Kubescape Access Keys API
Create, list, retrieve, and revoke the Agent Access Keys used to authenticate ARMO Platform Customer API requests via the X-API-KEY header, plus manage posture and vulnerability exception policies.
Create, list, retrieve, and revoke the Agent Access Keys used to authenticate ARMO Platform Customer API requests via the X-API-KEY header, plus manage posture and vulnerability exception policies.
openapi: 3.0.3
info:
title: ARMO Platform Customer API (Kubescape)
description: >-
The ARMO Platform Customer API is the hosted REST API of ARMO Platform, the
commercial multi-cluster, multi-cloud Kubernetes security SaaS built on the
open-source Kubescape project (CNCF, Apache 2.0). It exposes the security
posture, compliance, vulnerability, runtime threat detection, network policy,
and registry/repository scanning data that Kubescape produces.
The endpoint paths in this document are taken from the public ARMO Customer
API reference (hub.armosec.io/reference/customer-api). Request and response
schemas are honestly modeled by API Evangelist to represent typical payloads
and are not copied verbatim from a published machine-readable spec; verify
exact field names against the live reference before integrating.
Note on the open-source tool: the core Kubescape CLI is not an HTTP API, and
the in-cluster Operator components expose their own OpenAPI/Swagger UIs
(/openapi/v2/swaggerui) only inside the cluster - not on this hosted host.
This document covers the hosted ARMO Platform Customer API only.
version: '1.0'
contact:
name: ARMO / Kubescape
url: https://www.armosec.io
license:
name: Apache-2.0 (open-source Kubescape core)
url: https://github.com/kubescape/kubescape/blob/master/LICENSE
servers:
- url: https://api.armosec.io/api/v1
description: ARMO Platform Customer API
security:
- apiKeyAuth: []
tags:
- name: Posture & Compliance
description: Framework, control, and resource posture results.
- name: Vulnerabilities
description: Image and workload vulnerability scanning and results.
- name: Runtime Security
description: Runtime incidents, attack chains, and security risks.
- name: Network Policies
description: Generated NetworkPolicies and seccomp profiles.
- name: Registry & Repository
description: Registry scans and Git repository posture.
- name: Access Keys
description: Agent access keys and exception policies.
paths:
/posture/frameworks:
post:
operationId: getPostureFrameworks
tags: [Posture & Compliance]
summary: Get framework scan summaries
description: Returns compliance scan summaries per framework (NSA-CISA, MITRE, CIS, SOC2, and others).
requestBody:
$ref: '#/components/requestBodies/ListRequest'
responses:
'200':
description: Framework summaries.
content:
application/json:
schema:
type: object
properties:
response:
type: array
items:
$ref: '#/components/schemas/FrameworkSummary'
'401':
$ref: '#/components/responses/Unauthorized'
/posture/controls:
post:
operationId: getPostureControls
tags: [Posture & Compliance]
summary: Get control run results
description: Returns per-control run results with pagination. Each control is one of the 200+ Kubescape controls (C-0001..C-0292).
requestBody:
$ref: '#/components/requestBodies/ListRequest'
responses:
'200':
description: Control results.
content:
application/json:
schema:
type: object
properties:
response:
type: array
items:
$ref: '#/components/schemas/ControlResult'
'401':
$ref: '#/components/responses/Unauthorized'
/posture/controls/sections:
post:
operationId: getPostureControlSections
tags: [Posture & Compliance]
summary: Get framework subsection summaries
description: Returns summaries for the subsections of a compliance framework.
requestBody:
$ref: '#/components/requestBodies/ListRequest'
responses:
'200':
description: Section summaries.
content:
application/json:
schema:
type: object
'401':
$ref: '#/components/responses/Unauthorized'
/posture/resources:
post:
operationId: getPostureResources
tags: [Posture & Compliance]
summary: List affected resources
description: Returns the Kubernetes resources affected by posture control failures.
requestBody:
$ref: '#/components/requestBodies/ListRequest'
responses:
'200':
description: Affected resources.
content:
application/json:
schema:
type: object
properties:
response:
type: array
items:
$ref: '#/components/schemas/AffectedResource'
'401':
$ref: '#/components/responses/Unauthorized'
/vulnerability/scan:
post:
operationId: startVulnerabilityScan
tags: [Vulnerabilities]
summary: Initiate a vulnerability scan
description: Triggers an image vulnerability scan.
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ScanRequest'
responses:
'200':
description: Scan accepted.
content:
application/json:
schema:
$ref: '#/components/schemas/ScanAccepted'
'401':
$ref: '#/components/responses/Unauthorized'
/vulnerability/scanResults/summary:
post:
operationId: getVulnerabilityScanSummary
tags: [Vulnerabilities]
summary: Get vulnerability scan summaries
requestBody:
$ref: '#/components/requestBodies/ListRequest'
responses:
'200':
description: Scan summaries.
content:
application/json:
schema:
type: object
'401':
$ref: '#/components/responses/Unauthorized'
/vulnerability/scanResults/details:
post:
operationId: getVulnerabilityScanDetails
tags: [Vulnerabilities]
summary: Get detailed CVE listings
requestBody:
$ref: '#/components/requestBodies/ListRequest'
responses:
'200':
description: CVE details.
content:
application/json:
schema:
type: object
properties:
response:
type: array
items:
$ref: '#/components/schemas/Vulnerability'
'401':
$ref: '#/components/responses/Unauthorized'
/vulnerability/severity:
post:
operationId: getVulnerabilitySeverity
tags: [Vulnerabilities]
summary: Get latest scan severity metrics
requestBody:
$ref: '#/components/requestBodies/ListRequest'
responses:
'200':
description: Severity metrics.
content:
application/json:
schema:
type: object
'401':
$ref: '#/components/responses/Unauthorized'
/vulnerabilities/list:
post:
operationId: listVulnerabilities
tags: [Vulnerabilities]
summary: List vulnerabilities
description: Scoped list of vulnerabilities, including "Vulnerabilities In Use" (runtime-observed) filtering.
requestBody:
$ref: '#/components/requestBodies/ListRequest'
responses:
'200':
description: Vulnerabilities.
content:
application/json:
schema:
type: object
properties:
response:
type: array
items:
$ref: '#/components/schemas/Vulnerability'
'401':
$ref: '#/components/responses/Unauthorized'
/images/list:
post:
operationId: listImages
tags: [Vulnerabilities]
summary: List scanned images
requestBody:
$ref: '#/components/requestBodies/ListRequest'
responses:
'200':
description: Images.
content:
application/json:
schema:
type: object
'401':
$ref: '#/components/responses/Unauthorized'
/runtimeIncidents:
get:
operationId: listRuntimeIncidents
tags: [Runtime Security]
summary: List runtime incidents
description: Returns eBPF-based runtime threat detection incidents.
responses:
'200':
description: Runtime incidents.
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/RuntimeIncident'
'401':
$ref: '#/components/responses/Unauthorized'
/runtimeIncidents/{guid}/alerts:
get:
operationId: getRuntimeIncidentAlerts
tags: [Runtime Security]
summary: Get alerts for an incident
parameters:
- $ref: '#/components/parameters/Guid'
responses:
'200':
description: Alerts.
content:
application/json:
schema:
type: array
items:
type: object
'401':
$ref: '#/components/responses/Unauthorized'
/runtimeIncidents/{guid}/resolve:
post:
operationId: resolveRuntimeIncident
tags: [Runtime Security]
summary: Resolve a runtime incident
description: Marks an incident as FalsePositive or Suspicious.
parameters:
- $ref: '#/components/parameters/Guid'
responses:
'200':
description: Resolved.
'401':
$ref: '#/components/responses/Unauthorized'
/attackChains:
post:
operationId: getAttackChains
tags: [Runtime Security]
summary: Get attack path (attack chain) analysis
requestBody:
$ref: '#/components/requestBodies/ListRequest'
responses:
'200':
description: Attack chains.
content:
application/json:
schema:
type: object
'401':
$ref: '#/components/responses/Unauthorized'
/securityRisks:
get:
operationId: getSecurityRisks
tags: [Runtime Security]
summary: Get prioritized security risks
responses:
'200':
description: Security risks.
content:
application/json:
schema:
type: object
'401':
$ref: '#/components/responses/Unauthorized'
/networkPolicies:
get:
operationId: getNetworkPolicies
tags: [Network Policies]
summary: Retrieve generated network policies
responses:
'200':
description: Network policies.
content:
application/json:
schema:
type: array
items:
type: object
'401':
$ref: '#/components/responses/Unauthorized'
/networkPolicies/generate:
post:
operationId: generateNetworkPolicies
tags: [Network Policies]
summary: Generate least-privilege NetworkPolicies
description: Generates Kubernetes NetworkPolicies from observed workload behavior (Bill of Behavior).
requestBody:
$ref: '#/components/requestBodies/ListRequest'
responses:
'200':
description: Generated policies.
content:
application/json:
schema:
type: object
'401':
$ref: '#/components/responses/Unauthorized'
/seccompProfiles/generate:
post:
operationId: generateSeccompProfiles
tags: [Network Policies]
summary: Generate seccomp profiles
requestBody:
$ref: '#/components/requestBodies/ListRequest'
responses:
'200':
description: Generated seccomp profiles.
content:
application/json:
schema:
type: object
'401':
$ref: '#/components/responses/Unauthorized'
/registry/scan:
post:
operationId: scheduleRegistryScan
tags: [Registry & Repository]
summary: Schedule a registry scan
description: Schedules a container registry scan (ECR, GAR, ACR, Harbor, Quay, Nexus, GitLab).
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/RegistryScanRequest'
responses:
'200':
description: Registry scan scheduled.
content:
application/json:
schema:
$ref: '#/components/schemas/ScanAccepted'
'401':
$ref: '#/components/responses/Unauthorized'
/repositoryPosture/failedControls:
post:
operationId: getRepositoryFailedControls
tags: [Registry & Repository]
summary: Get repository failed controls
requestBody:
$ref: '#/components/requestBodies/ListRequest'
responses:
'200':
description: Failed controls for a Git repository.
content:
application/json:
schema:
type: object
'401':
$ref: '#/components/responses/Unauthorized'
/authentication/accessKeys:
get:
operationId: listAccessKeys
tags: [Access Keys]
summary: List agent access keys
responses:
'200':
description: Access keys.
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/AccessKey'
'401':
$ref: '#/components/responses/Unauthorized'
post:
operationId: createAccessKey
tags: [Access Keys]
summary: Create an agent access key
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AccessKey'
responses:
'200':
description: Created access key.
content:
application/json:
schema:
$ref: '#/components/schemas/AccessKey'
'401':
$ref: '#/components/responses/Unauthorized'
/authentication/accessKeys/{guid}:
delete:
operationId: deleteAccessKey
tags: [Access Keys]
summary: Revoke an agent access key
parameters:
- $ref: '#/components/parameters/Guid'
responses:
'200':
description: Revoked.
'401':
$ref: '#/components/responses/Unauthorized'
components:
securitySchemes:
apiKeyAuth:
type: apiKey
in: header
name: X-API-KEY
description: >-
Agent Access Key generated in ARMO Platform under Settings > Agent
Access Keys, sent in the X-API-KEY request header.
parameters:
Guid:
name: guid
in: path
required: true
description: The GUID of the target resource.
schema:
type: string
requestBodies:
ListRequest:
description: Standard ARMO list/query body with pagination, sorting, and field filters.
content:
application/json:
schema:
$ref: '#/components/schemas/ListRequest'
responses:
Unauthorized:
description: Missing or invalid X-API-KEY.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
schemas:
ListRequest:
type: object
description: Query body used across ARMO list endpoints.
properties:
pageSize:
type: integer
default: 50
pageNum:
type: integer
default: 0
orderBy:
type: string
innerFilters:
type: array
items:
type: object
additionalProperties: true
FrameworkSummary:
type: object
properties:
name:
type: string
example: cis-v1.10.0
complianceScore:
type: number
format: float
failedControls:
type: integer
totalControls:
type: integer
ControlResult:
type: object
properties:
id:
type: string
example: C-0016
name:
type: string
example: Allow privilege escalation
severity:
type: string
enum: [Low, Medium, High, Critical]
status:
type: string
enum: [passed, failed, skipped]
affectedResourcesCount:
type: integer
AffectedResource:
type: object
properties:
resourceID:
type: string
kind:
type: string
example: Deployment
namespace:
type: string
name:
type: string
cluster:
type: string
ScanRequest:
type: object
properties:
cluster:
type: string
namespace:
type: string
imageTag:
type: string
RegistryScanRequest:
type: object
properties:
registryName:
type: string
registryProvider:
type: string
enum: [ecr, gar, acr, harbor, quay, nexus, gitlab]
cron:
type: string
description: Cron schedule for recurring scans.
ScanAccepted:
type: object
properties:
status:
type: string
example: accepted
jobID:
type: string
Vulnerability:
type: object
properties:
name:
type: string
example: CVE-2024-3094
severity:
type: string
enum: [Negligible, Low, Medium, High, Critical]
packageName:
type: string
packageVersion:
type: string
fixedInVersion:
type: string
isRelevant:
type: boolean
description: Whether the vulnerability is in a component observed in use at runtime.
RuntimeIncident:
type: object
properties:
guid:
type: string
name:
type: string
severity:
type: string
enum: [Low, Medium, High, Critical]
cluster:
type: string
namespace:
type: string
workload:
type: string
status:
type: string
enum: [Active, FalsePositive, Suspicious]
creationTime:
type: string
format: date-time
AccessKey:
type: object
properties:
guid:
type: string
name:
type: string
expirationDate:
type: string
format: date-time
Error:
type: object
properties:
error:
type: string
code:
type: integer