixable": 0,
+            "vulnCountHigh": 8,
+            "vulnCountHighFixable": 8,
+            "vulnCountInfo": 0,
+            "vulnCountInfoFixable": 0,
+            "vulnCountLow": 1,
+            "vulnCountLowFixable": 1,
+            "vulnCountMedium": 0,
+            "vulnCountMediumFixable": 0
+        }
+    ]
+}
+	`
+}

cli/cmd/vuln_container.go

@@ -19,7 +19,9 @@
 package cmd
 
 import (
-	"github.com/lacework/go-sdk/v2/internal/array"
+	"sort"
+
+	"github.com/lacework/go-sdk/v2/api"
 	"github.com/pkg/errors"
 	flag "github.com/spf13/pflag"
 )
@@ -122,21 +124,23 @@ func setPollFlag(cmds ...*flag.FlagSet) {
 
 func getContainerRegistries() ([]string, error) {
 	var (
-		registries            = make([]string, 0)
-		regsIntegrations, err = cli.LwApi.V2.ContainerRegistries.List()
+		imageSummary, err = cli.LwApi.V2.VulnerabilityObservations.ImageSummary.SearchAllPages(api.SearchFilter{})
 	)
 	if err != nil {
-		return registries, errors.Wrap(err, "unable to get container registry integrations")
+		return nil, errors.Wrap(err, "unable to get container registry integrations")
 	}
 
-	for _, i := range regsIntegrations.Data {
-		// avoid adding empty registries coming from the new local_scanner and avoid adding duplicate registries
-		if i.ContainerRegistryDomain() == "" || array.ContainsStr(registries, i.ContainerRegistryDomain()) {
-			continue
-		}
+	registrySet := make(map[string]struct{})
+	for _, i := range imageSummary.Data {
+		registrySet[i.Registry] = struct{}{}
+	}
 
-		registries = append(registries, i.ContainerRegistryDomain())
+	registries := make([]string, 0, len(registrySet))
+	for r := range registrySet {
+		registries = append(registries, r)
 	}
 
+	sort.Strings(registries)
+
 	return registries, nil
 }