DEV Community

Shannon McFarland for Outshift By Cisco

Posted on • Updated on

VMClarity: How to use the API

If you are just now joining us on our multi-post series on the VMClarity open source project, check out these other posts to catch up:


The VMClarity API

VMClarity uses the OpenAPI spec; you can look at it here: https://github.com/openclarity/vmclarity/blob/main/api/openapi.yaml.

You can interact with the API via the following methods:

  • VMClarity UI - See the blogs referenced above to understand how to interact with the UI)
  • curl commands - See the video and commands referenced below
  • API tools such as Postman - See the video below

Once you have VMClarity up and running, check out this video to learn more about interacting with the VMClarity API:


Here are some of the commands that I referenced in the video:
SSH tunnel into the VMClarity Server instance (EC2):

ssh -i <your PEM> -N -L 8888:localhost:8888 ubuntu@<VMClarity public IP address>
Enter fullscreen mode Exit fullscreen mode

curl against the VMClarity API to get the scan configurations:

curl -s -X GET http://localhost:8888/api/scanConfigs -H 'Content-Type: application/json' | json_pp
Enter fullscreen mode Exit fullscreen mode

curl to get a list of scan targets (EC2 assets found based on the scan scope in the scan configuration):

curl -s -X GET http://localhost:8888/api/targets -H 'Content-Type: application/json' | json_pp
Enter fullscreen mode Exit fullscreen mode

curl to get the scan results. Note: This is going to generate a LOT of output. It is best to view this information in the UI:

curl -s -X GET http://localhost:8888/api/scanResults -H 'Content-Type: application/json' | json_pp
Enter fullscreen mode Exit fullscreen mode

Learn More & Join the Community!

Learn more about VMClarity and join the community! https://github.com/openclarity/vmclarity

I will be back with more posts on understanding how VMClarity works, and how you can contribute to it!

You can also learn more about the other Clarity projects, such as (API security) and KubeClarity (K8s SBOM/Supply chain security) here:

And several blogs about both projects are here:
https://techblog.cisco.com/


Shannon McFarland is a Distinguished Engineer and open source advocate in Cisco’s Emerging Technology & Incubation organization. You can follow him on Twitter @eyepv6.

Top comments (0)