Skip to main content

Container Waivers API

API endpoints for automation with Firewall for Container.

Get Quarantined Containers

This endpoint returns the policy violations for quarantined containers.

GET /api/v2/malware-defense/container-image/policyViolations/quarantined

This endpoint requires the following parameters to be included in the request as parameters at the end of the request URL.

  • page: integer($int32) - the current page number must be greater than or equal to 1. The number of pages will be the total results divided by the pageSize rounded up. Start with a value of 1 and increase for subsequent requests until the total results are returned.

  • pageSize: integer($int32) - the requested number of result per page must be less than or equal to 100.

Example request:

curl -X GET 'https://iq-server.example/platform/api/v2/malware-defense/container-image/policyViolations/quarantined?page=1&pageSize=100'

Example response:

{
  "total": 35,
  "page": 1,
  "pageSize": 100,
  "pageCount": 1,
  "results": [
    {
      "threatLevel": 10,
      "openTime": 1752597551260,
      "applicationPublicId": "repo.example-docker-proxy-library-nginx-1.19.6",
      "applicationId": "9d03e8759202421b916d95c400000000",
      "applicationName": "repo.example-docker-proxy-library-nginx-1.19.6",
      "repositoryPublicId": "docker-proxy",
      "repositoryId": "a1ee756e8eed484c82952d8000000000",
      "policyViolationCount": 252,
      "scanId": "52459e9548454a9abd889fb000000000"
    }, ...
  ]
}

Either the applicationPublicId or the applicationId may be used as the containerImageId when applying or deleting waivers.

Waive All Container Violations

An API endpoint to waive all policy violations from a container image evaluated. The path param near the end of the URL must contain the container image identifier.

POST /api/v2/malware-defense/container-image/{containerImageId}/policyWaiver

Use the quarantined containers endpoint above for the containerImageId of the container.

The body of the request JSON can include the following fields:

  • expiryTime (optional default null): Sets the datetime when the waiver expires.

  • waiverReasonId (optional default null): Sets the specific reason chosen for the waiver.

  • comment (optional default null): Further explanation about the waiver.

{
  "expiryTime": "2025-07-29T18:23:01.554Z",
  "waiverReasonId": "some reason as a string",
  "comment": "test-comment as a string"
}

The response code returns a 204 when the waiver has been created successfully.

Get Container Waivers

This endpoint returns a list of applied container waivers.

GET /api/v2/malware-defense/container-image/policyWaiver

This endpoint requires the following parameters to be included in the request as parameters at the end of the request URL.

  • page: integer($int32) - the current page number must be greater than or equal to 1. The number of pages will be the total results divided by the pageSize rounded up. Start with a value of 1 and increase for subsequent requests until the total results are returned.

  • pageSize: integer($int32) - the requested number of result per page must be less than or equal to 100.

Example request:

curl -X GET 'https://iq-server.example/platform/api/v2/malware-defense/container-image/policyWaiver?page=1&pageSize=100'

Example response:

NEED EXAMPLE

Remove Container Waiver

Endpoint to remove the waiver applied to all of the violations for the container.

DELETE /api/v2/malware-defense/container-image/{containerImageId}/policyWaiver

The response code returns a 204 when the waiver has been successfully removed.