Sysdig website screenshot

Sysdig

Sysdig is a cloud and container security platform that provides runtime threat detection, vulnerability management, cloud security posture management (CSPM), compliance automation, and observability for containers, Kubernetes, and cloud environments. Sysdig Monitor offers full-stack monitoring and alerting while Sysdig Secure delivers runtime security, vulnerability scanning, policy enforcement, incident response, and compliance reporting.

2 APIs 0 Features
Cloud SecurityContainersKubernetesRuntime SecuritySecurityVulnerability ManagementMonitoringObservabilityCSPMCompliance

APIs

Sysdig Monitor

The Sysdig Monitor API provides programmatic access to monitoring and observability capabilities including dashboards, alerts, events, metrics, teams, notification channels, and...

Sysdig Secure

The Sysdig Secure API provides programmatic access to cloud and container security capabilities including vulnerability management, runtime policies, compliance checks, activity...

Collections

Arazzo Workflows

Sysdig Author Falco Rule and Attach to Policy

Create a custom Falco rule, then create a policy that references it.

ARAZZO

Sysdig Build Metric Dashboard

Discover a metric, confirm its descriptor, and create a dashboard for it.

ARAZZO

Sysdig Clone Dashboard

Read a source dashboard and create a copy of it under a new name.

ARAZZO

Sysdig Compliance Task Results

List compliance tasks, pick one, and pull its control results.

ARAZZO

Sysdig Create Alert With Notification Channel

Create a notification channel, then create an alert that routes to it.

ARAZZO

Sysdig Create Policy and Verify

Create a runtime security policy then read it back to confirm it persisted.

ARAZZO

Sysdig Disable Alert

List alerts, find one by name, and disable it via update.

ARAZZO

Sysdig Investigate Secure Event

List secure runtime events, branch on a match, and pull the activity audit.

ARAZZO

Sysdig Provision Team

Create a team, verify it, and scope a notification channel for it.

ARAZZO

Sysdig Publish Event and Confirm

Post a custom event to Monitor, then list events to confirm it landed.

ARAZZO

Sysdig Scan Image and Poll Results

Trigger an image scan, poll until analysis completes, then read findings.

ARAZZO

Sysdig Scanned Image Inventory Review

List scanned images, pick the first, and pull its vulnerabilities and SBOM.

ARAZZO

Sysdig Triage Image Vulnerabilities

List vulnerability results, drill into one image, and pull its SBOM.

ARAZZO

GraphQL

Sysdig GraphQL API

Sysdig provides cloud-native security and observability for Kubernetes, containers, and cloud. The API covers runtime threat detection, compliance posture management, vulnerabil...

GRAPHQL

Pricing Plans

Sysdig Plans Pricing

3 plans

PLANS

Rate Limits

Sysdig Rate Limits

5 limits

RATE LIMITS

FinOps

Sysdig Finops

FINOPS

Semantic Vocabularies

Sysdig Context

31 classes · 0 properties

JSON-LD

API Governance Rules

Sysdig API Rules

10 rules · 4 errors 5 warnings 1 info

SPECTRAL

JSON Structure

Sysdig Alert Structure

0 properties

JSON STRUCTURE

Example Payloads

Sysdig List Alerts Example

2 fields

EXAMPLE

Resources

🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
LinkedIn
LinkedIn
🔗
Website
Website
🔗
Documentation
Documentation
🌐
DeveloperPortal
DeveloperPortal
🚀
GettingStarted
GettingStarted
👥
GitHubOrganization
GitHubOrganization
📰
Blog
Blog
💰
Pricing
Pricing
📝
Signup
Signup
🔗
Terraform Provider
Terraform Provider
📦
Python SDK
Python SDK
🔗
CLI
CLI
🔗
Kubernetes Operator
Kubernetes Operator
🔗
Helm Charts
Helm Charts
🔗
SpectralRules
SpectralRules
🔗
Vocabulary
Vocabulary
📄
ChangeLog
ChangeLog
💬
Support
Support
🟢
StatusPage
StatusPage
🔗
MCPServer
MCPServer

Sources

Raw ↑
opencollection: 1.0.0
info:
  name: Sysdig Secure API
  version: 1.0.0
request:
  auth:
    type: bearer
    token: '{{bearerToken}}'
items:
- info:
    name: Vulnerabilities
    type: folder
  items:
  - info:
      name: List Vulnerability Results
      type: http
    http:
      method: GET
      url: https://api.us1.sysdig.com/api/scanning/v1/resultsDirect
      params:
      - name: limit
        value: ''
        type: query
        description: Maximum number of results to return
      - name: cursor
        value: ''
        type: query
        description: Pagination cursor
      - name: filter
        value: ''
        type: query
        description: Filter expression for vulnerability results
    docs: Retrieve vulnerability scanning results for container images and hosts.
  - info:
      name: Get Image Vulnerabilities
      type: http
    http:
      method: GET
      url: https://api.us1.sysdig.com/api/scanning/v1/images/:imageId/vulnDirect
      params:
      - name: imageId
        value: ''
        type: path
      - name: limit
        value: ''
        type: query
    docs: Retrieve vulnerability findings for a specific container image.
- info:
    name: SBOM
    type: folder
  items:
  - info:
      name: Get Image SBOM
      type: http
    http:
      method: GET
      url: https://api.us1.sysdig.com/api/scanning/v1/images/:imageId/sbom
      params:
      - name: imageId
        value: ''
        type: path
    docs: Retrieve the Software Bill of Materials (SBOM) for a container image in CycloneDX JSON format.
- info:
    name: Policies
    type: folder
  items:
  - info:
      name: List Policies
      type: http
    http:
      method: GET
      url: https://api.us1.sysdig.com/api/policies/v2
      params:
      - name: type
        value: ''
        type: query
        description: Filter by policy type
      - name: limit
        value: ''
        type: query
    docs: Retrieve all runtime security policies.
  - info:
      name: Create Policy
      type: http
    http:
      method: POST
      url: https://api.us1.sysdig.com/api/policies/v2
      body:
        type: json
        data: '{}'
    docs: Create a new runtime security policy.
  - info:
      name: Get Policy
      type: http
    http:
      method: GET
      url: https://api.us1.sysdig.com/api/policies/v2/:policyId
      params:
      - name: policyId
        value: ''
        type: path
        description: Unique identifier of the policy
    docs: Retrieve a specific runtime security policy.
  - info:
      name: Update Policy
      type: http
    http:
      method: PUT
      url: https://api.us1.sysdig.com/api/policies/v2/:policyId
      params:
      - name: policyId
        value: ''
        type: path
        description: Unique identifier of the policy
      body:
        type: json
        data: '{}'
    docs: Update an existing runtime security policy.
  - info:
      name: Delete Policy
      type: http
    http:
      method: DELETE
      url: https://api.us1.sysdig.com/api/policies/v2/:policyId
      params:
      - name: policyId
        value: ''
        type: path
        description: Unique identifier of the policy
    docs: Delete a runtime security policy.
- info:
    name: Rules
    type: folder
  items:
  - info:
      name: List Falco Rules
      type: http
    http:
      method: GET
      url: https://api.us1.sysdig.com/api/secure/falco/v2/rules
    docs: Retrieve all Falco security rules.
  - info:
      name: Create Falco Rule
      type: http
    http:
      method: POST
      url: https://api.us1.sysdig.com/api/secure/falco/v2/rules
      body:
        type: json
        data: '{}'
    docs: Create a new custom Falco rule.
  - info:
      name: Get Falco Rule
      type: http
    http:
      method: GET
      url: https://api.us1.sysdig.com/api/secure/falco/v2/rules/:ruleId
      params:
      - name: ruleId
        value: ''
        type: path
        description: Unique identifier of the Falco rule
    docs: Retrieve a specific Falco rule by ID.
  - info:
      name: Update Falco Rule
      type: http
    http:
      method: PUT
      url: https://api.us1.sysdig.com/api/secure/falco/v2/rules/:ruleId
      params:
      - name: ruleId
        value: ''
        type: path
        description: Unique identifier of the Falco rule
      body:
        type: json
        data: '{}'
    docs: Update an existing Falco rule.
  - info:
      name: Delete Falco Rule
      type: http
    http:
      method: DELETE
      url: https://api.us1.sysdig.com/api/secure/falco/v2/rules/:ruleId
      params:
      - name: ruleId
        value: ''
        type: path
        description: Unique identifier of the Falco rule
    docs: Delete a custom Falco rule.
- info:
    name: Compliance
    type: folder
  items:
  - info:
      name: List Compliance Tasks
      type: http
    http:
      method: GET
      url: https://api.us1.sysdig.com/api/compliance/v2/tasks
    docs: Retrieve all compliance evaluation tasks and their statuses.
  - info:
      name: Get Compliance Results
      type: http
    http:
      method: GET
      url: https://api.us1.sysdig.com/api/compliance/v2/tasks/:taskId/results
      params:
      - name: taskId
        value: ''
        type: path
      - name: limit
        value: ''
        type: query
    docs: Retrieve compliance check results for a specific task.
- info:
    name: Activity Audit
    type: folder
  items:
  - info:
      name: List Secure Events
      type: http
    http:
      method: GET
      url: https://api.us1.sysdig.com/api/v1/secureEvents
      params:
      - name: from
        value: ''
        type: query
        description: Start time in Unix epoch seconds
      - name: to
        value: ''
        type: query
        description: End time in Unix epoch seconds
      - name: limit
        value: ''
        type: query
      - name: filter
        value: ''
        type: query
        description: Filter expression for events
    docs: Retrieve runtime security events triggered by policy violations.
  - info:
      name: List Activity Audit
      type: http
    http:
      method: GET
      url: https://api.us1.sysdig.com/api/v1/activityAudit
      params:
      - name: from
        value: ''
        type: query
      - name: to
        value: ''
        type: query
      - name: limit
        value: ''
        type: query
    docs: Retrieve audit trail of user and system activities.
- info:
    name: Image Scanning
    type: folder
  items:
  - info:
      name: Scan Image
      type: http
    http:
      method: POST
      url: https://api.us1.sysdig.com/api/scanning/v1/image
      body:
        type: json
        data: '{}'
    docs: Trigger a vulnerability scan for a container image.
  - info:
      name: List Scanned Images
      type: http
    http:
      method: GET
      url: https://api.us1.sysdig.com/api/scanning/v1/images
      params:
      - name: limit
        value: ''
        type: query
      - name: cursor
        value: ''
        type: query
    docs: Retrieve all container images that have been scanned.
bundled: true