If you are just now joining us on our multi-post series on the VMClarity open source project, check out these other posts to catch up:
Introduction to VMClarity and how to get it deployed: https://dev.to/ciscoemerge/vmclarity-virtual-machine-security-5e8g
Behind the scenes of a VMClarity scan: https://dev.to/ciscoemerge/vmclarity-what-happens-during-a-scan-3g08
VMClarity uses the OpenAPI spec; you can look at it here: https://github.com/openclarity/vmclarity/blob/main/api/openapi.yaml.
You can interact with the API via the following methods:
- VMClarity UI - See the blogs referenced above to understand how to interact with the UI)
- curl commands - See the video and commands referenced below
- API tools such as Postman - See the video below
Once you have VMClarity up and running, check out this video to learn more about interacting with the VMClarity API:
Here are some of the commands that I referenced in the video:
SSH tunnel into the VMClarity Server instance (EC2):
ssh -i <your PEM> -N -L 8888:localhost:8888 ubuntu@<VMClarity public IP address>
curl against the VMClarity API to get the scan configurations:
curl -s -X GET http://localhost:8888/api/scanConfigs -H 'Content-Type: application/json' | json_pp
curl to get a list of scan targets (EC2 assets found based on the scan scope in the scan configuration):
curl -s -X GET http://localhost:8888/api/targets -H 'Content-Type: application/json' | json_pp
curl to get the scan results. Note: This is going to generate a LOT of output. It is best to view this information in the UI:
curl -s -X GET http://localhost:8888/api/scanResults -H 'Content-Type: application/json' | json_pp
Learn more about VMClarity and join the community! https://github.com/openclarity/vmclarity
I will be back with more posts on understanding how VMClarity works, and how you can contribute to it!
You can also learn more about the other Clarity projects, such as (API security) and KubeClarity (K8s SBOM/Supply chain security) here:
And several blogs about both projects are here:
Shannon McFarland is a Distinguished Engineer and open source advocate in Cisco’s Emerging Technology & Incubation organization. You can follow him on Twitter @eyepv6.