Skip to content
CrowdStrike Developer Center

Container Images

The Container Images service collection provides operations for assessing and managing container images in your CrowdStrike Falcon environment. Retrieve assessment history, aggregate image counts by base OS, state, and vulnerability count, retrieve combined image details and export data, manage base images, and review issues and vulnerability summaries per image.

LanguageLast Update
Pythonv1.4.8
PowerShellv2.2.9
Gov0.20.0
TypeScriptv0.6.0
Rustv0.7.0
Rubyv1.2.0

Table of Contents

Section titled “Table of Contents”
OperationDescription
AggregateImageAssessmentHistory
aggregate_assessment_history		Image assessment history
AggregateImageCountByBaseOS
aggregate_count_by_base_os		Aggregate count of images grouped by Base OS distribution
AggregateImageCountByState
aggregate_count_by_state		Aggregate count of images grouped by state
AggregateImageCount
aggregate_count		Aggregate count of images
CombinedBaseImages
get_combined_base_images		Retrieve base images identified by the provided filter criteria
GetCombinedImages
get_combined_images		Get image assessment results by providing an FQL filter and paging details
CombinedImageByVulnerabilityCount
get_combined_images_by_vulnerability_count		Retrieve top x images with the most vulnerabilities
CombinedImageDetail
get_combined_detail		Retrieve image entities identified by the provided filter criteria
ReadCombinedImagesExport
read_combined_export		Retrieve images with an option to expand aggregated vulnerabilities/detections
CombinedImageIssuesSummary
get_combined_issues_summary		Retrieve image issues summary such as Image detections, Runtime detections, Policies, vulnerabilities
CombinedImageVulnerabilitySummary
get_combined_vulnerabilities_summary		aggregates information about vulnerabilities for an image
CreateBaseImagesEntities
create_base_images		Creates base images using the provided details
DeleteBaseImages
delete_base_images		Delete base images by base image UUID

AggregateImageAssessmentHistory

Section titled “AggregateImageAssessmentHistory”

Image assessment history

GET /container-security/aggregates/images/assessment-history/v1
Scope Falcon Container Image: READ Consumes · Produces application/json
PEP 8 aggregate_assessment_history

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFilter using a query in Falcon Query Language (FQL). Supported filters: cid, registry, and repository
parametersquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.

Code Examples

Section titled “Code Examples”
from falconpy import ContainerImages


falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )


response = falcon.aggregate_assessment_history(filter="string")
print(response)

AggregateImageCountByBaseOS

Section titled “AggregateImageCountByBaseOS”

Aggregate count of images grouped by Base OS distribution

GET /container-security/aggregates/images/count-by-os-distribution/v1
Scope Falcon Container Image: READ Consumes · Produces application/json
PEP 8 aggregate_count_by_base_os

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFilter images using a query in Falcon Query Language (FQL). Supported filters: arch, base_os, cid, first_seen, image_digest, image_id, index_digest, registry, repository, source, and tag
parametersquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.

Code Examples

Section titled “Code Examples”
from falconpy import ContainerImages


falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )


response = falcon.aggregate_count_by_base_os(filter="string")
print(response)

AggregateImageCountByState

Section titled “AggregateImageCountByState”

Aggregate count of images grouped by state

GET /container-security/aggregates/images/count-by-state/v1
Scope Falcon Container Image: READ Consumes · Produces application/json
PEP 8 aggregate_count_by_state

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFilter images using a query in Falcon Query Language (FQL). Supported filters: arch, base_os, cid, first_seen, image_digest, image_id, index_digest, registry, repository, source, and tag
parametersquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.

Code Examples

Section titled “Code Examples”
from falconpy import ContainerImages


falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )


response = falcon.aggregate_count_by_state(filter="string")
print(response)

AggregateImageCount

Section titled “AggregateImageCount”

Aggregate count of images

GET /container-security/aggregates/images/count/v1
Scope Falcon Container Image: READ Consumes · Produces application/json
PEP 8 aggregate_count

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFilter images using a query in Falcon Query Language (FQL). Supported filters: ai_related, ai_vulnerability_count, arch, base_os, cid, container_id, container_running_status, cps_rating, crowdstrike_user, cve_id, detection_count, detection_name, detection_severity, first_seen, image_digest, image_id, include_base_image_vuln, index_digest, layer_digest, package_name_version, registry, repository, source, tag, vulnerability_count, and vulnerability_severity
parametersquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.

Code Examples

Section titled “Code Examples”
from falconpy import ContainerImages


falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )


response = falcon.aggregate_count(filter="string")
print(response)

CombinedBaseImages

Section titled “CombinedBaseImages”

Retrieve base images identified by the provided filter criteria

GET /container-security/combined/base-images/v1
Scope Falcon Container Image: READ Consumes · Produces application/json
PEP 8 get_combined_base_images

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFilter images using a query in Falcon Query Language (FQL). Supported filters: image_digest, image_id, registry, repository, and tag

Code Examples

Section titled “Code Examples”
from falconpy import ContainerImages


falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )


response = falcon.get_combined_base_images(filter="string")
print(response)

GetCombinedImages

Section titled “GetCombinedImages”

Get image assessment results by providing an FQL filter and paging details

GET /container-security/combined/image-assessment/images/v1
Scope Falcon Container Image: READ Consumes · Produces application/json
PEP 8 get_combined_images

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFilter images using a query in Falcon Query Language (FQL). Supported filters: ai_related, container_id, container_running_status, cve_id, detection_name, detection_severity, first_seen, image_digest, image_id, index_digest, registry, repository, tag, and vulnerability_severity
limitqueryintegerThe upper-bound on the number of records to retrieve [1-100]
offsetqueryintegerThe offset from where to begin.
parametersquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.
sortquerystringThe fields to sort the records on. Supported columns: first_seen, highest_detection_severity, highest_vulnerability_severity, image_digest, image_id, registry, repository, source, and tag

Code Examples

Section titled “Code Examples”
from falconpy import ContainerImages


falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )


response = falcon.get_combined_images(filter="string",
                                      limit=integer,
                                      offset=integer,
                                      sort="string")
print(response)

CombinedImageByVulnerabilityCount

Section titled “CombinedImageByVulnerabilityCount”

Retrieve top x images with the most vulnerabilities

GET /container-security/combined/images/by-vulnerability-count/v1
Scope Falcon Container Image: READ Consumes · Produces application/json
PEP 8 get_combined_images_by_vulnerability_count

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFilter images using a query in Falcon Query Language (FQL). Supported filters: arch, base_os, cid, first_seen, image_digest, image_id, index_digest, registry, repository, source, and tag
limitqueryintegerThe upper-bound on the number of records to retrieve.
offsetqueryintegerThis is not used in the backend but is added here for compatibility purposes as some clients expects this i.e UI widgets.
parametersquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.

Code Examples

Section titled “Code Examples”
from falconpy import ContainerImages


falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )


response = falcon.get_combined_images_by_vulnerability_count(filter="string",
                                                             limit=integer,
                                                             offset="string")
print(response)

CombinedImageDetail

Section titled “CombinedImageDetail”

Retrieve image entities identified by the provided filter criteria

GET /container-security/combined/images/detail/v1
Scope Falcon Container Image: READ Consumes · Produces application/json
PEP 8 get_combined_detail

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFilter images using a query in Falcon Query Language (FQL). Supported filters: arch, base_os, cid, first_seen, image_digest, image_id, index_digest, registry, repository, source, and tag
with_configqueryboolean(true/false) include image config, default is false
limitqueryintegerThe upper-bound on the number of records to retrieve.
offsetqueryintegerThe offset from where to begin.
parametersquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.
sortquerystringThe fields to sort the records on.

Code Examples

Section titled “Code Examples”
from falconpy import ContainerImages


falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )


response = falcon.get_combined_detail(filter="string",
                                      with_config=boolean,
                                      limit=integer,
                                      offset=integer,
                                      sort="string")
print(response)

ReadCombinedImagesExport

Section titled “ReadCombinedImagesExport”

Retrieve images with an option to expand aggregated vulnerabilities/detections

GET /container-security/combined/images/export/v1
Scope Falcon Container Image: READ Consumes · Produces application/json
PEP 8 read_combined_export

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFilter images using a query in Falcon Query Language (FQL). Supported filters: ai_related, ai_vulnerability_count, arch, base_os, cid, container_id, container_running_status, cps_rating, crowdstrike_user, cve_id, detection_count, detection_name, detection_severity, first_seen, image_digest, image_id, include_base_image_vuln, index_digest, layer_digest, package_name_version, registry, repository, source, tag, vulnerability_count, vulnerability_severity
expand_vulnerabilitiesquerybooleanexpand vulnerabilities
expand_detectionsquerybooleanexpand detections
limitqueryintegerThe upper-bound on the number of records to retrieve.
offsetqueryintegerThe offset from where to begin.
parametersquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.
sortquerystringThe fields to sort the records on. Supported columns: ai_vulnerabilities, base_os, cid, detections, firstScanned, first_seen, highest_detection_severity, highest_cps_current_rating, highest_vulnerability_severity, image_digest, image_id, last_seen, layers_with_vulnerabilities, packages, registry, repository, source, tag, and vulnerabilities

Code Examples

Section titled “Code Examples”
from falconpy import ContainerImages


falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )


response = falcon.read_combined_export(filter="string",
                                       expand_vulnerabilities=boolean,
                                       expand_detections=boolean,
                                       limit=integer,
                                       offset=integer,
                                       sort="string")
print(response)

CombinedImageIssuesSummary

Section titled “CombinedImageIssuesSummary”

Retrieve image issues summary such as Image detections, Runtime detections, Policies, vulnerabilities

GET /container-security/combined/images/issues-summary/v1
Scope Falcon Container Image: READ Consumes · Produces application/json
PEP 8 get_combined_issues_summary

Parameters

Section titled “Parameters”
NameTypeData typeDescription
cidquerystringCID
include_base_image_vulnquerybooleanFlag indicating if base image vulnerabilities should be included.
parametersquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.
image_digestquerystringImage digest ID
registryquerystringRegistry name
repositoryquerystringRepository name
tagquerystringTag name

Code Examples

Section titled “Code Examples”
from falconpy import ContainerImages


falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )


response = falcon.get_combined_issues_summary(cid="string",
                                              image_digest="string",
                                              registry="string",
                                              repository="string",
                                              tag="string",
                                              include_base_image_vuln=boolean)
print(response)

CombinedImageVulnerabilitySummary

Section titled “CombinedImageVulnerabilitySummary”

aggregates information about vulnerabilities for an image

GET /container-security/combined/images/vulnerabilities-summary/v1
Scope Falcon Container Image: READ Consumes · Produces application/json
PEP 8 get_combined_vulnerabilities_summary

Parameters

Section titled “Parameters”
NameTypeData typeDescription
cidquerystringCID
include_base_image_vulnquerybooleanFlag indicating if base image vulnerabilities should be included.
parametersquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.
image_digestquerystringImage digest ID
registryquerystringregistry name
repositoryquerystringrepository name
tagquerystringtag name

Code Examples

Section titled “Code Examples”
from falconpy import ContainerImages


falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )


response = falcon.get_combined_vulnerabilities_summary(cid="string",
                                                       image_digest="string",
                                                       registry="string",
                                                       repository="string",
                                                       tag="string",
                                                       include_base_image_vuln=boolean)
print(response)

CreateBaseImagesEntities

Section titled “CreateBaseImagesEntities”

Creates base images using the provided details

POST /container-security/entities/base-images/v1
Scope Falcon Container Image: WRITE Consumes · Produces application/json
PEP 8 create_base_images

Parameters

Section titled “Parameters”
NameTypeData typeDescription
bodybodydictionaryFull body payload in JSON format.
image_digestbodystringImage digest.
image_idbodystringImage ID.
registrybodystringRegistry.
repositorybodystringImage repository.
tagbodystringImage tag.

Code Examples

Section titled “Code Examples”
from falconpy import ContainerImages


falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )


response = falcon.create_base_images(image_digest="string",
                                     image_id="string",
                                     registry="string",
                                     repository="string",
                                     tag="string")
print(response)

DeleteBaseImages

Section titled “DeleteBaseImages”

Delete base images by base image UUID

DELETE /container-security/entities/base-images/v1
Scope Falcon Container Image: WRITE Consumes · Produces application/json
PEP 8 delete_base_images

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsBase Image ID(s).
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import ContainerImages


falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.delete_base_images(ids=id_list)
print(response)
© 2026 CrowdStrike, Inc. All rights reserved. Privacy Notice Cookie Notice Terms of Use