DEV Community

Shannon McFarland for Outshift By Cisco

Posted on β€’ Edited on

1

VMClarity: How to use the API

If you are just now joining us on our multi-post series on the VMClarity open source project, check out these other posts to catch up:


The VMClarity API

VMClarity uses the OpenAPI spec; you can look at it here: https://github.com/openclarity/vmclarity/blob/main/api/openapi.yaml.

You can interact with the API via the following methods:

  • VMClarity UI - See the blogs referenced above to understand how to interact with the UI)
  • curl commands - See the video and commands referenced below
  • API tools such as Postman - See the video below

Once you have VMClarity up and running, check out this video to learn more about interacting with the VMClarity API:


Here are some of the commands that I referenced in the video:
SSH tunnel into the VMClarity Server instance (EC2):

ssh -i <your PEM> -N -L 8888:localhost:8888 ubuntu@<VMClarity public IP address>
Enter fullscreen mode Exit fullscreen mode

curl against the VMClarity API to get the scan configurations:

curl -s -X GET http://localhost:8888/api/scanConfigs -H 'Content-Type: application/json' | json_pp
Enter fullscreen mode Exit fullscreen mode

curl to get a list of scan targets (EC2 assets found based on the scan scope in the scan configuration):

curl -s -X GET http://localhost:8888/api/targets -H 'Content-Type: application/json' | json_pp
Enter fullscreen mode Exit fullscreen mode

curl to get the scan results. Note: This is going to generate a LOT of output. It is best to view this information in the UI:

curl -s -X GET http://localhost:8888/api/scanResults -H 'Content-Type: application/json' | json_pp
Enter fullscreen mode Exit fullscreen mode

Learn More & Join the Community!

Learn more about VMClarity and join the community! https://github.com/openclarity/vmclarity

I will be back with more posts on understanding how VMClarity works, and how you can contribute to it!

You can also learn more about the other Clarity projects, such as (API security) and KubeClarity (K8s SBOM/Supply chain security) here:

And several blogs about both projects are here:
https://techblog.cisco.com/


Shannon McFarland is a Distinguished Engineer and open source advocate in Cisco’s Emerging Technology & Incubation organization. You can follow him on Twitter @eyepv6.

API Trace View

How I Cut 22.3 Seconds Off an API Call with Sentry πŸ•’

Struggling with slow API calls? Dan Mindru walks through how he used Sentry's new Trace View feature to shave off 22.3 seconds from an API call.

Get a practical walkthrough of how to identify bottlenecks, split tasks into multiple parallel tasks, identify slow AI model calls, and more.

Read more β†’

Top comments (0)

Billboard image

Try REST API Generation for Snowflake

DevOps for Private APIs. Automate the building, securing, and documenting of internal/private REST APIs with built-in enterprise security on bare-metal, VMs, or containers.

  • Auto-generated live APIs mapped from Snowflake database schema
  • Interactive Swagger API documentation
  • Scripting engine to customize your API
  • Built-in role-based access control

Learn more